diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2019-02-27 10:08:31 +0100 |
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2019-02-27 10:08:31 +0100 |
| commit | d23e3745dd4a40196b03f937b9ba8c4ed840a108 (patch) | |
| tree | 2195fbe110c392728b3009aa545363540a94294e /id/server | |
| parent | 86aa898406f539fd06129360c58c654afc62e904 (diff) | |
| parent | f923a89436377f581c6e2ab6637024aa068bf9fb (diff) | |
| download | moa-id-spss-d23e3745dd4a40196b03f937b9ba8c4ed840a108.tar.gz moa-id-spss-d23e3745dd4a40196b03f937b9ba8c4ed840a108.tar.bz2 moa-id-spss-d23e3745dd4a40196b03f937b9ba8c4ed840a108.zip | |
Merge tag 'MOA-ID-3.4.2'
Diffstat (limited to 'id/server')
122 files changed, 3898 insertions, 2203 deletions
diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties index 6dddb454a..678c381cb 100644 --- a/id/server/data/deploy/conf/moa-id/moa-id.properties +++ b/id/server/data/deploy/conf/moa-id/moa-id.properties @@ -247,4 +247,16 @@ service.egovutil.szr.ssl.truststore.file= service.egovutil.szr.ssl.truststore.password= service.egovutil.szr.ssl.truststore.type= service.egovutil.szr.ssl.trustall=false -service.egovutil.szr.ssl.laxhostnameverification=false
\ No newline at end of file +service.egovutil.szr.ssl.laxhostnameverification=false + + +################ Encrypted foreign bPK generation #################################### +## This demo-extension enables encrypted bPK generation on MOA-ID-Auth side. +## If you like to use this feature, the public key for encryption has to be added +## as X509 certificate in Base64 encoded from. The selection will be done on sector +## identifier, like 'wbpk+FN+195755b' for a private company (similar to ENC_BPK_LIST in +## PVP Attribute Profie 2.1.2) +## Additonal encryption keys can be added by add a ney configuration line, like +## configuration.foreignsectors.pubkey.BMI+T1=MIICuTCCAaG (VKZ='BMI', Public Target='T1') +######## +#configuration.foreignsectors.pubkey.wbpk+FN+195755b=MIIF2TCCA8GgAw...
\ No newline at end of file diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html index 864337862..90227cf9b 100644 --- a/id/server/doc/handbook/config/config.html +++ b/id/server/doc/handbook/config/config.html @@ -119,6 +119,7 @@ <li><a href="#konfigurationsparameter_oa_general_business">Privatwirtschaftlicher Bereich</a></li> </ol> </li> + <li><a href="#konfigurationsparameter_oa_eID_demo">Demo-Modus für 'Austrian eID'</a></li> <li><a href="#konfigurationsparameter_oa_bku">BKU Konfiguration</a></li> <li><a href="#konfigurationsparameter_oa_sl20">Security Layer für mobile Authententifizierung</a></li> <li><a href="#konfigurationsparameter_oa_testcredentials">Test Credentials</a></li> @@ -412,6 +413,12 @@ UNIX: moa.id.configuration=file:C:/Programme/apache/tomcat-8.x.x/conf/moa-id/moa <p><strong>Hinweis:</strong> Dieses Passwort muss identisch zu dem im Modul <a href="#moa_id_config_parameters_generel">MOA-ID-Configuration</a> hinterlegten Passwort sein.</p></td> </tr> <tr> + <td>configuration.ssl.useStandardJavaTrustStore</td> + <td>true / false</td> + <td><p>Deaktiviert die MOA-ID spezifische SSL TrustStore Implementierung. Wird dieser Parameter auf <em>true</em> gesetzt, verwendet MOA-ID den TrustStore der Java VM.</p> + <p><strong>Defaultwert:</strong> false</p></td> + </tr> + <tr> <td>configuration.ssl.validation.revocation.method.order</td> <td>ocsp,crl</td> <td><p>Definiert die Reihenfolge des Zertifikatsrevokierungschecks bei SSL Verbindungen. Die Defaultreihenfolge ist OCSP, CRL.</p> @@ -829,7 +836,8 @@ https://<host>:<port>/moa-id-auth/MonitoringServlet</pre> <tr> <td>modules.sl20.security.keystore.path</td> <td>keys/sl20.jks</td> - <td>Dateiname des Java Keystore welcher die Schlüssel zum Signieren und Verschlüsseln von Security-Layer 2.0 Nachrichten beinhaltet. Des weiteren dient dieser KeyStore als TrustStore zur Validierung von signierten Security-Layer 2.0 Nachrichten. Somit müssen Signaturzertifikate von SL2.0 Teilnehmern in diesem TrustStore hinterlegt sein.</td> + <td>Dateiname des Java Keystore/TrustStore welcher die Schlüssel zum Signieren und Verschlüsseln von Security-Layer 2.0 Nachrichten beinhaltet. <br> + Des weiteren dient dieser KeyStore als TrustStore zur Validierung von signierten Security-Layer 2.0 Nachrichten. Somit müssen Signaturzertifikate von SL2.0 Teilnehmern (z.B. Hand-Signatur der A-Trust) in diesem TrustStore hinterlegt sein.</td> </tr> <tr> <td>modules.sl20.security.keystore.password</td> @@ -1552,7 +1560,62 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der </tr> </table> -<h4><a name="konfigurationsparameter_oa_bku" id="uebersicht_zentraledatei_aktualisierung20"></a>3.2.2 BKU Konfiguration</h4> +<p> </p> +<h4><a name="konfigurationsparameter_oa_eID_demo" id="uebersicht_zentraledatei_aktualisierung32"></a>3.2.2 Demo-Modus für 'Austrian eID'</h4> +<p>Dieser Abschnitt behandelt den Demo-Modus für die kommende 'Austrian eID' welcher mit der MOA-ID Version 3.4.2 eingeführt wurde. Ist der Demo-Modus aktiviert ändert sich das mögliche Attribut-Set welches Online Applikation zur Verfügung gestellt wird. Als Attributbezeichner in der nachfolgenden Liste werden die Attributebezeichnungen aus dem PVP Attribute-Profil verwendet. Ein Mapping auf OpenID-Connect Scopes oder SAML1 Attribute finden Sie in Kapitel <a href="../protocol/protocol.html#allgemeines_attribute">Protokolle</a>. Als weitere Anpassung wird mit hoher Wahrscheinlichkeit die iFrame Integration der Handy-Signatur nicht mehr zur Verfügung stehen und es erfolgt eine vollformat Weiterleitung an den 'Austrian eID'. Diese Anpassung ist in der MOA-ID Version 3.4.2 noch nicht berücksichtig.</p> +<p>Folgende Attribute stehen nicht mehr zur Verfügung:</p> +<ul> + <li>EID-SOURCE-PIN (urn:oid:1.2.40.0.10.2.1.1.261.36)</li> + <li>EID-SOURCE-PIN-TYPE (1.2.40.0.10.2.1.1.261.104)</li> + <li>EID-IDENTITY-LINK (urn:oid:1.2.40.0.10.2.1.1.261.38)</li> + <li>EID-AUTH-BLOCK (urn:oid:1.2.40.0.10.2.1.1.261.62)</li> + <li>MANDATOR-NATURAL-PERSON-SOURCE-PIN (urn:oid:1.2.40.0.10.2.1.1.261.70)</li> + <li>MANDATOR-NATURAL-PERSON-SOURCE-PIN-TYPE (urn:oid:1.2.40.0.10.2.1.1.261.102)</li> + <li>MANDATE-FULL-MANDATE (urn:oid:1.2.40.0.10.2.1.1.261.92)</li> +</ul> +<p>Folgende neuen Attribute stehen zur Verfügung:</p> +<ul> + <li>ENC-BPK-LIST (urn:oid:1.2.40.0.10.2.1.1.261.22)</li> + <li>BPK-LIST (urn:oid:1.2.40.0.10.2.1.1.261.28) <em>(Dieses Attribute ist im aktuellen PVP Attribut-Profil 2.1.3 noch nicht enthalten. Eine Aufnahme ist jedoch in Vorbereitung)</em></li> + <li>MANDATOR-NATURAL-PERSON-ENC-BPK-LIST (urn:oid:1.2.40.0.10.2.1.1.261.72)</li> + <li>MANDATOR-NATURAL-PERSON-BPK-LIST (urn:oid:1.2.40.0.10.2.1.1.261.73) <em>(Dieses Attribute ist im aktuellen PVP Attribut-Profil 2.1.3 noch nicht enthalten. Eine Aufnahme ist jedoch in Vorbereitung)</em></li> +</ul> +<p> </p> +<table class="configtable"> + <tr> + <th width="15%">Name</th> + <th width="15%">Beispielwerte</th> + <th width="8%">Admin</th> + <th width="12%">Optional</th> + <th width="50%">Beschreibung</th> + </tr> + <tr> + <td><span id="wwlbl_loadOA_targetConfig_eidDemoActive">Demo-Modus aktivieren</span></td> + <td><p> </p></td> + <td align="center"> </td> + <td align="center">X</td> + <td>Aktiviert den Demo-Modus für die 'Austrian eID' für diese Online Applikation. </td> + </tr> + <tr> + <td><span id="wwlbl_loadOA_targetConfig_foreignbPKTargets">Sektoren für Fremd-bPKs</span></td> + <td>wbpk+FN+468924i,BMI+T1</td> + <td align="center"> </td> + <td align="center">X</td> + <td><p>Eine CSV Liste von Bereichen für welche die Online Applikation verschlüsselte Fremd-bPKs benötigt. </p> + <p><strong>Hinweis:</strong> Da es sich hierbei nur um eine Demo handelt muss <a href="#basisconfig_moa_id_auth_others">das Schlüsselmaterial für die Verschlüsselung in MOA-ID hinterlegt werden</a>.</p></td> + </tr> + <tr> + <td><span id="wwlbl_loadOA_targetConfig_additionalbPKTargets">Sektoren für weitere bPKs</span></td> + <td><p>urn:publicid:gv.at:cdid+T1,</p> + <p>urn:publicid:gv.at:wbpk+FN+468924i</p></td> + <td align="center"> </td> + <td align="center">X</td> + <td><p>Eine CSV Liste von Bereichen für welche die Online Applikation bPKs aus anderen Bereichen benötogt.</p> + <p><strong>Hinweis:</strong> Die Angabe der Bereiche erfolgt mit dem vollständigen Bereichsidentifier inkl. Prefix.</p></td> + </tr> +</table> +<p> </p> +<h4><a name="konfigurationsparameter_oa_bku" id="uebersicht_zentraledatei_aktualisierung20"></a>3.2.3 BKU Konfiguration</h4> <p>Dieser Abschnitt behandelt online-applikationsspezifische Einstellungen zum Anmeldeprozess. Diese Einstellungen stehen jedoch nur einer Benutzerin oder einem Benutzer mit der Role <em>admin</em> zur Verfügung.</p> <table class="configtable"> <tr> @@ -1600,7 +1663,7 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der <td>Über diese Funktion können drei zusätzliche SecurtityLayer-Request Templates für diese Online-Applikation definiert werden. Diese hier definierten Templates dienen als zusätzliche WhiteList für Templates welche im „StartAuthentication“ Request mit dem Parameter „template“ übergeben werden. Sollte im „StartAuthentication“ Request der Parameter „template“ fehlen, es wurde jedoch eine „bkuURL“ übergeben, dann wird für den Authentifizierungsvorgang das erste Template in dieser Liste verwendet. Detailinformationen zum <a href="./../protocol/protocol.html#allgemeines_legacy">Legacy Request</a> finden Sie im Kapitel Protokolle.</td> </tr> </table> -<h4><a name="konfigurationsparameter_oa_sl20" id="uebersicht_zentraledatei_aktualisierung31"></a> 3.2.3 Security Layer für mobile Authententifizierung</h4> +<h4><a name="konfigurationsparameter_oa_sl20" id="uebersicht_zentraledatei_aktualisierung31"></a> 3.2.4 Security Layer für mobile Authententifizierung</h4> <p>Mit diesem Abschnitt kann der neue Security Layer für mobile Authentifzierung für diese Online Applikation aktiviert werden.<br> Wird diese Schnittstelle aktiviert ist die Security-Layer 1.x Schnittstelle zur Bürgerkartenkommunikation deaktiviert und steht nicht mehr zur Verfügung.</p> <table class="configtable"> @@ -1630,7 +1693,7 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der </tr> </table> <p> </p> -<h4><a name="konfigurationsparameter_oa_testcredentials" id="uebersicht_zentraledatei_aktualisierung10"></a> 3.2.4 Test Identitäten</h4> +<h4><a name="konfigurationsparameter_oa_testcredentials" id="uebersicht_zentraledatei_aktualisierung10"></a> 3.2.5 Test Identitäten</h4> <p>In diesem Abschnitt können für diese Online-Applikation Testidentitäten erlaubt werden. Diese Testidentitäten können auch bei produktiven Instanzen freigeschalten werden, da die Unterschiedung zwischen Produkt- und Testidentität anhand einer speziellen OID im Signaturzertifikat der Testidentität getroffen wird. Folgende Konfigurationsparameter stehen hierfür zur Verfügung.</p> <table class="configtable"> <tr> @@ -1672,7 +1735,7 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der </table> <p> </p> <p><strong>Hinweis:</strong> Diese Funktionalität steht jedoch nur Testidentitäten welchen bereits mit einer Test OID im Signaturzertifikat ausgestattet sind zur Verfügung.</p> -<h4><a name="konfigurationsparameter_oa_mandates" id="uebersicht_zentraledatei_aktualisierung21"></a>3.2.5 Vollmachten</h4> +<h4><a name="konfigurationsparameter_oa_mandates" id="uebersicht_zentraledatei_aktualisierung21"></a>3.2.6 Vollmachten</h4> <p>Dieser Abschnitt behandelt online-applikationsspezifische Einstellungen zur Anmeldung mittels Online-Vollmachen.</p> <table class="configtable"> <tr> @@ -1722,7 +1785,7 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der </table> <p> </p> <p><strong>Hinweis:</strong> Werden für die Online-Applikation eigene Templates für die Bürgerkartenauswahl oder die zusätzliche Anmeldeabfrage im SSO Fall (siehe <a href="#konfigurationsparameter_oa_bku">Abschnitt 3.2.2</a>) verwendet, stehen alle Konfigurationsparameter die Einfluss auf die BKU-Auswahl haben nicht zur Verfügung. Die Funktionalität der entsprechenden Parameter hat jedoch weiterhin Einfluss auf den Anmeldevorgang.</p> -<h4><a name="konfigurationsparameter_oa_szr-gw-service" id="uebersicht_zentraledatei_aktualisierung12"></a>3.2.6 Zentraler nationaler eIDAS Connector</h4> +<h4><a name="konfigurationsparameter_oa_szr-gw-service" id="uebersicht_zentraledatei_aktualisierung12"></a>3.2.7 Zentraler nationaler eIDAS Connector</h4> <p>Dieser Abschnitt behandelt online-applikationsspezifische Einstellungen zum Anknüpfung an den zentralen nationalen eIDAS Connector</p> <table class="configtable"> <tr> @@ -1742,7 +1805,7 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der </tr> </table> <p> </p> -<h4><a name="konfigurationsparameter_oa_sso" id="uebersicht_zentraledatei_aktualisierung22"></a>3.2.7 Single Sign-On (SSO)</h4> +<h4><a name="konfigurationsparameter_oa_sso" id="uebersicht_zentraledatei_aktualisierung22"></a>3.2.8 Single Sign-On (SSO)</h4> <p>Dieser Abschnitt behandelt online-applikationsspezifische Einstellungen zu Single Sign-On</p> <table class="configtable"> <tr> @@ -1769,7 +1832,7 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der <p><strong>Hinweis:</strong> Diese Abfrage ist standardmäßig aktiviert und kann nur durch einen Benutzer mit der Role <em>admin</em> deaktiviert werden.</p></td> </tr> </table> -<h4><a name="konfigurationsparameter_oa_stork" id="uebersicht_zentraledatei_aktualisierung23"></a>3.2.8 Authentifizierung mittels eIDAS</h4> +<h4><a name="konfigurationsparameter_oa_stork" id="uebersicht_zentraledatei_aktualisierung23"></a>3.2.9 Authentifizierung mittels eIDAS</h4> <p>Dieser Abschnitt behandelt Online-Applikationsspezifische Einstellungen zur Authentifizierung mittels eIDAS.</p> <table class="configtable"> <tr> @@ -1793,10 +1856,10 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der </table> <p> </p> <p><strong>Hinweis:</strong> Werden für die Online-Applikation eigene Templates für die Bürgerkartenauswahl oder die zusätzliche Anmeldeabfrage im SSO Fall (siehe <a href="#konfigurationsparameter_oa_bku">Abschnitt 3.2.2</a>) verwendet, stehen alle Konfigurationsparameter die Einfluss auf die BKU-Auswahl haben nicht zur Verfügung.</p> -<h4><a name="konfigurationsparameter_oa_protocol" id="uebersicht_zentraledatei_aktualisierung24"></a>3.2.9 Authentifizierungsprotokolle</h4> +<h4><a name="konfigurationsparameter_oa_protocol" id="uebersicht_zentraledatei_aktualisierung24"></a>3.2.10 Authentifizierungsprotokolle</h4> <p>Dieser Abschnitt behandelt online-applikationsspezifische Einstellungen zu den von der Online-Applikation unterstützen Authentifizierungsprotokollen. Eine Verwendung aller zur Verfügung stehender Authentifizierungsprotokolle durch die Online-Applikation ist ebenfalls möglich. Hierfür müssen nur alle benötigten Protokolle konfiguriert werden. Nähere Informationen zu den unterstützten Protokollen finden sie im Kapitel <a href="./../protocol/protocol.html">Protokolle</a>.</p> <p>Aus Gründen der Übersichtlichkeit kann der Konfigurationsbereich für jeden Protokoll, in der Web-Oberfläche des Konfigurationstools, ein- oder ausgeblendet werden.</p> -<h5><a name="konfigurationsparameter_oa_protocol_saml1" id="uebersicht_zentraledatei_aktualisierung25"></a>3.2.9.1 SAML1</h5> +<h5><a name="konfigurationsparameter_oa_protocol_saml1" id="uebersicht_zentraledatei_aktualisierung25"></a>3.2.10.1 SAML1</h5> <p>Für das Protokoll SAML1 stehen folgende Konfigurationsparameter zur Verfügung.</p> <table class="configtable"> <tr> @@ -1851,7 +1914,7 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der </table> <p> </p> <p><strong>Hinweis: </strong>Das Modul MOA-ID-Auth in der Version 2.0 unterstützt SAML1 nur mehr zur Abwärtskompatibilität mit bereits bestehenden Online-Applikationen. Wir empfehlen den Umstieg auf ein anderes, von MOA-ID-Auth unterstütztes, Authentifizierungsprotokoll. Aus diesem Grund steht die Konfiguration des SAML1 Protokolls nur mehr einer Benutzerin oder einem Benutzer mit der Role <em>admin</em> zur Verfügung.</p> -<h5><a name="konfigurationsparameter_oa_protocol_pvp21" id="uebersicht_zentraledatei_aktualisierung26"></a>3.2.9.2 PVP 2.1</h5> +<h5><a name="konfigurationsparameter_oa_protocol_pvp21" id="uebersicht_zentraledatei_aktualisierung26"></a>3.2.10.2 PVP 2.1</h5> <p>In diesem Bereich erfolgt die applikationsspezifische Konfiguration für das Authentifizierungsprotokoll PVP 2.1.</p> <table class="configtable"> <tr> @@ -1892,7 +1955,7 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der <td>Pfad zum online-applikationsspezifischen Template für SAML2 (PVP2 S-Profil) http POST-Binding. Relative Pfadangaben werden dabei relativ zum Verzeichnis, in dem sich die MOA-ID-Auth Basiskonfigurationsdatei befindet, interpretiert. Das Template kann ausschließlich aus dem Dateisystem geladen werden.</td> </tr> </table> -<h5><a name="konfigurationsparameter_oa_protocol_openIDConnect" id="uebersicht_zentraledatei_aktualisierung27"></a>3.2.9.3 OpenID Connect</h5> +<h5><a name="konfigurationsparameter_oa_protocol_openIDConnect" id="uebersicht_zentraledatei_aktualisierung27"></a>3.2.10.3 OpenID Connect</h5> <p>In diesem Bereich erfolgt die applikationsspezifische Konfiguration für OpenID Connect (OAuth 2.0). </p> <table class="configtable"> <tr> @@ -1924,7 +1987,7 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der <td>OpenID Connect Redirect URL. Nach erfolgreicher Authentifizierung wird die Benutzerin oder der Benutzer an diese URL zurückgeleitet.</td> </tr> </table> -<h5><a name="konfigurationsparameter_oa_additional" id="uebersicht_zentraledatei_aktualisierung28"></a>3.2.10 Zusätzliche allgemeine Einstellungen</h5> +<h5><a name="konfigurationsparameter_oa_additional" id="uebersicht_zentraledatei_aktualisierung28"></a>3.2.11 Zusätzliche allgemeine Einstellungen</h5> <p>In Abschnitt ermöglicht eine erweiterte online-applikationsspezifische Individualisierung des AuthBlocks und der Bürgerkartenauswahl. Die Individualisierung des AuthBlocks steht jedoch dann zur Verfügung wenn die dem Module MOA-ID-Auth beigelegte Security-Layer Transformation verwendet wird oder wenn die individuelle Security-Layer Transformation den Formvorschriften der Spezifikation entspricht.</p> @@ -1982,7 +2045,7 @@ wenn die individuelle Security-Layer Transformation den Formvorschriften der Sp </table> <h5> </h5> <h5> </h5> -<h5><a name="konfigurationsparameter_oa_additional_formular" id="uebersicht_zentraledatei_aktualisierung29"></a>3.2.10.1 Login-Fenster Konfiguration</h5> +<h5><a name="konfigurationsparameter_oa_additional_formular" id="uebersicht_zentraledatei_aktualisierung29"></a>3.2.11.1 Login-Fenster Konfiguration</h5> <p>Diese Konfigurationsparameter bieten zusätzliche Einstellungen für eine Anpassung der Bürgerkartenauswahl welche von MOA-ID-Auth generiert wird. Zur besseren Handhabung werden die angegebenen Parameter direkt in einer Vorschau dargestellt. Alle in diesem Abschnitt angegebenen Parameter sind Optional und werden bei Bedarf durch Standardwerte ergänzt. @@ -2071,7 +2134,7 @@ Alle in diesem Abschnitt angegebenen Parameter sind Optional und werden bei Beda <p> </p> <p><strong>Hinweis:</strong> Bei Verwendung einer online-applikationsspezifischen Bürgerkartenauswahl stehen alle Parameter die die Bürgerkartenauswahl betreffen nicht zur Verfügung.</p> <p><strong>Hinweis:</strong> Bei Verwendung eines online-applikationsspezifischen Security-Layer-Request Templates stehen alle Parameter die das SL-Template betreffen nicht zur Verfügung.</p> -<h5><a name="service_revisionslogging" id="uebersicht_zentraledatei_aktualisierung11"></a>3.2.11 Revisionslogging</h5> +<h5><a name="service_revisionslogging" id="uebersicht_zentraledatei_aktualisierung11"></a>3.2.12 Revisionslogging</h5> <p>Ab MOA-ID 3.x steht ein erweitertes speziell für Revisionsaufgaben abgestimmtest Logging zur Verfügung. Über dieses Feld können die zu loggenden Events spezifisch nach Online Applikationen als CSV codierte Eventcodes konfiguriert werden. Hierfür muss die online-applikationsspezifische Konfiguration des Loggings mittels Checkbox aktiviert und zumindesdt ein Eventcode definiert werden. Werden keine Eventcodes konfiguriert oder wird das OA spezifische Verhalten nicht aktiviertwird eine in MOA-ID hinterlegte Defaultkonfiguration verwendet. Eine Liste aller möglichen Eventcodes finden Sie <a href="../additional/additional.html#revisionslog">hier</a>.</p> <h3><a name="import_export" id="uebersicht_zentraledatei_aktualisierung4"></a>3.3 Import / Export</h3> <p>Üer diese Funktionalität besteht die Möglichkeit eine bestehende MOA-ID 2.x.x diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html index 5e38dddf5..2b3dbff98 100644 --- a/id/server/doc/handbook/protocol/protocol.html +++ b/id/server/doc/handbook/protocol/protocol.html @@ -218,7 +218,7 @@ Redirect Binding</td> <td height="23">urn:oid:1.2.40.0.10.2.1.1.261.32</td> <td>EID-ISSUING-NATION</td> <td align="center">eID</td> - <td> </td> + <td><saml:Attribute AttributeName="EID-ISSUING-NATION" AttributeNamespace="http://reference.e-government.gv.at/namespace/persondata/20020228#"></td> <td>Landescode gem. ISO-3166 ALPHA-2</td> </tr> <tr> @@ -245,6 +245,13 @@ Redirect Binding</td> <td>Base64 kodiertes Zertifikat, dass für die Anmeldung verwendet wurde.</td> </tr> <tr> + <td height="23">urn:oid:1.2.40.0.10.2.1.1.261.22</td> + <td>ENC-BPK-LIST</td> + <td align="center">eID</td> + <td><saml:Attribute AttributeName="ENC-BPK-LIST" AttributeNamespace="http://reference.e-government.gv.at/namespace/persondata/20020228#"></td> + <td>Liste von verschlüsselten bPKs für andere Bereiche als der Lebensbereich der Online Applikation</td> + </tr> + <tr> <td height="23">urn:oid:1.2.40.0.10.2.1.1.261.36</td> <td>EID-SOURCE-PIN</td> <td align="center">eID_gov</td> @@ -271,6 +278,13 @@ Redirect Binding</td> <p><strong>Hinweis:</strong> Im Falle einer privatwirtschaftlichen Applikation ist die Stammzahl durch die wbPK ersetzt.</p></td> </tr> <tr> + <td height="23">urn:oid:1.2.40.0.10.2.1.1.261.28</td> + <td>BPK-LIST</td> + <td align="center">eID_gov</td> + <td><saml:Attribute AttributeName="BPK-LIST" AttributeNamespace="http://reference.e-government.gv.at/namespace/persondata/20020228#"></td> + <td>Liste von bPKs für andere Bereiche als der Lebensbereich der Online Applikation</td> + </tr> + <tr> <td height="23">urn:oid:1.2.40.0.10.2.1.1.261.106</td> <td>MANDATE-TYPE-OID</td> <td align="center">mandate</td> @@ -320,6 +334,20 @@ Redirect Binding</td> <td>Bereichsspezifisches Personenkennzeichen des Vollmachtgebers</td> </tr> <tr> + <td height="23">urn:oid:1.2.40.0.10.2.1.1.261.72</td> + <td>MANDATOR-NATURAL-PERSON-ENC-BPK-LIST</td> + <td align="center">mandate</td> + <td><saml:Attribute AttributeName="MANDATOR-NATURAL-PERSON-ENC-BPK-LIST" AttributeNamespace="http://reference.e-government.gv.at/namespace/persondata/20020228#"></td> + <td>Liste von verschlüsselten bPKs des Mandators für andere Bereiche als der Lebensbereich der Online Applikation</td> + </tr> + <tr> + <td height="23">urn:oid:1.2.40.0.10.2.1.1.261.73</td> + <td>MANDATOR-NATURAL-PERSON-BPK-LIST</td> + <td align="center">mandate</td> + <td><saml:Attribute AttributeName="MANDATOR-NATURAL-PERSON-BPK-LIST" AttributeNamespace="http://reference.e-government.gv.at/namespace/persondata/20020228#"></td> + <td>Liste von bPKs des Mandators für andere Bereiche als der Lebensbereich der Online Applikation</td> + </tr> + <tr> <td height="23">urn:oid:1.2.40.0.10.2.1.1.261.78</td> <td>MANDATOR-NATURAL-PERSON-GIVEN-NAME</td> <td align="center">mandate</td> diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index fb977c071..e284aff27 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -45,7 +45,6 @@ <groupId>javax.annotation</groupId>
<artifactId>javax.annotation-api</artifactId>
<version>1.2</version>
- <scope>test</scope>
</dependency>
<dependency>
@@ -55,10 +54,9 @@ <scope>test</scope>
</dependency>
- <dependency>
+ <dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
- <version>19.0</version>
</dependency>
<dependency>
@@ -489,13 +487,13 @@ <dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-redis</artifactId>
- <version>1.7.4.RELEASE</version>
+ <version>${org.springframework.data.spring-data-redis}</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-pool2</artifactId>
- <version>2.4.2</version>
+ <version>2.6.0</version>
</dependency>
<dependency>
<groupId>redis.clients</groupId>
@@ -503,7 +501,7 @@ <version>2.9.0</version>
</dependency>
- <dependency>
+<!-- <dependency>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-core-asl</artifactId>
<version>1.9.13</version>
@@ -512,7 +510,13 @@ <groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-mapper-asl</artifactId>
<version>1.9.13</version>
- </dependency>
+ </dependency> -->
+
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ <version>2.9.7</version>
+ </dependency>
</dependencies>
<build>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index 66093b851..a35b45af2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -63,10 +63,8 @@ public class MOAIDAuthInitializer { */ public static void initialize(GenericWebApplicationContext rootContext) throws ConfigurationException, PKIException, IOException, GeneralSecurityException { - Logger.setHierarchy("moa.id.auth"); - Logger.info("Default java file.encoding: " - + System.getProperty("file.encoding")); - + Logger.info("Set SystemProperty for UTF-8 file.encoding as default"); + System.setProperty("file.encoding", "UTF-8"); //JDK bug workaround according to: // http://jce.iaik.tugraz.at/products/03_cms/faq/index.php#JarVerifier @@ -149,11 +147,7 @@ public class MOAIDAuthInitializer { throw new ConfigurationException("config.10", new Object[] { e .toString() }, e); } - - - //IAIK.addAsProvider(); - //ECCProvider.addAsProvider(); - + Security.insertProviderAt(IAIK.getInstance(), 0); ECCelerate eccProvider = ECCelerate.getInstance(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 3e6308bf6..acf59cebf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -36,6 +36,7 @@ import java.util.Map.Entry; import javax.annotation.PostConstruct; +import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.w3c.dom.DOMException; @@ -75,11 +76,15 @@ import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.data.MOAAuthenticationData; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; @@ -212,6 +217,18 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder try { //generate basic authentication data generateBasicAuthData(authData, protocolRequest, session); + + //set Austrian eID demo-mode flag + authData.setIseIDNewDemoMode(Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, + String.valueOf(false)))); + + if (authData.isIseIDNewDemoMode()) { + Logger.info("Demo-mode for 'New Austrian eID' is active. Set 'BaseIDTransferRestrication' to true"); + authData.setBaseIDTransferRestrication(true); + + } // #### generate MOA-ID specific authentication data ###### @@ -519,7 +536,27 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } //build foreign bPKs - generateForeignbPK(authData, oaParam.foreignbPKSectorsRequested()); + generateForeignbPK(oaParam, authData); + + + if (Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, + String.valueOf(false)))) { + Logger.info("Demo-Mode for Austrian eID is active. Post-Processing authData according the new requirements ... "); + + //build additional bPKs + Logger.debug("Search for additional bPKs"); + generateAdditonalbPK(authData, oaParam.additionalbPKSectorsRequested()); + + Logger.debug("Clearing identitylink ... "); + authData.setIdentityLink(null); + + Logger.debug("Clearing authBlock ... "); + authData.setAuthBlock(null); + + Logger.info("Post-Processing for Austrian eID finished"); + } //#################################################################### //copy all generic authentication information, which are not processed before to authData @@ -773,9 +810,41 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } - private void generateForeignbPK(MOAAuthenticationData authData, List<String> foreignSectors) { + private void generateForeignbPK(IOAAuthParameters oaParam, MOAAuthenticationData authData) { + List<String> foreignSectors = oaParam.foreignbPKSectorsRequested(); + if (foreignSectors != null && !foreignSectors.isEmpty()) { - Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); + Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); + + + String mandatorBaseId = null; + String mandatorBaseIdType = null; + boolean isMandatorBaseIdAvailable = false; + if (authData.isUseMandate()) { + try { + Logger.trace("Mandates are used. Extracting mandators sourceID from mandate to calculate foreign encrypted bPKs... "); + + //TODO: remove this workaround in a further version!!! + boolean flagBak = authData.isBaseIDTransferRestrication(); + authData.setBaseIDTransferRestrication(false); + mandatorBaseId = new MandateNaturalPersonSourcePinAttributeBuilder().build( + oaParam, authData, new SimpleStringAttributeGenerator()); + mandatorBaseIdType = new MandateNaturalPersonSourcePinTypeAttributeBuilder().build( + oaParam, authData, new SimpleStringAttributeGenerator()); + authData.setBaseIDTransferRestrication(flagBak); + + isMandatorBaseIdAvailable = StringUtils.isNotEmpty(mandatorBaseId) && StringUtils.isNotEmpty(mandatorBaseIdType); + if (!isMandatorBaseIdAvailable) + Logger.debug("Can NOT extract mandators sourceId for natural persons from mandate."); + + } catch (Exception e) { + Logger.debug("Can NOT extract mandators sourceId for natural persons from mandate. Reason: " + e.getMessage()); + if (Logger.isTraceEnabled()) + Logger.warn("Detail: ", e); + + } + } + for (String foreignSector : foreignSectors) { Logger.trace("Process sector: " + foreignSector + " ... "); if (encKeyMap.containsKey(foreignSector)) { @@ -805,9 +874,23 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder authData.getIdentificationType(), sector); String foreignbPK = BPKBuilder.encryptBPK(bpk.getFirst(), bpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey()); - authData.getEncbPKList().add("(" + foreignSector + "|" + foreignbPK + ")"); + + authData.getEncbPKList().add(Pair.newInstance(foreignbPK, foreignSector)); Logger.debug("Foreign bPK for sector: " + foreignSector + " created."); + + //calculate foreign bPKs for natural-person mandates + if (isMandatorBaseIdAvailable) { + Pair<String, String> mandatorbpk = new BPKBuilder().generateAreaSpecificPersonIdentifier( + mandatorBaseId, + mandatorBaseIdType, + sector); + String foreignMandatorbPK = BPKBuilder.encryptBPK(mandatorbpk.getFirst(), mandatorbpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey()); + + authData.getEncMandateNaturalPersonbPKList().add(Pair.newInstance(foreignMandatorbPK, foreignSector)); + Logger.debug("Foreign mandator bPK for sector: " + foreignSector + " created."); + + } } } catch (Exception e) { @@ -827,4 +910,20 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } + private void generateAdditonalbPK(MOAAuthenticationData authData, List<String> additionalbPKSectorsRequested) throws EAAFBuilderException { + if (additionalbPKSectorsRequested != null && !additionalbPKSectorsRequested.isEmpty()) { + Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); + for (String sector : additionalbPKSectorsRequested) { + Logger.trace("Process sector: " + sector + " ... "); + Pair<String, String> bpk = new BPKBuilder().generateAreaSpecificPersonIdentifier( + authData.getIdentificationValue(), + authData.getIdentificationType(), + sector); + + Logger.trace("Calculate additional bPK for sector: " + bpk.getSecond() + " with value: " + bpk.getFirst() ); + authData.addAdditionalbPKPair(bpk); + + } + } + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenericFrontChannelRedirectTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenericFrontChannelRedirectTask.java new file mode 100644 index 000000000..e19d40773 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenericFrontChannelRedirectTask.java @@ -0,0 +1,66 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.internal.tasks; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Component("GenericFrontChannelRedirectTask") +public class GenericFrontChannelRedirectTask extends AbstractAuthServletTask { + + @Autowired IGUIFormBuilder guiBuilder; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + //perform redirect to itself to get out from BKU communication + Logger.trace("Perform generic 'http Redirect' to MOA-ID ... "); + performRedirectToItself(pendingReq, response, GeneralProcessEngineSignalController.ENDPOINT_GENERIC); + + } catch (Exception e) { + Logger.info("Generic redirect to MOA-ID: General Exception. Msg:" + e.getMessage()); + throw new TaskExecutionException(pendingReq, "MOA-ID-Auth: General Exception.", e); + + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index 0285dd75b..14a2b583b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -105,6 +105,7 @@ public class LogOutServlet { } catch (Exception e) { resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed."); + Logger.warn("Requested URL is not in PublicPrefix Configuration"); return; } finally { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index e5a8bb739..478462adb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -86,7 +86,8 @@ public class RedirectServlet { List<String> allowedPublicUrlPrefixes = authConfig.getPublicURLPrefix(); if ((oa == null && !checkRedirectToItself(url, allowedPublicUrlPrefixes)) - || !authConfig.getPublicURLPrefix().contains(authURL)) { + || !authConfig.getPublicURLPrefix().contains(authURL)) { + Logger.warn("Requested URL " + authURL + " is not in PublicPrefix Configuration"); resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid"); return; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java index 5aa3a691f..791aa51b7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java @@ -38,6 +38,7 @@ import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moaspss.logging.Logger; /** * @author tlenz @@ -58,6 +59,8 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor { String uniqueSessionIdentifier = null; + Logger.trace("PreProcess req. in " + UniqueSessionIdentifierInterceptor.class.getName()); + //if SSOManager is available, search SessionIdentifier in SSO session if (ssomanager != null) { String ssoId = ssomanager.getSSOSessionID(request); @@ -78,8 +81,10 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor { } //if NO SSOSession and no PendingRequest create new SessionIdentifier - if (StringUtils.isEmpty(uniqueSessionIdentifier)) + if (StringUtils.isEmpty(uniqueSessionIdentifier)) { uniqueSessionIdentifier = Random.nextHexRandom16(); + Logger.debug("Set new UniqueSessionIdentifier: " + uniqueSessionIdentifier); + } TransactionIDUtils.setSessionId(uniqueSessionIdentifier); request.setAttribute(EAAFConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java deleted file mode 100644 index c25751aa4..