add first untested parts for eIDAS SAML-engine configuration

11 files changed, 876 insertions, 10 deletions

diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml
index efd903cdb..43ba6bc20 100644
--- a/id/server/modules/moa-id-module-eIDAS/pom.xml
+++ b/id/server/modules/moa-id-module-eIDAS/pom.xml
@@ -11,6 +11,10 @@
   
   <properties>
 		<repositoryPath>${basedir}/../../../../repository</repositoryPath>
+		
+		<eidas-commons.version>eidas.1.0</eidas-commons.version>
+		<eidas-saml-engine.version>eidas.1.0</eidas-saml-engine.version>
+		
 	</properties>
   
   <dependencies>
@@ -23,10 +27,77 @@
 		<dependency>
 			<groupId>junit</groupId>
 			<artifactId>junit</artifactId>
-			<version>${junit.version}</version>
 			<scope>test</scope>
 		</dependency>
   
+		<!-- eidas Commons -->
+		<dependency>
+    		<groupId>eu.eidas</groupId>
+    		<artifactId>eidas-commons</artifactId>
+    		<version>${eidas-commons.version}</version>
+			<!--scope>provided</scope-->
+            <exclusions>
+                <exclusion>
+                    <groupId>log4j</groupId>
+                    <artifactId>log4j</artifactId>
+                </exclusion>
+                <exclusion>
+                	<artifactId>log4j-over-slf4j</artifactId>
+                	<groupId>org.slf4j</groupId>
+                </exclusion>
+            </exclusions>
+		</dependency>
+
+		<!-- eidas SAML Engine -->
+		<dependency> 
+    		<groupId>eu.eidas</groupId>
+    		<artifactId>saml-engine</artifactId>
+    		<version>${eidas-saml-engine.version}</version>
+    		<scope>compile</scope>
+			<exclusions>
+				<exclusion>
+					<groupId>org.slf4j</groupId>
+					<artifactId>slf4j-simple</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.slf4j</groupId>
+					<artifactId>jcl-over-slf4j</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.slf4j</groupId>
+					<artifactId>slf4j-api</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.slf4j</groupId>
+					<artifactId>jul-to-slf4j</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.slf4j</groupId>
+					<artifactId>log4j-over-slf4j</artifactId>
+				</exclusion>
+                <exclusion>
+                    <groupId>xalan</groupId>
+                    <artifactId>serializer</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>xalan</groupId>
+                    <artifactId>xalan</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>xerces</groupId>
+                    <artifactId>xercesImpl</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>xml-resolver</groupId>
+                    <artifactId>xml-resolver</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>xml-apis</groupId>
+                    <artifactId>xml-apis</artifactId>
+                </exclusion>
+			</exclusions>
+		</dependency>  
+  
   
