aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2019-05-29 14:04:44 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2019-05-29 14:04:44 +0200
commit66859cd53d4181350525e91c4d35071932675ca7 (patch)
tree532e90fcee21d7de33a3cc5530444b01169a5634 /id
parentac531e30d13d6714e2ac61f7329e6adc130aa288 (diff)
downloadmoa-id-spss-66859cd53d4181350525e91c4d35071932675ca7.tar.gz
moa-id-spss-66859cd53d4181350525e91c4d35071932675ca7.tar.bz2
moa-id-spss-66859cd53d4181350525e91c4d35071932675ca7.zip
refactoring from MOA-ID 3.4.x to MOA E-ID Proxy 4.0.x
Diffstat (limited to 'id')
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java5
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java320
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java63
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java17
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java6
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java598
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java42
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java7
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java421
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java8
-rw-r--r--id/ConfigWebTool/src/main/resources/applicationResources_de.properties9
-rw-r--r--id/ConfigWebTool/src/main/resources/applicationResources_en.properties9
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp524
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp55
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp24
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp40
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp12
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java87
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java19
-rw-r--r--id/server/auth-final/pom.xml4
-rw-r--r--id/server/idserverlib/pom.xml19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java4
-rw-r--r--id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule1
-rw-r--r--id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml26
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties2
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java12
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java19
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java7
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java14
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java14
-rw-r--r--id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java6
-rw-r--r--id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java5
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java2
-rw-r--r--id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java2
-rw-r--r--id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java4
-rw-r--r--id/server/modules/moa-id-module-E-ID_connector/pom.xml70
-rw-r--r--id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthConstants.java118
-rw-r--r--id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java71
-rw-r--r--id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthSpringResourceProvider.java63
-rw-r--r--id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/config/EIDAuthMetadataConfiguration.java355
-rw-r--r--id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/config/EIDAuthRequestBuilderConfiguration.java271
-rw-r--r--id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthMetadataController.java133
-rw-r--r--id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthSignalController.java68
-rw-r--r--id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/CreateAuthnRequestTask.java146
-rw-r--r--id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java286
-rw-r--r--id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthCredentialProvider.java124
-rw-r--r--id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthMetadataProvider.java347
-rw-r--r--id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/Utils.java45
-rw-r--r--id/server/modules/moa-id-module-E-ID_connector/src/main/resources/EID_connector_auth.process.xml17
-rw-r--r--id/server/modules/moa-id-module-E-ID_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider1
-rw-r--r--id/server/modules/moa-id-module-E-ID_connector/src/main/resources/moaid_EID_connector.beans.xml43
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java6
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java2
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java4
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java6
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java6
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java2
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java21
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java13
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java40
-rw-r--r--id/server/modules/module-monitoring/pom.xml6
-rw-r--r--id/server/modules/pom.xml3
74 files changed, 3699 insertions, 1076 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index 39cd0980b..656c9cc83 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -326,6 +326,11 @@ public class ConfigurationProvider {
return configRootDir;
}
+ public boolean isMOAIDMode() {
+ String result = props.getProperty("general.moaidmode.active", "false");
+ return Boolean.parseBoolean(result);
+ }
+
public String getMOAIDInstanceURL() {
return props.getProperty("general.moaid.instance.url");
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
index dc6e840d7..11fbccc0a 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
@@ -55,6 +55,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoT
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TrustAnchor;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyAuthBlock;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink;
+import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm;
@@ -88,6 +89,7 @@ public class GeneralMOAIDConfig {
private String mandateURL = null;
private String szrgwURL = null;
private String elgaMandateServiceURL = null;
+ private String eidSystemServiceURL = null;
private boolean protocolActiveSAML1 = false;
private boolean protocolActivePVP21 = true;
@@ -131,7 +133,16 @@ public class GeneralMOAIDConfig {
private String publicURLPrefix = null;
private boolean virtualPublicURLPrefixEnabled = false;
+ private boolean moaidMode = false;
+
public GeneralMOAIDConfig() {
+ try {
+ this.moaidMode = ConfigurationProvider.getInstance().isMOAIDMode();
+ } catch (ConfigurationException e) {
+ e.printStackTrace();
+
+ }
+
chainigmodelist = new HashMap<String, String>();
ChainingModeType[] values = ChainingModeType.values();
for (int i=0; i<values.length; i++) {
@@ -165,6 +176,24 @@ public class GeneralMOAIDConfig {
AuthComponentGeneral auth = config.getAuthComponentGeneral();
//get ELGA mandate service URLs from configuration
+ if (MiscUtil.isNotEmpty(config.getEidSystemServiceURLs())) {
+ if (KeyValueUtils.isCSVValueString(config.getEidSystemServiceURLs()))
+ eidSystemServiceURL = KeyValueUtils.normalizeCSVValueString(config.getEidSystemServiceURLs());
+
+ else {
+ if (config.getEidSystemServiceURLs().contains(KeyValueUtils.CSV_DELIMITER)) {
+ //remove trailing comma if exist
+ eidSystemServiceURL = config.getEidSystemServiceURLs().substring(0,
+ config.getEidSystemServiceURLs().indexOf(KeyValueUtils.CSV_DELIMITER));
+
+ } else
+ eidSystemServiceURL = config.getEidSystemServiceURLs();
+
+ }
+ }
+
+
+ //get ELGA mandate service URLs from configuration
if (MiscUtil.isNotEmpty(config.getElgaMandateServiceURLs())) {
if (KeyValueUtils.isCSVValueString(config.getElgaMandateServiceURLs()))
elgaMandateServiceURL = KeyValueUtils.normalizeCSVValueString(config.getElgaMandateServiceURLs());
@@ -184,35 +213,6 @@ public class GeneralMOAIDConfig {
if (auth != null) {
- ForeignIdentities foreign = auth.getForeignIdentities();
-
- if (foreign != null) {
- ConnectionParameterClientAuthType connect_foreign = foreign.getConnectionParameter();
- if (connect_foreign != null) {
- if (MiscUtil.isNotEmpty(connect_foreign.getURL())) {
- if (KeyValueUtils.isCSVValueString(connect_foreign.getURL()))
- szrgwURL = KeyValueUtils.normalizeCSVValueString(connect_foreign.getURL());
-
- else {
- if (connect_foreign.getURL().contains(KeyValueUtils.CSV_DELIMITER)) {
- //remove trailing comma if exist
- szrgwURL = connect_foreign.getURL().substring(0,
- connect_foreign.getURL().indexOf(KeyValueUtils.CSV_DELIMITER));
-
- } else
- szrgwURL = connect_foreign.getURL();
-
- }
-
- }
- }
-
- STORK stork = foreign.getSTORK();
- if (stork != null) {
- //TODO: add Stork config
-
- }
- }
GeneralConfiguration authgen = auth.getGeneralConfiguration();
if (authgen != null) {
@@ -239,9 +239,7 @@ public class GeneralMOAIDConfig {
} else
publicURLPrefix = tmp;
}
-
-
-
+
TimeOuts timeouts = authgen.getTimeOuts();
if (timeouts != null) {
@@ -253,56 +251,92 @@ public class GeneralMOAIDConfig {
timeoutMOASessionUpdated = String.valueOf(timeouts.getMOASessionUpdated().longValue());
}
- }
-
- MOASP moaspss = auth.getMOASP();
- if (moaspss != null) {
- ConnectionParameterClientAuthType con = moaspss.getConnectionParameter();
- if (con != null)
- moaspssURL = con.getURL();
- VerifyAuthBlock authblock = moaspss.getVerifyAuthBlock();
- if (authblock != null) {
- moaspssAuthTrustProfile = authblock.getTrustProfileID();
- moaspssAuthTrustProfileTest = authblock.getTestTrustProfileID();
-
- List<String> list = authblock.getVerifyTransformsInfoProfileID();
- if (list.size() == 1)
- moaspssAuthTransformations += list.get(0);
- else {
- for (String el : list)
- moaspssAuthTransformations += el + LINE_DELIMITER + "\n";
+
+ //deactive STORK
+ if (isMoaidMode()) {
+ ForeignIdentities foreign = auth.getForeignIdentities();
+ if (foreign != null) {
+ ConnectionParameterClientAuthType connect_foreign = foreign.getConnectionParameter();
+ if (connect_foreign != null) {
+ if (MiscUtil.isNotEmpty(connect_foreign.getURL())) {
+ if (KeyValueUtils.isCSVValueString(connect_foreign.getURL()))
+ szrgwURL = KeyValueUtils.normalizeCSVValueString(connect_foreign.getURL());
+
+ else {
+ if (connect_foreign.getURL().contains(KeyValueUtils.CSV_DELIMITER)) {
+ //remove trailing comma if exist
+ szrgwURL = connect_foreign.getURL().substring(0,
+ connect_foreign.getURL().indexOf(KeyValueUtils.CSV_DELIMITER));
+
+ } else
+ szrgwURL = connect_foreign.getURL();
+
+ }
+
+ }
+ }
+
+ STORK stork = foreign.getSTORK();
+ if (stork != null) {
+ //TODO: add Stork config
+
+ }
}
}
- VerifyIdentityLink idl = moaspss.getVerifyIdentityLink();
- if (idl != null) {
- moaspssIdlTrustProfile = idl.getTrustProfileID();
- moaspssIdlTrustProfileTest = idl.getTestTrustProfileID();
- }
}
-
- OnlineMandates mandates = auth.getOnlineMandates();
- if (mandates != null) {
- ConnectionParameterClientAuthType con = mandates.getConnectionParameter();
- if (con != null) {
- if (MiscUtil.isNotEmpty(con.getURL())) {
- if (KeyValueUtils.isCSVValueString(con.getURL()))
- mandateURL = KeyValueUtils.normalizeCSVValueString(con.getURL());
+
+ if (isMoaidMode()) {
+ MOASP moaspss = auth.getMOASP();
+ if (moaspss != null) {
+ ConnectionParameterClientAuthType con = moaspss.getConnectionParameter();
+ if (con != null)
+ moaspssURL = con.getURL();
+
+ VerifyAuthBlock authblock = moaspss.getVerifyAuthBlock();
+ if (authblock != null) {
+ moaspssAuthTrustProfile = authblock.getTrustProfileID();
+ moaspssAuthTrustProfileTest = authblock.getTestTrustProfileID();
+ List<String> list = authblock.getVerifyTransformsInfoProfileID();
+ if (list.size() == 1)
+ moaspssAuthTransformations += list.get(0);
else {
- if (con.getURL().contains(KeyValueUtils.CSV_DELIMITER)) {
- //remove trailing comma if exist
- mandateURL = con.getURL().substring(0,
- con.getURL().indexOf(KeyValueUtils.CSV_DELIMITER));
-
- } else
- mandateURL = con.getURL();
-
+ for (String el : list)
+ moaspssAuthTransformations += el + LINE_DELIMITER + "\n";
}
+ }
+ VerifyIdentityLink idl = moaspss.getVerifyIdentityLink();
+ if (idl != null) {
+ moaspssIdlTrustProfile = idl.getTrustProfileID();
+ moaspssIdlTrustProfileTest = idl.getTestTrustProfileID();
+ }
+ }
+
+ OnlineMandates mandates = auth.getOnlineMandates();
+ if (mandates != null) {
+ ConnectionParameterClientAuthType con = mandates.getConnectionParameter();
+ if (con != null) {
+ if (MiscUtil.isNotEmpty(con.getURL())) {
+ if (KeyValueUtils.isCSVValueString(con.getURL()))
+ mandateURL = KeyValueUtils.normalizeCSVValueString(con.getURL());
+
+ else {
+ if (con.getURL().contains(KeyValueUtils.CSV_DELIMITER)) {
+ //remove trailing comma if exist
+ mandateURL = con.getURL().substring(0,
+ con.getURL().indexOf(KeyValueUtils.CSV_DELIMITER));
+
+ } else
+ mandateURL = con.getURL();
+
+ }
+
+ }
+
}
-
}
}
@@ -330,9 +364,12 @@ public class GeneralMOAIDConfig {
}
- OAuth oauth = protocols.getOAuth();
- if (oauth != null) {
- protocolActiveOAuth = oauth.isIsActive();
+ if (isMoaidMode()) {
+ OAuth oauth = protocols.getOAuth();
+ if (oauth != null) {
+ protocolActiveOAuth = oauth.isIsActive();
+
+ }
}
@@ -361,73 +398,79 @@ public class GeneralMOAIDConfig {
pvp2OrgName = org.getName();
pvp2OrgURL = org.getURL();
}
- }
+ }
+
}
- SecurityLayer seclayer = auth.getSecurityLayer();
- if (seclayer != null) {
- List<TransformsInfoType> list = seclayer.getTransformsInfo();
+ if (isMoaidMode()) {
+ SecurityLayer seclayer = auth.getSecurityLayer();
+ if (seclayer != null) {
+ List<TransformsInfoType> list = seclayer.getTransformsInfo();
+
+ for (TransformsInfoType el : list) {
+ fileUploadFileName.add(el.getFilename());
+ }
+ }
- for (TransformsInfoType el : list) {
- fileUploadFileName.add(el.getFilename());
+ SSO sso = auth.getSSO();
+ if (sso != null) {
+ ssoFriendlyName = sso.getFriendlyName();
+
+ // IdentificationNumber idl = sso.getIdentificationNumber();
+ // if (idl != null)
+ // ssoIdentificationNumber = idl.getValue();
+
+ //INFO: only for backup
+ if (MiscUtil.isEmpty(publicURLPrefix))
+ publicURLPrefix = sso.getPublicURL();
+
+ ssoSpecialText = sso.getSpecialText();
+
+ if (MiscUtil.isNotEmpty(sso.getTarget()) &&
+ sso.getTarget().startsWith(Constants.PREFIX_WPBK)) {
+ ssoTarget = sso.getTarget().substring(Constants.PREFIX_WPBK.length()).
+ replace("+", "");
+
+ } else
+ ssoTarget = sso.getTarget();
+
}
}
- SSO sso = auth.getSSO();
- if (sso != null) {
- ssoFriendlyName = sso.getFriendlyName();
-
-// IdentificationNumber idl = sso.getIdentificationNumber();
-// if (idl != null)
-// ssoIdentificationNumber = idl.getValue();
-
- //INFO: only for backup
- if (MiscUtil.isEmpty(publicURLPrefix))
- publicURLPrefix = sso.getPublicURL();
-
- ssoSpecialText = sso.getSpecialText();
-
- if (MiscUtil.isNotEmpty(sso.getTarget()) &&
- sso.getTarget().startsWith(Constants.PREFIX_WPBK)) {
- ssoTarget = sso.getTarget().substring(Constants.PREFIX_WPBK.length()).
- replace("+", "");
+ ChainingModes modes = config.getChainingModes();
+ if (modes != null) {
+ ChainingModeType defaultmode = modes.getSystemDefaultMode();
+ if (defaultmode != null) {
+
+ defaultchainigmode = defaultmode.value();
- } else
- ssoTarget = sso.getTarget();
+ }
+ List<TrustAnchor> trustanchor = modes.getTrustAnchor();
+ if (trustanchor != null) {
+ //TODO: set addional trust anchors!!!!
+ }
}
- }
-
- ChainingModes modes = config.getChainingModes();
- if (modes != null) {
- ChainingModeType defaultmode = modes.getSystemDefaultMode();
- if (defaultmode != null) {
-
- defaultchainigmode = defaultmode.value();
-
+
+ DefaultBKUs defaultbkus = config.getDefaultBKUs();
+ if (defaultbkus != null) {
+ defaultBKUHandy = defaultbkus.getHandyBKU();
+ defaultBKULocal = defaultbkus.getLocalBKU();
+ defaultBKUOnline = defaultbkus.getOnlineBKU();
}
- List<TrustAnchor> trustanchor = modes.getTrustAnchor();
- if (trustanchor != null) {
- //TODO: set addional trust anchors!!!!
