aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2019-02-27 10:08:31 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2019-02-27 10:08:31 +0100
commitd23e3745dd4a40196b03f937b9ba8c4ed840a108 (patch)
tree2195fbe110c392728b3009aa545363540a94294e /id/server
parent86aa898406f539fd06129360c58c654afc62e904 (diff)
parentf923a89436377f581c6e2ab6637024aa068bf9fb (diff)
downloadmoa-id-spss-d23e3745dd4a40196b03f937b9ba8c4ed840a108.tar.gz
moa-id-spss-d23e3745dd4a40196b03f937b9ba8c4ed840a108.tar.bz2
moa-id-spss-d23e3745dd4a40196b03f937b9ba8c4ed840a108.zip
Merge tag 'MOA-ID-3.4.2'
Diffstat (limited to 'id/server')
-rw-r--r--id/server/data/deploy/conf/moa-id/moa-id.properties14
-rw-r--r--id/server/doc/handbook/config/config.html93
-rw-r--r--id/server/doc/handbook/protocol/protocol.html30
-rw-r--r--id/server/idserverlib/pom.xml18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java107
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenericFrontChannelRedirectTask.java66
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java1221
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java702
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java72
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java56
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java154
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java83
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java62
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java (renamed from id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java)4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java37
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java11
-rw-r--r--id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder3
-rw-r--r--id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml4
-rw-r--r--id/server/idserverlib/src/main/resources/session.redis.beans.xml3
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java5
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java6
-rw-r--r--id/server/moa-id-commons/pom.xml4
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java1
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java12
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java25
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java26
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java5
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java20
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java44
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java3
-rw-r--r--id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java4
-rw-r--r--id/server/modules/moa-id-module-eIDAS/.gitignore1
-rw-r--r--id/server/modules/moa-id-module-eIDAS/pom.xml62
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java94
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java61
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java25
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java239
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java14
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java4
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java32
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java181
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java5
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java238
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java42
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java11
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java5
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java3
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java3
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java1
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java5
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java5
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java2
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java3
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java49
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java72
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java49
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java48
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java50
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java51
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java49
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java70
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java31
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder30
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute31
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml74
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml17
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/eID4U_TUG_scopes.map27
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java253
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/test/resources/SpringTest-context.xml12
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java4
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java3
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java14
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java4
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java33
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java22
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java31
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java35
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java1
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java30
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java6
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java21
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java6
-rw-r--r--id/server/modules/moa-id-modules-saml1/pom.xml8
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java94
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java14
-rw-r--r--id/server/modules/pom.xml2
122 files changed, 3898 insertions, 2203 deletions
diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties
index 6dddb454a..678c381cb 100644
--- a/id/server/data/deploy/conf/moa-id/moa-id.properties
+++ b/id/server/data/deploy/conf/moa-id/moa-id.properties
@@ -247,4 +247,16 @@ service.egovutil.szr.ssl.truststore.file=
service.egovutil.szr.ssl.truststore.password=
service.egovutil.szr.ssl.truststore.type=
service.egovutil.szr.ssl.trustall=false
-service.egovutil.szr.ssl.laxhostnameverification=false \ No newline at end of file
+service.egovutil.szr.ssl.laxhostnameverification=false
+
+
+################ Encrypted foreign bPK generation ####################################
+## This demo-extension enables encrypted bPK generation on MOA-ID-Auth side.
+## If you like to use this feature, the public key for encryption has to be added
+## as X509 certificate in Base64 encoded from. The selection will be done on sector
+## identifier, like 'wbpk+FN+195755b' for a private company (similar to ENC_BPK_LIST in
+## PVP Attribute Profie 2.1.2)
+## Additonal encryption keys can be added by add a ney configuration line, like
+## configuration.foreignsectors.pubkey.BMI+T1=MIICuTCCAaG (VKZ='BMI', Public Target='T1')
+########
+#configuration.foreignsectors.pubkey.wbpk+FN+195755b=MIIF2TCCA8GgAw... \ No newline at end of file
diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
index 864337862..90227cf9b 100644
--- a/id/server/doc/handbook/config/config.html
+++ b/id/server/doc/handbook/config/config.html
@@ -119,6 +119,7 @@
<li><a href="#konfigurationsparameter_oa_general_business">Privatwirtschaftlicher Bereich</a></li>
</ol>
</li>
+ <li><a href="#konfigurationsparameter_oa_eID_demo">Demo-Modus f&uuml;r 'Austrian eID'</a></li>
<li><a href="#konfigurationsparameter_oa_bku">BKU Konfiguration</a></li>
<li><a href="#konfigurationsparameter_oa_sl20">Security Layer für mobile Authententifizierung</a></li>
<li><a href="#konfigurationsparameter_oa_testcredentials">Test Credentials</a></li>
@@ -412,6 +413,12 @@ UNIX: moa.id.configuration=file:C:/Programme/apache/tomcat-8.x.x/conf/moa-id/moa
<p><strong>Hinweis:</strong> Dieses Passwort muss identisch zu dem im Modul <a href="#moa_id_config_parameters_generel">MOA-ID-Configuration</a> hinterlegten Passwort sein.</p></td>
</tr>
<tr>
+ <td>configuration.ssl.useStandardJavaTrustStore</td>
+ <td>true / false</td>
+ <td><p>Deaktiviert die MOA-ID spezifische SSL TrustStore Implementierung. Wird dieser Parameter auf <em>true</em> gesetzt, verwendet MOA-ID den TrustStore der Java VM.</p>
+ <p><strong>Defaultwert:</strong> false</p></td>
+ </tr>
+ <tr>
<td>configuration.ssl.validation.revocation.method.order</td>
<td>ocsp,crl</td>
<td><p>Definiert die Reihenfolge des Zertifikatsrevokierungschecks bei SSL Verbindungen. Die Defaultreihenfolge ist OCSP, CRL.</p>
@@ -829,7 +836,8 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
<tr>
<td>modules.sl20.security.keystore.path</td>
<td>keys/sl20.jks</td>
- <td>Dateiname des Java Keystore welcher die Schl&uuml;ssel zum Signieren und Verschl&uuml;sseln von Security-Layer 2.0 Nachrichten beinhaltet. Des weiteren dient dieser KeyStore als TrustStore zur Validierung von signierten Security-Layer 2.0 Nachrichten. Somit m&uuml;ssen Signaturzertifikate von SL2.0 Teilnehmern in diesem TrustStore hinterlegt sein.</td>
+ <td>Dateiname des Java Keystore/TrustStore welcher die Schl&uuml;ssel zum Signieren und Verschl&uuml;sseln von Security-Layer 2.0 Nachrichten beinhaltet. <br>
+ Des weiteren dient dieser KeyStore als TrustStore zur Validierung von signierten Security-Layer 2.0 Nachrichten. Somit m&uuml;ssen Signaturzertifikate von SL2.0 Teilnehmern (z.B. Hand-Signatur der A-Trust) in diesem TrustStore hinterlegt sein.</td>
</tr>
<tr>
<td>modules.sl20.security.keystore.password</td>
@@ -1552,7 +1560,62 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der
</tr>
</table>
-<h4><a name="konfigurationsparameter_oa_bku" id="uebersicht_zentraledatei_aktualisierung20"></a>3.2.2 BKU Konfiguration</h4>
+<p>&nbsp;</p>
+<h4><a name="konfigurationsparameter_oa_eID_demo" id="uebersicht_zentraledatei_aktualisierung32"></a>3.2.2 Demo-Modus f&uuml;r 'Austrian eID'</h4>
+<p>Dieser Abschnitt behandelt den Demo-Modus f&uuml;r die kommende 'Austrian eID' welcher mit der MOA-ID Version 3.4.2 eingef&uuml;hrt wurde. Ist der Demo-Modus aktiviert &auml;ndert sich das m&ouml;gliche Attribut-Set welches Online Applikation zur Verf&uuml;gung gestellt wird. Als Attributbezeichner in der nachfolgenden Liste werden die Attributebezeichnungen aus dem PVP Attribute-Profil verwendet. Ein Mapping auf OpenID-Connect Scopes oder SAML1 Attribute finden Sie in Kapitel <a href="../protocol/protocol.html#allgemeines_attribute">Protokolle</a>. Als weitere Anpassung wird mit hoher Wahrscheinlichkeit die iFrame Integration der Handy-Signatur nicht mehr zur Verf&uuml;gung stehen und es erfolgt eine vollformat Weiterleitung an den 'Austrian eID'. Diese Anpassung ist in der MOA-ID Version 3.4.2 noch nicht ber&uuml;cksichtig.</p>
+<p>Folgende Attribute stehen nicht mehr zur Verf&uuml;gung:</p>
+<ul>
+ <li>EID-SOURCE-PIN (urn:oid:1.2.40.0.10.2.1.1.261.36)</li>
+ <li>EID-SOURCE-PIN-TYPE (1.2.40.0.10.2.1.1.261.104)</li>
+ <li>EID-IDENTITY-LINK (urn:oid:1.2.40.0.10.2.1.1.261.38)</li>
+ <li>EID-AUTH-BLOCK (urn:oid:1.2.40.0.10.2.1.1.261.62)</li>
+ <li>MANDATOR-NATURAL-PERSON-SOURCE-PIN (urn:oid:1.2.40.0.10.2.1.1.261.70)</li>
+ <li>MANDATOR-NATURAL-PERSON-SOURCE-PIN-TYPE (urn:oid:1.2.40.0.10.2.1.1.261.102)</li>
+ <li>MANDATE-FULL-MANDATE (urn:oid:1.2.40.0.10.2.1.1.261.92)</li>
+</ul>
+<p>Folgende neuen Attribute stehen zur Verf&uuml;gung:</p>
+<ul>
+ <li>ENC-BPK-LIST (urn:oid:1.2.40.0.10.2.1.1.261.22)</li>
+ <li>BPK-LIST (urn:oid:1.2.40.0.10.2.1.1.261.28) <em>(Dieses Attribute ist im aktuellen PVP Attribut-Profil 2.1.3 noch nicht enthalten. Eine Aufnahme ist jedoch in Vorbereitung)</em></li>
+ <li>MANDATOR-NATURAL-PERSON-ENC-BPK-LIST (urn:oid:1.2.40.0.10.2.1.1.261.72)</li>
+ <li>MANDATOR-NATURAL-PERSON-BPK-LIST (urn:oid:1.2.40.0.10.2.1.1.261.73) <em>(Dieses Attribute ist im aktuellen PVP Attribut-Profil 2.1.3 noch nicht enthalten. Eine Aufnahme ist jedoch in Vorbereitung)</em></li>
+</ul>
+<p>&nbsp;</p>
+<table class="configtable">
+ <tr>
+ <th width="15%">Name</th>
+ <th width="15%">Beispielwerte</th>
+ <th width="8%">Admin</th>
+ <th width="12%">Optional</th>
+ <th width="50%">Beschreibung</th>
+ </tr>
+ <tr>
+ <td><span id="wwlbl_loadOA_targetConfig_eidDemoActive">Demo-Modus aktivieren</span></td>
+ <td><p>&nbsp;</p></td>
+ <td align="center">&nbsp;</td>
+ <td align="center">X</td>
+ <td>Aktiviert den Demo-Modus f&uuml;r die 'Austrian eID' f&uuml;r diese Online Applikation. </td>
+ </tr>
+ <tr>
+ <td><span id="wwlbl_loadOA_targetConfig_foreignbPKTargets">Sektoren f&uuml;r Fremd-bPKs</span></td>
+ <td>wbpk+FN+468924i,BMI+T1</td>
+ <td align="center">&nbsp;</td>
+ <td align="center">X</td>
+ <td><p>Eine CSV Liste von Bereichen f&uuml;r welche die Online Applikation verschl&uuml;sselte Fremd-bPKs ben&ouml;tigt. </p>
+ <p><strong>Hinweis:</strong> Da es sich hierbei nur um eine Demo handelt muss <a href="#basisconfig_moa_id_auth_others">das Schl&uuml;sselmaterial f&uuml;r die Verschl&uuml;sselung in MOA-ID hinterlegt werden</a>.</p></td>
+ </tr>
+ <tr>
+ <td><span id="wwlbl_loadOA_targetConfig_additionalbPKTargets">Sektoren f&uuml;r weitere bPKs</span></td>
+ <td><p>urn:publicid:gv.at:cdid+T1,</p>
+ <p>urn:publicid:gv.at:wbpk+FN+468924i</p></td>
+ <td align="center">&nbsp;</td>
+ <td align="center">X</td>
+ <td><p>Eine CSV Liste von Bereichen f&uuml;r welche die Online Applikation bPKs aus anderen Bereichen ben&ouml;togt.</p>
+ <p><strong>Hinweis:</strong> Die Angabe der Bereiche erfolgt mit dem vollst&auml;ndigen Bereichsidentifier inkl. Prefix.</p></td>
+ </tr>
+</table>
+<p>&nbsp;</p>
+<h4><a name="konfigurationsparameter_oa_bku" id="uebersicht_zentraledatei_aktualisierung20"></a>3.2.3 BKU Konfiguration</h4>
<p>Dieser Abschnitt behandelt online-applikationsspezifische Einstellungen zum Anmeldeprozess. Diese Einstellungen stehen jedoch nur einer Benutzerin oder einem Benutzer mit der Role <em>admin</em> zur Verf&uuml;gung.</p>
<table class="configtable">
<tr>
@@ -1600,7 +1663,7 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der
<td>&Uuml;ber diese Funktion k&ouml;nnen drei zus&auml;tzliche SecurtityLayer-Request Templates f&uuml;r diese Online-Applikation definiert werden. Diese hier definierten Templates dienen als zus&auml;tzliche WhiteList f&uuml;r Templates welche im &bdquo;StartAuthentication&ldquo; Request mit dem Parameter &bdquo;template&ldquo; &uuml;bergeben werden. Sollte im &bdquo;StartAuthentication&ldquo; Request der Parameter &bdquo;template&ldquo; fehlen, es wurde jedoch eine &bdquo;bkuURL&ldquo; &uuml;bergeben, dann wird f&uuml;r den Authentifizierungsvorgang das erste Template in dieser Liste verwendet. Detailinformationen zum <a href="./../protocol/protocol.html#allgemeines_legacy">Legacy Request</a> finden Sie im Kapitel Protokolle.</td>
</tr>
</table>
-<h4><a name="konfigurationsparameter_oa_sl20" id="uebersicht_zentraledatei_aktualisierung31"></a> 3.2.3 Security Layer f&uuml;r mobile Authententifizierung</h4>
+<h4><a name="konfigurationsparameter_oa_sl20" id="uebersicht_zentraledatei_aktualisierung31"></a> 3.2.4 Security Layer f&uuml;r mobile Authententifizierung</h4>
<p>Mit diesem Abschnitt kann der neue Security Layer f&uuml;r mobile Authentifzierung f&uuml;r diese Online Applikation aktiviert werden.<br>
Wird diese Schnittstelle aktiviert ist die Security-Layer 1.x Schnittstelle zur B&uuml;rgerkartenkommunikation deaktiviert und steht nicht mehr zur Verf&uuml;gung.</p>
<table class="configtable">
@@ -1630,7 +1693,7 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der
</tr>
</table>
<p>&nbsp;</p>
-<h4><a name="konfigurationsparameter_oa_testcredentials" id="uebersicht_zentraledatei_aktualisierung10"></a> 3.2.4 Test Identit&auml;ten</h4>
+<h4><a name="konfigurationsparameter_oa_testcredentials" id="uebersicht_zentraledatei_aktualisierung10"></a> 3.2.5 Test Identit&auml;ten</h4>
<p>In diesem Abschnitt k&ouml;nnen f&uuml;r diese Online-Applikation Testidentit&auml;ten erlaubt werden. Diese Testidentit&auml;ten k&ouml;nnen auch bei produktiven Instanzen freigeschalten werden, da die Unterschiedung zwischen Produkt- und Testidentit&auml;t anhand einer speziellen OID im Signaturzertifikat der Testidentit&auml;t getroffen wird. Folgende Konfigurationsparameter stehen hierf&uuml;r zur Verf&uuml;gung.</p>
<table class="configtable">
<tr>
@@ -1672,7 +1735,7 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der
</table>
<p>&nbsp;</p>
<p><strong>Hinweis:</strong> Diese Funktionalit&auml;t steht jedoch nur Testidentit&auml;ten welchen bereits mit einer Test OID im Signaturzertifikat ausgestattet sind zur Verf&uuml;gung.</p>
-<h4><a name="konfigurationsparameter_oa_mandates" id="uebersicht_zentraledatei_aktualisierung21"></a>3.2.5 Vollmachten</h4>
+<h4><a name="konfigurationsparameter_oa_mandates" id="uebersicht_zentraledatei_aktualisierung21"></a>3.2.6 Vollmachten</h4>
<p>Dieser Abschnitt behandelt online-applikationsspezifische Einstellungen zur Anmeldung mittels Online-Vollmachen.</p>
<table class="configtable">
<tr>
@@ -1722,7 +1785,7 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der
</table>
<p>&nbsp;</p>
<p><strong>Hinweis:</strong> Werden f&uuml;r die Online-Applikation eigene Templates f&uuml;r die B&uuml;rgerkartenauswahl oder die zus&auml;tzliche Anmeldeabfrage im SSO Fall (siehe <a href="#konfigurationsparameter_oa_bku">Abschnitt 3.2.2</a>) verwendet, stehen alle Konfigurationsparameter die Einfluss auf die BKU-Auswahl haben nicht zur Verf&uuml;gung. Die Funktionalit&auml;t der entsprechenden Parameter hat jedoch weiterhin Einfluss auf den Anmeldevorgang.</p>
-<h4><a name="konfigurationsparameter_oa_szr-gw-service" id="uebersicht_zentraledatei_aktualisierung12"></a>3.2.6 Zentraler nationaler eIDAS Connector</h4>
+<h4><a name="konfigurationsparameter_oa_szr-gw-service" id="uebersicht_zentraledatei_aktualisierung12"></a>3.2.7 Zentraler nationaler eIDAS Connector</h4>
<p>Dieser Abschnitt behandelt online-applikationsspezifische Einstellungen zum Ankn&uuml;pfung an den zentralen nationalen eIDAS Connector</p>
<table class="configtable">
<tr>
@@ -1742,7 +1805,7 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der
</tr>
</table>
<p>&nbsp;</p>
-<h4><a name="konfigurationsparameter_oa_sso" id="uebersicht_zentraledatei_aktualisierung22"></a>3.2.7 Single Sign-On (SSO)</h4>
+<h4><a name="konfigurationsparameter_oa_sso" id="uebersicht_zentraledatei_aktualisierung22"></a>3.2.8 Single Sign-On (SSO)</h4>
<p>Dieser Abschnitt behandelt online-applikationsspezifische Einstellungen zu Single Sign-On</p>
<table class="configtable">
<tr>
@@ -1769,7 +1832,7 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der
<p><strong>Hinweis:</strong> Diese Abfrage ist standardm&auml;&szlig;ig aktiviert und kann nur durch einen Benutzer mit der Role <em>admin</em> deaktiviert werden.</p></td>
</tr>
</table>
-<h4><a name="konfigurationsparameter_oa_stork" id="uebersicht_zentraledatei_aktualisierung23"></a>3.2.8 Authentifizierung mittels eIDAS</h4>
+<h4><a name="konfigurationsparameter_oa_stork" id="uebersicht_zentraledatei_aktualisierung23"></a>3.2.9 Authentifizierung mittels eIDAS</h4>
<p>Dieser Abschnitt behandelt Online-Applikationsspezifische Einstellungen zur Authentifizierung mittels eIDAS.</p>
<table class="configtable">
<tr>
@@ -1793,10 +1856,10 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der
</table>
<p>&nbsp;</p>
<p><strong>Hinweis:</strong> Werden f&uuml;r die Online-Applikation eigene Templates f&uuml;r die B&uuml;rgerkartenauswahl oder die zus&auml;tzliche Anmeldeabfrage im SSO Fall (siehe <a href="#konfigurationsparameter_oa_bku">Abschnitt 3.2.2</a>) verwendet, stehen alle Konfigurationsparameter die Einfluss auf die BKU-Auswahl haben nicht zur Verf&uuml;gung.</p>
-<h4><a name="konfigurationsparameter_oa_protocol" id="uebersicht_zentraledatei_aktualisierung24"></a>3.2.9 Authentifizierungsprotokolle</h4>
+<h4><a name="konfigurationsparameter_oa_protocol" id="uebersicht_zentraledatei_aktualisierung24"></a>3.2.10 Authentifizierungsprotokolle</h4>
<p>Dieser Abschnitt behandelt online-applikationsspezifische Einstellungen zu den von der Online-Applikation unterst&uuml;tzen Authentifizierungsprotokollen. Eine Verwendung aller zur Verf&uuml;gung stehender Authentifizierungsprotokolle durch die Online-Applikation ist ebenfalls m&ouml;glich. Hierf&uuml;r m&uuml;ssen nur alle ben&ouml;tigten Protokolle konfiguriert werden. N&auml;here Informationen zu den unterst&uuml;tzten Protokollen finden sie im Kapitel <a href="./../protocol/protocol.html">Protokolle</a>.</p>
<p>Aus Gr&uuml;nden der &Uuml;bersichtlichkeit kann der Konfigurationsbereich f&uuml;r jeden Protokoll, in der Web-Oberfl&auml;che des Konfigurationstools, ein- oder ausgeblendet werden.</p>
-<h5><a name="konfigurationsparameter_oa_protocol_saml1" id="uebersicht_zentraledatei_aktualisierung25"></a>3.2.9.1 SAML1</h5>
+<h5><a name="konfigurationsparameter_oa_protocol_saml1" id="uebersicht_zentraledatei_aktualisierung25"></a>3.2.10.1 SAML1</h5>
<p>F&uuml;r das Protokoll SAML1 stehen folgende Konfigurationsparameter zur Verf&uuml;gung.</p>
<table class="configtable">
<tr>
@@ -1851,7 +1914,7 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der
</table>
<p>&nbsp;</p>
<p><strong>Hinweis: </strong>Das Modul MOA-ID-Auth in der Version 2.0 unterst&uuml;tzt SAML1 nur mehr zur Abw&auml;rtskompatibilit&auml;t mit bereits bestehenden Online-Applikationen. Wir empfehlen den Umstieg auf ein anderes, von MOA-ID-Auth unterst&uuml;tztes, Authentifizierungsprotokoll. Aus diesem Grund steht die Konfiguration des SAML1 Protokolls nur mehr einer Benutzerin oder einem Benutzer mit der Role <em>admin</em> zur Verf&uuml;gung.</p>
-<h5><a name="konfigurationsparameter_oa_protocol_pvp21" id="uebersicht_zentraledatei_aktualisierung26"></a>3.2.9.2 PVP 2.1</h5>
+<h5><a name="konfigurationsparameter_oa_protocol_pvp21" id="uebersicht_zentraledatei_aktualisierung26"></a>3.2.10.2 PVP 2.1</h5>
<p>In diesem Bereich erfolgt die applikationsspezifische Konfiguration f&uuml;r das Authentifizierungsprotokoll PVP 2.1.</p>
<table class="configtable">
<tr>
@@ -1892,7 +1955,7 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der
<td>Pfad zum online-applikationsspezifischen Template f&uuml;r SAML2 (PVP2 S-Profil) http POST-Binding. Relative Pfadangaben werden dabei relativ zum Verzeichnis, in dem sich die MOA-ID-Auth Basiskonfigurationsdatei befindet, interpretiert. Das Template kann ausschlie&szlig;lich aus dem Dateisystem geladen werden.</td>
</tr>
</table>
-<h5><a name="konfigurationsparameter_oa_protocol_openIDConnect" id="uebersicht_zentraledatei_aktualisierung27"></a>3.2.9.3 OpenID Connect</h5>
+<h5><a name="konfigurationsparameter_oa_protocol_openIDConnect" id="uebersicht_zentraledatei_aktualisierung27"></a>3.2.10.3 OpenID Connect</h5>
<p>In diesem Bereich erfolgt die applikationsspezifische Konfiguration f&uuml;r OpenID Connect (OAuth 2.0). </p>
<table class="configtable">
<tr>
@@ -1924,7 +1987,7 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der
<td>OpenID Connect Redirect URL. Nach erfolgreicher Authentifizierung wird die Benutzerin oder der Benutzer an diese URL zur&uuml;ckgeleitet.</td>
</tr>
</table>
-<h5><a name="konfigurationsparameter_oa_additional" id="uebersicht_zentraledatei_aktualisierung28"></a>3.2.10 Zus&auml;tzliche allgemeine Einstellungen</h5>
+<h5><a name="konfigurationsparameter_oa_additional" id="uebersicht_zentraledatei_aktualisierung28"></a>3.2.11 Zus&auml;tzliche allgemeine Einstellungen</h5>
<p>In Abschnitt erm&ouml;glicht eine erweiterte online-applikationsspezifische Individualisierung des AuthBlocks und der B&uuml;rgerkartenauswahl.
Die Individualisierung des AuthBlocks steht jedoch dann zur Verf&uuml;gung wenn die dem Module MOA-ID-Auth beigelegte Security-Layer Transformation verwendet wird oder
wenn die individuelle Security-Layer Transformation den Formvorschriften der Spezifikation entspricht.</p>
@@ -1982,7 +2045,7 @@ wenn die individuelle Security-Layer Transformation den Formvorschriften der Sp
</table>
<h5>&nbsp;</h5>
<h5>&nbsp;</h5>
-<h5><a name="konfigurationsparameter_oa_additional_formular" id="uebersicht_zentraledatei_aktualisierung29"></a>3.2.10.1 Login-Fenster Konfiguration</h5>
+<h5><a name="konfigurationsparameter_oa_additional_formular" id="uebersicht_zentraledatei_aktualisierung29"></a>3.2.11.1 Login-Fenster Konfiguration</h5>
<p>Diese Konfigurationsparameter bieten zus&auml;tzliche Einstellungen f&uuml;r eine Anpassung der B&uuml;rgerkartenauswahl welche von MOA-ID-Auth generiert wird.
Zur besseren Handhabung werden die angegebenen Parameter direkt in einer Vorschau dargestellt.
Alle in diesem Abschnitt angegebenen Parameter sind Optional und werden bei Bedarf durch Standardwerte erg&auml;nzt.
