aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2019-02-18 08:30:49 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2019-02-18 08:30:49 +0100
commitffb4fc9f4ff9e1779ae4da8017fc686881a3e8ae (patch)
tree8ea45cf604651c0a6e30cc6d2d76f2a4daefff90 /id/server
parent198954f9257a4ec9984ea8766e216b85733a8c0f (diff)
downloadmoa-id-spss-ffb4fc9f4ff9e1779ae4da8017fc686881a3e8ae.tar.gz
moa-id-spss-ffb4fc9f4ff9e1779ae4da8017fc686881a3e8ae.tar.bz2
moa-id-spss-ffb4fc9f4ff9e1779ae4da8017fc686881a3e8ae.zip
add 'Austrian eID' demo-mode to simulate attribute behavior from 2020
Diffstat (limited to 'id/server')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java49
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java658
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java52
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java (renamed from id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java)4
-rw-r--r--id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder1
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java6
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java12
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java25
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java26
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java3
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java10
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java6
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java13
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java6
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java38
21 files changed, 312 insertions, 654 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 3e6308bf6..c58f19333 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -75,6 +75,7 @@ import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
@@ -212,6 +213,18 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
try {
//generate basic authentication data
generateBasicAuthData(authData, protocolRequest, session);
+
+ //set Austrian eID demo-mode flag
+ authData.setIseIDNewDemoMode(Boolean.parseBoolean(
+ oaParam.getConfigurationValue(
+ MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE,
+ String.valueOf(false))));
+
+ if (authData.isIseIDNewDemoMode()) {
+ Logger.info("Demo-mode for 'New Austrian eID' is active. Set 'BaseIDTransferRestrication' to true");
+ authData.setBaseIDTransferRestrication(true);
+
+ }
// #### generate MOA-ID specific authentication data ######
@@ -521,6 +534,26 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
//build foreign bPKs
generateForeignbPK(authData, oaParam.foreignbPKSectorsRequested());
+
+ if (Boolean.parseBoolean(
+ oaParam.getConfigurationValue(
+ MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE,
+ String.valueOf(false)))) {
+ Logger.info("Demo-Mode for Austrian eID is active. Post-Processing authData according the new requirements ... ");
+
+ //build additional bPKs
+ Logger.debug("Search for additional bPKs");
+ generateAdditonalbPK(authData, oaParam.additionalbPKSectorsRequested());
+
+ Logger.debug("Clearing identitylink ... ");
+ authData.setIdentityLink(null);
+
+ Logger.debug("Clearing authBlock ... ");
+ authData.setAuthBlock(null);
+
+ Logger.info("Post-Processing for Austrian eID finished");
+ }
+
//####################################################################
//copy all generic authentication information, which are not processed before to authData
Iterator<String> copyInterator = includedToGenericAuthData.iterator();
@@ -827,4 +860,20 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
}
+ private void generateAdditonalbPK(MOAAuthenticationData authData, List<String> additionalbPKSectorsRequested) throws EAAFBuilderException {
+ if (additionalbPKSectorsRequested != null && !additionalbPKSectorsRequested.isEmpty()) {
+ Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... ");
+ for (String sector : additionalbPKSectorsRequested) {
+ Logger.trace("Process sector: " + sector + " ... ");
+ Pair<String, String> bpk = new BPKBuilder().generateAreaSpecificPersonIdentifier(
+ authData.getIdentificationValue(),
+ authData.getIdentificationType(),
+ sector);
+
+ Logger.trace("Calculate additional bPK for sector: " + bpk.getSecond() + " with value: " + bpk.getFirst() );
+ authData.addAdditionalbPKPair(bpk);
+
+ }
+ }
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
index a2dfeba2f..ab2a07f7c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
@@ -263,6 +263,19 @@ public String getKeyBoxIdentifier() {
returnValue.setProvideAllErrors(
Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_RETURNERROR)));
+ if (Boolean.parseBoolean(
+ spConfiguration.getConfigurationValue(
+ MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE,
+ String.valueOf(false)))) {
+ Logger.info("Demo-mode for 'New Austrian eID' is active. Restrict SAML1 response ... ");
+ returnValue.setProvideBaseId(false);
+ returnValue.setProvideAuthBlock(false);