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ /dev/null @@ -1,1221 +0,0 @@ -///******************************************************************************* -// * Copyright 2014 Federal Chancellery Austria -// * MOA-ID has been developed in a cooperation between BRZ, the Federal -// * Chancellery Austria - ICT staff unit, and Graz University of Technology. -// * -// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by -// * the European Commission - subsequent versions of the EUPL (the "Licence"); -// * You may not use this work except in compliance with the Licence. -// * You may obtain a copy of the Licence at: -// * http://www.osor.eu/eupl/ -// * -// * Unless required by applicable law or agreed to in writing, software -// * distributed under the Licence is distributed on an "AS IS" basis, -// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// * See the Licence for the specific language governing permissions and -// * limitations under the Licence. -// * -// * This product combines work with different licenses. See the "NOTICE" text -// * file for details on the various modules and licenses. -// * The "NOTICE" text file is part of the distribution. Any derivative works -// * that you distribute must include a readable copy of the "NOTICE" text file. -// ******************************************************************************/ -///* -// * Copyright 2003 Federal Chancellery Austria -// * MOA-ID has been developed in a cooperation between BRZ, the Federal -// * Chancellery Austria - ICT staff unit, and Graz University of Technology. -// * -// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by -// * the European Commission - subsequent versions of the EUPL (the "Licence"); -// * You may not use this work except in compliance with the Licence. -// * You may obtain a copy of the Licence at: -// * http://www.osor.eu/eupl/ -// * -// * Unless required by applicable law or agreed to in writing, software -// * distributed under the Licence is distributed on an "AS IS" basis, -// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// * See the Licence for the specific language governing permissions and -// * limitations under the Licence. -// * -// * This product combines work with different licenses. See the "NOTICE" text -// * file for details on the various modules and licenses. -// * The "NOTICE" text file is part of the distribution. Any derivative works -// * that you distribute must include a readable copy of the "NOTICE" text file. -// */ -// -// -//package at.gv.egovernment.moa.id.config.auth; -// -//import java.io.File; -//import java.io.FileInputStream; -//import java.io.FileNotFoundException; -//import java.io.IOException; -//import java.math.BigInteger; -//import java.net.MalformedURLException; -//import java.util.ArrayList; -//import java.util.Arrays; -//import java.util.Date; -//import java.util.HashMap; -//import java.util.List; -//import java.util.Map; -//import java.util.Properties; -// -//import javax.xml.bind.JAXBContext; -//import javax.xml.bind.Unmarshaller; -// -//import org.hibernate.cfg.Configuration; -// -//import at.gv.egovernment.moa.id.auth.AuthenticationServer; -//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -//import at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetMISSessionIDTask; -//import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -//import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; -// -//import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; -//import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils; -//import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; -//import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes; -//import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; -//import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; -//import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; -//import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; -//import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; -//import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; -//import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; -//import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; -//import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; -//import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; -//import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; -//import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; -//import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; -//import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; -//import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; -//import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; -//import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; -//import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor; -//import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; -//import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; -//import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; -//import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; -//import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore; -//import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; -//import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; -//import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; -//import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; -//import at.gv.egovernment.moa.id.config.ConfigurationException; -//import at.gv.egovernment.moa.id.config.ConfigurationProvider; -//import at.gv.egovernment.moa.id.config.ConfigurationProviderImpl; -//import at.gv.egovernment.moa.id.config.ConfigurationUtils; -//import at.gv.egovernment.moa.id.config.ConnectionParameter; -//import at.gv.egovernment.moa.id.config.ConnectionParameterForeign; -//import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP; -//import at.gv.egovernment.moa.id.config.ConnectionParameterMandate; -//import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed; -//import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig; -//import at.gv.egovernment.moa.id.config.stork.STORKConfig; -//import at.gv.egovernment.moa.id.data.IssuerAndSerial; -//import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStore; -//import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; -//import at.gv.egovernment.moa.logging.Logger; -//import at.gv.egovernment.moa.util.MiscUtil; -//import at.gv.util.config.EgovUtilPropertiesConfiguration; -// -//import com.fasterxml.jackson.annotation.JsonIgnore; -//import com.fasterxml.jackson.annotation.JsonProperty; -// -///** -// * A class providing access to the Auth Part of the MOA-ID configuration data. -// * -// * <p>Configuration data is read from an XML file, whose location is given by -// * the <code>moa.id.configuration</code> system property.</p> -// * <p>This class implements the Singleton pattern. The <code>reload()</code> -// * method can be used to update the configuration data. Therefore, it is not -// * guaranteed that consecutive calls to <code>getInstance()</code> will return -// * the same <code>AuthConfigurationProvider</code> all the time. During the -// * processing of a web service request, the current -// * <code>TransactionContext</code> should be used to obtain the -// * <code>AuthConfigurationProvider</code> local to that request.</p> -// * -// * @author Patrick Peck -// * @author Stefan Knirsch -// * -// * @version $Id$ -// * -// *@deprecated Use {@link AuthConfigProviderFactory} instead -// */ -//public class AuthConfigurationProvider extends ConfigurationProviderImpl implements AuthConfiguration { -// -//// /** DEFAULT_ENCODING is "UTF-8" */ -//// private static final String DEFAULT_ENCODING="UTF-8"; -// /** -// * The name of the generic configuration property giving the authentication session time out. -// */ -// public static final String AUTH_SESSION_TIMEOUT_PROPERTY = -// "AuthenticationSession.TimeOut"; -// /** -// * The name of the generic configuration property giving the authentication data time out. -// */ -// public static final String AUTH_DATA_TIMEOUT_PROPERTY = -// "AuthenticationData.TimeOut"; -// -// /** -// * BKUSelectionType HTMLComplete, according to schema type <code>BKUSelectionType</code> -// */ -// public static final String BKU_SELECTION_TYPE_HTMLCOMPLETE = -// "HTMLComplete"; -// -// /** -// * BKUSelectionType HTMLSelect, according to schema type <code>BKUSelectionType</code> -// */ -// public static final String BKU_SELECTION_TYPE_HTMLSELECT = -// "HTMLSelect"; -// -// /** -// * The name of the generic configuration property allowing https connection to -// * the user frontend servlets ("StartAuthentication" and "SelectBKU" servlets) -// */ -// public static final String FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY = -// "FrontendServlets.EnableHTTPConnection"; -// -// /** -// * The name of the generic configuration property allowing to set a individual -// * DATA URL used to communicate with the BKU (SecurityLayer) -// */ -// public static final String INDIVIDUAL_DATA_URL_PREFIX = -// "FrontendServlets.DataURLPrefix"; -// -// /** Singleton instance. <code>null</code>, if none has been created. */ -// private static AuthConfigurationProvider instance; -// -// // -// // configuration data -// // -// private static MOAIDConfiguration moaidconfig = null; -// -// private static Properties props = null; -// -// private static STORKConfig storkconfig = null; -// -// private static TimeOuts timeouts = null; -// -// private static PVP2 pvp2general = null; -// -// private static String alternativesourceid = null; -// -// private static List<String> legacyallowedprotocols = new ArrayList<String>(); -// private static ProtocolAllowed allowedProtcols = null; -// -// private static VerifyAuthBlock verifyidl = null; -// -// private static ConnectionParameter MoaSpConnectionParameter = null; -// private static ConnectionParameter ForeignIDConnectionParameter = null; -// private static ConnectionParameter OnlineMandatesConnectionParameter = null; -// -// private static String MoaSpIdentityLinkTrustProfileID = null; -// -// private static List<String> TransformsInfos = null; -// private static List<String> IdentityLinkX509SubjectNames = new ArrayList<String>(); -// -// private static Map<String, String> SLRequestTemplates = new HashMap<String, String>(); -// private static Map<String, String> DefaultBKUURLs = new HashMap<String, String>(); -// -// private static SSO ssoconfig = null; -// -// private EgovUtilPropertiesConfiguration eGovUtilsConfig = null; -// -// private static Date date = null; -// -// private String publicURLPreFix = null; -// -// /** -// * Return the single instance of configuration data. -// * -// * @return AuthConfigurationProvider The current configuration data. -// * @throws ConfigurationException -// */ -// public static synchronized AuthConfigurationProvider getInstance() -// throws ConfigurationException { -// -// if (instance == null) { -// reload(); -// } -// return instance; -// } -// -// public static Date getTimeStamp() { -// return date; -// } -// -// /** -// * Reload the configuration data and set it if successful. -// * -// * @return AuthConfigurationProvider The loaded configuration data. -// * @throws ConfigurationException Failure to load the configuration data. -// */ -// public static synchronized AuthConfigurationProvider reload() -// throws ConfigurationException { -// String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); -// if (fileName == null) { -// throw new ConfigurationException("config.01", null); -// } -// Logger.info("Loading MOA-ID-AUTH configuration " + fileName); -// -// instance = new AuthConfigurationProvider(fileName); -// return instance; -// } -// -// -// /** -// * Constructor for AuthConfigurationProvider. -// * @param fileName -// * @throws ConfigurationException -// */ -// public AuthConfigurationProvider(String fileName) -// throws ConfigurationException { -// -// load(fileName); -// } -// -// /** -// * Protected constructor. Used by unit tests. -// */ -// protected AuthConfigurationProvider() { -// } -// -// /** -// * Load the configuration data from XML file with the given name and build -// * the internal data structures representing the MOA ID configuration. -// * -// * @param fileName The name of the XML file to load. -// * @throws ConfigurationException The MOA configuration could not be -// * read/built. -// */ -// private void load(String fileName) throws ConfigurationException { -// -// try { -// //Initial Hibernate Framework -// Logger.trace("Initializing Hibernate framework."); -// -// //Load MOAID-2.0 properties file -// File propertiesFile = new File(fileName); -// FileInputStream fis = null; -// props = new Properties(); -// -// // determine the directory of the root config file -// rootConfigFileDir = new File(fileName).getParent(); -// -// try { -// rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); -// -// } catch (MalformedURLException t) { -// throw new ConfigurationException("config.03", null, t); -// } -// -// try { -// fis = new FileInputStream(propertiesFile); -// props.load(fis); -// -// // read MOAID Session Hibernate properties -// Properties moaSessionProp = new Properties(); -// for (Object key : props.keySet()) { -// String propPrefix = "moasession."; -// if (key.toString().startsWith(propPrefix+"hibernate")) { -// String propertyName = key.toString().substring(propPrefix.length()); -// moaSessionProp.put(propertyName, props.get(key.toString())); -// } -// } -// -// // read Config Hibernate properties -// Properties configProp = new Properties(); -// for (Object key : props.keySet()) { -// String propPrefix = "configuration."; -// if (key.toString().startsWith(propPrefix+"hibernate")) { -// String propertyName = key.toString().substring(propPrefix.length()); -// configProp.put(propertyName, props.get(key.toString())); -// } -// } -// -// // read advanced logging properties -// Properties statisticProps = new Properties(); -// for (Object key : props.keySet()) { -// String propPrefix = "advancedlogging."; -// if (key.toString().startsWith(propPrefix+"hibernate")) { -// String propertyName = key.toString().substring(propPrefix.length()); -// statisticProps.put(propertyName, props.get(key.toString())); -// } -// } -// -// // initialize hibernate -// synchronized (AuthConfigurationProvider.class) { -// -// //Initial config Database -// // ConfigurationDBUtils.initHibernate(configProp); -// -// //initial MOAID Session Database -// Configuration config = new Configuration(); -// config.addAnnotatedClass(AssertionStore.class); -// config.addAnnotatedClass(AuthenticatedSessionStore.class); -// config.addAnnotatedClass(OASessionStore.class); -// config.addAnnotatedClass(OldSSOSessionIDStore.class); -// config.addAnnotatedClass(ExceptionStore.class); -// config.addAnnotatedClass(InterfederationSessionStore.class); -// config.addAnnotatedClass(ProcessInstanceStore.class); -// config.addProperties(moaSessionProp); -// MOASessionDBUtils.initHibernate(config, moaSessionProp); -// -// //initial advanced logging -// if (isAdvancedLoggingActive()) { -// Logger.info("Advanced statistic log is activated, starting initialization process ..."); -// Configuration statisticconfig = new Configuration(); -// statisticconfig.addAnnotatedClass(StatisticLog.class); -// statisticconfig.addProperties(statisticProps); -// StatisticLogDBUtils.initHibernate(statisticconfig, statisticProps); -// Logger.info("Advanced statistic log is initialized."); -// } -// -// } -// Logger.trace("Hibernate initialization finished."); -// -// } catch (FileNotFoundException e) { -// throw new ConfigurationException("config.03", null, e); -// -// } catch (IOException e) { -// throw new ConfigurationException("config.03", null, e); -// -// } catch (ExceptionInInitializerError e) { -// throw new ConfigurationException("config.17", null, e); -// -// } finally { -// if (fis != null) -// fis.close(); -// -// } -// -// -// //Initialize OpenSAML for STORK -// Logger.info("Starting initialization of OpenSAML..."); -// MOADefaultBootstrap.bootstrap(); -// //DefaultBootstrap.bootstrap(); -// Logger.debug("OpenSAML successfully initialized"); -// -// -// String legacyconfig = props.getProperty("configuration.xml.legacy"); -// String xmlconfig = props.getProperty("configuration.xml"); -//// String xmlconfigout = props.getProperty("configuration.xml.out"); -// -// -// //configure eGovUtils client implementations -// -// //read eGovUtils client configuration -// Properties eGovUtilsConfigProp = new Properties(); -// for (Object key : props.keySet()) { -// String propPrefix = "service."; -// if (key.toString().startsWith(propPrefix+"egovutil")) { -// String propertyName = key.toString().substring(propPrefix.length()); -// eGovUtilsConfigProp.put(propertyName, props.get(key.toString())); -// } -// } -// if (!eGovUtilsConfigProp.isEmpty()) { -// Logger.info("Start eGovUtils client implementation configuration ..."); -// eGovUtilsConfig = -// new EgovUtilPropertiesConfiguration(eGovUtilsConfigProp, rootConfigFileDir); -// } -// -// -// //TODO: removed in MOA-ID 3.x -//// //check if XML config should be used -//// if (MiscUtil.isNotEmpty(legacyconfig) || MiscUtil.isNotEmpty(xmlconfig)) { -//// Logger.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); -//// //moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); -//// moaidconfig = NewConfigurationDBRead.getMOAIDConfiguration(); -//// if (moaidconfig.getAuthComponentGeneral()!= null || moaidconfig.getChainingModes() != null || moaidconfig.getTrustedCACertificates() != null || moaidconfig.getDefaultBKUs() != null -//// || moaidconfig.getSLRequestTemplates() != null || moaidconfig.getTimestampItem() != null || moaidconfig.getPvp2RefreshItem() != null) { -//// -//// // ConfigurationDBUtils.delete(moaidconfig); -//// for(String key : MOAIDConfigurationConstants.getMOAIDConfigurationKeys()){ -//// NewConfigurationDBWrite.delete(key); -//// } -//// } -//// -//// -//// //List<OnlineApplication> oas = ConfigurationDBRead.getAllOnlineApplications(); -//// List<OnlineApplication> oas = NewConfigurationDBRead.getAllOnlineApplications(); -//// if (oas != null && oas.size() > 0) { -//// // for (OnlineApplication oa : oas) -//// // ConfigurationDBUtils.delete(oa); -//// NewConfigurationDBWrite.delete(MOAIDConfigurationConstants.ONLINE_APPLICATIONS_KEY); -//// } -//// } -//// -//// //load legacy config if it is configured -//// if (MiscUtil.isNotEmpty(legacyconfig)) { -//// Logger.warn("WARNING! MOA-ID 2.0 is started with legacy configuration. This setup is not recommended!"); -//// -//// MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(new File(legacyconfig), rootConfigFileDir, null); -//// -//// List<OnlineApplication> oas = moaconfig.getOnlineApplication(); -//// // for (OnlineApplication oa : oas) -//// // ConfigurationDBUtils.save(oa); -//// NewConfigurationDBWrite.saveOnlineApplications(oas); -//// -//// moaconfig.setOnlineApplication(null); -//// // ConfigurationDBUtils.save(moaconfig); -//// NewConfigurationDBWrite.save(moaconfig); -//// -//// Logger.info("Legacy Configuration load is completed."); -//// -//// -//// } -//// -//// //load MOA-ID 2.x config from XML -//// if (MiscUtil.isNotEmpty(xmlconfig)) { -//// Logger.warn("Load configuration from MOA-ID 2.x XML configuration"); -//// -//// try { -//// JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); -//// Unmarshaller m = jc.createUnmarshaller(); -//// File file = new File(xmlconfig); -//// MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(file); -//// //ConfigurationDBUtils.save(moaconfig); -//// -//// List<OnlineApplication> importoas = moaconfig.getOnlineApplication(); -//// // for (OnlineApplication importoa : importoas) { -//// // ConfigurationDBUtils.saveOrUpdate(importoa); -//// // } -//// -//// NewConfigurationDBWrite.saveOnlineApplications(importoas); -//// -//// moaconfig.setOnlineApplication(null); -//// //ConfigurationDBUtils.saveOrUpdate(moaconfig); -//// NewConfigurationDBWrite.save(moaconfig); -//// -//// } catch (Exception e) { -//// Logger.warn("MOA-ID XML configuration can not be loaded from File.", e); -//// throw new ConfigurationException("config.02", null); -//// } -//// Logger.info("XML Configuration load is completed."); -//// } -// -// reloadDataBaseConfig(); -// -// -// } catch (Throwable t) { -// throw new ConfigurationException("config.02", null, t); -// } -// } -// -// protected MOAIDConfiguration loadDataBaseConfig() { -// return ConfigurationDBRead.getMOAIDConfiguration(); -// } -// -// public synchronized void reloadDataBaseConfig() throws ConfigurationException { -// -// Logger.info("Read MOA-ID 2.0 configuration from database."); -// moaidconfig = loadDataBaseConfig(); -// Logger.info("MOA-ID 2.0 is loaded."); -// -// if (moaidconfig == null) { -// Logger.warn("NO MOA-ID configuration found."); -// throw new ConfigurationException("config.18", null); -// } -// -// //build STORK Config -// AuthComponentGeneral auth = getAuthComponentGeneral(); -// ForeignIdentities foreign = auth.getForeignIdentities(); -// if (foreign == null ) { -// Logger.warn("Error in MOA-ID Configuration. No STORK configuration found."); -// } else -// storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir); -// -// //load Chaining modes -// ChainingModes cm = moaidconfig.getChainingModes(); -// if (cm != null) { -// defaultChainingMode = cm.getSystemDefaultMode().value(); -// -// List<TrustAnchor> tas = cm.getTrustAnchor(); -// -// chainingModes = new HashMap<IssuerAndSerial, String>(); -// for (TrustAnchor ta : tas) { -// IssuerAndSerial is = new IssuerAndSerial(ta.getX509IssuerName(), ta.getX509SerialNumber()); -// chainingModes.put(is, ta.getMode().value()); -// } -// } else { -// Logger.warn("Error in MOA-ID Configuration. No ChainingMode configuration found."); -// throw new ConfigurationException("config.02", null); -// } -// -// //set Trusted CA certs directory -// trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates(); -// -// //set CertStoreDirectory -// setCertStoreDirectory(); -// -// //set TrustManagerRevocationChecking -// setTrustManagerRevocationChecking(); -// -// //set default timeouts -// timeouts = new TimeOuts(); -// timeouts.setAssertion(new BigInteger("300")); -// timeouts.setMOASessionCreated(new BigInteger("2700")); -// timeouts.setMOASessionUpdated(new BigInteger("1200")); -// -// //search timeouts in config -// if (auth.getGeneralConfiguration() != null) { -// if (auth.getGeneralConfiguration().getTimeOuts() != null) { -// if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() != null) -// timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion()); -// -// if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() != null) -// timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated()); -// -// if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() != null) -// timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated()); -// -// } else { -// Logger.info("No TimeOuts defined. Use default values"); -// } -// } -// -// // sets the authentication session and authentication data time outs -// AuthenticationServer.getInstance() -// .setSecondsSessionTimeOutCreated(timeouts.getMOASessionCreated().longValue()); -// -// AuthenticationServer.getInstance() -// .setSecondsSessionTimeOutUpdated(timeouts.getMOASessionUpdated().longValue()); -// -// AuthenticationServer.getInstance() -// .setSecondsAuthDataTimeOut(timeouts.getAssertion().longValue()); -// -// -// -// //set PVP2 general config -// Protocols protocols = auth.getProtocols(); -// if (protocols != null) { -// -// allowedProtcols = new ProtocolAllowed(); -// -// if (protocols.getSAML1() != null) { -// allowedProtcols.setSAML1Active(protocols.getSAML1().isIsActive()); -// -// //load alternative sourceID -// if (MiscUtil.isNotEmpty(protocols.getSAML1().getSourceID())) -// alternativesourceid = protocols.getSAML1().getSourceID(); -// -// } -// -// if (protocols.getOAuth() != null) { -// allowedProtcols.setOAUTHActive(protocols.getOAuth().isIsActive()); -// } -// -// if (protocols.getPVP2() != null) { -// PVP2 el = protocols.getPVP2(); -// -// allowedProtcols.setPVP21Active(el.isIsActive()); -// -// pvp2general = new PVP2(); -// pvp2general.setIssuerName(el.getIssuerName()); -// pvp2general.setPublicURLPrefix(el.getPublicURLPrefix()); -// -// if (el.getOrganization() != null) { -// Organization org = new Organization(); -// pvp2general.setOrganization(org); -// org.setDisplayName(el.getOrganization().getDisplayName()); -// org.setName(el.getOrganization().getName()); -// org.setURL(el.getOrganization().getURL()); -// } -// -// if (el.getContact() != null) { -// List<Contact> cont = new ArrayList<Contact>(); -// pvp2general.setContact(cont); -// for (Contact e : el.getContact()) { -// Contact c = new Contact(); -// c.setCompany(e.getCompany()); -// c.setGivenName(e.getGivenName()); -// c.getMail().addAll(e.getMail()); -// c.getPhone().addAll(e.getPhone()); -// c.setSurName(e.getSurName()); -// c.setType(e.getType()); -// cont.add(c); -// } -// } -// } -// } else { -// Logger.warn("Error in MOA-ID Configuration. No general Protcol configuration found."); -// } -// -// //set alternativeSourceID -// if (auth.getGeneralConfiguration() != null) { -// -// //TODO: can be removed in a further version, because it is moved to SAML1 config -// if (MiscUtil.isEmpty(alternativesourceid)) -// alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID(); -// -// if (MiscUtil.isNotEmpty(auth.getGeneralConfiguration().getPublicURLPreFix())) -// publicURLPreFix = auth.getGeneralConfiguration().getPublicURLPreFix(); -// -// else { -// Logger.error("No Public URL Prefix configured."); -// throw new ConfigurationException("config.05", new Object[]{"Public URL Prefix"}); -// } -// -// } else { -// Logger.warn("Error in MOA-ID Configuration. No GeneralConfig defined."); -// throw new ConfigurationException("config.02", null); -// } -// -// //set LegacyAllowedProtocols -// try { -// if (auth.getProtocols() != null) { -// Protocols procols = auth.getProtocols(); -// if (procols.getLegacyAllowed() != null) { -// LegacyAllowed legacy = procols.getLegacyAllowed(); -// legacyallowedprotocols = new ArrayList<String>(legacy.getProtocolName()); -// } -// } -// } catch (Exception e) { -// Logger.info("No protocols found with legacy allowed flag!"); -// } -// -// //set VerifyAuthBlockConfig -// MOASP moasp = getMOASPConfig(auth); -// -// VerifyAuthBlock el = moasp.getVerifyAuthBlock(); -// if (el != null) { -// verifyidl = new VerifyAuthBlock(); -// verifyidl.setTrustProfileID(el.getTrustProfileID()); -// verifyidl.setVerifyTransformsInfoProfileID(new ArrayList<String>(el.getVerifyTransformsInfoProfileID())); -// } -// else { -// Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation."); -// throw new ConfigurationException("config.02", null); -// } -// -// //set MOASP connection parameters -// if (moasp.getConnectionParameter() != null) -// MoaSpConnectionParameter = new ConnectionParameterMOASP(moasp.getConnectionParameter(), props, this.rootConfigFileDir); -// else -// MoaSpConnectionParameter = null; -// -// //set ForeignIDConnectionParameters -// if (foreign != null) { -// ForeignIDConnectionParameter = new ConnectionParameterForeign(foreign.getConnectionParameter(), props, this.rootConfigFileDir); -// } else { -// Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to SZRGW Service found"); -// } -// -// //set OnlineMandateConnectionParameters -// OnlineMandates ovs = auth.getOnlineMandates(); -// if (ovs != null) { -// OnlineMandatesConnectionParameter = new ConnectionParameterMandate(ovs.getConnectionParameter(), props, this.rootConfigFileDir); -// -// } else { -// Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to OVS Service found"); -// } -// -// //set MOASP IdentityLink Trust-ProfileID -// VerifyIdentityLink verifyidl = moasp.getVerifyIdentityLink(); -// if (verifyidl != null) -// MoaSpIdentityLinkTrustProfileID = verifyidl.getTrustProfileID(); -// else { -// Logger.warn("Error in MOA-ID Configuration. No Trustprofile for IdentityLink validation."); -// throw new ConfigurationException("config.02", null); -// } -// -// //set SL transformation infos -// SecurityLayer seclayer = auth.getSecurityLayer(); -// if (seclayer == null) { -// Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration->SecurityLayer found"); -// throw new ConfigurationException("config.02", null); -// } else { -// TransformsInfos = ConfigurationUtils.getTransformInfos(seclayer.getTransformsInfo()); -// -// if (TransformsInfos == null || TransformsInfos.size() == 0) { -// Logger.error("No Security-Layer Transformation found."); -// throw new ConfigurationException("config.05", new Object[]{"Security-Layer Transformation"}); -// } -// -// } -// -// //set IdentityLinkSignerSubjectNames -// IdentityLinkX509SubjectNames = new ArrayList<String>(); -// IdentityLinkSigners idlsigners = auth.getIdentityLinkSigners(); -// if (idlsigners != null) { -// Logger.debug("Load own IdentityLinkX509SubjectNames"); -// IdentityLinkX509SubjectNames.addAll(new ArrayList<String>(idlsigners.getX509SubjectName())); -// } -// -// // now add the default identity link signers -// String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID; -// for (int i=0; i<identityLinkSignersWithoutOID.length; i++) { -// String identityLinkSigner = identityLinkSignersWithoutOID[i]; -// if (!IdentityLinkX509SubjectNames.contains(identityLinkSigner)) { -// IdentityLinkX509SubjectNames.add(identityLinkSigner); -// } -// } -// -// //set SLRequestTemplates -// SLRequestTemplates templ = moaidconfig.getSLRequestTemplates(); -// if (templ == null) { -// Logger.warn("Error in MOA-ID Configuration. No SLRequestTemplates found"); -// throw new ConfigurationException("config.02", null); -// } else { -// SLRequestTemplates.put(IOAAuthParameters.ONLINEBKU, templ.getOnlineBKU()); -// SLRequestTemplates.put(IOAAuthParameters.LOCALBKU, templ.getLocalBKU()); -// SLRequestTemplates.put(IOAAuthParameters.HANDYBKU, templ.getHandyBKU()); -// } -// -// //set Default BKU URLS -// DefaultBKUs bkuuls = moaidconfig.getDefaultBKUs(); -// if (bkuuls != null) { -// DefaultBKUURLs.put(IOAAuthParameters.ONLINEBKU, bkuuls.getOnlineBKU()); -// DefaultBKUURLs.put(IOAAuthParameters.LOCALBKU, bkuuls.getLocalBKU()); -// DefaultBKUURLs.put(IOAAuthParameters.HANDYBKU, bkuuls.getHandyBKU()); -// } -// -// //set SSO Config -// if (auth.getSSO()!