@@ -2071,7 +2134,7 @@ Alle in diesem Abschnitt angegebenen Parameter sind Optional und werden bei Beda
<p>&nbsp;</p>
<p><strong>Hinweis:</strong> Bei Verwendung einer online-applikationsspezifischen B&uuml;rgerkartenauswahl stehen alle Parameter die die B&uuml;rgerkartenauswahl betreffen nicht zur Verf&uuml;gung.</p>
<p><strong>Hinweis:</strong> Bei Verwendung eines online-applikationsspezifischen Security-Layer-Request Templates stehen alle Parameter die das SL-Template betreffen nicht zur Verf&uuml;gung.</p>
-<h5><a name="service_revisionslogging" id="uebersicht_zentraledatei_aktualisierung11"></a>3.2.11 Revisionslogging</h5>
+<h5><a name="service_revisionslogging" id="uebersicht_zentraledatei_aktualisierung11"></a>3.2.12 Revisionslogging</h5>
<p>Ab MOA-ID 3.x steht ein erweitertes speziell f&uuml;r Revisionsaufgaben abgestimmtest Logging zur Verf&uuml;gung. &Uuml;ber dieses Feld k&ouml;nnen die zu loggenden Events spezifisch nach Online Applikationen als CSV codierte Eventcodes konfiguriert werden. Hierf&uuml;r muss die online-applikationsspezifische Konfiguration des Loggings mittels Checkbox aktiviert und zumindesdt ein Eventcode definiert werden. Werden keine Eventcodes konfiguriert oder wird das OA spezifische Verhalten nicht aktiviertwird eine in MOA-ID hinterlegte Defaultkonfiguration verwendet. Eine Liste aller m&ouml;glichen Eventcodes finden Sie <a href="../additional/additional.html#revisionslog">hier</a>.</p>
<h3><a name="import_export" id="uebersicht_zentraledatei_aktualisierung4"></a>3.3 Import / Export</h3>
<p>&Uuml;er diese Funktionalit&auml;t besteht die M&ouml;glichkeit eine bestehende MOA-ID 2.x.x
diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html
index 5e38dddf5..2b3dbff98 100644
--- a/id/server/doc/handbook/protocol/protocol.html
+++ b/id/server/doc/handbook/protocol/protocol.html
@@ -218,7 +218,7 @@ Redirect Binding</td>
<td height="23">urn:oid:1.2.40.0.10.2.1.1.261.32</td>
<td>EID-ISSUING-NATION</td>
<td align="center">eID</td>
- <td>&nbsp;</td>
+ <td>&lt;saml:Attribute AttributeName=&quot;EID-ISSUING-NATION&quot; AttributeNamespace=&quot;http://reference.e-government.gv.at/namespace/persondata/20020228#&quot;&gt;</td>
<td>Landescode gem. ISO-3166 ALPHA-2</td>
</tr>
<tr>
@@ -245,6 +245,13 @@ Redirect Binding</td>
<td>Base64 kodiertes Zertifikat, dass f&uuml;r die Anmeldung verwendet wurde.</td>
</tr>
<tr>
+ <td height="23">urn:oid:1.2.40.0.10.2.1.1.261.22</td>
+ <td>ENC-BPK-LIST</td>
+ <td align="center">eID</td>
+ <td>&lt;saml:Attribute AttributeName=&quot;ENC-BPK-LIST&quot; AttributeNamespace=&quot;http://reference.e-government.gv.at/namespace/persondata/20020228#&quot;&gt;</td>
+ <td>Liste von verschl&uuml;sselten bPKs f&uuml;r andere Bereiche als der Lebensbereich der Online Applikation</td>
+ </tr>
+ <tr>
<td height="23">urn:oid:1.2.40.0.10.2.1.1.261.36</td>
<td>EID-SOURCE-PIN</td>
<td align="center">eID_gov</td>
@@ -271,6 +278,13 @@ Redirect Binding</td>
<p><strong>Hinweis:</strong> Im Falle einer privatwirtschaftlichen Applikation ist die Stammzahl durch die wbPK ersetzt.</p></td>
</tr>
<tr>
+ <td height="23">urn:oid:1.2.40.0.10.2.1.1.261.28</td>
+ <td>BPK-LIST</td>
+ <td align="center">eID_gov</td>
+ <td>&lt;saml:Attribute AttributeName=&quot;BPK-LIST&quot; AttributeNamespace=&quot;http://reference.e-government.gv.at/namespace/persondata/20020228#&quot;&gt;</td>
+ <td>Liste von bPKs f&uuml;r andere Bereiche als der Lebensbereich der Online Applikation</td>
+ </tr>
+ <tr>
<td height="23">urn:oid:1.2.40.0.10.2.1.1.261.106</td>
<td>MANDATE-TYPE-OID</td>
<td align="center">mandate</td>
@@ -320,6 +334,20 @@ Redirect Binding</td>
<td>Bereichsspezifisches Personenkennzeichen des Vollmachtgebers</td>
</tr>
<tr>
+ <td height="23">urn:oid:1.2.40.0.10.2.1.1.261.72</td>
+ <td>MANDATOR-NATURAL-PERSON-ENC-BPK-LIST</td>
+ <td align="center">mandate</td>
+ <td>&lt;saml:Attribute AttributeName=&quot;MANDATOR-NATURAL-PERSON-ENC-BPK-LIST&quot; AttributeNamespace=&quot;http://reference.e-government.gv.at/namespace/persondata/20020228#&quot;&gt;</td>
+ <td>Liste von verschl&uuml;sselten bPKs des Mandators f&uuml;r andere Bereiche als der Lebensbereich der Online Applikation</td>
+ </tr>
+ <tr>
+ <td height="23">urn:oid:1.2.40.0.10.2.1.1.261.73</td>
+ <td>MANDATOR-NATURAL-PERSON-BPK-LIST</td>
+ <td align="center">mandate</td>
+ <td>&lt;saml:Attribute AttributeName=&quot;MANDATOR-NATURAL-PERSON-BPK-LIST&quot; AttributeNamespace=&quot;http://reference.e-government.gv.at/namespace/persondata/20020228#&quot;&gt;</td>
+ <td>Liste von bPKs des Mandators f&uuml;r andere Bereiche als der Lebensbereich der Online Applikation</td>
+ </tr>
+ <tr>
<td height="23">urn:oid:1.2.40.0.10.2.1.1.261.78</td>
<td>MANDATOR-NATURAL-PERSON-GIVEN-NAME</td>
<td align="center">mandate</td>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index fb977c071..e284aff27 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -45,7 +45,6 @@
<groupId>javax.annotation</groupId>
<artifactId>javax.annotation-api</artifactId>
<version>1.2</version>
- <scope>test</scope>
</dependency>
<dependency>
@@ -55,10 +54,9 @@
<scope>test</scope>
</dependency>
- <dependency>
+ <dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
- <version>19.0</version>
</dependency>
<dependency>
@@ -489,13 +487,13 @@
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-redis</artifactId>
- <version>1.7.4.RELEASE</version>
+ <version>${org.springframework.data.spring-data-redis}</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-pool2</artifactId>
- <version>2.4.2</version>
+ <version>2.6.0</version>
</dependency>
<dependency>
<groupId>redis.clients</groupId>
@@ -503,7 +501,7 @@
<version>2.9.0</version>
</dependency>
- <dependency>
+<!-- <dependency>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-core-asl</artifactId>
<version>1.9.13</version>
@@ -512,7 +510,13 @@
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-mapper-asl</artifactId>
<version>1.9.13</version>
- </dependency>
+ </dependency> -->
+
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ <version>2.9.7</version>
+ </dependency>
</dependencies>
<build>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 66093b851..a35b45af2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -63,10 +63,8 @@ public class MOAIDAuthInitializer {
*/
public static void initialize(GenericWebApplicationContext rootContext) throws ConfigurationException,
PKIException, IOException, GeneralSecurityException {
- Logger.setHierarchy("moa.id.auth");
- Logger.info("Default java file.encoding: "
- + System.getProperty("file.encoding"));
-
+ Logger.info("Set SystemProperty for UTF-8 file.encoding as default");
+ System.setProperty("file.encoding", "UTF-8");
//JDK bug workaround according to:
// http://jce.iaik.tugraz.at/products/03_cms/faq/index.php#JarVerifier
@@ -149,11 +147,7 @@ public class MOAIDAuthInitializer {
throw new ConfigurationException("config.10", new Object[] { e
.toString() }, e);
}
-
-
- //IAIK.addAsProvider();
- //ECCProvider.addAsProvider();
-
+
Security.insertProviderAt(IAIK.getInstance(), 0);
ECCelerate eccProvider = ECCelerate.getInstance();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 3e6308bf6..acf59cebf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -36,6 +36,7 @@ import java.util.Map.Entry;
import javax.annotation.PostConstruct;
+import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.w3c.dom.DOMException;
@@ -75,11 +76,15 @@ import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
@@ -212,6 +217,18 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
try {
//generate basic authentication data
generateBasicAuthData(authData, protocolRequest, session);
+
+ //set Austrian eID demo-mode flag
+ authData.setIseIDNewDemoMode(Boolean.parseBoolean(
+ oaParam.getConfigurationValue(
+ MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE,
+ String.valueOf(false))));
+
+ if (authData.isIseIDNewDemoMode()) {
+ Logger.info("Demo-mode for 'New Austrian eID' is active. Set 'BaseIDTransferRestrication' to true");
+ authData.setBaseIDTransferRestrication(true);
+
+ }
// #### generate MOA-ID specific authentication data ######
@@ -519,7 +536,27 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
}
//build foreign bPKs
- generateForeignbPK(authData, oaParam.foreignbPKSectorsRequested());
+ generateForeignbPK(oaParam, authData);
+
+
+ if (Boolean.parseBoolean(
+ oaParam.getConfigurationValue(
+ MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE,
+ String.valueOf(false)))) {
+ Logger.info("Demo-Mode for Austrian eID is active. Post-Processing authData according the new requirements ... ");
+
+ //build additional bPKs
+ Logger.debug("Search for additional bPKs");
+ generateAdditonalbPK(authData, oaParam.additionalbPKSectorsRequested());
+
+ Logger.debug("Clearing identitylink ... ");
+ authData.setIdentityLink(null);
+
+ Logger.debug("Clearing authBlock ... ");
+ authData.setAuthBlock(null);
+
+ Logger.info("Post-Processing for Austrian eID finished");
+ }
//####################################################################
//copy all generic authentication information, which are not processed before to authData
@@ -773,9 +810,41 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
}
- private void generateForeignbPK(MOAAuthenticationData authData, List<String> foreignSectors) {
+ private void generateForeignbPK(IOAAuthParameters oaParam, MOAAuthenticationData authData) {
+ List<String> foreignSectors = oaParam.foreignbPKSectorsRequested();
+
if (foreignSectors != null && !foreignSectors.isEmpty()) {
- Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... ");
+ Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... ");
+
+
+ String mandatorBaseId = null;
+ String mandatorBaseIdType = null;
+ boolean isMandatorBaseIdAvailable = false;
+ if (authData.isUseMandate()) {
+ try {
+ Logger.trace("Mandates are used. Extracting mandators sourceID from mandate to calculate foreign encrypted bPKs... ");
+
+ //TODO: remove this workaround in a further version!!!
+ boolean flagBak = authData.isBaseIDTransferRestrication();
+ authData.setBaseIDTransferRestrication(false);
+ mandatorBaseId = new MandateNaturalPersonSourcePinAttributeBuilder().build(
+ oaParam, authData, new SimpleStringAttributeGenerator());
+ mandatorBaseIdType = new MandateNaturalPersonSourcePinTypeAttributeBuilder().build(
+ oaParam, authData, new SimpleStringAttributeGenerator());
+ authData.setBaseIDTransferRestrication(flagBak);
+
+ isMandatorBaseIdAvailable = StringUtils.isNotEmpty(mandatorBaseId) && StringUtils.isNotEmpty(mandatorBaseIdType);
+ if (!isMandatorBaseIdAvailable)
+ Logger.debug("Can NOT extract mandators sourceId for natural persons from mandate.");
+
+ } catch (Exception e) {
+ Logger.debug("Can NOT extract mandators sourceId for natural persons from mandate. Reason: " + e.getMessage());
+ if (Logger.isTraceEnabled())
+ Logger.warn("Detail: ", e);
+
+ }
+ }
+
for (String foreignSector : foreignSectors) {
Logger.trace("Process sector: " + foreignSector + " ... ");
if (encKeyMap.containsKey(foreignSector)) {
@@ -805,9 +874,23 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
authData.getIdentificationType(),
sector);
String foreignbPK = BPKBuilder.encryptBPK(bpk.getFirst(), bpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey());
- authData.getEncbPKList().add("(" + foreignSector + "|" + foreignbPK + ")");
+
+ authData.getEncbPKList().add(Pair.newInstance(foreignbPK, foreignSector));
Logger.debug("Foreign bPK for sector: " + foreignSector + " created.");
+
+ //calculate foreign bPKs for natural-person mandates
+ if (isMandatorBaseIdAvailable) {
+ Pair<String, String> mandatorbpk = new BPKBuilder().generateAreaSpecificPersonIdentifier(
+ mandatorBaseId,
+ mandatorBaseIdType,
+ sector);
+ String foreignMandatorbPK = BPKBuilder.encryptBPK(mandatorbpk.getFirst(), mandatorbpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey());
+
+ authData.getEncMandateNaturalPersonbPKList().add(Pair.newInstance(foreignMandatorbPK, foreignSector));
+ Logger.debug("Foreign mandator bPK for sector: " + foreignSector + " created.");
+
+ }
}
} catch (Exception e) {
@@ -827,4 +910,20 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
}
+ private void generateAdditonalbPK(MOAAuthenticationData authData, List<String> additionalbPKSectorsRequested) throws EAAFBuilderException {
+ if (additionalbPKSectorsRequested != null && !additionalbPKSectorsRequested.isEmpty()) {
+ Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... ");
+ for (String sector : additionalbPKSectorsRequested) {
+ Logger.trace("Process sector: " + sector + " ... ");
+ Pair<String, String> bpk = new BPKBuilder().generateAreaSpecificPersonIdentifier(
+ authData.getIdentificationValue(),
+ authData.getIdentificationType(),
+ sector);
+
+ Logger.trace("Calculate additional bPK for sector: " + bpk.getSecond() + " with value: " + bpk.getFirst() );
+ authData.addAdditionalbPKPair(bpk);
+
+ }
+ }
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenericFrontChannelRedirectTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenericFrontChannelRedirectTask.java
new file mode 100644
index 000000000..e19d40773
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenericFrontChannelRedirectTask.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("GenericFrontChannelRedirectTask")
+public class GenericFrontChannelRedirectTask extends AbstractAuthServletTask {
+
+ @Autowired IGUIFormBuilder guiBuilder;
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+ throws TaskExecutionException {
+ try {
+ //perform redirect to itself to get out from BKU communication
+ Logger.trace("Perform generic 'http Redirect' to MOA-ID ... ");
+ performRedirectToItself(pendingReq, response, GeneralProcessEngineSignalController.ENDPOINT_GENERIC);
+
+ } catch (Exception e) {
+ Logger.info("Generic redirect to MOA-ID: General Exception. Msg:" + e.getMessage());
+ throw new TaskExecutionException(pendingReq, "MOA-ID-Auth: General Exception.", e);
+
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 0285dd75b..14a2b583b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -105,6 +105,7 @@ public class LogOutServlet {
} catch (Exception e) {
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed.");
+ Logger.warn("Requested URL is not in PublicPrefix Configuration");
return;
} finally {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index e5a8bb739..478462adb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -86,7 +86,8 @@ public class RedirectServlet {
List<String> allowedPublicUrlPrefixes = authConfig.getPublicURLPrefix();
if ((oa == null && !checkRedirectToItself(url, allowedPublicUrlPrefixes))
- || !authConfig.getPublicURLPrefix().contains(authURL)) {
+ || !authConfig.getPublicURLPrefix().contains(authURL)) {
+ Logger.warn("Requested URL " + authURL + " is not in PublicPrefix Configuration");
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid");
return;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
index 5aa3a691f..791aa51b7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
@@ -38,6 +38,7 @@ import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moaspss.logging.Logger;
/**
* @author tlenz
@@ -58,6 +59,8 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor {
String uniqueSessionIdentifier = null;
+ Logger.trace("PreProcess req. in " + UniqueSessionIdentifierInterceptor.class.getName());
+
//if SSOManager is available, search SessionIdentifier in SSO session
if (ssomanager != null) {
String ssoId = ssomanager.getSSOSessionID(request);
@@ -78,8 +81,10 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor {
}
//if NO SSOSession and no PendingRequest create new SessionIdentifier
- if (StringUtils.isEmpty(uniqueSessionIdentifier))
+ if (StringUtils.isEmpty(uniqueSessionIdentifier)) {
uniqueSessionIdentifier = Random.nextHexRandom16();
+ Logger.debug("Set new UniqueSessionIdentifier: " + uniqueSessionIdentifier);
+ }
TransactionIDUtils.setSessionId(uniqueSessionIdentifier);
request.setAttribute(EAAFConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
deleted file mode 100644
index c25751aa4..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ /dev/null
@@ -1,1221 +0,0 @@
-///*******************************************************************************
-// * Copyright 2014 Federal Chancellery Austria
-// * MOA-ID has been developed in a cooperation between BRZ, the Federal
-// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
-// *
-// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
-// * the European Commission - subsequent versions of the EUPL (the "Licence");
-// * You may not use this work except in compliance with the Licence.
-// * You may obtain a copy of the Licence at:
-// * http://www.osor.eu/eupl/
-// *
-// * Unless required by applicable law or agreed to in writing, software
-// * distributed under the Licence is distributed on an "AS IS" basis,
-// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// * See the Licence for the specific language governing permissions and
-// * limitations under the Licence.
-// *
-// * This product combines work with different licenses. See the "NOTICE" text
-// * file for details on the various modules and licenses.
-// * The "NOTICE" text file is part of the distribution. Any derivative works
-// * that you distribute must include a readable copy of the "NOTICE" text file.
-// ******************************************************************************/
-///*
-// * Copyright 2003 Federal Chancellery Austria
-// * MOA-ID has been developed in a cooperation between BRZ, the Federal
-// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
-// *
-// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
-// * the European Commission - subsequent versions of the EUPL (the "Licence");
-// * You may not use this work except in compliance with the Licence.
-// * You may obtain a copy of the Licence at:
-// * http://www.osor.eu/eupl/
-// *
-// * Unless required by applicable law or agreed to in writing, software
-// * distributed under the Licence is distributed on an "AS IS" basis,
-// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// * See the Licence for the specific language governing permissions and
-// * limitations under the Licence.
-// *
-// * This product combines work with different licenses. See the "NOTICE" text
-// * file for details on the various modules and licenses.
-// * The "NOTICE" text file is part of the distribution. Any derivative works
-// * that you distribute must include a readable copy of the "NOTICE" text file.
-// */
-//
-//
-//package at.gv.egovernment.moa.id.config.auth;
-//
-//import java.io.File;
-//import java.io.FileInputStream;
-//import java.io.FileNotFoundException;
-//import java.io.IOException;
-//import java.math.BigInteger;
-//import java.net.MalformedURLException;
-//import java.util.ArrayList;
-//import java.util.Arrays;
-//import java.util.Date;
-//import java.util.HashMap;
-//import java.util.List;
-//import java.util.Map;
-//import java.util.Properties;
-//
-//import javax.xml.bind.JAXBContext;
-//import javax.xml.bind.Unmarshaller;
-//
-//import org.hibernate.cfg.Configuration;
-//
-//import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-//import at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetMISSessionIDTask;
-//import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-//import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
-//
-//import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
-//import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.Organization;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.SSO;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink;
-//import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
-//import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
-//import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore;
-//import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
-//import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
-//import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
-//import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
-//import at.gv.egovernment.moa.id.config.ConfigurationException;
-//import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-//import at.gv.egovernment.moa.id.config.ConfigurationProviderImpl;
-//import at.gv.egovernment.moa.id.config.ConfigurationUtils;
-//import at.gv.egovernment.moa.id.config.ConnectionParameter;
-//import at.gv.egovernment.moa.id.config.ConnectionParameterForeign;
-//import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP;
-//import at.gv.egovernment.moa.id.config.ConnectionParameterMandate;
-//import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed;
-//import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig;
-//import at.gv.egovernment.moa.id.config.stork.STORKConfig;
-//import at.gv.egovernment.moa.id.data.IssuerAndSerial;
-//import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStore;
-//import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-//import at.gv.egovernment.moa.logging.Logger;
-//import at.gv.egovernment.moa.util.MiscUtil;
-//import at.gv.util.config.EgovUtilPropertiesConfiguration;
-//
-//import com.fasterxml.jackson.annotation.JsonIgnore;
-//import com.fasterxml.jackson.annotation.JsonProperty;
-//
-///**
-// * A class providing access to the Auth Part of the MOA-ID configuration data.
-// *
-// * <p>Configuration data is read from an XML file, whose location is given by
-// * the <code>moa.id.configuration</code> system property.</p>
-// * <p>This class implements the Singleton pattern. The <code>reload()</code>
-// * method can be used to update the configuration data. Therefore, it is not
-// * guaranteed that consecutive calls to <code>getInstance()</code> will return
-// * the same <code>AuthConfigurationProvider</code> all the time. During the
-// * processing of a web service request, the current
-// * <code>TransactionContext</code> should be used to obtain the
-// * <code>AuthConfigurationProvider</code> local to that request.</p>
-// *
-// * @author Patrick Peck
-// * @author Stefan Knirsch
-// *
-// * @version $Id$
-// *
-// *@deprecated Use {@link AuthConfigProviderFactory} instead
-// */
-//public class AuthConfigurationProvider extends ConfigurationProviderImpl implements AuthConfiguration {
-//
-//// /** DEFAULT_ENCODING is "UTF-8" */
-//// private static final String DEFAULT_ENCODING="UTF-8";
-// /**
-// * The name of the generic configuration property giving the authentication session time out.
-// */
-// public static final String AUTH_SESSION_TIMEOUT_PROPERTY =
-// "AuthenticationSession.TimeOut";
-// /**
-// * The name of the generic configuration property giving the authentication data time out.
-// */
-// public static final String AUTH_DATA_TIMEOUT_PROPERTY =
-// "AuthenticationData.TimeOut";
-//
-// /**
-// * BKUSelectionType HTMLComplete, according to schema type <code>BKUSelectionType</code>
-// */
-// public static final String BKU_SELECTION_TYPE_HTMLCOMPLETE =
-// "HTMLComplete";
-//
-// /**
-// * BKUSelectionType HTMLSelect, according to schema type <code>BKUSelectionType</code>
-// */
-// public static final String BKU_SELECTION_TYPE_HTMLSELECT =
-// "HTMLSelect";
-//
-// /**
-// * The name of the generic configuration property allowing https connection to
-// * the user frontend servlets ("StartAuthentication" and "SelectBKU" servlets)
-// */
-// public static final String FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY =
-// "FrontendServlets.EnableHTTPConnection";
-//
-// /**
-// * The name of the generic configuration property allowing to set a individual
-// * DATA URL used to communicate with the BKU (SecurityLayer)
-// */
-// public static final String INDIVIDUAL_DATA_URL_PREFIX =
-// "FrontendServlets.DataURLPrefix";
-//
-// /** Singleton instance. <code>null</code>, if none has been created. */
-// private static AuthConfigurationProvider instance;
-//
-// //
-// // configuration data
-// //
-// private static MOAIDConfiguration moaidconfig = null;
-//
-// private static Properties props = null;
-//
-// private static STORKConfig storkconfig = null;
-//
-// private static TimeOuts timeouts = null;
-//
-// private static PVP2 pvp2general = null;
-//
-// private static String alternativesourceid = null;
-//
-// private static List<String> legacyallowedprotocols = new ArrayList<String>();
-// private static ProtocolAllowed allowedProtcols = null;
-//
-// private static VerifyAuthBlock verifyidl = null;
-//
-// private static ConnectionParameter MoaSpConnectionParameter = null;
-// private static ConnectionParameter ForeignIDConnectionParameter = null;
-// private static ConnectionParameter OnlineMandatesConnectionParameter = null;
-//
-// private static String MoaSpIdentityLinkTrustProfileID = null;
-//
-// private static List<String> TransformsInfos = null;
-// private static List<String> IdentityLinkX509SubjectNames = new ArrayList<String>();
-//
-// private static Map<String, String> SLRequestTemplates = new HashMap<String, String>();
-// private static Map<String, String> DefaultBKUURLs = new HashMap<String, String>();
-//
-// private static SSO ssoconfig = null;
-//
-// private EgovUtilPropertiesConfiguration eGovUtilsConfig = null;
-//
-// private static Date date = null;
-//
-// private String publicURLPreFix = null;
-//
-// /**
-// * Return the single instance of configuration data.
-// *
-// * @return AuthConfigurationProvider The current configuration data.
-// * @throws ConfigurationException
-// */
-// public static synchronized AuthConfigurationProvider getInstance()
-// throws ConfigurationException {
-//
-// if (instance == null) {
-// reload();
-// }
-// return instance;
-// }
-//
-// public static Date getTimeStamp() {
-// return date;
-// }
-//
-// /**
-// * Reload the configuration data and set it if successful.
-// *
-// * @return AuthConfigurationProvider The loaded configuration data.
-// * @throws ConfigurationException Failure to load the configuration data.
-// */
-// public static synchronized AuthConfigurationProvider reload()
-// throws ConfigurationException {
-// String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
-// if (fileName == null) {
-// throw new ConfigurationException("config.01", null);
-// }
-// Logger.info("Loading MOA-ID-AUTH configuration " + fileName);
-//
-// instance = new AuthConfigurationProvider(fileName);
-// return instance;
-// }
-//
-//
-// /**
-// * Constructor for AuthConfigurationProvider.
-// * @param fileName
-// * @throws ConfigurationException
-// */
-// public AuthConfigurationProvider(String fileName)
-// throws ConfigurationException {
-//
-// load(fileName);
-// }
-//
-// /**
-// * Protected constructor. Used by unit tests.
-// */
-// protected AuthConfigurationProvider() {
-// }
-//
-// /**
-// * Load the configuration data from XML file with the given name and build
-// * the internal data structures representing the MOA ID configuration.
-// *
-// * @param fileName The name of the XML file to load.
-// * @throws ConfigurationException The MOA configuration could not be
-// * read/built.