+ SLRequestTemplates slreq = config.getSLRequestTemplates();
+ if (slreq != null) {
+ SLRequestTemplateHandy = slreq.getHandyBKU();
+ SLRequestTemplateLocal = slreq.getLocalBKU();
+ SLRequestTemplateOnline = slreq.getOnlineBKU();
}
+
}
trustedCACerts = config.getTrustedCACertificates();
- DefaultBKUs defaultbkus = config.getDefaultBKUs();
- if (defaultbkus != null) {
- defaultBKUHandy = defaultbkus.getHandyBKU();
- defaultBKULocal = defaultbkus.getLocalBKU();
- defaultBKUOnline = defaultbkus.getOnlineBKU();
- }
-
- SLRequestTemplates slreq = config.getSLRequestTemplates();
- if (slreq != null) {
- SLRequestTemplateHandy = slreq.getHandyBKU();
- SLRequestTemplateLocal = slreq.getLocalBKU();
- SLRequestTemplateOnline = slreq.getOnlineBKU();
- }
+
}
}
@@ -1099,10 +1142,25 @@ public class GeneralMOAIDConfig {
this.elgaMandateServiceURL = elgaMandateServiceURL;
}
-
-
-
-
-
+ /**
+ * @return the eidSystemServiceURL
+ */
+ public String getEidSystemServiceURL() {
+ return eidSystemServiceURL;
+ }
+
+ /**
+ * @param eidSystemServiceURL the elgaMandateServiceURL to set
+ */
+ public void setEidSystemeServiceURL(String eidSystemServiceURL) {
+ if (MiscUtil.isNotEmpty(eidSystemServiceURL))
+ this.eidSystemServiceURL = KeyValueUtils.removeAllNewlineFromString(eidSystemServiceURL);
+ else
+ this.eidSystemServiceURL = eidSystemServiceURL;
+ }
+
+ public boolean isMoaidMode() {
+ return moaidMode;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
index e896bb80b..b3db074a2 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
@@ -66,9 +66,11 @@ public class OAAuthenticationData implements IOnlineApplicationData {
private List<String> misServicesList = new ArrayList<String>();
private List<String> elgaServicesList = new ArrayList<String>();
private List<String> szrgwServicesList = new ArrayList<String>();
+ private List<String> eidServicesList = new ArrayList<String>();
private String misServiceSelected = null;
private String elgaServiceSelected = null;
private String szrgwServiceSelected = null;
+ private String eidServiceSelected = null;
private boolean calculateHPI = false;
@@ -90,10 +92,20 @@ public class OAAuthenticationData implements IOnlineApplicationData {
private boolean sl20Active = false;
private String sl20EndPoints = null;
+ private boolean isMoaidMode = false;
+
/**
+ * @param isMoaidMode
*
*/
public OAAuthenticationData() {
+ try {
+ this.isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode();
+ } catch (ConfigurationException e) {
+ e.printStackTrace();
+
+ }
+
keyBoxIdentifierList = new HashMap<String, String>();
MOAKeyBoxSelector[] values = MOAKeyBoxSelector.values();
for (int i=0; i<values.length; i++) {
@@ -105,18 +117,27 @@ public class OAAuthenticationData implements IOnlineApplicationData {
try {
MOAIDConfiguration dbconfig = ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration();
-
- try {
- elgaServicesList = KeyValueUtils.getListOfCSVValues(dbconfig.getElgaMandateServiceURLs());
- misServicesList = KeyValueUtils.getListOfCSVValues(
- dbconfig.getAuthComponentGeneral().getOnlineMandates().getConnectionParameter().getURL());
- } catch (NullPointerException e) {}
-
+
+ if (this.isMoaidMode) {
+ try {
+ elgaServicesList = KeyValueUtils.getListOfCSVValues(dbconfig.getElgaMandateServiceURLs());
+ misServicesList = KeyValueUtils.getListOfCSVValues(
+ dbconfig.getAuthComponentGeneral().getOnlineMandates().getConnectionParameter().getURL());
+ } catch (NullPointerException e) {}
+
+ try {
+ szrgwServicesList = KeyValueUtils.getListOfCSVValues(
+ dbconfig.getAuthComponentGeneral().getForeignIdentities().getConnectionParameter().getURL());
+ } catch (NullPointerException e) {}
+
+ }
+
+
try {
- szrgwServicesList = KeyValueUtils.getListOfCSVValues(
- dbconfig.getAuthComponentGeneral().getForeignIdentities().getConnectionParameter().getURL());
+ eidServicesList = KeyValueUtils.getListOfCSVValues(dbconfig.getEidSystemServiceURLs());
} catch (NullPointerException e) {}
+
} catch (ConfigurationException e) {
log.error("MOA-ID-Configuration initialization FAILED.", e);
@@ -151,7 +172,8 @@ public class OAAuthenticationData implements IOnlineApplicationData {
public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) {
keyBoxIdentifier = dbOA.getKeyBoxIdentifier().value();
- szrgwServiceSelected = dbOA.getSelectedSZRGWServiceURL();
+ szrgwServiceSelected = dbOA.getSelectedSZRGWServiceURL();
+ eidServiceSelected = dbOA.getSelectedEIDServiceURL();
AuthComponentOA oaauth = dbOA.getAuthComponentOA();
if (oaauth != null) {
@@ -302,6 +324,10 @@ public class OAAuthenticationData implements IOnlineApplicationData {
if (MiscUtil.isNotEmpty(getSzrgwServiceSelected()))
dbOA.setSelectedSZRGWServiceURL(getSzrgwServiceSelected());
+
+ if (MiscUtil.isNotEmpty(getEidServiceSelected()))
+ dbOA.setSelectedEIDServiceURL(getEidServiceSelected());
+
if (authUser.isAdmin()) {
//store BKU-URLs
@@ -800,7 +826,18 @@ public class OAAuthenticationData implements IOnlineApplicationData {
return szrgwServicesList;
}
+ public List<String> getEidServicesList() {
+ return eidServicesList;
+ }
+
+ public String getEidServiceSelected() {
+ return eidServiceSelected;
+ }
+ public void setEidServiceSelected(String eidServiceSelected) {
+ this.eidServiceSelected = eidServiceSelected;
+ }
+
public boolean isSl20Active() {
return sl20Active;
}
@@ -820,7 +857,9 @@ public class OAAuthenticationData implements IOnlineApplicationData {
else
this.sl20EndPoints = sl20EndPoints;
}
+
+ public boolean isMoaidMode() {
+ return isMoaidMode;
+ }
-
-
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java
index 0d0cda246..9bbbe3df0 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java
@@ -56,6 +56,17 @@ public class BasicAction extends ActionSupport implements ServletRequestAware,
protected HttpSession session = null;
protected String formID;
+ protected static boolean isMoaidMode = false;
+
+ public BasicAction() {
+ try {
+ isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode();
+ } catch (ConfigurationException e) {
+ log.warn("Can NOT load configuration. Set 'moaidmode' to 'false'", e);
+ }
+ }
+
+
protected void populateBasicInformations() throws BasicActionException {
try {
configuration = ConfigurationProvider.getInstance();
@@ -115,6 +126,12 @@ public class BasicAction extends ActionSupport implements ServletRequestAware,
public void setFormID(String formID) {
this.formID = formID;
}
+
+
+ public static boolean isMoaidMode() {
+ return isMoaidMode;
+ }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
index 9e0b8b1cd..20db561d6 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
@@ -88,10 +88,14 @@ public class BasicOAAction extends BasicAction {
private InputStream stream = null;
+
+
/**
*
*/
- public BasicOAAction() {
+ public BasicOAAction() {
+ super();
+
formList = new LinkedHashMap<String, IOnlineApplicationData>();
OAGeneralConfig generalOA = new OAGeneralConfig();
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
index c3e8c459e..7c3daf928 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
@@ -65,7 +65,9 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoT
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyAuthBlock;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig;
import at.gv.egovernment.moa.id.configuration.data.GeneralStorkConfig;
import at.gv.egovernment.moa.id.configuration.exception.BasicActionException;
@@ -100,19 +102,22 @@ public class EditGeneralConfigAction extends BasicAction {
MOAIDConfiguration dbconfig = configuration.getDbRead().getMOAIDConfiguration();
-
+
moaconfig = new GeneralMOAIDConfig();
- moaconfig.parse(dbconfig);
- storkconfig = new GeneralStorkConfig();
- storkconfig.parse(dbconfig);
-
+ moaconfig.parse(dbconfig);
if (moaconfig == null) {
log.error("MOA configuration is null");
}
- if (storkconfig == null) {
- log.error("Stork configuration is null");
+ if (moaconfig.isMoaidMode()) {
+ storkconfig = new GeneralStorkConfig();
+ storkconfig.parse(dbconfig);
+ if (storkconfig == null) {
+ log.error("Stork configuration is null");
+ }
}
+
+
formID = Random.nextRandom();
session.setAttribute(Constants.SESSION_FORMID, formID);
@@ -149,13 +154,21 @@ public class EditGeneralConfigAction extends BasicAction {
}
session.setAttribute(Constants.SESSION_FORMID, null);
+ boolean isMoaidMode = false;
+ try {
+ isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode();
+ } catch (ConfigurationException e) {
+ log.warn("Can NOT load configuration. Set 'moaidmode' to 'false'", e);
+ }
+
if (authUser.isAdmin()) {
MOAConfigValidator validator = new MOAConfigValidator();
- List<String> errors = validator.validate(moaconfig, request);
+ List<String> errors = validator.validate(moaconfig, request, isMoaidMode);
- errors.addAll(new StorkConfigValidator().validate(storkconfig, request));
+ if (isMoaidMode)
+ errors.addAll(new StorkConfigValidator().validate(storkconfig, request));
if (errors.size() > 0) {
log.info("General MOA-ID configuration has some errors.");
@@ -181,7 +194,7 @@ public class EditGeneralConfigAction extends BasicAction {
}
}
- String error = saveFormToDatabase();
+ String error = saveFormToDatabase(isMoaidMode);
if (error != null) {
log.warn("General MOA-ID config can not be stored in Database");
@@ -218,7 +231,7 @@ public class EditGeneralConfigAction extends BasicAction {
return Constants.STRUTS_SUCCESS;
}
- private String saveFormToDatabase() {
+ private String saveFormToDatabase(boolean isMoaidMode) {
log.debug("Saving form to database");
// log.error("Saving form to db");
@@ -370,20 +383,24 @@ public class EditGeneralConfigAction extends BasicAction {
}
+
OAuth oauth= dbprotocols.getOAuth();
if (oauth == null) {
oauth = new OAuth();
dbprotocols.setOAuth(oauth);
}
- oauth.setIsActive(moaconfig.isProtocolActiveOAuth());
-
+
PVP2 pvp2 = dbprotocols.getPVP2();
if (pvp2 == null) {
pvp2 = new PVP2();
dbprotocols.setPVP2(pvp2);
}
- pvp2.setIsActive(moaconfig.isProtocolActivePVP21());
+ if (isMoaidMode) {
+ oauth.setIsActive(moaconfig.isProtocolActiveOAuth());
+ pvp2.setIsActive(moaconfig.isProtocolActivePVP21());
+
+ }
if (MiscUtil.isNotEmpty(moaconfig.getPvp2IssuerName()))
pvp2.setIssuerName(moaconfig.getPvp2IssuerName());
@@ -437,80 +454,6 @@ public class EditGeneralConfigAction extends BasicAction {
if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getType()))
cont.setType(moaconfig.getPvp2Contact().getType());
- SSO dbsso = dbauth.getSSO();
- if (dbsso == null) {
- dbsso = new SSO();
- dbauth.setSSO(dbsso);
- }
-
- if (MiscUtil.isNotEmpty(moaconfig.getSsoFriendlyName()))
- dbsso.setFriendlyName(StringHelper.getUTF8String(
- moaconfig.getSsoFriendlyName()));
- if (MiscUtil.isNotEmpty(moaconfig.getSsoSpecialText()))
- dbsso.setSpecialText(StringHelper.getUTF8String(
- moaconfig.getSsoSpecialText()));
-// if (MiscUtil.isNotEmpty(moaconfig.getSsoPublicUrl()))
-// dbsso.setPublicURL(moaconfig.getSsoPublicUrl());
-
- if (MiscUtil.isNotEmpty(moaconfig.getSsoTarget())) {
-
- if (!ValidationHelper.isValidAdminTarget(moaconfig.getSsoTarget())) {
- String num = moaconfig.getSsoTarget().replaceAll(" ", "");
- String pre = null;
- if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) {
- num = num.substring(Constants.IDENIFICATIONTYPE_FN.length());
-
- num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num);
- pre = Constants.IDENIFICATIONTYPE_FN;
- }
-
- if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) {
- num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length());
- pre = Constants.IDENIFICATIONTYPE_ZVR;
- }
-
- if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)){
- num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length());
- pre = Constants.IDENIFICATIONTYPE_ERSB;
- }
-
- dbsso.setTarget(Constants.PREFIX_WPBK + pre + "+" + num);
-
- } else {
- dbsso.setTarget(moaconfig.getSsoTarget());
-
- }
- }
-// if (MiscUtil.isNotEmpty(moaconfig.getSsoIdentificationNumber())) {
-// IdentificationNumber ssoid = dbsso.getIdentificationNumber();
-// if (ssoid == null) {
-// ssoid = new IdentificationNumber();
-// dbsso.setIdentificationNumber(ssoid);
-// }
-// ssoid.setValue(moaconfig.getSsoIdentificationNumber());
-// }
-
- DefaultBKUs dbbkus = dbconfig.getDefaultBKUs();
-
- if (dbbkus == null) {
- dbbkus = new DefaultBKUs();
- dbconfig.setDefaultBKUs(dbbkus);
- }
-
- if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUHandy()))
- dbbkus.setHandyBKU(moaconfig.getDefaultBKUHandy());
- else
- dbbkus.setHandyBKU(new String());
-
- if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUOnline()))
- dbbkus.setOnlineBKU(moaconfig.getDefaultBKUOnline());
- else
- dbbkus.setOnlineBKU(new String());
-
- if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKULocal()))
- dbbkus.setLocalBKU(moaconfig.getDefaultBKULocal());
- else
- dbbkus.setLocalBKU(new String());
ChainingModes dbchainingmodes = dbconfig.getChainingModes();
if (dbchainingmodes == null) {
@@ -521,230 +464,331 @@ public class EditGeneralConfigAction extends BasicAction {
dbchainingmodes.setSystemDefaultMode(
ChainingModeType.fromValue("pkix"));
- IdentityLinkSigners idlsigners = dbauth.getIdentityLinkSigners();
- if (idlsigners == null) {
- idlsigners = new IdentityLinkSigners();
- dbauth.setIdentityLinkSigners(idlsigners);
- }
-
- ForeignIdentities dbforeign = dbauth.getForeignIdentities();
- if (dbforeign == null) {
- dbforeign = new ForeignIdentities();
- dbauth.setForeignIdentities(dbforeign);
- }
- if (MiscUtil.isNotEmpty(moaconfig.getSzrgwURL())) {
- ConnectionParameterClientAuthType forcon = dbforeign.getConnectionParameter();
- if (forcon == null) {
- forcon = new ConnectionParameterClientAuthType();
- dbforeign.setConnectionParameter(forcon);
+ if (isMoaidMode) {
+ SSO dbsso = dbauth.getSSO();
+ if (dbsso == null) {
+ dbsso = new SSO();
+ dbauth.setSSO(dbsso);
}
- if (KeyValueUtils.isCSVValueString(moaconfig.getSzrgwURL()))
- forcon.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getSzrgwURL()));
+ if (MiscUtil.isNotEmpty(moaconfig.getSsoFriendlyName()))
+ dbsso.setFriendlyName(StringHelper.getUTF8String(
+ moaconfig.getSsoFriendlyName()));
+ if (MiscUtil.isNotEmpty(moaconfig.getSsoSpecialText()))
+ dbsso.setSpecialText(StringHelper.getUTF8String(
+ moaconfig.getSsoSpecialText()));
+ // if (MiscUtil.isNotEmpty(moaconfig.getSsoPublicUrl()))
+ // dbsso.setPublicURL(moaconfig.getSsoPublicUrl());
+
+ if (MiscUtil.isNotEmpty(moaconfig.getSsoTarget())) {
- else {
- if (moaconfig.getSzrgwURL().contains(KeyValueUtils.CSV_DELIMITER))
- forcon.setURL(
- moaconfig.getSzrgwURL().trim().substring(0,
- moaconfig.getSzrgwURL().indexOf(KeyValueUtils.CSV_DELIMITER)));
+ if (!ValidationHelper.isValidAdminTarget(moaconfig.getSsoTarget())) {
+ String num = moaconfig.getSsoTarget().replaceAll(" ", "");
+ String pre = null;
+ if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) {
+ num = num.substring(Constants.IDENIFICATIONTYPE_FN.length());
+
+ num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num);
+ pre = Constants.IDENIFICATIONTYPE_FN;
+ }
- else
- forcon.setURL(
- StringUtils.chomp(moaconfig.getSzrgwURL().trim()));
-
+ if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) {
+ num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length());
+ pre = Constants.IDENIFICATIONTYPE_ZVR;
+ }
+
+ if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)){
+ num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length());
+ pre = Constants.IDENIFICATIONTYPE_ERSB;
+ }
+
+ dbsso.setTarget(Constants.PREFIX_WPBK + pre + "+" + num);
+
+ } else {
+ dbsso.setTarget(moaconfig.getSsoTarget());
+
+ }
}
+ // if (MiscUtil.isNotEmpty(moaconfig.getSsoIdentificationNumber())) {
+ // IdentificationNumber ssoid = dbsso.getIdentificationNumber();
+ // if (ssoid == null) {
+ // ssoid = new IdentificationNumber();
+ // dbsso.setIdentificationNumber(ssoid);
+ // }
+ // ssoid.setValue(moaconfig.getSsoIdentificationNumber());
+ // }
+
+ DefaultBKUs dbbkus = dbconfig.getDefaultBKUs();
+
+ if (dbbkus == null) {
+ dbbkus = new DefaultBKUs();
+ dbconfig.setDefaultBKUs(dbbkus);
+ }
+
+ if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUHandy()))
+ dbbkus.setHandyBKU(moaconfig.getDefaultBKUHandy());
+ else
+ dbbkus.setHandyBKU(new String());
+
+ if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUOnline()))
+ dbbkus.setOnlineBKU(moaconfig.getDefaultBKUOnline());
+ else
+ dbbkus.setOnlineBKU(new String());
+
+ if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKULocal()))
+ dbbkus.setLocalBKU(moaconfig.getDefaultBKULocal());
+ else
+ dbbkus.setLocalBKU(new String());
- }
+
- ForeignIdentities foreign = dbauth.getForeignIdentities();
- if (foreign != null) {
- STORK stork = foreign.getSTORK();
- if (stork == null) {
- stork = new STORK();
- foreign.setSTORK(stork);
-
+ IdentityLinkSigners idlsigners = dbauth.getIdentityLinkSigners();
+ if (idlsigners == null) {
+ idlsigners = new IdentityLinkSigners();
+ dbauth.setIdentityLinkSigners(idlsigners);
+ }
+
+ ForeignIdentities dbforeign = dbauth.getForeignIdentities();
+ if (dbforeign == null) {
+ dbforeign = new ForeignIdentities();
+ dbauth.setForeignIdentities(dbforeign);
}
-
- try {
- log.error("QAAAA " + storkconfig.getDefaultQaa());
- stork.setGeneral_eIDAS_LOA(storkconfig.getDefaultQaa());
- if (storkconfig.getAttributes() != null) {
- List<StorkAttribute> dbStorkAttr = new ArrayList<StorkAttribute>();
- stork.setAttributes(dbStorkAttr);
-
+ if (MiscUtil.isNotEmpty(moaconfig.getSzrgwURL())) {
+ ConnectionParameterClientAuthType forcon = dbforeign.getConnectionParameter();
+ if (forcon == null) {
+ forcon = new ConnectionParameterClientAuthType();
+ dbforeign.setConnectionParameter(forcon);
+ }
+
+ if (KeyValueUtils.isCSVValueString(moaconfig.getSzrgwURL()))
+ forcon.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getSzrgwURL()));
- for (StorkAttribute attr : storkconfig.getAttributes()) {
- if (attr != null && MiscUtil.isNotEmpty(attr.getName()))
- dbStorkAttr.add(attr);
+ else {
+ if (moaconfig.getSzrgwURL().contains(KeyValueUtils.CSV_DELIMITER))
+ forcon.setURL(
+ moaconfig.getSzrgwURL().trim().substring(0,
+ moaconfig.getSzrgwURL().indexOf(KeyValueUtils.CSV_DELIMITER)));
- else
- log.info("Remove null or empty STORK attribute");
- }
-
- } else
- stork.setAttributes((List<StorkAttribute>) (new ArrayList<StorkAttribute>()));
-
- if (storkconfig.getCpepslist() != null) {
- List<CPEPS> dbStorkCPEPS = new ArrayList<CPEPS>();
- stork.setCPEPS(dbStorkCPEPS);
+ else
+ forcon.setURL(
