Add initial version of ELGA mandate-service authentication-module

3 files changed, 90 insertions, 0 deletions

diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
new file mode 100644
index 000000000..1ebc153ce
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
@@ -0,0 +1 @@
+at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesSpringResourceProvider
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
new file mode 100644
index 000000000..1c0071c4a
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="DefaultAuthenticationWithELGAMandates" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
+
+<!--
+	- National authentication with Austrian Citizen Card and mobile signature with our without mandate.
+	- Legacy authentication for foreign citizens using MOCCA supported signature cards.
+-->
+	<pd:Task id="initializeBKUAuthentication" class="InitializeBKUAuthenticationTask" />
+	<pd:Task id="createIdentityLinkForm"    class="CreateIdentityLinkFormTask" />
+	<pd:Task id="verifyIdentityLink"        class="VerifyIdentityLinkTask"        async="true" />
+	<pd:Task id="verifyAuthBlock"           class="VerifyAuthenticationBlockTask" async="true" />
+	<pd:Task id="verifyCertificate"         class="VerifyCertificateTask"         async="true" />
+	<pd:Task id="getMISMandate"           	class="GetMISSessionIDTask"           async="true" />
+	<pd:Task id="certificateReadRequest"    class="CertificateReadRequestTask" />
+	<pd:Task id="prepareAuthBlockSignature" class="PrepareAuthBlockSignatureTask" />
+	<pd:Task id="prepareGetMISMandate" 			class="PrepareGetMISMandateTask" />
+	<pd:Task id="finalizeAuthentication" 		class="FinalizeAuthenticationTask" />
+	<pd:Task id="getForeignID"              class="GetForeignIDTask"              async="true" />
+
+	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
+	<pd:StartEvent id="start" />
+	
+	<pd:Transition from="start"                     to="initializeBKUAuthentication" />
+	
+	<pd:Transition from="initializeBKUAuthentication" to="createIdentityLinkForm" />
+	
+	<pd:Transition from="createIdentityLinkForm"    to="verifyIdentityLink" />
+	
+	<pd:Transition from="verifyIdentityLink"        to="certificateReadRequest" conditionExpression="!ctx['identityLinkAvailable'] || ctx['useMandate']" />
+	<pd:Transition from="verifyIdentityLink"        to="prepareAuthBlockSignature" />
+	
+	<pd:Transition from="prepareAuthBlockSignature" to="verifyAuthBlock" />
+	<!-- Note: verifyAuthBlock still creates a MIS session and redirects the user to the MIS gui. This should be separated from the auth block verification. -->
+	
+	<pd:Transition from="certificateReadRequest"    to="verifyCertificate" />
+	<!-- Note: verifyCertificate still creates the auth block to be signed which should be separated from certificat verification. -->
+	
+	<pd:Transition from="verifyCertificate"         to="verifyAuthBlock" conditionExpression="ctx['useMandate']" />
+	<pd:Transition from="verifyCertificate"         to="getForeignID" />
+	
+	<pd:Transition from="verifyAuthBlock"           to="prepareGetMISMandate" conditionExpression="ctx['useMandate']" />
+	<pd:Transition from="verifyAuthBlock"           to="finalizeAuthentication" />
+	
+	<pd:Transition from="prepareGetMISMandate"      to="getMISMandate" />
+		
+	<pd:Transition from="getMISMandate"           	to="finalizeAuthentication" />
+	<pd:Transition from="getForeignID"              to="finalizeAuthentication" />
+	
+	<pd:Transition from="finalizeAuthentication"    to="end" />
+		
+	<pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml
new file mode 100644
index 000000000..89f1edd06
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xmlns:tx="http://www.springframework.org/schema/tx"
+	xmlns:aop="http://www.springframework.org/schema/aop"
+	xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+ 
+<!-- ELGA mandate-service client beans -->
+	<bean id="elgaMandatesAuthModule" class="at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthModuleImpl">
+		<property name="priority" value="1" />
+	</bean>
+
+	<bean id="FederatedAuthCredentialProvider"
+	      class="at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider"/>
+
+	<bean	id="FederatedAuthMetadataController"
+				class="at.gv.egovernment.moa.id.auth.modules.federatedauth.controller.FederatedAuthMetadataController"/>
+									
+	<bean	id="FederatedAuthSignalController"
+				class="at.gv.egovernment.moa.id.auth.modules.federatedauth.controller.FederatedAuthSignalController"/>
+	
+	
+<!-- Federated Authentication Process Tasks -->
+	<bean id="CreateFederatedAuthnRequestTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.federatedauth.tasks.CreateAuthnRequestTask"
+				scope="prototype"/>
+				
+	<bean id="ReceiveFederatedAuthnResponseTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.federatedauth.tasks.ReceiveAuthnResponseTask"
+				scope="prototype"/>
+																								
+</beans>
\ No newline at end of file