-// */
-// private void load(String fileName) throws ConfigurationException {
-//
-// try {
-// //Initial Hibernate Framework
-// Logger.trace("Initializing Hibernate framework.");
-//
-// //Load MOAID-2.0 properties file
-// File propertiesFile = new File(fileName);
-// FileInputStream fis = null;
-// props = new Properties();
-//
-// // determine the directory of the root config file
-// rootConfigFileDir = new File(fileName).getParent();
-//
-// try {
-// rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
-//
-// } catch (MalformedURLException t) {
-// throw new ConfigurationException("config.03", null, t);
-// }
-//
-// try {
-// fis = new FileInputStream(propertiesFile);
-// props.load(fis);
-//
-// // read MOAID Session Hibernate properties
-// Properties moaSessionProp = new Properties();
-// for (Object key : props.keySet()) {
-// String propPrefix = "moasession.";
-// if (key.toString().startsWith(propPrefix+"hibernate")) {
-// String propertyName = key.toString().substring(propPrefix.length());
-// moaSessionProp.put(propertyName, props.get(key.toString()));
-// }
-// }
-//
-// // read Config Hibernate properties
-// Properties configProp = new Properties();
-// for (Object key : props.keySet()) {
-// String propPrefix = "configuration.";
-// if (key.toString().startsWith(propPrefix+"hibernate")) {
-// String propertyName = key.toString().substring(propPrefix.length());
-// configProp.put(propertyName, props.get(key.toString()));
-// }
-// }
-//
-// // read advanced logging properties
-// Properties statisticProps = new Properties();
-// for (Object key : props.keySet()) {
-// String propPrefix = "advancedlogging.";
-// if (key.toString().startsWith(propPrefix+"hibernate")) {
-// String propertyName = key.toString().substring(propPrefix.length());
-// statisticProps.put(propertyName, props.get(key.toString()));
-// }
-// }
-//
-// // initialize hibernate
-// synchronized (AuthConfigurationProvider.class) {
-//
-// //Initial config Database
-// // ConfigurationDBUtils.initHibernate(configProp);
-//
-// //initial MOAID Session Database
-// Configuration config = new Configuration();
-// config.addAnnotatedClass(AssertionStore.class);
-// config.addAnnotatedClass(AuthenticatedSessionStore.class);
-// config.addAnnotatedClass(OASessionStore.class);
-// config.addAnnotatedClass(OldSSOSessionIDStore.class);
-// config.addAnnotatedClass(ExceptionStore.class);
-// config.addAnnotatedClass(InterfederationSessionStore.class);
-// config.addAnnotatedClass(ProcessInstanceStore.class);
-// config.addProperties(moaSessionProp);
-// MOASessionDBUtils.initHibernate(config, moaSessionProp);
-//
-// //initial advanced logging
-// if (isAdvancedLoggingActive()) {
-// Logger.info("Advanced statistic log is activated, starting initialization process ...");
-// Configuration statisticconfig = new Configuration();
-// statisticconfig.addAnnotatedClass(StatisticLog.class);
-// statisticconfig.addProperties(statisticProps);
-// StatisticLogDBUtils.initHibernate(statisticconfig, statisticProps);
-// Logger.info("Advanced statistic log is initialized.");
-// }
-//
-// }
-// Logger.trace("Hibernate initialization finished.");
-//
-// } catch (FileNotFoundException e) {
-// throw new ConfigurationException("config.03", null, e);
-//
-// } catch (IOException e) {
-// throw new ConfigurationException("config.03", null, e);
-//
-// } catch (ExceptionInInitializerError e) {
-// throw new ConfigurationException("config.17", null, e);
-//
-// } finally {
-// if (fis != null)
-// fis.close();
-//
-// }
-//
-//
-// //Initialize OpenSAML for STORK
-// Logger.info("Starting initialization of OpenSAML...");
-// MOADefaultBootstrap.bootstrap();
-// //DefaultBootstrap.bootstrap();
-// Logger.debug("OpenSAML successfully initialized");
-//
-//
-// String legacyconfig = props.getProperty("configuration.xml.legacy");
-// String xmlconfig = props.getProperty("configuration.xml");
-//// String xmlconfigout = props.getProperty("configuration.xml.out");
-//
-//
-// //configure eGovUtils client implementations
-//
-// //read eGovUtils client configuration
-// Properties eGovUtilsConfigProp = new Properties();
-// for (Object key : props.keySet()) {
-// String propPrefix = "service.";
-// if (key.toString().startsWith(propPrefix+"egovutil")) {
-// String propertyName = key.toString().substring(propPrefix.length());
-// eGovUtilsConfigProp.put(propertyName, props.get(key.toString()));
-// }
-// }
-// if (!eGovUtilsConfigProp.isEmpty()) {
-// Logger.info("Start eGovUtils client implementation configuration ...");
-// eGovUtilsConfig =
-// new EgovUtilPropertiesConfiguration(eGovUtilsConfigProp, rootConfigFileDir);
-// }
-//
-//
-// //TODO: removed in MOA-ID 3.x
-//// //check if XML config should be used
-//// if (MiscUtil.isNotEmpty(legacyconfig) || MiscUtil.isNotEmpty(xmlconfig)) {
-//// Logger.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!");
-//// //moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
-//// moaidconfig = NewConfigurationDBRead.getMOAIDConfiguration();
-//// if (moaidconfig.getAuthComponentGeneral()!= null || moaidconfig.getChainingModes() != null || moaidconfig.getTrustedCACertificates() != null || moaidconfig.getDefaultBKUs() != null
-//// || moaidconfig.getSLRequestTemplates() != null || moaidconfig.getTimestampItem() != null || moaidconfig.getPvp2RefreshItem() != null) {
-////
-//// // ConfigurationDBUtils.delete(moaidconfig);
-//// for(String key : MOAIDConfigurationConstants.getMOAIDConfigurationKeys()){
-//// NewConfigurationDBWrite.delete(key);
-//// }
-//// }
-////
-////
-//// //List<OnlineApplication> oas = ConfigurationDBRead.getAllOnlineApplications();
-//// List<OnlineApplication> oas = NewConfigurationDBRead.getAllOnlineApplications();
-//// if (oas != null && oas.size() > 0) {
-//// // for (OnlineApplication oa : oas)
-//// // ConfigurationDBUtils.delete(oa);
-//// NewConfigurationDBWrite.delete(MOAIDConfigurationConstants.ONLINE_APPLICATIONS_KEY);
-//// }
-//// }
-////
-//// //load legacy config if it is configured
-//// if (MiscUtil.isNotEmpty(legacyconfig)) {
-//// Logger.warn("WARNING! MOA-ID 2.0 is started with legacy configuration. This setup is not recommended!");
-////
-//// MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(new File(legacyconfig), rootConfigFileDir, null);
-////
-//// List<OnlineApplication> oas = moaconfig.getOnlineApplication();
-//// // for (OnlineApplication oa : oas)
-//// // ConfigurationDBUtils.save(oa);
-//// NewConfigurationDBWrite.saveOnlineApplications(oas);
-////
-//// moaconfig.setOnlineApplication(null);
-//// // ConfigurationDBUtils.save(moaconfig);
-//// NewConfigurationDBWrite.save(moaconfig);
-////
-//// Logger.info("Legacy Configuration load is completed.");
-////
-////
-//// }
-////
-//// //load MOA-ID 2.x config from XML
-//// if (MiscUtil.isNotEmpty(xmlconfig)) {
-//// Logger.warn("Load configuration from MOA-ID 2.x XML configuration");
-////
-//// try {
-//// JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
-//// Unmarshaller m = jc.createUnmarshaller();
-//// File file = new File(xmlconfig);
-//// MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(file);
-//// //ConfigurationDBUtils.save(moaconfig);
-////
-//// List<OnlineApplication> importoas = moaconfig.getOnlineApplication();
-//// // for (OnlineApplication importoa : importoas) {
-//// // ConfigurationDBUtils.saveOrUpdate(importoa);
-//// // }
-////
-//// NewConfigurationDBWrite.saveOnlineApplications(importoas);
-////
-//// moaconfig.setOnlineApplication(null);
-//// //ConfigurationDBUtils.saveOrUpdate(moaconfig);
-//// NewConfigurationDBWrite.save(moaconfig);
-////
-//// } catch (Exception e) {
-//// Logger.warn("MOA-ID XML configuration can not be loaded from File.", e);
-//// throw new ConfigurationException("config.02", null);
-//// }
-//// Logger.info("XML Configuration load is completed.");
-//// }
-//
-// reloadDataBaseConfig();
-//
-//
-// } catch (Throwable t) {
-// throw new ConfigurationException("config.02", null, t);
-// }
-// }
-//
-// protected MOAIDConfiguration loadDataBaseConfig() {
-// return ConfigurationDBRead.getMOAIDConfiguration();
-// }
-//
-// public synchronized void reloadDataBaseConfig() throws ConfigurationException {
-//
-// Logger.info("Read MOA-ID 2.0 configuration from database.");
-// moaidconfig = loadDataBaseConfig();
-// Logger.info("MOA-ID 2.0 is loaded.");
-//
-// if (moaidconfig == null) {
-// Logger.warn("NO MOA-ID configuration found.");
-// throw new ConfigurationException("config.18", null);
-// }
-//
-// //build STORK Config
-// AuthComponentGeneral auth = getAuthComponentGeneral();
-// ForeignIdentities foreign = auth.getForeignIdentities();
-// if (foreign == null ) {
-// Logger.warn("Error in MOA-ID Configuration. No STORK configuration found.");
-// } else
-// storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir);
-//
-// //load Chaining modes
-// ChainingModes cm = moaidconfig.getChainingModes();
-// if (cm != null) {
-// defaultChainingMode = cm.getSystemDefaultMode().value();
-//
-// List<TrustAnchor> tas = cm.getTrustAnchor();
-//
-// chainingModes = new HashMap<IssuerAndSerial, String>();
-// for (TrustAnchor ta : tas) {
-// IssuerAndSerial is = new IssuerAndSerial(ta.getX509IssuerName(), ta.getX509SerialNumber());
-// chainingModes.put(is, ta.getMode().value());
-// }
-// } else {
-// Logger.warn("Error in MOA-ID Configuration. No ChainingMode configuration found.");
-// throw new ConfigurationException("config.02", null);
-// }
-//
-// //set Trusted CA certs directory
-// trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates();
-//
-// //set CertStoreDirectory
-// setCertStoreDirectory();
-//
-// //set TrustManagerRevocationChecking
-// setTrustManagerRevocationChecking();
-//
-// //set default timeouts
-// timeouts = new TimeOuts();
-// timeouts.setAssertion(new BigInteger("300"));
-// timeouts.setMOASessionCreated(new BigInteger("2700"));
-// timeouts.setMOASessionUpdated(new BigInteger("1200"));
-//
-// //search timeouts in config
-// if (auth.getGeneralConfiguration() != null) {
-// if (auth.getGeneralConfiguration().getTimeOuts() != null) {
-// if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() != null)
-// timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion());
-//
-// if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() != null)
-// timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated());
-//
-// if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() != null)
-// timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated());
-//
-// } else {
-// Logger.info("No TimeOuts defined. Use default values");
-// }
-// }
-//
-// // sets the authentication session and authentication data time outs
-// AuthenticationServer.getInstance()
-// .setSecondsSessionTimeOutCreated(timeouts.getMOASessionCreated().longValue());
-//
-// AuthenticationServer.getInstance()
-// .setSecondsSessionTimeOutUpdated(timeouts.getMOASessionUpdated().longValue());
-//
-// AuthenticationServer.getInstance()
-// .setSecondsAuthDataTimeOut(timeouts.getAssertion().longValue());
-//
-//
-//
-// //set PVP2 general config
-// Protocols protocols = auth.getProtocols();
-// if (protocols != null) {
-//
-// allowedProtcols = new ProtocolAllowed();
-//
-// if (protocols.getSAML1() != null) {
-// allowedProtcols.setSAML1Active(protocols.getSAML1().isIsActive());
-//
-// //load alternative sourceID
-// if (MiscUtil.isNotEmpty(protocols.getSAML1().getSourceID()))
-// alternativesourceid = protocols.getSAML1().getSourceID();
-//
-// }
-//
-// if (protocols.getOAuth() != null) {
-// allowedProtcols.setOAUTHActive(protocols.getOAuth().isIsActive());
-// }
-//
-// if (protocols.getPVP2() != null) {
-// PVP2 el = protocols.getPVP2();
-//
-// allowedProtcols.setPVP21Active(el.isIsActive());
-//
-// pvp2general = new PVP2();
-// pvp2general.setIssuerName(el.getIssuerName());
-// pvp2general.setPublicURLPrefix(el.getPublicURLPrefix());
-//
-// if (el.getOrganization() != null) {
-// Organization org = new Organization();
-// pvp2general.setOrganization(org);
-// org.setDisplayName(el.getOrganization().getDisplayName());
-// org.setName(el.getOrganization().getName());
-// org.setURL(el.getOrganization().getURL());
-// }
-//
-// if (el.getContact() != null) {
-// List<Contact> cont = new ArrayList<Contact>();
-// pvp2general.setContact(cont);
-// for (Contact e : el.getContact()) {
-// Contact c = new Contact();
-// c.setCompany(e.getCompany());
-// c.setGivenName(e.getGivenName());
-// c.getMail().addAll(e.getMail());
-// c.getPhone().addAll(e.getPhone());
-// c.setSurName(e.getSurName());
-// c.setType(e.getType());
-// cont.add(c);
-// }
-// }
-// }
-// } else {
-// Logger.warn("Error in MOA-ID Configuration. No general Protcol configuration found.");
-// }
-//
-// //set alternativeSourceID
-// if (auth.getGeneralConfiguration() != null) {
-//
-// //TODO: can be removed in a further version, because it is moved to SAML1 config
-// if (MiscUtil.isEmpty(alternativesourceid))
-// alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID();
-//
-// if (MiscUtil.isNotEmpty(auth.getGeneralConfiguration().getPublicURLPreFix()))
-// publicURLPreFix = auth.getGeneralConfiguration().getPublicURLPreFix();
-//
-// else {
-// Logger.error("No Public URL Prefix configured.");
-// throw new ConfigurationException("config.05", new Object[]{"Public URL Prefix"});
-// }
-//
-// } else {
-// Logger.warn("Error in MOA-ID Configuration. No GeneralConfig defined.");
-// throw new ConfigurationException("config.02", null);
-// }
-//
-// //set LegacyAllowedProtocols
-// try {
-// if (auth.getProtocols() != null) {
-// Protocols procols = auth.getProtocols();
-// if (procols.getLegacyAllowed() != null) {
-// LegacyAllowed legacy = procols.getLegacyAllowed();
-// legacyallowedprotocols = new ArrayList<String>(legacy.getProtocolName());
-// }
-// }
-// } catch (Exception e) {
-// Logger.info("No protocols found with legacy allowed flag!");
-// }
-//
-// //set VerifyAuthBlockConfig
-// MOASP moasp = getMOASPConfig(auth);
-//
-// VerifyAuthBlock el = moasp.getVerifyAuthBlock();
-// if (el != null) {
-// verifyidl = new VerifyAuthBlock();
-// verifyidl.setTrustProfileID(el.getTrustProfileID());
-// verifyidl.setVerifyTransformsInfoProfileID(new ArrayList<String>(el.getVerifyTransformsInfoProfileID()));
-// }
-// else {
-// Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation.");
-// throw new ConfigurationException("config.02", null);
-// }
-//
-// //set MOASP connection parameters
-// if (moasp.getConnectionParameter() != null)
-// MoaSpConnectionParameter = new ConnectionParameterMOASP(moasp.getConnectionParameter(), props, this.rootConfigFileDir);
-// else
-// MoaSpConnectionParameter = null;
-//
-// //set ForeignIDConnectionParameters
-// if (foreign != null) {
-// ForeignIDConnectionParameter = new ConnectionParameterForeign(foreign.getConnectionParameter(), props, this.rootConfigFileDir);
-// } else {
-// Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to SZRGW Service found");
-// }
-//
-// //set OnlineMandateConnectionParameters
-// OnlineMandates ovs = auth.getOnlineMandates();
-// if (ovs != null) {
-// OnlineMandatesConnectionParameter = new ConnectionParameterMandate(ovs.getConnectionParameter(), props, this.rootConfigFileDir);
-//
-// } else {
-// Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to OVS Service found");
-// }
-//
-// //set MOASP IdentityLink Trust-ProfileID
-// VerifyIdentityLink verifyidl = moasp.getVerifyIdentityLink();
-// if (verifyidl != null)
-// MoaSpIdentityLinkTrustProfileID = verifyidl.getTrustProfileID();
-// else {
-// Logger.warn("Error in MOA-ID Configuration. No Trustprofile for IdentityLink validation.");
-// throw new ConfigurationException("config.02", null);
-// }
-//
-// //set SL transformation infos
-// SecurityLayer seclayer = auth.getSecurityLayer();
-// if (seclayer == null) {
-// Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration->SecurityLayer found");
-// throw new ConfigurationException("config.02", null);
-// } else {
-// TransformsInfos = ConfigurationUtils.getTransformInfos(seclayer.getTransformsInfo());
-//
-// if (TransformsInfos == null || TransformsInfos.size() == 0) {
-// Logger.error("No Security-Layer Transformation found.");
-// throw new ConfigurationException("config.05", new Object[]{"Security-Layer Transformation"});
-// }
-//
-// }
-//
-// //set IdentityLinkSignerSubjectNames
-// IdentityLinkX509SubjectNames = new ArrayList<String>();
-// IdentityLinkSigners idlsigners = auth.getIdentityLinkSigners();
-// if (idlsigners != null) {
-// Logger.debug("Load own IdentityLinkX509SubjectNames");
-// IdentityLinkX509SubjectNames.addAll(new ArrayList<String>(idlsigners.getX509SubjectName()));
-// }
-//
-// // now add the default identity link signers
-// String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID;
-// for (int i=0; i<identityLinkSignersWithoutOID.length; i++) {
-// String identityLinkSigner = identityLinkSignersWithoutOID[i];
-// if (!IdentityLinkX509SubjectNames.contains(identityLinkSigner)) {
-// IdentityLinkX509SubjectNames.add(identityLinkSigner);
-// }
-// }
-//
-// //set SLRequestTemplates
-// SLRequestTemplates templ = moaidconfig.getSLRequestTemplates();
-// if (templ == null) {
-// Logger.warn("Error in MOA-ID Configuration. No SLRequestTemplates found");
-// throw new ConfigurationException("config.02", null);
-// } else {
-// SLRequestTemplates.put(IOAAuthParameters.ONLINEBKU, templ.getOnlineBKU());
-// SLRequestTemplates.put(IOAAuthParameters.LOCALBKU, templ.getLocalBKU());
-// SLRequestTemplates.put(IOAAuthParameters.HANDYBKU, templ.getHandyBKU());
-// }
-//
-// //set Default BKU URLS
-// DefaultBKUs bkuuls = moaidconfig.getDefaultBKUs();
-// if (bkuuls != null) {
-// DefaultBKUURLs.put(IOAAuthParameters.ONLINEBKU, bkuuls.getOnlineBKU());
-// DefaultBKUURLs.put(IOAAuthParameters.LOCALBKU, bkuuls.getLocalBKU());
-// DefaultBKUURLs.put(IOAAuthParameters.HANDYBKU, bkuuls.getHandyBKU());
-// }
-//
-// //set SSO Config
-// if (auth.getSSO()!= null) {
-// ssoconfig = new SSO();
-// ssoconfig.setFriendlyName(auth.getSSO().getFriendlyName());
-// ssoconfig.setPublicURL(auth.getSSO().getPublicURL());
-// ssoconfig.setSpecialText(auth.getSSO().getSpecialText());
-// ssoconfig.setTarget(auth.getSSO().getTarget());
-//
-// if (auth.getSSO().getIdentificationNumber() != null) {
-// IdentificationNumber value = new IdentificationNumber();
-// value.setType(auth.getSSO().getIdentificationNumber().getType());
-// value.setValue(auth.getSSO().getIdentificationNumber().getValue());
-// ssoconfig.setIdentificationNumber(value);
-// }
-// } else {
-// Logger.warn("Error in MOA-ID Configuration. No Single Sign-On Config found");
-// }
-//
-// //close Database
-// //
-//
-// date = new Date();
-// }
-//
-//
-// private Properties getGeneralProperiesConfig(final String propPrefix) {
-// Properties configProp = new Properties();
-// for (Object key : props.keySet()) {
-// if (key.toString().startsWith(propPrefix)) {
-// String propertyName = key.toString().substring(propPrefix.length());
-// configProp.put(propertyName, props.get(key.toString()));
-// }
-// }
-// return configProp;
-// }
-//
-// public Properties getGeneralPVP2ProperiesConfig() {
-// return this.getGeneralProperiesConfig("protocols.pvp2.");
-// }
-//
-// public Properties getGeneralOAuth20ProperiesConfig() {
-// return this.getGeneralProperiesConfig("protocols.oauth20.");
-// }
-//
-// public ProtocolAllowed getAllowedProtocols() {
-// return allowedProtcols;
-// }
-//
-// public PVP2 getGeneralPVP2DBConfig() {
-// return pvp2general;
-// }
-//
-// public TimeOuts getTimeOuts() throws ConfigurationException {
-// return timeouts;
-// }
-//
-// public String getAlternativeSourceID() throws ConfigurationException {
-// return alternativesourceid;
-// }
-//
-// public List<String> getLegacyAllowedProtocols() {
-// return legacyallowedprotocols;
-// }
-//
-//
-// /**
-// * Provides configuration information regarding the online application behind
-// * the given URL, relevant to the MOA-ID Auth component.
-// *
-// * @param oaURL URL requested for an online application
-// * @return an <code>OAAuthParameter</code>, or <code>null</code>
-// * if none is applicable
-// */
-// public OAAuthParameter getOnlineApplicationParameter(String oaURL) {
-//
-// OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(oaURL);
-//
-// if (oa == null) {
-// Logger.warn("Online application with identifier " + oaURL + " is not found.");
-// return null;
-// }
-//
-// return new OAAuthParameter(oa);
-// }
-//
-//
-// /**
-// * Return a string with a url-reference to the VerifyAuthBlock trust
-// * profile id within the moa-sp part of the authentication component
-// *
-// * @return String with a url-reference to the VerifyAuthBlock trust profile ID
-// * @throws ConfigurationException
-// */
-// public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException {
-// return verifyidl.getTrustProfileID();
-// }
-//
-// /**
-// * Return a string array with references to all verify transform info
-// * IDs within the moa-sp part of the authentication component
-// * @return A string array containing all urls to the
-// * verify transform info IDs
-// * @throws ConfigurationException
-// */
-// public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException {
-// return verifyidl.getVerifyTransformsInfoProfileID();
-// }
-//
-// /**
-// * Return a ConnectionParameter bean containing all information
-// * of the authentication component moa-sp element
-// * @return ConnectionParameter of the authentication component moa-sp element
-// * @throws ConfigurationException
-// */
-// public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException {
-// return MoaSpConnectionParameter;
-// }
-//
-// /**
-// * Return a ConnectionParameter bean containing all information
-// * of the authentication component foreigid element
-// * @return ConnectionParameter of the authentication component foreignid element
-// * @throws ConfigurationException
-// */
-// public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException {
-// return ForeignIDConnectionParameter;
-// }
-//
-// /**
-// * Return a ConnectionParameter bean containing all information
-// * of the authentication component OnlineMandates element
-// * @return ConnectionParameter of the authentication component OnlineMandates element
-// * @throws ConfigurationException
-// */
-// public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException {
-// return OnlineMandatesConnectionParameter;
-// }
-//
-// /**
-// * Return a string with a url-reference to the VerifyIdentityLink trust
-// * profile id within the moa-sp part of the authentication component
-// * @return String with a url-reference to the VerifyIdentityLink trust profile ID
-// * @throws ConfigurationException
-// */
-// public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException {
-// return MoaSpIdentityLinkTrustProfileID;
-// }
-//
-// /**
-// * Returns the transformsInfos.
-// * @return String[]
-// * @throws ConfigurationException
-// */
-// public List<String> getTransformsInfos() throws ConfigurationException {
-// return TransformsInfos;
-// }
-//
-// /**
-// * Returns the identityLinkX509SubjectNames.
-// * @return List
-// * @throws ConfigurationException
-// */
-// public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException {
-// return IdentityLinkX509SubjectNames;
-// }
-//
-// public List<String> getSLRequestTemplates() throws ConfigurationException {
-// return new ArrayList<String>(SLRequestTemplates.values());
-// }
-//
-// public String getSLRequestTemplates(String type) throws ConfigurationException {
-// String el = SLRequestTemplates.get(type);
-// if (MiscUtil.isNotEmpty(el))
-// return el;
-// else {
-// Logger.warn("getSLRequestTemplates: BKU Type does not match: "
-// + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU);
-// return null;
-// }
-// }
-//
-// public List<String> getDefaultBKUURLs() throws ConfigurationException {
-// return new ArrayList<String>(DefaultBKUURLs.values());
-// }
-//
-// public String getDefaultBKUURL(String type) throws ConfigurationException {
-// String el = DefaultBKUURLs.get(type);
-// if (MiscUtil.isNotEmpty(el))
-// return el;
-// else {
-// Logger.warn("getSLRequestTemplates: BKU Type does not match: "
-// + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU);
-// return null;
-// }
-// }
-//
-//// public boolean isSSOBusinessService() throws ConfigurationException {
-////
-//// if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null)
-//// return true;
-//// else
-//// return false;
-//// }
-//
-// public String getSSOTagetIdentifier() throws ConfigurationException {
-// if (ssoconfig != null)
-// return ssoconfig.getTarget();
-// else
-// return null;
-// }
-//
-//// public String getSSOTarget() throws ConfigurationException {
-//// if (ssoconfig!= null)
-//// return ssoconfig.getTarget();
-////
-//// return null;
-//// }
-//
-// public String getSSOFriendlyName() {
-// if (ssoconfig!= null) {
-// if (MiscUtil.isNotEmpty(ssoconfig.getFriendlyName()))
-// return ssoconfig.getFriendlyName();
-// }
-//
-// return "Default MOA-ID friendly name for SSO";
-// }
-//
-// public String getSSOSpecialText() {
-// if (ssoconfig!= null) {
-// String text = ssoconfig.getSpecialText();
-// if (MiscUtil.isEmpty(text))
-// text = new String();
-//
-// return text;
-// }
-// return new String();
-// }
-//
-// public String getMOASessionEncryptionKey() {
-//
-// String prop = props.getProperty("configuration.moasession.key");
-// if (MiscUtil.isEmpty(prop))
-// return null;
-// else
-// return prop;
-// }
-//
-// /**
-// * @return
-// */
-// public String getMOAConfigurationEncryptionKey() {
-// String prop = props.getProperty("configuration.moaconfig.key");
-// if (MiscUtil.isEmpty(prop))
-// return null;
-// else
-// return prop;
-// }
-//
-// public boolean isIdentityLinkResigning() {
-// String prop = props.getProperty("configuration.resignidentitylink.active", "false");
-// return Boolean.valueOf(prop);
-// }
-//
-// public String getIdentityLinkResigningKey() {
-// String prop = props.getProperty("configuration.resignidentitylink.keygroup");
-// if (MiscUtil.isNotEmpty(prop))
-// return prop;
-// else
-// return null;
-// }
-//
-// /**
-// * Checks if is fakeIdL is activated.
-// *
-// * @return true, if fake IdLs are available for stork
-// */
-// public boolean isStorkFakeIdLActive() {
-// String prop = props.getProperty("stork.fakeIdL.active", "false");
-// return Boolean.valueOf(prop);
-// }
-//
-// /**
-// * Gets the countries which will receive a fake IdL
-// *
-// * @return the countries
-// */
-// public List<String> getStorkFakeIdLCountries() {
-// String prop = props.getProperty("stork.fakeIdL.countries", "");
-// return Arrays.asList(prop.replaceAll(" ", "").split(","));
-// }
-//
-// /**
-// * Gets the resigning key (group) for the stork fake IdL.
-// *
-// * @return the resigning key
-// */
-// public String getStorkFakeIdLResigningKey() {
-// String prop = props.getProperty("stork.fakeIdL.keygroup");
-// if (MiscUtil.isNotEmpty(prop))
-// return prop;
-// else
-// return null;
-// }
-//
-// /**
-// * Gets the countries for which it is configured to require no signature
-// *
-// * @return the stork no signature countries
-// */
-// public List<String> getStorkNoSignatureCountries() {
-// String prop = props.getProperty("stork.fakeIdL.noSignatureCountries", "");
-// return Arrays.asList(prop.replaceAll(" ", "").split(","));
-// }
-//
-// @JsonProperty("isMonitoringActive")
-// public boolean isMonitoringActive() {
-// String prop = props.getProperty("configuration.monitoring.active", "false");
-// return Boolean.valueOf(prop);
-// }
-//
-// public String getMonitoringTestIdentityLinkURL() {
-// String prop = props.getProperty("configuration.monitoring.test.identitylink.url");
-// if (MiscUtil.isNotEmpty(prop))
-// return prop;
-// else
-// return null;
-// }
-//
-// public String getMonitoringMessageSuccess() {
-// String prop = props.getProperty("configuration.monitoring.message.success");
-// if (MiscUtil.isNotEmpty(prop))
-// return prop;
-// else
-// return null;
-// }
-//
-// public boolean isAdvancedLoggingActive() {
-// String prop = props.getProperty("configuration.advancedlogging.active", "false");
-// return Boolean.valueOf(prop);
-// }
-//
-// public String getPublicURLPrefix() {
-// return publicURLPreFix;
-// }
-//
-// public boolean isPVP2AssertionEncryptionActive() {
-// String prop = props.getProperty("protocols.pvp2.assertion.encryption.active", "true");
-// return Boolean.valueOf(prop);
-// }
-//
-// public boolean isCertifiacteQCActive() {
-// String prop = props.getProperty("configuration.validation.certificate.QC.ignore", "false");
-// return !Boolean.valueOf(prop);
-// }
-//
-//
-// //Load document service url from moa properties
-// public String getDocumentServiceUrl() {
-// String prop = props.getProperty("stork.documentservice.url", "false");
-// return prop;
-// }
-//
-//
-// public boolean isPVPSchemaValidationActive() {
-// String prop = props.getProperty("protocols.pvp2.schemavalidation", "true");
-// return Boolean.valueOf(prop);
-// }
-//
-// /**
-// * Returns the STORK Configuration
-// * @return STORK Configuration
-// * @throws ConfigurationException
-// */
-// public STORKConfig getStorkConfig() throws ConfigurationException {
-//
-// return storkconfig;
-// }
-//
-// /**
-// * @return the eGovUtilsConfig
-// */
-//@JsonIgnore
-//public EgovUtilPropertiesConfiguration geteGovUtilsConfig() {
-// return eGovUtilsConfig;
-//}
-//
-//private void setCertStoreDirectory() throws ConfigurationException {
-// AuthComponentGeneral auth = getAuthComponentGeneral();
-//
-// if (auth.getGeneralConfiguration() != null)
-// certstoreDirectory = rootConfigFileDir + auth.getGeneralConfiguration().getCertStoreDirectory();
-// else {
-// Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined.");
-// throw new ConfigurationException("config.02", null);
-// }
-// }
-//
-// private void setTrustManagerRevocationChecking() throws ConfigurationException {
-// AuthComponentGeneral auth = getAuthComponentGeneral();
-//
-// if (auth.getGeneralConfiguration() != null &&
-// auth.getGeneralConfiguration().isTrustManagerRevocationChecking() != null)
-// trustmanagerrevoationchecking = auth.getGeneralConfiguration().isTrustManagerRevocationChecking();
-// else {
-// Logger.warn("No TrustMangerRevoationChecking defined. Use default value = TRUE");
-// throw new ConfigurationException("config.02", null);
-// }
-// }
-//
-// private static AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException {
-// AuthComponentGeneral authgeneral = moaidconfig.getAuthComponentGeneral();
-// if (authgeneral == null) {
-// Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found");
-// throw new ConfigurationException("config.02", null);
-// }
-// return authgeneral;
-// }
-//
-// private static MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException {
-// MOASP moasp = authgeneral.getMOASP();
-//
-// if (moasp == null) {
-// Logger.warn("Error in MOA-ID Configuration. No MOASP configuration found");
-// throw new ConfigurationException("config.02", null);
-// }
-// return moasp;
-// }
-//
-///* (non-Javadoc)
-// * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getConfigurationWithPrefix(java.lang.String)
-// */
-//@Override
-//public Properties getConfigurationWithPrefix(String Prefix) {
-// // TODO Auto-generated method stub
-// return null;
-//}
-//
-///* (non-Javadoc)
-// * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getConfigurationWithKey(java.lang.String)
-// */
-//@Override
-//public String getConfigurationWithKey(String key) {
-// // TODO Auto-generated method stub
-// return null;
-//}
-//
-//}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
index a2dfeba2f..ab2a07f7c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
@@ -263,6 +263,19 @@ public String getKeyBoxIdentifier() {
returnValue.setProvideAllErrors(
Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_RETURNERROR)));
+ if (Boolean.parseBoolean(
+ spConfiguration.getConfigurationValue(
+ MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE,
+ String.valueOf(false)))) {
+ Logger.info("Demo-mode for 'New Austrian eID' is active. Restrict SAML1 response ... ");
+ returnValue.setProvideBaseId(false);
+ returnValue.setProvideAuthBlock(false);
+ returnValue.setProvideIdl(false);
+ returnValue.setProvideMandate(false);
+
+ }
+
+
return returnValue;
}
@@ -920,6 +933,16 @@ public List<String> foreignbPKSectorsRequested() {
}
+@Override
+public List<String> additionalbPKSectorsRequested() {
+ String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS);
+ if (MiscUtil.isNotEmpty(value))
+ return KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(value));
+
+ else
+ return null;
+
+}
@Override
@@ -1002,4 +1025,5 @@ public boolean isConfigurationValue(String key, boolean defaultValue) {
}
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index 390b77dab..1b2d203c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -541,6 +541,12 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
}
@Override
+ public List<String> additionalbPKSectorsRequested() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
public boolean containsConfigurationKey(String arg0) {
// TODO Auto-generated method stub
return false;
@@ -593,6 +599,5 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
public String getLoAMatchingMode() {
return EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM;
}
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
index ff4b96aab..af4cf6fa7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
@@ -5,6 +5,7 @@ import java.util.List;
import org.w3c.dom.Element;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
public interface IMOAAuthData extends IAuthData{
@@ -17,7 +18,22 @@ public interface IMOAAuthData extends IAuthData{
*/
String getQAALevel();
- List<String> getEncbPKList();
+ /**
+ * Get a List of Pair<Encrytped bPK, bPKTarget>, where the bPKTarget is formated according
+ * to Section 3.2.7 ENC-BPK-LIST in PVP Attribute-Profile 2.1.3
+ *
+ * @return
+ */
+ List<Pair<String, String>> getEncbPKList();
+
+ /**
+ * Get a List of Pair<Encrytped bPK, bPKTarget> for natural-person mandates, where
+ * the bPKTarget is formated according to Section 3.2.7 ENC-BPK-LIST in PVP Attribute-Profile 2.1.3
+ *
+ * @return
+ */
+ List<Pair<String, String>> getEncMandateNaturalPersonbPKList();
+
byte[] getSignerCertificate();
String getAuthBlock();
boolean isPublicAuthority();
@@ -35,4 +51,10 @@ public interface IMOAAuthData extends IAuthData{
String getPvpAttribute_OU();
List<AuthenticationRole> getAuthenticationRoles();
+ /**
+ * Indicate Austrian eID demo-mode
+ *
+ * @return true if it is in demo-mode, otherwise false
+ */
+ public boolean isIseIDNewDemoMode();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
index ca0ae0687..897a06e62 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
@@ -29,6 +29,7 @@ import java.util.List;
import org.w3c.dom.Element;
import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
@@ -54,8 +55,10 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
private byte[] signerCertificate = null;
private String authBlock = null;
private String QAALevel = null;
- private List<String> encbPKList;
-
+
+ private List<Pair<String, String>> encbPKList;
+ private List<Pair<String, String>> encMandateNaturalPersonbPKList;
+
//ISA 1.18 attributes
private List<AuthenticationRole> roles = null;
private String pvpAttribute_OU = null;
@@ -69,6 +72,8 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
private LoALevelMapper loaMapper;
+ private boolean iseIDNewDemoMode = false;
+
public MOAAuthenticationData(ILoALevelMapper loaMapper) {
if (loaMapper instanceof LoALevelMapper)
this.loaMapper = (LoALevelMapper) loaMapper;
@@ -104,9 +109,9 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
}
@Override
- public List<String> getEncbPKList() {
+ public List<Pair<String, String>> getEncbPKList() {
if (this.encbPKList == null)
- this.encbPKList = new ArrayList<String>();
+ this.encbPKList = new ArrayList<Pair<String, String>>();
return this.encbPKList;
}
@@ -291,10 +296,27 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
}
/**
+ * Set a List of encrypted bPKs where each List element is formated according
+ * to Section 3.2.7 ENC-BPK-LIST in PVP Attribte-Profile 2.1.3
+ *
* @param encbPKList the encbPKList to set
*/
public void setEncbPKList(List<String> encbPKList) {
- this.encbPKList = encbPKList;
+ if (encbPKList != null) {
+ for (String el : encbPKList) {
+ Logger.trace("Processing foreign bPK string: " + el );
+ int index = el.indexOf("|");
+ if (index >= 0) {
+ String encbPK = el.substring(index+1);
+ String second = el.substring(0, index);
+ getEncbPKList().add(Pair.newInstance(encbPK, second));
+
+ } else
+ Logger.info("Foreign bPK: " + el + " is misformatted. Ignore it");
+
+ }
+
+ }
}
@@ -321,648 +343,32 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
public void setQualifiedCertificate(boolean qualifiedCertificate) {
this.qualifiedCertificate = qualifiedCertificate;
}
-
-
-// private static final long serialVersionUID = -1042697056735596866L;
-// public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
-//
-// /**
-// * URL of the MOA-ID Auth component issueing this assertion
-// */
-// private String issuer;
-// /**
-// * time instant of issue of this assertion
-// */
-// private Date issueInstant;
-// /**
-// * user identification value (Stammzahl); <code>null</code>,
-// * if the authentication module is configured not to return this data
-// */
-// private String identificationValue;
-// /**
-// * user identification type
-// */
-// private String identificationType;
-//
-// /**
-// * user identityLink specialized to OAParamter
-// */
-// private IIdentityLink identityLink;
-//
-// /**
-// * application specific user identifier (bPK/wbPK)
-// */
-// private String bPK;
-//
-// /**
-// * application specific user identifier type
-// */
-// private String bPKType;
-//
-// /**
-// * given name of the user
-// */
-// private String givenName;
-// /**
-// * family name of the user
-// */
-// private String familyName;
-// /**
-// * date of birth of the user
-// */
-// private Date dateOfBirth;
-// /**
-// * says whether the certificate is a qualified certificate or not
-// */
-//
-// /**
-// * says whether the certificate is a public authority or not
-// */
-// /**
-// * public authority code (Beh&ouml;rdenkennzeichen - BKZ)
-// */
-//
-//
-// /**
-// * URL of the BKU
-// */
-//
-// /**
-// * the corresponding <code>lt;saml:Assertion&gt;</code>
-// */
-//
-// private boolean isBaseIDTransferRestrication = true;
-//
-//
-// /**
-// * STORK attributes from response
-// */
-// private String ccc = null;
-//
-// private Map<String, Object> genericDataStorate = new HashedMap<String, Object>();
-//
-//
-//
-// private String authBlock = null;
-// private List<String> encbPKList = null;
-//
-// //ISA 1.18 attributes
-// private List<AuthenticationRole> roles = null;
-// private String pvpAttribute_OU = null;
-//
-// private boolean useMandate = false;
-// private IMISMandate mandate = null;
-// private String mandateReferenceValue = null;
-//
-// private boolean foreigner =false;
-// private String QAALevel = null;
-//
-// private boolean ssoSession = false;
-// private Date ssoSessionValidTo = null;
-//
-//// private boolean interfederatedSSOSession = false;
-//// private String interfederatedIDP = null;
-//
-// private String sessionIndex = null;
-// private String nameID = null;
-// private String nameIDFormat = null;
-//
-// public AuthenticationData() {
-// issueInstant = new Date();
-// }
-//
-// /**
-// * Returns the publicAuthority.