+ StringUtils.chomp(moaconfig.getSzrgwURL().trim()));
+
+ }
+
+ }
+
+ ForeignIdentities foreign = dbauth.getForeignIdentities();
+ if (foreign != null) {
+ STORK stork = foreign.getSTORK();
+ if (stork == null) {
+ stork = new STORK();
+ foreign.setSTORK(stork);
- for (CPEPS cpeps : storkconfig.getCpepslist()) {
- if (cpeps != null && MiscUtil.isNotEmpty(cpeps.getURL()) &&
- MiscUtil.isNotEmpty(cpeps.getCountryCode())) {
+ }
+
+ try {
+ log.error("QAAAA " + storkconfig.getDefaultQaa());
+ stork.setGeneral_eIDAS_LOA(storkconfig.getDefaultQaa());
+
+ if (storkconfig.getAttributes() != null) {
+ List<StorkAttribute> dbStorkAttr = new ArrayList<StorkAttribute>();
+ stork.setAttributes(dbStorkAttr);
- if (cpeps.getCountryCode().equals("CC") &&
- cpeps.getURL().equals("http://"))
- log.info("Remove dummy STORK CPEPS entry.");
-
- else
- dbStorkCPEPS.add(cpeps);
+
+ for (StorkAttribute attr : storkconfig.getAttributes()) {
+ if (attr != null && MiscUtil.isNotEmpty(attr.getName()))
+ dbStorkAttr.add(attr);
- } else
- log.info("Remove null or emtpy STORK CPEPS configuration");
- }
+ else
+ log.info("Remove null or empty STORK attribute");
+ }
+
+ } else
+ stork.setAttributes((List<StorkAttribute>) (new ArrayList<StorkAttribute>()));
+
+ if (storkconfig.getCpepslist() != null) {
+ List<CPEPS> dbStorkCPEPS = new ArrayList<CPEPS>();
+ stork.setCPEPS(dbStorkCPEPS);
+
+ for (CPEPS cpeps : storkconfig.getCpepslist()) {
+ if (cpeps != null && MiscUtil.isNotEmpty(cpeps.getURL()) &&
+ MiscUtil.isNotEmpty(cpeps.getCountryCode())) {
+
+ if (cpeps.getCountryCode().equals("CC") &&
+ cpeps.getURL().equals("http://"))
+ log.info("Remove dummy STORK CPEPS entry.");
+
+ else
+ dbStorkCPEPS.add(cpeps);
+
+ } else
+ log.info("Remove null or emtpy STORK CPEPS configuration");
+ }
+
+ } else
+ stork.setCPEPS((List<CPEPS>) (new ArrayList<CPEPS>()));
- } else
- stork.setCPEPS((List<CPEPS>) (new ArrayList<CPEPS>()));
-
- } catch (Exception e) {
- e.printStackTrace();
-
- }
-
- try{
- log.info("CPEPS LIST: " + storkconfig.getCpepslist().size() );
- log.trace("CPEPS 1:" + storkconfig.getCpepslist().get(0).getCountryCode() +storkconfig.getCpepslist().get(0).getURL());
-
- } catch (Exception ex) {
- log.info("CPEPS LIST is null");
-
- }
- }
-
- //write MIS Mandate-Service URLs
- if (MiscUtil.isNotEmpty(moaconfig.getMandateURL())) {
- OnlineMandates dbmandate = dbauth.getOnlineMandates();
- if (dbmandate == null) {
- dbmandate = new OnlineMandates();
- dbauth.setOnlineMandates(dbmandate);
+ } catch (Exception e) {
+ e.printStackTrace();
+
+ }
+
+ try{
+ log.info("CPEPS LIST: " + storkconfig.getCpepslist().size() );
+ log.trace("CPEPS 1:" + storkconfig.getCpepslist().get(0).getCountryCode() +storkconfig.getCpepslist().get(0).getURL());
+
+ } catch (Exception ex) {
+ log.info("CPEPS LIST is null");
+
+ }
}
- ConnectionParameterClientAuthType dbmandateconnection = dbmandate.getConnectionParameter();
-
- if (dbmandateconnection == null) {
- dbmandateconnection = new ConnectionParameterClientAuthType();
- dbmandate.setConnectionParameter(dbmandateconnection);
+
+ //write MIS Mandate-Service URLs
+ if (MiscUtil.isNotEmpty(moaconfig.getMandateURL())) {
+ OnlineMandates dbmandate = dbauth.getOnlineMandates();
+ if (dbmandate == null) {
+ dbmandate = new OnlineMandates();
+ dbauth.setOnlineMandates(dbmandate);
+ }
+ ConnectionParameterClientAuthType dbmandateconnection = dbmandate.getConnectionParameter();
+
+ if (dbmandateconnection == null) {
+ dbmandateconnection = new ConnectionParameterClientAuthType();
+ dbmandate.setConnectionParameter(dbmandateconnection);
+ }
+
+ if (KeyValueUtils.isCSVValueString(moaconfig.getMandateURL()))
+ dbmandateconnection.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getMandateURL()));
+
+ else {
+ if (moaconfig.getMandateURL().contains(KeyValueUtils.CSV_DELIMITER))
+ dbmandateconnection.setURL(
+ moaconfig.getMandateURL().trim().substring(0,
+ moaconfig.getMandateURL().indexOf(KeyValueUtils.CSV_DELIMITER)));
+
+ else
+ dbmandateconnection.setURL(
+ StringUtils.chomp(moaconfig.getMandateURL().trim()));
+
+ }
}
- if (KeyValueUtils.isCSVValueString(moaconfig.getMandateURL()))
- dbmandateconnection.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getMandateURL()));
-
- else {
- if (moaconfig.getMandateURL().contains(KeyValueUtils.CSV_DELIMITER))
- dbmandateconnection.setURL(
- moaconfig.getMandateURL().trim().substring(0,
- moaconfig.getMandateURL().indexOf(KeyValueUtils.CSV_DELIMITER)));
+ //write ELGA Mandate-Service URLs
+ if (MiscUtil.isNotEmpty(moaconfig.getElgaMandateServiceURL())) {
+ if (KeyValueUtils.isCSVValueString(moaconfig.getElgaMandateServiceURL()))
+ dbconfig.setElgaMandateServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig.getElgaMandateServiceURL()));
- else
- dbmandateconnection.setURL(
- StringUtils.chomp(moaconfig.getMandateURL().trim()));
-
- }
+ else {
+ if (moaconfig.getElgaMandateServiceURL().contains(KeyValueUtils.CSV_DELIMITER))
+ dbconfig.setElgaMandateServiceURLs(
+ moaconfig.getElgaMandateServiceURL().trim().substring(0,
+ moaconfig.getElgaMandateServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER)));
+
+ else
+ dbconfig.setElgaMandateServiceURLs(
+ StringUtils.chomp(moaconfig.getElgaMandateServiceURL().trim()));
+
+ }
+ }
}
- //write ELGA Mandate-Service URLs
- if (MiscUtil.isNotEmpty(moaconfig.getElgaMandateServiceURL())) {
- if (KeyValueUtils.isCSVValueString(moaconfig.getElgaMandateServiceURL()))
- dbconfig.setElgaMandateServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig.getElgaMandateServiceURL()));
+
+ //write E-ID System URLs
+ if (MiscUtil.isNotEmpty(moaconfig.getEidSystemServiceURL())) {
+ if (KeyValueUtils.isCSVValueString(moaconfig.getEidSystemServiceURL()))
+ dbconfig.setEidSystemServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig.getEidSystemServiceURL()));
else {
- if (moaconfig.getElgaMandateServiceURL().contains(KeyValueUtils.CSV_DELIMITER))
- dbconfig.setElgaMandateServiceURLs(
- moaconfig.getElgaMandateServiceURL().trim().substring(0,
- moaconfig.getElgaMandateServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER)));
+ if (moaconfig.getEidSystemServiceURL().contains(KeyValueUtils.CSV_DELIMITER))
+ dbconfig.setEidSystemServiceURLs(
+ moaconfig.getEidSystemServiceURL().trim().substring(0,
+ moaconfig.getEidSystemServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER)));
else
- dbconfig.setElgaMandateServiceURLs(
- StringUtils.chomp(moaconfig.getElgaMandateServiceURL().trim()));
+ dbconfig.setEidSystemServiceURLs(
+ StringUtils.chomp(moaconfig.getEidSystemServiceURL().trim()));
}
}
-
- MOASP dbmoasp = dbauth.getMOASP();
- if (dbmoasp == null) {
- dbmoasp = new MOASP();
- dbauth.setMOASP(dbmoasp);
- }
- if (MiscUtil.isNotEmpty(moaconfig.getMoaspssURL())) {
- ConnectionParameterClientAuthType moaspcon = dbmoasp.getConnectionParameter();
- if (moaspcon == null) {
- moaspcon = new ConnectionParameterClientAuthType();
- dbmoasp.setConnectionParameter(moaspcon);
+ if (isMoaidMode) {
+ MOASP dbmoasp = dbauth.getMOASP();
+ if (dbmoasp == null) {
+ dbmoasp = new MOASP();
+ dbauth.setMOASP(dbmoasp);
}
- moaspcon.setURL(moaconfig.getMoaspssURL());
- }
- VerifyIdentityLink moaidl = dbmoasp.getVerifyIdentityLink();
- if (moaidl == null) {
- moaidl = new VerifyIdentityLink();
- dbmoasp.setVerifyIdentityLink(moaidl);
- }
- moaidl.setTrustProfileID(moaconfig.getMoaspssIdlTrustProfile());
- moaidl.setTestTrustProfileID(moaconfig.getMoaspssIdlTrustProfileTest());
-
- VerifyAuthBlock moaauth = dbmoasp.getVerifyAuthBlock();
- if (moaauth == null) {
- moaauth = new VerifyAuthBlock();
- dbmoasp.setVerifyAuthBlock(moaauth);
- }
- moaauth.setTrustProfileID(moaconfig.getMoaspssAuthTrustProfile());
- moaauth.setTestTrustProfileID(moaconfig.getMoaspssAuthTrustProfileTest());
-
- if (moaauth.getVerifyTransformsInfoProfileID() != null &&
- moaauth.getVerifyTransformsInfoProfileID().size() > 0)
- moaauth.getVerifyTransformsInfoProfileID().set(0, moaconfig.getAuthTransformList().get(0));
-
- else {
- if (moaauth.getVerifyTransformsInfoProfileID() == null) {
- moaauth.setVerifyTransformsInfoProfileID(new ArrayList<String>());
-
+ if (MiscUtil.isNotEmpty(moaconfig.getMoaspssURL())) {
+ ConnectionParameterClientAuthType moaspcon = dbmoasp.getConnectionParameter();
+ if (moaspcon == null) {
+ moaspcon = new ConnectionParameterClientAuthType();
+ dbmoasp.setConnectionParameter(moaspcon);
+ }
+ moaspcon.setURL(moaconfig.getMoaspssURL());
}
- moaauth.getVerifyTransformsInfoProfileID().add(moaconfig.getAuthTransformList().get(0));
- }
-
- SecurityLayer seclayertrans = dbauth.getSecurityLayer();
- if (seclayertrans == null) {
- seclayertrans = new SecurityLayer();
- dbauth.setSecurityLayer(seclayertrans);
- }
- List<TransformsInfoType> trans = new ArrayList<TransformsInfoType>();
- Map<String, byte[]> moatrans = moaconfig.getSecLayerTransformation();
- if (moatrans != null) {
- Set<String> keys = moatrans.keySet();
- for (String key : keys) {
- TransformsInfoType elem = new TransformsInfoType();
- elem.setFilename(key);
- elem.setTransformation(moatrans.get(key));
- trans.add(elem);
+ VerifyIdentityLink moaidl = dbmoasp.getVerifyIdentityLink();
+ if (moaidl == null) {
+ moaidl = new VerifyIdentityLink();
+ dbmoasp.setVerifyIdentityLink(moaidl);
}
+ moaidl.setTrustProfileID(moaconfig.getMoaspssIdlTrustProfile());
+ moaidl.setTestTrustProfileID(moaconfig.getMoaspssIdlTrustProfileTest());
+
+ VerifyAuthBlock moaauth = dbmoasp.getVerifyAuthBlock();
+ if (moaauth == null) {
+ moaauth = new VerifyAuthBlock();
+ dbmoasp.setVerifyAuthBlock(moaauth);
+ }
+ moaauth.setTrustProfileID(moaconfig.getMoaspssAuthTrustProfile());
+ moaauth.setTestTrustProfileID(moaconfig.getMoaspssAuthTrustProfileTest());
+
+ if (moaauth.getVerifyTransformsInfoProfileID() != null &&
+ moaauth.getVerifyTransformsInfoProfileID().size() > 0)
+ moaauth.getVerifyTransformsInfoProfileID().set(0, moaconfig.getAuthTransformList().get(0));
+
+ else {
+ if (moaauth.getVerifyTransformsInfoProfileID() == null) {
+ moaauth.setVerifyTransformsInfoProfileID(new ArrayList<String>());
+
+ }
+ moaauth.getVerifyTransformsInfoProfileID().add(moaconfig.getAuthTransformList().get(0));
+ }
+
+ SecurityLayer seclayertrans = dbauth.getSecurityLayer();
+ if (seclayertrans == null) {
+ seclayertrans = new SecurityLayer();
+ dbauth.setSecurityLayer(seclayertrans);
+ }
+ List<TransformsInfoType> trans = new ArrayList<TransformsInfoType>();
+ Map<String, byte[]> moatrans = moaconfig.getSecLayerTransformation();
+ if (moatrans != null) {
+ Set<String> keys = moatrans.keySet();
+ for (String key : keys) {
+ TransformsInfoType elem = new TransformsInfoType();
+ elem.setFilename(key);
+ elem.setTransformation(moatrans.get(key));
+ trans.add(elem);
+ }
+ }
+ if (trans.size() > 0)
+ seclayertrans.setTransformsInfo(trans);
+
+
+ SLRequestTemplates slrequesttempl = dbconfig.getSLRequestTemplates();
+ if (slrequesttempl == null) {
+ slrequesttempl = new SLRequestTemplates();
+ dbconfig.setSLRequestTemplates(slrequesttempl);
+ }
+ if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateHandy()))
+ slrequesttempl.setHandyBKU(moaconfig.getSLRequestTemplateHandy());
+ if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateLocal()))
+ slrequesttempl.setLocalBKU(moaconfig.getSLRequestTemplateLocal());
+ if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateOnline()))
+ slrequesttempl.setOnlineBKU(moaconfig.getSLRequestTemplateOnline());
+
}
- if (trans.size() > 0)
- seclayertrans.setTransformsInfo(trans);
-
-
- SLRequestTemplates slrequesttempl = dbconfig.getSLRequestTemplates();
- if (slrequesttempl == null) {
- slrequesttempl = new SLRequestTemplates();
- dbconfig.setSLRequestTemplates(slrequesttempl);
- }
- if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateHandy()))
- slrequesttempl.setHandyBKU(moaconfig.getSLRequestTemplateHandy());
- if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateLocal()))
- slrequesttempl.setLocalBKU(moaconfig.getSLRequestTemplateLocal());
- if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateOnline()))
- slrequesttempl.setOnlineBKU(moaconfig.getSLRequestTemplateOnline());
if (MiscUtil.isNotEmpty(moaconfig.getTrustedCACerts()))
dbconfig.setTrustedCACertificates(moaconfig.getTrustedCACerts());
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
index cfb74ebd2..6902a668f 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
@@ -70,31 +70,33 @@ public class EditOAAction extends BasicOAAction {
OAAuthenticationData authOA = new OAAuthenticationData();
formList.put(authOA.getName(), authOA);
- OABPKEncryption bPKEncDec = new OABPKEncryption();
- formList.put(bPKEncDec.getName(), bPKEncDec);
-
- OASSOConfig ssoOA = new OASSOConfig();
- formList.put(ssoOA.getName(), ssoOA);
-
OASAML1Config saml1OA = new OASAML1Config();
formList.put(saml1OA.getName(), saml1OA);
+
+ if (isMoaidMode) {
+ OABPKEncryption bPKEncDec = new OABPKEncryption();
+ formList.put(bPKEncDec.getName(), bPKEncDec);
+
+ OASSOConfig ssoOA = new OASSOConfig();
+ formList.put(ssoOA.getName(), ssoOA);
- OAPVP2Config pvp2OA = new OAPVP2Config();
- formList.put(pvp2OA.getName(), pvp2OA);
+ OAPVP2Config pvp2OA = new OAPVP2Config();
+ formList.put(pvp2OA.getName(), pvp2OA);
- OAOAuth20Config oauth20OA = new OAOAuth20Config();
- formList.put(oauth20OA.getName(), oauth20OA);
+ OAOAuth20Config oauth20OA = new OAOAuth20Config();
+ formList.put(oauth20OA.getName(), oauth20OA);
- OASTORKConfig storkOA = new OASTORKConfig();
- formList.put(storkOA.getName(), storkOA);
+ OASTORKConfig storkOA = new OASTORKConfig();
+ formList.put(storkOA.getName(), storkOA);
- Map<String, String> map = new HashMap<String, String>();
- map.putAll(FormBuildUtils.getDefaultMap());
- FormularCustomization formOA = new FormularCustomization(map);
- formList.put(formOA.getName(), formOA);
+ Map<String, String> map = new HashMap<String, String>();
+ map.putAll(FormBuildUtils.getDefaultMap());
+ FormularCustomization formOA = new FormularCustomization(map);
+ formList.put(formOA.getName(), formOA);
- OARevisionsLogData revisOA = new OARevisionsLogData();
- formList.put(revisOA.getName(), revisOA);
+ OARevisionsLogData revisOA = new OARevisionsLogData();
+ formList.put(revisOA.getName(), revisOA);
+ }
}
@@ -210,8 +212,8 @@ public class EditOAAction extends BasicOAAction {
errors.addAll(form.validate(getGeneralOA(), authUser, request));
// Do not allow SSO in combination with special BKUSelection features
- if (getSsoOA().isUseSSO()
- && (getFormOA().isOnlyMandateAllowed() || !getFormOA()
+ if (getSsoOA() != null && getSsoOA().isUseSSO()
+ && (getFormOA() != null && getFormOA().isOnlyMandateAllowed() || !getFormOA()
.isShowMandateLoginButton())) {
log.warn("Special BKUSelection features can not be used in combination with SSO");
errors.add(LanguageHelper.getErrorString(
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
index 7fae5d40c..180f32235 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
@@ -23,17 +23,14 @@
package at.gv.egovernment.moa.id.configuration.struts.action;
import java.util.ArrayList;
-import java.util.Date;
import java.util.List;
import org.apache.log4j.Logger;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.IdentificationNumber;
-import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAIDConfiguration;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
-import at.gv.egiz.eaaf.core.impl.utils.Random;
-import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.Constants;
@@ -42,7 +39,6 @@ import at.gv.egovernment.moa.id.configuration.data.OAListElement;
import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData;
import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData;
import at.gv.egovernment.moa.id.configuration.data.oa.OAMOAIDPInterfederationConfig;
-import at.gv.egovernment.moa.id.configuration.data.oa.OAOAuth20Config;
import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig;
import at.gv.egovernment.moa.id.configuration.data.oa.OATargetConfiguration;
import at.gv.egovernment.moa.id.configuration.data.oa.PVPGatewayInterfederationConfig;
@@ -50,7 +46,6 @@ import at.gv.egovernment.moa.id.configuration.exception.BasicActionException;
import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException;
import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
-import at.gv.egovernment.moa.util.MiscUtil;
/**
* @author tlenz
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
index 717a0c827..247004b75 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
@@ -46,7 +46,7 @@ public class MOAConfigValidator {
private static final Logger log = Logger.getLogger(MOAConfigValidator.class);
- public List<String> validate(GeneralMOAIDConfig form, HttpServletRequest request) {
+ public List<String> validate(GeneralMOAIDConfig form, HttpServletRequest request, boolean isMOAIDMode) {
List<String> errors = new ArrayList<String>();
@@ -126,7 +126,7 @@ public class MOAConfigValidator {
// }
check = form.getDefaultBKUHandy();
- if (MiscUtil.isNotEmpty(check)) {
+ if (MiscUtil.isNotEmpty(check) && isMOAIDMode) {
if (!ValidationHelper.validateURL(check)) {
log.info("Not valid Handy-BKU URL");
errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request));
@@ -134,7 +134,7 @@ public class MOAConfigValidator {
}
check = form.getDefaultBKULocal();
- if (MiscUtil.isNotEmpty(check)) {
+ if (MiscUtil.isNotEmpty(check) && isMOAIDMode) {
if (!ValidationHelper.validateURL(check)) {
log.info("Not valid Online-BKU URL");
errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request));
@@ -142,7 +142,7 @@ public class MOAConfigValidator {
}
check = form.getDefaultBKUOnline();
- if (MiscUtil.isNotEmpty(check)) {
+ if (MiscUtil.isNotEmpty(check) && isMOAIDMode) {
if (!ValidationHelper.validateURL(check)) {
log.info("Not valid Online-BKU URL");
errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request));
@@ -162,7 +162,7 @@ public class MOAConfigValidator {
// }
check = form.getMandateURL();
- if (MiscUtil.isNotEmpty(check)) {
+ if (MiscUtil.isNotEmpty(check) && isMOAIDMode) {
String[] misURLs = check.split(",");
for (String el : misURLs) {
if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) {
@@ -174,7 +174,7 @@ public class MOAConfigValidator {
}
check = form.getElgaMandateServiceURL();
- if (MiscUtil.isNotEmpty(check)) {
+ if (MiscUtil.isNotEmpty(check) && isMOAIDMode) {
String[] elgaServiceURLs = check.split(",");
for (String el : elgaServiceURLs) {