   </dependencies>
   
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
new file mode 100644
index 000000000..14fde95a0
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+/**
+ * @author tlenz
+ *
+ */
+public class Constants {
+
+	public static final String eIDAS_SAML_ENGINE_NAME = "MOA_eIDASEninge";
+		
+	//default keys for eIDAS SAML-engine configuration
+	public static final String eIDAS_SAML_ENGINE_NAME_ID_BASICCONFIG = "SamlEngineConf";
+	public static final String eIDAS_SAML_ENGINE_NAME_ID_SIGNATURECONFIG = "SignatureConf";
+	public static final String eIDAS_SAML_ENGINE_NAME_ID_ENCRYPTIONCONFIG = "EncryptionConf";
+	public static final String eIDAS_SAML_ENGINE_NAME_ID_CLASS = "class";
+	
+	//default implementations for eIDAS SAML-engine functionality
+	public static final String SAML_SIGNING_IMPLENTATION = "eu.eidas.auth.engine.core.impl.SignSW";
+	public static final String SAML_ENCRYPTION_IMPLENTATION = "eu.eidas.auth.engine.core.impl.EncryptionSW";
+	
+	//configuration property keys
+	public static final String CONIG_PROPS_EIDAS_PREFIX="moa.id.protocols.eIDAS";
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE="samlengine";
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX=CONIG_PROPS_EIDAS_PREFIX + "." + CONIG_PROPS_EIDAS_SAMLENGINE;
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_BASIC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + ".config.file";
+	
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_SIGN="sign";
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT="enc";
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_SIGN_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + "." 
+			+ CONIG_PROPS_EIDAS_SAMLENGINE_SIGN + ".config.file";
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_ENC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + "." 
+			+ CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT + ".config.file";
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java
new file mode 100644
index 000000000..9b634ff4d
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java
@@ -0,0 +1,118 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.config;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+import eu.eidas.config.ConfigurationException;
+import eu.eidas.samlengineconfig.AbstractCertificateConfigurationManager;
+import eu.eidas.samlengineconfig.EngineInstance;
+import eu.eidas.samlengineconfig.SamlEngineConfiguration;
+import eu.eidas.samlengineconfig.impl.SamlEngineConfigurationImpl;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAIDCertificateManagerConfigurationImpl extends
+		AbstractCertificateConfigurationManager {
+
+    private SamlEngineConfiguration samlEngineConfiguration =null;
+	
+    @Override
+	public boolean isActive() {
+		return true;
+	}
+    
+    /**
+	 * 
+	 */
+	public MOAIDCertificateManagerConfigurationImpl() {
+		try {
+			initalizeConfiguration();
+			
+		} catch (at.gv.egovernment.moa.id.config.ConfigurationException e) {
+			Logger.error("eIDAS SAML-engine initialization FAILED", e);
+			
+		}
+	}
+    
+	
+	/* (non-Javadoc)
+	 * @see eu.eidas.samlengineconfig.CertificateConfigurationManager#addConfiguration(java.lang.String, java.lang.String, java.util.Map, boolean)
+	 */
+	@Override
+	public void addConfiguration(String paramString1, String paramString2,
+			Map<String, String> paramMap, boolean paramBoolean) {
+		throw new ConfigurationException("","not yet implemented");
+
+	}
+
+	/* (non-Javadoc)
+	 * @see eu.eidas.samlengineconfig.CertificateConfigurationManager#getInstance(java.lang.String)
+	 */
+	@Override
+	public EngineInstance getInstance(String paramString) {
+		return getConfiguration().get(paramString);
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see eu.eidas.samlengineconfig.CertificateConfigurationManager#getConfiguration()
+	 */
+	@Override
+	public Map<String, EngineInstance> getConfiguration() {
+		if(samlEngineConfiguration == null){
+			try {
+				initalizeConfiguration();
+				
+			} catch (at.gv.egovernment.moa.id.config.ConfigurationException e) {
+				Logger.error("eIDAS SAML-engine initialization FAILED", e);
+				
+			}
+			
+		}
+		
+		return samlEngineConfiguration==null?new HashMap<String, EngineInstance>():((MOAeIDASSAMLEngineConfigurationImpl) samlEngineConfiguration).getInstanceMap();
+		
+	}
+	
+	
+	/**
+	 * Initialize eIDAS SAML-engine from MOA-ID configuration
+	 * @throws at.gv.egovernment.moa.id.config.ConfigurationException 
+	 * 
+	 */
+	private void initalizeConfiguration() throws at.gv.egovernment.moa.id.config.ConfigurationException {
+		//initialize configuration
+		MOAeIDASSAMLEngineConfigurationImpl tmp = new MOAeIDASSAMLEngineConfigurationImpl();
+		tmp.initialize();
+				
+		//set initialized configuration
+		samlEngineConfiguration = tmp;
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
