aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-07-06 21:07:07 +0200
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-07-06 21:07:07 +0200
commit82ac1e7f41182a976d2c734a898936767c987cc8 (patch)
tree14f81adb562e1b58e3e7cf373d3001edda760bf2 /id
parent7f91f749dbd2e38a692f7fd4923c8dd5dadd57c8 (diff)
downloadmoa-id-spss-82ac1e7f41182a976d2c734a898936767c987cc8.tar.gz
moa-id-spss-82ac1e7f41182a976d2c734a898936767c987cc8.tar.bz2
moa-id-spss-82ac1e7f41182a976d2c734a898936767c987cc8.zip
update SP-Identifier for Applikation-Register communication to combination of MOA EntityID and PublicUrlPrefix to make applications unique on AppReg side
Diffstat (limited to 'id')
-rw-r--r--id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthConstants.java4
-rw-r--r--id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EidAppRegIdentifierGenerationController.java113
-rw-r--r--id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/CreateAuthnRequestTask.java3
-rw-r--r--id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/Utils.java18
-rw-r--r--id/server/modules/moa-id-module-E-ID_connector/src/main/resources/moaid_EID_connector.beans.xml5
-rw-r--r--id/server/modules/moa-id-module-E-ID_connector/src/main/resources/templates/appreg_id_generator.html44
6 files changed, 185 insertions, 2 deletions
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthConstants.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthConstants.java
index b057ecaf8..1791c1caf 100644
--- a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthConstants.java
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthConstants.java
@@ -45,6 +45,7 @@ public class EIDProxyAuthConstants {
public static final String ENDPOINT_POST = "/sp/eid/post";
public static final String ENDPOINT_REDIRECT = "/sp/eid/redirect";
public static final String ENDPOINT_METADATA = "/sp/eid/metadata";
+ public static final String ENDPOINT_APPREG_INFO = "/eid/getappregid";
public static final String CONFIG_PROPS_PREFIX = "modules.eidproxyauth.";
public static final String CONFIG_PROPS_KEYSTORE = CONFIG_PROPS_PREFIX + "keystore.path";
@@ -61,6 +62,9 @@ public class EIDProxyAuthConstants {
public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX + "required.additional.attributes";
public static final String CONFIG_PROPS_DISABLE_PROCESS_ENFORCEMENT = CONFIG_PROPS_PREFIX + "enforce.process.disabled";
+ public static final String CONFIG_PROPS_ENABLE_APPREG_IDENTIFIER_GENERATION_ENDPOINT =
+ CONFIG_PROPS_PREFIX + "endpoint.appreginfo.enable";
+
public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EAAFConstants.EIDAS_LOA_HIGH;
public static final List<Trible<String, String, Boolean>> DEFAULT_REQUIRED_PVP_ATTRIBUTES =
Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EidAppRegIdentifierGenerationController.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EidAppRegIdentifierGenerationController.java
new file mode 100644
index 000000000..091feb7fc
--- /dev/null
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EidAppRegIdentifierGenerationController.java
@@ -0,0 +1,113 @@
+package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.controller;
+
+import java.io.IOException;
+import java.net.URL;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.Utils;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+@Controller
+public class EidAppRegIdentifierGenerationController extends AbstractController {
+
+ private static final String GUI_TEMPLATE_APPREG_ID = "appreg_id_generator.html";
+
+ @Autowired IGUIFormBuilder guiBuilder;
+
+
+ @RequestMapping(value = EIDProxyAuthConstants.ENDPOINT_APPREG_INFO,
+ method = {RequestMethod.GET})
+ public void getAppRegSpId(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException {
+ if (!authConfig.getBasicConfigurationBoolean(
+ EIDProxyAuthConstants.CONFIG_PROPS_ENABLE_APPREG_IDENTIFIER_GENERATION_ENDPOINT, true)) {
+ Logger.info("Endpoint: " + EIDProxyAuthConstants.ENDPOINT_APPREG_INFO + " DISABLED!");
+ resp.setStatus(HttpStatus.FORBIDDEN.value());
+ return;
+
+ }
+
+ String authUrl;
+ DefaultGUIFormBuilderConfiguration config;
+ try {
+ String authUrlString = HTTPUtils.extractAuthURLFromRequest(req);
+ URL authReqURL = new URL(authUrlString);
+ authUrl = authConfig.validateIDPURL(authReqURL);
+ config = new DefaultGUIFormBuilderConfiguration(
+ authUrl,
+ GUI_TEMPLATE_APPREG_ID,
+ null);
+
+ } catch (Exception e) {
+ Logger.warn("Bad request on: " + EIDProxyAuthConstants.ENDPOINT_APPREG_INFO, e);
+ resp.setStatus(HttpStatus.BAD_REQUEST.value());
+ resp.getWriter().write(e.getMessage());
+ return;
+
+ }
+
+
+ try {
+ String oaURL = req.getParameter(MOAIDAuthConstants.PARAM_OA);
+ if (MiscUtil.isEmpty(oaURL)) {
+ Logger.info("Receive OA parameter in SAML1 like request. Can not generate AppReg Identifier");
+ throw new WrongParametersException(EIDProxyAuthConstants.ENDPOINT_APPREG_INFO, MOAIDAuthConstants.PARAM_OA,
+ "auth.12");
+
+ }
+
+ if (!ParamValidatorUtils.isValidOA(oaURL))
+ throw new WrongParametersException(EIDProxyAuthConstants.ENDPOINT_APPREG_INFO, MOAIDAuthConstants.PARAM_OA,
+ "auth.12");
+
+ IOAAuthParameters oaParam = authConfig.getServiceProviderConfiguration(oaURL, IOAAuthParameters.class);
+ if (oaParam == null) {
+ Logger.info("No configuration for application with ID: " + oaURL);
+ throw new InvalidProtocolRequestException("auth.00",new Object[] { null });
+
+ }
+
+ String appRegId = Utils.getEidSystemApplicationId(oaParam, authUrl);
+ config.putCustomParameterWithOutEscaption(null, "appregId", appRegId);
+ guiBuilder.build(req, resp, config, "AppReg Id generation GUI");
+
+
+ } catch (Exception e) {
+ Logger.warn("Can not build AppReg Identifier", e);
+ config.putCustomParameterWithOutEscaption(null, "error", e.getMessage());
+ try {
+ guiBuilder.build(req, resp, config, "AppReg Id generation GUI");
+
+ } catch (GUIBuildException e1) {
+ Logger.error("Internal server error", e);
+ resp.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
+
+ }
+
+ }
+
+
+ }
+
+
+}
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/CreateAuthnRequestTask.java
index 38a7c4add..177103051 100644
--- a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/CreateAuthnRequestTask.java
@@ -112,7 +112,8 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
authnReqConfig.setPassive(false);
authnReqConfig.setSignCred(credential.getIDPAssertionSigningCredential());
authnReqConfig.setSPEntityID(pendingReq.getAuthURL() + EIDProxyAuthConstants.ENDPOINT_METADATA);
- authnReqConfig.setScopeRequesterId(pendingReq.getServiceProviderConfiguration().getUniqueIdentifier());
+ authnReqConfig.setScopeRequesterId(
+ Utils.getEidSystemApplicationId(pendingReq.getServiceProviderConfiguration(), pendingReq.getAuthURL()));
//build and transmit AuthnRequest
authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response);
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/Utils.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/Utils.java
index cd578d373..fefd3ec73 100644
--- a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/Utils.java
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/Utils.java
@@ -14,6 +14,24 @@ import at.gv.egovernment.moa.logging.Logger;
public class Utils {
+ public static final String PARAM_APPREG_SP_ID = "?sp=";
+
+ public static String getEidSystemApplicationId(ISPConfiguration spConfiguration, String authUrl) {
+ StringBuilder builder = new StringBuilder();
+ if (authUrl.endsWith("/")) {
+ builder.append(authUrl.substring(0, authUrl.length() - 1));
+
+ } else {
+ builder.append(authUrl);
+
+ }
+ builder.append(EIDProxyAuthConstants.ENDPOINT_METADATA);
+ builder.append(PARAM_APPREG_SP_ID);
+ builder.append(spConfiguration.getUniqueIdentifier());
+ return builder.toString();
+
+ }
+
public static String getEIDSystemEntityId(ISPConfiguration spConfiguration, IConfiguration authConfig) {
//load from service-provider configuration
String msNodeEntityID = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_EID_SYSTEM_SERVICE_URL);
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/moaid_EID_connector.beans.xml b/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/moaid_EID_connector.beans.xml
index d5d255680..f357374cb 100644
--- a/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/moaid_EID_connector.beans.xml
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/moaid_EID_connector.beans.xml
@@ -14,8 +14,11 @@
<bean id="EidAuthCredentialProvider"
class="at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.EIDAuthCredentialProvider"/>
+ <bean id="appRegIdGenerationController"
+ class="at.gv.egovernment.moa.id.auth.modules.eidproxyauth.controller.EidAppRegIdentifierGenerationController" />
+
<bean id="EidAuthMetadataController"
- class="at.gv.egovernment.moa.id.auth.modules.eidproxyauth.controller.EIDAuthMetadataController"/>
+ class="at.gv.egovernment.moa.id.auth.modules.eidproxyauth.controller.EIDAuthMetadataController"/>
<bean id="EidAuthModuleImpl"
class="at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthModuleImpl">
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/templates/appreg_id_generator.html b/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/templates/appreg_id_generator.html
new file mode 100644
index 000000000..d214d7663
--- /dev/null
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/templates/appreg_id_generator.html
@@ -0,0 +1,44 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+ <!-- MOA-ID 2.x BKUSelection Layout CSS -->
+ <link rel="stylesheet" href="$contextPath/css/buildCSS" />
+
+ <title>Application Id for Application-Register </title>
+</head>
+
+
+<body>
+ <div id="page">
+
+ <div id="page1" class="case selected-case" role="main">
+
+ <div id="main">
+
+ <div id="leftcontent" class="hell">
+ <div id="bku_header" class="dunkel">
+ <h2 id="tabheader" class="dunkel" role="heading">
+ Unique Identifier for Application-Register registration:
+ </h2>
+ </div>
+
+ #if($error)
+ <div>
+ <p><b>Error:</b> $error</p>
+ </div>
+ #end
+
+ #if($appregId)
+ <div id="selectArea" class="hell" role="application">
+ <p><b>Unique AppReg Id:</b> $appregId</p>
+ </div>
+ #end
+
+ </div>
+
+ </div>
+ </div>
+ </div>
+</body>
+</html>