if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) {
@@ -185,87 +185,103 @@ public class MOAConfigValidator {
}
}
+ check = form.getEidSystemServiceURL();
+ if (MiscUtil.isNotEmpty(check)) {
+ String[] eidServiceURLs = check.split(",");
+ for (String el : eidServiceURLs) {
+ if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) {
+ log.info("Not valid E-ID System Service URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.eid.url.valid",
+ new Object[]{el}, request));
+ }
+ }
+ }
+
check = form.getMoaspssAuthTransformations();
List<String> authtranslist = new ArrayList<String>();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty MoaspssAuthTransformation");
- errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty", request));
- } else {
-
- //is only required if more then one transformation is in use
-// check = StringHelper.formatText(check);
-// String[] list = check.split(GeneralMOAIDConfig.LINE_DELIMITER);
-// int i=1;
-// for(String el : list) {
-// if (ValidationHelper.containsPotentialCSSCharacter(el, false)) {
-// log.info("IdentityLinkSigners is not valid: " + el);
-// errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid",
-// new Object[] {i, ValidationHelper.getPotentialCSSCharacter(false)} ));
-//
-// } else {
-// if (MiscUtil.isNotEmpty(el.trim()))
-// authtranslist.add(el.trim());
-// }
-// i++;
-// }
- authtranslist.add(check.trim());
+ if (isMOAIDMode) {
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty MoaspssAuthTransformation");
+ errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty", request));
+ } else {
+
+ //is only required if more then one transformation is in use
+ // check = StringHelper.formatText(check);
+ // String[] list = check.split(GeneralMOAIDConfig.LINE_DELIMITER);
+ // int i=1;
+ // for(String el : list) {
+ // if (ValidationHelper.containsPotentialCSSCharacter(el, false)) {
+ // log.info("IdentityLinkSigners is not valid: " + el);
+ // errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid",
+ // new Object[] {i, ValidationHelper.getPotentialCSSCharacter(false)} ));
+ //
+ // } else {
+ // if (MiscUtil.isNotEmpty(el.trim()))
+ // authtranslist.add(el.trim());
+ // }
+ // i++;
+ // }
+ authtranslist.add(check.trim());
+ }
}
form.setAuthTransformList(authtranslist);
- check = form.getMoaspssAuthTrustProfile();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty MOA-SP/SS Authblock TrustProfile");
- errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty", request));
- } else {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.info("Authblock TrustProfile is not valid: " +check);
- errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
+ if (isMOAIDMode) {
+ check = form.getMoaspssAuthTrustProfile();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty MOA-SP/SS Authblock TrustProfile");
+ errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty", request));
+ } else {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.info("Authblock TrustProfile is not valid: " +check);
+ errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid",
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
+ }
}
- }
-
- check = form.getMoaspssIdlTrustProfile();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty MOA-SP/SS IdentityLink TrustProfile");
- errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty", request));
- } else {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.info("IdentityLink TrustProfile is not valid: " +check);
- errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
+
+ check = form.getMoaspssIdlTrustProfile();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty MOA-SP/SS IdentityLink TrustProfile");
+ errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty", request));
+ } else {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.info("IdentityLink TrustProfile is not valid: " +check);
+ errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid",
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
+ }
}
- }
-
- check = form.getMoaspssAuthTrustProfileTest();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty MOA-SP/SS Test-Authblock TrustProfile");
- errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty", request));
- } else {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.info("Test-Authblock TrustProfile is not valid: " +check);
- errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
+
+ check = form.getMoaspssAuthTrustProfileTest();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty MOA-SP/SS Test-Authblock TrustProfile");
+ errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty", request));
+ } else {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.info("Test-Authblock TrustProfile is not valid: " +check);
+ errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid",
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
+ }
}
- }
-
- check = form.getMoaspssIdlTrustProfileTest();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile");
- errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty", request));
- } else {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.info("Test-IdentityLink TrustProfile is not valid: " +check);
- errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
+
+ check = form.getMoaspssIdlTrustProfileTest();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile");
+ errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty", request));
+ } else {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.info("Test-IdentityLink TrustProfile is not valid: " +check);
+ errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid",
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
+ }
}
- }
-
-
- check = form.getMoaspssURL();
- if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.validateURL(check)) {
- log.info("Not valid MOA-SP/SS Service URL");
- errors.add(LanguageHelper.getErrorString("validation.general.moaspss.url.valid", request));
+
+
+ check = form.getMoaspssURL();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid MOA-SP/SS Service URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.moaspss.url.valid", request));
+ }
}
}
@@ -312,109 +328,111 @@ public class MOAConfigValidator {
// }
// }
- check = form.getSLRequestTemplateHandy();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty SLRequestTemplate Handy-BKU");
- errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.empty", request));
- } else {
- if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
- log.info("SLRequestTemplate Handy-BKU is not valid");
- errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.valid", request));
- }
- }
-
- check = form.getSLRequestTemplateLocal();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty SLRequestTemplate local BKU");
- errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.empty", request));
- } else {
- if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
- log.info("SLRequestTemplate local BKU is not valid");
- errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.valid", request));
- }
- }
-
- check = form.getSLRequestTemplateOnline();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty SLRequestTemplate Online-BKU");
- errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.empty", request));
- } else {
- if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
- log.info("SLRequestTemplate Online-BKU is not valid");
- errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.valid", request));
+ if (isMOAIDMode) {
+ check = form.getSLRequestTemplateHandy();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty SLRequestTemplate Handy-BKU");
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.empty", request));
+ } else {
+ if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
+ log.info("SLRequestTemplate Handy-BKU is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.valid", request));
+ }
}
- }
-
- check = form.getSsoFriendlyName();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.info("SSO friendlyname is not valid: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
+
+ check = form.getSLRequestTemplateLocal();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty SLRequestTemplate local BKU");
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.empty", request));
+ } else {
+ if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
+ log.info("SLRequestTemplate local BKU is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.valid", request));
+ }
}
- }
-
-// check = form.getSsoIdentificationNumber();
-// if (MiscUtil.isNotEmpty(check)) {
-// if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
-// log.info("SSO IdentificationNumber is not valid: " + check);
-// errors.add(LanguageHelper.getErrorString("validation.general.sso.identificationnumber.valid",
-// new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
-// }
-// }
-
-// check = form.getSsoPublicUrl();
-// if (MiscUtil.isNotEmpty(check)) {
-// if (!ValidationHelper.validateURL(check)) {
-// log.info("SSO Public URL is not valid");
-// errors.add(LanguageHelper.getErrorString("validation.general.sso.publicurl.valid"));
-// }
-// }
-
- check = form.getSsoSpecialText();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, true)) {
- log.info("SSO SpecialText is not valid: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(true)} , request));
+
+ check = form.getSLRequestTemplateOnline();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty SLRequestTemplate Online-BKU");
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.empty", request));
+ } else {
+ if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
+ log.info("SLRequestTemplate Online-BKU is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.valid", request));
+ }
}
- }
-
- check = form.getSsoTarget();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty SSO Target");
- //errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty", request));
- } else {
- if (!ValidationHelper.isValidAdminTarget(check)) {
-
+ check = form.getSsoFriendlyName();
+ if (MiscUtil.isNotEmpty(check)) {
if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.warn("IdentificationNumber contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid",
+ log.info("SSO friendlyname is not valid: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid",
new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
+ }
+
+ // check = form.getSsoIdentificationNumber();
+ // if (MiscUtil.isNotEmpty(check)) {
+ // if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ // log.info("SSO IdentificationNumber is not valid: " + check);
+ // errors.add(LanguageHelper.getErrorString("validation.general.sso.identificationnumber.valid",
+ // new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ // }
+ // }
+
+ // check = form.getSsoPublicUrl();
+ // if (MiscUtil.isNotEmpty(check)) {
+ // if (!ValidationHelper.validateURL(check)) {
+ // log.info("SSO Public URL is not valid");
+ // errors.add(LanguageHelper.getErrorString("validation.general.sso.publicurl.valid"));
+ // }
+ // }
+
+ check = form.getSsoSpecialText();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, true)) {
+ log.info("SSO SpecialText is not valid: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid",
+ new Object[] {ValidationHelper.getNotValidCharacter(true)} , request));
+ }
+ }
+
+ check = form.getSsoTarget();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty SSO Target");
+ //errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty", request));
- String num = check.replaceAll(" ", "");
-
- if ( !(num.startsWith(Constants.IDENIFICATIONTYPE_FN) ||
- num.startsWith(Constants.IDENIFICATIONTYPE_ZVR) ||
- num.startsWith(Constants.IDENIFICATIONTYPE_ERSB) ) ) {
+ } else {
+ if (!ValidationHelper.isValidAdminTarget(check)) {
- log.info("Not valid SSO Target");
- errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", request));
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.warn("IdentificationNumber contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid",
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
+ }
+
+ String num = check.replaceAll(" ", "");
+
+ if ( !(num.startsWith(Constants.IDENIFICATIONTYPE_FN) ||
+ num.startsWith(Constants.IDENIFICATIONTYPE_ZVR) ||
+ num.startsWith(Constants.IDENIFICATIONTYPE_ERSB) ) ) {
+
+ log.info("Not valid SSO Target");
+ errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", request));
+ }
+
}
-
}
- }
-
- check = form.getSzrgwURL();
- if (MiscUtil.isNotEmpty(check)) {
- String[] szrGWServiceURLs = check.split(",");
- for (String el : szrGWServiceURLs) {
- if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) {
- log.info("Not valid Online-Mandate Service URL");
- errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid",
- new Object[]{el}, request));
+
+ check = form.getSzrgwURL();
+ if (MiscUtil.isNotEmpty(check)) {
+ String[] szrGWServiceURLs = check.split(",");
+ for (String el : szrGWServiceURLs) {
+ if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) {
+ log.info("Not valid Online-Mandate Service URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid",
+ new Object[]{el}, request));
+ }
}
}
}
@@ -433,41 +451,42 @@ public class MOAConfigValidator {
}
-
- if (form.getFileUploadFileName() != null && !form.getFileUploadFileName().isEmpty()) {
- HashMap<String, byte[]> map = new HashMap<String, byte[]>();
- for (int i=0; i<form.getFileUploadFileName().size(); i++) {
- String filename = form.getFileUploadFileName().get(i);
-
- if (MiscUtil.isNotEmpty(filename)) {
- if (ValidationHelper.containsNotValidCharacter(filename, false)) {
- log.info("SL Transformation Filename is not valid");
- errors.add(LanguageHelper.getErrorString("validation.general.slrequest.filename.valid", request));
-
- } else {
- try {
- File file = form.getFileUpload().get(i);
- FileInputStream stream = new FileInputStream(file);
- map.put(filename, Base64Utils.encode(stream).getBytes("UTF-8"));
+ if (isMOAIDMode) {
+ if (form.getFileUploadFileName() != null && !form.getFileUploadFileName().isEmpty()) {
+ HashMap<String, byte[]> map = new HashMap<String, byte[]>();
+ for (int i=0; i<form.getFileUploadFileName().size(); i++) {
+ String filename = form.getFileUploadFileName().get(i);
+
+ if (MiscUtil.isNotEmpty(filename)) {
+ if (ValidationHelper.containsNotValidCharacter(filename, false)) {
+ log.info("SL Transformation Filename is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.filename.valid", request));
- } catch (IOException e) {
- log.info("SecurtiyLayerTransformation with FileName "
- + filename +" can not be loaded." , e);
- errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.valid",
- new Object[] {filename}, request ));
- }
+ } else {
+ try {
+ File file = form.getFileUpload().get(i);
+ FileInputStream stream = new FileInputStream(file);
+ map.put(filename, Base64Utils.encode(stream).getBytes("UTF-8"));
+
+ } catch (IOException e) {
+ log.info("SecurtiyLayerTransformation with FileName "
+ + filename +" can not be loaded." , e);
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.valid",
+ new Object[] {filename}, request ));
+ }
+ }
}
}
- }
-
- form.setSecLayerTransformation(map);
-
- } else {
- if (form.getSecLayerTransformation() == null) {
- log.info("AuthBlock Transformation file is empty");
- errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.empty", request));
+
+ form.setSecLayerTransformation(map);
- }
+ } else {
+ if (form.getSecLayerTransformation() == null) {
+ log.info("AuthBlock Transformation file is empty");
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.empty", request));
+
+ }
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
index 6b58a22b4..5a31d8f47 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
@@ -175,6 +175,14 @@ public class OAAuthenticationDataValidation {
}
}
+ check =form.getEidServiceSelected();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid E-ID Service URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.eid.url.valid",
+ new Object[]{check}, request));
+ }
+ }
if (form.isEnableTestCredentials()
&& form.getTestCredialOIDList() != null && !form.getTestCredialOIDList().isEmpty()) {
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
index fbd6fedcd..9155d7684 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
@@ -154,6 +154,7 @@ webpages.moaconfig.services.header=Externe Services
webpages.moaconfig.services.mandates=Online-Vollmachten Service URLs (CSV)
webpages.moaconfig.services.szrgw=Zentraler nationaler eIDAS Connector URLs (CSV)
webpages.moaconfig.services.elgamandateservice=ELGA Mandate Service EntityIDs (CSV)
+webpages.moaconfig.services.eidsystemservice=E-ID System EntityIDs (CSV)
webpages.moaconfig.sso.header=Single Sign-On
webpages.moaconfig.sso.PublicUrl=SSO Service URL-Prefix
webpages.moaconfig.sso.FriendlyName=SSO Service Name
@@ -263,14 +264,17 @@ webpages.oaconfig.general.aditional.useUTC=UTC Zeit verwenden
webpages.oaconfig.general.aditional.calculateHPI="TODO!"
webpages.oaconfig.general.isHideBPKAuthBlock=bPK/wbPK im AuthBlock ausblenden
-webpages.oaconfig.general.neweid.header=Demo-Modus zur Simulation der Austrian eID
-webpages.oaconfig.general.neweid.activate=Demo-Modus aktivieren
+webpages.oaconfig.general.neweid.header=E-ID Attribute
+webpages.oaconfig.general.neweid.activate=Neue E-ID Attribute \u00FCbertragen
webpages.oaconfig.general.foreign.sectors=Sektoren f\u00FCr Fremd-bPKs (CSV)
webpages.oaconfig.general.additionalbpks.sectors=Sektoren f\u00FCr weitere bPKs (CSV)
webpages.oaconfig.general.szrgw.header=Zentraler nationaler eIDAS Connector
webpages.oaconfig.general.szrgw.selected=URL zum zentralen eIDAS Connector
+webpages.oaconfig.general.eid.header=Der \u00f6sterreichische E-ID
+webpages.oaconfig.general.eid.selected=URL zum E-ID Service
+
webpages.oaconfig.menu.saml1.show=SAML1 Konfiguration einblenden
webpages.oaconfig.menu.saml1.hidden=SAML1 Konfiguration ausblenden
webpages.oaconfig.menu.pvp2.show=PVP2 Konfiguration einblenden
@@ -415,6 +419,7 @@ validation.general.IdentityLinkSigners.valid=Der IdentityLinkSigner in der Zeile
validation.general.mandateservice.valid=Die URL {0} zum Online-Vollmachten Service hat kein g\u00F6ltiges Format.
validation.general.elga.mandateservice.valid=Die EntityID {0} zum ELGA Vertretungsservice hat kein g\u00F6ltiges Format.
validation.general.szrgw.url.valid=Die URL {0} des zentralen eIDAS Connectors hat kein g\u00F6ltiges Format.