new file mode 100644
index 000000000..28bd2fc04
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
@@ -0,0 +1,265 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.config;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URISyntaxException;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+import eu.eidas.samlengineconfig.BinaryParameter;
+import eu.eidas.samlengineconfig.ConfigurationParameter;
+import eu.eidas.samlengineconfig.EngineInstance;
+import eu.eidas.samlengineconfig.InstanceConfiguration;
+import eu.eidas.samlengineconfig.PropsParameter;
+import eu.eidas.samlengineconfig.SamlEngineConfiguration;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAeIDASSAMLEngineConfigurationImpl extends
+		SamlEngineConfiguration {
+	
+    private static final String KEYSTORE_PATH="keystorePath";
+    private static final String METADATA_KEYSTORE_PATH="metadata.keystorePath";
+    private static final String ENCRYPTION_ACTIVATION="encryptionActivation";
+    private static final String[] BINARY_PARAMETERS={KEYSTORE_PATH, ENCRYPTION_ACTIVATION,METADATA_KEYSTORE_PATH};
+		
+    public List<EngineInstance> getInstances(){
+        return super.getInstances();
+    }
+	
+    @Override
+    public void setInstances(List<EngineInstance> engineInstances) {
+        super.setInstances(engineInstances);
+        
+    }
+    
+    public Map<String, EngineInstance> getInstanceMap() {
+        Map<String, EngineInstance> result = new HashMap<String, EngineInstance>();
+        for(EngineInstance instance:getInstances()) {
+        	
+            result.put(instance.getName(), instance);
+        }
+        
+        return result;
+    }
+    
+    //initialize
+    public void initialize() throws ConfigurationException { 
+    	//create an eIDAS SAML-engine instance
+    	EngineInstance engineInst = new EngineInstance();
+    	engineInst.setName(Constants.eIDAS_SAML_ENGINE_NAME);    	    	
+    	List<InstanceConfiguration> engineConfigs = new ArrayList<InstanceConfiguration>();
+		engineInst.setConfigurations(engineConfigs);
+    	
+		//add configurations
+		
+		//add basic eIDAS SAML-engine configuration
+		MOAeIDASSAMLInstanceConfigurationImpl samlBaseConfig = new MOAeIDASSAMLInstanceConfigurationImpl();
+		samlBaseConfig.setName(Constants.eIDAS_SAML_ENGINE_NAME_ID_BASICCONFIG);				
+		samlBaseConfig.addParameter(loadConfigurationFromExternalFile(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_BASIC_CONFIGFILE));
+		engineConfigs.add(samlBaseConfig);
+				
+		//add signing eIDAS SAML-engine configuration
+		MOAeIDASSAMLInstanceConfigurationImpl samlSignConfig = new MOAeIDASSAMLInstanceConfigurationImpl();
+		samlSignConfig.setName(Constants.eIDAS_SAML_ENGINE_NAME_ID_SIGNATURECONFIG);		
+		samlSignConfig.addParameter(Constants.eIDAS_SAML_ENGINE_NAME_ID_CLASS, 
+				Constants.SAML_SIGNING_IMPLENTATION);
+		
+		//TODO: load signing keys directly from MOA-ID configuration in finale version
+		samlBaseConfig.addParameter(loadConfigurationFromExternalFile(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_SIGN_CONFIGFILE));
+		engineConfigs.add(samlSignConfig);
+		
+		//add encryption eIDAS SAML-engine configuration
+		MOAeIDASSAMLInstanceConfigurationImpl samlEncConfig = new MOAeIDASSAMLInstanceConfigurationImpl();
+		samlEncConfig.setName(Constants.eIDAS_SAML_ENGINE_NAME_ID_ENCRYPTIONCONFIG);		
+
+		//TODO: load encryption keys directly from MOA-ID configuration in finale version
+		samlBaseConfig.addParameter(loadConfigurationFromExternalFile(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_ENC_CONFIGFILE));
+		engineConfigs.add(samlEncConfig);
+		
+		super.addInstance(engineInst);
+		
+    }
+    
+    /**
+     *	Load an external eIDAS SAML-engine configuration file, which is referenced from MOA-ID configuration
+     * 
+     * @param key Configuration key, which is used in property based MOA-ID configuration file
+     * @return eIDAS SAML-engine configuration object
+     * @throws ConfigurationException
+     */
+        
+    private ConfigurationParameter loadConfigurationFromExternalFile(String key) throws ConfigurationException {
+		String configFile = 
+				AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration(key);
+		if (MiscUtil.isEmpty(configFile)) {
+			Logger.warn("No eIDAS SAML-engine configuration key: " 
+					+ key + " found in MOA-ID properties configuration file.");
+			//throw new EIDASEngineConfigurationException("No eIDAS SAML-engine configuration property.", null);
+			return null;
+		}
+		
+		Properties inputProps = loadPropsFromXml(configFile);    	
+		return buildPropsParameter(inputProps, configFile);
+    	
+    }
+    
+    
+    private PropsParameter buildPropsParameter(Properties inputProps, String fileName) throws EIDASEngineConfigurationException {
+    	PropsParameter outputProps = new PropsParameter();
