aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-eIDAS
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2020-04-06 10:23:53 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2020-04-06 10:23:53 +0200
commita056118bbfabb53dc2856ff07d068cd57ddc8be3 (patch)
treee8972ade3b0137e8a61e10d9717a512787c16ba5 /id/server/modules/moa-id-module-eIDAS
parent7fa91731a8b852e9a8a4ea1a152a5aa74523d47e (diff)
parentaebaed0e889413491b5769babf39a200bd312992 (diff)
downloadmoa-id-spss-a056118bbfabb53dc2856ff07d068cd57ddc8be3.tar.gz
moa-id-spss-a056118bbfabb53dc2856ff07d068cd57ddc8be3.tar.bz2
moa-id-spss-a056118bbfabb53dc2856ff07d068cd57ddc8be3.zip
Merge branch 'development_preview'
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS')
-rw-r--r--id/server/modules/moa-id-module-eIDAS/pom.xml89
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java22
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java19
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java3
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java3
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java3
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java10
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java12
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java14
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java2
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java2
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java10
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java18
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java29
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java23
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java4
16 files changed, 194 insertions, 69 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml
index 5f4192645..2ff410400 100644
--- a/id/server/modules/moa-id-module-eIDAS/pom.xml
+++ b/id/server/modules/moa-id-module-eIDAS/pom.xml
@@ -3,7 +3,7 @@
<parent>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-modules</artifactId>
- <version>${moa-id-version}</version>
+ <version>4.1.2-SNAPSHOT</version>
</parent>
<artifactId>moa-id-module-eIDAS</artifactId>
<name>MOA-ID eIDAS Module</name>
@@ -22,28 +22,29 @@
</properties>
- <profiles>
- <profile>
- <id>default</id>
- <activation>
- <activeByDefault>true</activeByDefault>
- </activation>
- <repositories>
- <repository>
- <id>local</id>
- <name>local</name>
- <url>file:${basedir}/../../../../repository</url>
- </repository>
- <repository>
- <id>egiz-commons</id>
- <url>https://demo.egiz.gv.at/int-repo/</url>
- <releases>
- <enabled>true</enabled>
- </releases>
- </repository>
- </repositories>
- </profile>
- </profiles>
+
+ <repositories>
+ <repository>
+ <id>egiz-shibboleth-mirror</id>
+ <name>egiz-shibboleth-mirror</name>
+ <url>https://apps.egiz.gv.at/shibboleth_nexus/</url>
+ <releases>
+ <enabled>true</enabled>
+ </releases>
+ </repository>
+ <repository>
+ <id>moaid_local</id>
+ <name>local</name>
+ <url>file:${basedir}/../../../../repository</url>
+ </repository>
+ <repository>
+ <id>egiz-commons</id>
+ <url>https://apps.egiz.gv.at/maven/</url>
+ <releases>
+ <enabled>true</enabled>
+ </releases>
+ </repository>
+ </repositories>
<dependencies>
<dependency>
@@ -69,6 +70,12 @@
</exclusion>
</exclusions>
</dependency>
+
+ <dependency>
+ <groupId>com.google.code.gson</groupId>
+ <artifactId>gson</artifactId>
+ <version>2.8.5</version>
+ </dependency>
<dependency>
<groupId>eu.eidas.extension.eID4U</groupId>
@@ -76,6 +83,11 @@
<version>${eID4U.module.version}</version>
</dependency>
+ <dependency>
+ <groupId>at.gv.egiz.components</groupId>
+ <artifactId>egiz-spring-api</artifactId>
+ </dependency>
+
<dependency>
<groupId>com.google.code.findbugs</groupId>
<artifactId>jsr305</artifactId>
@@ -93,6 +105,37 @@
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>log4j-over-slf4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>xmltooling</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>log4j-over-slf4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>openws</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>log4j-over-slf4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
<!-- eidas Commons -->
<dependency>
<groupId>eu.eidas</groupId>
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java