-// * @return boolean
-// */
-// public boolean isPublicAuthority() {
-// return publicAuthority;
-// }
-//
-// /**
-// * Returns the publicAuthorityCode.
-// * @return String
-// */
-// public String getPublicAuthorityCode() {
-// return publicAuthorityCode;
-// }
-//
-// /**
-// * Returns the qualifiedCertificate.
-// * @return boolean
-// */
-// public boolean isQualifiedCertificate() {
-// return qualifiedCertificate;
-// }
-//
-// /**
-// * Returns the bPK.
-// * @return String
-// */
-// public String getBPK() {
-// return bPK;
-// }
-//
-// /**
-// * Sets the publicAuthority.
-// * @param publicAuthority The publicAuthority to set
-// */
-// public void setPublicAuthority(boolean publicAuthority) {
-// this.publicAuthority = publicAuthority;
-// }
-//
-// /**
-// * Sets the publicAuthorityCode.
-// * @param publicAuthorityIdentification The publicAuthorityCode to set
-// */
-// public void setPublicAuthorityCode(String publicAuthorityIdentification) {
-// this.publicAuthorityCode = publicAuthorityIdentification;
-// }
-//
-// /**
-// * Sets the qualifiedCertificate.
-// * @param qualifiedCertificate The qualifiedCertificate to set
-// */
-// public void setQualifiedCertificate(boolean qualifiedCertificate) {
-// this.qualifiedCertificate = qualifiedCertificate;
-// }
-//
-// /**
-// * Sets the bPK.
-// * @param bPK The bPK to set
-// */
-// public void setBPK(String bPK) {
-// this.bPK = bPK;
-// }
-//
-// /**
-// * Returns the dateOfBirth.
-// * @return String
-// */
-// public Date getDateOfBirth() {
-// return dateOfBirth;
-// }
-//
-// public String getFormatedDateOfBirth() {
-// DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
-// if (getDateOfBirth() != null)
-// return pvpDateFormat.format(getDateOfBirth());
-// else
-// return "2999-12-31";
-// }
-//
-// /**
-// * Returns the familyName.
-// * @return String
-// */
-// public String getFamilyName() {
-// return familyName;
-// }
-//
-// /**
-// * Returns the givenName.
-// * @return String
-// */
-// public String getGivenName() {
-// return givenName;
-// }
-//
-// /**
-// * Holds the baseID of a citizen
-// *
-// * @return baseID
-// */
-// public String getIdentificationValue() {
-// return identificationValue;
-// }
-//
-// /**
-// * Holds the type of the baseID
-// *
-// * @return baseID-Type
-// */
-// public String getIdentificationType() {
-// return identificationType;
-// }
-//
-// /**
-// * Returns the issueInstant.
-// * @return String
-// */
-// public String getIssueInstantString() {
-// return DateTimeUtils.buildDateTimeUTC(issueInstant);
-//
-// }
-//
-// /**
-// * Returns the issueInstant.
-// * @return String
-// */
-// public Date getIssueInstant() {
-// return issueInstant;
-//
-// }
-//
-// public void setIssueInstant(Date date) {
-// this.issueInstant = date;
-// }
-//
-// /**
-// * Returns the issuer.
-// * @return String
-// */
-// public String getIssuer() {
-// return issuer;
-// }
-//
-// /**
-// * Returns the BKU URL.
-// * @return String
-// */
-// public String getBkuURL() {
-// return bkuURL;
-// }
-//
-// /**
-// * Sets the dateOfBirth.
-// * @param dateOfBirth The dateOfBirth to set
-// */
-// public void setDateOfBirth(Date dateOfBirth) {
-// this.dateOfBirth = dateOfBirth;
-// }
-//
-// public void setDateOfBirth(String dateOfBirth) {
-// try {
-// if (MiscUtil.isNotEmpty(dateOfBirth)) {
-// DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
-// this.dateOfBirth = identityLinkFormat.parse(dateOfBirth);
-// }
-//
-// } catch (ParseException e) {
-// Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e);
-//
-// }
-// }
-//
-// /**
-// * Sets the familyName.
-// * @param familyName The familyName to set
-// */
-// public void setFamilyName(String familyName) {
-// this.familyName = familyName;
-// }
-//
-// /**
-// * Sets the givenName.
-// * @param givenName The givenName to set
-// */
-// public void setGivenName(String givenName) {
-// this.givenName = givenName;
-// }
-//
-// /**
-// * Sets the identificationValue.
-// * @param identificationValue The identificationValue to set
-// */
-// public void setIdentificationValue(String identificationValue) {
-// this.identificationValue = identificationValue;
-// }
-//
-// /**
-// * Sets the identificationType.
-// * @param identificationType The identificationType to set
-// */
-// public void setIdentificationType(String identificationType) {
-// this.identificationType = identificationType;
-// }
-//
-// /**
-// * Sets the issuer.
-// * @param issuer The issuer to set
-// */
-// public void setIssuer(String issuer) {
-// this.issuer = issuer;
-// }
-//
-// /**
-// * Sets the bkuURL
-// * @param url The BKU URL to set
-// */
-// public void setBkuURL(String url) {
-// this.bkuURL = url;
-// }
-//
-// public String getBPKType() {
-// return bPKType;
-// }
-//
-// public void setBPKType(String bPKType) {
-// this.bPKType = bPKType;
-// }
-//
-
-//
-//
-
-//
-//
-// public String getEIDASQAALevel() {
-// if (this.QAALevel != null &&
-// this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
-// String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel);
-// if (MiscUtil.isNotEmpty(mappedQAA))
-// return mappedQAA;
-//
-// else {
-// Logger.error("STORK QAA-level:" + this.QAALevel
-// + " can not be mapped to eIDAS QAA-level! Use "
-// + PVPConstants.EIDAS_QAA_LOW + " as default value.");
-// return PVPConstants.EIDAS_QAA_LOW;
-//
-// }
-//
-//
-// } else
-// return this.QAALevel;
-//
-// }
-//
-//
-// /**
-// * @return
-// */
-// public boolean isForeigner() {
-// return this.foreigner;
-// }
-//
-//
-// /**
-// * @param foreigner the foreigner to set
-// */
-// public void setForeigner(boolean foreigner) {
-// this.foreigner = foreigner;
-// }
-//
-//
-
-//
-// /**
-// * @return the ssoSession
-// */
-// public boolean isSsoSession() {
-// return ssoSession;
-// }
-//
-//
-// /**
-// * @param ssoSession the ssoSession to set
-// */
-// public void setSsoSession(boolean ssoSession) {
-// this.ssoSession = ssoSession;
-// }
-//
-// /**
-// * @return the mandateReferenceValue
-// */
-// public String getMandateReferenceValue() {
-// return mandateReferenceValue;
-// }
-//
-// /**
-// * @param mandateReferenceValue the mandateReferenceValue to set
-// */
-// public void setMandateReferenceValue(String mandateReferenceValue) {
-// this.mandateReferenceValue = mandateReferenceValue;
-// }
-//
-// /**
-// * CountryCode of the citizen which is identified and authenticated
-// *
-// * @return the CountryCode <pre>like. AT, SI, ...</pre>
-// */
-// public String getCcc() {
-// return ccc;
-// }
-//
-// /**
-// * @param ccc the ccc to set
-// */
-// public void setCcc(String ccc) {
-// this.ccc = ccc;
-// }
-//
-// /**
-// * @return the sessionIndex
-// */
-// public String getSessionIndex() {
-// return sessionIndex;
-// }
-//
-// /**
-// * @param sessionIndex the sessionIndex to set
-// */
-// public void setSessionIndex(String sessionIndex) {
-// this.sessionIndex = sessionIndex;
-// }
-//
-// /* (non-Javadoc)
-// * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID()
-// */
-// @Override
-// public String getNameID() {
-// return this.nameID;
-// }
-//
-// /**
-// * @param nameID the nameID to set
-// */
-// public void setNameID(String nameID) {
-// this.nameID = nameID;
-// }
-//
-// /**
-// * @return the nameIDFormat
-// */
-// public String getNameIDFormat() {
-// return nameIDFormat;
-// }
-//
-// /**
-// * @param nameIDFormat the nameIDFormat to set
-// */
-// public void setNameIDFormat(String nameIDFormat) {
-// this.nameIDFormat = nameIDFormat;
-// }
-//
-//// /**
-//// * @return the interfederatedSSOSession
-//// */
-//// public boolean isInterfederatedSSOSession() {
-//// return interfederatedSSOSession;
-//// }
-////
-//// /**
-//// * @param interfederatedSSOSession the interfederatedSSOSession to set
-//// */
-//// public void setInterfederatedSSOSession(boolean interfederatedSSOSession) {
-//// this.interfederatedSSOSession = interfederatedSSOSession;
-//// }
-////
-//// /**
-//// * @return the interfederatedIDP
-//// */
-//// public String getInterfederatedIDP() {
-//// return interfederatedIDP;
-//// }
-////
-//// /**
-//// * @param interfederatedIDP the interfederatedIDP to set
-//// */
-//// public void setInterfederatedIDP(String interfederatedIDP) {
-//// this.interfederatedIDP = interfederatedIDP;
-//// }
-//
-// /**
-// * @return the ssoSessionValidTo
-// */
-// public Date getSsoSessionValidTo() {
-// return ssoSessionValidTo;
-// }
-//
-// /**
-// * @param ssoSessionValidTo the ssoSessionValidTo to set
-// */
-// public void setSsoSessionValidTo(Date ssoSessionValidTo) {
-// this.ssoSessionValidTo = ssoSessionValidTo;
-// }
-//
-// /**
-// * @return the encbPKList
-// */
-// public List<String> getEncbPKList() {
-// return encbPKList;
-// }
-//
-// /**
-// * @param encbPKList the encbPKList to set
-// */
-// public void setEncbPKList(List<String> encbPKList) {
-// this.encbPKList = encbPKList;
-// }
-//
-// /**
-// * @return the roles
-// */
-// public List<AuthenticationRole> getAuthenticationRoles() {
-//// if (this.roles == null) {
-//// this.roles = new ArrayList<AuthenticationRole>();
-//// this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole"));
-//// this.roles.add(new AuthenticationRole("yypvprole", "yypvprole"));
-//// }
-//
-// return roles;
-// }
-//
-// //ISA 1.18 attributes
-// /**
-// * @param roles the roles to set
-// */
-// public void addAuthenticationRole(AuthenticationRole role) {
-// if (this.roles == null)
-// this.roles = new ArrayList<AuthenticationRole>();
-//
-// this.roles.add(role);
-// }
-//
-// /**
-// * @return the pvpAttribute_OU
-// */
-// public String getPvpAttribute_OU() {
-// return pvpAttribute_OU;
-// }
-//
-// /**
-// * @param pvpAttribute_OU the pvpAttribute_OU to set
-// */
-// public void setPvpAttribute_OU(String pvpAttribute_OU) {
-// this.pvpAttribute_OU = pvpAttribute_OU;
-// }
-//
-// /* (non-Javadoc)
-// * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService()
-// */
-// @Override
-// public boolean isBaseIDTransferRestrication() {
-// return isBaseIDTransferRestrication;
-// }
-//
-// /**
-// * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set
-// */
-// public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) {
-// this.isBaseIDTransferRestrication = isBaseIDTransferRestrication;
-// }
-//
-// /**
-// * Returns a generic data-object with is stored with a specific identifier
-// *
-// * @param key The specific identifier of the data object
-// * @param clazz The class type which is stored with this key
-// * @return The data object or null if no data is found with this key
-// */
-// public <T> T getGenericData(String key, final Class<T> clazz) {
-// if (MiscUtil.isNotEmpty(key)) {
-// Object data = genericDataStorate.get(key);
-//
-// if (data == null)
-// return null;
-//
-// try {
-// @SuppressWarnings("unchecked")
-// T test = (T) data;
-// return test;
-//
-// } catch (Exception e) {
-// Logger.warn("Generic authentication-data object can not be casted to requsted type", e);
-// return null;
-//
-// }
-//
-// }
-//
-// Logger.warn("Can not load generic session-data with key='null'");
-// return null;
-//
-// }
-//
-// /**
-// * Store a generic data-object to session with a specific identifier
-// *
-// * @param key Identifier for this data-object
-// * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
-// * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
-// */
-// public void setGenericData(String key, Object object) throws SessionDataStorageException {
-// if (MiscUtil.isEmpty(key)) {
-// Logger.warn("Generic session-data can not be stored with a 'null' key");
-// throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null);
-//
-// }
-//
-// if (object != null) {
-// if (!Serializable.class.isInstance(object)) {
-// Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface");
-// throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null);
-//
-// }
-// }
-//
-// if (genericDataStorate.containsKey(key))
-// Logger.debug("Overwrite generic data with key:" + key);
-// else
-// Logger.trace("Add generic data with key:" + key + " to session.");
-//
-// genericDataStorate.put(key, object);
-// }
+
+
+ public boolean isIseIDNewDemoMode() {
+ return iseIDNewDemoMode;
+ }
+
+ /**
+ * Set eID demo-mode into AuthData
+ * @param iseIDNewDemoMode true if it is in demo-mode, otherwise false
+ */
+ public void setIseIDNewDemoMode(boolean iseIDNewDemoMode) {
+ this.iseIDNewDemoMode = iseIDNewDemoMode;
+ }
+
+ public List<Pair<String, String>> getEncMandateNaturalPersonbPKList() {
+ if (this.encMandateNaturalPersonbPKList == null)
+ this.encMandateNaturalPersonbPKList = new ArrayList<Pair<String, String>>();
+
+ return this.encMandateNaturalPersonbPKList;
+
+ }
+
+ public void setEncMandateNaturalPersonbPKList(List<Pair<String, String>> encMandateNaturalPersonbPKList) {
+ this.encMandateNaturalPersonbPKList = encMandateNaturalPersonbPKList;
+ }
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index b5005d0c9..2b550f21e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -26,7 +26,6 @@ import java.util.Date;
import java.util.Map;
import java.util.Map.Entry;
-import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -59,6 +58,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.CookieUtils;
import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -329,12 +329,12 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
} else {
//check if IDP cookie is set
- String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION);
+ String cookie = CookieUtils.getValueFromCookie(httpReq, SSOINTERFEDERATION);
if (MiscUtil.isNotEmpty(cookie)) {
Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie);
moaReq.setRawDataToTransaction(DATAID_INTERFEDERATIOIDP_URL, cookie);
- deleteCookie(httpReq, httpResp, SSOINTERFEDERATION);
+ CookieUtils.deleteCookie(httpReq, httpResp, SSOINTERFEDERATION);
}
}
@@ -345,7 +345,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
}
public void setInterfederationIDPCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String value) {
- setCookie(httpReq, httpResp, SSOINTERFEDERATION, value, INTERFEDERATIONCOOKIEMAXAGE);
+ CookieUtils.setCookie(httpReq, httpResp, SSOINTERFEDERATION, value, INTERFEDERATIONCOOKIEMAXAGE);
}
@@ -443,7 +443,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
public String getSSOSessionID(HttpServletRequest httpReq) {
- return getValueFromCookie(httpReq, SSOCOOKIE);
+ return CookieUtils.getValueFromCookie(httpReq, SSOCOOKIE);
}
@@ -510,43 +510,43 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
private void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) {
- setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1);
+ CookieUtils.setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1);
}
private void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) {
- deleteCookie(httpReq, httpResp, SSOCOOKIE);
+ CookieUtils.deleteCookie(httpReq, httpResp, SSOCOOKIE);
}
- private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) {
- Cookie[] cookies = httpReq.getCookies();
-
- if (cookies != null) {
- for (Cookie cookie : cookies) {
- if (cookie.getName().equals(cookieName)) {
- return cookie.getValue();
- }
- }
- }
- return null;
- }
-
- private void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp,
- String cookieName, String cookieValue, int maxAge) {
-
- Cookie cookie = new Cookie(cookieName, cookieValue);
- cookie.setMaxAge(maxAge);
- cookie.setSecure(true);
- cookie.setHttpOnly(true);
- cookie.setPath(httpReq.getContextPath());
-
- httpResp.addCookie(cookie);
- }
-
- private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) {
- setCookie(httpReq, httpResp, cookieName, "", 0);
-
- }
+// private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) {
+// Cookie[] cookies = httpReq.getCookies();
+//
+// if (cookies != null) {
+// for (Cookie cookie : cookies) {
+// if (cookie.getName().equals(cookieName)) {
+// return cookie.getValue();
+// }
+// }
+// }
+// return null;
+// }
+//
+// private void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp,
+// String cookieName, String cookieValue, int maxAge) {
+//
+// Cookie cookie = new Cookie(cookieName, cookieValue);
+// cookie.setMaxAge(maxAge);
+// cookie.setSecure(true);
+// cookie.setHttpOnly(true);
+// cookie.setPath(httpReq.getContextPath());
+//
+// httpResp.addCookie(cookie);
+// }
+//
+// private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) {
+// setCookie(httpReq, httpResp, cookieName, "", 0);
+//
+// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java
new file mode 100644
index 000000000..c5a8d88b7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java
@@ -0,0 +1,56 @@
+
+package at.gv.egovernment.moa.id.protocols.builder.attributes;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+
+@PVPMETADATA
+public class BPKListAttributeBuilder extends BPKAttributeBuilder implements IPVPAttributeBuilder {
+
+ private static final Logger log = LoggerFactory.getLogger(BPKListAttributeBuilder.class);
+
+ public static final String DELIMITER_BPK_LIST = ";";
+ public static final String LIST_ELEMENT_START = "(";
+ public static final String LIST_ELEMENT_END = ")";
+
+ public String getName() {
+ return BPK_LIST_NAME;
+ }
+
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+ String result = LIST_ELEMENT_START + getBpkForSP(authData) + LIST_ELEMENT_END;
+
+ //add additional bPKs if someone are available
+ if (authData.getAdditionalbPKs() != null && !authData.getAdditionalbPKs().isEmpty()) {
+ log.info("Adding additional bPKs into bPK attribute");
+ for (Pair<String, String> el : authData.getAdditionalbPKs()) {
+ result += DELIMITER_BPK_LIST
+ + LIST_ELEMENT_START
+ + removeBpkTypePrefix(el.getSecond())
+ + DELIMITER_BPKTYPE_BPK
+ + attrMaxSize(el.getFirst())
+ + LIST_ELEMENT_END;
+
+ }
+ log.trace("Authenticate user with bPK-List: " + result);
+ }
+
+ log.trace("Authenticate user with bPK/wbPK: " + result);
+ return g.buildStringAttribute(BPK_LIST_FRIENDLY_NAME, BPK_LIST_NAME, result);
+ }
+
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(BPK_LIST_FRIENDLY_NAME, BPK_LIST_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
index 139bb15cc..a1a5825b3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
@@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
+@Deprecated
@PVPMETADATA
public class EIDAuthBlock implements IPVPAttributeBuilder {
@@ -49,6 +50,13 @@ public class EIDAuthBlock implements IPVPAttributeBuilder {
try {
if (authData instanceof IMOAAuthData) {
+
+ if (((IMOAAuthData)authData).isIseIDNewDemoMode()) {
+ Logger.info(EID_AUTH_BLOCK_FRIENDLY_NAME + " is NOT available in Austrian eID demo-mode");
+ throw new UnavailableAttributeException(EID_AUTH_BLOCK_NAME);
+
+ }
+
String authblock = ((IMOAAuthData)authData).getAuthBlock();
if (MiscUtil.isNotEmpty(authblock)) {
return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
index 44043ec40..bf7187e51 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
@@ -28,6 +28,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.logging.Logger;
@@ -35,6 +36,8 @@ import at.gv.egovernment.moa.logging.Logger;
@PVPMETADATA
public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
+ public static final String DELIMITER_ENCBPK_TARGET = "|";
+
public String getName() {
return ENC_BPK_LIST_NAME;
}
@@ -45,12 +48,22 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
if (authData instanceof IMOAAuthData) {
if (((IMOAAuthData)authData).getEncbPKList() != null &&
((IMOAAuthData)authData).getEncbPKList().size() > 0) {
- String value = ((IMOAAuthData)authData).getEncbPKList().get(0);
- for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++)
- value += ";"+((IMOAAuthData)authData).getEncbPKList().get(i);
+ Pair<String, String> value = ((IMOAAuthData)authData).getEncbPKList().get(0);
+ String result = BPKListAttributeBuilder.LIST_ELEMENT_START
+ + value.getSecond() + DELIMITER_ENCBPK_TARGET + value.getFirst()
+ + BPKListAttributeBuilder.LIST_ELEMENT_END;
+
+ for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++) {
+ Pair<String, String> el = ((IMOAAuthData)authData).getEncbPKList().get(i);
+ result += BPKListAttributeBuilder.DELIMITER_BPK_LIST
+ + BPKListAttributeBuilder.LIST_ELEMENT_START
+ + el.getSecond() + DELIMITER_ENCBPK_TARGET + el.getFirst()
+ + BPKListAttributeBuilder.LIST_ELEMENT_END;
+
+ }
return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME,
- value);
+ result);
}
@@ -59,16 +72,6 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
throw new UnavailableAttributeException(ENC_BPK_LIST_NAME);
-// String encbpk = "XXX01234567890XXX";
-// String type = "Bereich";
-// String vkz = "Verfahrenskennzeichen";
-//
-// //TODO: implement encrypted bPK support
-//
-// Logger.trace("Authenticate user with encrypted bPK " + vkz + "+" + type + "|" + encbpk);
-//
-// return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME,
-// vkz + "+" + type + "|" + encbpk);
}
public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
index a40c0fefb..fb101467a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -48,8 +48,16 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if (authData instanceof IMOAAuthData) {
+ if (authData instanceof IMOAAuthData) {
if (((IMOAAuthData)authData).isUseMandate()) {
+
+ if (((IMOAAuthData)authData).isIseIDNewDemoMode()) {
+ Logger.info(MANDATE_FULL_MANDATE_FRIENDLY_NAME + " is NOT available in Austrian eID demo-mode");
+ return null;
+
+ }
+
+
//only provide full mandate if it is included.