+    	outputProps.setFileName(fileName);
+    	
+    	//original eIDAS SAML-engine use this identifier
+    	outputProps.setName("fileConfiguration");
+    	
+    	outputProps.setValue(inputProps);
+
+    	//post-process special parameters
+    	for(String key:BINARY_PARAMETERS) {
+            Object keystorePath = inputProps.get(key);
+            if (keystorePath != null) {
+            	if (keystorePath instanceof String && 
+            			isBinaryParameter((String)keystorePath) ) {
+            		BinaryParameter bp = new BinaryParameter();
+            		bp.setValue(loadBinaryFile(keystorePath.toString()));
+            		bp.setName(key);
+            		bp.setUrl(keystorePath.toString());
+            		inputProps.put(key, bp);
+                
+            	} else {
+            		Logger.warn("eIDAS SAML-engine keyStore parameter has an unsuspected type. +" +
+            				"(Type: " + keystorePath.toString() + ")");
+            	
+            	}
+            }
+        }
+    	
+    	return outputProps;
+    }
+    
+    private boolean isBinaryParameter(String parameter) {
+    	if (MiscUtil.isNotEmpty(parameter)) {
+    		String absoluteConfigFile;
+			try {
+				absoluteConfigFile = FileUtils.makeAbsoluteURL(
+						parameter,
+						AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir());
+				File file = new File(new URL(absoluteConfigFile).toURI());
+	    		return file.exists();
+	    		
+			} catch (ConfigurationException | MalformedURLException | URISyntaxException e) {
+				Logger.warn("Binary eIDAS SAML-engine configuration parameter: " 
+						+ parameter + " is not loadable.");
+				
+			}
+     		
+    	}
+    	
+    	return false;
+        
+    }
+    
+    private byte[] loadBinaryFile(String fileName) throws EIDASEngineConfigurationException{
+    	InputStream is = null;
+    	byte data[]=null;
+    	try {
+    		String absoluteConfigFile = FileUtils.makeAbsoluteURL(
+    				fileName,
+    				AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir());
+    		
+    		File file = new File(new URL(absoluteConfigFile).toURI());
+    		is = new FileInputStream(file);
+    		data=new byte[is.available()];
+            is.read(data);
+    		
+    	} catch (ConfigurationException | URISyntaxException | IOException e) {
+    		throw new EIDASEngineConfigurationException("eIDAS SAML-engine configuration FAILED", null, e);
+    				
+    	} finally {
+    		if (is != null)
+				try {
+					is.close();
+					
+				} catch (IOException e) {
+					Logger.warn("eIDAS SAML-engine configuration is not closeable.", e);
+					
+				}
+    		
+    	}
+    	
+    	return data;
+        
+    }
+    
+    private Properties loadPropsFromXml(String configFile) throws EIDASEngineConfigurationException {
+    	Properties props = new Properties();
+    	InputStream is = null;
+    	try {
+    		String absoluteConfigFile = FileUtils.makeAbsoluteURL(
+    				configFile,
+    				AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir());
+    		
+    		File file = new File(new URL(absoluteConfigFile).toURI());
+    		is = new FileInputStream(file);
+    		props.loadFromXML(is);
+    		
+    	} catch (ConfigurationException | URISyntaxException | IOException e) {
+    		throw new EIDASEngineConfigurationException("eIDAS SAML-engine configuration FAILED", null, e);
+    				
+    	} finally {
+    		if (is != null)
+				try {
+					is.close();
+					
+				} catch (IOException e) {
+					Logger.warn("eIDAS SAML-engine configuration is not closeable.", e);
+					
+				}
+    		
+    	}
+    	
+    	return props;
+    	    	
+    }
+    
+    
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
new file mode 100644
index 000000000..dccd39905
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.config;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import eu.eidas.samlengineconfig.ConfigurationParameter;
+import eu.eidas.samlengineconfig.InstanceConfiguration;
+import eu.eidas.samlengineconfig.StringParameter;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAeIDASSAMLInstanceConfigurationImpl extends
+		InstanceConfiguration {
+
+	public void addParameter(ConfigurationParameter param) {
+		if (param != null) {
+			List<ConfigurationParameter> paramList = super.getParameters();
+			if (paramList == null) {
+				paramList = new ArrayList<ConfigurationParameter>();
+				super.setParameters(paramList);
+			
+			}
+		
+			paramList.add(param);
+		}		
+	}
+	
+	public void addParameter(String key, String value) {
+		StringParameter param = new StringParameter();
+		param.setName(key);
+		param.setValue(value);		
+		addParameter(param);
+		
+	}
+		
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
index 5ad13970e..7b044522c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
@@ -22,6 +22,8 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas;
 