+ returnValue.setProvideIdl(false);
+ returnValue.setProvideMandate(false);
+
+ }
+
+
return returnValue;
}
@@ -920,6 +933,16 @@ public List<String> foreignbPKSectorsRequested() {
}
+@Override
+public List<String> additionalbPKSectorsRequested() {
+ String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS);
+ if (MiscUtil.isNotEmpty(value))
+ return KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(value));
+
+ else
+ return null;
+
+}
@Override
@@ -1002,4 +1025,5 @@ public boolean isConfigurationValue(String key, boolean defaultValue) {
}
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index 390b77dab..1b2d203c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -541,6 +541,12 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
}
@Override
+ public List<String> additionalbPKSectorsRequested() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
public boolean containsConfigurationKey(String arg0) {
// TODO Auto-generated method stub
return false;
@@ -593,6 +599,5 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
public String getLoAMatchingMode() {
return EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM;
}
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
index ff4b96aab..415f4db18 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
@@ -35,4 +35,10 @@ public interface IMOAAuthData extends IAuthData{
String getPvpAttribute_OU();
List<AuthenticationRole> getAuthenticationRoles();
+ /**
+ * Indicate Austrian eID demo-mode
+ *
+ * @return true if it is in demo-mode, otherwise false
+ */
+ public boolean isIseIDNewDemoMode();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
index ca0ae0687..c1545f354 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
@@ -69,6 +69,8 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
private LoALevelMapper loaMapper;
+ private boolean iseIDNewDemoMode = false;
+
public MOAAuthenticationData(ILoALevelMapper loaMapper) {
if (loaMapper instanceof LoALevelMapper)
this.loaMapper = (LoALevelMapper) loaMapper;
@@ -321,648 +323,18 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
public void setQualifiedCertificate(boolean qualifiedCertificate) {
this.qualifiedCertificate = qualifiedCertificate;
}
-
-
-// private static final long serialVersionUID = -1042697056735596866L;
-// public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
-//
-// /**
-// * URL of the MOA-ID Auth component issueing this assertion
-// */
-// private String issuer;
-// /**
-// * time instant of issue of this assertion
-// */
-// private Date issueInstant;
-// /**
-// * user identification value (Stammzahl); <code>null</code>,
-// * if the authentication module is configured not to return this data
-// */
-// private String identificationValue;
-// /**
-// * user identification type
-// */
-// private String identificationType;
-//
-// /**
-// * user identityLink specialized to OAParamter
-// */
-// private IIdentityLink identityLink;
-//
-// /**
-// * application specific user identifier (bPK/wbPK)
-// */
-// private String bPK;
-//
-// /**
-// * application specific user identifier type
-// */
-// private String bPKType;
-//
-// /**
-// * given name of the user
-// */
-// private String givenName;
-// /**
-// * family name of the user
-// */
-// private String familyName;
-// /**
-// * date of birth of the user
-// */
-// private Date dateOfBirth;
-// /**
-// * says whether the certificate is a qualified certificate or not
-// */
-//
-// /**
-// * says whether the certificate is a public authority or not
-// */
-// /**
-// * public authority code (Beh&ouml;rdenkennzeichen - BKZ)
-// */
-//
-//
-// /**
-// * URL of the BKU
-// */
-//
-// /**
-// * the corresponding <code>lt;saml:Assertion&gt;</code>
-// */
-//
-// private boolean isBaseIDTransferRestrication = true;
-//
-//
-// /**
-// * STORK attributes from response
-// */
-// private String ccc = null;
-//
-// private Map<String, Object> genericDataStorate = new HashedMap<String, Object>();
-//
-//
-//
-// private String authBlock = null;
-// private List<String> encbPKList = null;
-//
-// //ISA 1.18 attributes
-// private List<AuthenticationRole> roles = null;
-// private String pvpAttribute_OU = null;
-//
-// private boolean useMandate = false;
-// private IMISMandate mandate = null;
-// private String mandateReferenceValue = null;
-//
-// private boolean foreigner =false;
-// private String QAALevel = null;
-//
-// private boolean ssoSession = false;
-// private Date ssoSessionValidTo = null;
-//
-//// private boolean interfederatedSSOSession = false;
-//// private String interfederatedIDP = null;
-//
-// private String sessionIndex = null;
-// private String nameID = null;
-// private String nameIDFormat = null;
-//
-// public AuthenticationData() {
-// issueInstant = new Date();
-// }
-//
-// /**
-// * Returns the publicAuthority.
-// * @return boolean
-// */
-// public boolean isPublicAuthority() {
-// return publicAuthority;
-// }
-//
-// /**
-// * Returns the publicAuthorityCode.