//In case of federation only a short mandate could be include
if (((IMOAAuthData)authData).getMandate() != null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index f67f79dcf..4d41cc19b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -22,11 +22,13 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.builder.attributes;
+import org.apache.commons.lang3.StringUtils;
import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
@@ -36,9 +38,9 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
@@ -57,42 +59,10 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
try {
- Pair<String, String> calcResult = internalBPKGenerator((IOAAuthParameters)oaParam, authData);
- if (calcResult != null) {
- String bpk = calcResult.getFirst();
- String type = calcResult.getSecond();
-
- if (MiscUtil.isEmpty(bpk))
- throw new UnavailableAttributeException(BPK_NAME);
-
- if (type != null) {
- if (type.startsWith(Constants.URN_PREFIX_WBPK))
- type = type.substring((Constants.URN_PREFIX_WBPK + "+").length());
-
- else if (type.startsWith(Constants.URN_PREFIX_CDID))
- type = type.substring((Constants.URN_PREFIX_CDID + "+").length());
-
- else if (type.startsWith(Constants.URN_PREFIX_EIDAS))
- type = type.substring((Constants.URN_PREFIX_EIDAS + "+").length());
-
- } else {
- Logger.debug("bPK type is 'null' --> use it as it is");
-
- }
-
- if (bpk.length() > BPK_MAX_LENGTH) {
- bpk = bpk.substring(0, BPK_MAX_LENGTH);
- }
-
- Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type);
-
- if (type != null)
- return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, type + ":" + bpk);
- else
- return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, bpk);
-
- }
-
+ String bPKResult = getBpkAttributeStringForSP(oaParam, authData);
+ if (StringUtils.isNoneEmpty(bPKResult))
+ return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, bPKResult);
+
}
catch (BuildException | ConfigurationException | EAAFBuilderException e) {
Logger.error("Failed to generate IdentificationType");
@@ -103,12 +73,109 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
return null;
}
-
+
public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME);
}
- protected Pair<String, String> internalBPKGenerator(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException {
+ protected Pair<String, String> getBpkForSp(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException {
+ Pair<String, String> baseId = getBaseIdFromMandate(oaParam, authData);
+ Pair<String, String> bPKResult = null;
+
+ if (baseId != null) {
+ if (baseId.getSecond() != null && baseId.getSecond().equals(Constants.URN_PREFIX_BASEID))
+ bPKResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(baseId.getFirst(),
+ oaParam.getAreaSpecificTargetIdentifier());
+ else {
+ Logger.debug("No BaseId target in mandate. Use it as it is ... ");
+ bPKResult = Pair.newInstance(baseId.getFirst(), null);
+
+ }
+ }
+
+ return bPKResult;
+
+ }
+
+
+ /**
+ * Generate the bPK String for this specific SP
+ *
+ * @param oaParam
+ * @param authData
+ * @return
+ * @throws UnavailableAttributeException
+ * @throws EAAFBuilderException
+ * @throws ConfigurationException
+ * @throws BuildException
+ * @throws NoMandateDataAttributeException
+ */
+ protected String getBpkAttributeStringForSP(ISPConfiguration oaParam, IAuthData authData) throws UnavailableAttributeException, EAAFBuilderException, NoMandateDataAttributeException, BuildException, ConfigurationException {
+ Pair<String, String> bPKResult = getBpkForSp(oaParam, authData);
+ if (bPKResult != null) {
+ String bpk = bPKResult.getFirst();
+ String type = bPKResult.getSecond();
+
+ if (MiscUtil.isEmpty(bpk))
+ throw new UnavailableAttributeException(BPK_NAME);
+
+ if (type != null)
+ type = removeBpkTypePrefix(type);
+ else
+ Logger.debug("bPK type is 'null' --> use it as it is");
+
+ bpk = attrMaxSize(bpk);
+
+ Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type);
+
+ if (type != null)
+ return type + BPKAttributeBuilder.DELIMITER_BPKTYPE_BPK + bpk;
+ else
+ return bpk;
+
+ }
+
+ return null;
+
+ }
+
+
+ /**
+ * Limit the attribute value to maximum size
+ *
+ * @param attr
+ * @return
+ */
+ protected String attrMaxSize(String attr) {
+ if (attr != null && attr.length() > BPK_MAX_LENGTH) {
+ attr = attr.substring(0, BPK_MAX_LENGTH);
+ }
+ return attr;
+
+ }
+
+ /**
+ * Remove bPKType prefix if available
+ *
+ * @param type
+ * @return
+ */
+ protected String removeBpkTypePrefix(String type) {
+ if (type.startsWith(EAAFConstants.URN_PREFIX_WBPK))
+ return type.substring((EAAFConstants.URN_PREFIX_WBPK).length());
+
+ else if (type.startsWith(EAAFConstants.URN_PREFIX_CDID))
+ return type.substring((EAAFConstants.URN_PREFIX_CDID).length());
+
+ else if (type.startsWith(EAAFConstants.URN_PREFIX_EIDAS))
+ return type.substring((EAAFConstants.URN_PREFIX_EIDAS).length());
+
+ else
+ return type;
+
+ }
+
+ protected Pair<String, String> getBaseIdFromMandate(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException {
//get PVP attribute directly, if exists
Pair<String, String> calcResult = null;
if (authData instanceof IMOAAuthData) {
@@ -136,13 +203,8 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
Logger.info("Failed to generate IdentificationType");
throw new NoMandateDataAttributeException();
}
-
-
- if (id.getType().equals(Constants.URN_PREFIX_BASEID))
- calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(),
- oaParam.getAreaSpecificTargetIdentifier());
- else
- calcResult = Pair.newInstance(id.getValue().getValue(), id.getType());
+
+ calcResult = Pair.newInstance(id.getValue().getValue(), id.getType());
} else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java
new file mode 100644
index 000000000..fd00e2f61
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java
@@ -0,0 +1,83 @@
+
+package at.gv.egovernment.moa.id.protocols.builder.attributes;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+@PVPMETADATA
+public class MandateNaturalPersonBPKListAttributeBuilder extends MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_NAT_PER_BPK_LIST_NAME;
+ }
+
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+
+ try {
+ String result = getBpkAttributeStringForSP(oaParam, authData);
+
+ if (result != null) {
+ result = BPKListAttributeBuilder.LIST_ELEMENT_START + result + BPKListAttributeBuilder.LIST_ELEMENT_END;
+
+ //add additional bPKs if someone are available
+ if (authData.getAdditionalbPKs() != null && !authData.getAdditionalbPKs().isEmpty()) {
+ Logger.info("Additional bPKs available. Calculate additional bPKs for mandate ... ");
+ Pair<String, String> baseId = getBaseIdFromMandate(oaParam, authData);
+ if (baseId != null && StringUtils.isNotEmpty(baseId.getSecond())
+ && baseId.getSecond().equals(Constants.URN_PREFIX_BASEID)) {
+ for (Pair<String, String> el : authData.getAdditionalbPKs()) {
+
+ Pair<String, String> addBpk =
+ new BPKBuilder().generateAreaSpecificPersonIdentifier(
+ baseId.getFirst(),
+ el.getSecond());
+
+ Logger.trace("Calculate bPK with " + addBpk.toString());
+
+ result += BPKListAttributeBuilder.DELIMITER_BPK_LIST
+ + BPKListAttributeBuilder.LIST_ELEMENT_START
+ + removeBpkTypePrefix(addBpk.getSecond())
+ + BPKAttributeBuilder.DELIMITER_BPKTYPE_BPK
+ + attrMaxSize(addBpk.getFirst())
+ + BPKListAttributeBuilder.LIST_ELEMENT_END;
+
+ }
+ }
+ }
+
+ Logger.trace("Authenticate user with List of bPK/wbPK: " + result + " for mandate");
+ return g.buildStringAttribute(MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_LIST_NAME, result);
+
+ }
+
+ return null;
+
+ } catch (BuildException | ConfigurationException | EAAFBuilderException e) {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAttributeException();
+
+ }
+
+ }
+
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_LIST_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java
new file mode 100644
index 000000000..220ccd94e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java
@@ -0,0 +1,62 @@
+
+package at.gv.egovernment.moa.id.protocols.builder.attributes;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.logging.Logger;
+
+@PVPMETADATA
+public class MandateNaturalPersonEncBPKListAttributeBuilder implements IPVPAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_NAT_PER_ENC_BPK_LIST_NAME;
+ }
+
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+
+ if (authData instanceof IMOAAuthData) {
+ if (((IMOAAuthData) authData).isUseMandate()) {
+ if (((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList() != null &&
+ ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().size() > 0) {
+ Pair<String, String> value = ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().get(0);
+ String result = BPKListAttributeBuilder.LIST_ELEMENT_START
+ + value.getSecond() + EncryptedBPKAttributeBuilder.DELIMITER_ENCBPK_TARGET + value.getFirst()
+ + BPKListAttributeBuilder.LIST_ELEMENT_END;
+
+ for (int i=1; i<((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().size(); i++) {
+ Pair<String, String> el = ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().get(i);
+ result += BPKListAttributeBuilder.DELIMITER_BPK_LIST
+ + BPKListAttributeBuilder.LIST_ELEMENT_START
+ + el.getSecond() + EncryptedBPKAttributeBuilder.DELIMITER_ENCBPK_TARGET + el.getFirst()
+ + BPKListAttributeBuilder.LIST_ELEMENT_END;
+
+ }
+
+ return g.buildStringAttribute(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_ENC_BPK_LIST_NAME,
+ result);
+
+ }
+
+ } else
+ Logger.trace(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME + " is only availabe if mandates are used");
+
+ } else
+ Logger.info(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME + " is only available in MOA-ID context");
+
+ throw new UnavailableAttributeException(MANDATE_NAT_PER_ENC_BPK_LIST_NAME);
+
+ }
+
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_ENC_BPK_LIST_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
index 32b45a595..88648b56e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
@@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.No
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
+@Deprecated
@PVPMETADATA
public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttributeBuilder {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
index 90a0d61c9..223994e6e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
@@ -38,6 +38,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.No
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
+@Deprecated
@PVPMETADATA
public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAttributeBuilder {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java
index e3b58d259..5daa71b1f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java
@@ -20,7 +20,7 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
-package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+package at.gv.egovernment.moa.id.protocols.builder.attributes;
import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
@@ -28,7 +28,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
* @author tlenz
*
*/
-public class SimpleEidasAttributeGenerator implements IAttributeGenerator<String> {
+public class SimpleStringAttributeGenerator implements IAttributeGenerator<String> {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildStringAttribute(java.lang.String, java.lang.String, java.lang.String)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 1fa17c683..4fc37d88f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -145,7 +145,9 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider {
try {
//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
- PVPConstants.SSLSOCKETFACTORYNAME,
+ PVPConstants.SSLSOCKETFACTORYNAME,
+ moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
moaAuthConfig.getTrustedCACertificates(),
null,
AuthConfiguration.DEFAULT_X509_CHAININGMODE,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
index d7ada1f36..bd908f894 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
@@ -75,7 +75,9 @@ public class MOASAMLSOAPClient {
//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
SecureProtocolSocketFactory sslprotocolsocketfactory =
new MOAHttpProtocolSocketFactory(
- PVPConstants.SSLSOCKETFACTORYNAME,
+ PVPConstants.SSLSOCKETFACTORYNAME,
+ AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(),
null,
AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(),
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
index 8d36e81bb..df43316ca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
@@ -36,7 +36,7 @@ import org.springframework.dao.DataAccessException;
import org.springframework.data.redis.core.RedisOperations;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.core.SessionCallback;
-import org.springframework.data.redis.serializer.JacksonJsonRedisSerializer;
+import org.springframework.data.redis.serializer.RedisSerializer;
import org.springframework.stereotype.Service;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
@@ -58,7 +58,7 @@ public class RedisTransactionStorage implements ITransactionStorage {
protected AuthConfiguration authConfig;
@Autowired
- private JacksonJsonRedisSerializer assertionStoreSerializer;
+ private RedisSerializer<AssertionStore> assertionStoreSerializer;
public RedisTemplate<String, Object> getTemplate(){
return this.redisTemplate;
@@ -69,10 +69,11 @@ public class RedisTransactionStorage implements ITransactionStorage {
}
public boolean containsKey(String key) {
+
try {
searchInDatabase(key);
return true;
-
+
} catch (MOADatabaseException e) {
return false;
}
@@ -371,7 +372,7 @@ public void putRaw(String key, Object element) throws EAAFException {
+ " found. Process gets stopped.");
}
- redisTemplate.opsForValue().set(as.getArtifact(), new String(assertionStoreSerializer.serialize(element)),expTime,TimeUnit.MILLISECONDS);
+ redisTemplate.opsForValue().set(as.getArtifact(), new String(assertionStoreSerializer.serialize(as)),expTime,TimeUnit.MILLISECONDS);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java
new file mode 100644
index 000000000..21cbd574f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java
@@ -0,0 +1,37 @@
+package at.gv.egovernment.moa.id.util;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public class CookieUtils {
+ public static String getValueFromCookie(HttpServletRequest httpReq, String cookieName) {
+ Cookie[] cookies = httpReq.getCookies();
+
+ if (cookies != null) {
+ for (Cookie cookie : cookies) {
+ if (cookie.getName().equals(cookieName)) {
+ return cookie.getValue();
+ }
+ }
+ }
+ return null;
+ }
+
+ public static void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp,
+ String cookieName, String cookieValue, int maxAge) {
+
+ Cookie cookie = new Cookie(cookieName, cookieValue);
+ cookie.setMaxAge(maxAge);
+ cookie.setSecure(true);
+ cookie.setHttpOnly(true);
+ cookie.setPath(httpReq.getContextPath());
+
+ httpResp.addCookie(cookie);
+ }
+
+ public static void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) {
+ setCookie(httpReq, httpResp, cookieName, "", 0);
+
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index 611dff3b1..6bf44a527 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -61,6 +61,7 @@ import javax.net.ssl.SSLSocketFactory;
import org.apache.regexp.RE;
import org.apache.regexp.RESyntaxException;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider;
import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -93,6 +94,10 @@ public class SSLUtils {
ConfigurationProvider conf, String url )
throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
+ boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE,
+ false);
+
// else create new SSLSocketFactory
String trustStoreURL = conf.getTrustedCACertificates();
@@ -107,6 +112,7 @@ public class SSLUtils {
try {
SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
url,
+ useStandardJavaTrustStore,
null,
trustStoreURL,
acceptedServerCertURL,
@@ -148,6 +154,10 @@ public class SSLUtils {
ConnectionParameterInterface connParam)
throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
+ boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE,
+ false);
+
// else create new SSLSocketFactory
String trustStoreURL = conf.getTrustedCACertificates();
@@ -162,6 +172,7 @@ public class SSLUtils {
try {
SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
connParam.getUrl(),
+ useStandardJavaTrustStore,
null,
trustStoreURL,
acceptedServerCertURL,
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
index 14d4d9fb6..a10b9b3e0 100644
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -20,3 +20,6 @@ at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttri
at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder
at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeOIDAttributeBuilder
at.gv.egovernment.moa.id.protocols.builder.attributes.HolderOfKey
+at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder
diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
index 26fd1f986..02c683305 100644
--- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
+++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
@@ -106,6 +106,10 @@
class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask"
scope="prototype"/>
+ <bean id="GenericFrontChannelRedirectTask"
+ class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GenericFrontChannelRedirectTask"
+ scope="prototype"/>
+
<beans profile="advancedLogOn">
<bean id="StatisticLogger"
class="at.gv.egovernment.moa.id.advancedlogging.StatisticLogger"/>
diff --git a/id/server/idserverlib/src/main/resources/session.redis.beans.xml b/id/server/idserverlib/src/main/resources/session.redis.beans.xml
index feda9b273..a352cf9ab 100644
--- a/id/server/idserverlib/src/main/resources/session.redis.beans.xml
+++ b/id/server/idserverlib/src/main/resources/session.redis.beans.xml
@@ -24,7 +24,8 @@
p:port="${redis.port}"/>
<bean id="RedisStringSerializer" class="org.springframework.data.redis.serializer.StringRedisSerializer" />
- <bean id="assertionStoreSerializer" class="org.springframework.data.redis.serializer.JacksonJsonRedisSerializer">
+
+ <bean id="assertionStoreSerializer" class="org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer">
<constructor-arg type="java.lang.Class" value="at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore"/>
</bean>
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
index 1ea057186..c3420d833 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
@@ -10,6 +10,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
@@ -72,14 +73,14 @@ public class AuthenticationDataBuilderTest {
throw new Exception("bPKType wrong");
- List<String> foreignbPKs = authData.getEncbPKList();
+ List<Pair<String, String>> foreignbPKs = authData.getEncbPKList();
if (foreignbPKs.isEmpty())
throw new Exception("NO foreign bPK list is null");
if (foreignbPKs.size() != 1)
throw new Exception("NO or MORE THAN ONE foreign bPK");
- if (!foreignbPKs.get(0).startsWith("(wbpk+FN+195738a|") && !(foreignbPKs.get(0).endsWith(")")))
+ if (!foreignbPKs.get(0).getSecond().equals("wbpk+FN+195738a") && !(foreignbPKs.get(0).getFirst().isEmpty()))
throw new Exception("foreign bPK has wrong prefix");
}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java
index 61e765f55..bcbabae5b 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java
@@ -346,5 +346,11 @@ public class DummyOAConfig implements IOAAuthParameters {
public void setHasBaseIdTransferRestriction(boolean hasBaseIdTransferRestriction) {
this.hasBaseIdTransferRestriction = hasBaseIdTransferRestriction;
}
+
+ @Override
+ public List<String> additionalbPKSectorsRequested() {
+ // TODO Auto-generated method stub
+ return null;
+ }
}
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index 55a7e7be9..7ec1ddf73 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -270,13 +270,13 @@
</dependency>
- <dependency>
+ <dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-annotations</artifactId>
+ <artifactId>jackson-annotations</artifactId>
</dependency>
<dependency>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
index a787cea00..4dd0a857f 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
@@ -11,6 +11,7 @@ import iaik.pki.revocation.RevocationSourceTypes;
public interface AuthConfiguration extends ConfigurationProvider{
+ public static final String PROP_KEY_SSL_USE_JVM_TRUSTSTORE = "configuration.ssl.useStandardJavaTrustStore";
public static final String PROP_KEY_SSL_HOSTNAME_VALIDATION = "configuration.ssl.validation.hostname";
public static final String PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION = "service.onlinemandates.ssl.validation.hostname";
public static final String PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER = "protocols.pvp2.metadata.entitycategories.active";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
index 5df4a4163..00b39daec 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
@@ -22,7 +22,6 @@
*/
package at.gv.egovernment.moa.id.commons.api;
-import java.io.Serializable;
import java.security.PrivateKey;
import java.util.Collection;
import java.util.List;
@@ -235,4 +234,15 @@ public interface IOAAuthParameters extends ISPConfiguration{
*/
public List<String> foreignbPKSectorsRequested();
+
+ /**
+ * Get a List of sectors for that this service provider requires additional unencrypted bPKs
+ *
+ * @return list of sectors, or null if no sectors are defined
+ */
+ public List<String> additionalbPKSectorsRequested();
+
+
+
+
} \ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
index 4555f61d2..4adff7f19 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
@@ -176,12 +176,25 @@ public class ConfigurationMigrationUtils {
}
}
+ //Austrian eID demo-mode
+ if (oa.getIseIDDemoModeActive() != null)
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, oa.getIseIDDemoModeActive().toString());
+ else
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, Boolean.FALSE.toString());
+
if (MiscUtil.isNotEmpty(oa.getForeignbPKTargetList()))
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, oa.getForeignbPKTargetList());
else
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, StringUtils.EMPTY);
-
+ if (MiscUtil.isNotEmpty(oa.getAdditionalbPKTargetList()))
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS, oa.getAdditionalbPKTargetList());
+ else
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS, StringUtils.EMPTY);
+
+
+
+
//convert selected SZR-GW service
if (MiscUtil.isNotEmpty(oa.getSelectedSZRGWServiceURL()))
result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL, oa.getSelectedSZRGWServiceURL());
@@ -857,9 +870,19 @@ public class ConfigurationMigrationUtils {
}
}
+ //Austrian eID demo-mode
+ if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE)))
+ dbOA.setIseIDDemoModeActive(Boolean.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE)));
+ else
+ dbOA.setIseIDDemoModeActive(false);
+
if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN)))
dbOA.setForeignbPKTargetList(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN));
+ if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS)))
+ dbOA.setAdditionalbPKTargetList(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS));
+
+
//store BKU-URLs
BKUURLS bkuruls = new BKUURLS();
authoa.setBKUURLS(bkuruls);
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
index a6315fe2c..1be97c49d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
@@ -64,6 +64,8 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants {
public static final String SERVICE_AUTH_TARGET_BUSINESS_TYPE = SERVICE_AUTH_TARGET_BUSINESS + ".type";
public static final String SERVICE_AUTH_TARGET_BUSINESS_VALUE = SERVICE_AUTH_TARGET_BUSINESS + ".value";
public static final String SERVICE_AUTH_TARGET_FOREIGN = SERVICE_AUTH_TARGET + ".foreign";
+ public static final String SERVICE_AUTH_TARGET_ADDITIONAL_BPKS = SERVICE_AUTH_TARGET + ".additionalbPKs";
+ public static final String SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE = AUTH + ".austrianeIDdemomode";
public static final String SERVICE_AUTH_TARGET_PUBLIC_TARGET = SERVICE_AUTH_TARGET_PUBLIC + ".target";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
index e37873a72..510fd0581 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
@@ -115,10 +115,15 @@ public class OnlineApplication
@XmlTransient
protected String mandateServiceSelectionTemplateURL = null;
- @XmlTransient
+ @XmlTransient
protected String foreignbPKTargetList = null;
+ @XmlTransient
+ protected String additionalbPKTargetList = null;
+ @XmlTransient
+ protected Boolean iseIDDemoModeActive = false;
+
public String getForeignbPKTargetList() {
return foreignbPKTargetList;
@@ -128,6 +133,25 @@ public class OnlineApplication
this.foreignbPKTargetList = foreignbPKTargetList;
}
+
+
+
+ public String getAdditionalbPKTargetList() {
+ return additionalbPKTargetList;
+ }
+
+ public void setAdditionalbPKTargetList(String additionalbPKTargetList) {
+ this.additionalbPKTargetList = additionalbPKTargetList;
+ }
+
+ public Boolean getIseIDDemoModeActive() {
+ return iseIDDemoModeActive;
+ }
+
+ public void setIseIDDemoModeActive(Boolean iseIDDemoModeActive) {
+ this.iseIDDemoModeActive = iseIDDemoModeActive;
+ }
+
/**
* @return the saml2PostBindingTemplateURL
*/
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
index 4c6cd16c0..7114552b4 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
@@ -37,7 +37,6 @@ import javax.persistence.Table;
import org.hibernate.annotations.DynamicUpdate;
-import com.fasterxml.jackson.annotation.JsonCreator;
@@ -57,7 +56,6 @@ public class AssertionStore implements Serializable{
- @JsonCreator
public AssertionStore(){
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java
index 7121c4a2a..31c66376c 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java
@@ -72,8 +72,9 @@ public class HttpClientWithProxySupport {
String user = System.getProperty("http.proxyUser"); //$NON-NLS-1$
String pass = System.getProperty("http.proxyPassword"); //$NON-NLS-1$
if (MiscUtil.isNotEmpty(user) && pass != null) {
- CredentialsProvider credsProvider = new BasicCredentialsProvider();
- credsProvider.setCredentials(new AuthScope(host, p), new UsernamePasswordCredentials(user, pass));
+ CredentialsProvider proxyCredsProvider = new BasicCredentialsProvider();
+ proxyCredsProvider.setCredentials(new AuthScope(host, p), new UsernamePasswordCredentials(user, pass));
+ clientBuilder.setDefaultCredentialsProvider(proxyCredsProvider);
}
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
index bdadf681d..6c8c092ed 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
@@ -34,7 +34,6 @@ import java.util.Arrays;
import java.util.List;
import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
@@ -51,7 +50,6 @@ import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moaspss.logging.Logger;
import iaik.pki.PKIException;
-import sun.security.ssl.ProtocolVersion;
/**
* @author tlenz
@@ -77,14 +75,15 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
* @throws MOAHttpProtocolSocketFactoryException
*/
public MOAHttpProtocolSocketFactory (
- String url,
+ String url,
+ boolean useStandardJavaTrustStore,
String trustStoreURL,
String acceptedServerCertURL,
String chainingMode,
boolean checkRevocation,
String[] revocationMethodOrder,
boolean verifyHostName) throws MOAHttpProtocolSocketFactoryException {
- internalInitialize(url, null, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder);
+ internalInitialize(url, useStandardJavaTrustStore, null, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder);
this.verifyHostName = verifyHostName;
@@ -103,26 +102,31 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
* @param verifyHostName Enables / Disables hostName verfication
* @throws MOAHttpProtocolSocketFactoryException
*/
- public MOAHttpProtocolSocketFactory(String url, String certStoreDirectory, String trustStoreURL,
+ public MOAHttpProtocolSocketFactory(String url, boolean useStandardJavaTrustStore,
+ String certStoreDirectory,
+ String trustStoreURL,
String acceptedServerCertURL,
String chainingMode,
boolean checkRevocation,
String[] revocationMethodOrder,
boolean verifyHostName) throws MOAHttpProtocolSocketFactoryException {
- internalInitialize(url, certStoreDirectory, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder);
+ internalInitialize(url, useStandardJavaTrustStore, certStoreDirectory, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder);
this.verifyHostName = verifyHostName;
}
- private void internalInitialize(String url, String certStoreDirectory, String trustStoreURL,
+ private void internalInitialize(String url, boolean useStandardJavaTrustStore,
+ String certStoreDirectory,
+ String trustStoreURL,
String acceptedServerCertURL,
String chainingMode,
boolean checkRevocation,
String[] revocationMethodOrder) throws MOAHttpProtocolSocketFactoryException {
try {
this.sslfactory = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
- url,
+ url,
+ useStandardJavaTrustStore,
certStoreDirectory,
trustStoreURL,
acceptedServerCertURL,
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
index e6efca4ea..8aaf94fad 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -108,8 +108,29 @@ public class SSLUtils {
}
}
+ /**
+ * Get SSLSocketFactory with TrustStore and KeyStore implementations
+ *
+ * @param url URL of the Service that should be connected
+ * @param useStandardJavaTrustStore Flag to use standard JVM truststore
+ * @param certStoreRootDirParam Path to certStore, if own truststore is used
+ * @param trustStoreURL Path to truststore, if own truststore is used
+ * @param acceptedServerCertURL Path to whitelist with EE-Server certificats, if own truststore is used
+ * @param chainingMode PKIX-Mode or Onion-Model for certificate validation, if own truststore is used
+ * @param checkRevocation Flag to activate or deactivate revocation checks, if own truststore is used
+ * @param revocationMethodOrder Revocation check order (CLR, OCSP), if own truststore is used
+ * @param clientKeyStoreURL Path to KeyStore for SSL Client-Authentication, or null
+ * @param clientKeyStorePassword KeyStore password
+ * @param clientKeyStoreType KeyStore type
+ * @return
+ * @throws IOException
+ * @throws GeneralSecurityException
+ * @throws SSLConfigurationException
+ * @throws PKIException
+ */
public static SSLSocketFactory getSSLSocketFactory(
- String url,
+ String url,
+ boolean useStandardJavaTrustStore,
String certStoreRootDirParam,
String trustStoreURL,
String acceptedServerCertURL,
@@ -130,14 +151,19 @@ public class SSLUtils {
return ssf;
}
-
- TrustManager[] tms = getTrustManagers(
- certStoreRootDirParam,
- chainingMode,
- trustStoreURL,
- acceptedServerCertURL,
- checkRevocation,
- revocationMethodOrder);
+
+ //initialize own trust-store implementation
+ TrustManager[] tms = null;
+ if (!useStandardJavaTrustStore) {
+ tms = getTrustManagers(
+ certStoreRootDirParam,
+ chainingMode,
+ trustStoreURL,
+ acceptedServerCertURL,
+ checkRevocation,
+ revocationMethodOrder);
+
+ }
KeyManager[] kms = getKeyManagers(
clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
index 47abbf29a..b3655c0c0 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
@@ -398,8 +398,7 @@ public interface Constants {
/* Prefix and Schema definition for eIDAS specific SAML2 extensions*/
public static final String SAML2_eIDAS_EXTENSIONS_PREFIX = "eidas";
public static final String SAML2_eIDAS_EXTENSIONS = "http://eidas.europa.eu/saml-extensions";
- public static final String SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION = SCHEMA_ROOT + "eIDAS_saml_extensions.xsd";
-
+ public static final String SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION = SCHEMA_ROOT + "eIDAS_saml_extensions.xsd";
/* Prefix and Schema for SAML2 Entity Attributes */
public static final String SAML2_MDATTR_EXTENSIONS_PREFIX = "mdattr";
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java
index 5cee90658..cd3f1f788 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java
@@ -322,7 +322,9 @@ public class EidasCentralAuthMetadataProvider extends SimpleMetadataProvider
try {
//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
- PVPConstants.SSLSOCKETFACTORYNAME,
+ PVPConstants.SSLSOCKETFACTORYNAME,
+ moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
moaAuthConfig.getTrustedCACertificates(),
null,
AuthConfiguration.DEFAULT_X509_CHAININGMODE,
diff --git a/id/server/modules/moa-id-module-eIDAS/.gitignore b/id/server/modules/moa-id-module-eIDAS/.gitignore
new file mode 100644
index 000000000..b83d22266
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/.gitignore
@@ -0,0 +1 @@
+/target/
diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml
index cf3325d24..5f4192645 100644
--- a/id/server/modules/moa-id-module-eIDAS/pom.xml
+++ b/id/server/modules/moa-id-module-eIDAS/pom.xml
@@ -12,11 +12,13 @@
<properties>
<repositoryPath>${basedir}/../../../../repository</repositoryPath>
- <eidas-commons.version>1.4.0</eidas-commons.version>
- <eidas-light-commons.version>1.4.0</eidas-light-commons.version>
- <eidas-saml-engine.version>1.4.0</eidas-saml-engine.version>
- <eidas-encryption.version>1.4.0</eidas-encryption.version>
- <eidas-configmodule.version>1.4.0</eidas-configmodule.version>
+ <eidas-commons.version>1.4.3</eidas-commons.version>
+ <eidas-light-commons.version>1.4.3</eidas-light-commons.version>
+ <eidas-saml-engine.version>1.4.3</eidas-saml-engine.version>
+ <eidas-encryption.version>1.4.3</eidas-encryption.version>
+ <eidas-configmodule.version>1.4.3</eidas-configmodule.version>
+
+ <eID4U.module.version>0.2</eID4U.module.version>
</properties>
@@ -48,18 +50,48 @@
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-lib</artifactId>
</dependency>
+
+ <dependency>
+ <groupId>MOA.id.server.modules</groupId>
+ <artifactId>moa-id-modul-citizencard_authentication</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>*</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>MOA.id.server.modules</groupId>
+ <artifactId>moa-id-module-openID</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>*</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
<dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-test</artifactId>
- <scope>test</scope>
- </dependency>
-
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>test</scope>
- </dependency>
+ <groupId>eu.eidas.extension.eID4U</groupId>
+ <artifactId>eID4U_commons</artifactId>
+ <version>${eID4U.module.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.google.code.findbugs</groupId>
+ <artifactId>jsr305</artifactId>
+ <version>3.0.1</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
<!-- eidas Commons -->
<dependency>
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java
new file mode 100644
index 000000000..d3aa7b4a0
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequestStorage;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl;
+import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AustrianAuthWitheID4UAuthenticationModulImpl extends DefaultCitizenCardAuthModuleImpl {
+
+ private int priority = 1;
+
+ @Autowired private IRequestStorage requestStore;
+
+
+ @Override
+ public int getPriority() {
+ return priority;
+ }
+
+ /**
+ * Sets the priority of this module. Default value is {@code 0}.
+ * @param priority The priority.