+import org.apache.commons.lang3.StringUtils;
+
 import at.gv.egovernment.moa.id.auth.modules.AuthModule;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 
@@ -31,13 +33,19 @@ import at.gv.egovernment.moa.id.process.api.ExecutionContext;
  */
 public class eIDASAuthenticationModulImpl implements AuthModule {
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
-	 */
+	private int priority = 1;
+
 	@Override
 	public int getPriority() {
-		// TODO Auto-generated method stub
-		return 0;
+		return priority;
+	}
+
+	/**
+	 * Sets the priority of this module. Default value is {@code 0}.
+	 * @param priority The priority.
+	 */
+	public void setPriority(int priority) {
+		this.priority = priority;
 	}
 
 	/* (non-Javadoc)
@@ -45,8 +53,12 @@ public class eIDASAuthenticationModulImpl implements AuthModule {
 	 */
 	@Override
 	public String selectProcess(ExecutionContext context) {
-		// TODO Auto-generated method stub
-		return null;
+		if (StringUtils.isNotBlank((String) context.get("ccc")) || 
+				StringUtils.isNotBlank((String) context.get("CCC"))) 
+			return "eIDASAuthentication";
+		else
+			return null;
+		
 	}
 
 	/* (non-Javadoc)
@@ -54,7 +66,7 @@ public class eIDASAuthenticationModulImpl implements AuthModule {
 	 */
 	@Override
 	public String[] getProcessDefinitions() {
-		return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthentication.process.xml" };
+		return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml" };
 	}
 
