aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-sl20_authentication
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2019-12-13 10:13:05 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2019-12-13 10:13:05 +0100
commit6fc2e600055d4737ce94d8a012eb3764bd7e93c8 (patch)
tree56aebaaac2c87458ebfd798a2c66f95718e1dd4e /id/server/modules/moa-id-module-sl20_authentication
parentde2e45024694c7eb5e033bc6b1bcb90f5f499b07 (diff)
parentbea0d19650b5fbbb48fcda0f39ef3a93d6cf6f1f (diff)
downloadmoa-id-spss-6fc2e600055d4737ce94d8a012eb3764bd7e93c8.tar.gz
moa-id-spss-6fc2e600055d4737ce94d8a012eb3764bd7e93c8.tar.bz2
moa-id-spss-6fc2e600055d4737ce94d8a012eb3764bd7e93c8.zip
Merge branch 'current_development' into development_preview
# Conflicts: # id/history.txt # id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java # pom.xml
Diffstat (limited to 'id/server/modules/moa-id-module-sl20_authentication')
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/pom.xml28
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java9
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java3
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java3
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java3
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java7
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java6
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java4
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java22
9 files changed, 54 insertions, 31 deletions
diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml
index 74aa6682b..d41e221af 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml
+++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml
@@ -5,7 +5,7 @@
<parent>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-modules</artifactId>
- <version>${moa-id-version}</version>
+ <version>4.1.0</version>
</parent>
<artifactId>moa-id-module-sl20_authentication</artifactId>
<name>moa-id-module-sl20_authentication</name>
@@ -45,6 +45,10 @@
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-lib</artifactId>
</dependency>
+ <dependency>
+ <groupId>at.gv.egiz.eaaf</groupId>
+ <artifactId>eaaf_module_auth_sl20</artifactId>
+ </dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
@@ -65,6 +69,7 @@
</dependency>
+ <!-- Dependencies for testing -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
@@ -75,6 +80,27 @@
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>xalan-bin-dist</groupId>
+ <artifactId>xml-apis</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>xalan-bin-dist</groupId>
+ <artifactId>xalan</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>xalan-bin-dist</groupId>
+ <artifactId>serializer</artifactId>
+ <scope>test</scope>
+ </dependency>
+
</dependencies>
</project>
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
index 9c2d47ca7..9142210c8 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
@@ -29,7 +29,7 @@ import javax.annotation.PostConstruct;
import org.springframework.beans.factory.annotation.Autowired;
-import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
@@ -77,11 +77,8 @@ public class SL20AuthenticationModulImpl implements AuthModule {
* @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
*/
@Override
- public String selectProcess(ExecutionContext context) {
- ISPConfiguration spConfig = (ISPConfiguration) context.get(EAAFConstants.PROCESSCONTEXT_SP_CONFIG);
-// if (spConfigObj != null && spConfigObj instanceof IOAAuthParameters)
-// spConfig = (IOAAuthParameters)spConfigObj;
-
+ public String selectProcess(ExecutionContext context, IRequest pendingReq) {
+ ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
String sl20ClientTypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase());
String sl20VDATypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase());
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
index a8c4a941e..a5a472ed8 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
@@ -31,6 +31,7 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
import at.gv.egovernment.moa.logging.Logger;
@@ -54,7 +55,7 @@ public class SL20SignalServlet extends AbstractProcessEngineSignalController {
Constants.HTTP_ENDPOINT_RESUME
},
method = {RequestMethod.POST, RequestMethod.GET})
- public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException {
Logger.trace("Receive req. on SL2.0 servlet with pendingReqId ... ");
signalProcessManagement(req, resp);
}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
index a02f86376..39364f062 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
@@ -32,6 +32,7 @@ import com.google.gson.JsonSyntaxException;
import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
+import at.gv.egiz.eaaf.core.impl.utils.X509Utils;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception;
@@ -40,11 +41,11 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoBuil
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.utils.X509Utils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
+
@Service
public class JsonSecurityUtils implements IJOSETools{
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java
index 599a67dfd..8a288b9b8 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java
@@ -19,6 +19,7 @@ import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils;
+import at.gv.egovernment.moa.id.auth.exception.ValidateException;
import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20eIDDataValidationException;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
@@ -112,7 +113,7 @@ public class QualifiedeIDVerifier {
// date and time
validateSigningDateTime(sigVerifyResult, authBlockExtractor);
- } catch ( Exception e) {
+ } catch ( ValidateException e) {
Logger.warn("Validation of eID information FAILED. ", e);
throw new SL20eIDDataValidationException(new Object[] {
SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL,