+ */
+ public void setPriority(int priority) {
+ this.priority = priority;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
+ */
+ @Override
+ public String selectProcess(ExecutionContext context) {
+ String selectedProcessID = super.selectProcess(context);
+ if (MiscUtil.isNotEmpty(selectedProcessID)) {
+ String pendingReqId = (String)context.get(EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID);
+
+ if (StringUtils.isEmpty(pendingReqId))
+ Logger.warn("Process execution context contains NO 'pendingReqId'. Looks very suspect!");
+
+ else {
+ IRequest pendingReq = requestStore.getPendingRequest(pendingReqId);
+ if (pendingReq != null && pendingReq instanceof EIDASData) {
+ return "eID4UAttributCollectionAuthentication";
+
+ }
+ }
+ }
+
+ return selectedProcessID;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
+ */
+ @Override
+ public String[] getProcessDefinitions() {
+ return new String[] { "classpath:eid4u.Authentication.process.xml" };
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java
new file mode 100644
index 000000000..c8c65ce76
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java
@@ -0,0 +1,61 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.util.CookieUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+@Controller
+public class eID4UAPSignalServlet extends AbstractProcessEngineSignalController {
+
+ public eID4UAPSignalServlet() {
+ Logger.debug("Registering servlet " + getClass().getName() +
+ " with mappings '"+ eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN + "'.");
+
+ }
+
+ @RequestMapping(value = {eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN },
+ method = {RequestMethod.POST, RequestMethod.GET})
+ public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ signalProcessManagement(req, resp);
+ }
+
+ @Override
+ /**
+ * Protocol specific implementation to get the pending-requestID
+ * from http request object
+ *
+ * @param request The http Servlet-Request object
+ * @return The Pending-request id
+ *
+ */
+ public String getPendingRequestId(HttpServletRequest request) {
+ String pendigReqId = super.getPendingRequestId(request);
+
+ if (MiscUtil.isEmpty(pendigReqId)) {
+ Logger.trace("No 'pendingReqID', seach for 'state' parameter in eID4U use-case ... ");
+ pendigReqId = request.getParameter(OAuth20Constants.PARAM_STATE);
+ if (MiscUtil.isEmpty(pendigReqId)) {
+ Logger.trace("No 'pendingReqID', seach HTTP-Cookie in eID4U use-case ... ");
+ pendigReqId = CookieUtils.getValueFromCookie(request, eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME);
+ if (MiscUtil.isEmpty(pendigReqId))
+ Logger.info("NO eID4U cookie or 'state' parameter with pendingReqId.");
+
+ }
+ }
+
+ return pendigReqId;
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java
new file mode 100644
index 000000000..45eb161d3
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java
@@ -0,0 +1,25 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+public class eID4UConstants {
+
+ //configuration parameter
+ public static final String CONFIG_PROPS_AP_CONSENT_ENTITYID = "moa.id.protocols.eIDAS.eID4U.AP.consent.entityID";
+ public static final String CONFIG_PROPS_AP_CONSENT_URL = "moa.id.protocols.eIDAS.eID4U.AP.consent.url";
+ public static final String CONFIG_PROPS_AP_SCOPES = "moa.id.protocols.eIDAS.eID4U.AP.scopes.full";
+ public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_URL = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.url";
+ public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_PARAM_GRANTTYPE = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.param.granttype";
+ public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_USERNAME = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.username";
+ public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_PASSWORD = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.password";
+ public static final String CONFIG_PROPS_AP_DATASERVICE_URL = "moa.id.protocols.eIDAS.eID4U.AP.dataservice.url";
+
+ //session parameter
+ public static final String HTTP_TRANSACTION_COOKIE_NAME = "eID4APTransactionId";
+ public static final String HTTP_ENDPOINT_AP_CONSENT_RETURN = "/eidas/eid4u/resume";
+
+ //process context
+ public static final String PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS = "collecteID4UAttr";
+ public static final String PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER = "eID4UAttrProvbPK";
+
+
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java
new file mode 100644
index 000000000..69cc131ff
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java
@@ -0,0 +1,239 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import org.apache.commons.lang3.StringUtils;
+
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moaspss.logging.Logger;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
+
+public class AttributeScopeMapper {
+
+ private static AttributeScopeMapper instance = null;
+
+ public static final String Scope_Delimiter = " ";
+
+ public static final String Citizenship = "ANY@tugraz.idm.attr.Citizenship";
+ public static final String CityOfBirth = "ANY@tugraz.idm.attr.CityOfBirth";
+ public static final String CountryOfBirth = "ANY@tugraz.idm.attr.CountryOfBirth";
+ public static final String CurrentDegreeName = "ANY@tugraz.idm.attr.CurrentDegreeName";
+ public static final String CurrentFieldOfStudy = "ANY@tugraz.idm.attr.CurrentFieldOfStudy";
+ public static final String CurrentLevelOfStudy = "ANY@tugraz.idm.attr.CurrentLevelOfStudy";
+ public static final String EmailStud = "ANY@tugraz.idm.attr.EmailStud";
+ public static final String Gender = "ANY@tugraz.idm.attr.Gender";
+ public static final String HomeInstitutionName = "ANY@tugraz.idm.attr.HomeInstitutionName";
+ public static final String HomeInstitutionCountry = "ANY@tugraz.idm.attr.HomeInstitutionCountry";
+
+ public static final String HomeInstitutionAddressCountryCode = "ANY@tugraz.idm.attr.HomeInstitutionAddressCountryCode";
+ public static final String HomeInstitutionAddressPostalCode = "ANY@tugraz.idm.attr.HomeInstitutionAddressPostalCode";
+ public static final String HomeInstitutionAddressStreet = "ANY@tugraz.idm.attr.HomeInstitutionAddressStreet";
+ public static final String HomeInstitutionAddressCity = "ANY@tugraz.idm.attr.HomeInstitutionAddressCity";
+
+ public static final String PermanentAddressCity = "ANY@tugraz.idm.attr.PermanentAddressCity";
+ public static final String PermanentAddressCountryCode = "ANY@tugraz.idm.attr.PermanentAddressCountryCode";
+ public static final String PermanentAddressPostalCode = "ANY@tugraz.idm.attr.PermanentAddressPostalCode";
+ public static final String PermanentAddressStreet = "ANY@tugraz.idm.attr.PermanentAddressStreet";
+
+ public static final String StudyAddressCity = "ANY@tugraz.idm.attr.StudyAddressCity";
+ public static final String StudyAddressCountryCode = "ANY@tugraz.idm.attr.StudyAddressCountryCode";
+ public static final String StudyAddressPostalCode = "ANY@tugraz.idm.attr.StudyAddressPostalCode";
+ public static final String StudyAddressStreet = "ANY@tugraz.idm.attr.StudyAddressStreet";
+
+ private static List<String> complexeScopes = new ArrayList<String>();
+
+ private static final Map<String, String> eIDASToScopes = Collections.unmodifiableMap(new HashMap<String,String>() {
+ private static final long serialVersionUID = 1L;
+ {
+ put(Definitions.CITIZENSHIP_NAME, Citizenship);
+ put(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PLACE_OF_BIRTH.getNameUri().toString(),
+ CityOfBirth);
+ put(Definitions.COUNTRYOFBIRTH_NAME, CountryOfBirth);
+ put(Definitions.CURRENTDEGREE_NAME, CurrentDegreeName);
+ put(Definitions.FIELDOFSTUDY_NAME, CurrentFieldOfStudy);
+ put(Definitions.CURRENTLEVELOFSTUDY_NAME, CurrentLevelOfStudy);
+ put(Definitions.EMAIL_NAME, EmailStud);
+ put(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.GENDER.getNameUri().toString(),
+ Gender);
+ put(Definitions.HOMEINSTITUTIONNAME_NAME, HomeInstitutionName);
+ put(Definitions.HOMEINSTITUTIONCOUNTRY_NAME, HomeInstitutionCountry);
+
+ put(Definitions.HOMEINSTITUTIONADDRESS_NAME,
+ HomeInstitutionAddressCountryCode + Scope_Delimiter
+ + HomeInstitutionAddressPostalCode + Scope_Delimiter
+ + HomeInstitutionAddressStreet + Scope_Delimiter
+ + HomeInstitutionAddressCity);
+ put(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(),
+ PermanentAddressCity + Scope_Delimiter
+ + PermanentAddressCountryCode + Scope_Delimiter
+ + PermanentAddressPostalCode + Scope_Delimiter
+ + PermanentAddressStreet);
+ put(Definitions.TEMPORARYADDRESS_NAME,
+ StudyAddressCity + Scope_Delimiter
+ + StudyAddressCountryCode + Scope_Delimiter
+ + StudyAddressPostalCode + Scope_Delimiter
+ + StudyAddressStreet);
+
+ }
+ });
+
+ private static Map<String, String> scopesToeIDAS = Collections.unmodifiableMap(new HashMap<String,String>() {
+ private static final long serialVersionUID = 1L;
+ {
+ Iterator<Entry<String, String>> it = eIDASToScopes.entrySet().iterator();
+ while (it.hasNext()) {
+ Entry<String, String> el = it.next();
+ String[] value = el.getValue().split(Scope_Delimiter);
+ if (value.length == 1)
+ put(el.getValue(), el.getKey());
+
+ else {
+ for (String i : value) {
+ put(i, el.getKey());
+ complexeScopes.add(i);
+
+ }
+ }
+ }
+ }
+ });
+
+
+
+
+ public static AttributeScopeMapper getInstance() {
+ if (instance == null) {
+ instance = new AttributeScopeMapper();
+
+ }
+
+ return instance;
+ }
+
+ /**
+ * Map a eID4U attribute-name into a TUG Scope
+ *
+ * @param eID4UAttributeName eID4U attribute-name
+ * @return TUG Scope
+ */
+ public String getTUGScopesForAttribute(String eID4UAttributeName) {
+ if (eIDASToScopes.containsKey(eID4UAttributeName))
+ return eIDASToScopes.get(eID4UAttributeName);
+
+ else {
+ Logger.info("eID4U attribute '" + eID4UAttributeName + "' CAN NOT provides from TUG");
+ return StringUtils.EMPTY;
+
+ }
+
+ }
+
+ /**
+ * Map a TUG Scope into an eID4u attribute-name
+ *
+ * @param scope TUG scope
+ * @return eID4u attribute name
+ */
+ public String geteIDASAttrFromScope(String scope) {
+ return scopesToeIDAS.get(scope);
+
+ }
+
+ /**
+ * Check if an TUG scope is part of a complex eID4u attribute
+ *
+ * @param scope TUG scope
+ * @return true if scope is part of a complex attribute, otherwise false
+ */
+ public boolean isComplexeScope(String scope) {
+ return complexeScopes.contains(scope);
+
+ }
+
+ /**
+ * Convert the TUG Attribute-provider response into a Map<attributeName, attributeValue> of eID4U attributes
+ *
+ *
+ * @param jsonObject TUG AP response
+ * @return Map of eID4U attributes, but never null
+ */
+ public Map<String, Object> populateEid4uAttributesFromTugResponse(JsonObject jsonObject) {
+ Map<String, Object> result = new HashMap<String, Object>();
+ Map<String, String> complexAttr = new HashMap<String, String>();
+
+ Iterator<Entry<String, JsonElement>> it = jsonObject.entrySet().iterator();
+ while (it.hasNext()) {
+ Entry<String, JsonElement> el = it.next();
+ String key = el.getKey();
+
+ Logger.trace("Starting TUG scrope mapping for: " + key + " ... ");
+ String eIDASAttr = AttributeScopeMapper.getInstance().geteIDASAttrFromScope(key);
+ if (StringUtils.isNotEmpty(eIDASAttr)) {
+ if (!AttributeScopeMapper.getInstance().isComplexeScope(key)) {
+ Logger.debug("Map simple TUG scope: " + key + " to eIDAS attribute: " + eIDASAttr);
+ result.put(eIDASAttr, el.getValue().getAsString());
+
+ } else {
+ Logger.trace("Find complex TUG scope: " + key);
+ complexAttr.put(eIDASAttr, null);
+
+ }
+
+ } else
+ Logger.info("Can NOT map TUG scope: " + key + " to any eID4U attribute");
+
+ }
+
+ //TODO: can only Map address attributes
+ Iterator<String> complIt = complexAttr.keySet().iterator();
+ while(complIt.hasNext()) {
+ String attr = complIt.next();
+
+ eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress.Builder address = PostalAddress.builder();
+ if (Definitions.HOMEINSTITUTIONADDRESS_NAME.equals(attr)) {
+ address.postCode(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressPostalCode).getAsString());
+ address.postName(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressCity).getAsString());
+ address.cvAddressArea(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressStreet).getAsString());
+ address.thoroughfare(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressStreet).getAsString());
+ result.put(attr, address.build());
+
+ } else if (Definitions.TEMPORARYADDRESS_NAME.equals(attr)) {
+ address.postCode(jsonObject.get(AttributeScopeMapper.StudyAddressPostalCode).getAsString());
+ address.postName(jsonObject.get(AttributeScopeMapper.StudyAddressCity).getAsString());
+ address.cvAddressArea(jsonObject.get(AttributeScopeMapper.StudyAddressStreet).getAsString());
+ address.thoroughfare(jsonObject.get(AttributeScopeMapper.StudyAddressStreet).getAsString());
+ result.put(attr, address.build());
+
+ } else if (eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString().equals(attr)) {
+ address.postCode(jsonObject.get(AttributeScopeMapper.PermanentAddressPostalCode).getAsString());
+ address.postName(jsonObject.get(AttributeScopeMapper.PermanentAddressCity).getAsString());
+ address.cvAddressArea(jsonObject.get(AttributeScopeMapper.PermanentAddressStreet).getAsString());
+ address.thoroughfare(jsonObject.get(AttributeScopeMapper.PermanentAddressStreet).getAsString());
+ result.put(attr, address.build());
+
+ } else {
+ Logger.warn("Complexe eID4U attribute: " + attr + " is NOT SUPPORTED yet!");
+
+ }
+
+ }
+
+ return result;
+
+ }
+
+
+ private AttributeScopeMapper() {
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java
index f347022b8..d5b1a9e4e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java
@@ -1,5 +1,7 @@
package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
+import java.util.Collection;
+
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.Response;
import org.w3c.dom.Document;
@@ -26,9 +28,9 @@ public class MOAProtocolEngine extends ProtocolEngine {
*
*/
@Override
- public Correlated unmarshallResponse(byte[] responseBytes) throws EIDASSAMLEngineException {
+ public Correlated unmarshallResponse(byte[] responseBytes, Collection<String> metadataWhitelist, boolean checkWhitelist) throws EIDASSAMLEngineException {
try {
- return super.unmarshallResponse(responseBytes);
+ return super.unmarshallResponse(responseBytes, metadataWhitelist, checkWhitelist);
} catch (EIDASSAMLEngineException e) {
if (responseBytes != null ) {
@@ -45,7 +47,7 @@ public class MOAProtocolEngine extends ProtocolEngine {
if (startInternalMetadataRefesh(entityID)) {
Logger.debug("Metadata refresh success. Revalidate eIDAS Response ...");
- return super.unmarshallResponse(responseBytes);
+ return super.unmarshallResponse(responseBytes, metadataWhitelist, checkWhitelist);
}
Logger.info("eIDAS metadata refresh not possible or not successful.");
@@ -61,9 +63,9 @@ public class MOAProtocolEngine extends ProtocolEngine {
*
*/
@Override
- public AuthnRequest unmarshallRequest(byte[] requestBytes) throws EIDASSAMLEngineException {
+ public AuthnRequest unmarshallRequest(byte[] requestBytes, Collection<String> whitelistMetadata, boolean checkWhitelist) throws EIDASSAMLEngineException {
try {
- return super.unmarshallRequest(requestBytes);
+ return super.unmarshallRequest(requestBytes, whitelistMetadata, checkWhitelist);
} catch (EIDASSAMLEngineException e) {
@@ -81,7 +83,7 @@ public class MOAProtocolEngine extends ProtocolEngine {
if (startInternalMetadataRefesh(entityID)) {
Logger.debug("Metadata refresh success. Revalidate eIDAS Authn. Request ...");
- return super.unmarshallRequest(requestBytes);
+ return super.unmarshallRequest(requestBytes, whitelistMetadata, checkWhitelist);
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index aca818532..feeff6f84 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -440,7 +440,9 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider imp
AuthConfiguration moaAuthConfig = (AuthConfiguration) basicConfig;
//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
- PVPConstants.SSLSOCKETFACTORYNAME,
+ PVPConstants.SSLSOCKETFACTORYNAME,
+ basicConfig.getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
moaAuthConfig.getTrustedCACertificates(),
null,
AuthConfiguration.DEFAULT_X509_CHAININGMODE,
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java
new file mode 100644
index 000000000..b7a9fcba9
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java
@@ -0,0 +1,32 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class eID4UAPException extends EIDASException {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ public eID4UAPException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ public eID4UAPException(String messageId, Object[] parameters, Throwable e) {
+ super(messageId, parameters, e);
+ }
+
+ @Override
+ public String getStatusCodeFirstLevel() {
+ return StatusCode.RESPONDER_URI;
+
+ }
+
+ @Override
+ public String getStatusCodeSecondLevel() {
+ return StatusCode.AUTHN_FAILED_URI;
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java
new file mode 100644
index 000000000..a58bc4f8d
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java
@@ -0,0 +1,181 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import com.google.common.collect.UnmodifiableIterator;
+
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
+import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthAction;
+import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
+import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20Protocol;
+import at.gv.egovernment.moa.id.util.CookieUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.Builder;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.ImmutableAttributeEntry;
+
+@Component("CollectAddtionalAttributesTask")
+public class CollectAddtionalAttributesTask extends AbstractAuthServletTask {
+
+ @Autowired private OAuth20AuthAction openIDAuthAction;
+ @Autowired private ITransactionStorage transactionStorage;
+ @Autowired private AuthenticationDataBuilder authDataBuilder;
+
+ @Override
+ public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp)
+ throws TaskExecutionException {
+ try{
+ context.put(eID4UConstants.PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS, false);
+
+ if (pendingReq instanceof EIDASData) {
+ EIDASData eidasReq = (EIDASData) pendingReq;
+ Logger.debug("Find eIDAS Auth. Req. Check if eID4U attributes are requested ...");
+
+ //select all eID4U attributes from requested attributes
+ Builder reqEid4uAttrListBuilder = ImmutableAttributeMap.builder();
+ ImmutableAttributeMap reqAttrList = eidasReq.getEidasRequestedAttributes();
+ for (String el : Definitions.EID4UATTRIBUTEELIST) {
+ if(reqAttrList.getAttributeValuesByNameUri(el) != null) {
+ Logger.debug("Find eID4U attr: " + el);
+ reqEid4uAttrListBuilder.put(reqAttrList.getDefinitionByNameUri(el));
+
+ }
+ }
+
+ //collect eID4U attributes, if some attributes are selected before
+ ImmutableAttributeMap reqEid4uAttrList = reqEid4uAttrListBuilder.build();
+ if (reqEid4uAttrList != null && reqEid4uAttrList.size() > 0) {
+ Logger.info("Starting eID4U attribute collection process ... ");
+
+ //mark execution context with eID4U AP flag
+ context.put(eID4UConstants.PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS, true);
+
+ //load connection parameters to TUG
+ String uniqueID = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_CONSENT_ENTITYID);
+ String redirectURI = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_CONSENT_URL);
+ String scopes = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_SCOPES);
+
+ if (MiscUtil.isEmpty(scopes)) {
+ //generate scope from attributes
+ scopes = mapReqAttributesIntoScopes(reqEid4uAttrList);
+
+ }
+
+ Logger.debug("Load eID4U AP-Config:"
+ + " EntityID: " + uniqueID
+ + " RedirectURL:" + redirectURI
+ + " Scopes: " + scopes);
+
+
+ /*
+ *build openID and set connect token
+ */
+
+ //generate fake OpenID_Connect request
+ OAuth20AuthRequest fakeOpenIDReq = new OAuth20AuthRequest();
+ fakeOpenIDReq.initialize(httpReq, authConfig);
+ fakeOpenIDReq.setSPEntityId(uniqueID);
+ fakeOpenIDReq.setModule(OAuth20Protocol.NAME);
+ fakeOpenIDReq.setOnlineApplicationConfiguration(authConfig.getServiceProviderConfiguration(uniqueID));
+ fakeOpenIDReq.setScope("openId profile");
+
+ //populate with SessionData
+ fakeOpenIDReq.setRawDataToTransaction(
+ pendingReq.getSessionData(AuthenticationSessionWrapper.class)
+ .getKeyValueRepresentationFromAuthSession());
+
+ //generate authData
+ IAuthData authData = authDataBuilder.buildAuthenticationData(fakeOpenIDReq);
+
+ //generate OpenIDConenct token
+ String accessToken = Random.nextHexRandom32();
+ OAuth20SessionObject o = new OAuth20SessionObject();
+ o.setScope(fakeOpenIDReq.getScope());
+ o.setCode(accessToken);
+ Map<String, Object> idToken = openIDAuthAction.generateIDToken(o, fakeOpenIDReq, authData, accessToken);
+ o.setAuthDataSession(idToken);
+ transactionStorage.put(accessToken, o, -1);
+
+ //forward to TUG
+ httpResp.setStatus(HttpServletResponse.SC_FOUND);
+ redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_OPENID_CODE, accessToken);
+ redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_SCOPE, scopes);
+ redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_STATE,
+ pendingReq.getPendingRequestId());
+ redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_REDIRECT_URI,
+ pendingReq.getAuthURL() + eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN);
+
+ final String finalUrl = redirectURI;
+ httpResp.addHeader("Location", finalUrl);
+ Logger.debug("REDIRECT TO: " + finalUrl.toString());
+
+ //set session cookie, because eID4U AP from TUG maybe not support pendingReqIds on request level
+ CookieUtils.setCookie(httpReq, httpResp,
+ eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME,
+ pendingReq.getPendingRequestId(), -1);
+
+ //set user's bPK into pendingRequst because TUG AttributeProvider needs it
+ pendingReq.setRawDataToTransaction(
+ eID4UConstants.PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER,
+ new BPKAttributeBuilder().build(
+ fakeOpenIDReq.getServiceProviderConfiguration(),
+ authData,
+ new SimpleStringAttributeGenerator()));
+ requestStoreage.storePendingRequest(pendingReq);
+
+ } else
+ Logger.debug("No eID4U attributes found. Skip eID4U attribute collection");
+
+ } else
+ Logger.debug("No eIDAS Request found. Skip eID4U attribute collection");
+
+ } catch (Exception e) {
+ Logger.error("eID4U AttributeProvider communication FAILED.", e);
+ throw new TaskExecutionException(pendingReq, "eID4U AttributeProvider communication FAILED", e);
+
+ }
+
+ }
+
+ private String mapReqAttributesIntoScopes(ImmutableAttributeMap reqEid4uAttrList) {
+ String result = StringUtils.EMPTY;
+ UnmodifiableIterator<ImmutableAttributeEntry<?>> it = reqEid4uAttrList.entrySet().iterator();
+ while (it.hasNext()) {
+ ImmutableAttributeEntry<?> el = it.next();
+ String scope = AttributeScopeMapper.getInstance().getTUGScopesForAttribute(
+ el.getKey().getNameUri().toString());
+
+ if (result.isEmpty())
+ result = scope;
+ else
+ result += " " + scope;
+
+ }
+
+ return result;
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 1788facf0..274a23674 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -57,11 +57,14 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
//validate SAML token
+ //TODO: maybe add whitelist
IAuthenticationResponse samlResp = engine.unmarshallResponseAndValidate(decSamlToken,
request.getRemoteHost(),
Constants.CONFIG_PROPS_SKEWTIME_BEFORE,
Constants.CONFIG_PROPS_SKEWTIME_AFTER,
- pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
+ pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA,
+ null,
+ false);
if (samlResp.isEncrypted()) {
Logger.info("Received encrypted eIDAS SAML-Response.");
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java
new file mode 100644
index 000000000..e878f8ab1
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java
@@ -0,0 +1,238 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+
+import java.io.InputStreamReader;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.http.Header;
+import org.apache.http.HttpHeaders;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.protocol.HttpClientContext;
+import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eID4UAPException;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport;
+import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.util.CookieUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+@Component("ReceiveConsentForAddtionalAttributesTask")
+public class ReceiveConsentForAddtionalAttributesTask extends AbstractAuthServletTask {
+
+ private static final int HashMap = 0;
+ @Autowired private AuthConfiguration moaAuthConfig;
+
+ @Override
+ public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp)
+ throws TaskExecutionException {
+ try{
+ if (pendingReq instanceof EIDASData) {
+ EIDASData eidasReq = (EIDASData) pendingReq;
+
+ //delete eID4U http Cookie with pendingRequestId
+ CookieUtils.deleteCookie(httpReq, httpResp, eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME);
+
+ String authCode = httpReq.getParameter(OAuth20Constants.RESPONSE_CODE);
+ if (MiscUtil.isEmpty(authCode)) {
+ Logger.info("Find NO OAuth2 authCode as http parameter 'code'. eID4U AP process stopping ... ");
+ throw new eID4UAPException("NO OAuth2 'authCode' to access AP", null);
+
+ }
+ Logger.trace("Find OAuth2 'code' with: " + authCode);
+
+ /*
+ * access backend service with authCode
+ *
+ */
+ String tokenServiceURL = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_URL);
+ String tokenServiceUsername = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_USERNAME);
+ String tokenServicePassword = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_PASSWORD);
+
+ if (MiscUtil.isEmpty(tokenServiceURL)) {
+ Logger.info("NO TokenService URL in configuration for eID4U AP. ");
+ throw new eID4UAPException("NO TokenService URL in configuration for eID4U AP.", null);
+
+ }
+
+ //open http client
+ SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(
+ moaAuthConfig,
+ tokenServiceURL);
+ CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient(
+ sslFactory,
+ authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true));
+
+ //build request URL
+ URIBuilder uriBuilderToken = new URIBuilder(tokenServiceURL);
+ uriBuilderToken.addParameter(OAuth20Constants.PARAM_GRANT_TYPE,
+ authConfig.getBasicConfiguration(
+ eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_PARAM_GRANTTYPE,
+ OAuth20Constants.PARAM_GRANT_TYPE_VALUE_AUTHORIZATION_CODE));
+ uriBuilderToken.addParameter(OAuth20Constants.RESPONSE_CODE, authCode);
+ Logger.trace("Full eID4U Token-Service request URL: " + uriBuilderToken.build());
+
+ HttpGet httpGetToken = new HttpGet(uriBuilderToken.build());
+
+ HttpClientContext localContext = HttpClientContext.create();
+ if (MiscUtil.isNotEmpty(tokenServiceUsername)) {
+ Logger.debug("Find AuthCredentials for eID4U AP. Injecting credentials ... ");
+
+ //Raw work-around, because API solution does not work well
+ String auth = tokenServiceUsername.trim() + ":" + tokenServicePassword.trim();
+ byte[] encodedAuth = Base64.getEncoder().encode(auth.getBytes(StandardCharsets.ISO_8859_1));
+ String authHeader = "Basic " + new String(encodedAuth);
+ httpGetToken.setHeader(HttpHeaders.AUTHORIZATION, authHeader);
+
+ //API solutuion
+// HttpHost targetHost = new HttpHost(uriBuilderToken.build().toString());
+// AuthCache authCache = new BasicAuthCache();
+// authCache.put(targetHost, new BasicScheme());
+//
+// CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
+// credentialsProvider.setCredentials(AuthScope.ANY,
+// new UsernamePasswordCredentials(tokenServiceUsername.trim(), tokenServicePassword.trim()));
+// localContext.setCredentialsProvider(credentialsProvider);
+// localContext.setAuthCache(authCache);
+
+ }
+
+ //request tokenService
+ HttpResponse httpResultToken = httpClient.execute(httpGetToken, localContext);
+
+ Logger.trace("Receive http StatusCode: " + httpResultToken.getStatusLine().getStatusCode()
+ + " from eID4U AP TokenService");
+
+ if (Logger.isTraceEnabled()) {
+ for (Header el : httpResultToken.getAllHeaders())
+ Logger.trace("Resp. Headername:" + el.getName() + " Value:" + el.getValue());
+ }
+
+ if (httpResultToken.getStatusLine().getStatusCode() != 200) {
+ Logger.info("eID4U AP TokenService anwser with StatusCode:" + httpResultToken.getStatusLine().getStatusCode()
+ + " eID4U AP process stopping ... ");
+ if (httpResultToken.getEntity().getContent() != null)
+ Logger.trace("StatusMessage: " + IOUtils.toString(httpResultToken.getEntity().getContent(), "UTF-8"));
+ throw new eID4UAPException("eID4U AP TokenService return statusCode: " + httpResultToken.getStatusLine().getStatusCode(), null);
+
+ }
+
+ //parse AccessToken from TokenService response
+ JsonElement fullToken = new JsonParser().parse(
+ new InputStreamReader(httpResultToken.getEntity().getContent()));
+ Logger.trace("FullToken: " + fullToken.toString());
+ String accessToken = fullToken.getAsJsonObject().get(OAuth20Constants.RESPONSE_ACCESS_TOKEN).getAsString();
+
+
+ //call Attribute Provider to receice eID4U attributes from TUG
+ String attrProviderServiceURL = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_DATASERVICE_URL);
+ if (MiscUtil.isEmpty(attrProviderServiceURL)) {
+ Logger.info("NO Attr.Provider Service URL in configuration for eID4U AP. ");
+ throw new eID4UAPException("NO Attr.Provider URL in configuration for eID4U AP.", null);
+
+ }
+
+
+ URIBuilder uriBuilderAttrProv = new URIBuilder(attrProviderServiceURL);
+ HttpGet httpGetData = new HttpGet(uriBuilderAttrProv.build());
+
+ //encode and add token as header
+ String authHeader = "Bearer " + accessToken;
+ httpGetData.setHeader(HttpHeaders.AUTHORIZATION, authHeader);
+
+ //get and add bPK as header
+ httpGetData.setHeader(
+ "X-PVP-BPK",
+ pendingReq.getRawData(eID4UConstants.PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER, String.class));
+
+ if (Logger.isTraceEnabled()) {
+ for (Header el : httpGetData.getAllHeaders())
+ Logger.trace("Req. Headername:" + el.getName() + " Value:" + el.getValue());
+ }
+
+ //request Attribute Provider
+ HttpResponse httpResultData = httpClient.execute(httpGetData);
+
+ //parse response
+ Logger.trace("Receive http StatusCode: " + httpResultData.getStatusLine().getStatusCode()
+ + " from eID4U Attr.Provider Service");
+
+ if (Logger.isTraceEnabled()) {
+ for (Header el : httpResultData.getAllHeaders())
+ Logger.trace("Resp. Headername:" + el.getName() + " Value:" + el.getValue());
+ }
+
+ if (httpResultData.getStatusLine().getStatusCode() != 200) {
+ Logger.info("eID4U Attr.Provider Service anwser with StatusCode:" + httpResultData.getStatusLine().getStatusCode()
+ + " eID4U AP process stopping ... ");
+ if (httpResultData.getEntity().getContent() != null)
+ Logger.trace("StatusMessage: " + IOUtils.toString(httpResultData.getEntity().getContent(), "UTF-8"));
+
+ throw new eID4UAPException("eID4U Attr.Provider Service return statusCode: " + httpResultData.getStatusLine().getStatusCode(), null);
+
+ }
+
+
+ //parse eID4U attributes from Attr.Provider service response
+ JsonElement fullAttrSet = new JsonParser().parse(
+ new InputStreamReader(httpResultData.getEntity().getContent()));
+ Logger.trace("FullAttrSet: " + fullAttrSet.toString());
+
+ //populate eID4U attributes
+ populateEid4uAttributes(fullAttrSet.getAsJsonObject());
+
+ //store pendingRequest
+ requestStoreage.storePendingRequest(pendingReq);
+
+
+ } else
+ Logger.debug("No eIDAS Request found. Skip eID4U attribute collection");
+
+ } catch (Exception e) {
+ Logger.error("IdentityLink generation for foreign person FAILED.", e);
+ throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
+
+ }
+
+ }
+
+ private void populateEid4uAttributes(JsonObject jsonObject) throws EAAFStorageException {
+ try {
+ AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
+ Map<String, Object> eID4UAttributes = AttributeScopeMapper.getInstance().populateEid4uAttributesFromTugResponse(jsonObject);
+ for (Entry<String, Object> el : eID4UAttributes.entrySet())
+ session.setGenericDataToSession(el.getKey(), el.getValue());
+
+ } catch (EAAFStorageException e) {
+ Logger.warn("Can NOT inject authentication data into user object.", e);
+ throw e;
+ }
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java
index bb52d2ffe..44a313885 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java
@@ -69,12 +69,11 @@ import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
import org.opensaml.xml.signature.KeyInfo;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import com.google.common.collect.ImmutableSortedSet;
import com.google.common.collect.Ordering;
+import at.gv.egovernment.moa.logging.Logger;
import eu.eidas.auth.commons.EIDASUtil;
import eu.eidas.auth.commons.EidasStringUtil;
import eu.eidas.auth.commons.attribute.AttributeDefinition;
@@ -108,7 +107,6 @@ import eu.eidas.util.Preconditions;
*
*/
public class NewMoaEidasMetadata {
- private static final Logger LOGGER = LoggerFactory.getLogger(EidasMetadata.class.getName());
private final String metadata;
private final String entityId;
private static final Set<String> DEFAULT_BINDING = new HashSet() {
@@ -180,7 +178,7 @@ public class NewMoaEidasMetadata {
dm.setAlgorithm(digestMethod);
eidasExtensions.getUnknownXMLObjects().add(dm);
} else {
- NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding DigestMethod extension");
+ Logger.info("BUSINESS EXCEPTION error adding DigestMethod extension");
}
}
}
@@ -197,7 +195,7 @@ public class NewMoaEidasMetadata {
