first tests with PVP2 S-Profil and SAML1

10 files changed, 136 insertions, 38 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index 322686c21..e630455b4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -251,13 +251,11 @@ public class MOAReversionLogger implements IRevisionLogger {
 	
 	private List<Integer> selectOASpecificEventCodes(ISPConfiguration oaConfig) {
 		List<Integer> OASpecificEventCodes = null;
-		if (oaConfig != null && oaConfig instanceof IOAAuthParameters) {
-			if (((IOAAuthParameters)oaConfig).getReversionsLoggingEventCodes() != null)
-				OASpecificEventCodes = ((IOAAuthParameters)oaConfig).getReversionsLoggingEventCodes();
+		if (oaConfig != null && oaConfig instanceof IOAAuthParameters && 
+				((IOAAuthParameters)oaConfig).getReversionsLoggingEventCodes() != null) {
+			OASpecificEventCodes = ((IOAAuthParameters)oaConfig).getReversionsLoggingEventCodes();
 			
-		}
-		
-		else
+		} else
 			OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes();
 		
 		return OASpecificEventCodes;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index a0a34336c..d5328618a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -16,6 +16,7 @@ import org.springframework.transaction.annotation.Transactional;
 
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.idp.conf.SPConfigurationImpl;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -1254,9 +1255,54 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 
 
 	@Override
-	public String validateIDPURL(URL arg0) {
-		// TODO Auto-generated method stub
-		return null;
+	public String validateIDPURL(URL requestedURL) throws EAAFException{
+		List<String> configuredPublicURLPrefix = getPublicURLPrefix();
+		
+		if (!isVirtualIDPsEnabled()) {
+			Logger.trace("Virtual IDPs are disabled. Use default IDP PublicURLPrefix from configuration: " + configuredPublicURLPrefix.get(0));
+			return configuredPublicURLPrefix.get(0); 
+			
+		} else {
+			Logger.debug("Extract AuthenticationServiceURL: " + requestedURL);
+			URL resultURL = null;
+			
+			for (String el : configuredPublicURLPrefix) {
+				try {
+					URL configuredURL = new URL(el);
+
+					//get Ports from URL
+					int configPort = configuredURL.getPort();					
+					if (configPort == -1)
+						configPort = configuredURL.getDefaultPort();
+					
+					int authURLPort = requestedURL.getPort();
+					if (authURLPort == -1)
+						authURLPort = requestedURL.getDefaultPort();
+					
+					//check AuthURL against ConfigurationURL
+					if (configuredURL.getHost().equals(requestedURL.getHost()) &&
+							configPort == authURLPort &&
+							configuredURL.getPath().equals(requestedURL.getPath())) {
+						Logger.debug("Select configurated PublicURLPrefix: " + configuredURL 
+								+ " for authURL: " + requestedURL);
+						resultURL = configuredURL;
+					}
+					
+				} catch (MalformedURLException e) {
+					Logger.error("Configurated IDP PublicURLPrefix is not a valid URL." + el);
+					
+				}				
+			}
+			
+			if (resultURL == null) {
+				Logger.warn("Extract AuthenticationServiceURL: " + requestedURL + " is NOT found in configuration.");
+				throw new ConfigurationException("config.25", new Object[]{requestedURL});
+				
+			} else {
+				return resultURL.toExternalForm();
+				
+			}					
+		}
 	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index c05a271f6..72b350991 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -35,10 +35,8 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
-import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.AbstractAuthenticationManager;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
@@ -54,8 +52,6 @@ import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -73,16 +69,8 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 	public static final String MOA_SESSION = "MoaAuthenticationSession";
 	public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
 
-	
-	
-
-	@Autowired private ITransactionStorage transactionStorage;
-	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
-	
-	@Autowired private SingleLogOutBuilder sloBuilder;
-	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
-	@Autowired private IGUIFormBuilder guiBuilder;
-	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
+	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;	
+	@Autowired private SingleLogOutBuilder sloBuilder;;
 	
 	
 	@Override
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java
new file mode 100644
index 000000000..2c0a9fe74
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java
@@ -0,0 +1,76 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.builder.attributes;
+
+import java.io.IOException;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.util.Base64Utils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+
+
+
+public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder {
+	private static final Logger log = LoggerFactory.getLogger(EIDIdentityLinkBuilder.class);
+	
+	
+	public String getName() {
+		return EID_IDENTITY_LINK_NAME;
+	}
+
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+		try {
+			String ilAssertion = null;			
+			if (authData instanceof IMOAAuthData 
+					&&  ((IMOAAuthData)authData).getIdentityLink() == null)
+				throw new UnavailableAttributeException(EID_IDENTITY_LINK_NAME);
+			
+			ilAssertion = ((IMOAAuthData)authData).getIdentityLink().getSerializedSamlAssertion();
+			
+			return g.buildStringAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
+					EID_IDENTITY_LINK_NAME, Base64Utils.encodeToString(ilAssertion.getBytes("UTF-8")));
+			
+			
+		} catch (IOException e) {
+			log.warn("IdentityLink serialization error.", e);
+			return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
+					EID_IDENTITY_LINK_NAME);
+		}
+		
+	}
+
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
+				EID_IDENTITY_LINK_NAME);
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 591aaa7cc..176b1af43 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -152,7 +152,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 		
 		//create pendingRequest object
 		PVPTargetConfiguration pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
-		pendingReq.initialize(req);
+		pendingReq.initialize(req, authConfig);
 		pendingReq.setModule(NAME);
 		
 		revisionsLogger.logEvent(
@@ -181,7 +181,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 		try {
 			//create pendingRequest object
 			pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
-			pendingReq.initialize(req);
+			pendingReq.initialize(req, authConfig);
 			pendingReq.setModule(NAME);
 			
 			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
@@ -253,7 +253,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 		try {
 			//create pendingRequest object
 			pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
-			pendingReq.initialize(req);
+			pendingReq.initialize(req, authConfig);
 			pendingReq.setModule(NAME);
 			
 			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
@@ -329,7 +329,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 		try {
 			//create pendingRequest object
 			pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
-			pendingReq.initialize(req);
+			pendingReq.initialize(req, authConfig);
 			pendingReq.setModule(NAME);
 			
 			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
index 95a2d8715..279d88860 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -22,15 +22,10 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x;
 
-import javax.servlet.http.HttpServletRequest;
-
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
 
@@ -38,7 +33,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
 @Scope(value = BeanDefinition.SCOPE_PROTOTYPE)
 public class PVPTargetConfiguration extends RequestImpl {
 
-	@Autowired(required=true) IConfiguration authConfig;
 	
 	public static final String DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP = "useMinimalFrontChannelResponse";
 	public static final String DATAID_INTERFEDERATION_NAMEID = "federatedNameID";
@@ -53,12 +47,7 @@ public class PVPTargetConfiguration extends RequestImpl {
 	InboundMessage request;
 	String binding;
 	String consumerURL;
-	
-	public void initialize(HttpServletRequest req) throws EAAFException {
-		super.initialize(req, authConfig);
 		
-	}
-	
 	public InboundMessage getRequest() {
 		return request;
 	}
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
index 14d4d9fb6..a1fd81eb2 100644
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -1,3 +1,4 @@
+at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIdentityLinkBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule
index 5116c2a08..5116c2a08 100644
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule
index e628fbd1b..e628fbd1b 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
index 3c11c725d..3c11c725d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder