diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2019-12-13 10:13:05 +0100 |
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2019-12-13 10:13:05 +0100 |
| commit | 6fc2e600055d4737ce94d8a012eb3764bd7e93c8 (patch) | |
| tree | 56aebaaac2c87458ebfd798a2c66f95718e1dd4e /id/server/modules/moa-id-module-eIDAS | |
| parent | de2e45024694c7eb5e033bc6b1bcb90f5f499b07 (diff) | |
| parent | bea0d19650b5fbbb48fcda0f39ef3a93d6cf6f1f (diff) | |
| download | moa-id-spss-6fc2e600055d4737ce94d8a012eb3764bd7e93c8.tar.gz moa-id-spss-6fc2e600055d4737ce94d8a012eb3764bd7e93c8.tar.bz2 moa-id-spss-6fc2e600055d4737ce94d8a012eb3764bd7e93c8.zip | |
Merge branch 'current_development' into development_preview
# Conflicts:
# id/history.txt
# id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
# pom.xml
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS')
16 files changed, 194 insertions, 69 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index 5f4192645..4562f3239 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-modules</artifactId> - <version>${moa-id-version}</version> + <version>4.1.0</version> </parent> <artifactId>moa-id-module-eIDAS</artifactId> <name>MOA-ID eIDAS Module</name> @@ -22,28 +22,29 @@ </properties> - <profiles> - <profile> - <id>default</id> - <activation> - <activeByDefault>true</activeByDefault> - </activation> - <repositories> - <repository> - <id>local</id> - <name>local</name> - <url>file:${basedir}/../../../../repository</url> - </repository> - <repository> - <id>egiz-commons</id> - <url>https://demo.egiz.gv.at/int-repo/</url> - <releases> - <enabled>true</enabled> - </releases> - </repository> - </repositories> - </profile> - </profiles> + + <repositories> + <repository> + <id>egiz-shibboleth-mirror</id> + <name>egiz-shibboleth-mirror</name> + <url>https://apps.egiz.gv.at/shibboleth_nexus/</url> + <releases> + <enabled>true</enabled> + </releases> + </repository> + <repository> + <id>moaid_local</id> + <name>local</name> + <url>file:${basedir}/../../../../repository</url> + </repository> + <repository> + <id>egiz-commons</id> + <url>https://apps.egiz.gv.at/maven/</url> + <releases> + <enabled>true</enabled> + </releases> + </repository> + </repositories> <dependencies> <dependency> @@ -69,6 +70,12 @@ </exclusion> </exclusions> </dependency> + + <dependency> + <groupId>com.google.code.gson</groupId> + <artifactId>gson</artifactId> + <version>2.8.5</version> + </dependency> <dependency> <groupId>eu.eidas.extension.eID4U</groupId> @@ -76,6 +83,11 @@ <version>${eID4U.module.version}</version> </dependency> + <dependency> + <groupId>at.gv.egiz.components</groupId> + <artifactId>egiz-spring-api</artifactId> + </dependency> + <dependency> <groupId>com.google.code.findbugs</groupId> <artifactId>jsr305</artifactId> @@ -93,6 +105,37 @@ <scope>test</scope> </dependency> + <dependency> + <groupId>org.opensaml</groupId> + <artifactId>opensaml</artifactId> + <exclusions> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>log4j-over-slf4j</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.opensaml</groupId> + <artifactId>xmltooling</artifactId> + <exclusions> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>log4j-over-slf4j</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.opensaml</groupId> + <artifactId>openws</artifactId> + <exclusions> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>log4j-over-slf4j</artifactId> + </exclusion> + </exclusions> + </dependency> + <!-- eidas Commons --> <dependency> <groupId>eu.eidas</groupId> diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java index d3aa7b4a0..daaf6a0f5 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java @@ -23,16 +23,13 @@ package at.gv.egovernment.moa.id.auth.modules.eidas; -import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IRequestStorage; -import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl; import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; /** @@ -63,21 +60,14 @@ public class AustrianAuthWitheID4UAuthenticationModulImpl extends DefaultCitizen * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) */ @Override - public String selectProcess(ExecutionContext context) { - String selectedProcessID = super.selectProcess(context); + public String selectProcess(ExecutionContext context, IRequest pendingReq) { + String selectedProcessID = super.selectProcess(context, pendingReq); if (MiscUtil.isNotEmpty(selectedProcessID)) { - String pendingReqId = (String)context.get(EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID); - - if (StringUtils.isEmpty(pendingReqId)) - Logger.warn("Process execution context contains NO 'pendingReqId'. Looks very suspect!"); - - else { - IRequest pendingReq = requestStore.getPendingRequest(pendingReqId); - if (pendingReq != null && pendingReq instanceof EIDASData) { - return "eID4UAttributCollectionAuthentication"; - - } + if (pendingReq != null && pendingReq instanceof EIDASData) { + return "eID4UAttributCollectionAuthentication"; + } + } return selectedProcessID; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java index 8779436e0..1b0f258ab 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java @@ -99,10 +99,21 @@ public class ModifiedEncryptionSW