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java
new file mode 100644
index 000000000..98bc559d2
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EIDASEngineConfigurationException extends ConfigurationException {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1L;
+	
+	/**
+	 * @param messageId
+	 * @param parameters
+	 * @param wrapped
+	 */
+	public EIDASEngineConfigurationException(String messageId,
+			Object[] parameters, Throwable wrapped) {
+		super(messageId, parameters, wrapped);
+	}
+
+	/**
+	 * @param string
+	 * @param object
+	 */
+	public EIDASEngineConfigurationException(String string, Object[] object) {
+		super(string, object);
+	}
+
+
+
+	
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
new file mode 100644
index 000000000..95690bbeb
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+
+/**
+ * @author tlenz
+ *
+ */
+public class EIDASEngineException extends Exception {
+
+	/**
+	 * @param string
+	 * @param e
+	 */
+	public EIDASEngineException(String string, Throwable e) {
+		super(string, e);
+	}
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1559812927427153879L;
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
new file mode 100644
index 000000000..0d9816f65
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import eu.eidas.auth.commons.EIDASAuthnRequest;
+import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.commons.IPersonalAttributeList;
+import eu.eidas.auth.commons.PersonalAttribute;
+import eu.eidas.auth.commons.PersonalAttributeList;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
+
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext,
+			HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+		
+		
+		
+		IPersonalAttributeList pAttList = new PersonalAttributeList();
+		
+		//create template requested attribute
+		//TODO: load required attributes from OA configuration
+		PersonalAttribute attr = new PersonalAttribute();
+		
+		pAttList.add(attr);
+		
+		
+		
+		
+		//build eIDAS AuthnRequest
+		EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
+		
+		
+		try{
+			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+            engine.initRequestedAttributes(pAttList);
+			authnRequest = engine.generateEIDASAuthnRequest(authnRequest);
+			
+		}catch (EIDASSAMLEngineException e){
+			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
+			throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", 
+					new EIDASEngineException("Could not generate token for Saml Request", e));
+			
+		} catch (EIDASEngineException e) {
+			throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", e);
+			
+		}	
+
+		//encode AuthnRequest
+		byte[] token = authnRequest.getTokenSaml();		
+		String SAMLRequest = EIDASUtil.encodeSAMLToken(token);
+		
+		
+		//send
+
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
new file mode 100644
index 000000000..0d6a49a47
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
+import eu.eidas.samlengineconfig.CertificateConfigurationManager;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SAMLEngineUtils {
+
+	public static EIDASSAMLEngine createSAMLEngine() throws EIDASEngineException{
+		
+		try {
+			//get eIDAS SAMLengine configuration from MOA-ID configuration
+			CertificateConfigurationManager configManager = new MOAIDCertificateManagerConfigurationImpl();
+			
+			//initial eIDAS SAMLengine
+			EIDASSAMLEngine engine = EIDASSAMLEngine.createSAMLEngine(Constants.eIDAS_SAML_ENGINE_NAME,
+						configManager);
+
+			//set Metadata managment to eIDAS SAMLengine
+			//TODO: implement Metadata processor
+			engine.setMetadataProcessor(null);
+			
+			return engine;
+			
+		} catch (EIDASSAMLEngineException e) {
+			Logger.error("eIDAS SAMLengine initialization FAILED!", e);
+			throw new EIDASEngineException("eIDAS SAMLengine initialization FAILED!", e);
+			
+		}
+								
+	}
+	
+	public static void main(String[] args) {
+		try {
+			EIDASSAMLEngine test = createSAMLEngine();
+			
+			
+		} catch (EIDASEngineException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+			
+		}
+		
+		System.out.println("Success");
+		
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
index 111ef972e..fe1974b4d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
@@ -2,12 +2,15 @@
 <pd:ProcessDefinition id="eIDASAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
 
 
+	<pd:Task id="createAuthnRequest" 							 		 class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.GenerateAuthnRequestTask" />
 	<pd:Task id="finalizeAuthentication" 							 class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.FinalizeAuthenticationTask" />
 
 	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
 	<pd:StartEvent id="start" />
 	
-	<pd:Transition from="start" to="finalizeAuthentication" />
+	<pd:Transition from="start" to="createAuthnRequest" />
+	
+	<pd:Transition from="createAuthnRequest" to="finalizeAuthentication" />
 	
 	<pd:Transition from="finalizeAuthentication"    to="end" />