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
index 3408cf538..9c74a3cdb 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
@@ -55,6 +55,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
@Autowired(required=true) private IJOSETools joseTools;
@Autowired private AuthConfiguration moaAuthConfig;
+
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
throws TaskExecutionException {
@@ -97,7 +98,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
X509Certificate encCert = null;
- if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_ENABLE_EID_ENCRYPTION, true))
+ if (authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_ENABLE_EID_ENCRYPTION, true))
encCert = joseTools.getEncryptionCertificate();
else
Logger.info("eID data encryption is disabled by configuration");
@@ -120,7 +121,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
vdaQualeIDUrl);
CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient(
sslFactory,
- moaAuthConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true));
+ moaAuthConfig.getBasicConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true));
//build http POST request
HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualeIDUrl).build());
@@ -211,7 +212,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
private String extractVDAURLForSpecificOA(ISPConfiguration oaConfig, ExecutionContext executionContext) {
String spSpecificVDAEndpoints = oaConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS);
- Map<String, String> endPointMap = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
+ Map<String, String> endPointMap = moaAuthConfig.getBasicConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
if (MiscUtil.isNotEmpty(spSpecificVDAEndpoints)) {
endPointMap.putAll(KeyValueUtils.convertListToMap(
KeyValueUtils.getListOfCSVValues(
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
index fc386b796..1826f824d 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
@@ -103,10 +103,10 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
//validate signature
VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(
sl20ReqObj, joseTools,
- authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true));
+ authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true));
if ( (payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned())) {
- if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) {
+ if (authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) {
Logger.info("SL20 result from VDA was not valid signed");
throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."});
@@ -133,7 +133,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
JsonElement qualeIDResult = SL20JSONExtractorUtils.extractSL20Result(
payLoad, joseTools,
- authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_ENCRYPTION, true));
+ authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_ENCRYPTION, true));
//extract attributes from result
Map<String, String> eIDData = SL20JSONExtractorUtils.getMapOfStringElements(qualeIDResult);
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
index 0c97641c7..fa48b9c64 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
@@ -94,7 +94,7 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
//TODO: add LoA verification
} catch (MOAIDException e) {
- if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_DISABLE_EID_VALIDATION, false)) {
+ if (authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_DISABLE_EID_VALIDATION, false)) {
Logger.warn("SL20 eID data validation IS DISABLED!!");
Logger.warn("SL20 eID data IS NOT VALID!!! Reason: " + e.getMessage(), e);
@@ -116,6 +116,8 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
} else
moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()));
+ //set NeedConsent to false, because user gives consont during authentication
+ pendingReq.setNeedUserConsent(false);
//store pending request
requestStoreage.storePendingRequest(pendingReq);
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java
index fe12e9b76..b43eb22f8 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java
@@ -127,7 +127,7 @@ public class DummyAuthConfig implements AuthConfiguration {
}
@Override
- public Map<String, String> getBasicMOAIDConfigurationWithPrefix(String prefix) {
+ public Map<String, String> getBasicConfigurationWithPrefix(String prefix) {
// TODO Auto-generated method stub
return null;
}
@@ -395,45 +395,39 @@ public class DummyAuthConfig implements AuthConfiguration {
}
@Override
- public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) {
- // TODO Auto-generated method stub
- return false;
- }
-
- @Override
- public URI getConfigurationFilePath() {
+ public URI getConfigurationRootDirectory() {
// TODO Auto-generated method stub
return null;
}
@Override
- public URI getConfigurationRootDirectory() {
+ public ISPConfiguration getServiceProviderConfiguration(String arg0) throws EAAFConfigurationException {
// TODO Auto-generated method stub
return null;
}
@Override
- public Properties getFullConfigurationProperties() {
+ public <T> T getServiceProviderConfiguration(String arg0, Class<T> arg1) throws EAAFConfigurationException {
// TODO Auto-generated method stub
return null;
}
@Override
- public ISPConfiguration getServiceProviderConfiguration(String arg0) throws EAAFConfigurationException {
+ public String validateIDPURL(URL arg0) throws EAAFException {
// TODO Auto-generated method stub
return null;
}
@Override
- public <T> T getServiceProviderConfiguration(String arg0, Class<T> arg1) throws EAAFConfigurationException {
+ public Boolean getBasicConfigurationBoolean(String key) {
// TODO Auto-generated method stub
return null;
}
@Override
- public String validateIDPURL(URL arg0) throws EAAFException {
+ public boolean getBasicConfigurationBoolean(String key, boolean defaultValue) {
// TODO Auto-generated method stub
- return null;
+ return false;
}
}