+validation.general.eid.url.valid=Die URL {0} zum E-ID System hat kein g\u00F6ltiges Format.
validation.general.moasp.auth.transformation.empty=Die Transformation f\u00F6r den Authentfizierungsblock ist leer.
validation.general.moasp.auth.transformation.valid=Die Transformation f\u00F6r den Authentfizierungsblock in der Zeile {0} enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {1}
validation.general.moasp.auth.trustprofile.empty=Das TrustProfile zur Pr\u00F6fung des Authentfizierungsblock ist leer.
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
index f49bbfdc8..7d242de01 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
@@ -153,6 +153,7 @@ webpages.moaconfig.services.header=External Services
webpages.moaconfig.services.mandates=Online-Mandate Service URLs (CSV)
webpages.moaconfig.services.szrgw=Central national eIDAS Conenctor URLs (CSV)
webpages.moaconfig.services.elgamandateservice=ELGA Mandate Service EntityIDs (CSV)
+webpages.moaconfig.services.eidsystemservice=E-ID System EntityIDs (CSV)
webpages.moaconfig.sso.header=Single Sign-On
webpages.moaconfig.sso.PublicUrl=SSO Service URL-Prefix
webpages.moaconfig.sso.FriendlyName=SSO Service Name
@@ -269,14 +270,17 @@ webpages.oaconfig.general.aditional.useUTC=Use UTC time
webpages.oaconfig.general.aditional.calculateHPI="TODO!"
webpages.oaconfig.general.isHideBPKAuthBlock=Hide bPK/wbPK from AuthBlock
-webpages.oaconfig.general.neweid.header=Demo-mode to simulate new Austrian eID
-webpages.oaconfig.general.neweid.activate=Activate demo-mode
+webpages.oaconfig.general.neweid.header=Austrian E-ID Attributes
+webpages.oaconfig.general.neweid.activate=Add additional E-ID Attributes
webpages.oaconfig.general.foreign.sectors=Sectors for foreign pseudonyms (CSV)
webpages.oaconfig.general.additionalbpks.sectors=Sectors for additional pseudonyms (CSV)
webpages.oaconfig.general.szrgw.header=Central national eIDAS Connector
webpages.oaconfig.general.szrgw.selected=URL to central eIDAS Connector
+webpages.oaconfig.general.eid.header=Austrian E-ID
+webpages.oaconfig.general.eid.selected=URL to E-ID system
+
webpages.oaconfig.menu.saml1.show=Show SAML1 configuration
webpages.oaconfig.menu.saml1.hidden=Hide SAML1 configuration
webpages.oaconfig.menu.pvp2.show=Show PVP2 configuration
@@ -414,6 +418,7 @@ validation.general.IdentityLinkSigners.valid=IdentityLinkSigner in the line {0}
validation.general.mandateservice.valid=URL {0} for Online-Mandating Service has invalid format.
validation.general.elga.mandateservice.valid=EntityID {0} for ELGA Mandate-Service has invalid format.
validation.general.szrgw.url.valid=URL {0} for central eIDAs Connector has invalid format.
+validation.general.eid.url.valid=URL {0} for E-ID System has invalid format.
validation.general.moasp.auth.transformation.empty=Transformation for authentication block is blank.
validation.general.moasp.auth.transformation.valid=Transformation for authentication block in the line {0} contians forbidden characters. The following characters are not allowed\: {1}
validation.general.moasp.auth.trustprofile.empty=TrustProfile for checking of authentication block is blank.
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
index 79c66f37c..6d8421b51 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
@@ -69,58 +69,60 @@
</s:checkbox>
-
- <div class="oa_config_block">
- <h3><%=LanguageHelper.getGUIString("webpages.moaconfig.defaultbkus.header", request) %></h3>
-
- <s:textfield name="moaconfig.defaultBKUHandy"
- value="%{moaconfig.defaultBKUHandy}"
- labelposition="left"
- key="webpages.oaconfig.general.bku.handy"
- cssClass="textfield_long">
- </s:textfield>
-
- <s:textfield name="moaconfig.defaultBKULocal"
- value="%{moaconfig.defaultBKULocal}"
- labelposition="left"
- key="webpages.oaconfig.general.bku.local"
- cssClass="textfield_long">
- </s:textfield>
-
- <s:textfield name="moaconfig.defaultBKUOnline"
- value="%{moaconfig.defaultBKUOnline}"
- labelposition="left"
- key="webpages.oaconfig.general.bku.online"
- cssClass="textfield_long">
- </s:textfield>
- </div>
-
- <div class="oa_config_block">
- <h3><%=LanguageHelper.getGUIString("webpages.moaconfig.slrequesttemplates.header", request) %></h3>
+ <s:if test="moaconfig.isMoaidMode()">
+ <div class="oa_config_block">
+ <h3><%=LanguageHelper.getGUIString("webpages.moaconfig.defaultbkus.header", request) %></h3>
- <s:textfield name="moaconfig.SLRequestTemplateHandy"
- value="%{moaconfig.SLRequestTemplateHandy}"
- labelposition="left"
- key="webpages.moaconfig.slrequesttemplates.handy"
- cssClass="textfield_long">
- </s:textfield>
-
- <s:textfield name="moaconfig.SLRequestTemplateLocal"
- value="%{moaconfig.SLRequestTemplateLocal}"
- labelposition="left"
- key="webpages.moaconfig.slrequesttemplates.local"
- cssClass="textfield_long">
- </s:textfield>
-
- <s:textfield name="moaconfig.SLRequestTemplateOnline"
- value="%{moaconfig.SLRequestTemplateOnline}"
- labelposition="left"
- key="webpages.moaconfig.slrequesttemplates.online"
- cssClass="textfield_long">
- </s:textfield>
+ <s:textfield name="moaconfig.defaultBKUHandy"
+ value="%{moaconfig.defaultBKUHandy}"
+ labelposition="left"
+ key="webpages.oaconfig.general.bku.handy"
+ cssClass="textfield_long">
+ </s:textfield>
+
+ <s:textfield name="moaconfig.defaultBKULocal"
+ value="%{moaconfig.defaultBKULocal}"
+ labelposition="left"
+ key="webpages.oaconfig.general.bku.local"
+ cssClass="textfield_long">
+ </s:textfield>
+
+ <s:textfield name="moaconfig.defaultBKUOnline"
+ value="%{moaconfig.defaultBKUOnline}"
+ labelposition="left"
+ key="webpages.oaconfig.general.bku.online"
+ cssClass="textfield_long">
+ </s:textfield>
+ </div>
- </div>
-
+ <div class="oa_config_block">
+ <h3><%=LanguageHelper.getGUIString("webpages.moaconfig.slrequesttemplates.header", request) %></h3>
+
+ <s:textfield name="moaconfig.SLRequestTemplateHandy"
+ value="%{moaconfig.SLRequestTemplateHandy}"
+ labelposition="left"
+ key="webpages.moaconfig.slrequesttemplates.handy"
+ cssClass="textfield_long">
+ </s:textfield>
+
+ <s:textfield name="moaconfig.SLRequestTemplateLocal"
+ value="%{moaconfig.SLRequestTemplateLocal}"
+ labelposition="left"
+ key="webpages.moaconfig.slrequesttemplates.local"
+ cssClass="textfield_long">
+ </s:textfield>
+
+ <s:textfield name="moaconfig.SLRequestTemplateOnline"
+ value="%{moaconfig.SLRequestTemplateOnline}"
+ labelposition="left"
+ key="webpages.moaconfig.slrequesttemplates.online"
+ cssClass="textfield_long">
+ </s:textfield>
+
+ </div>
+ </s:if>
+
+
<div class="oa_config_block">
<h3><%=LanguageHelper.getGUIString("webpages.moaconfig.certificates.header", request) %></h3>
@@ -156,177 +158,204 @@
key="webpages.moaconfig.timeout.assertion"
cssClass="textfield_long">
</s:textfield>
- <s:textfield name="moaconfig.timeoutMOASessionCreated"
- value="%{moaconfig.timeoutMOASessionCreated}"
- labelposition="left"
- key="webpages.moaconfig.timeout.MOASessionCreated"
- cssClass="textfield_long">
- </s:textfield>
- <s:textfield name="moaconfig.timeoutMOASessionUpdated"
- value="%{moaconfig.timeoutMOASessionUpdated}"
- labelposition="left"
- key="webpages.moaconfig.timeout.MOASessionUpdated"
- cssClass="textfield_long">
- </s:textfield>
-
- </div>
-
- <div class="oa_config_block">
- <h3><%=LanguageHelper.getGUIString("webpages.moaconfig.moasp.header", request) %></h3>
-
- <s:textfield name="moaconfig.moaspssIdlTrustProfile"
- value="%{moaconfig.moaspssIdlTrustProfile}"
- labelposition="left"
- key="webpages.moaconfig.moasp.idltrustprofile"
- cssClass="textfield_long">
- </s:textfield>
-
- <s:textfield name="moaconfig.moaspssIdlTrustProfileTest"
- value="%{moaconfig.moaspssIdlTrustProfileTest}"
- labelposition="left"
- key="webpages.moaconfig.moasp.idltrustprofile.test"
- cssClass="textfield_long">
- </s:textfield>
-<%-- <s:textarea name="moaconfig.identityLinkSigners"
- value="%{moaconfig.identityLinkSigners}"
- labelposition="left"
- key="webpages.moaconfig.identitylinksigners"
- cssClass="textfield_large">
- </s:textarea> --%>
-
- <s:textfield name="moaconfig.moaspssAuthTrustProfile"
- value="%{moaconfig.moaspssAuthTrustProfile}"
- labelposition="left"
- key="webpages.moaconfig.moasp.authtrustprofile"
- cssClass="textfield_long">
- </s:textfield>
-
- <s:textfield name="moaconfig.moaspssAuthTrustProfileTest"
- value="%{moaconfig.moaspssAuthTrustProfileTest}"
- labelposition="left"
- key="webpages.moaconfig.moasp.authtrustprofile.test"
- cssClass="textfield_long">
- </s:textfield>
-
-
-<%-- <s:textarea name="moaconfig.moaspssAuthTransformations"
- value="%{moaconfig.moaspssAuthTransformations}"
- labelposition="left"
- key="webpages.moaconfig.moasp.authblocktransform"
- cssClass="textfield_large">
- </s:textarea> --%>
- <s:textfield name="moaconfig.moaspssAuthTransformations"
- value="%{moaconfig.moaspssAuthTransformations}"
- labelposition="left"
- key="webpages.moaconfig.moasp.authblocktransform"
- cssClass="textfield_long">
- </s:textfield>
+ <s:if test="moaconfig.isMoaidMode()">
+ <s:textfield name="moaconfig.timeoutMOASessionCreated"
+ value="%{moaconfig.timeoutMOASessionCreated}"
+ labelposition="left"
+ key="webpages.moaconfig.timeout.MOASessionCreated"
+ cssClass="textfield_long">
+ </s:textfield>
+ <s:textfield name="moaconfig.timeoutMOASessionUpdated"
+ value="%{moaconfig.timeoutMOASessionUpdated}"
+ labelposition="left"
+ key="webpages.moaconfig.timeout.MOASessionUpdated"
+ cssClass="textfield_long">
+ </s:textfield>
+ </s:if>
+ <s:else>
+ <s:hidden name="moaconfig.timeoutMOASessionCreated"
+ value="300">
+ </s:hidden>
+ <s:hidden name="moaconfig.timeoutMOASessionUpdated"
+ value="300">
+ </s:hidden>
+ </s:else>
-<%-- <s:textfield name="moaconfig.moaspssURL"
- value="%{moaconfig.moaspssURL}"
- labelposition="left"
- key="webpages.moaconfig.moasp.url"
- cssClass="textfield_long">
- </s:textfield> --%>
</div>
- <div class="oa_config_block">
- <h3><%=LanguageHelper.getGUIString("webpages.moaconfig.services.header", request) %></h3>
- <s:textarea name="moaconfig.mandateURL"
- value="%{moaconfig.mandateURL}"
- labelposition="left"
- key="webpages.moaconfig.services.mandates"
- cssClass="textfield_long">
- </s:textarea>
- <s:textarea name="moaconfig.szrgwURL"
- value="%{moaconfig.szrgwURL}"
- labelposition="left"
- key="webpages.moaconfig.services.szrgw"
- cssClass="textfield_long">
- </s:textarea>
- <s:textarea name="moaconfig.elgaMandateServiceURL"
- value="%{moaconfig.elgaMandateServiceURL}"
- labelposition="left"
- key="webpages.moaconfig.services.elgamandateservice"
- cssClass="textfield_long">
- </s:textarea>
- </div>
+ <s:if test="moaconfig.isMoaidMode()">
+ <div class="oa_config_block">
+ <h3><%=LanguageHelper.getGUIString("webpages.moaconfig.moasp.header", request) %></h3>
+
+ <s:textfield name="moaconfig.moaspssIdlTrustProfile"
+ value="%{moaconfig.moaspssIdlTrustProfile}"
+ labelposition="left"
+ key="webpages.moaconfig.moasp.idltrustprofile"
+ cssClass="textfield_long">
+ </s:textfield>
+
+ <s:textfield name="moaconfig.moaspssIdlTrustProfileTest"
+ value="%{moaconfig.moaspssIdlTrustProfileTest}"
+ labelposition="left"
+ key="webpages.moaconfig.moasp.idltrustprofile.test"
+ cssClass="textfield_long">
+ </s:textfield>
+
+ <%-- <s:textarea name="moaconfig.identityLinkSigners"
+ value="%{moaconfig.identityLinkSigners}"
+ labelposition="left"
+ key="webpages.moaconfig.identitylinksigners"
+ cssClass="textfield_large">
+ </s:textarea> --%>
+
+ <s:textfield name="moaconfig.moaspssAuthTrustProfile"
+ value="%{moaconfig.moaspssAuthTrustProfile}"
+ labelposition="left"
+ key="webpages.moaconfig.moasp.authtrustprofile"
+ cssClass="textfield_long">
+ </s:textfield>
+
+ <s:textfield name="moaconfig.moaspssAuthTrustProfileTest"
+ value="%{moaconfig.moaspssAuthTrustProfileTest}"
+ labelposition="left"
+ key="webpages.moaconfig.moasp.authtrustprofile.test"
+ cssClass="textfield_long">
+ </s:textfield>
+
+
+ <%-- <s:textarea name="moaconfig.moaspssAuthTransformations"
+ value="%{moaconfig.moaspssAuthTransformations}"
+ labelposition="left"
+ key="webpages.moaconfig.moasp.authblocktransform"
+ cssClass="textfield_large">
+ </s:textarea> --%>
+ <s:textfield name="moaconfig.moaspssAuthTransformations"
+ value="%{moaconfig.moaspssAuthTransformations}"
+ labelposition="left"
+ key="webpages.moaconfig.moasp.authblocktransform"
+ cssClass="textfield_long">
+ </s:textfield>
+
+ <%-- <s:textfield name="moaconfig.moaspssURL"
+ value="%{moaconfig.moaspssURL}"
+ labelposition="left"
+ key="webpages.moaconfig.moasp.url"
+ cssClass="textfield_long">
+ </s:textfield> --%>
+
+ </div>
+ </s:if>
- <div class="oa_config_block" >
- <h3><%=LanguageHelper.getGUIString("webpages.moaconfig.sso.header", request) %></h3>
-<%-- <s:textfield name="moaconfig.ssoPublicUrl"
- value="%{moaconfig.ssoPublicUrl}"
- labelposition="left"
- key="webpages.moaconfig.sso.PublicUrl"
- cssClass="textfield_long">
- </s:textfield> --%>
- <s:textfield name="moaconfig.ssoFriendlyName"
- value="%{moaconfig.ssoFriendlyName}"
- labelposition="left"
- key="webpages.moaconfig.sso.FriendlyName"
- cssClass="textfield_long">
- </s:textfield>
- <s:textfield name="moaconfig.ssoTarget "
- value="%{moaconfig.ssoTarget }"
- labelposition="left"
- key="webpages.moaconfig.services.sso.Target"
- cssClass="textfield_long">
- </s:textfield>
- <s:textarea name="moaconfig.ssoSpecialText"
- value="%{moaconfig.ssoSpecialText}"
- labelposition="left"
- key="webpages.moaconfig.services.sso.SpecialText"
- cssClass="textfield_large">
- </s:textarea>
- </div>
<div class="oa_config_block">
- <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %></h3>
- <s:select list="storkconfig.allowedLoALevels"
- value="%{storkconfig.defaultQaa}"
- name="storkconfig.defaultQaa"
- key="webpages.moaconfig.stork.qaa.default"
- labelposition="left"
- cssClass="textfield_long" />
- <h4><%=LanguageHelper.getGUIString("webpages.moaconfig.stork.pepslist", request) %></h4>
- <table id="stork_pepslist">
- <tr><td>Country Shortcode</td><td style="text-align:center;">PEPS URL</td><td>Supports XMLEncryption</td></tr>
- <s:iterator value="storkconfig.cpepslist" status="stat">
- <tr>
- <td style="display:none;"><s:textfield name="storkconfig.cpepslist[%{#stat.index}].hjid" value="%{hjid}" cssStyle="display:none;"/></td>
- <s:if test="%{countryCode == 'CC'}">
- <td><s:textfield name="storkconfig.cpepslist[%{#stat.index}].countryCode" value="%{countryCode}" cssClass="textfield_PEPS_CC"/></td>
- </s:if>
- <s:else>
- <td><s:property value="%{countryCode}" /></td>
- </s:else>
- <td><s:textfield name="storkconfig.cpepslist[%{#stat.index}].URL" value="%{URL}" cssClass="textfield_long"/></td>
- <td><s:checkbox name="storkconfig.cpepslist[%{#stat.index}].supportsXMLSignature" value="%{supportsXMLSignature}" /></td>
- <td><input class="button_narrow" type="button" value="<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.removepeps", request) %>" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/></td>
- </tr>
- </s:iterator>
- <s:if test="%{storkconfig.cpepslist == null || storkconfig.cpepslist.isEmpty}">
- <tr><td><s:textfield name="storkconfig.cpepslist[0].countryCode" value="CC" cssClass="textfield_PEPS_CC"/></td>
- <td><s:textfield name="storkconfig.cpepslist[0].URL" value="http://" cssClass="textfield_long"/></td>
- <td><s:checkbox name="storkconfig.cpepslist[0].supportsXMLSignature" value="true" /></td>
- <td><input class="button_narrow" type="button" value="<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.removepeps", request) %>" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/></td></tr>
- </s:if>
- </table>
- <input class="oa_buttons" type="button" value="<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.newpeps", request) %>" onclick='newPeps();' />
- <h4><%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading", request) %></h4>
- <table id="stork_attributelist">
- <tr><td><%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading.name", request) %></td><td><%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading.mandatory", request) %></td></tr>
- <s:iterator value="storkconfig.attributes" status="stat">
- <tr><td><s:textfield name="storkconfig.attributes[%{#stat.index}].name" value="%{name}"/></td>
- <td><s:checkbox name="storkconfig.attributes[%{#stat.index}].mandatory" value="%{mandatory}" /></td>
- <td><input class="button_narrow" type="button" value="<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.remove", request) %>" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/></td></tr>
- </s:iterator>
- </table>
- <input class="oa_buttons" type="button" value="<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.new", request) %>" onclick='newStorkAttribute();' />
+ <h3><%=LanguageHelper.getGUIString("webpages.moaconfig.services.header", request) %></h3>
+
+ <s:if test="moaconfig.isMoaidMode()">
+ <s:textarea name="moaconfig.mandateURL"
+ value="%{moaconfig.mandateURL}"
+ labelposition="left"
+ key="webpages.moaconfig.services.mandates"
+ cssClass="textfield_long">
+ </s:textarea>
+ <s:textarea name="moaconfig.szrgwURL"
+ value="%{moaconfig.szrgwURL}"
+ labelposition="left"
+ key="webpages.moaconfig.services.szrgw"
+ cssClass="textfield_long">
+ </s:textarea>
+ <s:textarea name="moaconfig.elgaMandateServiceURL"
+ value="%{moaconfig.elgaMandateServiceURL}"
+ labelposition="left"
+ key="webpages.moaconfig.services.elgamandateservice"
+ cssClass="textfield_long">
+ </s:textarea>
+ </s:if>
+
+ <s:textarea name="moaconfig.eidSystemServiceURL"
+ value="%{moaconfig.eidSystemServiceURL}"
+ labelposition="left"
+ key="webpages.moaconfig.services.eidsystemservice"
+ cssClass="textfield_long">
+ </s:textarea>
</div>
+ <s:if test="moaconfig.isMoaidMode()">
+ <div class="oa_config_block" >
+ <h3><%=LanguageHelper.getGUIString("webpages.moaconfig.sso.header", request) %></h3>
+ <%-- <s:textfield name="moaconfig.ssoPublicUrl"
+ value="%{moaconfig.ssoPublicUrl}"
+ labelposition="left"
+ key="webpages.moaconfig.sso.PublicUrl"
+ cssClass="textfield_long">
+ </s:textfield> --%>
+ <s:textfield name="moaconfig.ssoFriendlyName"
+ value="%{moaconfig.ssoFriendlyName}"
+ labelposition="left"
+ key="webpages.moaconfig.sso.FriendlyName"
+ cssClass="textfield_long">
+ </s:textfield>
+ <s:textfield name="moaconfig.ssoTarget "
+ value="%{moaconfig.ssoTarget }"
+ labelposition="left"
+ key="webpages.moaconfig.services.sso.Target"
+ cssClass="textfield_long">
+ </s:textfield>
+ <s:textarea name="moaconfig.ssoSpecialText"
+ value="%{moaconfig.ssoSpecialText}"
+ labelposition="left"
+ key="webpages.moaconfig.services.sso.SpecialText"
+ cssClass="textfield_large">
+ </s:textarea>
+ </div>
+
+ <div class="oa_config_block">
+ <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %></h3>
+ <s:select list="storkconfig.allowedLoALevels"
+ value="%{storkconfig.defaultQaa}"
+ name="storkconfig.defaultQaa"
+ key="webpages.moaconfig.stork.qaa.default"
+ labelposition="left"
+ cssClass="textfield_long" />
+ <h4><%=LanguageHelper.getGUIString("webpages.moaconfig.stork.pepslist", request) %></h4>
+ <table id="stork_pepslist">
+ <tr><td>Country Shortcode</td><td style="text-align:center;">PEPS URL</td><td>Supports XMLEncryption</td></tr>
+ <s:iterator value="storkconfig.cpepslist" status="stat">
+ <tr>
+ <td style="display:none;"><s:textfield name="storkconfig.cpepslist[%{#stat.index}].hjid" value="%{hjid}" cssStyle="display:none;"/></td>