= null) { -// ssoconfig = new SSO(); -// ssoconfig.setFriendlyName(auth.getSSO().getFriendlyName()); -// ssoconfig.setPublicURL(auth.getSSO().getPublicURL()); -// ssoconfig.setSpecialText(auth.getSSO().getSpecialText()); -// ssoconfig.setTarget(auth.getSSO().getTarget()); -// -// if (auth.getSSO().getIdentificationNumber() != null) { -// IdentificationNumber value = new IdentificationNumber(); -// value.setType(auth.getSSO().getIdentificationNumber().getType()); -// value.setValue(auth.getSSO().getIdentificationNumber().getValue()); -// ssoconfig.setIdentificationNumber(value); -// } -// } else { -// Logger.warn("Error in MOA-ID Configuration. No Single Sign-On Config found"); -// } -// -// //close Database -// // -// -// date = new Date(); -// } -// -// -// private Properties getGeneralProperiesConfig(final String propPrefix) { -// Properties configProp = new Properties(); -// for (Object key : props.keySet()) { -// if (key.toString().startsWith(propPrefix)) { -// String propertyName = key.toString().substring(propPrefix.length()); -// configProp.put(propertyName, props.get(key.toString())); -// } -// } -// return configProp; -// } -// -// public Properties getGeneralPVP2ProperiesConfig() { -// return this.getGeneralProperiesConfig("protocols.pvp2."); -// } -// -// public Properties getGeneralOAuth20ProperiesConfig() { -// return this.getGeneralProperiesConfig("protocols.oauth20."); -// } -// -// public ProtocolAllowed getAllowedProtocols() { -// return allowedProtcols; -// } -// -// public PVP2 getGeneralPVP2DBConfig() { -// return pvp2general; -// } -// -// public TimeOuts getTimeOuts() throws ConfigurationException { -// return timeouts; -// } -// -// public String getAlternativeSourceID() throws ConfigurationException { -// return alternativesourceid; -// } -// -// public List<String> getLegacyAllowedProtocols() { -// return legacyallowedprotocols; -// } -// -// -// /** -// * Provides configuration information regarding the online application behind -// * the given URL, relevant to the MOA-ID Auth component. -// * -// * @param oaURL URL requested for an online application -// * @return an <code>OAAuthParameter</code>, or <code>null</code> -// * if none is applicable -// */ -// public OAAuthParameter getOnlineApplicationParameter(String oaURL) { -// -// OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(oaURL); -// -// if (oa == null) { -// Logger.warn("Online application with identifier " + oaURL + " is not found."); -// return null; -// } -// -// return new OAAuthParameter(oa); -// } -// -// -// /** -// * Return a string with a url-reference to the VerifyAuthBlock trust -// * profile id within the moa-sp part of the authentication component -// * -// * @return String with a url-reference to the VerifyAuthBlock trust profile ID -// * @throws ConfigurationException -// */ -// public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException { -// return verifyidl.getTrustProfileID(); -// } -// -// /** -// * Return a string array with references to all verify transform info -// * IDs within the moa-sp part of the authentication component -// * @return A string array containing all urls to the -// * verify transform info IDs -// * @throws ConfigurationException -// */ -// public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException { -// return verifyidl.getVerifyTransformsInfoProfileID(); -// } -// -// /** -// * Return a ConnectionParameter bean containing all information -// * of the authentication component moa-sp element -// * @return ConnectionParameter of the authentication component moa-sp element -// * @throws ConfigurationException -// */ -// public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException { -// return MoaSpConnectionParameter; -// } -// -// /** -// * Return a ConnectionParameter bean containing all information -// * of the authentication component foreigid element -// * @return ConnectionParameter of the authentication component foreignid element -// * @throws ConfigurationException -// */ -// public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException { -// return ForeignIDConnectionParameter; -// } -// -// /** -// * Return a ConnectionParameter bean containing all information -// * of the authentication component OnlineMandates element -// * @return ConnectionParameter of the authentication component OnlineMandates element -// * @throws ConfigurationException -// */ -// public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException { -// return OnlineMandatesConnectionParameter; -// } -// -// /** -// * Return a string with a url-reference to the VerifyIdentityLink trust -// * profile id within the moa-sp part of the authentication component -// * @return String with a url-reference to the VerifyIdentityLink trust profile ID -// * @throws ConfigurationException -// */ -// public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException { -// return MoaSpIdentityLinkTrustProfileID; -// } -// -// /** -// * Returns the transformsInfos. -// * @return String[] -// * @throws ConfigurationException -// */ -// public List<String> getTransformsInfos() throws ConfigurationException { -// return TransformsInfos; -// } -// -// /** -// * Returns the identityLinkX509SubjectNames. -// * @return List -// * @throws ConfigurationException -// */ -// public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException { -// return IdentityLinkX509SubjectNames; -// } -// -// public List<String> getSLRequestTemplates() throws ConfigurationException { -// return new ArrayList<String>(SLRequestTemplates.values()); -// } -// -// public String getSLRequestTemplates(String type) throws ConfigurationException { -// String el = SLRequestTemplates.get(type); -// if (MiscUtil.isNotEmpty(el)) -// return el; -// else { -// Logger.warn("getSLRequestTemplates: BKU Type does not match: " -// + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU); -// return null; -// } -// } -// -// public List<String> getDefaultBKUURLs() throws ConfigurationException { -// return new ArrayList<String>(DefaultBKUURLs.values()); -// } -// -// public String getDefaultBKUURL(String type) throws ConfigurationException { -// String el = DefaultBKUURLs.get(type); -// if (MiscUtil.isNotEmpty(el)) -// return el; -// else { -// Logger.warn("getSLRequestTemplates: BKU Type does not match: " -// + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU); -// return null; -// } -// } -// -//// public boolean isSSOBusinessService() throws ConfigurationException { -//// -//// if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null) -//// return true; -//// else -//// return false; -//// } -// -// public String getSSOTagetIdentifier() throws ConfigurationException { -// if (ssoconfig != null) -// return ssoconfig.getTarget(); -// else -// return null; -// } -// -//// public String getSSOTarget() throws ConfigurationException { -//// if (ssoconfig!= null) -//// return ssoconfig.getTarget(); -//// -//// return null; -//// } -// -// public String getSSOFriendlyName() { -// if (ssoconfig!= null) { -// if (MiscUtil.isNotEmpty(ssoconfig.getFriendlyName())) -// return ssoconfig.getFriendlyName(); -// } -// -// return "Default MOA-ID friendly name for SSO"; -// } -// -// public String getSSOSpecialText() { -// if (ssoconfig!= null) { -// String text = ssoconfig.getSpecialText(); -// if (MiscUtil.isEmpty(text)) -// text = new String(); -// -// return text; -// } -// return new String(); -// } -// -// public String getMOASessionEncryptionKey() { -// -// String prop = props.getProperty("configuration.moasession.key"); -// if (MiscUtil.isEmpty(prop)) -// return null; -// else -// return prop; -// } -// -// /** -// * @return -// */ -// public String getMOAConfigurationEncryptionKey() { -// String prop = props.getProperty("configuration.moaconfig.key"); -// if (MiscUtil.isEmpty(prop)) -// return null; -// else -// return prop; -// } -// -// public boolean isIdentityLinkResigning() { -// String prop = props.getProperty("configuration.resignidentitylink.active", "false"); -// return Boolean.valueOf(prop); -// } -// -// public String getIdentityLinkResigningKey() { -// String prop = props.getProperty("configuration.resignidentitylink.keygroup"); -// if (MiscUtil.isNotEmpty(prop)) -// return prop; -// else -// return null; -// } -// -// /** -// * Checks if is fakeIdL is activated. -// * -// * @return true, if fake IdLs are available for stork -// */ -// public boolean isStorkFakeIdLActive() { -// String prop = props.getProperty("stork.fakeIdL.active", "false"); -// return Boolean.valueOf(prop); -// } -// -// /** -// * Gets the countries which will receive a fake IdL -// * -// * @return the countries -// */ -// public List<String> getStorkFakeIdLCountries() { -// String prop = props.getProperty("stork.fakeIdL.countries", ""); -// return Arrays.asList(prop.replaceAll(" ", "").split(",")); -// } -// -// /** -// * Gets the resigning key (group) for the stork fake IdL. -// * -// * @return the resigning key -// */ -// public String getStorkFakeIdLResigningKey() { -// String prop = props.getProperty("stork.fakeIdL.keygroup"); -// if (MiscUtil.isNotEmpty(prop)) -// return prop; -// else -// return null; -// } -// -// /** -// * Gets the countries for which it is configured to require no signature -// * -// * @return the stork no signature countries -// */ -// public List<String> getStorkNoSignatureCountries() { -// String prop = props.getProperty("stork.fakeIdL.noSignatureCountries", ""); -// return Arrays.asList(prop.replaceAll(" ", "").split(",")); -// } -// -// @JsonProperty("isMonitoringActive") -// public boolean isMonitoringActive() { -// String prop = props.getProperty("configuration.monitoring.active", "false"); -// return Boolean.valueOf(prop); -// } -// -// public String getMonitoringTestIdentityLinkURL() { -// String prop = props.getProperty("configuration.monitoring.test.identitylink.url"); -// if (MiscUtil.isNotEmpty(prop)) -// return prop; -// else -// return null; -// } -// -// public String getMonitoringMessageSuccess() { -// String prop = props.getProperty("configuration.monitoring.message.success"); -// if (MiscUtil.isNotEmpty(prop)) -// return prop; -// else -// return null; -// } -// -// public boolean isAdvancedLoggingActive() { -// String prop = props.getProperty("configuration.advancedlogging.active", "false"); -// return Boolean.valueOf(prop); -// } -// -// public String getPublicURLPrefix() { -// return publicURLPreFix; -// } -// -// public boolean isPVP2AssertionEncryptionActive() { -// String prop = props.getProperty("protocols.pvp2.assertion.encryption.active", "true"); -// return Boolean.valueOf(prop); -// } -// -// public boolean isCertifiacteQCActive() { -// String prop = props.getProperty("configuration.validation.certificate.QC.ignore", "false"); -// return !Boolean.valueOf(prop); -// } -// -// -// //Load document service url from moa properties -// public String getDocumentServiceUrl() { -// String prop = props.getProperty("stork.documentservice.url", "false"); -// return prop; -// } -// -// -// public boolean isPVPSchemaValidationActive() { -// String prop = props.getProperty("protocols.pvp2.schemavalidation", "true"); -// return Boolean.valueOf(prop); -// } -// -// /** -// * Returns the STORK Configuration -// * @return STORK Configuration -// * @throws ConfigurationException -// */ -// public STORKConfig getStorkConfig() throws ConfigurationException { -// -// return storkconfig; -// } -// -// /** -// * @return the eGovUtilsConfig -// */ -//@JsonIgnore -//public EgovUtilPropertiesConfiguration geteGovUtilsConfig() { -// return eGovUtilsConfig; -//} -// -//private void setCertStoreDirectory() throws ConfigurationException { -// AuthComponentGeneral auth = getAuthComponentGeneral(); -// -// if (auth.getGeneralConfiguration() != null) -// certstoreDirectory = rootConfigFileDir + auth.getGeneralConfiguration().getCertStoreDirectory(); -// else { -// Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined."); -// throw new ConfigurationException("config.02", null); -// } -// } -// -// private void setTrustManagerRevocationChecking() throws ConfigurationException { -// AuthComponentGeneral auth = getAuthComponentGeneral(); -// -// if (auth.getGeneralConfiguration() != null && -// auth.getGeneralConfiguration().isTrustManagerRevocationChecking() != null) -// trustmanagerrevoationchecking = auth.getGeneralConfiguration().isTrustManagerRevocationChecking(); -// else { -// Logger.warn("No TrustMangerRevoationChecking defined. Use default value = TRUE"); -// throw new ConfigurationException("config.02", null); -// } -// } -// -// private static AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException { -// AuthComponentGeneral authgeneral = moaidconfig.getAuthComponentGeneral(); -// if (authgeneral == null) { -// Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found"); -// throw new ConfigurationException("config.02", null); -// } -// return authgeneral; -// } -// -// private static MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException { -// MOASP moasp = authgeneral.getMOASP(); -// -// if (moasp == null) { -// Logger.warn("Error in MOA-ID Configuration. No MOASP configuration found"); -// throw new ConfigurationException("config.02", null); -// } -// return moasp; -// } -// -///* (non-Javadoc) -// * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getConfigurationWithPrefix(java.lang.String) -// */ -//@Override -//public Properties getConfigurationWithPrefix(String Prefix) { -// // TODO Auto-generated method stub -// return null; -//} -// -///* (non-Javadoc) -// * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getConfigurationWithKey(java.lang.String) -// */ -//@Override -//public String getConfigurationWithKey(String key) { -// // TODO Auto-generated method stub -// return null; -//} -// -//} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java index a2dfeba2f..ab2a07f7c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java @@ -263,6 +263,19 @@ public String getKeyBoxIdentifier() { returnValue.setProvideAllErrors( Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_RETURNERROR))); + if (Boolean.parseBoolean( + spConfiguration.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, + String.valueOf(false)))) { + Logger.info("Demo-mode for 'New Austrian eID' is active. Restrict SAML1 response ... "); + returnValue.setProvideBaseId(false); + returnValue.setProvideAuthBlock(false); + returnValue.setProvideIdl(false); + returnValue.setProvideMandate(false); + + } + + return returnValue; } @@ -920,6 +933,16 @@ public List<String> foreignbPKSectorsRequested() { } +@Override +public List<String> additionalbPKSectorsRequested() { + String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS); + if (MiscUtil.isNotEmpty(value)) + return KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(value)); + + else + return null; + +} @Override @@ -1002,4 +1025,5 @@ public boolean isConfigurationValue(String key, boolean defaultValue) { } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java index 390b77dab..1b2d203c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java @@ -541,6 +541,12 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{ } @Override + public List<String> additionalbPKSectorsRequested() { + // TODO Auto-generated method stub + return null; + } + + @Override public boolean containsConfigurationKey(String arg0) { // TODO Auto-generated method stub return false; @@ -593,6 +599,5 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{ public String getLoAMatchingMode() { return EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM; } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java index ff4b96aab..af4cf6fa7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java @@ -5,6 +5,7 @@ import java.util.List; import org.w3c.dom.Element; import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; public interface IMOAAuthData extends IAuthData{ @@ -17,7 +18,22 @@ public interface IMOAAuthData extends IAuthData{ */ String getQAALevel(); - List<String> getEncbPKList(); + /** + * Get a List of Pair<Encrytped bPK, bPKTarget>, where the bPKTarget is formated according + * to Section 3.2.7 ENC-BPK-LIST in PVP Attribute-Profile 2.1.3 + * + * @return + */ + List<Pair<String, String>> getEncbPKList(); + + /** + * Get a List of Pair<Encrytped bPK, bPKTarget> for natural-person mandates, where + * the bPKTarget is formated according to Section 3.2.7 ENC-BPK-LIST in PVP Attribute-Profile 2.1.3 + * + * @return + */ + List<Pair<String, String>> getEncMandateNaturalPersonbPKList(); + byte[] getSignerCertificate(); String getAuthBlock(); boolean isPublicAuthority(); @@ -35,4 +51,10 @@ public interface IMOAAuthData extends IAuthData{ String getPvpAttribute_OU(); List<AuthenticationRole> getAuthenticationRoles(); + /** + * Indicate Austrian eID demo-mode + * + * @return true if it is in demo-mode, otherwise false + */ + public boolean isIseIDNewDemoMode(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java index ca0ae0687..897a06e62 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java @@ -29,6 +29,7 @@ import java.util.List; import org.w3c.dom.Element; import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; @@ -54,8 +55,10 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut private byte[] signerCertificate = null; private String authBlock = null; private String QAALevel = null; - private List<String> encbPKList; - + + private List<Pair<String, String>> encbPKList; + private List<Pair<String, String>> encMandateNaturalPersonbPKList; + //ISA 1.18 attributes private List<AuthenticationRole> roles = null; private String pvpAttribute_OU = null; @@ -69,6 +72,8 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut private LoALevelMapper loaMapper; + private boolean iseIDNewDemoMode = false; + public MOAAuthenticationData(ILoALevelMapper loaMapper) { if (loaMapper instanceof LoALevelMapper) this.loaMapper = (LoALevelMapper) loaMapper; @@ -104,9 +109,9 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut } @Override - public List<String> getEncbPKList() { + public List<Pair<String, String>> getEncbPKList() { if (this.encbPKList == null) - this.encbPKList = new ArrayList<String>(); + this.encbPKList = new ArrayList<Pair<String, String>>(); return this.encbPKList; } @@ -291,10 +296,27 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut } /** + * Set a List of encrypted bPKs where each List element is formated according + * to Section 3.2.7 ENC-BPK-LIST in PVP Attribte-Profile 2.1.3 + * * @param encbPKList the encbPKList to set */ public void setEncbPKList(List<String> encbPKList) { - this.encbPKList = encbPKList; + if (encbPKList != null) { + for (String el : encbPKList) { + Logger.trace("Processing foreign bPK string: " + el ); + int index = el.indexOf("|"); + if (index >= 0) { + String encbPK = el.substring(index+1); + String second = el.substring(0, index); + getEncbPKList().add(Pair.newInstance(encbPK, second)); + + } else + Logger.info("Foreign bPK: " + el + " is misformatted. Ignore it"); + + } + + } } @@ -321,648 +343,32 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut public void setQualifiedCertificate(boolean qualifiedCertificate) { this.qualifiedCertificate = qualifiedCertificate; } - - -// private static final long serialVersionUID = -1042697056735596866L; -// public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; -// -// /** -// * URL of the MOA-ID Auth component issueing this assertion -// */ -// private String issuer; -// /** -// * time instant of issue of this assertion -// */ -// private Date issueInstant; -// /** -// * user identification value (Stammzahl); <code>null</code>, -// * if the authentication module is configured not to return this data -// */ -// private String identificationValue; -// /** -// * user identification type -// */ -// private String identificationType; -// -// /** -// * user identityLink specialized to OAParamter -// */ -// private IIdentityLink identityLink; -// -// /** -// * application specific user identifier (bPK/wbPK) -// */ -// private String bPK; -// -// /** -// * application specific user identifier type -// */ -// private String bPKType; -// -// /** -// * given name of the user -// */ -// private String givenName; -// /** -// * family name of the user -// */ -// private String familyName; -// /** -// * date of birth of the user -// */ -// private Date dateOfBirth; -// /** -// * says whether the certificate is a qualified certificate or not -// */ -// -// /** -// * says whether the certificate is a public authority or not -// */ -// /** -// * public authority code (Behördenkennzeichen - BKZ) -// */ -// -// -// /** -// * URL of the BKU -// */ -// -// /** -// * the corresponding <code>lt;saml:Assertion></code> -// */ -// -// private boolean isBaseIDTransferRestrication = true; -// -// -// /** -// * STORK attributes from response -// */ -// private String ccc = null; -// -// private Map<String, Object> genericDataStorate = new HashedMap<String, Object>(); -// -// -// -// private String authBlock = null; -// private List<String> encbPKList = null; -// -// //ISA 1.18 attributes -// private List<AuthenticationRole> roles = null; -// private String pvpAttribute_OU = null; -// -// private boolean useMandate = false; -// private IMISMandate mandate = null; -// private String mandateReferenceValue = null; -// -// private boolean foreigner =false; -// private String QAALevel = null; -// -// private boolean ssoSession = false; -// private Date ssoSessionValidTo = null; -// -//// private boolean interfederatedSSOSession = false; -//// private String interfederatedIDP = null; -// -// private String sessionIndex = null; -// private String nameID = null; -// private String nameIDFormat = null; -// -// public AuthenticationData() { -// issueInstant = new Date(); -// } -// -// /** -// * Returns the publicAuthority. -// * @return boolean -// */ -// public boolean isPublicAuthority() { -// return publicAuthority; -// } -// -// /** -// * Returns the publicAuthorityCode. -// * @return String -// */ -// public String getPublicAuthorityCode() { -// return publicAuthorityCode; -// } -// -// /** -// * Returns the qualifiedCertificate. -// * @return boolean -// */ -// public boolean isQualifiedCertificate() { -// return qualifiedCertificate; -// } -// -// /** -// * Returns the bPK. -// * @return String -// */ -// public String getBPK() { -// return bPK; -// } -// -// /** -// * Sets the publicAuthority. -// * @param publicAuthority The publicAuthority to set -// */ -// public void setPublicAuthority(boolean publicAuthority) { -// this.publicAuthority = publicAuthority; -// } -// -// /** -// * Sets the publicAuthorityCode. -// * @param publicAuthorityIdentification The publicAuthorityCode to set -// */ -// public void setPublicAuthorityCode(String publicAuthorityIdentification) { -// this.publicAuthorityCode = publicAuthorityIdentification; -// } -// -// /** -// * Sets the qualifiedCertificate. -// * @param qualifiedCertificate The qualifiedCertificate to set -// */ -// public void setQualifiedCertificate(boolean qualifiedCertificate) { -// this.qualifiedCertificate = qualifiedCertificate; -// } -// -// /** -// * Sets the bPK. -// * @param bPK The bPK to set -// */ -// public void setBPK(String bPK) { -// this.bPK = bPK; -// } -// -// /** -// * Returns the dateOfBirth. -// * @return String -// */ -// public Date getDateOfBirth() { -// return dateOfBirth; -// } -// -// public String getFormatedDateOfBirth() { -// DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); -// if (getDateOfBirth() != null) -// return pvpDateFormat.format(getDateOfBirth()); -// else -// return "2999-12-31"; -// } -// -// /** -// * Returns the familyName. -// * @return String -// */ -// public String getFamilyName() { -// return familyName; -// } -// -// /** -// * Returns the givenName. -// * @return String -// */ -// public String getGivenName() { -// return givenName; -// } -// -// /** -// * Holds the baseID of a citizen -// * -// * @return baseID -// */ -// public String getIdentificationValue() { -// return identificationValue; -// } -// -// /** -// * Holds the type of the baseID -// * -// * @return baseID-Type -// */ -// public String getIdentificationType() { -// return identificationType; -// } -// -// /** -// * Returns the issueInstant. -// * @return String -// */ -// public String getIssueInstantString() { -// return DateTimeUtils.buildDateTimeUTC(issueInstant); -// -// } -// -// /** -// * Returns the issueInstant. -// * @return String -// */ -// public Date getIssueInstant() { -// return issueInstant; -// -// } -// -// public void setIssueInstant(Date date) { -// this.issueInstant = date; -// } -// -// /** -// * Returns the issuer. -// * @return String -// */ -// public String getIssuer() { -// return issuer; -// } -// -// /** -// * Returns the BKU URL. -// * @return String -// */ -// public String getBkuURL() { -// return bkuURL; -// } -// -// /** -// * Sets the dateOfBirth. -// * @param dateOfBirth The dateOfBirth to set -// */ -// public void setDateOfBirth(Date dateOfBirth) { -// this.dateOfBirth = dateOfBirth; -// } -// -// public void setDateOfBirth(String dateOfBirth) { -// try { -// if (MiscUtil.isNotEmpty(dateOfBirth)) { -// DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); -// this.dateOfBirth = identityLinkFormat.parse(dateOfBirth); -// } -// -// } catch (ParseException e) { -// Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e); -// -// } -// } -// -// /** -// * Sets the familyName. -// * @param familyName The familyName to set -// */ -// public void setFamilyName(String familyName) { -// this.familyName = familyName; -// } -// -// /** -// * Sets the givenName. -// * @param givenName The givenName to set -// */ -// public void setGivenName(String givenName) { -// this.givenName = givenName; -// } -// -// /** -// * Sets the identificationValue. -// * @param identificationValue The identificationValue to set -// */ -// public void setIdentificationValue(String identificationValue) { -// this.identificationValue = identificationValue; -// } -// -// /** -// * Sets the identificationType. -// * @param identificationType The identificationType to set -// */ -// public void setIdentificationType(String identificationType) { -// this.identificationType = identificationType; -// } -// -// /** -// * Sets the issuer. -// * @param issuer The issuer to set -// */ -// public void setIssuer(String issuer) { -// this.issuer = issuer; -// } -// -// /** -// * Sets the bkuURL -// * @param url The BKU URL to set -// */ -// public void setBkuURL(String url) { -// this.bkuURL = url; -// } -// -// public String getBPKType() { -// return bPKType; -// } -// -// public void setBPKType(String bPKType) { -// this.bPKType = bPKType; -// } -// - -// -// - -// -// -// public String getEIDASQAALevel() { -// if (this.QAALevel != null && -// this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) { -// String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel); -// if (MiscUtil.isNotEmpty(mappedQAA)) -// return mappedQAA; -// -// else { -// Logger.error("STORK QAA-level:" + this.QAALevel -// + " can not be mapped to eIDAS QAA-level! Use " -// + PVPConstants.EIDAS_QAA_LOW + " as default value."); -// return PVPConstants.EIDAS_QAA_LOW; -// -// } -// -// -// } else -// return this.QAALevel; -// -// } -// -// -// /** -// * @return -// */ -// public boolean isForeigner() { -// return this.foreigner; -// } -// -// -// /** -// * @param foreigner the foreigner to set -// */ -// public void setForeigner(boolean foreigner) { -// this.foreigner = foreigner; -// } -// -// - -// -// /** -// * @return the ssoSession -// */ -// public boolean isSsoSession() { -// return ssoSession; -// } -// -// -// /** -// * @param ssoSession the ssoSession to set -// */ -// public void setSsoSession(boolean ssoSession) { -// this.ssoSession = ssoSession; -// } -// -// /** -// * @return the mandateReferenceValue -// */ -// public String getMandateReferenceValue() { -// return mandateReferenceValue; -// } -// -// /** -// * @param mandateReferenceValue the mandateReferenceValue to set -// */ -// public void setMandateReferenceValue(String mandateReferenceValue) { -// this.mandateReferenceValue = mandateReferenceValue; -// } -// -// /** -// * CountryCode of the citizen which is identified and authenticated -// * -// * @return the CountryCode <pre>like. AT, SI, ...