index d3aa7b4a0..daaf6a0f5 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java
@@ -23,16 +23,13 @@
package at.gv.egovernment.moa.id.auth.modules.eidas;
-import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.IRequestStorage;
-import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl;
import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
-import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
/**
@@ -63,21 +60,14 @@ public class AustrianAuthWitheID4UAuthenticationModulImpl extends DefaultCitizen
* @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
*/
@Override
- public String selectProcess(ExecutionContext context) {
- String selectedProcessID = super.selectProcess(context);
+ public String selectProcess(ExecutionContext context, IRequest pendingReq) {
+ String selectedProcessID = super.selectProcess(context, pendingReq);
if (MiscUtil.isNotEmpty(selectedProcessID)) {
- String pendingReqId = (String)context.get(EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID);
-
- if (StringUtils.isEmpty(pendingReqId))
- Logger.warn("Process execution context contains NO 'pendingReqId'. Looks very suspect!");
-
- else {
- IRequest pendingReq = requestStore.getPendingRequest(pendingReqId);
- if (pendingReq != null && pendingReq instanceof EIDASData) {
- return "eID4UAttributCollectionAuthentication";
-
- }
+ if (pendingReq != null && pendingReq instanceof EIDASData) {
+ return "eID4UAttributCollectionAuthentication";
+
}
+
}
return selectedProcessID;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
index 8779436e0..1b0f258ab 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
@@ -99,10 +99,21 @@ public class ModifiedEncryptionSW extends KeyStoreSamlEngineEncryption {
return useEncryption;
} catch(NullPointerException | ConfigurationException e) {
- Logger.warn("failed to gather information about encryption for countryCode " + countryCode + " - thus, enabling encryption");
- if(Logger.isDebugEnabled())
- e.printStackTrace();
- return true;
+ try {
+ return !Boolean.valueOf(
+ AuthConfigurationProviderFactory.getInstance().getBasicConfiguration(
+ "moa.id.protocols.eIDAS.encryption.disabled",
+ "false"
+ ));
+
+ } catch (ConfigurationException e1) {
+ Logger.warn("failed to gather information about encryption for countryCode " + countryCode + " - thus, enabling encryption");
+ if(Logger.isDebugEnabled())
+ e.printStackTrace();
+
+ return true;
+
+ }
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java
index c8c65ce76..65b6d1725 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java
@@ -9,6 +9,7 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.util.CookieUtils;
@@ -26,7 +27,7 @@ public class eID4UAPSignalServlet extends AbstractProcessEngineSignalController
@RequestMapping(value = {eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN },
method = {RequestMethod.POST, RequestMethod.GET})
- public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException {
signalProcessManagement(req, resp);
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
index ec042949a..cf9a5cc60 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.auth.modules.eidas;
import org.apache.commons.lang3.StringUtils;
+import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
@@ -52,7 +53,7 @@ public class eIDASAuthenticationModulImpl implements AuthModule {
* @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
*/
@Override
- public String selectProcess(ExecutionContext context) {
+ public String selectProcess(ExecutionContext context, IRequest pendingReq) {
if (StringUtils.isNotBlank((String) context.get("ccc")) ||
StringUtils.isNotBlank((String) context.get("CCC")))
return "eIDASAuthentication";
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
index 49d98ed33..70c86dad8 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
@@ -32,6 +32,7 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
import at.gv.egovernment.moa.logging.Logger;
@@ -54,7 +55,7 @@ public class eIDASSignalServlet extends AbstractProcessEngineSignalController {
"/eidas/sp/redirect"
},
method = {RequestMethod.POST, RequestMethod.GET})
- public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException {
signalProcessManagement(req, resp);
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java
index 69cc131ff..48e64da62 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java