spTypeObj.setSPType(this.params.getSpType());
eidasExtensions.getUnknownXMLObjects().add(spTypeObj);
} else {
- NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding SPType extension");
+ Logger.info("BUSINESS EXCEPTION error adding SPType extension");
}
}
generateDigest(eidasExtensions);
@@ -212,7 +210,7 @@ public class NewMoaEidasMetadata {
sm.setAlgorithm(signMethod);
eidasExtensions.getUnknownXMLObjects().add(sm);
} else {
- NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding SigningMethod extension");
+ Logger.info("BUSINESS EXCEPTION error adding SigningMethod extension");
}
}
}
@@ -378,8 +376,12 @@ public class NewMoaEidasMetadata {
new ImmutableSortedSet.Builder<>(Ordering.<AttributeDefinition<?>>natural());
for (String attr : eIDASAttributeBuilder.getAllProvideableeIDASAttributes()) {
- AttributeDefinition<?> supAttr = params.getIdpEngine().getProtocolProcessor().getAttributeDefinitionNullable(attr);
- builder.add(supAttr);
+ Logger.trace("Build metadata-attr: " + attr);
+ AttributeDefinition<?> supAttr = params.getIdpEngine().getProtocolProcessor().getAttributeDefinitionNullable(attr);
+ if (supAttr == null)
+ Logger.warn("Suspect eIDAS attribute definition: " + attr);
+ else
+ builder.add(supAttr);
}
return builder.build();
@@ -444,11 +446,11 @@ public class NewMoaEidasMetadata {
url.setURL(new LocalizedString(this.params.getOrganization().getUrl(), "en"));
organization.getURLs().add(url);
} catch (IllegalAccessException iae) {
- NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", iae.getMessage());
- NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", iae);
+ Logger.info("ERROR : error generating the OrganizationData: " + iae.getMessage());
+ Logger.warn("ERROR : error generating the OrganizationData:", iae);
} catch (NoSuchFieldException nfe) {
- NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", nfe.getMessage());
- NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", nfe);
+ Logger.info("ERROR : error generating the OrganizationData: " + nfe.getMessage());
+ Logger.warn("ERROR : error generating the OrganizationData:", nfe);
}
}
return organization;
@@ -463,11 +465,11 @@ public class NewMoaEidasMetadata {
else if (contactType == ContactPersonTypeEnumeration.TECHNICAL)
currentContact = this.params.getTechnicalContact();
else {
- NewMoaEidasMetadata.LOGGER.error("ERROR: unsupported contact type");
+ Logger.error("ERROR: unsupported contact type");
}
contact = (ContactPerson) BuilderFactoryUtil.buildXmlObject(ContactPerson.class);
if (currentContact == null) {
- NewMoaEidasMetadata.LOGGER.error("ERROR: cannot retrieve contact from the configuration");
+ Logger.error("ERROR: cannot retrieve contact from the configuration");
return contact;
}
@@ -486,11 +488,11 @@ public class NewMoaEidasMetadata {
populateContact(contact, currentContact, emailAddressObj, company, givenName, surName, phoneNumber);
} catch (IllegalAccessException iae) {
- NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", iae.getMessage());
- NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", iae);
+ Logger.info("ERROR : error generating the OrganizationData: " + iae.getMessage());
+ Logger.warn("ERROR : error generating the OrganizationData: ", iae);
} catch (NoSuchFieldException nfe) {
- NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", nfe.getMessage());
- NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", nfe);
+ Logger.info("ERROR : error generating the OrganizationData: " + nfe.getMessage());
+ Logger.warn("ERROR : error generating the OrganizationData: ", nfe);
}
return contact;
}
@@ -546,8 +548,8 @@ public class NewMoaEidasMetadata {
}
return EidasStringUtil.toString(OpenSamlHelper.marshall(entityDescriptor, false));
} catch (Exception ex) {
- NewMoaEidasMetadata.LOGGER.info("ERROR : SAMLException ", ex.getMessage());
- NewMoaEidasMetadata.LOGGER.debug("ERROR : SAMLException ", ex);
+ Logger.info("ERROR : SAMLException: " + ex.getMessage());
+ Logger.warn("ERROR : SAMLException ", ex);
throw new IllegalStateException(ex);
}
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 6d20caa4b..b000c317e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -33,6 +33,7 @@ import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.XMLConfigurator;
import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAExtendedSWSigner;
import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
@@ -112,6 +113,16 @@ public class SAMLEngineUtils {
SAMLSchemaBuilder.addExtensionSchema(
at.gv.egovernment.moa.util.Constants.SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION);
+ //add eID4U schemes
+ SAMLSchemaBuilder.addExtensionSchema(
+ Definitions.SAML2_eID4U_CORE_EXTENSIONS_SCHEMA_LOCATION);
+ SAMLSchemaBuilder.addExtensionSchema(
+ Definitions.SAML2_eID4U_PERSON_EXTENSIONS_SCHEMA_LOCATION);
+ SAMLSchemaBuilder.addExtensionSchema(
+ Definitions.SAML2_eID4U_STUDIES_EXTENSIONS_SCHEMA_LOCATION);
+ SAMLSchemaBuilder.addExtensionSchema(
+ Definitions.SAML2_eID4U_EXT_EUROPASS3_EXTENSIONS_SCHEMA_LOCATION);
+
eIDASEngine = engine;
} catch (EIDASSAMLEngineException | ConfigurationException e) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
index 200215308..d2323d161 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
@@ -38,6 +38,7 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
import at.gv.egovernment.moa.logging.Logger;
@@ -53,7 +54,7 @@ import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
*
*/
public class eIDASAttributeBuilder extends PVPAttributeBuilder {
- private static IAttributeGenerator<String> generator = new SimpleEidasAttributeGenerator();
+ private static IAttributeGenerator<String> generator = new SimpleStringAttributeGenerator();
private static List<String> listOfSupportedeIDASAttributes;
private static ServiceLoader<IeIDASAttribute> eIDASAttributLoader =
@@ -105,7 +106,7 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder {
* @param authData Authentication data that contains user information for attribute generation
* @return eIDAS attribute response {@link Pair} or null if the attribute generation FAILES
*/
- public static Pair<AttributeDefinition<?>,ImmutableSet<AttributeValue<?>>> buildAttribute(AttributeDefinition<?> attr, ISPConfiguration onlineApplicationConfiguration,
+ public static Pair<?, ImmutableSet<AttributeValue<?>>> buildAttribute(AttributeDefinition<?> attr, ISPConfiguration onlineApplicationConfiguration,
IAuthData authData) {
String attrName = attr.getNameUri().toString();
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index d268dd2f6..7c9e66ba0 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -203,7 +203,8 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
//***** validate eIDAS request *********
//****************************************
//validate SAML token
- IAuthenticationRequest samlReq = engine.unmarshallRequestAndValidate(decSamlToken, cititzenCountryCode );
+ //TODO: maybe add whitelist feature
+ IAuthenticationRequest samlReq = engine.unmarshallRequestAndValidate(decSamlToken, cititzenCountryCode, null, false);
//validate internal JAVA class type
if (!(samlReq instanceof IEidasAuthenticationRequest)) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java
index 1ac4560b0..d9232a2f3 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java
@@ -28,7 +28,8 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF
* @author tlenz
*
*/
-@Deprecated
+
+
@eIDASMetadata
public class eIDASAttrLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
index 66359e240..e10f42b37 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
@@ -35,7 +35,6 @@ import at.gv.egovernment.moa.util.MiscUtil;
* @author tlenz
*
*/
-@Deprecated
@eIDASMetadata
public class eIDASAttrLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java
index 638b01bb1..cea28662e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java
@@ -28,7 +28,10 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF
* @author tlenz
*
*/
-@eIDASMetadata
+
+/*
+ * Is not a valid eIDAS attribute at the moment, because representative has to be a natural person
+ */
public class eIDASAttrRepresentativeLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute {
@Override
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
index fd245c3eb..7c527ff67 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
@@ -35,7 +35,10 @@ import at.gv.egovernment.moa.util.MiscUtil;
* @author tlenz
*
*/
-@eIDASMetadata
+
+/*
+ * Is not a valid eIDAS attribute at the moment, because representative has to be a natural person
+ */
public class eIDASAttrRepresentativeLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute {
@Override
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
index f7e135bae..14ba239a1 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
@@ -61,7 +61,7 @@ public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNat
throws AttributeBuilderException {
try {
- Pair<String, String> calcResult = internalBPKGenerator(oaParam, authData);
+ Pair<String, String> calcResult = getBpkForSp(oaParam, authData);
if (calcResult != null) {
String personalID = calcResult.getFirst();
String type = calcResult.getSecond();
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java
index db072203d..9321182da 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java
@@ -1,5 +1,8 @@
package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder;
+import java.lang.annotation.Retention;
+
+@Retention(java.lang.annotation.RetentionPolicy.RUNTIME)
public @interface eIDASMetadata {
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java
new file mode 100644
index 000000000..2f066bc6b
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class CititzenshipAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.CITIZENSHIP_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.CITIZENSHIP_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.CITIZENSHIP_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java
new file mode 100644
index 000000000..8ef79b774
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class CountryOfBirthAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.COUNTRYOFBIRTH_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.COUNTRYOFBIRTH_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.COUNTRYOFBIRTH_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java
new file mode 100644
index 000000000..7b4c16a5a
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class CurrentDegreeAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.CURRENTDEGREE_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.CURRENTDEGREE_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.CURRENTDEGREE_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java
new file mode 100644
index 000000000..5210676c2
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class CurrentLevelOfStudyAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.CURRENTLEVELOFSTUDY_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.CURRENTLEVELOFSTUDY_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.CURRENTLEVELOFSTUDY_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java
new file mode 100644
index 000000000..4b8e6ec29
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java
@@ -0,0 +1,49 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.generic.Document;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class CurrentPhotoAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ Object docObj= authData.getGenericData(getName(), Object.class);
+
+ if (docObj instanceof Document) {
+ return g.buildStringAttribute(Definitions.CURRENTPHOTO_FRIENDLYNAME, getName(), ((Document)docObj).toString());
+
+
+ } else if (docObj instanceof String) {
+ if (StringUtils.isNotEmpty((String)docObj))
+ return g.buildStringAttribute(Definitions.CURRENTPHOTO_FRIENDLYNAME, getName(), (String)docObj);
+
+ }
+
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.CURRENTPHOTO_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.CURRENTPHOTO_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java
new file mode 100644
index 000000000..4f0a0d2fc
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class DegreeAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.DEGREE_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.DEGREE_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.DEGREE_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java
new file mode 100644
index 000000000..8b480914b
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class DegreeAwardingInstituteAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.DEGREEAWARDINGINSTITUTION_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.DEGREEAWARDINGINSTITUTION_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.DEGREEAWARDINGINSTITUTION_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java
new file mode 100644
index 000000000..b3b58c9da
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class DegreeCountryAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.DEGREECOUNTRY_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.DEGREECOUNTRY_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.DEGREECOUNTRY_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java
new file mode 100644
index 000000000..f37b8ea65
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class EHICIDAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.EHICID_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.EHICID_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.EHICID_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java
new file mode 100644
index 000000000..c1dba7eff
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class EMailAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.EMAIL_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.EMAIL_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.EMAIL_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java
new file mode 100644
index 000000000..ba486079e
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class FieldOfStudyAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.FIELDOFSTUDY_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.FIELDOFSTUDY_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.FIELDOFSTUDY_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java
new file mode 100644
index 000000000..cf1bc4b07
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class GraduationYearAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.GRADUATIONYEAR_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.GRADUATIONYEAR_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.GRADUATIONYEAR_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java
new file mode 100644
index 000000000..73ab6fdda
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java
@@ -0,0 +1,72 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import java.io.IOException;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
+import eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddressAttributeValue;
+
+@eIDASMetadata
+public class HomeInstituteAddressAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ Object obj= authData.getGenericData(getName(), Object.class);
+
+ if (obj instanceof PostalAddress) {
+ try {
+ return g.buildStringAttribute(Definitions.HOMEINSTITUTIONADDRESS_FRIENDLYNAME, getName(),
+ new CurrentAddressAttributeValueMarshaller().marshal(
+ new PostalAddressAttributeValue((PostalAddress) obj)));
+
+ } catch (AttributeValueMarshallingException e) {
+ Logger.warn("Can NOT build attribute: " + getName(), e);
+
+ }
+
+ } else if (obj instanceof String) {
+ if (StringUtils.isNotEmpty((String)obj)) {
+ try {
+ return g.buildStringAttribute(Definitions.HOMEINSTITUTIONADDRESS_FRIENDLYNAME, getName(),
+ Base64Utils.encode(((String) obj).getBytes()));
+
+ } catch (IOException e) {
+ Logger.warn("Can NOT build attribute: " + getName(), e);
+
+ }
+
+ }
+
+ }
+
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONADDRESS_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.HOMEINSTITUTIONADDRESS_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java
new file mode 100644
index 000000000..4b80b53ca
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class HomeInstituteCountryAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.HOMEINSTITUTIONCOUNTRY_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONCOUNTRY_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.HOMEINSTITUTIONCOUNTRY_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java
new file mode 100644
index 000000000..e8c7a9169
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class HomeInstituteIdentifierAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.HOMEINSTITUTIONIDENTIFIER_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONIDENTIFIER_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.HOMEINSTITUTIONIDENTIFIER_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java
new file mode 100644
index 000000000..1f72b9a37
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class HomeInstituteNameAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.HOMEINSTITUTIONNAME_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONNAME_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.HOMEINSTITUTIONNAME_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java
new file mode 100644
index 000000000..1983c10d1
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java
@@ -0,0 +1,49 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class IdExpireddateAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ Object dateObj= authData.getGenericData(getName(), Object.class);
+
+ if (dateObj instanceof Date) {
+ DateFormat pvpDateFormat = new SimpleDateFormat(Definitions.DATE_FORMAT_PATTERN);
+ String dateString = pvpDateFormat.format(dateObj);
+ return g.buildStringAttribute(Definitions.IDEXPIREDATE_FRIENDLYNAME, getName(), dateString);
+
+ } else if (dateObj instanceof String) {
+ return g.buildStringAttribute(Definitions.IDEXPIREDATE_FRIENDLYNAME, getName(), (String) dateObj);
+
+ } else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.IDEXPIREDATE_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.IDEXPIREDATE_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java
new file mode 100644
index 000000000..7b04069e2
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class IdIssuerAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.IDISSUER_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.IDISSUER_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.IDISSUER_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java
new file mode 100644
index 000000000..956caab68
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class IdNumberAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.IDNUMBER_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.IDNUMBER_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.IDNUMBER_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java
new file mode 100644
index 000000000..e2aff59e9
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java
@@ -0,0 +1,48 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egiz.eid4u.api.attributes.natural.IdType;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class IdTypeAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ Object idTypeObj= authData.getGenericData(getName(), Object.class);
+
+ if (idTypeObj instanceof IdType)
+ return g.buildStringAttribute(Definitions.IDTYPE_FRIENDLYNAME, getName(), ((IdType)idTypeObj).getValue());
+
+ else if (idTypeObj instanceof String) {
+ String idType = (String)idTypeObj;
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.IDTYPE_FRIENDLYNAME, getName(), idType);
+ }
+
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.IDTYPE_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.IDTYPE_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java
new file mode 100644
index 000000000..4c88a54c1
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java
@@ -0,0 +1,50 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.CertificatesType;
+import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.generic.Document;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class LanguageCertificatesAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ Object certObj= authData.getGenericData(getName(), Object.class);
+
+ if (certObj instanceof CertificatesType) {
+ return g.buildStringAttribute(Definitions.LANGUAGECERTIFICATES_FRIENDLYNAME, getName(), ((CertificatesType)certObj).toString());
+
+
+ } else if (certObj instanceof String) {
+ if (StringUtils.isNotEmpty((String)certObj))
+ return g.buildStringAttribute(Definitions.LANGUAGECERTIFICATES_FRIENDLYNAME, getName(), (String) certObj);
+
+ }
+
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.LANGUAGECERTIFICATES_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.LANGUAGECERTIFICATES_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java
new file mode 100644
index 000000000..b3c30a8a2
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java
@@ -0,0 +1,51 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.CertificatesType;
+import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.LanguageLevelType;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class LanguageProficiencyAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ Object certObj= authData.getGenericData(getName(), Object.class);
+
+ if (certObj instanceof LanguageLevelType) {
+ return g.buildStringAttribute(Definitions.LANGUAGEPROFICIENCY_FRIENDLYNAME, getName(), ((LanguageLevelType)certObj).toString());
+
+
+ } else if (certObj instanceof String) {
+ if (StringUtils.isNotEmpty((String)certObj))
+
+ return g.buildStringAttribute(Definitions.LANGUAGEPROFICIENCY_FRIENDLYNAME, getName(), (String) certObj);
+
+ }
+
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.LANGUAGEPROFICIENCY_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.LANGUAGEPROFICIENCY_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java
new file mode 100644
index 000000000..98410a606
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java
@@ -0,0 +1,49 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egiz.eid4u.api.attributes.natural.MaritalState;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class MaritalstateAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ Object valueObj = authData.getGenericData(getName(), Object.class);
+
+ if (valueObj instanceof MaritalState)
+ return g.buildStringAttribute(Definitions.MARITALSTATE_FRIENDLYNAME, getName(), ((MaritalState)valueObj).getValue());
+
+ else if (valueObj instanceof String) {
+ String value = (String)valueObj;
+ if (StringUtils.isNotEmpty(value));
+ return g.buildStringAttribute(Definitions.MARITALSTATE_FRIENDLYNAME, getName(), value);
+
+ }
+
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.MARITALSTATE_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.EHICID_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java
new file mode 100644
index 000000000..724b2494e
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class NationalityAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.NATIONALITY_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.NATIONALITY_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.NATIONALITY_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java
new file mode 100644
index 000000000..51e78bac2
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class PhoneAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.PHONE_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.PHONE_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.PHONE_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java
new file mode 100644
index 000000000..9888ce3c0
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class TaxIdentificationNumberAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.TAXIDENTIFICATIONNUMBER_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.TAXIDENTIFICATIONNUMBER_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.TAXIDENTIFICATIONNUMBER_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java
new file mode 100644
index 000000000..9a57750cf
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java
@@ -0,0 +1,70 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import java.io.IOException;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
+import eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddressAttributeValue;
+
+@eIDASMetadata
+public class TemporaryAddressAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ Object obj= authData.getGenericData(getName(), Object.class);
+
+ if (obj instanceof PostalAddress) {
+ try {
+ return g.buildStringAttribute(Definitions.TEMPORARYADDRESS_FRIENDLYNAME, getName(),
+ new CurrentAddressAttributeValueMarshaller().marshal(
+ new PostalAddressAttributeValue((PostalAddress) obj)));
+
+ } catch (AttributeValueMarshallingException e) {
+ Logger.warn("Can NOT build attribute: " + getName(), e);
+
+ }
+
+ } else if (obj instanceof String) {
+ if (StringUtils.isNotEmpty((String)obj))
+ try {
+ return g.buildStringAttribute(Definitions.TEMPORARYADDRESS_FRIENDLYNAME, getName(),
+ Base64Utils.encode(((String) obj).getBytes()));
+
+ } catch (IOException e) {
+ Logger.warn("Can NOT build attribute: " + getName(), e);
+
+ }
+
+ }
+
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.TEMPORARYADDRESS_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.TEMPORARYADDRESS_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index f6a67db9d..b42d3273f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -87,7 +87,9 @@ public class eIDASAuthenticationRequest implements IAction {
else
throw new MOAIDException("got wrong IRequest type. is: {}, should be: {}", new String[] {req.getClass().toString(), EIDASData.class.toString()});
-
+
+ ProtocolEngineI engine = at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
+
String subjectNameID = null;
//gather attributes
@@ -129,6 +131,21 @@ public class eIDASAuthenticationRequest implements IAction {
Logger.trace("eIDAS requsted attr. update process finished");
}
+
+
+
+ //TODO: eID4U testcode
+ //**************************************************************************
+// Builder reqAttrWitheID4U = ImmutableAttributeMap.builder(reqAttributeList);
+// AttributeDefinition<?> attrDef =
+// engine.getProtocolProcessor().getAttributeDefinitionNullable(
+// Definitions.IDTYPE_NAME);
+// reqAttrWitheID4U.put(AttributeDefinition.builder(attrDef).required(false).build());
+//
+// reqAttributeList = reqAttrWitheID4U.build();
+
+ //**************************************************************************
+
Logger.trace("Starting eIDAS response generation ....");
@@ -164,9 +181,7 @@ public class eIDASAuthenticationRequest implements IAction {
String token = null;
IResponseMessage eIDASRespMsg = null;
- try {
- ProtocolEngineI engine = at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
-
+ try {
// encryption is done by the SamlEngine, i.e. by the module we provide in the config
// but we need to set the appropriate request issuer
//engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer());
@@ -247,16 +262,18 @@ public class eIDASAuthenticationRequest implements IAction {
}
private void buildAndAddAttribute(ImmutableAttributeMap.Builder attrMapBuilder, AttributeDefinition<?> attr, IRequest req, IAuthData authData) throws MOAIDException {
- Pair<AttributeDefinition<?>, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute(
+ Pair<?, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute(
attr, req.getServiceProviderConfiguration(), authData);
if(eIDASAttr == null) {
if (attr.isRequired()) {
Logger.info("eIDAS Attr:" + attr.getNameUri() + " is marked as 'Required' but not available.");
- throw new MOAIDException("eIDAS.15", new Object[]{attr.getFriendlyName()});
+
+ //TODO!!!!!!!
+ //throw new MOAIDException("eIDAS.15", new Object[]{attr.getFriendlyName()});
} else
- Logger.info("eIDAS Attr:" + attr.getNameUri() + " is not available.");
+ Logger.debug("eIDAS Attr:" + attr.getNameUri() + " is not available.");
} else {
//add attribute to Map
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
index 3c11c725d..3a05c47ac 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -1,7 +1,8 @@
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrDateOfBirth
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrFamilyName
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrGivenName
-at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalName
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalPersonIdentifier
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeDateOfBirth
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeFamilyName
@@ -9,3 +10,30 @@ at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentat
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalName
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalPersonIdentifier
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdTypeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdNumberAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdIssuerAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdExpireddateAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EHICIDAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.NationalityAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CititzenshipAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.MaritalstateAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CountryOfBirthAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EMailAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.PhoneAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TemporaryAddressAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentPhotoAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TaxIdentificationNumberAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteNameAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteIdentifierAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteCountryAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteAddressAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentLevelOfStudyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.FieldOfStudyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentDegreeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAwardingInstituteAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.GraduationYearAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeCountryAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageProficiencyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageCertificatesAttrBuilder \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute
index ad87adb6a..2a147e18c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute
@@ -2,9 +2,38 @@ at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrDateOfBirth
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrFamilyName
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrGivenName
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalName
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalPersonIdentifier
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeDateOfBirth
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeFamilyName
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeGivenName
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalName
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalPersonIdentifier
-at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier \ No newline at end of file
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdTypeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdNumberAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdIssuerAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdExpireddateAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EHICIDAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.NationalityAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CititzenshipAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.MaritalstateAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CountryOfBirthAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EMailAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.PhoneAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TemporaryAddressAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentPhotoAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TaxIdentificationNumberAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteNameAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteIdentifierAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteCountryAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteAddressAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentLevelOfStudyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.FieldOfStudyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentDegreeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAwardingInstituteAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.GraduationYearAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeCountryAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageProficiencyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageCertificatesAttrBuilder
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml
new file mode 100644
index 000000000..4ab49641f
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="eID4UAttributCollectionAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
+
+<!--
+ - National authentication with Austrian Citizen Card and mobile signature with our without mandate.
+ - Legacy authentication for foreign citizens using MOCCA supported signature cards.