</pre> -// */ -// public String getCcc() { -// return ccc; -// } -// -// /** -// * @param ccc the ccc to set -// */ -// public void setCcc(String ccc) { -// this.ccc = ccc; -// } -// -// /** -// * @return the sessionIndex -// */ -// public String getSessionIndex() { -// return sessionIndex; -// } -// -// /** -// * @param sessionIndex the sessionIndex to set -// */ -// public void setSessionIndex(String sessionIndex) { -// this.sessionIndex = sessionIndex; -// } -// -// /* (non-Javadoc) -// * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID() -// */ -// @Override -// public String getNameID() { -// return this.nameID; -// } -// -// /** -// * @param nameID the nameID to set -// */ -// public void setNameID(String nameID) { -// this.nameID = nameID; -// } -// -// /** -// * @return the nameIDFormat -// */ -// public String getNameIDFormat() { -// return nameIDFormat; -// } -// -// /** -// * @param nameIDFormat the nameIDFormat to set -// */ -// public void setNameIDFormat(String nameIDFormat) { -// this.nameIDFormat = nameIDFormat; -// } -// -//// /** -//// * @return the interfederatedSSOSession -//// */ -//// public boolean isInterfederatedSSOSession() { -//// return interfederatedSSOSession; -//// } -//// -//// /** -//// * @param interfederatedSSOSession the interfederatedSSOSession to set -//// */ -//// public void setInterfederatedSSOSession(boolean interfederatedSSOSession) { -//// this.interfederatedSSOSession = interfederatedSSOSession; -//// } -//// -//// /** -//// * @return the interfederatedIDP -//// */ -//// public String getInterfederatedIDP() { -//// return interfederatedIDP; -//// } -//// -//// /** -//// * @param interfederatedIDP the interfederatedIDP to set -//// */ -//// public void setInterfederatedIDP(String interfederatedIDP) { -//// this.interfederatedIDP = interfederatedIDP; -//// } -// -// /** -// * @return the ssoSessionValidTo -// */ -// public Date getSsoSessionValidTo() { -// return ssoSessionValidTo; -// } -// -// /** -// * @param ssoSessionValidTo the ssoSessionValidTo to set -// */ -// public void setSsoSessionValidTo(Date ssoSessionValidTo) { -// this.ssoSessionValidTo = ssoSessionValidTo; -// } -// -// /** -// * @return the encbPKList -// */ -// public List<String> getEncbPKList() { -// return encbPKList; -// } -// -// /** -// * @param encbPKList the encbPKList to set -// */ -// public void setEncbPKList(List<String> encbPKList) { -// this.encbPKList = encbPKList; -// } -// -// /** -// * @return the roles -// */ -// public List<AuthenticationRole> getAuthenticationRoles() { -//// if (this.roles == null) { -//// this.roles = new ArrayList<AuthenticationRole>(); -//// this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole")); -//// this.roles.add(new AuthenticationRole("yypvprole", "yypvprole")); -//// } -// -// return roles; -// } -// -// //ISA 1.18 attributes -// /** -// * @param roles the roles to set -// */ -// public void addAuthenticationRole(AuthenticationRole role) { -// if (this.roles == null) -// this.roles = new ArrayList<AuthenticationRole>(); -// -// this.roles.add(role); -// } -// -// /** -// * @return the pvpAttribute_OU -// */ -// public String getPvpAttribute_OU() { -// return pvpAttribute_OU; -// } -// -// /** -// * @param pvpAttribute_OU the pvpAttribute_OU to set -// */ -// public void setPvpAttribute_OU(String pvpAttribute_OU) { -// this.pvpAttribute_OU = pvpAttribute_OU; -// } -// -// /* (non-Javadoc) -// * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService() -// */ -// @Override -// public boolean isBaseIDTransferRestrication() { -// return isBaseIDTransferRestrication; -// } -// -// /** -// * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set -// */ -// public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) { -// this.isBaseIDTransferRestrication = isBaseIDTransferRestrication; -// } -// -// /** -// * Returns a generic data-object with is stored with a specific identifier -// * -// * @param key The specific identifier of the data object -// * @param clazz The class type which is stored with this key -// * @return The data object or null if no data is found with this key -// */ -// public <T> T getGenericData(String key, final Class<T> clazz) { -// if (MiscUtil.isNotEmpty(key)) { -// Object data = genericDataStorate.get(key); -// -// if (data == null) -// return null; -// -// try { -// @SuppressWarnings("unchecked") -// T test = (T) data; -// return test; -// -// } catch (Exception e) { -// Logger.warn("Generic authentication-data object can not be casted to requsted type", e); -// return null; -// -// } -// -// } -// -// Logger.warn("Can not load generic session-data with key='null'"); -// return null; -// -// } -// -// /** -// * Store a generic data-object to session with a specific identifier -// * -// * @param key Identifier for this data-object -// * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface -// * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage -// */ -// public void setGenericData(String key, Object object) throws SessionDataStorageException { -// if (MiscUtil.isEmpty(key)) { -// Logger.warn("Generic session-data can not be stored with a 'null' key"); -// throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null); -// -// } -// -// if (object != null) { -// if (!Serializable.class.isInstance(object)) { -// Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface"); -// throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null); -// -// } -// } -// -// if (genericDataStorate.containsKey(key)) -// Logger.debug("Overwrite generic data with key:" + key); -// else -// Logger.trace("Add generic data with key:" + key + " to session."); -// -// genericDataStorate.put(key, object); -// } + + + public boolean isIseIDNewDemoMode() { + return iseIDNewDemoMode; + } + + /** + * Set eID demo-mode into AuthData + * @param iseIDNewDemoMode true if it is in demo-mode, otherwise false + */ + public void setIseIDNewDemoMode(boolean iseIDNewDemoMode) { + this.iseIDNewDemoMode = iseIDNewDemoMode; + } + + public List<Pair<String, String>> getEncMandateNaturalPersonbPKList() { + if (this.encMandateNaturalPersonbPKList == null) + this.encMandateNaturalPersonbPKList = new ArrayList<Pair<String, String>>(); + + return this.encMandateNaturalPersonbPKList; + + } + + public void setEncMandateNaturalPersonbPKList(List<Pair<String, String>> encMandateNaturalPersonbPKList) { + this.encMandateNaturalPersonbPKList = encMandateNaturalPersonbPKList; + } + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index b5005d0c9..2b550f21e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -26,7 +26,6 @@ import java.util.Date; import java.util.Map; import java.util.Map.Entry; -import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -59,6 +58,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.CookieUtils; import at.gv.egovernment.moa.id.util.legacy.LegacyHelper; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -329,12 +329,12 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf } else { //check if IDP cookie is set - String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION); + String cookie = CookieUtils.getValueFromCookie(httpReq, SSOINTERFEDERATION); if (MiscUtil.isNotEmpty(cookie)) { Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie); moaReq.setRawDataToTransaction(DATAID_INTERFEDERATIOIDP_URL, cookie); - deleteCookie(httpReq, httpResp, SSOINTERFEDERATION); + CookieUtils.deleteCookie(httpReq, httpResp, SSOINTERFEDERATION); } } @@ -345,7 +345,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf } public void setInterfederationIDPCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String value) { - setCookie(httpReq, httpResp, SSOINTERFEDERATION, value, INTERFEDERATIONCOOKIEMAXAGE); + CookieUtils.setCookie(httpReq, httpResp, SSOINTERFEDERATION, value, INTERFEDERATIONCOOKIEMAXAGE); } @@ -443,7 +443,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf public String getSSOSessionID(HttpServletRequest httpReq) { - return getValueFromCookie(httpReq, SSOCOOKIE); + return CookieUtils.getValueFromCookie(httpReq, SSOCOOKIE); } @@ -510,43 +510,43 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf private void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) { - setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1); + CookieUtils.setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1); } private void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) { - deleteCookie(httpReq, httpResp, SSOCOOKIE); + CookieUtils.deleteCookie(httpReq, httpResp, SSOCOOKIE); } - private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) { - Cookie[] cookies = httpReq.getCookies(); - - if (cookies != null) { - for (Cookie cookie : cookies) { - if (cookie.getName().equals(cookieName)) { - return cookie.getValue(); - } - } - } - return null; - } - - private void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, - String cookieName, String cookieValue, int maxAge) { - - Cookie cookie = new Cookie(cookieName, cookieValue); - cookie.setMaxAge(maxAge); - cookie.setSecure(true); - cookie.setHttpOnly(true); - cookie.setPath(httpReq.getContextPath()); - - httpResp.addCookie(cookie); - } - - private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) { - setCookie(httpReq, httpResp, cookieName, "", 0); - - } +// private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) { +// Cookie[] cookies = httpReq.getCookies(); +// +// if (cookies != null) { +// for (Cookie cookie : cookies) { +// if (cookie.getName().equals(cookieName)) { +// return cookie.getValue(); +// } +// } +// } +// return null; +// } +// +// private void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, +// String cookieName, String cookieValue, int maxAge) { +// +// Cookie cookie = new Cookie(cookieName, cookieValue); +// cookie.setMaxAge(maxAge); +// cookie.setSecure(true); +// cookie.setHttpOnly(true); +// cookie.setPath(httpReq.getContextPath()); +// +// httpResp.addCookie(cookie); +// } +// +// private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) { +// setCookie(httpReq, httpResp, cookieName, "", 0); +// +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java new file mode 100644 index 000000000..c5a8d88b7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java @@ -0,0 +1,56 @@ + +package at.gv.egovernment.moa.id.protocols.builder.attributes; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; + +@PVPMETADATA +public class BPKListAttributeBuilder extends BPKAttributeBuilder implements IPVPAttributeBuilder { + + private static final Logger log = LoggerFactory.getLogger(BPKListAttributeBuilder.class); + + public static final String DELIMITER_BPK_LIST = ";"; + public static final String LIST_ELEMENT_START = "("; + public static final String LIST_ELEMENT_END = ")"; + + public String getName() { + return BPK_LIST_NAME; + } + + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + String result = LIST_ELEMENT_START + getBpkForSP(authData) + LIST_ELEMENT_END; + + //add additional bPKs if someone are available + if (authData.getAdditionalbPKs() != null && !authData.getAdditionalbPKs().isEmpty()) { + log.info("Adding additional bPKs into bPK attribute"); + for (Pair<String, String> el : authData.getAdditionalbPKs()) { + result += DELIMITER_BPK_LIST + + LIST_ELEMENT_START + + removeBpkTypePrefix(el.getSecond()) + + DELIMITER_BPKTYPE_BPK + + attrMaxSize(el.getFirst()) + + LIST_ELEMENT_END; + + } + log.trace("Authenticate user with bPK-List: " + result); + } + + log.trace("Authenticate user with bPK/wbPK: " + result); + return g.buildStringAttribute(BPK_LIST_FRIENDLY_NAME, BPK_LIST_NAME, result); + } + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(BPK_LIST_FRIENDLY_NAME, BPK_LIST_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java index 139bb15cc..a1a5825b3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java @@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@Deprecated @PVPMETADATA public class EIDAuthBlock implements IPVPAttributeBuilder { @@ -49,6 +50,13 @@ public class EIDAuthBlock implements IPVPAttributeBuilder { try { if (authData instanceof IMOAAuthData) { + + if (((IMOAAuthData)authData).isIseIDNewDemoMode()) { + Logger.info(EID_AUTH_BLOCK_FRIENDLY_NAME + " is NOT available in Austrian eID demo-mode"); + throw new UnavailableAttributeException(EID_AUTH_BLOCK_NAME); + + } + String authblock = ((IMOAAuthData)authData).getAuthBlock(); if (MiscUtil.isNotEmpty(authblock)) { return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java index 44043ec40..bf7187e51 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java @@ -28,6 +28,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.logging.Logger; @@ -35,6 +36,8 @@ import at.gv.egovernment.moa.logging.Logger; @PVPMETADATA public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder { + public static final String DELIMITER_ENCBPK_TARGET = "|"; + public String getName() { return ENC_BPK_LIST_NAME; } @@ -45,12 +48,22 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder { if (authData instanceof IMOAAuthData) { if (((IMOAAuthData)authData).getEncbPKList() != null && ((IMOAAuthData)authData).getEncbPKList().size() > 0) { - String value = ((IMOAAuthData)authData).getEncbPKList().get(0); - for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++) - value += ";"+((IMOAAuthData)authData).getEncbPKList().get(i); + Pair<String, String> value = ((IMOAAuthData)authData).getEncbPKList().get(0); + String result = BPKListAttributeBuilder.LIST_ELEMENT_START + + value.getSecond() + DELIMITER_ENCBPK_TARGET + value.getFirst() + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++) { + Pair<String, String> el = ((IMOAAuthData)authData).getEncbPKList().get(i); + result += BPKListAttributeBuilder.DELIMITER_BPK_LIST + + BPKListAttributeBuilder.LIST_ELEMENT_START + + el.getSecond() + DELIMITER_ENCBPK_TARGET + el.getFirst() + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + } return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, - value); + result); } @@ -59,16 +72,6 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder { throw new UnavailableAttributeException(ENC_BPK_LIST_NAME); -// String encbpk = "XXX01234567890XXX"; -// String type = "Bereich"; -// String vkz = "Verfahrenskennzeichen"; -// -// //TODO: implement encrypted bPK support -// -// Logger.trace("Authenticate user with encrypted bPK " + vkz + "+" + type + "|" + encbpk); -// -// return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, -// vkz + "+" + type + "|" + encbpk); } public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java index a40c0fefb..fb101467a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java @@ -48,8 +48,16 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeBuilderException { - if (authData instanceof IMOAAuthData) { + if (authData instanceof IMOAAuthData) { if (((IMOAAuthData)authData).isUseMandate()) { + + if (((IMOAAuthData)authData).isIseIDNewDemoMode()) { + Logger.info(MANDATE_FULL_MANDATE_FRIENDLY_NAME + " is NOT available in Austrian eID demo-mode"); + return null; + + } + + //only provide full mandate if it is included. //In case of federation only a short mandate could be include if (((IMOAAuthData)authData).getMandate() != null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java index f67f79dcf..4d41cc19b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java @@ -22,11 +22,13 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; +import org.apache.commons.lang3.StringUtils; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; @@ -36,9 +38,9 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; @@ -57,42 +59,10 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeBuilderException { try { - Pair<String, String> calcResult = internalBPKGenerator((IOAAuthParameters)oaParam, authData); - if (calcResult != null) { - String bpk = calcResult.getFirst(); - String type = calcResult.getSecond(); - - if (MiscUtil.isEmpty(bpk)) - throw new UnavailableAttributeException(BPK_NAME); - - if (type != null) { - if (type.startsWith(Constants.URN_PREFIX_WBPK)) - type = type.substring((Constants.URN_PREFIX_WBPK + "+").length()); - - else if (type.startsWith(Constants.URN_PREFIX_CDID)) - type = type.substring((Constants.URN_PREFIX_CDID + "+").length()); - - else if (type.startsWith(Constants.URN_PREFIX_EIDAS)) - type = type.substring((Constants.URN_PREFIX_EIDAS + "+").length()); - - } else { - Logger.debug("bPK type is 'null' --> use it as it is"); - - } - - if (bpk.length() > BPK_MAX_LENGTH) { - bpk = bpk.substring(0, BPK_MAX_LENGTH); - } - - Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type); - - if (type != null) - return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, type + ":" + bpk); - else - return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, bpk); - - } - + String bPKResult = getBpkAttributeStringForSP(oaParam, authData); + if (StringUtils.isNoneEmpty(bPKResult)) + return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, bPKResult); + } catch (BuildException | ConfigurationException | EAAFBuilderException e) { Logger.error("Failed to generate IdentificationType"); @@ -103,12 +73,109 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui return null; } - + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME); } - protected Pair<String, String> internalBPKGenerator(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException { + protected Pair<String, String> getBpkForSp(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException { + Pair<String, String> baseId = getBaseIdFromMandate(oaParam, authData); + Pair<String, String> bPKResult = null; + + if (baseId != null) { + if (baseId.getSecond() != null && baseId.getSecond().equals(Constants.URN_PREFIX_BASEID)) + bPKResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(baseId.getFirst(), + oaParam.getAreaSpecificTargetIdentifier()); + else { + Logger.debug("No BaseId target in mandate. Use it as it is ... "); + bPKResult = Pair.newInstance(baseId.getFirst(), null); + + } + } + + return bPKResult; + + } + + + /** + * Generate the bPK String for this specific SP + * + * @param oaParam + * @param authData + * @return + * @throws UnavailableAttributeException + * @throws EAAFBuilderException + * @throws ConfigurationException + * @throws BuildException + * @throws NoMandateDataAttributeException + */ + protected String getBpkAttributeStringForSP(ISPConfiguration oaParam, IAuthData authData) throws UnavailableAttributeException, EAAFBuilderException, NoMandateDataAttributeException, BuildException, ConfigurationException { + Pair<String, String> bPKResult = getBpkForSp(oaParam, authData); + if (bPKResult != null) { + String bpk = bPKResult.getFirst(); + String type = bPKResult.getSecond(); + + if (MiscUtil.isEmpty(bpk)) + throw new UnavailableAttributeException(BPK_NAME); + + if (type != null) + type = removeBpkTypePrefix(type); + else + Logger.debug("bPK type is 'null' --> use it as it is"); + + bpk = attrMaxSize(bpk); + + Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type); + + if (type != null) + return type + BPKAttributeBuilder.DELIMITER_BPKTYPE_BPK + bpk; + else + return bpk; + + } + + return null; + + } + + + /** + * Limit the attribute value to maximum size + * + * @param attr + * @return + */ + protected String attrMaxSize(String attr) { + if (attr != null && attr.length() > BPK_MAX_LENGTH) { + attr = attr.substring(0, BPK_MAX_LENGTH); + } + return attr; + + } + + /** + * Remove bPKType prefix if available + * + * @param type + * @return + */ + protected String removeBpkTypePrefix(String type) { + if (type.startsWith(EAAFConstants.URN_PREFIX_WBPK)) + return type.substring((EAAFConstants.URN_PREFIX_WBPK).length()); + + else if (type.startsWith(EAAFConstants.URN_PREFIX_CDID)) + return type.substring((EAAFConstants.URN_PREFIX_CDID).length()); + + else if (type.startsWith(EAAFConstants.URN_PREFIX_EIDAS)) + return type.substring((EAAFConstants.URN_PREFIX_EIDAS).length()); + + else + return type; + + } + + protected Pair<String, String> getBaseIdFromMandate(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException { //get PVP attribute directly, if exists Pair<String, String> calcResult = null; if (authData instanceof IMOAAuthData) { @@ -136,13 +203,8 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui Logger.info("Failed to generate IdentificationType"); throw new NoMandateDataAttributeException(); } - - - if (id.getType().equals(Constants.URN_PREFIX_BASEID)) - calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(), - oaParam.getAreaSpecificTargetIdentifier()); - else - calcResult = Pair.newInstance(id.getValue().getValue(), id.getType()); + + calcResult = Pair.newInstance(id.getValue().getValue(), id.getType()); } else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java new file mode 100644 index 000000000..fd00e2f61 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java @@ -0,0 +1,83 @@ + +package at.gv.egovernment.moa.id.protocols.builder.attributes; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; + +@PVPMETADATA +public class MandateNaturalPersonBPKListAttributeBuilder extends MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_BPK_LIST_NAME; + } + + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + + try { + String result = getBpkAttributeStringForSP(oaParam, authData); + + if (result != null) { + result = BPKListAttributeBuilder.LIST_ELEMENT_START + result + BPKListAttributeBuilder.LIST_ELEMENT_END; + + //add additional bPKs if someone are available + if (authData.getAdditionalbPKs() != null && !authData.getAdditionalbPKs().isEmpty()) { + Logger.info("Additional bPKs available. Calculate additional bPKs for mandate ... "); + Pair<String, String> baseId = getBaseIdFromMandate(oaParam, authData); + if (baseId != null && StringUtils.isNotEmpty(baseId.getSecond()) + && baseId.getSecond().equals(Constants.URN_PREFIX_BASEID)) { + for (Pair<String, String> el : authData.getAdditionalbPKs()) { + + Pair<String, String> addBpk = + new BPKBuilder().generateAreaSpecificPersonIdentifier( + baseId.getFirst(), + el.getSecond()); + + Logger.trace("Calculate bPK with " + addBpk.toString()); + + result += BPKListAttributeBuilder.DELIMITER_BPK_LIST + + BPKListAttributeBuilder.LIST_ELEMENT_START + + removeBpkTypePrefix(addBpk.getSecond()) + + BPKAttributeBuilder.DELIMITER_BPKTYPE_BPK + + attrMaxSize(addBpk.getFirst()) + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + } + } + } + + Logger.trace("Authenticate user with List of bPK/wbPK: " + result + " for mandate"); + return g.buildStringAttribute(MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_LIST_NAME, result); + + } + + return null; + + } catch (BuildException | ConfigurationException | EAAFBuilderException e) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAttributeException(); + + } + + } + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_LIST_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java new file mode 100644 index 000000000..220ccd94e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java @@ -0,0 +1,62 @@ + +package at.gv.egovernment.moa.id.protocols.builder.attributes; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.data.IMOAAuthData; +import at.gv.egovernment.moa.logging.Logger; + +@PVPMETADATA +public class MandateNaturalPersonEncBPKListAttributeBuilder implements IPVPAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_ENC_BPK_LIST_NAME; + } + + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData) authData).isUseMandate()) { + if (((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList() != null && + ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().size() > 0) { + Pair<String, String> value = ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().get(0); + String result = BPKListAttributeBuilder.LIST_ELEMENT_START + + value.getSecond() + EncryptedBPKAttributeBuilder.DELIMITER_ENCBPK_TARGET + value.getFirst() + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + for (int i=1; i<((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().size(); i++) { + Pair<String, String> el = ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().get(i); + result += BPKListAttributeBuilder.DELIMITER_BPK_LIST + + BPKListAttributeBuilder.LIST_ELEMENT_START + + el.getSecond() + EncryptedBPKAttributeBuilder.DELIMITER_ENCBPK_TARGET + el.getFirst() + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + } + + return g.buildStringAttribute(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_ENC_BPK_LIST_NAME, + result); + + } + + } else + Logger.trace(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME + " is only availabe if mandates are used"); + + } else + Logger.info(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME + " is only available in MOA-ID context"); + + throw new UnavailableAttributeException(MANDATE_NAT_PER_ENC_BPK_LIST_NAME); + + } + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_ENC_BPK_LIST_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java index 32b45a595..88648b56e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java @@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.No import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; +@Deprecated @PVPMETADATA public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttributeBuilder { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java index 90a0d61c9..223994e6e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java @@ -38,6 +38,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.No import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; +@Deprecated @PVPMETADATA public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAttributeBuilder { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java index e3b58d259..5daa71b1f 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java @@ -20,7 +20,7 @@ * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ -package at.gv.egovernment.moa.id.auth.modules.eidas.utils; +package at.gv.egovernment.moa.id.protocols.builder.attributes; import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; @@ -28,7 +28,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; * @author tlenz * */ -public class SimpleEidasAttributeGenerator implements IAttributeGenerator<String> { +public class SimpleStringAttributeGenerator implements IAttributeGenerator<String> { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildStringAttribute(java.lang.String, java.lang.String, java.lang.String) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index 1fa17c683..4fc37d88f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -145,7 +145,9 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider { try { //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( - PVPConstants.SSLSOCKETFACTORYNAME, + PVPConstants.SSLSOCKETFACTORYNAME, + moaAuthConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), moaAuthConfig.getTrustedCACertificates(), null, AuthConfiguration.DEFAULT_X509_CHAININGMODE, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java index d7ada1f36..bd908f894 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java @@ -75,7 +75,9 @@ public class MOASAMLSOAPClient { //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 SecureProtocolSocketFactory sslprotocolsocketfactory = new MOAHttpProtocolSocketFactory( - PVPConstants.SSLSOCKETFACTORYNAME, + PVPConstants.SSLSOCKETFACTORYNAME, + AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(), null, AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(), diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java index 8d36e81bb..df43316ca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java @@ -36,7 +36,7 @@ import org.springframework.dao.DataAccessException; import org.springframework.data.redis.core.RedisOperations; import org.springframework.data.redis.core.RedisTemplate; import org.springframework.data.redis.core.SessionCallback; -import org.springframework.data.redis.serializer.JacksonJsonRedisSerializer; +import org.springframework.data.redis.serializer.RedisSerializer; import org.springframework.stereotype.Service; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; @@ -58,7 +58,7 @@ public class RedisTransactionStorage implements ITransactionStorage { protected AuthConfiguration authConfig; @Autowired - private JacksonJsonRedisSerializer assertionStoreSerializer; + private RedisSerializer<AssertionStore> assertionStoreSerializer; public RedisTemplate<String, Object> getTemplate(){ return this.redisTemplate; @@ -69,10 +69,11 @@ public class RedisTransactionStorage implements ITransactionStorage { } public boolean containsKey(String key) { + try { searchInDatabase(key); return true; - + } catch (MOADatabaseException e) { return false; } @@ -371,7 +372,7 @@ public void putRaw(String key, Object element) throws EAAFException { + " found. Process gets stopped."); } - redisTemplate.opsForValue().set(as.getArtifact(), new String(assertionStoreSerializer.serialize(element)),expTime,TimeUnit.MILLISECONDS); + redisTemplate.opsForValue().set(as.getArtifact(), new String(assertionStoreSerializer.serialize(as)),expTime,TimeUnit.MILLISECONDS); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java new file mode 100644 index 000000000..21cbd574f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java @@ -0,0 +1,37 @@ +package at.gv.egovernment.moa.id.util; + +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +public class CookieUtils { + public static String getValueFromCookie(HttpServletRequest httpReq, String cookieName) { + Cookie[] cookies = httpReq.getCookies(); + + if (cookies != null) { + for (Cookie cookie : cookies) { + if (cookie.getName().equals(cookieName)) { + return cookie.getValue(); + } + } + } + return null; + } + + public static void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, + String cookieName, String cookieValue, int maxAge) { + + Cookie cookie = new Cookie(cookieName, cookieValue); + cookie.setMaxAge(maxAge); + cookie.setSecure(true); + cookie.setHttpOnly(true); + cookie.setPath(httpReq.getContextPath()); + + httpResp.addCookie(cookie); + } + + public static void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) { + setCookie(httpReq, httpResp, cookieName, "", 0); + + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index 611dff3b1..6bf44a527 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -61,6 +61,7 @@ import javax.net.ssl.SSLSocketFactory; import org.apache.regexp.RE; import org.apache.regexp.RESyntaxException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider; import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; @@ -93,6 +94,10 @@ public class SSLUtils { ConfigurationProvider conf, String url ) throws IOException, GeneralSecurityException, ConfigurationException, PKIException { + boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, + false); + // else create new SSLSocketFactory String trustStoreURL = conf.getTrustedCACertificates(); @@ -107,6 +112,7 @@ public class SSLUtils { try { SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory( url, + useStandardJavaTrustStore, null, trustStoreURL, acceptedServerCertURL, @@ -148,6 +154,10 @@ public class SSLUtils { ConnectionParameterInterface connParam) throws IOException, GeneralSecurityException, ConfigurationException, PKIException { + boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, + false); + // else create new SSLSocketFactory String trustStoreURL = conf.getTrustedCACertificates(); @@ -162,6 +172,7 @@ public class SSLUtils { try { SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory( connParam.getUrl(), + useStandardJavaTrustStore, null, trustStoreURL, acceptedServerCertURL, diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index 14d4d9fb6..a10b9b3e0 100644 --- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder +++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -20,3 +20,6 @@ at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttri at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeOIDAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.HolderOfKey +at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder +at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder +at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml index 26fd1f986..02c683305 100644 --- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml +++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml @@ -106,6 +106,10 @@ class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask" scope="prototype"/> + <bean id="GenericFrontChannelRedirectTask" + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GenericFrontChannelRedirectTask" + scope="prototype"/> + <beans profile="advancedLogOn"> <bean id="StatisticLogger" class="at.gv.egovernment.moa.id.advancedlogging.StatisticLogger"/> diff --git a/id/server/idserverlib/src/main/resources/session.redis.beans.xml b/id/server/idserverlib/src/main/resources/session.redis.beans.xml index feda9b273..a352cf9ab 100644 --- a/id/server/idserverlib/src/main/resources/session.redis.beans.xml +++ b/id/server/idserverlib/src/main/resources/session.redis.beans.xml @@ -24,7 +24,8 @@ p:port="${redis.port}"/> <bean id="RedisStringSerializer" class="org.springframework.data.redis.serializer.StringRedisSerializer" /> - <bean id="assertionStoreSerializer" class="org.springframework.data.redis.serializer.JacksonJsonRedisSerializer"> + + <bean id="assertionStoreSerializer" class="org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer"> <constructor-arg type="java.lang.Class" value="at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore"/> </bean> diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java index 1ea057186..c3420d833 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java @@ -10,6 +10,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; @@ -72,14 +73,14 @@ public class AuthenticationDataBuilderTest { throw new Exception("bPKType wrong"); - List<String> foreignbPKs = authData.getEncbPKList(); + List<Pair<String, String>> foreignbPKs = authData.getEncbPKList(); if (foreignbPKs.isEmpty()) throw new Exception("NO foreign bPK list is null"); if (foreignbPKs.size() != 1) throw new Exception("NO or MORE THAN ONE foreign bPK"); - if (!foreignbPKs.get(0).startsWith("(wbpk+FN+195738a|") && !(foreignbPKs.get(0).endsWith(")"))) + if (!foreignbPKs.get(0).getSecond().equals("wbpk+FN+195738a") && !(foreignbPKs.get(0).getFirst().isEmpty())) throw new Exception("foreign bPK has wrong prefix"); } diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java index 61e765f55..bcbabae5b 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java @@ -346,5 +346,11 @@ public class DummyOAConfig implements IOAAuthParameters { public void setHasBaseIdTransferRestriction(boolean hasBaseIdTransferRestriction) { this.hasBaseIdTransferRestriction = hasBaseIdTransferRestriction; } + + @Override + public List<String> additionalbPKSectorsRequested() { + // TODO Auto-generated method stub + return null; + } } diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 55a7e7be9..7ec1ddf73 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -270,13 +270,13 @@ </dependency> - <dependency> + <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> - <artifactId>jackson-annotations</artifactId> + <artifactId>jackson-annotations</artifactId> </dependency> <dependency> diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java index a787cea00..4dd0a857f 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java @@ -11,6 +11,7 @@ import iaik.pki.revocation.RevocationSourceTypes; public interface AuthConfiguration extends ConfigurationProvider{ + public static final String PROP_KEY_SSL_USE_JVM_TRUSTSTORE = "configuration.ssl.useStandardJavaTrustStore"; public static final String PROP_KEY_SSL_HOSTNAME_VALIDATION = "configuration.ssl.validation.hostname"; public static final String PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION = "service.onlinemandates.ssl.validation.hostname"; public static final String PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER = "protocols.pvp2.metadata.entitycategories.active"; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java index 5df4a4163..00b39daec 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java @@ -22,7 +22,6 @@ */ package at.gv.egovernment.moa.id.commons.api; -import java.io.Serializable; import java.security.PrivateKey; import java.util.Collection; import java.util.List; @@ -235,4 +234,15 @@ public interface IOAAuthParameters extends ISPConfiguration{ */ public List<String> foreignbPKSectorsRequested(); + + /** + * Get a List of sectors for that this service provider requires additional unencrypted bPKs + * + * @return list of sectors, or null if no sectors are defined + */ + public List<String> additionalbPKSectorsRequested(); + + + + }
\ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java index 4555f61d2..4adff7f19 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java @@ -176,12 +176,25 @@ public class ConfigurationMigrationUtils { } } + //Austrian eID demo-mode + if (oa.getIseIDDemoModeActive() != null) + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, oa.getIseIDDemoModeActive().toString()); + else + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, Boolean.FALSE.toString()); + if (MiscUtil.isNotEmpty(oa.getForeignbPKTargetList())) result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, oa.getForeignbPKTargetList()); else result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, StringUtils.EMPTY); - + if (MiscUtil.isNotEmpty(oa.getAdditionalbPKTargetList())) + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS, oa.getAdditionalbPKTargetList()); + else + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS, StringUtils.EMPTY); + + + + //convert selected SZR-GW service if (MiscUtil.isNotEmpty(oa.getSelectedSZRGWServiceURL())) result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL, oa.getSelectedSZRGWServiceURL()); @@ -857,9 +870,19 @@ public class ConfigurationMigrationUtils { } } + //Austrian eID demo-mode + if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE))) + dbOA.setIseIDDemoModeActive(Boolean.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE))); + else + dbOA.setIseIDDemoModeActive(false); + if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN))) dbOA.setForeignbPKTargetList(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN)); + if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS))) + dbOA.setAdditionalbPKTargetList(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS)); + + //store BKU-URLs BKUURLS bkuruls = new BKUURLS(); authoa.setBKUURLS(bkuruls); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java index a6315fe2c..1be97c49d 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java @@ -64,6 +64,8 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { public static final String SERVICE_AUTH_TARGET_BUSINESS_TYPE = SERVICE_AUTH_TARGET_BUSINESS + ".type"; public static final String SERVICE_AUTH_TARGET_BUSINESS_VALUE = SERVICE_AUTH_TARGET_BUSINESS + ".value"; public static final String SERVICE_AUTH_TARGET_FOREIGN = SERVICE_AUTH_TARGET + ".foreign"; + public static final String SERVICE_AUTH_TARGET_ADDITIONAL_BPKS = SERVICE_AUTH_TARGET + ".additionalbPKs"; + public static final String SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE = AUTH + ".austrianeIDdemomode"; public static final String SERVICE_AUTH_TARGET_PUBLIC_TARGET = SERVICE_AUTH_TARGET_PUBLIC + ".target"; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java index e37873a72..510fd0581 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java @@ -115,10 +115,15 @@ public class OnlineApplication @XmlTransient protected String mandateServiceSelectionTemplateURL = null; - @XmlTransient + @XmlTransient protected String foreignbPKTargetList = null; + @XmlTransient + protected String additionalbPKTargetList = null; + @XmlTransient + protected Boolean iseIDDemoModeActive = false; + public String getForeignbPKTargetList() { return foreignbPKTargetList; @@ -128,6 +133,25 @@ public class OnlineApplication this.foreignbPKTargetList = foreignbPKTargetList; } + + + + public String getAdditionalbPKTargetList() { + return additionalbPKTargetList; + } + + public void setAdditionalbPKTargetList(String additionalbPKTargetList) { + this.additionalbPKTargetList = additionalbPKTargetList; + } + + public Boolean getIseIDDemoModeActive() { + return iseIDDemoModeActive; + } + + public void setIseIDDemoModeActive(Boolean iseIDDemoModeActive) { + this.iseIDDemoModeActive = iseIDDemoModeActive; + } + /** * @return the saml2PostBindingTemplateURL */ diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java index 4c6cd16c0..7114552b4 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java @@ -37,7 +37,6 @@ import javax.persistence.Table; import org.hibernate.annotations.DynamicUpdate; -import com.fasterxml.jackson.annotation.JsonCreator; @@ -57,7 +56,6 @@ public class AssertionStore implements Serializable{ - @JsonCreator public AssertionStore(){ } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java index 7121c4a2a..31c66376c 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java @@ -72,8 +72,9 @@ public class HttpClientWithProxySupport { String user = System.getProperty("http.proxyUser"); //$NON-NLS-1$ String pass = System.getProperty("http.proxyPassword"); //$NON-NLS-1$ if (MiscUtil.isNotEmpty(user) && pass != null) { - CredentialsProvider credsProvider = new BasicCredentialsProvider(); - credsProvider.setCredentials(new AuthScope(host, p), new UsernamePasswordCredentials(user, pass)); + CredentialsProvider proxyCredsProvider = new BasicCredentialsProvider(); + proxyCredsProvider.setCredentials(new AuthScope(host, p), new UsernamePasswordCredentials(user, pass)); + clientBuilder.setDefaultCredentialsProvider(proxyCredsProvider); } } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java index bdadf681d..6c8c092ed 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java @@ -34,7 +34,6 @@ import java.util.Arrays; import java.util.List; import javax.net.ssl.SSLException; -import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; @@ -51,7 +50,6 @@ import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moaspss.logging.Logger; import iaik.pki.PKIException; -import sun.security.ssl.ProtocolVersion; /** * @author tlenz @@ -77,14 +75,15 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory * @throws MOAHttpProtocolSocketFactoryException */ public MOAHttpProtocolSocketFactory ( - String url, + String url, + boolean useStandardJavaTrustStore, String trustStoreURL, String acceptedServerCertURL, String chainingMode, boolean checkRevocation, String[] revocationMethodOrder, boolean verifyHostName) throws MOAHttpProtocolSocketFactoryException { - internalInitialize(url, null, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder); + internalInitialize(url, useStandardJavaTrustStore, null, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder); this.verifyHostName = verifyHostName; @@ -103,26 +102,31 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory * @param verifyHostName Enables / Disables hostName verfication * @throws MOAHttpProtocolSocketFactoryException */ - public MOAHttpProtocolSocketFactory(String url, String certStoreDirectory, String trustStoreURL, + public MOAHttpProtocolSocketFactory(String url, boolean useStandardJavaTrustStore, + String certStoreDirectory, + String trustStoreURL, String acceptedServerCertURL, String chainingMode, boolean checkRevocation, String[] revocationMethodOrder, boolean verifyHostName) throws MOAHttpProtocolSocketFactoryException { - internalInitialize(url, certStoreDirectory, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder); + internalInitialize(url, useStandardJavaTrustStore, certStoreDirectory, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder); this.verifyHostName = verifyHostName; } - private void internalInitialize(String url, String certStoreDirectory, String trustStoreURL, + private void internalInitialize(String url, boolean useStandardJavaTrustStore, + String certStoreDirectory, + String trustStoreURL, String acceptedServerCertURL, String chainingMode, boolean checkRevocation, String[] revocationMethodOrder) throws MOAHttpProtocolSocketFactoryException { try { this.sslfactory = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory( - url, + url, + useStandardJavaTrustStore, certStoreDirectory, trustStoreURL, acceptedServerCertURL, diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java index e6efca4ea..8aaf94fad 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java @@ -108,8 +108,29 @@ public class SSLUtils { } } + /** + * Get SSLSocketFactory with TrustStore and KeyStore implementations + * + * @param url URL of the Service that should be connected + * @param useStandardJavaTrustStore Flag to use standard JVM truststore + * @param certStoreRootDirParam Path to certStore, if own truststore is used + * @param trustStoreURL Path to truststore, if own truststore is used + * @param acceptedServerCertURL Path to whitelist with EE-Server certificats, if own truststore is used + * @param chainingMode PKIX-Mode or Onion-Model for certificate validation, if own truststore is used + * @param checkRevocation Flag to activate or deactivate revocation checks, if own truststore is used + * @param revocationMethodOrder Revocation check order (CLR, OCSP), if own truststore is used + * @param clientKeyStoreURL Path to KeyStore for SSL Client-Authentication, or null + * @param clientKeyStorePassword KeyStore password + * @param clientKeyStoreType KeyStore type + * @return + * @throws IOException + * @throws GeneralSecurityException + * @throws SSLConfigurationException + * @throws PKIException + */ public static SSLSocketFactory getSSLSocketFactory( - String url, + String url, + boolean useStandardJavaTrustStore, String certStoreRootDirParam, String trustStoreURL, String acceptedServerCertURL, @@ -130,14 +151,19 @@ public class SSLUtils { return ssf; } - - TrustManager[] tms = getTrustManagers( - certStoreRootDirParam, - chainingMode, - trustStoreURL, - acceptedServerCertURL, - checkRevocation, - revocationMethodOrder); + + //initialize own trust-store implementation + TrustManager[] tms = null; + if (!useStandardJavaTrustStore) { + tms = getTrustManagers( + certStoreRootDirParam, + chainingMode, + trustStoreURL, + acceptedServerCertURL, + checkRevocation, + revocationMethodOrder); + + } KeyManager[] kms = getKeyManagers( clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java index 47abbf29a..b3655c0c0 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java @@ -398,8 +398,7 @@ public interface Constants { /* Prefix and Schema definition for eIDAS specific SAML2 extensions*/ public static final String SAML2_eIDAS_EXTENSIONS_PREFIX = "eidas"; public static final String SAML2_eIDAS_EXTENSIONS = "http://eidas.europa.eu/saml-extensions"; - public static final String SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION = SCHEMA_ROOT + "eIDAS_saml_extensions.xsd"; - + public static final String SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION = SCHEMA_ROOT + "eIDAS_saml_extensions.xsd"; /* Prefix and Schema for SAML2 Entity Attributes */ public static final String SAML2_MDATTR_EXTENSIONS_PREFIX = "mdattr"; diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java index 5cee90658..cd3f1f788 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java @@ -322,7 +322,9 @@ public class EidasCentralAuthMetadataProvider extends SimpleMetadataProvider try { //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( - PVPConstants.SSLSOCKETFACTORYNAME, + PVPConstants.SSLSOCKETFACTORYNAME, + moaAuthConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), moaAuthConfig.getTrustedCACertificates(), null, AuthConfiguration.DEFAULT_X509_CHAININGMODE, diff --git a/id/server/modules/moa-id-module-eIDAS/.gitignore b/id/server/modules/moa-id-module-eIDAS/.gitignore new file mode 100644 index 000000000..b83d22266 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/.gitignore @@ -0,0 +1 @@ +/target/ diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index cf3325d24..5f4192645 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -12,11 +12,13 @@ <properties> <repositoryPath>${basedir}/../../../../repository</repositoryPath> - <eidas-commons.version>1.4.0</eidas-commons.version> - <eidas-light-commons.version>1.4.0</eidas-light-commons.version> - <eidas-saml-engine.version>1.4.0</eidas-saml-engine.version> - <eidas-encryption.version>1.4.0</eidas-encryption.version> - <eidas-configmodule.version>1.4.0</eidas-configmodule.version> + <eidas-commons.version>1.4.3</eidas-commons.version> + <eidas-light-commons.version>1.4.3</eidas-light-commons.version> + <eidas-saml-engine.version>1.4.3</eidas-saml-engine.version> + <eidas-encryption.version>1.4.3</eidas-encryption.version> + <eidas-configmodule.version>1.4.3</eidas-configmodule.version> + + <eID4U.module.version>0.2</eID4U.module.version> </properties> @@ -48,18 +50,48 @@ <groupId>MOA.id.server</groupId> <artifactId>moa-id-lib</artifactId> </dependency> + + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-modul-citizencard_authentication</artifactId> + <exclusions> + <exclusion> + <groupId>*</groupId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-openID</artifactId> + <exclusions> + <exclusion> + <groupId>*</groupId> + </exclusion> + </exclusions> + </dependency> <dependency> - <groupId>org.springframework</groupId> - <artifactId>spring-test</artifactId> - <scope>test</scope> - </dependency> - - <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - <scope>test</scope> - </dependency> + <groupId>eu.eidas.extension.eID4U</groupId> + <artifactId>eID4U_commons</artifactId> + <version>${eID4U.module.version}</version> + </dependency> + + <dependency> + <groupId>com.google.code.findbugs</groupId> + <artifactId>jsr305</artifactId> + <version>3.0.1</version> + </dependency> + + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-test</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <scope>test</scope> + </dependency> <!-- eidas Commons --> <dependency> diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java new file mode 100644 index 000000000..d3aa7b4a0 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java @@ -0,0 +1,94 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidas; + + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl; +import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class AustrianAuthWitheID4UAuthenticationModulImpl extends DefaultCitizenCardAuthModuleImpl { + + private int priority = 1; + + @Autowired private IRequestStorage requestStore; + + + @Override + public int getPriority() { + return priority; + } + + /** + * Sets the priority of this module. Default value is {@code 0}. + * @param priority The priority. + */ + public void setPriority(int priority) { + this.priority = priority; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) + */ + @Override + public String selectProcess(ExecutionContext context) { + String selectedProcessID = super.selectProcess(context); + if (MiscUtil.isNotEmpty(selectedProcessID)) { + String pendingReqId = (String)context.get(EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID); + + if (StringUtils.isEmpty(pendingReqId)) + Logger.warn("Process execution context contains NO 'pendingReqId'. Looks very suspect!"); + + else { + IRequest pendingReq = requestStore.getPendingRequest(pendingReqId); + if (pendingReq != null && pendingReq instanceof EIDASData) { + return "eID4UAttributCollectionAuthentication"; + + } + } + } + + return selectedProcessID; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:eid4u.Authentication.process.xml" }; + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java new file mode 100644 index 000000000..c8c65ce76 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java @@ -0,0 +1,61 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; +import at.gv.egovernment.moa.id.util.CookieUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +@Controller +public class eID4UAPSignalServlet extends AbstractProcessEngineSignalController { + + public eID4UAPSignalServlet() { + Logger.debug("Registering servlet " + getClass().getName() + + " with mappings '"+ eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN + "'."); + + } + + @RequestMapping(value = {eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN }, + method = {RequestMethod.POST, RequestMethod.GET}) + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + signalProcessManagement(req, resp); + } + + @Override + /** + * Protocol specific implementation to get the pending-requestID + * from http request object + * + * @param request The http Servlet-Request object + * @return The Pending-request id + * + */ + public String getPendingRequestId(HttpServletRequest request) { + String pendigReqId = super.getPendingRequestId(request); + + if (MiscUtil.isEmpty(pendigReqId)) { + Logger.trace("No 'pendingReqID', seach for 'state' parameter in eID4U use-case ... "); + pendigReqId = request.getParameter(OAuth20Constants.PARAM_STATE); + if (MiscUtil.isEmpty(pendigReqId)) { + Logger.trace("No 'pendingReqID', seach HTTP-Cookie in eID4U use-case ... "); + pendigReqId = CookieUtils.getValueFromCookie(request, eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME); + if (MiscUtil.isEmpty(pendigReqId)) + Logger.info("NO eID4U cookie or 'state' parameter with pendingReqId."); + + } + } + + return pendigReqId; + + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java new file mode 100644 index 000000000..45eb161d3 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java @@ -0,0 +1,25 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas; + +public class eID4UConstants { + + //configuration parameter + public static final String CONFIG_PROPS_AP_CONSENT_ENTITYID = "moa.id.protocols.eIDAS.eID4U.AP.consent.entityID"; + public static final String CONFIG_PROPS_AP_CONSENT_URL = "moa.id.protocols.eIDAS.eID4U.AP.consent.url"; + public static final String CONFIG_PROPS_AP_SCOPES = "moa.id.protocols.eIDAS.eID4U.AP.scopes.full"; + public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_URL = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.url"; + public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_PARAM_GRANTTYPE = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.param.granttype"; + public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_USERNAME = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.username"; + public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_PASSWORD = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.password"; + public static final String CONFIG_PROPS_AP_DATASERVICE_URL = "moa.id.protocols.eIDAS.eID4U.AP.dataservice.url"; + + //session parameter + public static final String HTTP_TRANSACTION_COOKIE_NAME = "eID4APTransactionId"; + public static final String HTTP_ENDPOINT_AP_CONSENT_RETURN = "/eidas/eid4u/resume"; + + //process context + public static final String PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS = "collecteID4UAttr"; + public static final String PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER = "eID4UAttrProvbPK"; + + + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java new file mode 100644 index 000000000..69cc131ff --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java @@ -0,0 +1,239 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; + +import org.apache.commons.lang3.StringUtils; + +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; + +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moaspss.logging.Logger; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; + +public class AttributeScopeMapper { + + private static AttributeScopeMapper instance = null; + + public static final String Scope_Delimiter = " "; + + public static final String Citizenship = "ANY@tugraz.idm.attr.Citizenship"; + public static final String CityOfBirth = "ANY@tugraz.idm.attr.CityOfBirth"; + public static final String CountryOfBirth = "ANY@tugraz.idm.attr.CountryOfBirth"; + public static final String CurrentDegreeName = "ANY@tugraz.idm.attr.CurrentDegreeName"; + public static final String CurrentFieldOfStudy = "ANY@tugraz.idm.attr.CurrentFieldOfStudy"; + public static final String CurrentLevelOfStudy = "ANY@tugraz.idm.attr.CurrentLevelOfStudy"; + public static final String EmailStud = "ANY@tugraz.idm.attr.EmailStud"; + public static final String Gender = "ANY@tugraz.idm.attr.Gender"; + public static final String HomeInstitutionName = "ANY@tugraz.idm.attr.HomeInstitutionName"; + public static final String HomeInstitutionCountry = "ANY@tugraz.idm.attr.HomeInstitutionCountry"; + + public static final String HomeInstitutionAddressCountryCode = "ANY@tugraz.idm.attr.HomeInstitutionAddressCountryCode"; + public static final String HomeInstitutionAddressPostalCode = "ANY@tugraz.idm.attr.HomeInstitutionAddressPostalCode"; + public static final String HomeInstitutionAddressStreet = "ANY@tugraz.idm.attr.HomeInstitutionAddressStreet"; + public static final String HomeInstitutionAddressCity = "ANY@tugraz.idm.attr.HomeInstitutionAddressCity"; + + public static final String PermanentAddressCity = "ANY@tugraz.idm.attr.PermanentAddressCity"; + public static final String PermanentAddressCountryCode = "ANY@tugraz.idm.attr.PermanentAddressCountryCode"; + public static final String PermanentAddressPostalCode = "ANY@tugraz.idm.attr.PermanentAddressPostalCode"; + public static final String PermanentAddressStreet = "ANY@tugraz.idm.attr.PermanentAddressStreet"; + + public static final String StudyAddressCity = "ANY@tugraz.idm.attr.StudyAddressCity"; + public static final String StudyAddressCountryCode = "ANY@tugraz.idm.attr.StudyAddressCountryCode"; + public static final String StudyAddressPostalCode = "ANY@tugraz.idm.attr.StudyAddressPostalCode"; + public static final String StudyAddressStreet = "ANY@tugraz.idm.attr.StudyAddressStreet"; + + private static List<String> complexeScopes = new ArrayList<String>(); + + private static final Map<String, String> eIDASToScopes = Collections.unmodifiableMap(new HashMap<String,String>() { + private static final long serialVersionUID = 1L; + { + put(Definitions.CITIZENSHIP_NAME, Citizenship); + put(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PLACE_OF_BIRTH.getNameUri().toString(), + CityOfBirth); + put(Definitions.COUNTRYOFBIRTH_NAME, CountryOfBirth); + put(Definitions.CURRENTDEGREE_NAME, CurrentDegreeName); + put(Definitions.FIELDOFSTUDY_NAME, CurrentFieldOfStudy); + put(Definitions.CURRENTLEVELOFSTUDY_NAME, CurrentLevelOfStudy); + put(Definitions.EMAIL_NAME, EmailStud); + put(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.GENDER.getNameUri().toString(), + Gender); + put(Definitions.HOMEINSTITUTIONNAME_NAME, HomeInstitutionName); + put(Definitions.HOMEINSTITUTIONCOUNTRY_NAME, HomeInstitutionCountry); + + put(Definitions.HOMEINSTITUTIONADDRESS_NAME, + HomeInstitutionAddressCountryCode + Scope_Delimiter + + HomeInstitutionAddressPostalCode + Scope_Delimiter + + HomeInstitutionAddressStreet + Scope_Delimiter + + HomeInstitutionAddressCity); + put(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), + PermanentAddressCity + Scope_Delimiter + + PermanentAddressCountryCode + Scope_Delimiter + + PermanentAddressPostalCode + Scope_Delimiter + + PermanentAddressStreet); + put(Definitions.TEMPORARYADDRESS_NAME, + StudyAddressCity + Scope_Delimiter + + StudyAddressCountryCode + Scope_Delimiter + + StudyAddressPostalCode + Scope_Delimiter + + StudyAddressStreet); + + } + }); + + private static Map<String, String> scopesToeIDAS = Collections.unmodifiableMap(new HashMap<String,String>() { + private static final long serialVersionUID = 1L; + { + Iterator<Entry<String, String>> it = eIDASToScopes.entrySet().iterator(); + while (it.hasNext()) { + Entry<String, String> el = it.next(); + String[] value = el.getValue().split(Scope_Delimiter); + if (value.length == 1) + put(el.getValue(), el.getKey()); + + else { + for (String i : value) { + put(i, el.getKey()); + complexeScopes.add(i); + + } + } + } + } + }); + + + + + public static AttributeScopeMapper getInstance() { + if (instance == null) { + instance = new AttributeScopeMapper(); + + } + + return instance; + } + + /** + * Map a eID4U attribute-name into a TUG Scope + * + * @param eID4UAttributeName eID4U attribute-name + * @return TUG Scope + */ + public String getTUGScopesForAttribute(String eID4UAttributeName) { + if (eIDASToScopes.containsKey(eID4UAttributeName)) + return eIDASToScopes.get(eID4UAttributeName); + + else { + Logger.info("eID4U attribute '" + eID4UAttributeName + "' CAN NOT provides from TUG"); + return StringUtils.EMPTY; + + } + + } + + /** + * Map a TUG Scope into an eID4u attribute-name + * + * @param scope TUG scope + * @return eID4u attribute name + */ + public String geteIDASAttrFromScope(String scope) { + return scopesToeIDAS.get(scope); + + } + + /** + * Check if an TUG scope is part of a complex eID4u attribute + * + * @param scope TUG scope + * @return true if scope is part of a complex attribute, otherwise false + */ + public boolean isComplexeScope(String scope) { + return complexeScopes.contains(scope); + + } + + /** + * Convert the TUG Attribute-provider response into a Map<attributeName, attributeValue> of eID4U attributes + * + * + * @param jsonObject TUG AP response + * @return Map of eID4U attributes, but never null + */ + public Map<String, Object> populateEid4uAttributesFromTugResponse(JsonObject jsonObject) { + Map<String, Object> result = new HashMap<String, Object>(); + Map<String, String> complexAttr = new HashMap<String, String>(); + + Iterator<Entry<String, JsonElement>> it = jsonObject.entrySet().iterator(); + while (it.hasNext()) { + Entry<String, JsonElement> el = it.next(); + String key = el.getKey(); + + Logger.trace("Starting TUG scrope mapping for: " + key + " ... "); + String eIDASAttr = AttributeScopeMapper.getInstance().geteIDASAttrFromScope(key); + if (StringUtils.isNotEmpty(eIDASAttr)) { + if (!AttributeScopeMapper.getInstance().isComplexeScope(key)) { + Logger.debug("Map simple TUG scope: " + key + " to eIDAS attribute: " + eIDASAttr); + result.put(eIDASAttr, el.getValue().getAsString()); + + } else { + Logger.trace("Find complex TUG scope: " + key); + complexAttr.put(eIDASAttr, null); + + } + + } else + Logger.info("Can NOT map TUG scope: " + key + " to any eID4U attribute"); + + } + + //TODO: can only Map address attributes + Iterator<String> complIt = complexAttr.keySet().iterator(); + while(complIt.hasNext()) { + String attr = complIt.next(); + + eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress.Builder address = PostalAddress.builder(); + if (Definitions.HOMEINSTITUTIONADDRESS_NAME.equals(attr)) { + address.postCode(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressPostalCode).getAsString()); + address.postName(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressCity).getAsString()); + address.cvAddressArea(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressStreet).getAsString()); + address.thoroughfare(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressStreet).getAsString()); + result.put(attr, address.build()); + + } else if (Definitions.TEMPORARYADDRESS_NAME.equals(attr)) { + address.postCode(jsonObject.get(AttributeScopeMapper.StudyAddressPostalCode).getAsString()); + address.postName(jsonObject.get(AttributeScopeMapper.StudyAddressCity).getAsString()); + address.cvAddressArea(jsonObject.get(AttributeScopeMapper.StudyAddressStreet).getAsString()); + address.thoroughfare(jsonObject.get(AttributeScopeMapper.StudyAddressStreet).getAsString()); + result.put(attr, address.build()); + + } else if (eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString().equals(attr)) { + address.postCode(jsonObject.get(AttributeScopeMapper.PermanentAddressPostalCode).getAsString()); + address.postName(jsonObject.get(AttributeScopeMapper.PermanentAddressCity).getAsString()); + address.cvAddressArea(jsonObject.get(AttributeScopeMapper.PermanentAddressStreet).getAsString()); + address.thoroughfare(jsonObject.get(AttributeScopeMapper.PermanentAddressStreet).getAsString()); + result.put(attr, address.build()); + + } else { + Logger.warn("Complexe eID4U attribute: " + attr + " is NOT SUPPORTED yet!"); + + } + + } + + return result; + + } + + + private AttributeScopeMapper() { + + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java index f347022b8..d5b1a9e4e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java @@ -1,5 +1,7 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.engine; +import java.util.Collection; + import org.opensaml.saml2.core.AuthnRequest; import org.opensaml.saml2.core.Response; import org.w3c.dom.Document; @@ -26,9 +28,9 @@ public class MOAProtocolEngine extends ProtocolEngine { * */ @Override - public Correlated unmarshallResponse(byte[] responseBytes) throws EIDASSAMLEngineException { + public Correlated unmarshallResponse(byte[] responseBytes, Collection<String> metadataWhitelist, boolean checkWhitelist) throws EIDASSAMLEngineException { try { - return super.unmarshallResponse(responseBytes); + return super.unmarshallResponse(responseBytes, metadataWhitelist, checkWhitelist); } catch (EIDASSAMLEngineException e) { if (responseBytes != null ) { @@ -45,7 +47,7 @@ public class MOAProtocolEngine extends ProtocolEngine { if (startInternalMetadataRefesh(entityID)) { Logger.debug("Metadata refresh success. Revalidate eIDAS Response ..."); - return super.unmarshallResponse(responseBytes); + return super.unmarshallResponse(responseBytes, metadataWhitelist, checkWhitelist); } Logger.info("eIDAS metadata refresh not possible or not successful."); @@ -61,9 +63,9 @@ public class MOAProtocolEngine extends ProtocolEngine { * */ @Override - public AuthnRequest unmarshallRequest(byte[] requestBytes) throws EIDASSAMLEngineException { + public AuthnRequest unmarshallRequest(byte[] requestBytes, Collection<String> whitelistMetadata, boolean checkWhitelist) throws EIDASSAMLEngineException { try { - return super.unmarshallRequest(requestBytes); + return super.unmarshallRequest(requestBytes, whitelistMetadata, checkWhitelist); } catch (EIDASSAMLEngineException e) { @@ -81,7 +83,7 @@ public class MOAProtocolEngine extends ProtocolEngine { if (startInternalMetadataRefesh(entityID)) { Logger.debug("Metadata refresh success. Revalidate eIDAS Authn. Request ..."); - return super.unmarshallRequest(requestBytes); + return super.unmarshallRequest(requestBytes, whitelistMetadata, checkWhitelist); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java index aca818532..feeff6f84 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java @@ -440,7 +440,9 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider imp AuthConfiguration moaAuthConfig = (AuthConfiguration) basicConfig; //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( - PVPConstants.SSLSOCKETFACTORYNAME, + PVPConstants.SSLSOCKETFACTORYNAME, + basicConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), moaAuthConfig.getTrustedCACertificates(), null, AuthConfiguration.DEFAULT_X509_CHAININGMODE, diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java new file mode 100644 index 000000000..b7a9fcba9 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java @@ -0,0 +1,32 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class eID4UAPException extends EIDASException { + + /** + * + */ + private static final long serialVersionUID = 1L; + + public eID4UAPException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + public eID4UAPException(String messageId, Object[] parameters, Throwable e) { + super(messageId, parameters, e); + } + + @Override + public String getStatusCodeFirstLevel() { + return StatusCode.RESPONDER_URI; + + } + + @Override + public String getStatusCodeSecondLevel() { + return StatusCode.AUTHN_FAILED_URI; + + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java new file mode 100644 index 000000000..a58bc4f8d --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java @@ -0,0 +1,181 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; + +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import com.google.common.collect.UnmodifiableIterator; + +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants; +import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper; +import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; +import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthAction; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20Protocol; +import at.gv.egovernment.moa.id.util.CookieUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.Builder; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.ImmutableAttributeEntry; + +@Component("CollectAddtionalAttributesTask") +public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { + + @Autowired private OAuth20AuthAction openIDAuthAction; + @Autowired private ITransactionStorage transactionStorage; + @Autowired private AuthenticationDataBuilder authDataBuilder; + + @Override + public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp) + throws TaskExecutionException { + try{ + context.put(eID4UConstants.PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS, false); + + if (pendingReq instanceof EIDASData) { + EIDASData eidasReq = (EIDASData) pendingReq; + Logger.debug("Find eIDAS Auth. Req. Check if eID4U attributes are requested ..."); + + //select all eID4U attributes from requested attributes + Builder reqEid4uAttrListBuilder = ImmutableAttributeMap.builder(); + ImmutableAttributeMap reqAttrList = eidasReq.getEidasRequestedAttributes(); + for (String el : Definitions.EID4UATTRIBUTEELIST) { + if(reqAttrList.getAttributeValuesByNameUri(el) != null) { + Logger.debug("Find eID4U attr: " + el); + reqEid4uAttrListBuilder.put(reqAttrList.getDefinitionByNameUri(el)); + + } + } + + //collect eID4U attributes, if some attributes are selected before + ImmutableAttributeMap reqEid4uAttrList = reqEid4uAttrListBuilder.build(); + if (reqEid4uAttrList != null && reqEid4uAttrList.size() > 0) { + Logger.info("Starting eID4U attribute collection process ... "); + + //mark execution context with eID4U AP flag + context.put(eID4UConstants.PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS, true); + + //load connection parameters to TUG + String uniqueID = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_CONSENT_ENTITYID); + String redirectURI = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_CONSENT_URL); + String scopes = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_SCOPES); + + if (MiscUtil.isEmpty(scopes)) { + //generate scope from attributes + scopes = mapReqAttributesIntoScopes(reqEid4uAttrList); + + } + + Logger.debug("Load eID4U AP-Config:" + + " EntityID: " + uniqueID + + " RedirectURL:" + redirectURI + + " Scopes: " + scopes); + + + /* + *build openID and set connect token + */ + + //generate fake OpenID_Connect request + OAuth20AuthRequest fakeOpenIDReq = new OAuth20AuthRequest(); + fakeOpenIDReq.initialize(httpReq, authConfig); + fakeOpenIDReq.setSPEntityId(uniqueID); + fakeOpenIDReq.setModule(OAuth20Protocol.NAME); + fakeOpenIDReq.setOnlineApplicationConfiguration(authConfig.getServiceProviderConfiguration(uniqueID)); + fakeOpenIDReq.setScope("openId profile"); + + //populate with SessionData + fakeOpenIDReq.setRawDataToTransaction( + pendingReq.getSessionData(AuthenticationSessionWrapper.class) + .getKeyValueRepresentationFromAuthSession()); + + //generate authData + IAuthData authData = authDataBuilder.buildAuthenticationData(fakeOpenIDReq); + + //generate OpenIDConenct token + String accessToken = Random.nextHexRandom32(); + OAuth20SessionObject o = new OAuth20SessionObject(); + o.setScope(fakeOpenIDReq.getScope()); + o.setCode(accessToken); + Map<String, Object> idToken = openIDAuthAction.generateIDToken(o, fakeOpenIDReq, authData, accessToken); + o.setAuthDataSession(idToken); + transactionStorage.put(accessToken, o, -1); + + //forward to TUG + httpResp.setStatus(HttpServletResponse.SC_FOUND); + redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_OPENID_CODE, accessToken); + redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_SCOPE, scopes); + redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_STATE, + pendingReq.getPendingRequestId()); + redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_REDIRECT_URI, + pendingReq.getAuthURL() + eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN); + + final String finalUrl = redirectURI; + httpResp.addHeader("Location", finalUrl); + Logger.debug("REDIRECT TO: " + finalUrl.toString()); + + //set session cookie, because eID4U AP from TUG maybe not support pendingReqIds on request level + CookieUtils.setCookie(httpReq, httpResp, + eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME, + pendingReq.getPendingRequestId(), -1); + + //set user's bPK into pendingRequst because TUG AttributeProvider needs it + pendingReq.setRawDataToTransaction( + eID4UConstants.PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER, + new BPKAttributeBuilder().build( + fakeOpenIDReq.getServiceProviderConfiguration(), + authData, + new SimpleStringAttributeGenerator())); + requestStoreage.storePendingRequest(pendingReq); + + } else + Logger.debug("No eID4U attributes found. Skip eID4U attribute collection"); + + } else + Logger.debug("No eIDAS Request found. Skip eID4U attribute collection"); + + } catch (Exception e) { + Logger.error("eID4U AttributeProvider communication FAILED.", e); + throw new TaskExecutionException(pendingReq, "eID4U AttributeProvider communication FAILED", e); + + } + + } + + private String mapReqAttributesIntoScopes(ImmutableAttributeMap reqEid4uAttrList) { + String result = StringUtils.EMPTY; + UnmodifiableIterator<ImmutableAttributeEntry<?>> it = reqEid4uAttrList.entrySet().iterator(); + while (it.hasNext()) { + ImmutableAttributeEntry<?> el = it.next(); + String scope = AttributeScopeMapper.getInstance().getTUGScopesForAttribute( + el.getKey().getNameUri().toString()); + + if (result.isEmpty()) + result = scope; + else + result += " " + scope; + + } + + return result; + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java index 1788facf0..274a23674 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java @@ -57,11 +57,14 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider); //validate SAML token + //TODO: maybe add whitelist IAuthenticationResponse samlResp = engine.unmarshallResponseAndValidate(decSamlToken, request.getRemoteHost(), Constants.CONFIG_PROPS_SKEWTIME_BEFORE, Constants.CONFIG_PROPS_SKEWTIME_AFTER, - pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA); + pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA, + null, + false); if (samlResp.isEncrypted()) { Logger.info("Received encrypted eIDAS SAML-Response."); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java new file mode 100644 index 000000000..e878f8ab1 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java @@ -0,0 +1,238 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; + +import java.io.InputStreamReader; +import java.nio.charset.StandardCharsets; +import java.util.Base64; +import java.util.Map; +import java.util.Map.Entry; + +import javax.net.ssl.SSLSocketFactory; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.io.IOUtils; +import org.apache.http.Header; +import org.apache.http.HttpHeaders; +import org.apache.http.HttpResponse; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.protocol.HttpClientContext; +import org.apache.http.client.utils.URIBuilder; +import org.apache.http.impl.client.CloseableHttpClient; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants; +import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper; +import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eID4UAPException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport; +import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; +import at.gv.egovernment.moa.id.util.CookieUtils; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +@Component("ReceiveConsentForAddtionalAttributesTask") +public class ReceiveConsentForAddtionalAttributesTask extends AbstractAuthServletTask { + + private static final int HashMap = 0; + @Autowired private AuthConfiguration moaAuthConfig; + + @Override + public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp) + throws TaskExecutionException { + try{ + if (pendingReq instanceof EIDASData) { + EIDASData eidasReq = (EIDASData) pendingReq; + + //delete eID4U http Cookie with pendingRequestId + CookieUtils.deleteCookie(httpReq, httpResp, eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME); + + String authCode = httpReq.getParameter(OAuth20Constants.RESPONSE_CODE); + if (MiscUtil.isEmpty(authCode)) { + Logger.info("Find NO OAuth2 authCode as http parameter 'code'. eID4U AP process stopping ... "); + throw new eID4UAPException("NO OAuth2 'authCode' to access AP", null); + + } + Logger.trace("Find OAuth2 'code' with: " + authCode); + + /* + * access backend service with authCode + * + */ + String tokenServiceURL = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_URL); + String tokenServiceUsername = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_USERNAME); + String tokenServicePassword = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_PASSWORD); + + if (MiscUtil.isEmpty(tokenServiceURL)) { + Logger.info("NO TokenService URL in configuration for eID4U AP. "); + throw new eID4UAPException("NO TokenService URL in configuration for eID4U AP.", null); + + } + + //open http client + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( + moaAuthConfig, + tokenServiceURL); + CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient( + sslFactory, + authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); + + //build request URL + URIBuilder uriBuilderToken = new URIBuilder(tokenServiceURL); + uriBuilderToken.addParameter(OAuth20Constants.PARAM_GRANT_TYPE, + authConfig.getBasicConfiguration( + eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_PARAM_GRANTTYPE, + OAuth20Constants.PARAM_GRANT_TYPE_VALUE_AUTHORIZATION_CODE)); + uriBuilderToken.addParameter(OAuth20Constants.RESPONSE_CODE, authCode); + Logger.trace("Full eID4U Token-Service request URL: " + uriBuilderToken.build()); + + HttpGet httpGetToken = new HttpGet(uriBuilderToken.build()); + + HttpClientContext localContext = HttpClientContext.create(); + if (MiscUtil.isNotEmpty(tokenServiceUsername)) { + Logger.debug("Find AuthCredentials for eID4U AP. Injecting credentials ... "); + + //Raw work-around, because API solution does not work well + String auth = tokenServiceUsername.trim() + ":" + tokenServicePassword.trim(); + byte[] encodedAuth = Base64.getEncoder().encode(auth.getBytes(StandardCharsets.ISO_8859_1)); + String authHeader = "Basic " + new String(encodedAuth); + httpGetToken.setHeader(HttpHeaders.AUTHORIZATION, authHeader); + + //API solutuion +// HttpHost targetHost = new HttpHost(uriBuilderToken.build().toString()); +// AuthCache authCache = new BasicAuthCache(); +// authCache.put(targetHost, new BasicScheme()); +// +// CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); +// credentialsProvider.setCredentials(AuthScope.ANY, +// new UsernamePasswordCredentials(tokenServiceUsername.trim(), tokenServicePassword.trim())); +// localContext.setCredentialsProvider(credentialsProvider); +// localContext.setAuthCache(authCache); + + } + + //request tokenService + HttpResponse httpResultToken = httpClient.execute(httpGetToken, localContext); + + Logger.trace("Receive http StatusCode: " + httpResultToken.getStatusLine().getStatusCode() + + " from eID4U AP TokenService"); + + if (Logger.isTraceEnabled()) { + for (Header el : httpResultToken.getAllHeaders()) + Logger.trace("Resp. Headername:" + el.getName() + " Value:" + el.getValue()); + } + + if (httpResultToken.getStatusLine().getStatusCode() != 200) { + Logger.info("eID4U AP TokenService anwser with StatusCode:" + httpResultToken.getStatusLine().getStatusCode() + + " eID4U AP process stopping ... "); + if (httpResultToken.getEntity().getContent() != null) + Logger.trace("StatusMessage: " + IOUtils.toString(httpResultToken.getEntity().getContent(), "UTF-8")); + throw new eID4UAPException("eID4U AP TokenService return statusCode: " + httpResultToken.getStatusLine().getStatusCode(), null); + + } + + //parse AccessToken from TokenService response + JsonElement fullToken = new JsonParser().parse( + new InputStreamReader(httpResultToken.getEntity().getContent())); + Logger.trace("FullToken: " + fullToken.toString()); + String accessToken = fullToken.getAsJsonObject().get(OAuth20Constants.RESPONSE_ACCESS_TOKEN).getAsString(); + + + //call Attribute Provider to receice eID4U attributes from TUG + String attrProviderServiceURL = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_DATASERVICE_URL); + if (MiscUtil.isEmpty(attrProviderServiceURL)) { + Logger.info("NO Attr.Provider Service URL in configuration for eID4U AP. "); + throw new eID4UAPException("NO Attr.Provider URL in configuration for eID4U AP.", null); + + } + + + URIBuilder uriBuilderAttrProv = new URIBuilder(attrProviderServiceURL); + HttpGet httpGetData = new HttpGet(uriBuilderAttrProv.build()); + + //encode and add token as header + String authHeader = "Bearer " + accessToken; + httpGetData.setHeader(HttpHeaders.AUTHORIZATION, authHeader); + + //get and add bPK as header + httpGetData.setHeader( + "X-PVP-BPK", + pendingReq.getRawData(eID4UConstants.PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER, String.class)); + + if (Logger.isTraceEnabled()) { + for (Header el : httpGetData.getAllHeaders()) + Logger.trace("Req. Headername:" + el.getName() + " Value:" + el.getValue()); + } + + //request Attribute Provider + HttpResponse httpResultData = httpClient.execute(httpGetData); + + //parse response + Logger.trace("Receive http StatusCode: " + httpResultData.getStatusLine().getStatusCode() + + " from eID4U Attr.Provider Service"); + + if (Logger.isTraceEnabled()) { + for (Header el : httpResultData.getAllHeaders()) + Logger.trace("Resp. Headername:" + el.getName() + " Value:" + el.getValue()); + } + + if (httpResultData.getStatusLine().getStatusCode() != 200) { + Logger.info("eID4U Attr.Provider Service anwser with StatusCode:" + httpResultData.getStatusLine().getStatusCode() + + " eID4U AP process stopping ... "); + if (httpResultData.getEntity().getContent() != null) + Logger.trace("StatusMessage: " + IOUtils.toString(httpResultData.getEntity().getContent(), "UTF-8")); + + throw new eID4UAPException("eID4U Attr.Provider Service return statusCode: " + httpResultData.getStatusLine().getStatusCode(), null); + + } + + + //parse eID4U attributes from Attr.Provider service response + JsonElement fullAttrSet = new JsonParser().parse( + new InputStreamReader(httpResultData.getEntity().getContent())); + Logger.trace("FullAttrSet: " + fullAttrSet.toString()); + + //populate eID4U attributes + populateEid4uAttributes(fullAttrSet.getAsJsonObject()); + + //store pendingRequest + requestStoreage.storePendingRequest(pendingReq); + + + } else + Logger.debug("No eIDAS Request found. Skip eID4U attribute collection"); + + } catch (Exception e) { + Logger.error("IdentityLink generation for foreign person FAILED.", e); + throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + + } + + } + + private void populateEid4uAttributes(JsonObject jsonObject) throws EAAFStorageException { + try { + AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + Map<String, Object> eID4UAttributes = AttributeScopeMapper.getInstance().populateEid4uAttributesFromTugResponse(jsonObject); + for (Entry<String, Object> el : eID4UAttributes.entrySet()) + session.setGenericDataToSession(el.getKey(), el.getValue()); + + } catch (EAAFStorageException e) { + Logger.warn("Can NOT inject authentication data into user object.", e); + throw e; + } + + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java index bb52d2ffe..44a313885 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java @@ -69,12 +69,11 @@ import org.opensaml.xml.security.credential.UsageType; import org.opensaml.xml.security.keyinfo.KeyInfoGenerator; import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory; import org.opensaml.xml.signature.KeyInfo; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import com.google.common.collect.ImmutableSortedSet; import com.google.common.collect.Ordering; +import at.gv.egovernment.moa.logging.Logger; import eu.eidas.auth.commons.EIDASUtil; import eu.eidas.auth.commons.EidasStringUtil; import eu.eidas.auth.commons.attribute.AttributeDefinition; @@ -108,7 +107,6 @@ import eu.eidas.util.Preconditions; * */ public class NewMoaEidasMetadata { - private static final Logger LOGGER = LoggerFactory.getLogger(EidasMetadata.class.getName()); private final String metadata; private final String entityId; private static final Set<String> DEFAULT_BINDING = new HashSet() { @@ -180,7 +178,7 @@ public class NewMoaEidasMetadata { dm.setAlgorithm(digestMethod); eidasExtensions.getUnknownXMLObjects().add(dm); } else { - NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding DigestMethod extension"); + Logger.info("BUSINESS EXCEPTION error adding DigestMethod extension"); } } } @@ -197,7 +195,7 @@ public class NewMoaEidasMetadata { spTypeObj.setSPType(this.params.getSpType()); eidasExtensions.getUnknownXMLObjects().add(spTypeObj); } else { - NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding SPType extension"); + Logger.info("BUSINESS EXCEPTION error adding SPType extension"); } } generateDigest(eidasExtensions); @@ -212,7 +210,7 @@ public class NewMoaEidasMetadata { sm.setAlgorithm(signMethod); eidasExtensions.getUnknownXMLObjects().add(sm); } else { - NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding SigningMethod extension"); + Logger.info("BUSINESS EXCEPTION error adding SigningMethod extension"); } } } @@ -378,8 +376,12 @@ public class NewMoaEidasMetadata { new ImmutableSortedSet.Builder<>(Ordering.<AttributeDefinition<?>>natural()); for (String attr : eIDASAttributeBuilder.getAllProvideableeIDASAttributes()) { - AttributeDefinition<?> supAttr = params.getIdpEngine().getProtocolProcessor().getAttributeDefinitionNullable(attr); - builder.add(supAttr); + Logger.trace("Build metadata-attr: " + attr); + AttributeDefinition<?> supAttr = params.getIdpEngine().getProtocolProcessor().getAttributeDefinitionNullable(attr); + if (supAttr == null) + Logger.warn("Suspect eIDAS attribute definition: " + attr); + else + builder.add(supAttr); } return builder.build(); @@ -444,11 +446,11 @@ public class NewMoaEidasMetadata { url.setURL(new LocalizedString(this.params.getOrganization().getUrl(), "en")); organization.getURLs().add(url); } catch (IllegalAccessException iae) { - NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", iae.getMessage()); - NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", iae); + Logger.info("ERROR : error generating the OrganizationData: " + iae.getMessage()); + Logger.warn("ERROR : error generating the OrganizationData:", iae); } catch (NoSuchFieldException nfe) { - NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", nfe.getMessage()); - NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", nfe); + Logger.info("ERROR : error generating the OrganizationData: " + nfe.getMessage()); + Logger.warn("ERROR : error generating the OrganizationData:", nfe); } } return organization; @@ -463,11 +465,11 @@ public class NewMoaEidasMetadata { else if (contactType == ContactPersonTypeEnumeration.TECHNICAL) currentContact = this.params.getTechnicalContact(); else { - NewMoaEidasMetadata.LOGGER.error("ERROR: unsupported contact type"); + Logger.error("ERROR: unsupported contact type"); } contact = (ContactPerson) BuilderFactoryUtil.buildXmlObject(ContactPerson.class); if (currentContact == null) { - NewMoaEidasMetadata.LOGGER.error("ERROR: cannot retrieve contact from the configuration"); + Logger.error("ERROR: cannot retrieve contact from the configuration"); return contact; } @@ -486,11 +488,11 @@ public class NewMoaEidasMetadata { populateContact(contact, currentContact, emailAddressObj, company, givenName, surName, phoneNumber); } catch (IllegalAccessException iae) { - NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", iae.getMessage()); - NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", iae); + Logger.info("ERROR : error generating the OrganizationData: " + iae.getMessage()); + Logger.warn("ERROR : error generating the OrganizationData: ", iae); } catch (NoSuchFieldException nfe) { - NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", nfe.getMessage()); - NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", nfe); + Logger.info("ERROR : error generating the OrganizationData: " + nfe.getMessage()); + Logger.warn("ERROR : error generating the OrganizationData: ", nfe); } return contact; } @@ -546,8 +548,8 @@ public class NewMoaEidasMetadata { } return EidasStringUtil.toString(OpenSamlHelper.marshall(entityDescriptor, false)); } catch (Exception ex) { - NewMoaEidasMetadata.LOGGER.info("ERROR : SAMLException ", ex.getMessage()); - NewMoaEidasMetadata.LOGGER.debug("ERROR : SAMLException ", ex); + Logger.info("ERROR : SAMLException: " + ex.getMessage()); + Logger.warn("ERROR : SAMLException ", ex); throw new IllegalStateException(ex); } } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java index 6d20caa4b..b000c317e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java @@ -33,6 +33,7 @@ import org.opensaml.xml.ConfigurationException; import org.opensaml.xml.XMLConfigurator; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eid4u.api.attributes.Definitions; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAExtendedSWSigner; import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl; @@ -112,6 +113,16 @@ public class SAMLEngineUtils { SAMLSchemaBuilder.addExtensionSchema( at.gv.egovernment.moa.util.Constants.SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION); + //add eID4U schemes + SAMLSchemaBuilder.addExtensionSchema( + Definitions.SAML2_eID4U_CORE_EXTENSIONS_SCHEMA_LOCATION); + SAMLSchemaBuilder.addExtensionSchema( + Definitions.SAML2_eID4U_PERSON_EXTENSIONS_SCHEMA_LOCATION); + SAMLSchemaBuilder.addExtensionSchema( + Definitions.SAML2_eID4U_STUDIES_EXTENSIONS_SCHEMA_LOCATION); + SAMLSchemaBuilder.addExtensionSchema( + Definitions.SAML2_eID4U_EXT_EUROPASS3_EXTENSIONS_SCHEMA_LOCATION); + eIDASEngine = engine; } catch (EIDASSAMLEngineException | ConfigurationException e) { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java index 200215308..d2323d161 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java @@ -38,6 +38,7 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.data.IMOAAuthData; +import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; import at.gv.egovernment.moa.logging.Logger; @@ -53,7 +54,7 @@ import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException; * */ public class eIDASAttributeBuilder extends PVPAttributeBuilder { - private static IAttributeGenerator<String> generator = new SimpleEidasAttributeGenerator(); + private static IAttributeGenerator<String> generator = new SimpleStringAttributeGenerator(); private static List<String> listOfSupportedeIDASAttributes; private static ServiceLoader<IeIDASAttribute> eIDASAttributLoader = @@ -105,7 +106,7 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder { * @param authData Authentication data that contains user information for attribute generation * @return eIDAS attribute response {@link Pair} or null if the attribute generation FAILES */ - public static Pair<AttributeDefinition<?>,ImmutableSet<AttributeValue<?>>> buildAttribute(AttributeDefinition<?> attr, ISPConfiguration onlineApplicationConfiguration, + public static Pair<?, ImmutableSet<AttributeValue<?>>> buildAttribute(AttributeDefinition<?> attr, ISPConfiguration onlineApplicationConfiguration, IAuthData authData) { String attrName = attr.getNameUri().toString(); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index d268dd2f6..7c9e66ba0 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -203,7 +203,8 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement //***** validate eIDAS request ********* //**************************************** //validate SAML token - IAuthenticationRequest samlReq = engine.unmarshallRequestAndValidate(decSamlToken, cititzenCountryCode ); + //TODO: maybe add whitelist feature + IAuthenticationRequest samlReq = engine.unmarshallRequestAndValidate(decSamlToken, cititzenCountryCode, null, false); //validate internal JAVA class type if (!