@@ -180,7 +180,12 @@ public class AttributeScopeMapper {
if (StringUtils.isNotEmpty(eIDASAttr)) {
if (!AttributeScopeMapper.getInstance().isComplexeScope(key)) {
Logger.debug("Map simple TUG scope: " + key + " to eIDAS attribute: " + eIDASAttr);
- result.put(eIDASAttr, el.getValue().getAsString());
+ if (StringUtils.isNotEmpty(el.getValue().getAsString())) {
+ Logger.trace("eIDAS attribute: " + eIDASAttr + " has value: " + el.getValue().getAsString());
+ result.put(eIDASAttr, el.getValue().getAsString());
+
+ } else
+ Logger.info("Ignore empty attr: "+ eIDASAttr);
} else {
Logger.trace("Find complex TUG scope: " + key);
@@ -205,6 +210,7 @@ public class AttributeScopeMapper {
address.cvAddressArea(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressStreet).getAsString());
address.thoroughfare(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressStreet).getAsString());
result.put(attr, address.build());
+ Logger.debug("Add eIDAS attr: " + Definitions.HOMEINSTITUTIONADDRESS_NAME);
} else if (Definitions.TEMPORARYADDRESS_NAME.equals(attr)) {
address.postCode(jsonObject.get(AttributeScopeMapper.StudyAddressPostalCode).getAsString());
@@ -212,6 +218,7 @@ public class AttributeScopeMapper {
address.cvAddressArea(jsonObject.get(AttributeScopeMapper.StudyAddressStreet).getAsString());
address.thoroughfare(jsonObject.get(AttributeScopeMapper.StudyAddressStreet).getAsString());
result.put(attr, address.build());
+ Logger.debug("Add eIDAS attr: " + Definitions.TEMPORARYADDRESS_NAME);
} else if (eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString().equals(attr)) {
address.postCode(jsonObject.get(AttributeScopeMapper.PermanentAddressPostalCode).getAsString());
@@ -219,6 +226,7 @@ public class AttributeScopeMapper {
address.cvAddressArea(jsonObject.get(AttributeScopeMapper.PermanentAddressStreet).getAsString());
address.thoroughfare(jsonObject.get(AttributeScopeMapper.PermanentAddressStreet).getAsString());
result.put(attr, address.build());
+ Logger.debug("Add eIDAS attr: " + eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS);
} else {
Logger.warn("Complexe eID4U attribute: " + attr + " is NOT SUPPORTED yet!");
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index feeff6f84..e879fd95b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -29,10 +29,10 @@ import org.opensaml.xml.XMLObject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
-import at.gv.egiz.eaaf.core.api.IDestroyableObject;
+import at.gv.egiz.components.spring.api.IDestroyableObject;
import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
import at.gv.egiz.eaaf.core.api.IPostStartupInitializable;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
@@ -52,7 +52,7 @@ import eu.eidas.auth.engine.AbstractProtocolEngine;
public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider implements ObservableMetadataProvider,
IGarbageCollectorProcessing, IDestroyableObject, IRefreshableMetadataProvider, IPostStartupInitializable{
- @Autowired(required=true) IConfiguration basicConfig;
+ @Autowired(required=true) IConfigurationWithSP basicConfig;
private Timer timer = null;
@@ -82,7 +82,7 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider imp
protected void initializeEidasMetadataFromFileSystem() throws ConfigurationException {
try {
- Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX);
+ Map<String, String> metadataToLoad = basicConfig.getBasicConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX);
if (!metadataToLoad.isEmpty()) {
Logger.info("Load static configurated eIDAS metadata ... ");
for (String metaatalocation : metadataToLoad.values()) {
@@ -441,14 +441,14 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider imp
//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
PVPConstants.SSLSOCKETFACTORYNAME,
- basicConfig.getBasicMOAIDConfigurationBoolean(
+ basicConfig.getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
moaAuthConfig.getTrustedCACertificates(),
null,
AuthConfiguration.DEFAULT_X509_CHAININGMODE,
moaAuthConfig.isTrustmanagerrevoationchecking(),
moaAuthConfig.getRevocationMethodOrder(),
- moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+ moaAuthConfig.getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java
index a58bc4f8d..3b976b99e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java