-// * @return String
-// */
-// public String getPublicAuthorityCode() {
-// return publicAuthorityCode;
-// }
-//
-// /**
-// * Returns the qualifiedCertificate.
-// * @return boolean
-// */
-// public boolean isQualifiedCertificate() {
-// return qualifiedCertificate;
-// }
-//
-// /**
-// * Returns the bPK.
-// * @return String
-// */
-// public String getBPK() {
-// return bPK;
-// }
-//
-// /**
-// * Sets the publicAuthority.
-// * @param publicAuthority The publicAuthority to set
-// */
-// public void setPublicAuthority(boolean publicAuthority) {
-// this.publicAuthority = publicAuthority;
-// }
-//
-// /**
-// * Sets the publicAuthorityCode.
-// * @param publicAuthorityIdentification The publicAuthorityCode to set
-// */
-// public void setPublicAuthorityCode(String publicAuthorityIdentification) {
-// this.publicAuthorityCode = publicAuthorityIdentification;
-// }
-//
-// /**
-// * Sets the qualifiedCertificate.
-// * @param qualifiedCertificate The qualifiedCertificate to set
-// */
-// public void setQualifiedCertificate(boolean qualifiedCertificate) {
-// this.qualifiedCertificate = qualifiedCertificate;
-// }
-//
-// /**
-// * Sets the bPK.
-// * @param bPK The bPK to set
-// */
-// public void setBPK(String bPK) {
-// this.bPK = bPK;
-// }
-//
-// /**
-// * Returns the dateOfBirth.
-// * @return String
-// */
-// public Date getDateOfBirth() {
-// return dateOfBirth;
-// }
-//
-// public String getFormatedDateOfBirth() {
-// DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
-// if (getDateOfBirth() != null)
-// return pvpDateFormat.format(getDateOfBirth());
-// else
-// return "2999-12-31";
-// }
-//
-// /**
-// * Returns the familyName.
-// * @return String
-// */
-// public String getFamilyName() {
-// return familyName;
-// }
-//
-// /**
-// * Returns the givenName.
-// * @return String
-// */
-// public String getGivenName() {
-// return givenName;
-// }
-//
-// /**
-// * Holds the baseID of a citizen
-// *
-// * @return baseID
-// */
-// public String getIdentificationValue() {
-// return identificationValue;
-// }
-//
-// /**
-// * Holds the type of the baseID
-// *
-// * @return baseID-Type
-// */
-// public String getIdentificationType() {
-// return identificationType;
-// }
-//
-// /**
-// * Returns the issueInstant.
-// * @return String
-// */
-// public String getIssueInstantString() {
-// return DateTimeUtils.buildDateTimeUTC(issueInstant);
-//
-// }
-//
-// /**
-// * Returns the issueInstant.
-// * @return String
-// */
-// public Date getIssueInstant() {
-// return issueInstant;
-//
-// }
-//
-// public void setIssueInstant(Date date) {
-// this.issueInstant = date;
-// }
-//
-// /**
-// * Returns the issuer.
-// * @return String
-// */
-// public String getIssuer() {
-// return issuer;
-// }
-//
-// /**
-// * Returns the BKU URL.
-// * @return String
-// */
-// public String getBkuURL() {
-// return bkuURL;
-// }
-//
-// /**
-// * Sets the dateOfBirth.
-// * @param dateOfBirth The dateOfBirth to set
-// */
-// public void setDateOfBirth(Date dateOfBirth) {
-// this.dateOfBirth = dateOfBirth;
-// }
-//
-// public void setDateOfBirth(String dateOfBirth) {
-// try {
-// if (MiscUtil.isNotEmpty(dateOfBirth)) {
-// DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
-// this.dateOfBirth = identityLinkFormat.parse(dateOfBirth);
-// }
-//
-// } catch (ParseException e) {
-// Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e);
-//
-// }
-// }
-//
-// /**
-// * Sets the familyName.
-// * @param familyName The familyName to set
-// */
-// public void setFamilyName(String familyName) {
-// this.familyName = familyName;
-// }
-//
-// /**
-// * Sets the givenName.
-// * @param givenName The givenName to set
-// */
-// public void setGivenName(String givenName) {
-// this.givenName = givenName;
-// }
-//
-// /**
-// * Sets the identificationValue.
-// * @param identificationValue The identificationValue to set
-// */
-// public void setIdentificationValue(String identificationValue) {
-// this.identificationValue = identificationValue;
-// }
-//
-// /**
-// * Sets the identificationType.