(samlReq instanceof IEidasAuthenticationRequest)) { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java index 1ac4560b0..d9232a2f3 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java @@ -28,7 +28,8 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF * @author tlenz * */ -@Deprecated + + @eIDASMetadata public class eIDASAttrLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java index 66359e240..e10f42b37 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java @@ -35,7 +35,6 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ -@Deprecated @eIDASMetadata public class eIDASAttrLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java index 638b01bb1..cea28662e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java @@ -28,7 +28,10 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF * @author tlenz * */ -@eIDASMetadata + +/* + * Is not a valid eIDAS attribute at the moment, because representative has to be a natural person + */ public class eIDASAttrRepresentativeLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute { @Override diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java index fd245c3eb..7c527ff67 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java @@ -35,7 +35,10 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ -@eIDASMetadata + +/* + * Is not a valid eIDAS attribute at the moment, because representative has to be a natural person + */ public class eIDASAttrRepresentativeLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute { @Override diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java index f7e135bae..14ba239a1 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java @@ -61,7 +61,7 @@ public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNat throws AttributeBuilderException { try { - Pair<String, String> calcResult = internalBPKGenerator(oaParam, authData); + Pair<String, String> calcResult = getBpkForSp(oaParam, authData); if (calcResult != null) { String personalID = calcResult.getFirst(); String type = calcResult.getSecond(); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java index db072203d..9321182da 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java @@ -1,5 +1,8 @@ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; +import java.lang.annotation.Retention; + +@Retention(java.lang.annotation.RetentionPolicy.RUNTIME) public @interface eIDASMetadata { } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java new file mode 100644 index 000000000..2f066bc6b --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class CititzenshipAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.CITIZENSHIP_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.CITIZENSHIP_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.CITIZENSHIP_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java new file mode 100644 index 000000000..8ef79b774 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class CountryOfBirthAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.COUNTRYOFBIRTH_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.COUNTRYOFBIRTH_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.COUNTRYOFBIRTH_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java new file mode 100644 index 000000000..7b4c16a5a --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class CurrentDegreeAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.CURRENTDEGREE_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.CURRENTDEGREE_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.CURRENTDEGREE_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java new file mode 100644 index 000000000..5210676c2 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class CurrentLevelOfStudyAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.CURRENTLEVELOFSTUDY_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.CURRENTLEVELOFSTUDY_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.CURRENTLEVELOFSTUDY_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java new file mode 100644 index 000000000..4b8e6ec29 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java @@ -0,0 +1,49 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.generic.Document; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class CurrentPhotoAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + Object docObj= authData.getGenericData(getName(), Object.class); + + if (docObj instanceof Document) { + return g.buildStringAttribute(Definitions.CURRENTPHOTO_FRIENDLYNAME, getName(), ((Document)docObj).toString()); + + + } else if (docObj instanceof String) { + if (StringUtils.isNotEmpty((String)docObj)) + return g.buildStringAttribute(Definitions.CURRENTPHOTO_FRIENDLYNAME, getName(), (String)docObj); + + } + + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.CURRENTPHOTO_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.CURRENTPHOTO_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java new file mode 100644 index 000000000..4f0a0d2fc --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class DegreeAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.DEGREE_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.DEGREE_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.DEGREE_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java new file mode 100644 index 000000000..8b480914b --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class DegreeAwardingInstituteAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.DEGREEAWARDINGINSTITUTION_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.DEGREEAWARDINGINSTITUTION_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.DEGREEAWARDINGINSTITUTION_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java new file mode 100644 index 000000000..b3b58c9da --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class DegreeCountryAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.DEGREECOUNTRY_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.DEGREECOUNTRY_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.DEGREECOUNTRY_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java new file mode 100644 index 000000000..f37b8ea65 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class EHICIDAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.EHICID_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.EHICID_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.EHICID_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java new file mode 100644 index 000000000..c1dba7eff --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class EMailAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.EMAIL_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.EMAIL_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.EMAIL_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java new file mode 100644 index 000000000..ba486079e --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class FieldOfStudyAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.FIELDOFSTUDY_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.FIELDOFSTUDY_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.FIELDOFSTUDY_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java new file mode 100644 index 000000000..cf1bc4b07 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class GraduationYearAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.GRADUATIONYEAR_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.GRADUATIONYEAR_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.GRADUATIONYEAR_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java new file mode 100644 index 000000000..73ab6fdda --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java @@ -0,0 +1,72 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import java.io.IOException; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException; +import eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddressAttributeValue; + +@eIDASMetadata +public class HomeInstituteAddressAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + Object obj= authData.getGenericData(getName(), Object.class); + + if (obj instanceof PostalAddress) { + try { + return g.buildStringAttribute(Definitions.HOMEINSTITUTIONADDRESS_FRIENDLYNAME, getName(), + new CurrentAddressAttributeValueMarshaller().marshal( + new PostalAddressAttributeValue((PostalAddress) obj))); + + } catch (AttributeValueMarshallingException e) { + Logger.warn("Can NOT build attribute: " + getName(), e); + + } + + } else if (obj instanceof String) { + if (StringUtils.isNotEmpty((String)obj)) { + try { + return g.buildStringAttribute(Definitions.HOMEINSTITUTIONADDRESS_FRIENDLYNAME, getName(), + Base64Utils.encode(((String) obj).getBytes())); + + } catch (IOException e) { + Logger.warn("Can NOT build attribute: " + getName(), e); + + } + + } + + } + + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONADDRESS_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.HOMEINSTITUTIONADDRESS_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java new file mode 100644 index 000000000..4b80b53ca --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class HomeInstituteCountryAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.HOMEINSTITUTIONCOUNTRY_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONCOUNTRY_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.HOMEINSTITUTIONCOUNTRY_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java new file mode 100644 index 000000000..e8c7a9169 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class HomeInstituteIdentifierAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.HOMEINSTITUTIONIDENTIFIER_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONIDENTIFIER_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.HOMEINSTITUTIONIDENTIFIER_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java new file mode 100644 index 000000000..1f72b9a37 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class HomeInstituteNameAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.HOMEINSTITUTIONNAME_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONNAME_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.HOMEINSTITUTIONNAME_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java new file mode 100644 index 000000000..1983c10d1 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java @@ -0,0 +1,49 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import java.text.DateFormat; +import java.text.SimpleDateFormat; +import java.util.Date; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class IdExpireddateAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + Object dateObj= authData.getGenericData(getName(), Object.class); + + if (dateObj instanceof Date) { + DateFormat pvpDateFormat = new SimpleDateFormat(Definitions.DATE_FORMAT_PATTERN); + String dateString = pvpDateFormat.format(dateObj); + return g.buildStringAttribute(Definitions.IDEXPIREDATE_FRIENDLYNAME, getName(), dateString); + + } else if (dateObj instanceof String) { + return g.buildStringAttribute(Definitions.IDEXPIREDATE_FRIENDLYNAME, getName(), (String) dateObj); + + } else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.IDEXPIREDATE_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.IDEXPIREDATE_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java new file mode 100644 index 000000000..7b04069e2 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class IdIssuerAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.IDISSUER_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.IDISSUER_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.IDISSUER_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java new file mode 100644 index 000000000..956caab68 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class IdNumberAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.IDNUMBER_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.IDNUMBER_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.IDNUMBER_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java new file mode 100644 index 000000000..e2aff59e9 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java @@ -0,0 +1,48 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egiz.eid4u.api.attributes.natural.IdType; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class IdTypeAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + Object idTypeObj= authData.getGenericData(getName(), Object.class); + + if (idTypeObj instanceof IdType) + return g.buildStringAttribute(Definitions.IDTYPE_FRIENDLYNAME, getName(), ((IdType)idTypeObj).getValue()); + + else if (idTypeObj instanceof String) { + String idType = (String)idTypeObj; + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.IDTYPE_FRIENDLYNAME, getName(), idType); + } + + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.IDTYPE_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.IDTYPE_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java new file mode 100644 index 000000000..4c88a54c1 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java @@ -0,0 +1,50 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.CertificatesType; +import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.generic.Document; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class LanguageCertificatesAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + Object certObj= authData.getGenericData(getName(), Object.class); + + if (certObj instanceof CertificatesType) { + return g.buildStringAttribute(Definitions.LANGUAGECERTIFICATES_FRIENDLYNAME, getName(), ((CertificatesType)certObj).toString()); + + + } else if (certObj instanceof String) { + if (StringUtils.isNotEmpty((String)certObj)) + return g.buildStringAttribute(Definitions.LANGUAGECERTIFICATES_FRIENDLYNAME, getName(), (String) certObj); + + } + + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.LANGUAGECERTIFICATES_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.LANGUAGECERTIFICATES_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java new file mode 100644 index 000000000..b3c30a8a2 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java @@ -0,0 +1,51 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.CertificatesType; +import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.LanguageLevelType; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class LanguageProficiencyAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + Object certObj= authData.getGenericData(getName(), Object.class); + + if (certObj instanceof LanguageLevelType) { + return g.buildStringAttribute(Definitions.LANGUAGEPROFICIENCY_FRIENDLYNAME, getName(), ((LanguageLevelType)certObj).toString()); + + + } else if (certObj instanceof String) { + if (StringUtils.isNotEmpty((String)certObj)) + + return g.buildStringAttribute(Definitions.LANGUAGEPROFICIENCY_FRIENDLYNAME, getName(), (String) certObj); + + } + + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.LANGUAGEPROFICIENCY_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.LANGUAGEPROFICIENCY_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java new file mode 100644 index 000000000..98410a606 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java @@ -0,0 +1,49 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egiz.eid4u.api.attributes.natural.MaritalState; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class MaritalstateAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + Object valueObj = authData.getGenericData(getName(), Object.class); + + if (valueObj instanceof MaritalState) + return g.buildStringAttribute(Definitions.MARITALSTATE_FRIENDLYNAME, getName(), ((MaritalState)valueObj).getValue()); + + else if (valueObj instanceof String) { + String value = (String)valueObj; + if (StringUtils.isNotEmpty(value)); + return g.buildStringAttribute(Definitions.MARITALSTATE_FRIENDLYNAME, getName(), value); + + } + + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.MARITALSTATE_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.EHICID_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java new file mode 100644 index 000000000..724b2494e --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class NationalityAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.NATIONALITY_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.NATIONALITY_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.NATIONALITY_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java new file mode 100644 index 000000000..51e78bac2 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class PhoneAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.PHONE_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.PHONE_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.PHONE_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java new file mode 100644 index 000000000..9888ce3c0 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class TaxIdentificationNumberAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.TAXIDENTIFICATIONNUMBER_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.TAXIDENTIFICATIONNUMBER_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.TAXIDENTIFICATIONNUMBER_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java new file mode 100644 index 000000000..9a57750cf --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java @@ -0,0 +1,70 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import java.io.IOException; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException; +import eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddressAttributeValue; + +@eIDASMetadata +public class TemporaryAddressAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + Object obj= authData.getGenericData(getName(), Object.class); + + if (obj instanceof PostalAddress) { + try { + return g.buildStringAttribute(Definitions.TEMPORARYADDRESS_FRIENDLYNAME, getName(), + new CurrentAddressAttributeValueMarshaller().marshal( + new PostalAddressAttributeValue((PostalAddress) obj))); + + } catch (AttributeValueMarshallingException e) { + Logger.warn("Can NOT build attribute: " + getName(), e); + + } + + } else if (obj instanceof String) { + if (StringUtils.isNotEmpty((String)obj)) + try { + return g.buildStringAttribute(Definitions.TEMPORARYADDRESS_FRIENDLYNAME, getName(), + Base64Utils.encode(((String) obj).getBytes())); + + } catch (IOException e) { + Logger.warn("Can NOT build attribute: " + getName(), e); + + } + + } + + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.TEMPORARYADDRESS_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.TEMPORARYADDRESS_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java index f6a67db9d..b42d3273f 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java @@ -87,7 +87,9 @@ public class eIDASAuthenticationRequest implements IAction { else throw new MOAIDException("got wrong IRequest type. is: {}, should be: {}", new String[] {req.getClass().toString(), EIDASData.class.toString()}); - + + ProtocolEngineI engine = at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider); + String subjectNameID = null; //gather attributes @@ -129,6 +131,21 @@ public class eIDASAuthenticationRequest implements IAction { Logger.trace("eIDAS requsted attr. update process finished"); } + + + + //TODO: eID4U testcode + //************************************************************************** +// Builder reqAttrWitheID4U = ImmutableAttributeMap.builder(reqAttributeList); +// AttributeDefinition<?> attrDef = +// engine.getProtocolProcessor().getAttributeDefinitionNullable( +// Definitions.IDTYPE_NAME); +// reqAttrWitheID4U.put(AttributeDefinition.builder(attrDef).required(false).build()); +// +// reqAttributeList = reqAttrWitheID4U.build(); + + //************************************************************************** + Logger.trace("Starting eIDAS response generation ...."); @@ -164,9 +181,7 @@ public class eIDASAuthenticationRequest implements IAction { String token = null; IResponseMessage eIDASRespMsg = null; - try { - ProtocolEngineI engine = at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider); - + try { // encryption is done by the SamlEngine, i.e. by the module we provide in the config // but we need to set the appropriate request issuer //engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer()); @@ -247,16 +262,18 @@ public class eIDASAuthenticationRequest implements IAction { } private void buildAndAddAttribute(ImmutableAttributeMap.Builder attrMapBuilder, AttributeDefinition<?> attr, IRequest req, IAuthData authData) throws MOAIDException { - Pair<AttributeDefinition<?>, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute( + Pair<?, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute( attr, req.getServiceProviderConfiguration(), authData); if(eIDASAttr == null) { if (attr.isRequired()) { Logger.info("eIDAS Attr:" + attr.getNameUri() + " is marked as 'Required' but not available."); - throw new MOAIDException("eIDAS.15", new Object[]{attr.getFriendlyName()}); + + //TODO!!!!!!! + //throw new MOAIDException("eIDAS.15", new Object[]{attr.getFriendlyName()}); } else - Logger.info("eIDAS Attr:" + attr.getNameUri() + " is not available."); + Logger.debug("eIDAS Attr:" + attr.getNameUri() + " is not available."); } else { //add attribute to Map diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index 3c11c725d..3a05c47ac 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -1,7 +1,8 @@ at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrDateOfBirth at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrFamilyName at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrGivenName -at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalName +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalPersonIdentifier at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeDateOfBirth at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeFamilyName @@ -9,3 +10,30 @@ at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentat at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalName at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalPersonIdentifier at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdTypeAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdNumberAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdIssuerAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdExpireddateAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EHICIDAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.NationalityAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CititzenshipAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.MaritalstateAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CountryOfBirthAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EMailAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.PhoneAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TemporaryAddressAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentPhotoAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TaxIdentificationNumberAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteNameAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteIdentifierAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteCountryAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteAddressAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentLevelOfStudyAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.FieldOfStudyAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentDegreeAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAwardingInstituteAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.GraduationYearAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeCountryAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageProficiencyAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageCertificatesAttrBuilder
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute index ad87adb6a..2a147e18c 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute @@ -2,9 +2,38 @@ at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrDateOfBirth at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrFamilyName at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrGivenName at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalName +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalPersonIdentifier at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeDateOfBirth at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeFamilyName at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeGivenName at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalName at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalPersonIdentifier -at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier
\ No newline at end of file +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdTypeAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdNumberAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdIssuerAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdExpireddateAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EHICIDAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.NationalityAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CititzenshipAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.MaritalstateAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CountryOfBirthAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EMailAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.PhoneAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TemporaryAddressAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentPhotoAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TaxIdentificationNumberAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteNameAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteIdentifierAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteCountryAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteAddressAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentLevelOfStudyAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.FieldOfStudyAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentDegreeAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAwardingInstituteAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.GraduationYearAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeCountryAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageProficiencyAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageCertificatesAttrBuilder diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml new file mode 100644 index 000000000..4ab49641f --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml @@ -0,0 +1,74 @@ +<?xml version="1.0" encoding="UTF-8"?> +<pd:ProcessDefinition id="eID4UAttributCollectionAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> + +<!-- + - National authentication with Austrian Citizen Card and mobile signature with our without mandate. + - Legacy authentication for foreign citizens using MOCCA supported signature cards. +--> + <pd:Task id="initializeBKUAuthentication" class="InitializeBKUAuthenticationTask" /> + <pd:Task id="createIdentityLinkForm" class="CreateIdentityLinkFormTask" /> + <pd:Task id="verifyIdentityLink" class="VerifyIdentityLinkTask" async="true" /> + <pd:Task id="verifyAuthBlock" class="VerifyAuthenticationBlockTask" async="true" /> + <pd:Task id="verifyCertificate" class="VerifyCertificateTask" async="true" /> + <pd:Task id="getMISMandate" class="GetMISSessionIDTask" async="true" /> + <pd:Task id="certificateReadRequest" class="CertificateReadRequestTask" /> + <pd:Task id="prepareAuthBlockSignature" class="PrepareAuthBlockSignatureTask" /> + <pd:Task id="prepareGetMISMandate" class="PrepareGetMISMandateTask" /> + <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> + <pd:Task id="getForeignID" class="GetForeignIDTask" async="true" /> + <pd:Task id="userRestrictionTask" class="UserRestrictionTask" /> + <pd:Task id="genericFrontChannelRedirectTask" class="GenericFrontChannelRedirectTask"/> + + <!-- eID4U extensions --> + <pd:Task id="collectAddtionalAttributesTask" class="CollectAddtionalAttributesTask" async="true"/> + <pd:Task id="receiveConsentForAddtionalAttributesTask" class="ReceiveConsentForAddtionalAttributesTask" async="true"/> + + + + + <!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. --> + <pd:StartEvent id="start" /> + + <pd:Transition from="start" to="initializeBKUAuthentication" /> + + <pd:Transition from="initializeBKUAuthentication" to="createIdentityLinkForm" /> + + <pd:Transition from="createIdentityLinkForm" to="verifyIdentityLink" /> + + <pd:Transition from="verifyIdentityLink" to="certificateReadRequest" conditionExpression="!ctx['identityLinkAvailable'] || ctx['useMandate']" /> + <pd:Transition from="verifyIdentityLink" to="prepareAuthBlockSignature" /> + + <pd:Transition from="prepareAuthBlockSignature" to="verifyAuthBlock" /> + <!-- Note: verifyAuthBlock still creates a MIS session and redirects the user to the MIS gui. This should be separated from the auth block verification. --> + + <pd:Transition from="certificateReadRequest" to="verifyCertificate" /> + <!-- Note: verifyCertificate still creates the auth block to be signed which should be separated from certificat verification. --> + + <pd:Transition from="verifyCertificate" to="verifyAuthBlock" conditionExpression="ctx['useMandate']" /> + <pd:Transition from="verifyCertificate" to="getForeignID" /> + + <pd:Transition from="verifyAuthBlock" to="prepareGetMISMandate" conditionExpression="ctx['useMandate']" /> + <pd:Transition from="verifyAuthBlock" to="userRestrictionTask" /> + + <pd:Transition from="prepareGetMISMandate" to="getMISMandate" /> + + <pd:Transition from="getMISMandate" to="userRestrictionTask" /> + <pd:Transition from="getForeignID" to="userRestrictionTask" /> + + + <pd:Transition from="userRestrictionTask" to="genericFrontChannelRedirectTask" /> + + <!-- eID4U tasks for attribute collection --> + <pd:Transition from="genericFrontChannelRedirectTask" to="collectAddtionalAttributesTask" /> + + <pd:Transition from="collectAddtionalAttributesTask" to="receiveConsentForAddtionalAttributesTask" conditionExpression="ctx['collecteID4UAttr']" /> + <pd:Transition from="collectAddtionalAttributesTask" to="finalizeAuthentication" conditionExpression="!ctx['collecteID4UAttr']" /> + + <pd:Transition from="receiveConsentForAddtionalAttributesTask" to="finalizeAuthentication" /> + + + <pd:Transition from="finalizeAuthentication" to="end" /> + + <pd:EndEvent id="end" /> + +</pd:ProcessDefinition> diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml index 20395f210..da4a2a95b 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml @@ -9,9 +9,17 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + <bean id="eID4UAuthProcessImpl" + class="at.gv.egovernment.moa.id.auth.modules.eidas.AustrianAuthWitheID4UAuthenticationModulImpl"> + <property name="priority" value="1" /> + </bean> + <bean id="eIDASSignalServlet" class="at.gv.egovernment.moa.id.auth.modules.eidas.eIDASSignalServlet"/> + <bean id="eID4UAPSignalServlet" + class="at.gv.egovernment.moa.id.auth.modules.eidas.eID4UAPSignalServlet"/> + <bean id="EIDASProtocol" class="at.gv.egovernment.moa.id.protocols.eidas.EIDASProtocol"/> @@ -30,5 +38,14 @@ <bean id="CreateIdentityLinkTask" class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.CreateIdentityLinkTask" scope="prototype"/> + + <bean id="CollectAddtionalAttributesTask" + class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.CollectAddtionalAttributesTask" + scope="prototype"/> + + <bean id="ReceiveConsentForAddtionalAttributesTask" + class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.ReceiveConsentForAddtionalAttributesTask" + scope="prototype"/> + </beans>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/eID4U_TUG_scopes.map b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/eID4U_TUG_scopes.map new file mode 100644 index 000000000..6a8a28dd4 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/eID4U_TUG_scopes.map @@ -0,0 +1,27 @@ +ANY@tugraz.idm.attr.Citizenship=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/Citizenship +ANY@tugraz.idm.attr.CityOfBirth=http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth +ANY@tugraz.idm.attr.CountryOfBirth=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/CountryOfBirth +ANY@tugraz.idm.attr.CurrentDegreeName=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/CurrentDegree +ANY@tugraz.idm.attr.CurrentFieldOfStudy=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/FieldOfStudy +ANY@tugraz.idm.attr.CurrentLevelOfStudy=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/CurrentLevelOfStudy +ANY@tugraz.idm.attr.EmailStud=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/Email +ANY@tugraz.idm.attr.Gender=http://eidas.europa.eu/attributes/naturalperson/Gender +ANY@tugraz.idm.attr.HomeInstitutionName=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Name +ANY@tugraz.idm.attr.HomeInstitutionCountry=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Country + + +ANY@tugraz.idm.attr.HomeInstitutionAddressCountryCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address +ANY@tugraz.idm.attr.HomeInstitutionAddressPostalCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address +ANY@tugraz.idm.attr.HomeInstitutionAddressStreet=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address +ANY@tugraz.idm.attr.HomrInstitutionAddressCity=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address + + +ANY@tugraz.idm.attr.PermanentAddressCity=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress +ANY@tugraz.idm.attr.PermanentAddressCountryCode=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress +ANY@tugraz.idm.attr.PermanentAddressPostalCode=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress +ANY@tugraz.idm.attr.PermanentAddressStreet=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress + +ANY@tugraz.idm.attr.StudyAddressCity=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress +ANY@tugraz.idm.attr.StudyAddressCountryCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress +ANY@tugraz.idm.attr.StudyAddressPostalCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress +ANY@tugraz.idm.attr.StudyAddressStreet=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java b/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java new file mode 100644 index 000000000..0daa90b40 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java @@ -0,0 +1,253 @@ +package test.at.gv.egovernment.moa.id.modules.eidas.eid4u; + +import java.io.UnsupportedEncodingException; +import java.util.Base64; +import java.util.Map; + +import org.junit.Assert; +import org.junit.Test; + +import com.google.gson.JsonElement; +import com.google.gson.JsonParseException; +import com.google.gson.JsonParser; + +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; + + +public class