extends KeyStoreSamlEngineEncryption { return useEncryption; } catch(NullPointerException | ConfigurationException e) { - Logger.warn("failed to gather information about encryption for countryCode " + countryCode + " - thus, enabling encryption"); - if(Logger.isDebugEnabled()) - e.printStackTrace(); - return true; + try { + return !Boolean.valueOf( + AuthConfigurationProviderFactory.getInstance().getBasicConfiguration( + "moa.id.protocols.eIDAS.encryption.disabled", + "false" + )); + + } catch (ConfigurationException e1) { + Logger.warn("failed to gather information about encryption for countryCode " + countryCode + " - thus, enabling encryption"); + if(Logger.isDebugEnabled()) + e.printStackTrace(); + + return true; + + } } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java index c8c65ce76..65b6d1725 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java @@ -9,6 +9,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.util.CookieUtils; @@ -26,7 +27,7 @@ public class eID4UAPSignalServlet extends AbstractProcessEngineSignalController @RequestMapping(value = {eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN }, method = {RequestMethod.POST, RequestMethod.GET}) - public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { signalProcessManagement(req, resp); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java index ec042949a..cf9a5cc60 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.auth.modules.eidas; import org.apache.commons.lang3.StringUtils; +import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; @@ -52,7 +53,7 @@ public class eIDASAuthenticationModulImpl implements AuthModule { * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) */ @Override - public String selectProcess(ExecutionContext context) { + public String selectProcess(ExecutionContext context, IRequest pendingReq) { if (StringUtils.isNotBlank((String) context.get("ccc")) || StringUtils.isNotBlank((String) context.get("CCC"))) return "eIDASAuthentication"; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java index 49d98ed33..70c86dad8 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java @@ -32,6 +32,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.logging.Logger; @@ -54,7 +55,7 @@ public class eIDASSignalServlet extends AbstractProcessEngineSignalController { "/eidas/sp/redirect" }, method = {RequestMethod.POST, RequestMethod.GET}) - public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { signalProcessManagement(req, resp); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java index 69cc131ff..48e64da62 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java @@ -180,7 +180,12 @@ public class AttributeScopeMapper { if (StringUtils.isNotEmpty(eIDASAttr)) { if (!AttributeScopeMapper.getInstance().isComplexeScope(key)) { Logger.debug("Map simple TUG scope: " + key + " to eIDAS attribute: " + eIDASAttr); - result.put(eIDASAttr, el.getValue().getAsString()); + if (StringUtils.isNotEmpty(el.getValue().getAsString())) { + Logger.trace("eIDAS attribute: " + eIDASAttr + " has value: " + el.getValue().getAsString()); + result.put(eIDASAttr, el.getValue().getAsString()); + + } else + Logger.info("Ignore empty attr: "+ eIDASAttr); } else { Logger.trace("Find complex TUG scope: " + key); @@ -205,6 +210,7 @@ public class AttributeScopeMapper { address.cvAddressArea(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressStreet).getAsString()); address.thoroughfare(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressStreet).getAsString()); result.put(attr, address.build()); + Logger.debug("Add eIDAS attr: " + Definitions.HOMEINSTITUTIONADDRESS_NAME); } else if (Definitions.TEMPORARYADDRESS_NAME.equals(attr)) { address.postCode(jsonObject.get(AttributeScopeMapper.StudyAddressPostalCode).getAsString()); @@ -212,6 +218,7 @@ public class AttributeScopeMapper { address.cvAddressArea(jsonObject.get(AttributeScopeMapper.StudyAddressStreet).getAsString()); address.thoroughfare(jsonObject.get(AttributeScopeMapper.StudyAddressStreet).getAsString()); result.put(attr, address.build()); + Logger.debug("Add eIDAS attr: " + Definitions.TEMPORARYADDRESS_NAME); } else if (eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString().equals(attr)) { address.postCode(jsonObject.get(AttributeScopeMapper.PermanentAddressPostalCode).getAsString()); @@ -219,6 +226,7 @@ public class AttributeScopeMapper { address.cvAddressArea(jsonObject.get(AttributeScopeMapper.PermanentAddressStreet).getAsString()); address.thoroughfare(jsonObject.get(AttributeScopeMapper.PermanentAddressStreet).getAsString()); result.put(attr, address.build()); + Logger.debug("Add eIDAS attr: " + eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS); } else { Logger.warn("Complexe eID4U attribute: " + attr + " is NOT SUPPORTED yet!"); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java index feeff6f84..e879fd95b 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java @@ -29,10 +29,10 @@ import org.opensaml.xml.XMLObject; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egiz.eaaf.core.api.IDestroyableObject; +import at.gv.egiz.components.spring.api.IDestroyableObject; import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing; import