+ <s:if test="%{countryCode == 'CC'}">
+ <td><s:textfield name="storkconfig.cpepslist[%{#stat.index}].countryCode" value="%{countryCode}" cssClass="textfield_PEPS_CC"/></td>
+ </s:if>
+ <s:else>
+ <td><s:property value="%{countryCode}" /></td>
+ </s:else>
+ <td><s:textfield name="storkconfig.cpepslist[%{#stat.index}].URL" value="%{URL}" cssClass="textfield_long"/></td>
+ <td><s:checkbox name="storkconfig.cpepslist[%{#stat.index}].supportsXMLSignature" value="%{supportsXMLSignature}" /></td>
+ <td><input class="button_narrow" type="button" value="<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.removepeps", request) %>" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/></td>
+ </tr>
+ </s:iterator>
+ <s:if test="%{storkconfig.cpepslist == null || storkconfig.cpepslist.isEmpty}">
+ <tr><td><s:textfield name="storkconfig.cpepslist[0].countryCode" value="CC" cssClass="textfield_PEPS_CC"/></td>
+ <td><s:textfield name="storkconfig.cpepslist[0].URL" value="http://" cssClass="textfield_long"/></td>
+ <td><s:checkbox name="storkconfig.cpepslist[0].supportsXMLSignature" value="true" /></td>
+ <td><input class="button_narrow" type="button" value="<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.removepeps", request) %>" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/></td></tr>
+ </s:if>
+ </table>
+ <input class="oa_buttons" type="button" value="<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.newpeps", request) %>" onclick='newPeps();' />
+ <h4><%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading", request) %></h4>
+ <table id="stork_attributelist">
+ <tr><td><%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading.name", request) %></td><td><%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading.mandatory", request) %></td></tr>
+ <s:iterator value="storkconfig.attributes" status="stat">
+ <tr><td><s:textfield name="storkconfig.attributes[%{#stat.index}].name" value="%{name}"/></td>
+ <td><s:checkbox name="storkconfig.attributes[%{#stat.index}].mandatory" value="%{mandatory}" /></td>
+ <td><input class="button_narrow" type="button" value="<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.remove", request) %>" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/></td></tr>
+ </s:iterator>
+ </table>
+ <input class="oa_buttons" type="button" value="<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.new", request) %>" onclick='newStorkAttribute();' />
+ </div>
+ </s:if>
+
<div class="oa_config_block">
<h3><%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.header", request) %></h3>
@@ -338,18 +367,21 @@
key="webpages.moaconfig.protocols.legacy.saml1"
cssClass="checkbox">
</s:checkbox>
- <s:checkbox name="moaconfig.protocolActivePVP21"
- value="%{moaconfig.protocolActivePVP21}"
- labelposition="right"
- key="webpages.moaconfig.protocols.legacy.pvp2"
- cssClass="checkbox">
- </s:checkbox>
- <s:checkbox name="moaconfig.protocolActiveOAuth"
- value="%{moaconfig.protocolActiveOAuth}"
- labelposition="right"
- key="webpages.moaconfig.protocols.oauth"
- cssClass="checkbox">
- </s:checkbox>
+
+ <s:if test="moaconfig.isMoaidMode()">
+ <s:checkbox name="moaconfig.protocolActivePVP21"
+ value="%{moaconfig.protocolActivePVP21}"
+ labelposition="right"
+ key="webpages.moaconfig.protocols.legacy.pvp2"
+ cssClass="checkbox">
+ </s:checkbox>
+ <s:checkbox name="moaconfig.protocolActiveOAuth"
+ value="%{moaconfig.protocolActiveOAuth}"
+ labelposition="right"
+ key="webpages.moaconfig.protocols.oauth"
+ cssClass="checkbox">
+ </s:checkbox>
+ </s:if>
</div>
<br>
@@ -362,12 +394,15 @@
key="webpages.moaconfig.protocols.legacy.saml1"
cssClass="checkbox">
</s:checkbox>
- <s:checkbox name="moaconfig.legacy_pvp2"
- value="%{moaconfig.legacy_pvp2}"
- labelposition="right"
- key="webpages.moaconfig.protocols.legacy.pvp2"
- cssClass="checkbox">
- </s:checkbox>
+
+ <s:if test="moaconfig.isMoaidMode()">
+ <s:checkbox name="moaconfig.legacy_pvp2"
+ value="%{moaconfig.legacy_pvp2}"
+ labelposition="right"
+ key="webpages.moaconfig.protocols.legacy.pvp2"
+ cssClass="checkbox">
+ </s:checkbox>
+ </s:if>
</div>
<br>
@@ -461,24 +496,25 @@
</div>
</div>
- <div class="oa_config_block">
- <h3><%=LanguageHelper.getGUIString("webpages.moaconfig.sl.transormations.header", request) %></h3>
-
- <s:iterator value="%{moaconfig.fileUploadFileName}" var="fileName">
- <s:label key="webpages.moaconfig.sl.transormations.filename" value="%{fileName}"/>
-
- <div id="pvp2_certificate_upload">
- <s:file name="moaconfig.fileUpload" key="webpages.moaconfig.sl.transormations.upload" cssClass="textfield_long"></s:file>
- </div>
- </s:iterator>
+ <s:if test="moaconfig.isMoaidMode()">
+ <div class="oa_config_block">
+ <h3><%=LanguageHelper.getGUIString("webpages.moaconfig.sl.transormations.header", request) %></h3>
+
+ <s:iterator value="%{moaconfig.fileUploadFileName}" var="fileName">
+ <s:label key="webpages.moaconfig.sl.transormations.filename" value="%{fileName}"/>
- <s:if test="moaconfig.fileUploadFileName.size() == 0">
<div id="pvp2_certificate_upload">
<s:file name="moaconfig.fileUpload" key="webpages.moaconfig.sl.transormations.upload" cssClass="textfield_long"></s:file>
- </div>
- </s:if>
-
- </div>
+ </div>
+ </s:iterator>
+
+ <s:if test="moaconfig.fileUploadFileName.size() == 0">
+ <div id="pvp2_certificate_upload">
+ <s:file name="moaconfig.fileUpload" key="webpages.moaconfig.sl.transormations.upload" cssClass="textfield_long"></s:file>
+ </div>
+ </s:if>
+ </div>
+ </s:if>
<br>
<br>
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp
index cc4220d0e..feab86593 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp
@@ -46,12 +46,14 @@
<s:include value="snippets/OA/authentication.jsp"></s:include>
- <s:include value="snippets/OA/bPKDecryption.jsp"></s:include>
+ <s:if test="authOA.isMoaidMode()">
+ <s:include value="snippets/OA/bPKDecryption.jsp"></s:include>
- <s:include value="snippets/OA/sso.jsp"></s:include>
+ <s:include value="snippets/OA/sso.jsp"></s:include>
- <s:include value="snippets/OA/stork.jsp"></s:include>
-
+ <s:include value="snippets/OA/stork.jsp"></s:include>
+ </s:if>
+
<div class="oa_config_block">
<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.header", request) %></h3>
@@ -64,35 +66,40 @@
</button>
</s:if>
- <button type="button" class="oa_buttons" onclick="oaPVP2();" id="button_pvp2_show">
- <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.pvp2.show", request) %>
- </button>
- <button type="button" class="oa_buttons" onclick="oaPVP2();" id="button_pvp2_hidden">
- <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.pvp2.hidden", request) %>
- </button>
-
- <button type="button" class="oa_buttons" onclick="oaOAuth20();" id="button_oauth20_show">
- <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.oauth20.show", request) %>
- </button>
- <button type="button" style="display:none" class="oa_buttons" onclick="oaOAuth20();" id="button_oauth20_hidden">
- <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.oauth20.hidden", request) %>
- </button>
-
+ <s:if test="authOA.isMoaidMode()">
+ <button type="button" class="oa_buttons" onclick="oaPVP2();" id="button_pvp2_show">
+ <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.pvp2.show", request) %>
+ </button>
+ <button type="button" class="oa_buttons" onclick="oaPVP2();" id="button_pvp2_hidden">
+ <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.pvp2.hidden", request) %>
+ </button>
+
+ <button type="button" class="oa_buttons" onclick="oaOAuth20();" id="button_oauth20_show">
+ <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.oauth20.show", request) %>
+ </button>
+ <button type="button" style="display:none" class="oa_buttons" onclick="oaOAuth20();" id="button_oauth20_hidden">
+ <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.oauth20.hidden", request) %>
+ </button>
+ </s:if>
<s:include value="snippets/OA/saml1.jsp"></s:include>
- <s:include value="snippets/OA/pvp2.jsp">
- <s:param name="hideBlock">hidden</s:param>
- </s:include>
+ <s:if test="authOA.isMoaidMode()">
+ <s:include value="snippets/OA/pvp2.jsp">
+ <s:param name="hideBlock">hidden</s:param>
+ </s:include>
- <s:include value="snippets/OA/openIDConnect.jsp"></s:include>
+ <s:include value="snippets/OA/openIDConnect.jsp"></s:include>
+ </s:if>
</div>
- <s:include value="snippets/OA/formCustomization.jsp"></s:include>
+ <s:if test="authOA.isMoaidMode()">
+ <s:include value="snippets/OA/formCustomization.jsp"></s:include>
- <s:include value="snippets/OA/revisionslog.jsp"></s:include>
+ <s:include value="snippets/OA/revisionslog.jsp"></s:include>
+ </s:if>
<s:hidden name="formID"
value="%{formID}"></s:hidden>
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp
index d2668e264..7a54df554 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp
@@ -3,8 +3,8 @@
<%@ taglib prefix="s" uri="/struts-tags" %>
<html>
-
- <s:if test="authUser.isAdmin()">
+ <s:if test="authOA.isMoaidMode()">
+ <s:if test="authUser.isAdmin()">
<div class="oa_config_block">
<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.header", request) %></h3>
@@ -167,16 +167,26 @@
</div>
<div class="oa_config_block">
- <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.szrgw.header", request) %></h3>
-
+ <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.szrgw.header", request) %></h3>
<s:select list="authOA.szrgwServicesList"
key="webpages.oaconfig.general.szrgw.selected"
labelposition="left"
cssClass="selectfield_long"
value="%{authOA.szrgwServiceSelected}"
name="authOA.szrgwServiceSelected">
- </s:select>
-
- </div>
+ </s:select>
+ </div>
+ </s:if>
+
+ <div class="oa_config_block">
+ <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.eid.header", request) %></h3>
+ <s:select list="authOA.eidServicesList"
+ key="webpages.oaconfig.general.eid.selected"
+ labelposition="left"
+ cssClass="selectfield_long"
+ value="%{authOA.eidServiceSelected}"
+ name="authOA.eidServiceSelected">
+ </s:select>
+ </div>
</html> \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
index 367dc445d..2436b1051 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
@@ -123,25 +123,27 @@
cssClass="checkbox">
</s:checkbox>
- <s:textarea name="targetConfig.foreignbPKTargets"
- value="%{targetConfig.foreignbPKTargets}"
- labelposition="left"
- key="webpages.oaconfig.general.foreign.sectors"
- cssClass="textfield_long"
- rows="6"
- requiredLabel="true"
- style="height:120px;">
- </s:textarea>
-
- <s:textarea name="targetConfig.additionalbPKTargets"
- value="%{targetConfig.additionalbPKTargets}"
- labelposition="left"
- key="webpages.oaconfig.general.additionalbpks.sectors"
- cssClass="textfield_long"
- rows="6"
- requiredLabel="true"
- style="height:120px;">
- </s:textarea>
+ <s:if test="authOA.isMoaidMode()">
+ <s:textarea name="targetConfig.foreignbPKTargets"
+ value="%{targetConfig.foreignbPKTargets}"
+ labelposition="left"
+ key="webpages.oaconfig.general.foreign.sectors"
+ cssClass="textfield_long"
+ rows="6"
+ requiredLabel="true"
+ style="height:120px;">
+ </s:textarea>
+
+ <s:textarea name="targetConfig.additionalbPKTargets"
+ value="%{targetConfig.additionalbPKTargets}"
+ labelposition="left"
+ key="webpages.oaconfig.general.additionalbpks.sectors"
+ cssClass="textfield_long"
+ rows="6"
+ requiredLabel="true"
+ style="height:120px;">
+ </s:textarea>
+ </s:if>
</div>
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp
index 95d6de912..f4c377d9c 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp
@@ -18,10 +18,14 @@
</div>
<s:if test="authUser.isAdmin()">
- <div class="menu_element">
- <s:url action="listallinterfederationidps" var="interfederationConfig" namespace="/secure"/>
- <a href="<s:property value="#interfederationConfig" />"><%=LanguageHelper.getGUIString("webpages.mainpage.menu.interfederation", request) %></a>
- </div>
+
+ <s:if test="authOA.isMoaidMode()">
+ <div class="menu_element">
+ <s:url action="listallinterfederationidps" var="interfederationConfig" namespace="/secure"/>
+ <a href="<s:property value="#interfederationConfig" />"><%=LanguageHelper.getGUIString("webpages.mainpage.menu.interfederation", request) %></a>
+ </div>
+ </s:if>
+
<div class="menu_element">
<s:url action="loadGeneralConfig" var="generalConfig" namespace="/secure"/>
<a href="<s:property value="#generalConfig" />"><%=LanguageHelper.getGUIString("webpages.mainpage.menu.general.config.moaid", request) %></a>
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
index a28b762af..ca2df5b66 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
@@ -78,6 +78,7 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_OVS_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL));
temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL));
temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL));
+ temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_EID_SYSTEM_SERVICE_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL));
temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_AUTHBLOCK_TEXT, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL));
temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_SERVICENAME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL));
temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL));
@@ -284,14 +285,28 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
}
}
}
+
+ check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_EID_SYSTEM_SERVICE_URL, getKeyPrefix()));
+ if (MiscUtil.isNotEmpty(check)) {
+ String[] misURLs = check.split(",");
+ for (String el : misURLs) {
+ if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) {
+ log.info("Not valid E-ID System Service URL");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_EID_SYSTEM_SERVICE_URL,
+ "E-ID System",
+ LanguageHelper.getErrorString("validation.general.eidsystem.valid", new Object[]{el})));
+ }
+ }
+ }
check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_AUTHBLOCK_TRANSFORM, getKeyPrefix()));
if (MiscUtil.isEmpty(check)) {
log.info("Empty MoaspssAuthTransformation");
- errors.add(new ValidationObjectIdentifier(
- MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_AUTHBLOCK_TRANSFORM,
- "MOA-SP - AuthBlocktransformation",
- LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty")));
+// errors.add(new ValidationObjectIdentifier(
+// MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_AUTHBLOCK_TRANSFORM,
+// "MOA-SP - AuthBlocktransformation",
+// LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty")));
} else {
if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("IdentityLinkSigners is not valid: " + check);
@@ -307,10 +322,10 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD, getKeyPrefix()));
if (MiscUtil.isEmpty(check)) {
log.info("Empty MOA-SP/SS Authblock TrustProfile");
- errors.add(new ValidationObjectIdentifier(
- MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD,
- "MOA-SP - TrustProfile AuthBlock",
- LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty")));
+// errors.add(new ValidationObjectIdentifier(
+// MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD,
+// "MOA-SP - TrustProfile AuthBlock",
+// LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty")));
} else {
if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("Authblock TrustProfile is not valid: " +check);
@@ -325,10 +340,10 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD, getKeyPrefix()));
if (MiscUtil.isEmpty(check)) {
log.info("Empty MOA-SP/SS IdentityLink TrustProfile");
- errors.add(new ValidationObjectIdentifier(
- MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD,
- "MOA-SP - TrustProfile IdL",
- LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty")));
+// errors.add(new ValidationObjectIdentifier(
+// MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD,
+// "MOA-SP - TrustProfile IdL",
+// LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty")));
} else {
if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("IdentityLink TrustProfile is not valid: " +check);
@@ -343,10 +358,10 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_TEST, getKeyPrefix()));
if (MiscUtil.isEmpty(check)) {
log.info("Empty MOA-SP/SS Test-Authblock TrustProfile");
- errors.add(new ValidationObjectIdentifier(
- MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD,
- "MOA-SP - Test-TrustProfile AuthBlock",
- LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty")));
+// errors.add(new ValidationObjectIdentifier(
+// MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD,
+// "MOA-SP - Test-TrustProfile AuthBlock",
+// LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty")));
} else {
if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("Authblock Test-TrustProfile is not valid: " +check);
@@ -361,10 +376,10 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_TEST, getKeyPrefix()));
if (MiscUtil.isEmpty(check)) {
log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile");
- errors.add(new ValidationObjectIdentifier(
- MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD,
- "MOA-SP - Test-TrustProfile IdL",
- LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty")));
+// errors.add(new ValidationObjectIdentifier(
+// MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD,
+// "MOA-SP - Test-TrustProfile IdL",
+// LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty")));
} else {
if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("IdentityLink Test-TrustProfile is not valid: " +check);
@@ -380,10 +395,10 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_HANDY, getKeyPrefix()));
if (MiscUtil.isEmpty(check)) {
log.info("Empty SLRequestTemplate Handy-BKU");
- errors.add(new ValidationObjectIdentifier(
- MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_HANDY,
- "Default SL-Templates - Handy",
- LanguageHelper.getErrorString("validation.general.slrequest.handy.empty")));
+// errors.add(new ValidationObjectIdentifier(
+// MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_HANDY,
+// "Default SL-Templates - Handy",
+// LanguageHelper.getErrorString("validation.general.slrequest.handy.empty")));
} else {
if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
log.info("SLRequestTemplate Handy-BKU is not valid");
@@ -397,10 +412,10 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_LOCAL, getKeyPrefix()));
if (MiscUtil.isEmpty(check)) {
log.info("Empty SLRequestTemplate local BKU");
- errors.add(new ValidationObjectIdentifier(
- MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_LOCAL,
- "Default SL-Templates - Local",
- LanguageHelper.getErrorString("validation.general.slrequest.local.empty")));
+// errors.add(new ValidationObjectIdentifier(
+// MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_LOCAL,
+// "Default SL-Templates - Local",
+// LanguageHelper.getErrorString("validation.general.slrequest.local.empty")));
} else {
if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
log.info("SLRequestTemplate local BKU is not valid");
@@ -414,10 +429,10 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_THIRD, getKeyPrefix()));
if (MiscUtil.isEmpty(check)) {
log.info("Empty SLRequestTemplate Online-BKU");
- errors.add(new ValidationObjectIdentifier(
- MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_THIRD,
- "Default SL-Templates - Online ",
- LanguageHelper.getErrorString("validation.general.slrequest.online.empty")));
