Merge tag 'MOA-ID-3.4.2'

3 files changed, 106 insertions, 10 deletions

diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml
index 8b232cf29..3a401d80e 100644
--- a/id/server/modules/moa-id-modules-saml1/pom.xml
+++ b/id/server/modules/moa-id-modules-saml1/pom.xml
@@ -38,10 +38,10 @@
   
   	<!-- Only for development to use SAML1 protocol
   			 SAML1 is removed from official OPB release -->
-  	<dependency>
+<!--   	<dependency>
   		<groupId>MOA.id.server.modules</groupId>
   		<artifactId>moa-id-module-eIDAS</artifactId>
-  	</dependency>
+  	</dependency> -->
   
 <!--     <dependency>
 			<groupId>MOA</groupId>
@@ -62,10 +62,10 @@
   		 <artifactId>moa-id-modul-citizencard_authentication</artifactId>
   	</dependency>
   	
-  	<dependency>
+<!--   	<dependency>
   		 <groupId>MOA.id.server.modules</groupId>
   		 <artifactId>moa-id-module-eIDAS</artifactId>
-  	</dependency>
+  	</dependency> -->
   	
   	    <dependency>
             <groupId>junit</groupId>
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index c8f01f67d..64a4bae63 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -48,6 +48,7 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
@@ -71,7 +72,13 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
@@ -338,7 +345,92 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 						ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
 				
 			}
-									
+			
+			//add additional bPKs and foreign bPKs in case of Austrian eID demo-mode
+			if (Boolean.parseBoolean(
+					oaParam.getConfigurationValue(
+							MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, 
+							String.valueOf(false)))) {
+				Logger.info("Demo-mode for 'New Austrian eID' is active. Add additonal attributes ... ");
+				
+				if (oaAttributes == null)
+					oaAttributes = new ArrayList<ExtendedSAMLAttribute>();
+
+				try {
+					String additionalBpks = new BPKListAttributeBuilder().build(
+							oaParam, 
+							authData, 
+							new SimpleStringAttributeGenerator());
+					if (MiscUtil.isNotEmpty(additionalBpks)) {
+						Logger.trace("Adding additional bPKs: " + additionalBpks + " as attribute into SAML1 assertion ... ");
+						oaAttributes.add(new ExtendedSAMLAttributeImpl(
+								PVPAttributeDefinitions.BPK_LIST_FRIENDLY_NAME, additionalBpks,
+								Constants.MOA_NS_URI,
+								ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+					
+					}
+				} catch (AttributeBuilderException e) {
+					Logger.info("Can NOT build additional bPKs. Reason: " + e.getMessage());
+					
+				}
+				
+				try {
+					String encryptedBpks = new EncryptedBPKAttributeBuilder().build(
+							oaParam, 
+							authData, 
+							new SimpleStringAttributeGenerator());
+					if (MiscUtil.isNotEmpty(encryptedBpks)) {
+						Logger.trace("Adding foreign bPKs: " + encryptedBpks + " as attribute into SAML1 assertion ... ");
+						oaAttributes.add(new ExtendedSAMLAttributeImpl(
+								PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME, encryptedBpks,
+								Constants.MOA_NS_URI,
+								ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+					
+					}
+				} catch (AttributeBuilderException e) {
+					Logger.info("Can NOT build additional foreign bPKs. Reason: " + e.getMessage());
+					
+				}
+				
+				//for mandates
+				try {
+					String additionalMandatorBpks = new MandateNaturalPersonBPKListAttributeBuilder().build(
+							oaParam, 
+							authData, 
+							new SimpleStringAttributeGenerator());
+					if (MiscUtil.isNotEmpty(additionalMandatorBpks)) {
+						Logger.trace("Adding additional Mandator bPKs: " + additionalMandatorBpks + " as attribute into SAML1 assertion ... ");
+						oaAttributes.add(new ExtendedSAMLAttributeImpl(
+								PVPAttributeDefinitions.MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, additionalMandatorBpks,
+								Constants.MOA_NS_URI,
+								ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+					
+					}
+				} catch (AttributeBuilderException e) {
+					Logger.info("Can NOT build additional Mandator bPKs. Reason: " + e.getMessage());
+					
+				}
+				
+				try {
+					String encryptedMandatorBpks = new MandateNaturalPersonEncBPKListAttributeBuilder().build(
+							oaParam, 
+							authData, 
+							new SimpleStringAttributeGenerator());
+					if (MiscUtil.isNotEmpty(encryptedMandatorBpks)) {
+						Logger.trace("Adding foreign Mandator bPKs: " + encryptedMandatorBpks + " as attribute into SAML1 assertion ... ");
+						oaAttributes.add(new ExtendedSAMLAttributeImpl(
+								PVPAttributeDefinitions.MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, encryptedMandatorBpks,
+								Constants.MOA_NS_URI,
+								ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+					
+					}
+				} catch (AttributeBuilderException e) {
+					Logger.info("Can NOT build foreign Mandator bPKs. Reason: " + e.getMessage());
+					
+				}
+								
+			}
+						
 			String samlAssertion = null;
 			//add mandate info's
 			if (authData.isUseMandate()) {								
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 30d740a2a..20c66d7a2 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -41,11 +41,13 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -90,6 +92,8 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
 					PVPConstants.EID_SOURCE_PIN_TYPE_NAME
 			});
 	
+	@Autowired(required=true) AuthConfiguration moaAuthConfig;
+	
 	public String getName() {
 		return NAME;
 	}
@@ -102,11 +106,11 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
 	
 	@RequestMapping(value = "/StartAuthentication", method = {RequestMethod.POST, RequestMethod.GET})
 	public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException {		
-//		if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) {
-//			Logger.info("SAML1 is deaktivated!");
-//			throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" });
-//			
-//		}
+		if (!moaAuthConfig.getAllowedProtocols().isSAML1Active()) {
+			Logger.info("SAML1 is deaktivated!");
+			throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" });
+			
+		}
 		
 		SAML1RequestImpl pendingReq = applicationContext.getBean(SAML1RequestImpl.class);
 		pendingReq.initialize(req, authConfig);