+-->
+ <pd:Task id="initializeBKUAuthentication" class="InitializeBKUAuthenticationTask" />
+ <pd:Task id="createIdentityLinkForm" class="CreateIdentityLinkFormTask" />
+ <pd:Task id="verifyIdentityLink" class="VerifyIdentityLinkTask" async="true" />
+ <pd:Task id="verifyAuthBlock" class="VerifyAuthenticationBlockTask" async="true" />
+ <pd:Task id="verifyCertificate" class="VerifyCertificateTask" async="true" />
+ <pd:Task id="getMISMandate" class="GetMISSessionIDTask" async="true" />
+ <pd:Task id="certificateReadRequest" class="CertificateReadRequestTask" />
+ <pd:Task id="prepareAuthBlockSignature" class="PrepareAuthBlockSignatureTask" />
+ <pd:Task id="prepareGetMISMandate" class="PrepareGetMISMandateTask" />
+ <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" />
+ <pd:Task id="getForeignID" class="GetForeignIDTask" async="true" />
+ <pd:Task id="userRestrictionTask" class="UserRestrictionTask" />
+ <pd:Task id="genericFrontChannelRedirectTask" class="GenericFrontChannelRedirectTask"/>
+
+ <!-- eID4U extensions -->
+ <pd:Task id="collectAddtionalAttributesTask" class="CollectAddtionalAttributesTask" async="true"/>
+ <pd:Task id="receiveConsentForAddtionalAttributesTask" class="ReceiveConsentForAddtionalAttributesTask" async="true"/>
+
+
+
+
+ <!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
+ <pd:StartEvent id="start" />
+
+ <pd:Transition from="start" to="initializeBKUAuthentication" />
+
+ <pd:Transition from="initializeBKUAuthentication" to="createIdentityLinkForm" />
+
+ <pd:Transition from="createIdentityLinkForm" to="verifyIdentityLink" />
+
+ <pd:Transition from="verifyIdentityLink" to="certificateReadRequest" conditionExpression="!ctx['identityLinkAvailable'] || ctx['useMandate']" />
+ <pd:Transition from="verifyIdentityLink" to="prepareAuthBlockSignature" />
+
+ <pd:Transition from="prepareAuthBlockSignature" to="verifyAuthBlock" />
+ <!-- Note: verifyAuthBlock still creates a MIS session and redirects the user to the MIS gui. This should be separated from the auth block verification. -->
+
+ <pd:Transition from="certificateReadRequest" to="verifyCertificate" />
+ <!-- Note: verifyCertificate still creates the auth block to be signed which should be separated from certificat verification. -->
+
+ <pd:Transition from="verifyCertificate" to="verifyAuthBlock" conditionExpression="ctx['useMandate']" />
+ <pd:Transition from="verifyCertificate" to="getForeignID" />
+
+ <pd:Transition from="verifyAuthBlock" to="prepareGetMISMandate" conditionExpression="ctx['useMandate']" />
+ <pd:Transition from="verifyAuthBlock" to="userRestrictionTask" />
+
+ <pd:Transition from="prepareGetMISMandate" to="getMISMandate" />
+
+ <pd:Transition from="getMISMandate" to="userRestrictionTask" />
+ <pd:Transition from="getForeignID" to="userRestrictionTask" />
+
+
+ <pd:Transition from="userRestrictionTask" to="genericFrontChannelRedirectTask" />
+
+ <!-- eID4U tasks for attribute collection -->
+ <pd:Transition from="genericFrontChannelRedirectTask" to="collectAddtionalAttributesTask" />
+
+ <pd:Transition from="collectAddtionalAttributesTask" to="receiveConsentForAddtionalAttributesTask" conditionExpression="ctx['collecteID4UAttr']" />
+ <pd:Transition from="collectAddtionalAttributesTask" to="finalizeAuthentication" conditionExpression="!ctx['collecteID4UAttr']" />
+
+ <pd:Transition from="receiveConsentForAddtionalAttributesTask" to="finalizeAuthentication" />
+
+
+ <pd:Transition from="finalizeAuthentication" to="end" />
+
+ <pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
index 20395f210..da4a2a95b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
@@ -9,9 +9,17 @@
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+ <bean id="eID4UAuthProcessImpl"
+ class="at.gv.egovernment.moa.id.auth.modules.eidas.AustrianAuthWitheID4UAuthenticationModulImpl">
+ <property name="priority" value="1" />
+ </bean>
+
<bean id="eIDASSignalServlet"
class="at.gv.egovernment.moa.id.auth.modules.eidas.eIDASSignalServlet"/>
+ <bean id="eID4UAPSignalServlet"
+ class="at.gv.egovernment.moa.id.auth.modules.eidas.eID4UAPSignalServlet"/>
+
<bean id="EIDASProtocol"
class="at.gv.egovernment.moa.id.protocols.eidas.EIDASProtocol"/>
@@ -30,5 +38,14 @@
<bean id="CreateIdentityLinkTask"
class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.CreateIdentityLinkTask"
scope="prototype"/>
+
+ <bean id="CollectAddtionalAttributesTask"
+ class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.CollectAddtionalAttributesTask"
+ scope="prototype"/>
+
+ <bean id="ReceiveConsentForAddtionalAttributesTask"
+ class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.ReceiveConsentForAddtionalAttributesTask"
+ scope="prototype"/>
+
</beans> \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/eID4U_TUG_scopes.map b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/eID4U_TUG_scopes.map
new file mode 100644
index 000000000..6a8a28dd4
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/eID4U_TUG_scopes.map
@@ -0,0 +1,27 @@
+ANY@tugraz.idm.attr.Citizenship=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/Citizenship
+ANY@tugraz.idm.attr.CityOfBirth=http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth
+ANY@tugraz.idm.attr.CountryOfBirth=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/CountryOfBirth
+ANY@tugraz.idm.attr.CurrentDegreeName=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/CurrentDegree
+ANY@tugraz.idm.attr.CurrentFieldOfStudy=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/FieldOfStudy
+ANY@tugraz.idm.attr.CurrentLevelOfStudy=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/CurrentLevelOfStudy
+ANY@tugraz.idm.attr.EmailStud=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/Email
+ANY@tugraz.idm.attr.Gender=http://eidas.europa.eu/attributes/naturalperson/Gender
+ANY@tugraz.idm.attr.HomeInstitutionName=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Name
+ANY@tugraz.idm.attr.HomeInstitutionCountry=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Country
+
+
+ANY@tugraz.idm.attr.HomeInstitutionAddressCountryCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address
+ANY@tugraz.idm.attr.HomeInstitutionAddressPostalCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address
+ANY@tugraz.idm.attr.HomeInstitutionAddressStreet=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address
+ANY@tugraz.idm.attr.HomrInstitutionAddressCity=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address
+
+
+ANY@tugraz.idm.attr.PermanentAddressCity=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress
+ANY@tugraz.idm.attr.PermanentAddressCountryCode=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress
+ANY@tugraz.idm.attr.PermanentAddressPostalCode=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress
+ANY@tugraz.idm.attr.PermanentAddressStreet=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress
+
+ANY@tugraz.idm.attr.StudyAddressCity=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress
+ANY@tugraz.idm.attr.StudyAddressCountryCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress
+ANY@tugraz.idm.attr.StudyAddressPostalCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress
+ANY@tugraz.idm.attr.StudyAddressStreet=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java b/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java
new file mode 100644
index 000000000..0daa90b40
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java
@@ -0,0 +1,253 @@
+package test.at.gv.egovernment.moa.id.modules.eidas.eid4u;
+
+import java.io.UnsupportedEncodingException;
+import java.util.Base64;
+import java.util.Map;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import com.google.gson.JsonElement;
+import com.google.gson.JsonParseException;
+import com.google.gson.JsonParser;
+
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
+
+
+public class AttributeScopeMapperTest {
+
+ private static final String TUG_AP_RESPONSE_B64 = "ewogICAiQU5ZQHR1Z3Jhei5pZG0uYXR0ci5Db3VudHJ5T2ZCaXJ0aCI6IiIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkN1cnJlbnREZWdyZWVOYW1lIjoiRHIudGVjaG4uIiwKICAgIkFOWUB0dWdyYXouaWRtLmF0dHIuQ3VycmVudEZpZWxkT2ZTdHVkeSI6IjA2ODg7OTk5OSIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkN1cnJlbnRMZXZlbE9mU3R1ZHkiOiI4IiwKICAgIkFOWUB0dWdyYXouaWRtLmF0dHIuRW1haWxTdHVkIjoidC5rZXJuQHN0dWRlbnQudHVncmF6LmF0IiwKICAgIkFOWUB0dWdyYXouaWRtLmF0dHIuSG9tZUluc3RpdHV0aW9uQWRkcmVzc0NvdW50cnlDb2RlIjoiQVQiLAogICAiQU5ZQHR1Z3Jhei5pZG0uYXR0ci5Ib21lSW5zdGl0dXRpb25BZGRyZXNzUG9zdGFsQ29kZSI6IjgwMTAiLAogICAiQU5ZQHR1Z3Jhei5pZG0uYXR0ci5Ib21lSW5zdGl0dXRpb25BZGRyZXNzU3RyZWV0IjoiUmVjaGJhdWVyc3RyYcOfZSAxMiIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkhvbWVJbnN0aXR1dGlvbkNvdW50cnkiOiJBVCIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkhvbWVJbnN0aXR1dGlvbk5hbWUiOiJHcmF6IFVuaXZlcnNpdHkgT2YgVGVjaG5vbG9neSIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkhvbWVJbnN0aXR1dGlvbkFkZHJlc3NDaXR5IjoiR3JheiIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLlN0dWR5QWRkcmVzc0NpdHkiOiJGcm9obmxlaXRlbiIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLlN0dWR5QWRkcmVzc1Bvc3RhbENvZGUiOiI4MTMwIiwKICAgIkFOWUB0dWdyYXouaWRtLmF0dHIuU3R1ZHlBZGRyZXNzQ291bnRyeUNvZGUiOiJBVCIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLlN0dWR5QWRkcmVzc1N0cmVldCI6IkvDvGhhdSAyMiIKfQ==";
+
+ private AttributeScopeMapper mapper = null;
+
+ @Test
+ public void dummyTest() throws Exception {
+
+
+ }
+
+ @Test
+ public void checkTugApResponseMapping() throws JsonParseException, UnsupportedEncodingException {
+ JsonElement fullAttrSet = new JsonParser().parse(new String(
+ Base64.getDecoder().decode(TUG_AP_RESPONSE_B64.getBytes()), "UTF-8"));
+
+ Map<String, Object> result = getMapper().populateEid4uAttributesFromTugResponse(fullAttrSet.getAsJsonObject());
+
+ Assert.assertTrue("eID4u attribte-table is EMPTY after mapping", !result.isEmpty());
+
+ Assert.assertTrue(result.containsKey(Definitions.COUNTRYOFBIRTH_NAME));
+ Assert.assertEquals("", result.get(Definitions.COUNTRYOFBIRTH_NAME));
+
+ Assert.assertTrue(result.containsKey(Definitions.CURRENTDEGREE_NAME));
+ Assert.assertEquals("Dr.techn.", result.get(Definitions.CURRENTDEGREE_NAME));
+
+ Assert.assertTrue(result.containsKey(Definitions.FIELDOFSTUDY_NAME));
+ Assert.assertEquals("0688;9999", result.get(Definitions.FIELDOFSTUDY_NAME));
+
+ Assert.assertTrue(result.containsKey(Definitions.CURRENTLEVELOFSTUDY_NAME));
+ Assert.assertEquals("8", result.get(Definitions.CURRENTLEVELOFSTUDY_NAME));
+
+ Assert.assertTrue(result.containsKey(Definitions.EMAIL_NAME));
+ Assert.assertEquals("t.kern@student.tugraz.at", result.get(Definitions.EMAIL_NAME));
+
+ Assert.assertTrue(result.containsKey(Definitions.HOMEINSTITUTIONNAME_NAME));
+ Assert.assertEquals("Graz University Of Technology", result.get(Definitions.HOMEINSTITUTIONNAME_NAME));
+
+ Assert.assertTrue(result.containsKey(Definitions.HOMEINSTITUTIONCOUNTRY_NAME));
+ Assert.assertEquals("AT", result.get(Definitions.HOMEINSTITUTIONCOUNTRY_NAME));
+
+ Assert.assertTrue(result.containsKey(Definitions.HOMEINSTITUTIONADDRESS_NAME));
+ checkComplexeAddress(
+ result.get(Definitions.HOMEINSTITUTIONADDRESS_NAME),
+ "AT",
+ "8010",
+ "Rechbauerstraße 12",
+ "Graz");
+
+ Assert.assertTrue(result.containsKey(Definitions.TEMPORARYADDRESS_NAME));
+ checkComplexeAddress(
+ result.get(Definitions.TEMPORARYADDRESS_NAME),
+ "AT",
+ "8130",
+ "Kühau 22",
+ "Frohnleiten");
+
+ }
+
+ private void checkComplexeAddress(Object toCheck, String cc, String postalCode, String Street, String city) {
+ Assert.assertNotNull(toCheck);
+ Assert.assertTrue(toCheck instanceof PostalAddress);
+
+ PostalAddress addr = (PostalAddress)toCheck;
+ Assert.assertEquals(postalCode, addr.getPostCode());
+ Assert.assertEquals(Street, addr.getCvAddressArea());
+ Assert.assertEquals(Street, addr.getThoroughfare());
+ Assert.assertEquals(city, addr.getPostName());
+
+ }
+
+ @Test
+ public void checkCitizenship() throws Exception {
+ checkBasicMappingInitialization(Definitions.CITIZENSHIP_NAME, AttributeScopeMapper.Citizenship, false);
+
+ }
+
+ @Test
+ public void checkCityOfBirth() throws Exception {
+ checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PLACE_OF_BIRTH.getNameUri().toString(), AttributeScopeMapper.CityOfBirth, false);
+
+ }
+
+ @Test
+ public void checkCountryOfBirth() throws Exception {
+ checkBasicMappingInitialization(Definitions.COUNTRYOFBIRTH_NAME, AttributeScopeMapper.CountryOfBirth, false);
+
+ }
+
+ @Test
+ public void checkCurrentDegreeName() throws Exception {
+ checkBasicMappingInitialization(Definitions.CURRENTDEGREE_NAME, AttributeScopeMapper.CurrentDegreeName, false);
+
+ }
+
+ @Test
+ public void checkCurrentFieldOfStudy() throws Exception {
+ checkBasicMappingInitialization(Definitions.FIELDOFSTUDY_NAME, AttributeScopeMapper.CurrentFieldOfStudy, false);
+ }
+
+ @Test
+ public void checkCurrentLevelOfStudy() throws Exception {
+ checkBasicMappingInitialization(Definitions.CURRENTLEVELOFSTUDY_NAME, AttributeScopeMapper.CurrentLevelOfStudy, false);
+
+ }
+
+ @Test
+ public void checkEmailStud() throws Exception {
+ checkBasicMappingInitialization(Definitions.EMAIL_NAME, AttributeScopeMapper.EmailStud, false);
+
+ }
+
+ @Test
+ public void checkGender() throws Exception {
+ checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.GENDER.getNameUri().toString(), AttributeScopeMapper.Gender, false);
+
+ }
+
+ @Test
+ public void checkHomeInstitutionName() throws Exception {
+ checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONNAME_NAME, AttributeScopeMapper.HomeInstitutionName, false);
+
+ }
+
+ @Test
+ public void checkHomeInstitutionCountry() throws Exception {
+ checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONCOUNTRY_NAME, AttributeScopeMapper.HomeInstitutionCountry, false);
+
+ }
+
+ @Test
+ public void checkHomeInstitutionAddressCountryCode() throws Exception {
+ checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONADDRESS_NAME, AttributeScopeMapper.HomeInstitutionAddressCountryCode, true);
+
+ }
+
+ @Test
+ public void checkHomeInstitutionAddressPostalCode() throws Exception {
+ checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONADDRESS_NAME, AttributeScopeMapper.HomeInstitutionAddressPostalCode, true);
+
+ }
+
+ @Test
+ public void checkHomeInstitutionAddressStreet() throws Exception {
+ checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONADDRESS_NAME, AttributeScopeMapper.HomeInstitutionAddressStreet, true);
+
+ }
+
+ @Test
+ public void checkHomeInstitutionAddressCity() throws Exception {
+ checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONADDRESS_NAME, AttributeScopeMapper.HomeInstitutionAddressCity, true);
+
+ }
+
+ @Test
+ public void checkPermanentAddressCity() throws Exception {
+ checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), AttributeScopeMapper.PermanentAddressCity, true);
+
+ }
+
+ @Test
+ public void checkPermanentAddressCountryCode() throws Exception {
+ checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), AttributeScopeMapper.PermanentAddressCountryCode, true);
+
+ }
+
+ @Test
+ public void checkPermanentAddressPostalCode() throws Exception {
+ checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), AttributeScopeMapper.PermanentAddressPostalCode, true);
+
+ }
+
+ @Test
+ public void checkPermanentAddressStreet() throws Exception {
+ checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), AttributeScopeMapper.PermanentAddressStreet, true);
+
+ }
+
+ @Test
+ public void checkStudyAddressCity() throws Exception {
+ checkBasicMappingInitialization(Definitions.TEMPORARYADDRESS_NAME, AttributeScopeMapper.StudyAddressCity, true);
+
+ }
+
+ @Test
+ public void checkStudyAddressCountryCode() throws Exception {
+ checkBasicMappingInitialization(Definitions.TEMPORARYADDRESS_NAME, AttributeScopeMapper.StudyAddressCountryCode, true);
+
+ }
+
+ @Test
+ public void checkStudyAddressPostalCode() throws Exception {
+ checkBasicMappingInitialization(Definitions.TEMPORARYADDRESS_NAME, AttributeScopeMapper.StudyAddressPostalCode, true);
+
+ }
+
+ @Test
+ public void checkStudyAddressStreet() throws Exception {
+ checkBasicMappingInitialization(Definitions.TEMPORARYADDRESS_NAME, AttributeScopeMapper.StudyAddressStreet, true);
+
+ }
+
+ private void checkBasicMappingInitialization(String eid4Uattr, String scope, boolean isComplexe) {
+ Assert.assertTrue((getMapper().isComplexeScope(scope) == isComplexe));
+
+ String eid4UattrRes = getMapper().geteIDASAttrFromScope(scope);
+ Assert.assertEquals(eid4Uattr, eid4UattrRes);
+
+ String scopeRes = getMapper().getTUGScopesForAttribute(eid4Uattr);
+ if (isComplexe) {
+ Assert.assertNotNull(scopeRes);
+ Assert.assertTrue(scopeRes.contains(scope));
+
+ } else
+ Assert.assertEquals(scope, scopeRes);
+
+ }
+
+ private void checkAddress() {
+
+
+ }
+
+ private AttributeScopeMapper getMapper() {
+ if (mapper == null)
+ mapper = AttributeScopeMapper.getInstance();
+
+ return mapper;
+ }
+
+
+
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/test/resources/SpringTest-context.xml b/id/server/modules/moa-id-module-eIDAS/src/test/resources/SpringTest-context.xml
new file mode 100644
index 000000000..7af79d60c
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/test/resources/SpringTest-context.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+</beans>
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
index e8cfae10a..7bb98c719 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
@@ -322,7 +322,9 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMetadataProvider
try {
//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
- PVPConstants.SSLSOCKETFACTORYNAME,
+ PVPConstants.SSLSOCKETFACTORYNAME,
+ moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
moaAuthConfig.getTrustedCACertificates(),
null,
AuthConfiguration.DEFAULT_X509_CHAININGMODE,
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
index b0736ff2e..cc987bfe7 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
@@ -56,7 +56,8 @@ public final class OAuth20Constants {
public static final String PARAM_SCOPE = "scope";
public static final String PARAM_MOA_MOD = "mod";
public static final String PARAM_MOA_ACTION = "action";
-
+ public static final String PARAM_OPENID_CODE = "openid_code";
+
// reponse parameters
public static final String RESPONSE_CODE = "code";
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index 19fdb3fee..9779b0cf4 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -44,16 +44,20 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN;
import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType;
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBirthDateAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonFamilyNameAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonGivenNameAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder;
@@ -95,8 +99,9 @@ public final class OAuth20AttributeBuilder {
private static final List<IAttributeBuilder> buildersProfile = new ArrayList<IAttributeBuilder>();
private static final List<IAttributeBuilder> buildersEID = new ArrayList<IAttributeBuilder>();
private static final List<IAttributeBuilder> buildersEIDGov = new ArrayList<IAttributeBuilder>();
- private static final List<IAttributeBuilder> buildersMandate = new ArrayList<IAttributeBuilder>();
- private static final List<IAttributeBuilder> buildersSTORK = new ArrayList<IAttributeBuilder>();
+ private static final List<IAttributeBuilder> buildersMandate = new ArrayList<IAttributeBuilder>();
+ @Deprecated private static final List<IAttributeBuilder> buildersSTORK = new ArrayList<IAttributeBuilder>();
+
static {
// openId
buildersOpenId.add(new OpenIdIssuerAttribute());
@@ -120,11 +125,14 @@ public final class OAuth20AttributeBuilder {
buildersEID.add(new EIDAuthBlock());
buildersEID.add(new EIDSignerCertificate());
buildersEID.add(new BPKAttributeBuilder());
+ buildersEID.add(new BPKListAttributeBuilder());
+ buildersEID.add(new EncryptedBPKAttributeBuilder());
// eID_gov
buildersEIDGov.add(new EIDSourcePIN());
buildersEIDGov.add(new EIDSourcePINType());
buildersEIDGov.add(new EIDIdentityLinkBuilder());
+ buildersEIDGov.add(new BPKListAttributeBuilder());
// mandate
buildersMandate.add(new MandateTypeAttributeBuilder());
@@ -133,6 +141,8 @@ public final class OAuth20AttributeBuilder {
buildersMandate.add(new MandateNaturalPersonSourcePinAttributeBuilder());
buildersMandate.add(new MandateNaturalPersonSourcePinTypeAttributeBuilder());
buildersMandate.add(new MandateNaturalPersonBPKAttributeBuilder());
+ buildersMandate.add(new MandateNaturalPersonBPKListAttributeBuilder());
+ buildersMandate.add(new MandateNaturalPersonEncBPKListAttributeBuilder());
buildersMandate.add(new MandateNaturalPersonFamilyNameAttributeBuilder());
buildersMandate.add(new MandateNaturalPersonGivenNameAttributeBuilder());
buildersMandate.add(new MandateNaturalPersonBirthDateAttributeBuilder());
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index b00675e7c..3b300c824 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -58,7 +58,7 @@ import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner;
import at.gv.egovernment.moa.logging.Logger;
@Service("OAuth20AuthAction")
-class OAuth20AuthAction implements IAction {
+public class OAuth20AuthAction implements IAction {
@Autowired protected IRevisionLogger revisionsLogger;
@Autowired protected ITransactionStorage transactionStorage;
@@ -131,7 +131,7 @@ class OAuth20AuthAction implements IAction {
}
- private Map<String, Object> generateIDToken(OAuth20SessionObject auth20SessionObject,
+ public Map<String, Object> generateIDToken(OAuth20SessionObject auth20SessionObject,
OAuth20AuthRequest oAuthRequest, IAuthData authData, String accessToken) throws SignatureException, MOAIDException {
// create response
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index 0350a113c..4dc99262e 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -24,19 +24,20 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
import javax.servlet.http.HttpServletRequest;
+import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
import at.gv.egovernment.moa.logging.Logger;
@@ -160,7 +161,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
}
@Override
- protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception {
+ protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig, ISPConfiguration oAuthConfig) throws OAuth20Exception {
this.setResponseType(this.getParam(request, OAuth20Constants.PARAM_RESPONSE_TYPE, true));
this.setState(this.getParam(request, OAuth20Constants.PARAM_STATE, true));
this.setRedirectUri(this.getParam(request, OAuth20Constants.PARAM_REDIRECT_URI, true));
@@ -178,25 +179,23 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_STATE);
}
- // check if client id and redirect uri are ok
- try {
- // OAOAUTH20 cannot be null at this point. check was done in base request
- ISPConfiguration oAuthConfig = authConfig.getServiceProviderConfiguration(this.getSPEntityId());
-
-
- if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
- || !this.getRedirectUri().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) {
- throw new OAuth20AccessDeniedException();
- }
-
- this.setOnlineApplicationConfiguration(oAuthConfig);
- Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID);
+ // OAOAUTH20 cannot be null at this point. check was done in base request
+ if (StringUtils.isEmpty(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))
+ || StringUtils.isEmpty(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
+ || StringUtils.isEmpty(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) {
+ throw new OAuth20OANotSupportedException();
+ }
+
+ if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
+ || !this.getRedirectUri().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) {
+ throw new OAuth20AccessDeniedException();
- } catch (EAAFConfigurationException e) {
- throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
}
+ this.setOnlineApplicationConfiguration(oAuthConfig);
+ Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID);
+
}
// /* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
index 118de861c..9cceea7d5 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -35,10 +35,8 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
-import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
@@ -77,21 +75,17 @@ abstract class OAuth20BaseRequest extends RequestImpl {
throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
}
- if (StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))
- || StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
- || StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) {
- throw new OAuth20OANotSupportedException();
- }
+ // oAuth
+ this.populateSpecialParameters(request, authConfig, oaParam);
+
+ // cleanup parameters
+ this.checkAllowedParameters(request);
+
}
catch (EAAFConfigurationException e) {
throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
}
-
- // oAuth
- this.populateSpecialParameters(request, authConfig);
-
- // cleanup parameters
- this.checkAllowedParameters(request);
+
}
private void checkAllowedParameters(final HttpServletRequest request) throws OAuth20WrongParameterException {
@@ -112,6 +106,6 @@ abstract class OAuth20BaseRequest extends RequestImpl {
}
- protected abstract void populateSpecialParameters(final HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception;
+ protected abstract void populateSpecialParameters(final HttpServletRequest request, IConfiguration authConfig, ISPConfiguration oaParam) throws OAuth20Exception;
}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 9f4174bf0..0952ba0a6 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -11,6 +11,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@@ -21,10 +22,12 @@ import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
@@ -47,7 +50,9 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME,
PVPConstants.BPK_NAME
});
-
+
+ @Autowired(required=true) AuthConfiguration moaAuthConfig;
+
public String getName() {
return NAME;
}
@@ -68,12 +73,12 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
//OpenID Connect auth request
@RequestMapping(value = "/oauth2/auth", method = {RequestMethod.POST, RequestMethod.GET})
- public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException {
-// if (!authConfig.getAllowedProtocols().isOAUTHActive()) {
-// Logger.info("OpenID-Connect is deaktivated!");
-// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-//
-// }
+ public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException, IOException {
+ if (!moaAuthConfig.getAllowedProtocols().isOAUTHActive()) {
+ Logger.info("OpenID-Connect is deaktivated!");
+ throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
+
+ }
OAuth20AuthRequest pendingReq = applicationContext.getBean(OAuth20AuthRequest.class);
try {
@@ -102,12 +107,12 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
//openID Connect tokken request
@RequestMapping(value = "/oauth2/token", method = {RequestMethod.POST, RequestMethod.GET})
- public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException {
-// if (!authConfig.getAllowedProtocols().isOAUTHActive()) {
-// Logger.info("OpenID-Connect is deaktivated!");
-// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-//
-// }
+ public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException, IOException, InvalidProtocolRequestException {
+ if (!moaAuthConfig.getAllowedProtocols().isOAUTHActive()) {
+ Logger.info("OpenID-Connect is deaktivated!");
+ throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
+
+ }
OAuth20TokenRequest pendingReq = applicationContext.getBean(OAuth20TokenRequest.class);
try {
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
index 89e4252b1..9a3613ea1 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -24,20 +24,20 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
import javax.servlet.http.HttpServletRequest;
+import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidGrantException;
-import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException;
import at.gv.egovernment.moa.logging.Logger;
@Component("OAuth20TokenRequest")
@@ -125,7 +125,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
}
@Override
- protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception {
+ protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig, ISPConfiguration oaParam) throws OAuth20Exception {
this.setCode(this.getParam(request, OAuth20Constants.RESPONSE_CODE, true));
this.setGrantType(this.getParam(request, OAuth20Constants.PARAM_GRANT_TYPE, true));
this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true));
@@ -136,26 +136,21 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
throw new OAuth20InvalidGrantException();
}
- // check if client id and secret are ok
- try {
- // OAOAUTH20 cannot be null at this point. check was done in base request
- ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(this.getSPEntityId());
-
- if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) {
- throw new OAuth20AccessDeniedException();
- }
-
- if (!this.getClientSecret().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))) {
- throw new OAuth20AccessDeniedException();
- }
-
- this.setOnlineApplicationConfiguration(oaParam);
-
+ // OAOAUTH20 cannot be null at this point. check was done in base request
+ if (StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))
+ || StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)))
+ throw new OAuth20OANotSupportedException();
+
+ if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) {
+ throw new OAuth20AccessDeniedException();
}
- catch (EAAFConfigurationException e) {
- throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
+
+ if (!this.getClientSecret().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))) {
+ throw new OAuth20AccessDeniedException();
}
+ this.setOnlineApplicationConfiguration(oaParam);
+
Logger.info("Dispatch OpenIDConnect TokenRequest: ClientID=" + this.clientID);
//add valid parameters
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
index 87e9e933d..a8c4a941e 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
@@ -55,6 +55,7 @@ public class SL20SignalServlet extends AbstractProcessEngineSignalController {
},
method = {RequestMethod.POST, RequestMethod.GET})
public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ Logger.trace("Receive req. on SL2.0 servlet with pendingReqId ... ");
signalProcessManagement(req, resp);
}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
index 6811d1016..0c97641c7 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
@@ -77,15 +77,20 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
//validate eID data
QualifiedeIDVerifier.verifyIdentityLink(idl,
pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class),
- (AuthConfiguration) authConfig);
+ (AuthConfiguration) authConfig);
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED);
+
+ //validate AuthBlock
authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock(
authBlockB64,
pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class),
(AuthConfiguration) authConfig);
-
+
QualifiedeIDVerifier.checkConsistencyOfeIDData(sl20ReqId, idl, authBlockExtractor, authBlockVerificationResult);
-
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED);
+
+
//TODO: add LoA verification
} catch (MOAIDException e) {
@@ -97,24 +102,21 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
throw e;
}
-
- revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED);
- revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED);
-
-
-
+
//add into session
AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
moasession.setIdentityLink(idl);
moasession.setBkuURL(ccsURL);
- //TODO: from AuthBlock
- if (authBlockVerificationResult != null)
+ moasession.setQAALevel(LoA);
+
+ if (authBlockVerificationResult != null) {
moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(authBlockVerificationResult.getSigningDateTime()));
- else
+ moasession.setSignerCertificate(authBlockVerificationResult.getX509certificate());
+
+ } else
moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()));
- moasession.setQAALevel(LoA);
-
+
//store pending request
requestStoreage.storePendingRequest(pendingReq);
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java
index 69e3e7995..0d6086118 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java
@@ -323,4 +323,10 @@ public class DummyOA implements IOAAuthParameters {
return false;
}
+ @Override
+ public List<String> additionalbPKSectorsRequested() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
index 044366eb6..e7280f847 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
@@ -29,6 +29,7 @@ import java.util.List;
import org.w3c.dom.Element;
import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
@@ -197,7 +198,7 @@ public class SSOTransferAuthenticationData implements IMOAAuthData {
* @see at.gv.egovernment.moa.id.data.IAuthData#getEncbPKList()
*/
@Override
- public List<String> getEncbPKList() {
+ public List<Pair<String, String>> getEncbPKList() {
// TODO Auto-generated method stub
return null;
}
@@ -374,5 +375,23 @@ public class SSOTransferAuthenticationData implements IMOAAuthData {
return false;
}
+ @Override
+ public List<Pair<String, String>> getAdditionalbPKs() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isIseIDNewDemoMode() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public List<Pair<String, String>> getEncMandateNaturalPersonbPKList() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
index c9bccb708..9e7a4fe8c 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
@@ -482,4 +482,10 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters {
return null;
}
+ @Override
+ public List<String> additionalbPKSectorsRequested() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
}
diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml
index 8b232cf29..3a401d80e 100644
--- a/id/server/modules/moa-id-modules-saml1/pom.xml
+++ b/id/server/modules/moa-id-modules-saml1/pom.xml
@@ -38,10 +38,10 @@
<!-- Only for development to use SAML1 protocol
SAML1 is removed from official OPB release -->
- <dependency>
+<!-- <dependency>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-module-eIDAS</artifactId>
- </dependency>
+ </dependency> -->
<!-- <dependency>
<groupId>MOA</groupId>
@@ -62,10 +62,10 @@
<artifactId>moa-id-modul-citizencard_authentication</artifactId>
</dependency>
- <dependency>
+<!-- <dependency>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-module-eIDAS</artifactId>
- </dependency>
+ </dependency> -->
<dependency>
<groupId>junit</groupId>
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index c8f01f67d..64a4bae63 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -48,6 +48,7 @@ import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
@@ -71,7 +72,13 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -338,7 +345,92 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
}
-
+
+ //add additional bPKs and foreign bPKs in case of Austrian eID demo-mode
+ if (Boolean.parseBoolean(
+ oaParam.getConfigurationValue(
+ MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE,
+ String.valueOf(false)))) {
+ Logger.info("Demo-mode for 'New Austrian eID' is active. Add additonal attributes ... ");
+
+ if (oaAttributes == null)
+ oaAttributes = new ArrayList<ExtendedSAMLAttribute>();
+
+ try {
+ String additionalBpks = new BPKListAttributeBuilder().build(
+ oaParam,
+ authData,
+ new SimpleStringAttributeGenerator());
+ if (MiscUtil.isNotEmpty(additionalBpks)) {
+ Logger.trace("Adding additional bPKs: " + additionalBpks + " as attribute into SAML1 assertion ... ");
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ PVPAttributeDefinitions.BPK_LIST_FRIENDLY_NAME, additionalBpks,
+ Constants.MOA_NS_URI,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ }
+ } catch (AttributeBuilderException e) {
+ Logger.info("Can NOT build additional bPKs. Reason: " + e.getMessage());
+
+ }
+
+ try {
+ String encryptedBpks = new EncryptedBPKAttributeBuilder().build(
+ oaParam,
+ authData,
+ new SimpleStringAttributeGenerator());
+ if (MiscUtil.isNotEmpty(encryptedBpks)) {
+ Logger.trace("Adding foreign bPKs: " + encryptedBpks + " as attribute into SAML1 assertion ... ");
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME, encryptedBpks,
+ Constants.MOA_NS_URI,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ }
+ } catch (AttributeBuilderException e) {
+ Logger.info("Can NOT build additional foreign bPKs. Reason: " + e.getMessage());
+
+ }
+
+ //for mandates
+ try {
+ String additionalMandatorBpks = new MandateNaturalPersonBPKListAttributeBuilder().build(
+ oaParam,
+ authData,
+ new SimpleStringAttributeGenerator());
+ if (MiscUtil.isNotEmpty(additionalMandatorBpks)) {
+ Logger.trace("Adding additional Mandator bPKs: " + additionalMandatorBpks + " as attribute into SAML1 assertion ... ");
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ PVPAttributeDefinitions.MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, additionalMandatorBpks,
+ Constants.MOA_NS_URI,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ }
+ } catch (AttributeBuilderException e) {
+ Logger.info("Can NOT build additional Mandator bPKs. Reason: " + e.getMessage());
+
+ }
+
+ try {
+ String encryptedMandatorBpks = new MandateNaturalPersonEncBPKListAttributeBuilder().build(
+ oaParam,
+ authData,
+ new SimpleStringAttributeGenerator());
+ if (MiscUtil.isNotEmpty(encryptedMandatorBpks)) {
+ Logger.trace("Adding foreign Mandator bPKs: " + encryptedMandatorBpks + " as attribute into SAML1 assertion ... ");
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ PVPAttributeDefinitions.MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, encryptedMandatorBpks,
+ Constants.MOA_NS_URI,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ }
+ } catch (AttributeBuilderException e) {
+ Logger.info("Can NOT build foreign Mandator bPKs. Reason: " + e.getMessage());
+
+ }
+
+ }
+
String samlAssertion = null;
//add mandate info's
if (authData.isUseMandate()) {
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 30d740a2a..20c66d7a2 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -41,11 +41,13 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -90,6 +92,8 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
PVPConstants.EID_SOURCE_PIN_TYPE_NAME
});
+ @Autowired(required=true) AuthConfiguration moaAuthConfig;
+
public String getName() {
return NAME;
}
@@ -102,11 +106,11 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
@RequestMapping(value = "/StartAuthentication", method = {RequestMethod.POST, RequestMethod.GET})
public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException {
-// if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) {
-// Logger.info("SAML1 is deaktivated!");
-// throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" });
-//
-// }
+ if (!moaAuthConfig.getAllowedProtocols().isSAML1Active()) {
+ Logger.info("SAML1 is deaktivated!");
+ throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" });
+
+ }
SAML1RequestImpl pendingReq = applicationContext.getBean(SAML1RequestImpl.class);
pendingReq.initialize(req, authConfig);
diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml
index 06c9a341a..a86090178 100644
--- a/id/server/modules/pom.xml
+++ b/id/server/modules/pom.xml
@@ -65,4 +65,4 @@
</dependency>
</dependencies>
-</project> \ No newline at end of file
+</project>