AttributeScopeMapperTest { + + private static final String TUG_AP_RESPONSE_B64 = "ewogICAiQU5ZQHR1Z3Jhei5pZG0uYXR0ci5Db3VudHJ5T2ZCaXJ0aCI6IiIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkN1cnJlbnREZWdyZWVOYW1lIjoiRHIudGVjaG4uIiwKICAgIkFOWUB0dWdyYXouaWRtLmF0dHIuQ3VycmVudEZpZWxkT2ZTdHVkeSI6IjA2ODg7OTk5OSIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkN1cnJlbnRMZXZlbE9mU3R1ZHkiOiI4IiwKICAgIkFOWUB0dWdyYXouaWRtLmF0dHIuRW1haWxTdHVkIjoidC5rZXJuQHN0dWRlbnQudHVncmF6LmF0IiwKICAgIkFOWUB0dWdyYXouaWRtLmF0dHIuSG9tZUluc3RpdHV0aW9uQWRkcmVzc0NvdW50cnlDb2RlIjoiQVQiLAogICAiQU5ZQHR1Z3Jhei5pZG0uYXR0ci5Ib21lSW5zdGl0dXRpb25BZGRyZXNzUG9zdGFsQ29kZSI6IjgwMTAiLAogICAiQU5ZQHR1Z3Jhei5pZG0uYXR0ci5Ib21lSW5zdGl0dXRpb25BZGRyZXNzU3RyZWV0IjoiUmVjaGJhdWVyc3RyYcOfZSAxMiIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkhvbWVJbnN0aXR1dGlvbkNvdW50cnkiOiJBVCIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkhvbWVJbnN0aXR1dGlvbk5hbWUiOiJHcmF6IFVuaXZlcnNpdHkgT2YgVGVjaG5vbG9neSIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkhvbWVJbnN0aXR1dGlvbkFkZHJlc3NDaXR5IjoiR3JheiIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLlN0dWR5QWRkcmVzc0NpdHkiOiJGcm9obmxlaXRlbiIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLlN0dWR5QWRkcmVzc1Bvc3RhbENvZGUiOiI4MTMwIiwKICAgIkFOWUB0dWdyYXouaWRtLmF0dHIuU3R1ZHlBZGRyZXNzQ291bnRyeUNvZGUiOiJBVCIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLlN0dWR5QWRkcmVzc1N0cmVldCI6IkvDvGhhdSAyMiIKfQ=="; + + private AttributeScopeMapper mapper = null; + + @Test + public void dummyTest() throws Exception { + + + } + + @Test + public void checkTugApResponseMapping() throws JsonParseException, UnsupportedEncodingException { + JsonElement fullAttrSet = new JsonParser().parse(new String( + Base64.getDecoder().decode(TUG_AP_RESPONSE_B64.getBytes()), "UTF-8")); + + Map<String, Object> result = getMapper().populateEid4uAttributesFromTugResponse(fullAttrSet.getAsJsonObject()); + + Assert.assertTrue("eID4u attribte-table is EMPTY after mapping", !result.isEmpty()); + + Assert.assertTrue(result.containsKey(Definitions.COUNTRYOFBIRTH_NAME)); + Assert.assertEquals("", result.get(Definitions.COUNTRYOFBIRTH_NAME)); + + Assert.assertTrue(result.containsKey(Definitions.CURRENTDEGREE_NAME)); + Assert.assertEquals("Dr.techn.", result.get(Definitions.CURRENTDEGREE_NAME)); + + Assert.assertTrue(result.containsKey(Definitions.FIELDOFSTUDY_NAME)); + Assert.assertEquals("0688;9999", result.get(Definitions.FIELDOFSTUDY_NAME)); + + Assert.assertTrue(result.containsKey(Definitions.CURRENTLEVELOFSTUDY_NAME)); + Assert.assertEquals("8", result.get(Definitions.CURRENTLEVELOFSTUDY_NAME)); + + Assert.assertTrue(result.containsKey(Definitions.EMAIL_NAME)); + Assert.assertEquals("t.kern@student.tugraz.at", result.get(Definitions.EMAIL_NAME)); + + Assert.assertTrue(result.containsKey(Definitions.HOMEINSTITUTIONNAME_NAME)); + Assert.assertEquals("Graz University Of Technology", result.get(Definitions.HOMEINSTITUTIONNAME_NAME)); + + Assert.assertTrue(result.containsKey(Definitions.HOMEINSTITUTIONCOUNTRY_NAME)); + Assert.assertEquals("AT", result.get(Definitions.HOMEINSTITUTIONCOUNTRY_NAME)); + + Assert.assertTrue(result.containsKey(Definitions.HOMEINSTITUTIONADDRESS_NAME)); + checkComplexeAddress( + result.get(Definitions.HOMEINSTITUTIONADDRESS_NAME), + "AT", + "8010", + "Rechbauerstraße 12", + "Graz"); + + Assert.assertTrue(result.containsKey(Definitions.TEMPORARYADDRESS_NAME)); + checkComplexeAddress( + result.get(Definitions.TEMPORARYADDRESS_NAME), + "AT", + "8130", + "Kühau 22", + "Frohnleiten"); + + } + + private void checkComplexeAddress(Object toCheck, String cc, String postalCode, String Street, String city) { + Assert.assertNotNull(toCheck); + Assert.assertTrue(toCheck instanceof PostalAddress); + + PostalAddress addr = (PostalAddress)toCheck; + Assert.assertEquals(postalCode, addr.getPostCode()); + Assert.assertEquals(Street, addr.getCvAddressArea()); + Assert.assertEquals(Street, addr.getThoroughfare()); + Assert.assertEquals(city, addr.getPostName()); + + } + + @Test + public void checkCitizenship() throws Exception { + checkBasicMappingInitialization(Definitions.CITIZENSHIP_NAME, AttributeScopeMapper.Citizenship, false); + + } + + @Test + public void checkCityOfBirth() throws Exception { + checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PLACE_OF_BIRTH.getNameUri().toString(), AttributeScopeMapper.CityOfBirth, false); + + } + + @Test + public void checkCountryOfBirth() throws Exception { + checkBasicMappingInitialization(Definitions.COUNTRYOFBIRTH_NAME, AttributeScopeMapper.CountryOfBirth, false); + + } + + @Test + public void checkCurrentDegreeName() throws Exception { + checkBasicMappingInitialization(Definitions.CURRENTDEGREE_NAME, AttributeScopeMapper.CurrentDegreeName, false); + + } + + @Test + public void checkCurrentFieldOfStudy() throws Exception { + checkBasicMappingInitialization(Definitions.FIELDOFSTUDY_NAME, AttributeScopeMapper.CurrentFieldOfStudy, false); + } + + @Test + public void checkCurrentLevelOfStudy() throws Exception { + checkBasicMappingInitialization(Definitions.CURRENTLEVELOFSTUDY_NAME, AttributeScopeMapper.CurrentLevelOfStudy, false); + + } + + @Test + public void checkEmailStud() throws Exception { + checkBasicMappingInitialization(Definitions.EMAIL_NAME, AttributeScopeMapper.EmailStud, false); + + } + + @Test + public void checkGender() throws Exception { + checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.GENDER.getNameUri().toString(), AttributeScopeMapper.Gender, false); + + } + + @Test + public void checkHomeInstitutionName() throws Exception { + checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONNAME_NAME, AttributeScopeMapper.HomeInstitutionName, false); + + } + + @Test + public void checkHomeInstitutionCountry() throws Exception { + checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONCOUNTRY_NAME, AttributeScopeMapper.HomeInstitutionCountry, false); + + } + + @Test + public void checkHomeInstitutionAddressCountryCode() throws Exception { + checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONADDRESS_NAME, AttributeScopeMapper.HomeInstitutionAddressCountryCode, true); + + } + + @Test + public void checkHomeInstitutionAddressPostalCode() throws Exception { + checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONADDRESS_NAME, AttributeScopeMapper.HomeInstitutionAddressPostalCode, true); + + } + + @Test + public void checkHomeInstitutionAddressStreet() throws Exception { + checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONADDRESS_NAME, AttributeScopeMapper.HomeInstitutionAddressStreet, true); + + } + + @Test + public void checkHomeInstitutionAddressCity() throws Exception { + checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONADDRESS_NAME, AttributeScopeMapper.HomeInstitutionAddressCity, true); + + } + + @Test + public void checkPermanentAddressCity() throws Exception { + checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), AttributeScopeMapper.PermanentAddressCity, true); + + } + + @Test + public void checkPermanentAddressCountryCode() throws Exception { + checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), AttributeScopeMapper.PermanentAddressCountryCode, true); + + } + + @Test + public void checkPermanentAddressPostalCode() throws Exception { + checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), AttributeScopeMapper.PermanentAddressPostalCode, true); + + } + + @Test + public void checkPermanentAddressStreet() throws Exception { + checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), AttributeScopeMapper.PermanentAddressStreet, true); + + } + + @Test + public void checkStudyAddressCity() throws Exception { + checkBasicMappingInitialization(Definitions.TEMPORARYADDRESS_NAME, AttributeScopeMapper.StudyAddressCity, true); + + } + + @Test + public void checkStudyAddressCountryCode() throws Exception { + checkBasicMappingInitialization(Definitions.TEMPORARYADDRESS_NAME, AttributeScopeMapper.StudyAddressCountryCode, true); + + } + + @Test + public void checkStudyAddressPostalCode() throws Exception { + checkBasicMappingInitialization(Definitions.TEMPORARYADDRESS_NAME, AttributeScopeMapper.StudyAddressPostalCode, true); + + } + + @Test + public void checkStudyAddressStreet() throws Exception { + checkBasicMappingInitialization(Definitions.TEMPORARYADDRESS_NAME, AttributeScopeMapper.StudyAddressStreet, true); + + } + + private void checkBasicMappingInitialization(String eid4Uattr, String scope, boolean isComplexe) { + Assert.assertTrue((getMapper().isComplexeScope(scope) == isComplexe)); + + String eid4UattrRes = getMapper().geteIDASAttrFromScope(scope); + Assert.assertEquals(eid4Uattr, eid4UattrRes); + + String scopeRes = getMapper().getTUGScopesForAttribute(eid4Uattr); + if (isComplexe) { + Assert.assertNotNull(scopeRes); + Assert.assertTrue(scopeRes.contains(scope)); + + } else + Assert.assertEquals(scope, scopeRes); + + } + + private void checkAddress() { + + + } + + private AttributeScopeMapper getMapper() { + if (mapper == null) + mapper = AttributeScopeMapper.getInstance(); + + return mapper; + } + + + + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/test/resources/SpringTest-context.xml b/id/server/modules/moa-id-module-eIDAS/src/test/resources/SpringTest-context.xml new file mode 100644 index 000000000..7af79d60c --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/test/resources/SpringTest-context.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + +</beans> diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java index e8cfae10a..7bb98c719 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java @@ -322,7 +322,9 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMetadataProvider try { //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( - PVPConstants.SSLSOCKETFACTORYNAME, + PVPConstants.SSLSOCKETFACTORYNAME, + moaAuthConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), moaAuthConfig.getTrustedCACertificates(), null, AuthConfiguration.DEFAULT_X509_CHAININGMODE, diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java index b0736ff2e..cc987bfe7 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java @@ -56,7 +56,8 @@ public final class OAuth20Constants { public static final String PARAM_SCOPE = "scope"; public static final String PARAM_MOA_MOD = "mod"; public static final String PARAM_MOA_ACTION = "action"; - + public static final String PARAM_OPENID_CODE = "openid_code"; + // reponse parameters public static final String RESPONSE_CODE = "code"; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java index 19fdb3fee..9779b0cf4 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java @@ -44,16 +44,20 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType; import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; +import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate; +import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBirthDateAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonFamilyNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonGivenNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder; @@ -95,8 +99,9 @@ public final class OAuth20AttributeBuilder { private static final List<IAttributeBuilder> buildersProfile = new ArrayList<IAttributeBuilder>(); private static final List<IAttributeBuilder> buildersEID = new ArrayList<IAttributeBuilder>(); private static final List<IAttributeBuilder> buildersEIDGov = new ArrayList<IAttributeBuilder>(); - private static final List<IAttributeBuilder> buildersMandate = new ArrayList<IAttributeBuilder>(); - private static final List<IAttributeBuilder> buildersSTORK = new ArrayList<IAttributeBuilder>(); + private static final List<IAttributeBuilder> buildersMandate = new ArrayList<IAttributeBuilder>(); + @Deprecated private static final List<IAttributeBuilder> buildersSTORK = new ArrayList<IAttributeBuilder>(); + static { // openId buildersOpenId.add(new OpenIdIssuerAttribute()); @@ -120,11 +125,14 @@ public final class OAuth20AttributeBuilder { buildersEID.add(new EIDAuthBlock()); buildersEID.add(new EIDSignerCertificate()); buildersEID.add(new BPKAttributeBuilder()); + buildersEID.add(new BPKListAttributeBuilder()); + buildersEID.add(new EncryptedBPKAttributeBuilder()); // eID_gov buildersEIDGov.add(new EIDSourcePIN()); buildersEIDGov.add(new EIDSourcePINType()); buildersEIDGov.add(new EIDIdentityLinkBuilder()); + buildersEIDGov.add(new BPKListAttributeBuilder()); // mandate buildersMandate.add(new MandateTypeAttributeBuilder()); @@ -133,6 +141,8 @@ public final class OAuth20AttributeBuilder { buildersMandate.add(new MandateNaturalPersonSourcePinAttributeBuilder()); buildersMandate.add(new MandateNaturalPersonSourcePinTypeAttributeBuilder()); buildersMandate.add(new MandateNaturalPersonBPKAttributeBuilder()); + buildersMandate.add(new MandateNaturalPersonBPKListAttributeBuilder()); + buildersMandate.add(new MandateNaturalPersonEncBPKListAttributeBuilder()); buildersMandate.add(new MandateNaturalPersonFamilyNameAttributeBuilder()); buildersMandate.add(new MandateNaturalPersonGivenNameAttributeBuilder()); buildersMandate.add(new MandateNaturalPersonBirthDateAttributeBuilder()); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index b00675e7c..3b300c824 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -58,7 +58,7 @@ import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner; import at.gv.egovernment.moa.logging.Logger; @Service("OAuth20AuthAction") -class OAuth20AuthAction implements IAction { +public class OAuth20AuthAction implements IAction { @Autowired protected IRevisionLogger revisionsLogger; @Autowired protected ITransactionStorage transactionStorage; @@ -131,7 +131,7 @@ class OAuth20AuthAction implements IAction { } - private Map<String, Object> generateIDToken(OAuth20SessionObject auth20SessionObject, + public Map<String, Object> generateIDToken(OAuth20SessionObject auth20SessionObject, OAuth20AuthRequest oAuthRequest, IAuthData authData, String accessToken) throws SignatureException, MOAIDException { // create response diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index 0350a113c..4dc99262e 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -24,19 +24,20 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; import javax.servlet.http.HttpServletRequest; +import org.apache.commons.lang.StringUtils; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; import at.gv.egovernment.moa.logging.Logger; @@ -160,7 +161,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { } @Override - protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception { + protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig, ISPConfiguration oAuthConfig) throws OAuth20Exception { this.setResponseType(this.getParam(request, OAuth20Constants.PARAM_RESPONSE_TYPE, true)); this.setState(this.getParam(request, OAuth20Constants.PARAM_STATE, true)); this.setRedirectUri(this.getParam(request, OAuth20Constants.PARAM_REDIRECT_URI, true)); @@ -178,25 +179,23 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_STATE); } - // check if client id and redirect uri are ok - try { - // OAOAUTH20 cannot be null at this point. check was done in base request - ISPConfiguration oAuthConfig = authConfig.getServiceProviderConfiguration(this.getSPEntityId()); - - - if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) - || !this.getRedirectUri().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) { - throw new OAuth20AccessDeniedException(); - } - - this.setOnlineApplicationConfiguration(oAuthConfig); - Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID); + // OAOAUTH20 cannot be null at this point. check was done in base request + if (StringUtils.isEmpty(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET)) + || StringUtils.isEmpty(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) + || StringUtils.isEmpty(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) { + throw new OAuth20OANotSupportedException(); + } + + if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) + || !this.getRedirectUri().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) { + throw new OAuth20AccessDeniedException(); - } catch (EAAFConfigurationException e) { - throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } + this.setOnlineApplicationConfiguration(oAuthConfig); + Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID); + } // /* (non-Javadoc) diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java index 118de861c..9cceea7d5 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java @@ -35,10 +35,8 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; -import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; -import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -77,21 +75,17 @@ abstract class OAuth20BaseRequest extends RequestImpl { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } - if (StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET)) - || StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) - || StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) { - throw new OAuth20OANotSupportedException(); - } + // oAuth + this.populateSpecialParameters(request, authConfig, oaParam); + + // cleanup parameters + this.checkAllowedParameters(request); + } catch (EAAFConfigurationException e) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } - - // oAuth - this.populateSpecialParameters(request, authConfig); - - // cleanup parameters - this.checkAllowedParameters(request); + } private void checkAllowedParameters(final HttpServletRequest request) throws OAuth20WrongParameterException { @@ -112,6 +106,6 @@ abstract class OAuth20BaseRequest extends RequestImpl { } - protected abstract void populateSpecialParameters(final HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception; + protected abstract void populateSpecialParameters(final HttpServletRequest request, IConfiguration authConfig, ISPConfiguration oaParam) throws OAuth20Exception; } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 9f4174bf0..0952ba0a6 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -11,6 +11,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @@ -21,10 +22,12 @@ import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IModulInfo; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; @@ -47,7 +50,9 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, PVPConstants.BPK_NAME }); - + + @Autowired(required=true) AuthConfiguration moaAuthConfig; + public String getName() { return NAME; } @@ -68,12 +73,12 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme //OpenID Connect auth request @RequestMapping(value = "/oauth2/auth", method = {RequestMethod.POST, RequestMethod.GET}) - public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException { -// if (!authConfig.getAllowedProtocols().isOAUTHActive()) { -// Logger.info("OpenID-Connect is deaktivated!"); -// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); -// -// } + public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException, IOException { + if (!moaAuthConfig.getAllowedProtocols().isOAUTHActive()) { + Logger.info("OpenID-Connect is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); + + } OAuth20AuthRequest pendingReq = applicationContext.getBean(OAuth20AuthRequest.class); try { @@ -102,12 +107,12 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme //openID Connect tokken request @RequestMapping(value = "/oauth2/token", method = {RequestMethod.POST, RequestMethod.GET}) - public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException { -// if (!authConfig.getAllowedProtocols().isOAUTHActive()) { -// Logger.info("OpenID-Connect is deaktivated!"); -// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); -// -// } + public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException, IOException, InvalidProtocolRequestException { + if (!moaAuthConfig.getAllowedProtocols().isOAUTHActive()) { + Logger.info("OpenID-Connect is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); + + } OAuth20TokenRequest pendingReq = applicationContext.getBean(OAuth20TokenRequest.class); try { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java index 89e4252b1..9a3613ea1 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java @@ -24,20 +24,20 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; import javax.servlet.http.HttpServletRequest; +import org.apache.commons.lang.StringUtils; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidGrantException; -import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException; import at.gv.egovernment.moa.logging.Logger; @Component("OAuth20TokenRequest") @@ -125,7 +125,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { } @Override - protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception { + protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig, ISPConfiguration oaParam) throws OAuth20Exception { this.setCode(this.getParam(request, OAuth20Constants.RESPONSE_CODE, true)); this.setGrantType(this.getParam(request, OAuth20Constants.PARAM_GRANT_TYPE, true)); this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true)); @@ -136,26 +136,21 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { throw new OAuth20InvalidGrantException(); } - // check if client id and secret are ok - try { - // OAOAUTH20 cannot be null at this point. check was done in base request - ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(this.getSPEntityId()); - - if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) { - throw new OAuth20AccessDeniedException(); - } - - if (!this.getClientSecret().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))) { - throw new OAuth20AccessDeniedException(); - } - - this.setOnlineApplicationConfiguration(oaParam); - + // OAOAUTH20 cannot be null at this point. check was done in base request + if (StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET)) + || StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) + throw new OAuth20OANotSupportedException(); + + if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) { + throw new OAuth20AccessDeniedException(); } - catch (EAAFConfigurationException e) { - throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); + + if (!this.getClientSecret().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))) { + throw new OAuth20AccessDeniedException(); } + this.setOnlineApplicationConfiguration(oaParam); + Logger.info("Dispatch OpenIDConnect TokenRequest: ClientID=" + this.clientID); //add valid parameters diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java index 87e9e933d..a8c4a941e 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java @@ -55,6 +55,7 @@ public class SL20SignalServlet extends AbstractProcessEngineSignalController { }, method = {RequestMethod.POST, RequestMethod.GET}) public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + Logger.trace("Receive req. on SL2.0 servlet with pendingReqId ... "); signalProcessManagement(req, resp); } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java index 6811d1016..0c97641c7 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java @@ -77,15 +77,20 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask { //validate eID data QualifiedeIDVerifier.verifyIdentityLink(idl, pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class), - (AuthConfiguration) authConfig); + (AuthConfiguration) authConfig); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED); + + //validate AuthBlock authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock( authBlockB64, pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class), (AuthConfiguration) authConfig); - + QualifiedeIDVerifier.checkConsistencyOfeIDData(sl20ReqId, idl, authBlockExtractor, authBlockVerificationResult); - + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED); + + //TODO: add LoA verification } catch (MOAIDException e) { @@ -97,24 +102,21 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask { throw e; } - - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED); - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED); - - - + //add into session AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); moasession.setIdentityLink(idl); moasession.setBkuURL(ccsURL); - //TODO: from AuthBlock - if (authBlockVerificationResult != null) + moasession.setQAALevel(LoA); + + if (authBlockVerificationResult != null) { moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(authBlockVerificationResult.getSigningDateTime())); - else + moasession.setSignerCertificate(authBlockVerificationResult.getX509certificate()); + + } else moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar.getInstance())); - moasession.setQAALevel(LoA); - + //store pending request requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java index 69e3e7995..0d6086118 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java @@ -323,4 +323,10 @@ public class DummyOA implements IOAAuthParameters { return false; } + @Override + public List<String> additionalbPKSectorsRequested() { + // TODO Auto-generated method stub + return null; + } + } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java index 044366eb6..e7280f847 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -29,6 +29,7 @@ import java.util.List; import org.w3c.dom.Element; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; @@ -197,7 +198,7 @@ public class SSOTransferAuthenticationData implements IMOAAuthData { * @see at.gv.egovernment.moa.id.data.IAuthData#getEncbPKList() */ @Override - public List<String> getEncbPKList() { + public List<Pair<String, String>> getEncbPKList() { // TODO Auto-generated method stub return null; } @@ -374,5 +375,23 @@ public class SSOTransferAuthenticationData implements IMOAAuthData { return false; } + @Override + public List<Pair<String, String>> getAdditionalbPKs() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isIseIDNewDemoMode() { + // TODO Auto-generated method stub + return false; + } + + @Override + public List<Pair<String, String>> getEncMandateNaturalPersonbPKList() { + // TODO Auto-generated method stub + return null; + } + } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java index c9bccb708..9e7a4fe8c 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java @@ -482,4 +482,10 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters { return null; } + @Override + public List<String> additionalbPKSectorsRequested() { + // TODO Auto-generated method stub + return null; + } + } diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml index 8b232cf29..3a401d80e 100644 --- a/id/server/modules/moa-id-modules-saml1/pom.xml +++ b/id/server/modules/moa-id-modules-saml1/pom.xml @@ -38,10 +38,10 @@ <!-- Only for development to use SAML1 protocol SAML1 is removed from official OPB release --> - <dependency> +<!-- <dependency> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-module-eIDAS</artifactId> - </dependency> + </dependency> --> <!-- <dependency> <groupId>MOA</groupId> @@ -62,10 +62,10 @@ <artifactId>moa-id-modul-citizencard_authentication</artifactId> </dependency> - <dependency> +<!-- <dependency> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-module-eIDAS</artifactId> - </dependency> + </dependency> --> <dependency> <groupId>junit</groupId> diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index c8f01f67d..64a4bae63 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -48,6 +48,7 @@ import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.data.Pair; @@ -71,7 +72,13 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.data.MOAAuthenticationData; +import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -338,7 +345,92 @@ public class SAML1AuthenticationServer extends AuthenticationServer { ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); } - + + //add additional bPKs and foreign bPKs in case of Austrian eID demo-mode + if (Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, + String.valueOf(false)))) { + Logger.info("Demo-mode for 'New Austrian eID' is active. Add additonal attributes ... "); + + if (oaAttributes == null) + oaAttributes = new ArrayList<ExtendedSAMLAttribute>(); + + try { + String additionalBpks = new BPKListAttributeBuilder().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + if (MiscUtil.isNotEmpty(additionalBpks)) { + Logger.trace("Adding additional bPKs: " + additionalBpks + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.BPK_LIST_FRIENDLY_NAME, additionalBpks, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + } catch (AttributeBuilderException e) { + Logger.info("Can NOT build additional bPKs. Reason: " + e.getMessage()); + + } + + try { + String encryptedBpks = new EncryptedBPKAttributeBuilder().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + if (MiscUtil.isNotEmpty(encryptedBpks)) { + Logger.trace("Adding foreign bPKs: " + encryptedBpks + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME, encryptedBpks, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + } catch (AttributeBuilderException e) { + Logger.info("Can NOT build additional foreign bPKs. Reason: " + e.getMessage()); + + } + + //for mandates + try { + String additionalMandatorBpks = new MandateNaturalPersonBPKListAttributeBuilder().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + if (MiscUtil.isNotEmpty(additionalMandatorBpks)) { + Logger.trace("Adding additional Mandator bPKs: " + additionalMandatorBpks + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, additionalMandatorBpks, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + } catch (AttributeBuilderException e) { + Logger.info("Can NOT build additional Mandator bPKs. Reason: " + e.getMessage()); + + } + + try { + String encryptedMandatorBpks = new MandateNaturalPersonEncBPKListAttributeBuilder().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + if (MiscUtil.isNotEmpty(encryptedMandatorBpks)) { + Logger.trace("Adding foreign Mandator bPKs: " + encryptedMandatorBpks + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, encryptedMandatorBpks, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + } catch (AttributeBuilderException e) { + Logger.info("Can NOT build foreign Mandator bPKs. Reason: " + e.getMessage()); + + } + + } + String samlAssertion = null; //add mandate info's if (authData.isUseMandate()) { diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 30d740a2a..20c66d7a2 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -41,11 +41,13 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; @@ -90,6 +92,8 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement PVPConstants.EID_SOURCE_PIN_TYPE_NAME }); + @Autowired(required=true) AuthConfiguration moaAuthConfig; + public String getName() { return NAME; } @@ -102,11 +106,11 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement @RequestMapping(value = "/StartAuthentication", method = {RequestMethod.POST, RequestMethod.GET}) public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { -// if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) { -// Logger.info("SAML1 is deaktivated!"); -// throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" }); -// -// } + if (!moaAuthConfig.getAllowedProtocols().isSAML1Active()) { + Logger.info("SAML1 is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" }); + + } SAML1RequestImpl pendingReq = applicationContext.getBean(SAML1RequestImpl.class); pendingReq.initialize(req, authConfig); diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index 06c9a341a..a86090178 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -65,4 +65,4 @@ </dependency> </dependencies> -</project>
\ No newline at end of file +</project> |