-// * @param identificationType The identificationType to set
-// */
-// public void setIdentificationType(String identificationType) {
-// this.identificationType = identificationType;
-// }
-//
-// /**
-// * Sets the issuer.
-// * @param issuer The issuer to set
-// */
-// public void setIssuer(String issuer) {
-// this.issuer = issuer;
-// }
-//
-// /**
-// * Sets the bkuURL
-// * @param url The BKU URL to set
-// */
-// public void setBkuURL(String url) {
-// this.bkuURL = url;
-// }
-//
-// public String getBPKType() {
-// return bPKType;
-// }
-//
-// public void setBPKType(String bPKType) {
-// this.bPKType = bPKType;
-// }
-//
-
-//
-//
-
-//
-//
-// public String getEIDASQAALevel() {
-// if (this.QAALevel != null &&
-// this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
-// String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel);
-// if (MiscUtil.isNotEmpty(mappedQAA))
-// return mappedQAA;
-//
-// else {
-// Logger.error("STORK QAA-level:" + this.QAALevel
-// + " can not be mapped to eIDAS QAA-level! Use "
-// + PVPConstants.EIDAS_QAA_LOW + " as default value.");
-// return PVPConstants.EIDAS_QAA_LOW;
-//
-// }
-//
-//
-// } else
-// return this.QAALevel;
-//
-// }
-//
-//
-// /**
-// * @return
-// */
-// public boolean isForeigner() {
-// return this.foreigner;
-// }
-//
-//
-// /**
-// * @param foreigner the foreigner to set
-// */
-// public void setForeigner(boolean foreigner) {
-// this.foreigner = foreigner;
-// }
-//
-//
-
-//
-// /**
-// * @return the ssoSession
-// */
-// public boolean isSsoSession() {
-// return ssoSession;
-// }
-//
-//
-// /**
-// * @param ssoSession the ssoSession to set
-// */
-// public void setSsoSession(boolean ssoSession) {
-// this.ssoSession = ssoSession;
-// }
-//
-// /**
-// * @return the mandateReferenceValue
-// */
-// public String getMandateReferenceValue() {
-// return mandateReferenceValue;
-// }
-//
-// /**
-// * @param mandateReferenceValue the mandateReferenceValue to set
-// */
-// public void setMandateReferenceValue(String mandateReferenceValue) {
-// this.mandateReferenceValue = mandateReferenceValue;
-// }
-//
-// /**
-// * CountryCode of the citizen which is identified and authenticated
-// *
-// * @return the CountryCode <pre>like. AT, SI, ...</pre>
-// */
-// public String getCcc() {
-// return ccc;
-// }
-//
-// /**
-// * @param ccc the ccc to set
-// */
-// public void setCcc(String ccc) {
-// this.ccc = ccc;
-// }
-//
-// /**
-// * @return the sessionIndex
-// */
-// public String getSessionIndex() {
-// return sessionIndex;
-// }
-//
-// /**
-// * @param sessionIndex the sessionIndex to set
-// */
-// public void setSessionIndex(String sessionIndex) {
-// this.sessionIndex = sessionIndex;
-// }
-//
-// /* (non-Javadoc)
-// * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID()
-// */
-// @Override
-// public String getNameID() {
-// return this.nameID;
-// }
-//
-// /**
-// * @param nameID the nameID to set
-// */
-// public void setNameID(String nameID) {
-// this.nameID = nameID;
-// }
-//
-// /**
-// * @return the nameIDFormat
-// */
-// public String getNameIDFormat() {
-// return nameIDFormat;
-// }
-//
-// /**
-// * @param nameIDFormat the nameIDFormat to set
-// */
-// public void setNameIDFormat(String nameIDFormat) {
-// this.nameIDFormat = nameIDFormat;
-// }
-//
-//// /**
-//// * @return the interfederatedSSOSession
-//// */
-//// public boolean isInterfederatedSSOSession() {
-//// return interfederatedSSOSession;
-//// }
-////
-//// /**
-//// * @param interfederatedSSOSession the interfederatedSSOSession to set
-//// */
-//// public void setInterfederatedSSOSession(boolean interfederatedSSOSession) {
-//// this.interfederatedSSOSession = interfederatedSSOSession;
-//// }
-////
-//// /**
-//// * @return the interfederatedIDP
-//// */
-//// public String getInterfederatedIDP() {
-//// return interfederatedIDP;
-//// }
-////
-//// /**
-//// * @param interfederatedIDP the interfederatedIDP to set
-//// */
-//// public void setInterfederatedIDP(String interfederatedIDP) {
-//// this.interfederatedIDP = interfederatedIDP;
-//// }
-//
-// /**
-// * @return the ssoSessionValidTo
-// */
-// public Date getSsoSessionValidTo() {
-// return ssoSessionValidTo;
-// }
-//
-// /**
-// * @param ssoSessionValidTo the ssoSessionValidTo to set
-// */
-// public void setSsoSessionValidTo(Date ssoSessionValidTo) {
-// this.ssoSessionValidTo = ssoSessionValidTo;
-// }
-//
-// /**
-// * @return the encbPKList
-// */