@@ -12,10 +12,12 @@ import org.springframework.stereotype.Component;
import com.google.common.collect.UnmodifiableIterator;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator;
import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egiz.eid4u.api.attributes.Definitions;
@@ -23,7 +25,6 @@ import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants;
import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
@@ -43,6 +44,7 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask {
@Autowired private OAuth20AuthAction openIDAuthAction;
@Autowired private ITransactionStorage transactionStorage;
@Autowired private AuthenticationDataBuilder authDataBuilder;
+ @Autowired(required=true) protected IConfigurationWithSP authConfigWithSp;
@Override
public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp)
@@ -84,6 +86,12 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask {
}
+ if (MiscUtil.isEmpty(scopes)) {
+ scopes = "ANY@tugraz.idm.attr.EmailStud";
+ Logger.info("Add dummy-scope: '" + scopes + "' because its emtpy!!");
+
+ }
+
Logger.debug("Load eID4U AP-Config:"
+ " EntityID: " + uniqueID
+ " RedirectURL:" + redirectURI
@@ -96,10 +104,10 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask {
//generate fake OpenID_Connect request
OAuth20AuthRequest fakeOpenIDReq = new OAuth20AuthRequest();
- fakeOpenIDReq.initialize(httpReq, authConfig);
+ fakeOpenIDReq.initialize(httpReq, authConfigWithSp);
fakeOpenIDReq.setSPEntityId(uniqueID);
fakeOpenIDReq.setModule(OAuth20Protocol.NAME);
- fakeOpenIDReq.setOnlineApplicationConfiguration(authConfig.getServiceProviderConfiguration(uniqueID));
+ fakeOpenIDReq.setOnlineApplicationConfiguration(authConfigWithSp.getServiceProviderConfiguration(uniqueID));
fakeOpenIDReq.setScope("openId profile");
//populate with SessionData
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java
index e878f8ab1..3e7dcbdfc 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java
@@ -86,7 +86,7 @@ public class ReceiveConsentForAddtionalAttributesTask extends AbstractAuthServle
tokenServiceURL);
CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient(
sslFactory,
- authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true));
+ authConfig.getBasicConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true));
//build request URL
URIBuilder uriBuilderToken = new URIBuilder(tokenServiceURL);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
index d2323d161..4a6f83e5f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
@@ -36,9 +36,9 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator;
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 7c9e66ba0..3ba7664a8 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -48,7 +48,7 @@ import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
-import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
@@ -82,7 +82,7 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
* @author tlenz
*/
@Controller
-public class EIDASProtocol extends AbstractAuthProtocolModulController implements IModulInfo {
+public class EIDASProtocol extends AbstractController implements IModulInfo {
public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE";
@@ -169,7 +169,8 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
pendingReq.setAction(eIDASAuthenticationRequest.class.getName());
//switch to session authentication
- performAuthentication(req, resp, pendingReq);
+ protAuthService.performAuthentication(req, resp, pendingReq);
+
}
/*
@@ -375,6 +376,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
} catch (MOAIDException e) {
Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage());
+ Logger.debug("eIDAS AuthnReq: " + base64SamlToken);
//write revision log entries
if (pendingReq != null)
@@ -384,6 +386,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
} catch (EIDASSAMLEngineException e) {
Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage());
+ Logger.debug("eIDAS AuthnReq: " + base64SamlToken);
//write revision log entries
if (pendingReq != null)
@@ -393,6 +396,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
} catch(Exception e) {
Logger.warn("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage(), e);
+ Logger.debug("eIDAS AuthnReq: " + base64SamlToken);
//write revision log entries
if (pendingReq != null)