+// errors.add(new ValidationObjectIdentifier(
+// MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_THIRD,
+// "Default SL-Templates - Online ",
+// LanguageHelper.getErrorString("validation.general.slrequest.online.empty")));
} else {
if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
log.info("SLRequestTemplate Online-BKU is not valid");
@@ -531,10 +546,10 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, getKeyPrefix()));
if (MiscUtil.isEmpty(check) || check.equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) {
log.info("AuthBlock Transformation file is empty");
- errors.add(new ValidationObjectIdentifier(
- MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64,
- "AuthBlock - Transformation",
- LanguageHelper.getErrorString("validation.general.slrequest.file.empty")));
+// errors.add(new ValidationObjectIdentifier(
+// MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64,
+// "AuthBlock - Transformation",
+// LanguageHelper.getErrorString("validation.general.slrequest.file.empty")));
}
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
index 98aa4cd66..0d2fb0690 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
@@ -158,10 +158,10 @@ public class ServicesAuthenticationInformationTask extends AbstractTaskValidator
check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_KEYBOXIDENTIFIER);
if (MiscUtil.isEmpty(check)) {
log.info("Empty KeyBoxIdentifier");
- errors.add(new ValidationObjectIdentifier(
- MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD,
- "BKU - KeyBoxIdentifier",
- LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty")));
+// errors.add(new ValidationObjectIdentifier(
+// MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD,
+// "BKU - KeyBoxIdentifier",
+// LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty")));
} else {
if (!MOAIDConfigurationConstants.ALLOWED_KEYBOXIDENTIFIER.contains(check)) {
@@ -269,6 +269,17 @@ public class ServicesAuthenticationInformationTask extends AbstractTaskValidator
LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid", new Object[]{check})));
}
+
+ check = input.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_EID_SYSTEM_SERVICE_URL);
+ if (MiscUtil.isNotEmpty(check) &&
+ !ValidationHelper.validateURL(check)) {
+ log.info("Not valid ELGA Service URL");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_EXTERNAL_EID_SYSTEM_SERVICE_URL,
+ "E-ID System",
+ LanguageHelper.getErrorString("validation.general.eidsystem.valid", new Object[]{check})));
+ }
+
check = input.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL);
if (MiscUtil.isNotEmpty(check) &&
!ValidationHelper.validateURL(check)) {
diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml
index 6301a10ec..a18c986c2 100644
--- a/id/server/auth-final/pom.xml
+++ b/id/server/auth-final/pom.xml
@@ -141,6 +141,10 @@
<artifactId>moa-id-module-saml1</artifactId>
</dependency>
+ <dependency>
+ <groupId>MOA.id.server.modules</groupId>
+ <artifactId>moa-id-module-EID_connector</artifactId>
+ </dependency>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 1fd6b3695..67a5a6e68 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -175,12 +175,21 @@
</exclusions>
</dependency>
- <dependency>
- <groupId>commons-collections</groupId>
- <artifactId>commons-collections</artifactId>
- </dependency>
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ </dependency>
- <dependency>
+ <dependency>
+ <groupId>javax.xml.ws</groupId>
+ <artifactId>jaxws-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>javax.jws</groupId>
+ <artifactId>javax.jws-api</artifactId>
+ </dependency>
+
+ <dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
</dependency>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
index d654eb359..f6d116198 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
@@ -97,6 +97,12 @@ public interface MOAIDEventConstants extends EventConstants {
public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED = 6202;
public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR = 6203;
public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID = 6204;
+
+ public static final int AUTHPROCESS_EID_SERVICE_SELECTED = 6300;
+ public static final int AUTHPROCESS_EID_SERVICE_REQUESTED = 6301;
+ public static final int AUTHPROCESS_EID_SERVICE_RECEIVED = 6302;
+ public static final int AUTHPROCESS_EID_SERVICE_RECEIVED_ERROR = 6303;
+ public static final int AUTHPROCESS_EID_SERVICE_ATTRIBUTES_VALID = 6304;
//person information
public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK = 5000;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index a35b45af2..b0f452861 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -158,7 +158,7 @@ public class MOAIDAuthInitializer {
fixJava8_141ProblemWithSSLAlgorithms();
- if (!authConf.getBasicMOAIDConfigurationBoolean(ConfigurationProviderImpl.VALIDATION_AUTHBLOCK_TARGETFRIENDLYNAME, true))
+ if (!authConf.getBasicConfigurationBoolean(ConfigurationProviderImpl.VALIDATION_AUTHBLOCK_TARGETFRIENDLYNAME, true))
Logger.info("AuthBlock 'TargetFriendlyName' validation deactivated");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 25a508687..09d517f5a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -117,7 +117,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
@PostConstruct
private void initialize() {
- Map<String, String> pubKeyMap = authConfig.getBasicMOAIDConfigurationWithPrefix(CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS);
+ Map<String, String> pubKeyMap = authConfig.getBasicConfigurationWithPrefix(CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS);
for (Entry<String, String> el : pubKeyMap.entrySet()) {
try {
encKeyMap.put(el.getKey(), new X509Certificate(Base64Utils.decode(el.getValue(), false)));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
index 48d652671..bd183d906 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
@@ -22,9 +22,13 @@
*/
package at.gv.egovernment.moa.id.auth.modules;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.config.auth.PropertyBasedAuthConfigurationProvider;
/**
* @author tlenz
@@ -32,6 +36,8 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
*/
public class BKUSelectionModuleImpl implements AuthModule {
+ @Autowired(required=false) private IConfiguration configuration;
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
*/
@@ -50,7 +56,8 @@ public class BKUSelectionModuleImpl implements AuthModule {
if (performBKUSelectionObj != null && performBKUSelectionObj instanceof Boolean)
performBKUSelection = (boolean) performBKUSelectionObj;
- if (performBKUSelection)
+ if (performBKUSelection && configuration != null
+ && configuration.getBasicConfigurationBoolean(PropertyBasedAuthConfigurationProvider.PROP_MOAID_MODE, false))
return "BKUSelectionProcess";
else
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index b7970e4fd..496501760 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -43,6 +43,7 @@ import at.gv.egiz.eaaf.core.api.idp.auth.services.IProtocolAuthenticationService
import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
+import at.gv.egiz.eaaf.core.exceptions.SLOException;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
import at.gv.egiz.eaaf.core.impl.utils.Random;
@@ -72,11 +73,10 @@ public class IDPSingleLogOutServlet extends AbstractController {
@Autowired SSOManager ssoManager;
@Autowired IAuthenticationManager authManager;
- @Autowired IAuthenticationSessionStoreage authenicationStorage;
- @Autowired SingleLogOutBuilder sloBuilder;
- @Autowired IProtocolAuthenticationService protAuthService;
+ @Autowired IAuthenticationSessionStoreage authenicationStorage;
+ @Autowired IProtocolAuthenticationService protAuthService;
@Autowired(required=true) private IGUIFormBuilder guiBuilder;
-
+ @Autowired(required=false) SingleLogOutBuilder sloBuilder;
@RequestMapping(value = "/idpSingleLogout", method = {RequestMethod.GET})
public void doGet(HttpServletRequest req, HttpServletResponse resp)
@@ -150,8 +150,15 @@ public class IDPSingleLogOutServlet extends AbstractController {
if(MiscUtil.isNotEmpty(internalSSOId)) {
ISLOInformationContainer sloInfoContainer = authManager.performSingleLogOut(req, resp, null, internalSSOId);
- Logger.debug("Starting technical SLO process ... ");
- sloBuilder.toTechnicalLogout(sloInfoContainer, req, resp, authURL);
+ if (sloBuilder != null) {
+ Logger.debug("Starting technical SLO process ... ");
+ sloBuilder.toTechnicalLogout(sloInfoContainer, req, resp, authURL);
+
+ } else {
+ Logger.warn("Can NOT perfom Single LogOut process! NO SLOBuilder in ClassPath");
+ throw new SLOException("init.05", new Object[] {"Missing depentency or modul not active"});
+
+ }
return;
}
@@ -180,7 +187,7 @@ public class IDPSingleLogOutServlet extends AbstractController {
String redirectURL = null;
IRequest sloReq = sloContainer.getSloRequest();
- if (sloReq != null && sloReq instanceof PVPSProfilePendingRequest) {
+ if (sloBuilder != null && sloReq != null && sloReq instanceof PVPSProfilePendingRequest) {
//send SLO response to SLO request issuer
SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPSProfilePendingRequest)sloContainer.getSloRequest());
LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPSProfilePendingRequest)sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index fff019ae7..eae7aae9d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -51,6 +51,8 @@ import iaik.pki.revocation.RevocationSourceTypes;
public class PropertyBasedAuthConfigurationProvider extends ConfigurationProviderImpl implements AuthConfiguration {
+ public static final String PROP_MOAID_MODE = "general.moaidmode.active";
+
private static final boolean TRUST_MANAGER_REVOCATION_CHECKING_DEFAULT = true;
private MOAIDConfiguration configuration;
@@ -231,7 +233,9 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
allowedProtcols.setSAML1Active(
configuration.getBooleanValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_ENABLED, false));
allowedProtcols.setPVP21Active(
- configuration.getBooleanValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_ENABLED, true));
+ configuration.getBooleanValue(
+ MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_ENABLED, true)
+ && getBasicConfigurationBoolean(PROP_MOAID_MODE, false));
return allowedProtcols;
@@ -1307,5 +1311,4 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
}
}
}
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
index af4cf6fa7..1e42b1e1b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
@@ -4,11 +4,11 @@ import java.util.List;
import org.w3c.dom.Element;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IEidAuthData;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
-public interface IMOAAuthData extends IAuthData{
+public interface IMOAAuthData extends IEidAuthData{
@Deprecated
/**
@@ -34,7 +34,6 @@ public interface IMOAAuthData extends IAuthData{
*/
List<Pair<String, String>> getEncMandateNaturalPersonbPKList();
- byte[] getSignerCertificate();
String getAuthBlock();
boolean isPublicAuthority();
String getPublicAuthorityCode();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
index 897a06e62..9b6de0f29 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
@@ -30,7 +30,7 @@ import org.w3c.dom.Element;
import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
@@ -45,14 +45,13 @@ import at.gv.egovernment.moa.util.MiscUtil;
* @author tlenz
*
*/
-public class MOAAuthenticationData extends AuthenticationData implements IMOAAuthData, Serializable {
+public class MOAAuthenticationData extends EidAuthenticationData implements IMOAAuthData, Serializable {
private static final long serialVersionUID = 1L;
private boolean qualifiedCertificate;
private boolean publicAuthority;
private String publicAuthorityCode;
private String bkuURL;
- private byte[] signerCertificate = null;
private String authBlock = null;
private String QAALevel = null;
@@ -116,21 +115,6 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
return this.encbPKList;
}
-
- @Override
- public byte[] getSignerCertificate() {
- return signerCertificate;
- }
-
-
- /**
- * @param signerCertificate the signerCertificate to set
- */
- public void setSignerCertificate(byte[] signerCertificate) {
- this.signerCertificate = signerCertificate;
- }
-
-
@Override
public String getAuthBlock() {
return authBlock;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 77abe07af..9beeb6cc2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -67,7 +67,7 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
- @Autowired private SingleLogOutBuilder sloBuilder;;
+ @Autowired(required=false) private SingleLogOutBuilder sloBuilder;;
@Override
@@ -118,8 +118,18 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
sloContainer.setSessionID(uniqueSessionIdentifier);
sloContainer.setSloRequest(pvpReq);
- sloBuilder.parseActiveIDPs(sloContainer, dbIDPs, pvpSLOIssuer);
- sloBuilder.parseActiveOAs(sloContainer, dbOAs, pvpSLOIssuer);
+ if (sloBuilder != null) {
+ Logger.trace("Parse active SPs into SLOContainer ... ");
+ sloBuilder.parseActiveIDPs(sloContainer, dbIDPs, pvpSLOIssuer);
+ sloBuilder.parseActiveOAs(sloContainer, dbOAs, pvpSLOIssuer);
+
+ } else {
+ Logger.warn("NO SLOBuilder in ClassPath / Single LogOut NOT possible! Mark SLO as FAILED");
+ sloContainer.putFailedOA(pvpReq.getAuthURL());
+
+ Logger.info("Only the IDP session will be closed soon ...");
+
+ }
Logger.debug("Active SSO Service-Provider: "
+ " BackChannel:" + sloContainer.getActiveBackChannelOAs().size()
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 4fc37d88f..ff5379498 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -146,14 +146,14 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider {
//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
PVPConstants.SSLSOCKETFACTORYNAME,
- moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+ moaAuthConfig.getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
moaAuthConfig.getTrustedCACertificates(),
null,
AuthConfiguration.DEFAULT_X509_CHAININGMODE,
moaAuthConfig.isTrustmanagerrevoationchecking(),
moaAuthConfig.getRevocationMethodOrder(),
- moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+ moaAuthConfig.getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
@@ -173,7 +173,7 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider {
filterChain.getFilters().add(new SchemaValidationFilter(moaAuthConfig.isPVPSchemaValidationActive()));
filterChain.getFilters().add(new MetadataSignatureFilter(metadataURL, certificate));
filterChain.getFilters().add(
- new PVPEntityCategoryFilter(authConfig.getBasicMOAIDConfigurationBoolean(
+ new PVPEntityCategoryFilter(authConfig.getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER,
false)));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
index 389d97b18..ad7328433 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
import java.util.Properties;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
@@ -32,7 +33,7 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.util.MiscUtil;
-//@Service("PVPIDPCredentialProvider")
+@Service("PVPIDPCredentialProvider")
public class IDPCredentialProvider extends AbstractCredentialProvider {
public static final String IDP_JAVAKEYSTORE = "idp.ks.file";
public static final String IDP_KS_PASS = "idp.ks.kspassword";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
index bd908f894..534f6797b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
@@ -76,14 +76,14 @@ public class MOASAMLSOAPClient {
SecureProtocolSocketFactory sslprotocolsocketfactory =
new MOAHttpProtocolSocketFactory(
PVPConstants.SSLSOCKETFACTORYNAME,
- AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean(
+ AuthConfigurationProviderFactory.getInstance().getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(),
null,
AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(),
AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(),
AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder(),
- AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean(
+ AuthConfigurationProviderFactory.getInstance().getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
clientBuilder.setHttpsProtocolSocketFactory(sslprotocolsocketfactory );
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index 6bf44a527..e84bca330 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -94,7 +94,7 @@ public class SSLUtils {
ConfigurationProvider conf, String url )
throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
- boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean(
+ boolean useStandardJavaTrustStore = conf.getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE,
false);
@@ -154,7 +154,7 @@ public class SSLUtils {
ConnectionParameterInterface connParam)
throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
- boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean(
+ boolean useStandardJavaTrustStore = conf.getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE,
false);
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule
index 5116c2a08..65452db3c 100644
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule
@@ -1,2 +1 @@
-at.gv.egovernment.moa.id.auth.modules.BKUSelectionModuleImpl
at.gv.egovernment.moa.id.auth.modules.SingleSignOnConsentsModuleImpl \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
index 794b62477..598376261 100644
--- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
+++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
@@ -22,6 +22,32 @@
<context:component-scan base-package="at.gv.egovernment.moa.id.auth.servlet" />
<context:component-scan base-package="at.gv.egovernment.moa.id.protocols" />
+ <bean id="bkuSelectionProcess"
+ class="at.gv.egovernment.moa.id.auth.modules.BKUSelectionModuleImpl"/>
+
+ <bean id="eaafProtocolAuthenticationService"
+ class="at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService">
+ <property name="guiBuilder" ref="guiFormBuilder" />
+ </bean>
+
+ <bean id="PVPIDPCredentialProvider"
+ class="at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider" />
+
+ <bean id="PVP2XProtocol"
+ class="at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol">
+ <property name="pvpIDPCredentials" ref="PVPIDPCredentialProvider" />
+ </bean>
+
+ <bean id="pvpMetadataService"
+ class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.MetadataAction">
+ <property name="pvpIDPCredentials" ref="PVPIDPCredentialProvider" />
+ </bean>
+
+ <bean id="PVPAuthenticationRequestAction"
+ class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.AuthenticationAction">
+ <property name="pvpIDPCredentials" ref="PVPIDPCredentialProvider" />
+ </bean>
+
<bean id="MOAAuthnRequestValidator"
class="at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator" />
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 3b636aaee..acce76689 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -62,6 +62,8 @@ init.00=MOA-ID-Auth wurde erfolgreich gestartet
init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar
init.02=Fehler beim Starten des Service MOA-ID-Auth
init.04=Fehler beim Datenbankzugriff mit der SessionID {0}
+init.05=Allgemeiner interner Fehler! Ursache: '{0}'
+
internal.00=W\u00e4hrend des Anmeldevorgangs wurde ein nicht erlaubter Prozesszustand erreicht wodurch der Anmeldeprozess aus sicherheitsgr\u00FCnden abgebrochen wurde.