-// public List<String> getEncbPKList() {
-// return encbPKList;
-// }
-//
-// /**
-// * @param encbPKList the encbPKList to set
-// */
-// public void setEncbPKList(List<String> encbPKList) {
-// this.encbPKList = encbPKList;
-// }
-//
-// /**
-// * @return the roles
-// */
-// public List<AuthenticationRole> getAuthenticationRoles() {
-//// if (this.roles == null) {
-//// this.roles = new ArrayList<AuthenticationRole>();
-//// this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole"));
-//// this.roles.add(new AuthenticationRole("yypvprole", "yypvprole"));
-//// }
-//
-// return roles;
-// }
-//
-// //ISA 1.18 attributes
-// /**
-// * @param roles the roles to set
-// */
-// public void addAuthenticationRole(AuthenticationRole role) {
-// if (this.roles == null)
-// this.roles = new ArrayList<AuthenticationRole>();
-//
-// this.roles.add(role);
-// }
-//
-// /**
-// * @return the pvpAttribute_OU
-// */
-// public String getPvpAttribute_OU() {
-// return pvpAttribute_OU;
-// }
-//
-// /**
-// * @param pvpAttribute_OU the pvpAttribute_OU to set
-// */
-// public void setPvpAttribute_OU(String pvpAttribute_OU) {
-// this.pvpAttribute_OU = pvpAttribute_OU;
-// }
-//
-// /* (non-Javadoc)
-// * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService()
-// */
-// @Override
-// public boolean isBaseIDTransferRestrication() {
-// return isBaseIDTransferRestrication;
-// }
-//
-// /**
-// * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set
-// */
-// public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) {
-// this.isBaseIDTransferRestrication = isBaseIDTransferRestrication;
-// }
-//
-// /**
-// * Returns a generic data-object with is stored with a specific identifier
-// *
-// * @param key The specific identifier of the data object
-// * @param clazz The class type which is stored with this key
-// * @return The data object or null if no data is found with this key
-// */
-// public <T> T getGenericData(String key, final Class<T> clazz) {
-// if (MiscUtil.isNotEmpty(key)) {
-// Object data = genericDataStorate.get(key);
-//
-// if (data == null)
-// return null;
-//
-// try {
-// @SuppressWarnings("unchecked")
-// T test = (T) data;
-// return test;
-//
-// } catch (Exception e) {
-// Logger.warn("Generic authentication-data object can not be casted to requsted type", e);
-// return null;
-//
-// }
-//
-// }
-//
-// Logger.warn("Can not load generic session-data with key='null'");
-// return null;
-//
-// }
-//
-// /**
-// * Store a generic data-object to session with a specific identifier
-// *
-// * @param key Identifier for this data-object
-// * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
-// * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
-// */
-// public void setGenericData(String key, Object object) throws SessionDataStorageException {
-// if (MiscUtil.isEmpty(key)) {
-// Logger.warn("Generic session-data can not be stored with a 'null' key");
-// throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null);
-//
-// }
-//
-// if (object != null) {
-// if (!Serializable.class.isInstance(object)) {
-// Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface");
-// throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null);
-//
-// }
-// }
-//
-// if (genericDataStorate.containsKey(key))
-// Logger.debug("Overwrite generic data with key:" + key);
-// else
-// Logger.trace("Add generic data with key:" + key + " to session.");
-//
-// genericDataStorate.put(key, object);
-// }
+
+
+ public boolean isIseIDNewDemoMode() {
+ return iseIDNewDemoMode;
+ }
+
+ /**
+ * Set eID demo-mode into AuthData
+ * @param iseIDNewDemoMode true if it is in demo-mode, otherwise false
+ */
+ public void setIseIDNewDemoMode(boolean iseIDNewDemoMode) {
+ this.iseIDNewDemoMode = iseIDNewDemoMode;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java
new file mode 100644
index 000000000..ec8c7629f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java
@@ -0,0 +1,52 @@
+
+package at.gv.egovernment.moa.id.protocols.builder.attributes;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+
+@PVPMETADATA
+public class BPKListAttributeBuilder extends BPKAttributeBuilder implements IPVPAttributeBuilder {
+
+ private static final Logger log = LoggerFactory.getLogger(BPKListAttributeBuilder.class);
+
+ protected static final String DELIMITER_BPK_LIST = ";";
+
+ public String getName() {
+ return BPK_LIST_NAME;
+ }
+
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+ String result = getBpkForSP(authData);
+
+ //add additional bPKs if someone are available
+ if (authData.getAdditionalbPKs() != null && !authData.getAdditionalbPKs().isEmpty()) {
+ log.info("Adding additional bPKs into bPK attribute");
+ for (Pair<String, String> el : authData.getAdditionalbPKs()) {
+ result += DELIMITER_BPK_LIST
+ + removeBpkTypePrefix(el.getSecond())
+ + DELIMITER_BPKTYPE_BPK
+ + attrMaxSize(el.getFirst());
+
+ }
+ log.trace("Authenticate user with bPK-List: " + result);
+ }
+
+ log.trace("Authenticate user with bPK/wbPK: " + result);
+ return g.buildStringAttribute(BPK_LIST_FRIENDLY_NAME, BPK_LIST_NAME, result);
+ }
+
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(BPK_LIST_FRIENDLY_NAME, BPK_LIST_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
index 139bb15cc..a1a5825b3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
@@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
+@Deprecated
@PVPMETADATA
public class EIDAuthBlock implements IPVPAttributeBuilder {
@@ -49,6 +50,13 @@ public class EIDAuthBlock implements IPVPAttributeBuilder {
try {
if (authData instanceof IMOAAuthData) {
+
+ if (((IMOAAuthData)authData).isIseIDNewDemoMode()) {
+ Logger.info(EID_AUTH_BLOCK_FRIENDLY_NAME + " is NOT available in Austrian eID demo-mode");
+ throw new UnavailableAttributeException(EID_AUTH_BLOCK_NAME);
+
+ }
+
String authblock = ((IMOAAuthData)authData).getAuthBlock();
if (MiscUtil.isNotEmpty(authblock)) {
return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
index a40c0fefb..fb101467a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -48,8 +48,16 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if (authData instanceof IMOAAuthData) {
+ if (authData instanceof IMOAAuthData) {
if (((IMOAAuthData)authData).isUseMandate()) {
+
+ if (((IMOAAuthData)authData).isIseIDNewDemoMode()) {
+ Logger.info(MANDATE_FULL_MANDATE_FRIENDLY_NAME + " is NOT available in Austrian eID demo-mode");
+ return null;
+
+ }
+
+
//only provide full mandate if it is included.
//In case of federation only a short mandate could be include
if (((IMOAAuthData)authData).getMandate() != null) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java
index e3b58d259..5daa71b1f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java
@@ -20,7 +20,7 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
-package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+package at.gv.egovernment.moa.id.protocols.builder.attributes;
import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
@@ -28,7 +28,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
* @author tlenz
*
*/
-public class SimpleEidasAttributeGenerator implements IAttributeGenerator<String> {
+public class SimpleStringAttributeGenerator implements IAttributeGenerator<String> {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildStringAttribute(java.lang.String, java.lang.String, java.lang.String)
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
index 14d4d9fb6..b4e62a344 100644
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -20,3 +20,4 @@ at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttri
at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder
at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeOIDAttributeBuilder
at.gv.egovernment.moa.id.protocols.builder.attributes.HolderOfKey
+at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java
index 61e765f55..bcbabae5b 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java
@@ -346,5 +346,11 @@ public class DummyOAConfig implements IOAAuthParameters {
public void setHasBaseIdTransferRestriction(boolean hasBaseIdTransferRestriction) {
this.hasBaseIdTransferRestriction = hasBaseIdTransferRestriction;
}
+
+ @Override
+ public List<String> additionalbPKSectorsRequested() {
+ // TODO Auto-generated method stub
+ return null;
+ }
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
index 5df4a4163..00b39daec 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
@@ -22,7 +22,6 @@
*/
package at.gv.egovernment.moa.id.commons.api;
-import java.io.Serializable;
import java.security.PrivateKey;
import java.util.Collection;
import java.util.List;
@@ -235,4 +234,15 @@ public interface IOAAuthParameters extends ISPConfiguration{
*/
public List<String> foreignbPKSectorsRequested();
+
+ /**
+ * Get a List of sectors for that this service provider requires additional unencrypted bPKs
+ *
+ * @return list of sectors, or null if no sectors are defined
+ */
+ public List<String> additionalbPKSectorsRequested();