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java
index 7b4c16a5a..cc4026253 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java
@@ -9,17 +9,31 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eid4u.api.attributes.Definitions;
import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+import at.gv.egovernment.moa.logging.Logger;
@eIDASMetadata
public class CurrentDegreeAttrBuilder implements IeIDASAttribute {
+ private static final String DELIMITER = ";";
+
@Override
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
throws AttributeBuilderException {
String idType= authData.getGenericData(getName(), String.class);
- if (StringUtils.isNotEmpty(idType))
- return g.buildStringAttribute(Definitions.CURRENTDEGREE_FRIENDLYNAME, getName(), idType);
+ if (StringUtils.isNotEmpty(idType)) {
+ String[] split = idType.split(DELIMITER);
+ if (split.length > 1) {
+ Logger.debug("Find more than one attribute values: " + idType + " Using first one ... ");
+ return g.buildStringAttribute(Definitions.CURRENTDEGREE_FRIENDLYNAME, getName(), split[0]);
+
+ } else {
+ return g.buildStringAttribute(Definitions.CURRENTDEGREE_FRIENDLYNAME, getName(), idType);
+
+ }
+
+
+ }
else
throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java
index 5210676c2..a0a7ff95e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java
@@ -9,19 +9,44 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eid4u.api.attributes.Definitions;
import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+import at.gv.egovernment.moa.logging.Logger;
@eIDASMetadata
public class CurrentLevelOfStudyAttrBuilder implements IeIDASAttribute {
+ private static final String DELIMITER = ";";
+
@Override
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
throws AttributeBuilderException {
String idType= authData.getGenericData(getName(), String.class);
- if (StringUtils.isNotEmpty(idType))
+ if (StringUtils.isNotEmpty(idType)) {
+ String[] split = idType.split(DELIMITER);
+ if (split.length > 1) {
+ //select the highest level
+ int currentValue = -1;
+ for (String el : split) {
+ int elInt;
+ try {
+ elInt = Integer.valueOf(el);
+ if (currentValue < elInt)
+ currentValue = elInt;
+
+ } catch (NumberFormatException e) {
+ Logger.warn("Can NOT convert CurrentLevelOfStudy: " + el, e);
+
+ }
+
+ }
+
+ idType = String.valueOf(currentValue);
+
+ }
+
return g.buildStringAttribute(Definitions.CURRENTLEVELOFSTUDY_FRIENDLYNAME, getName(), idType);
- else
+ } else
throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java
index ba486079e..28023a219 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java
@@ -13,15 +13,34 @@ import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata
@eIDASMetadata
public class FieldOfStudyAttrBuilder implements IeIDASAttribute {
+ private static final String DELIMITER = ";";
+ private static final String UNDEFINED_CODE = "9999";
+
@Override
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
throws AttributeBuilderException {
String idType= authData.getGenericData(getName(), String.class);
- if (StringUtils.isNotEmpty(idType))
+ if (StringUtils.isNotEmpty(idType)) {
+ String[] split = idType.split(DELIMITER);
+ if (split.length > 1) {
+ String currentSelected = UNDEFINED_CODE;
+ for (String el : split) {
+ if (!el.equals(currentSelected)) {
+ //select first that is not undefined code
+ currentSelected = el;
+ break;
+ }
+
+ }
+
+ idType = currentSelected;
+ }
+
+
return g.buildStringAttribute(Definitions.FIELDOFSTUDY_FRIENDLYNAME, getName(), idType);
- else
+ } else
throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java b/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java
index 0daa90b40..1df15cf24 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java
@@ -37,8 +37,8 @@ public class AttributeScopeMapperTest {
Assert.assertTrue("eID4u attribte-table is EMPTY after mapping", !result.isEmpty());
- Assert.assertTrue(result.containsKey(Definitions.COUNTRYOFBIRTH_NAME));
- Assert.assertEquals("", result.get(Definitions.COUNTRYOFBIRTH_NAME));
+ Assert.assertFalse(result.containsKey(Definitions.COUNTRYOFBIRTH_NAME));
+ //Assert.assertEquals("", result.get(Definitions.COUNTRYOFBIRTH_NAME));
Assert.assertTrue(result.containsKey(Definitions.CURRENTDEGREE_NAME));
Assert.assertEquals("Dr.techn.", result.get(Definitions.CURRENTDEGREE_NAME));