at.gv.egiz.eaaf.core.api.IPostStartupInitializable; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain; @@ -52,7 +52,7 @@ import eu.eidas.auth.engine.AbstractProtocolEngine; public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider implements ObservableMetadataProvider, IGarbageCollectorProcessing, IDestroyableObject, IRefreshableMetadataProvider, IPostStartupInitializable{ - @Autowired(required=true) IConfiguration basicConfig; + @Autowired(required=true) IConfigurationWithSP basicConfig; private Timer timer = null; @@ -82,7 +82,7 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider imp protected void initializeEidasMetadataFromFileSystem() throws ConfigurationException { try { - Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX); + Map<String, String> metadataToLoad = basicConfig.getBasicConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX); if (!metadataToLoad.isEmpty()) { Logger.info("Load static configurated eIDAS metadata ... "); for (String metaatalocation : metadataToLoad.values()) { @@ -441,14 +441,14 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider imp //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( PVPConstants.SSLSOCKETFACTORYNAME, - basicConfig.getBasicMOAIDConfigurationBoolean( + basicConfig.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), moaAuthConfig.getTrustedCACertificates(), null, AuthConfiguration.DEFAULT_X509_CHAININGMODE, moaAuthConfig.isTrustmanagerrevoationchecking(), moaAuthConfig.getRevocationMethodOrder(), - moaAuthConfig.getBasicMOAIDConfigurationBoolean( + moaAuthConfig.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java index a58bc4f8d..3b976b99e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java @@ -12,10 +12,12 @@ import org.springframework.stereotype.Component; import com.google.common.collect.UnmodifiableIterator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egiz.eid4u.api.attributes.Definitions; @@ -23,7 +25,6 @@ import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants; import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper; -import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; @@ -43,6 +44,7 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { @Autowired private OAuth20AuthAction openIDAuthAction; @Autowired private ITransactionStorage transactionStorage; @Autowired private AuthenticationDataBuilder authDataBuilder; + @Autowired(required=true) protected IConfigurationWithSP authConfigWithSp; @Override public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp) @@ -84,6 +86,12 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { } + if (MiscUtil.isEmpty(scopes)) { + scopes = "ANY@tugraz.idm.attr.EmailStud"; + Logger.info("Add dummy-scope: '" + scopes + "' because its emtpy!!"); + + } + Logger.debug("Load eID4U AP-Config:" + " EntityID: " + uniqueID + " RedirectURL:" + redirectURI @@ -96,10 +104,10 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { //generate fake OpenID_Connect request OAuth20AuthRequest fakeOpenIDReq = new OAuth20AuthRequest(); - fakeOpenIDReq.initialize(httpReq, authConfig); + fakeOpenIDReq.initialize(httpReq, authConfigWithSp); fakeOpenIDReq.setSPEntityId(uniqueID); fakeOpenIDReq.setModule(OAuth20Protocol.NAME); - fakeOpenIDReq.setOnlineApplicationConfiguration(authConfig.getServiceProviderConfiguration(uniqueID)); + fakeOpenIDReq.setOnlineApplicationConfiguration(authConfigWithSp.getServiceProviderConfiguration(uniqueID)); fakeOpenIDReq.setScope("openId profile"); //populate with SessionData diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java index e878f8ab1..3e7dcbdfc 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java @@ -86,7 +86,7 @@ public class ReceiveConsentForAddtionalAttributesTask extends AbstractAuthServle tokenServiceURL); CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient( sslFactory, - authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); + authConfig.getBasicConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); //build request URL URIBuilder uriBuilderToken = new URIBuilder(tokenServiceURL); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java index d2323d161..4a6f83e5f 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java @@ -36,9 +36,9 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator; import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.data.IMOAAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index 7c9e66ba0..3ba7664a8 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -48,7 +48,7 @@ import at.gv.egiz.eaaf.core.api.idp.IModulInfo; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; -import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; @@ -82,7 +82,7 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException; * @author tlenz */ @Controller -public class EIDASProtocol extends AbstractAuthProtocolModulController implements IModulInfo { +public class EIDASProtocol extends AbstractController implements IModulInfo { public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE"; @@ -169,7 +169,8 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement pendingReq.setAction(eIDASAuthenticationRequest.class.getName()); //switch to session authentication - performAuthentication(req, resp, pendingReq); + protAuthService.performAuthentication(req, resp, pendingReq); + } /* @@ -375,6 +376,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement } catch (MOAIDException e) { Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage()); + Logger.debug("eIDAS AuthnReq: " + base64SamlToken); //write revision log entries if (pendingReq != null) @@ -384,6 +386,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement } catch (EIDASSAMLEngineException e) { Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage()); + Logger.debug("eIDAS AuthnReq: " + base64SamlToken); //write revision log entries if (pendingReq != null) @@ -393,6 +396,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement } catch(Exception e) { Logger.warn("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage(), e); + Logger.debug("eIDAS AuthnReq: " + base64SamlToken); //write revision log entries if (pendingReq != null) diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java index 7b4c16a5a..cc4026253 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java @@ -9,17 +9,31 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eid4u.api.attributes.Definitions; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; +import at.gv.egovernment.moa.logging.Logger; @eIDASMetadata public class CurrentDegreeAttrBuilder implements IeIDASAttribute { + private static final String DELIMITER = ";"; + @Override public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeBuilderException { String idType= authData.getGenericData(getName(), String.class); - if (StringUtils.isNotEmpty(idType)) - return g.buildStringAttribute(Definitions.CURRENTDEGREE_FRIENDLYNAME, getName(), idType); + if (StringUtils.isNotEmpty(idType)) { + String[] split = idType.split(DELIMITER); + if (split.length > 1) { + Logger.debug("Find more than one attribute values: " + idType + " Using first one ... "); + return g.buildStringAttribute(Definitions.CURRENTDEGREE_FRIENDLYNAME, getName(), split[0]); + + } else { + return g.buildStringAttribute(Definitions.CURRENTDEGREE_FRIENDLYNAME, getName(), idType); + + } + + + } else throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java index 5210676c2..a0a7ff95e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java @@ -9,19 +9,44 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eid4u.api.attributes.Definitions; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; +import at.gv.egovernment.moa.logging.Logger; @eIDASMetadata public class CurrentLevelOfStudyAttrBuilder implements IeIDASAttribute { + private static final String DELIMITER = ";"; + @Override public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeBuilderException { String idType= authData.getGenericData(getName(), String.class); - if (StringUtils.isNotEmpty(idType)) + if (StringUtils.isNotEmpty(idType)) { + String[] split = idType.split(DELIMITER); + if (split.length > 1) { + //select the highest level + int currentValue = -1; + for (String el : split) { + int elInt; + try { + elInt = Integer.valueOf(el); + if (currentValue < elInt) + currentValue = elInt; + + } catch (NumberFormatException e) { + Logger.warn("Can NOT convert CurrentLevelOfStudy: " + el, e); + + } + + } + + idType = String.valueOf(currentValue); + + } + return g.buildStringAttribute(Definitions.CURRENTLEVELOFSTUDY_FRIENDLYNAME, getName(), idType); - else + } else throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java index ba486079e..28023a219 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java @@ -13,15 +13,34 @@ import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata @eIDASMetadata public class FieldOfStudyAttrBuilder implements IeIDASAttribute { + private static final String DELIMITER = ";"; + private static final String UNDEFINED_CODE = "9999"; + @Override public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeBuilderException { String idType= authData.getGenericData(getName(), String.class); - if (StringUtils.isNotEmpty(idType)) + if (StringUtils.isNotEmpty(idType)) { + String[] split = idType.split(DELIMITER); + if (split.length > 1) { + String currentSelected = UNDEFINED_CODE; + for (String el : split) { + if (!el.equals(currentSelected)) { + //select first that is not undefined code + currentSelected = el; + break; + } + + } + + idType = currentSelected; + } + + return g.buildStringAttribute(Definitions.FIELDOFSTUDY_FRIENDLYNAME, getName(), idType); - else + } else throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java b/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java index 0daa90b40..1df15cf24 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java @@ -37,8 +37,8 @@ public class AttributeScopeMapperTest { Assert.assertTrue("eID4u attribte-table is EMPTY after mapping", !result.isEmpty()); - Assert.assertTrue(result.containsKey(Definitions.COUNTRYOFBIRTH_NAME)); - Assert.assertEquals("", result.get(Definitions.COUNTRYOFBIRTH_NAME)); + Assert.assertFalse(result.containsKey(Definitions.COUNTRYOFBIRTH_NAME)); + //Assert.assertEquals("", result.get(Definitions.COUNTRYOFBIRTH_NAME)); Assert.assertTrue(result.containsKey(Definitions.CURRENTDEGREE_NAME)); Assert.assertEquals("Dr.techn.", result.get(Definitions.CURRENTDEGREE_NAME)); |