+
+
+
+
} \ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
index 4555f61d2..4adff7f19 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
@@ -176,12 +176,25 @@ public class ConfigurationMigrationUtils {
}
}
+ //Austrian eID demo-mode
+ if (oa.getIseIDDemoModeActive() != null)
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, oa.getIseIDDemoModeActive().toString());
+ else
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, Boolean.FALSE.toString());
+
if (MiscUtil.isNotEmpty(oa.getForeignbPKTargetList()))
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, oa.getForeignbPKTargetList());
else
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, StringUtils.EMPTY);
-
+ if (MiscUtil.isNotEmpty(oa.getAdditionalbPKTargetList()))
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS, oa.getAdditionalbPKTargetList());
+ else
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS, StringUtils.EMPTY);
+
+
+
+
//convert selected SZR-GW service
if (MiscUtil.isNotEmpty(oa.getSelectedSZRGWServiceURL()))
result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL, oa.getSelectedSZRGWServiceURL());
@@ -857,9 +870,19 @@ public class ConfigurationMigrationUtils {
}
}
+ //Austrian eID demo-mode
+ if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE)))
+ dbOA.setIseIDDemoModeActive(Boolean.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE)));
+ else
+ dbOA.setIseIDDemoModeActive(false);
+
if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN)))
dbOA.setForeignbPKTargetList(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN));
+ if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS)))
+ dbOA.setAdditionalbPKTargetList(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS));
+
+
//store BKU-URLs
BKUURLS bkuruls = new BKUURLS();
authoa.setBKUURLS(bkuruls);
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
index a6315fe2c..1be97c49d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
@@ -64,6 +64,8 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants {
public static final String SERVICE_AUTH_TARGET_BUSINESS_TYPE = SERVICE_AUTH_TARGET_BUSINESS + ".type";
public static final String SERVICE_AUTH_TARGET_BUSINESS_VALUE = SERVICE_AUTH_TARGET_BUSINESS + ".value";
public static final String SERVICE_AUTH_TARGET_FOREIGN = SERVICE_AUTH_TARGET + ".foreign";
+ public static final String SERVICE_AUTH_TARGET_ADDITIONAL_BPKS = SERVICE_AUTH_TARGET + ".additionalbPKs";
+ public static final String SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE = AUTH + ".austrianeIDdemomode";
public static final String SERVICE_AUTH_TARGET_PUBLIC_TARGET = SERVICE_AUTH_TARGET_PUBLIC + ".target";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
index e37873a72..510fd0581 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
@@ -115,10 +115,15 @@ public class OnlineApplication
@XmlTransient
protected String mandateServiceSelectionTemplateURL = null;
- @XmlTransient
+ @XmlTransient
protected String foreignbPKTargetList = null;
+ @XmlTransient
+ protected String additionalbPKTargetList = null;
+ @XmlTransient
+ protected Boolean iseIDDemoModeActive = false;
+
public String getForeignbPKTargetList() {
return foreignbPKTargetList;
@@ -128,6 +133,25 @@ public class OnlineApplication
this.foreignbPKTargetList = foreignbPKTargetList;
}
+
+
+
+ public String getAdditionalbPKTargetList() {
+ return additionalbPKTargetList;
+ }
+
+ public void setAdditionalbPKTargetList(String additionalbPKTargetList) {
+ this.additionalbPKTargetList = additionalbPKTargetList;
+ }
+
+ public Boolean getIseIDDemoModeActive() {
+ return iseIDDemoModeActive;
+ }
+
+ public void setIseIDDemoModeActive(Boolean iseIDDemoModeActive) {
+ this.iseIDDemoModeActive = iseIDDemoModeActive;
+ }
+
/**
* @return the saml2PostBindingTemplateURL
*/
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
index bf0e09c62..d2323d161 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
@@ -38,6 +38,7 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
import at.gv.egovernment.moa.logging.Logger;
@@ -53,7 +54,7 @@ import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
*
*/
public class eIDASAttributeBuilder extends PVPAttributeBuilder {
- private static IAttributeGenerator<String> generator = new SimpleEidasAttributeGenerator();
+ private static IAttributeGenerator<String> generator = new SimpleStringAttributeGenerator();
private static List<String> listOfSupportedeIDASAttributes;
private static ServiceLoader<IeIDASAttribute> eIDASAttributLoader =
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index 19fdb3fee..8e9d1e4f5 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -44,11 +44,13 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN;
import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType;
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder;
@@ -95,8 +97,9 @@ public final class OAuth20AttributeBuilder {
private static final List<IAttributeBuilder> buildersProfile = new ArrayList<IAttributeBuilder>();
private static final List<IAttributeBuilder> buildersEID = new ArrayList<IAttributeBuilder>();
private static final List<IAttributeBuilder> buildersEIDGov = new ArrayList<IAttributeBuilder>();
- private static final List<IAttributeBuilder> buildersMandate = new ArrayList<IAttributeBuilder>();
- private static final List<IAttributeBuilder> buildersSTORK = new ArrayList<IAttributeBuilder>();
+ private static final List<IAttributeBuilder> buildersMandate = new ArrayList<IAttributeBuilder>();
+ @Deprecated private static final List<IAttributeBuilder> buildersSTORK = new ArrayList<IAttributeBuilder>();
+
static {
// openId
buildersOpenId.add(new OpenIdIssuerAttribute());
@@ -120,11 +123,14 @@ public final class OAuth20AttributeBuilder {
buildersEID.add(new EIDAuthBlock());
buildersEID.add(new EIDSignerCertificate());
buildersEID.add(new BPKAttributeBuilder());
+ buildersEID.add(new BPKListAttributeBuilder());
+ buildersEID.add(new EncryptedBPKAttributeBuilder());
// eID_gov
buildersEIDGov.add(new EIDSourcePIN());
buildersEIDGov.add(new EIDSourcePINType());
buildersEIDGov.add(new EIDIdentityLinkBuilder());
+ buildersEIDGov.add(new BPKListAttributeBuilder());
// mandate
buildersMandate.add(new MandateTypeAttributeBuilder());
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java
index 69e3e7995..0d6086118 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java
@@ -323,4 +323,10 @@ public class DummyOA implements IOAAuthParameters {
return false;
}
+ @Override
+ public List<String> additionalbPKSectorsRequested() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
index 044366eb6..02577c110 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
@@ -29,6 +29,7 @@ import java.util.List;
import org.w3c.dom.Element;
import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
@@ -374,5 +375,17 @@ public class SSOTransferAuthenticationData implements IMOAAuthData {
return false;
}
+ @Override
+ public List<Pair<String, String>> getAdditionalbPKs() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isIseIDNewDemoMode() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
index c9bccb708..9e7a4fe8c 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
@@ -482,4 +482,10 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters {
return null;
}
+ @Override
+ public List<String> additionalbPKSectorsRequested() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
}
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index c8f01f67d..23d214d3e 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -71,7 +71,11 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -338,7 +342,39 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
}
-
+
+ //add additional bPKs and foreign bPKs in case of Austrian eID demo-mode
+ if (Boolean.parseBoolean(
+ oaParam.getConfigurationValue(
+ MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE,
+ String.valueOf(false)))) {
+ Logger.info("Demo-mode for 'New Austrian eID' is active. Add additonal attributes ... ");
+
+ if (oaAttributes == null)
+ oaAttributes = new ArrayList<ExtendedSAMLAttribute>();
+
+ String additionalBpks = new BPKListAttributeBuilder().build(
+ oaParam,
+ authData,
+ new SimpleStringAttributeGenerator());
+ Logger.trace("Adding additional bPKs: " + additionalBpks + " as attribute into SAML1 assertion ... ");
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ PVPAttributeDefinitions.BPK_LIST_FRIENDLY_NAME, additionalBpks,
+ Constants.MOA_NS_URI,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ String encryptedBpks = new EncryptedBPKAttributeBuilder().build(
+ oaParam,
+ authData,
+ new SimpleStringAttributeGenerator());
+ Logger.trace("Adding foreign bPKs: " + encryptedBpks + " as attribute into SAML1 assertion ... ");
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME, encryptedBpks,
+ Constants.MOA_NS_URI,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ }
+
String samlAssertion = null;
//add mandate info's
if (authData.isUseMandate()) {