internal.01=W\u00e4hrend des Abmeldevorgangs wurde ein nicht erlaubter Prozesszustand erreicht wodurch der Abmeldeprozess abgebrochen wurde.
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java
index 75f704045..1ab54471c 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java
@@ -113,7 +113,7 @@ public class DummyAuthConfig implements AuthConfiguration {
}
@Override
- public Map<String, String> getBasicMOAIDConfigurationWithPrefix(String prefix) {
+ public Map<String, String> getBasicConfigurationWithPrefix(String prefix) {
Map<String, String> result = new HashMap<String, String>();
if (AuthenticationDataBuilder.CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS.equals(prefix)) {
result.put("BMI+T1", "MIICuTCCAaGgAwIBAgIEWQMr6TANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARyb290MB4XDTE3MDQyODExNDgyN1oXDTE4MDQyODExNDgyN1owDzENMAsGA1UEAwwEcm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKavdekY9h6te6UoCvahSKqhlNk+ZMGq1aBvj129J10wJoz3BsO86cK/ounvzrE9g6FOOeEtlb/lRRTwhO601o9/dXhIvSalpKgAF4owTuhxKUEhEUNJr4pUxFSm8OkPHEXqSXsn6W7tg/G0r12z246RAApw5jpzDDdYYY8gEZFXURf1xYnbKFPoNlPIyFj0vN7Afe+Fo8v3Brb05iQkC3wBxMnL2LZ7XLK8uu93VG/mOrUrEtZkFzOWg0c3WBKQgxCD/F5BMouXBSsNu7lzV2qEyX0uIiEQrv75Fk32DjQqx41S31lByFnL8YbYWX4lsCv0O9Smhjrn6+k91JsvcDECAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAb4wDQYJKoZIhvcNAQELBQADggEBAAFQVd6PHrpBDTw+YUYj3yOgjFlKiSTEb4s59O74CZGbgElE2k36bqEJwki8W2ZiK+L3aeA1XCYF9cuI8QBWHJXg3UQFtDMF2zieOy/BBEA0HN6q4IjQKbt9cNR3w7nMp+lJ/BUlX6AIqfmSgJ6bKVlUsu4yuhstDBXy7QOAuQ8q76qkk7j6uiahWCyBRb5R9TDj7mQn0nM/tbeUUZa7Mxje/W4YhdatNYasTnExCyEE4S6lpSiJQdrkFGlRWp6Ia41/r6GZsAZ6pss+xyxDbJySqbVn2ro6WV4kMbrh/gX1HbmrF5UGIO/qvM+5yM6+wUfLtqPCK0PtLkI940E3WfM=");
@@ -419,7 +419,7 @@ public class DummyAuthConfig implements AuthConfiguration {
}
@Override
- public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) {
+ public boolean getBasicConfigurationBoolean(String key, boolean defaultValue) {
if (AbstractAuthenticationDataBuilder.CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING.equals(key)) {
if (isIDLEscapingEnabled == null)
return defaultValue;
@@ -459,7 +459,11 @@ public class DummyAuthConfig implements AuthConfiguration {
public void setIsIDLEscapingEnabled(Boolean isIDLEscapingEnabled) {
this.isIDLEscapingEnabled = isIDLEscapingEnabled;
}
-
-
+
+ @Override
+ public Boolean getBasicConfigurationBoolean(String key) {
+ // TODO Auto-generated method stub
+ return null;
+ }
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
index 4adff7f19..62a19b399 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
@@ -154,6 +154,7 @@ public class ConfigurationMigrationUtils {
if (MiscUtil.isNotEmpty(target_full)) {
if (TargetValidator.isValidTarget(target_full)) {
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET, target_full);
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_SUB, Boolean.FALSE.toString());
} else {
String[] target_split = target_full.split("-");
@@ -198,8 +199,13 @@ public class ConfigurationMigrationUtils {
//convert selected SZR-GW service
if (MiscUtil.isNotEmpty(oa.getSelectedSZRGWServiceURL()))
result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL, oa.getSelectedSZRGWServiceURL());
+
+ //convert selected E-ID service
+ if (MiscUtil.isNotEmpty(oa.getSelectedEIDServiceURL()))
+ result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_EID_SYSTEM_SERVICE_URL, oa.getSelectedEIDServiceURL());
+
- AuthComponentOA oaauth = oa.getAuthComponentOA();
+ AuthComponentOA oaauth = oa.getAuthComponentOA();
if (oaauth != null) {
//convert SL20 infos
@@ -815,7 +821,9 @@ public class ConfigurationMigrationUtils {
dbOA.setSelectedSZRGWServiceURL(oa.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL));
-
+ dbOA.setSelectedEIDServiceURL(oa.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_EID_SYSTEM_SERVICE_URL));
+
+
dbOA.setMandateServiceSelectionTemplateURL(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL));
dbOA.setSaml2PostBindingTemplateURL(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL));
@@ -1267,6 +1275,9 @@ public class ConfigurationMigrationUtils {
result.put(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL,
config.getElgaMandateServiceURLs());
+ if (MiscUtil.isNotEmpty(config.getEidSystemServiceURLs()))
+ result.put(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_EID_SYSTEM_SERVICE_URL,
+ config.getEidSystemServiceURLs());
AuthComponentGeneral auth = config.getAuthComponentGeneral();
@@ -1590,8 +1601,10 @@ public class ConfigurationMigrationUtils {
MOAIDConfiguration dbconfig = new MOAIDConfiguration();
- dbconfig.setElgaMandateServiceURLs(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL));
+ dbconfig.setElgaMandateServiceURLs(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL));
+ dbconfig.setEidSystemServiceURLs(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_EID_SYSTEM_SERVICE_URL));
+
AuthComponentGeneral dbauth = dbconfig.getAuthComponentGeneral();
if (dbauth == null) {
dbauth = new AuthComponentGeneral();
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
index 1be97c49d..91d738989 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
@@ -52,6 +52,7 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants {
private static final String TEMPLATES = "templates";
private static final String INTERFEDERATION = "interfederation";
private static final String ELGA_MANDATE_SERVICE_URL = "modules.elga_mandate.service.entityID";
+ private static final String EID_SYSTEM_SERVICE_URL = "modules.eid_system.service.entityID";
private static final String PROTOCOLS = "protocols";
private static final String SAML1 = "saml1";
@@ -195,9 +196,11 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants {
public static final String SERVICE_REVERSION_LOGS_ENABLED = SERVICE_REVERSION + ".log.enabled";
public static final String SERVICE_REVERSION_LOGS_EVENTCODES = SERVICE_REVERSION + ".log.eventcodes";
- public static final String SERVICE_EXTERNAL_ELGA_MANDATE_SERVICE_URL = ELGA_MANDATE_SERVICE_URL;
+ public static final String SERVICE_EXTERNAL_ELGA_MANDATE_SERVICE_URL = ELGA_MANDATE_SERVICE_URL;
+
public static final String SERVICE_EXTERNAL_MIS_SERVICE_URL = "modules.mis.service.url";
public static final String SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL = "modules.szrgw.service.url";
+ public static final String SERVICE_EXTERNAL_EID_SYSTEM_SERVICE_URL = "modules.eidsystem.service.url";
//Namespaces for general MOA-ID config
public static final String GENERAL_PUBLICURLPREFIX = PREFIX_MOAID_GENERAL + ".publicURLPrefix";
@@ -235,6 +238,8 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants {
public static final String GENERAL_AUTH_SERVICES_HVB_URL = GENERAL_AUTH + ".services.hvb.url";
public static final String GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL = PREFIX_MOAID_GENERAL + "." + ELGA_MANDATE_SERVICE_URL;
+ public static final String GENERAL_AUTH_SERVICES_EID_SYSTEM_SERVICE_URL = PREFIX_MOAID_GENERAL + "." + EID_SYSTEM_SERVICE_URL;
+
public static final String GENERAL_AUTH_SSO_SERVICENAME = GENERAL_AUTH + "." + SSO + ".servicename";
public static final String GENERAL_AUTH_SSO_TARGET = GENERAL_AUTH + "." + SSO + ".target";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java
index c251c7abb..1cb2f3fa0 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java
@@ -187,6 +187,10 @@ public class MOAIDConfiguration
@XmlTransient
protected String elgaMandateServiceURLs = null;
+ @XmlTransient
+ protected String eidSystemServiceURLs = null;
+
+
/**
* @return the eventCodes
@@ -503,6 +507,16 @@ public class MOAIDConfiguration
this.elgaMandateServiceURLs = elgaMandateServiceURLs;
}
+
+
+ public String getEidSystemServiceURLs() {
+ return eidSystemServiceURLs;
+ }
+
+ public void setEidSystemServiceURLs(String eidSystemServiceURLs) {
+ this.eidSystemServiceURLs = eidSystemServiceURLs;
+ }
+
/**
* Sets the value of the hjid property.
*
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
index 510fd0581..74a79912e 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
@@ -108,6 +108,9 @@ public class OnlineApplication
@XmlTransient
protected String selectedSZRGWServiceURL = null;
+
+ @XmlTransient
+ protected String selectedEIDServiceURL = null;
@XmlTransient
protected String saml2PostBindingTemplateURL = null;
@@ -123,7 +126,7 @@ public class OnlineApplication
@XmlTransient
protected Boolean iseIDDemoModeActive = false;
-
+
public String getForeignbPKTargetList() {
return foreignbPKTargetList;
@@ -194,6 +197,15 @@ public class OnlineApplication
this.selectedSZRGWServiceURL = selectedSZRGWServiceURL;
}
+
+ public String getSelectedEIDServiceURL() {
+ return this.selectedEIDServiceURL;
+ }
+
+ public void setSelectedEIDServiceURL(String selectedEIDServiceURL) {
+ this.selectedEIDServiceURL = selectedEIDServiceURL;
+ }
+
/**
* @return the isRevisionsLogActive
*/
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
index 5ef48526e..9c1ebe386 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
@@ -115,6 +115,12 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
}
+ @Override
+ protected final String getFromGroup() {
+ return null;
+
+ }
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewParameters()
*/
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
index 85d8413ae..ff434948d 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
@@ -141,5 +141,10 @@ public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderCo
}
+ @Override
+ protected final String getFromGroup() {
+ return null;
+
+ }
}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
index fe0e659c7..596b28576 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
@@ -305,7 +305,7 @@ public class MISSimpleClient {
try {
httpclient = HttpClientWithProxySupport.getHttpClient(
sSLSocketFactory,
- authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true));
+ authConfig.getBasicConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true));
// set http POST Request
HttpPost post = new HttpPost(webServiceURL);
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java
index b80e995ed..a6a7084f5 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java
@@ -109,7 +109,7 @@ public class EidasCentralAuthMetadataController extends AbstractController {
}
private List<Pair<String, Boolean>> getAdditonalRequiredAttributes() {
- Map<String, String> addReqAttributes = authConfig.getBasicMOAIDConfigurationWithPrefix(EidasCentralAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST);
+ Map<String, String> addReqAttributes = authConfig.getBasicConfigurationWithPrefix(EidasCentralAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST);
if (addReqAttributes != null) {
List<Pair<String, Boolean>> result = new ArrayList<Pair<String, Boolean>>();
for (String el : addReqAttributes.values()) {
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java
index 3a4bcdc48..5c3bf0d27 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java
@@ -323,14 +323,14 @@ public class EidasCentralAuthMetadataProvider extends SimpleMetadataProvider
//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
PVPConstants.SSLSOCKETFACTORYNAME,
- moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+ moaAuthConfig.getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
moaAuthConfig.getTrustedCACertificates(),
null,
AuthConfiguration.DEFAULT_X509_CHAININGMODE,
moaAuthConfig.isTrustmanagerrevoationchecking(),
moaAuthConfig.getRevocationMethodOrder(),
- moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+ moaAuthConfig.getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
diff --git a/id/server/modules/moa-id-module-E-ID_connector/pom.xml b/id/server/modules/moa-id-module-E-ID_connector/pom.xml
new file mode 100644
index 000000000..f945fa1d3
--- /dev/null
+++ b/id/server/modules/moa-id-module-E-ID_connector/pom.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>MOA.id.server.modules</groupId>
+ <artifactId>moa-id-modules</artifactId>
+ <version>${moa-id-version}</version>
+ </parent>
+ <artifactId>moa-id-module-EID_connector</artifactId>
+ <name>moa-id-module-E-ID_connector</name>
+ <url>http://maven.apache.org</url>
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ <repositoryPath>${basedir}/../../../../repository</repositoryPath>
+ </properties>
+
+ <profiles>
+ <profile>
+ <id>default</id>
+ <activation>
+ <activeByDefault>true</activeByDefault>
+ </activation>
+ <repositories>
+ <repository>
+ <id>local</id>
+ <name>local</name>
+ <url>file:${basedir}/../../../../repository</url>
+ </repository>
+ <repository>
+ <id>egiz-commons</id>
+ <url>https://demo.egiz.gv.at/int-repo/</url>
+ <releases>
+ <enabled>true</enabled>
+ </releases>
+ </repository>
+ </repositories>
+ </profile>
+ </profiles>
+
+ <dependencies>
+ <dependency>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-lib</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>at.gv.egiz.components</groupId>
+ <artifactId>egiz-spring-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>at.gv.egiz.eaaf</groupId>
+ <artifactId>eaaf_module_pvp2_core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>at.gv.egiz.eaaf</groupId>
+ <artifactId>eaaf_module_pvp2_sp</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthConstants.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthConstants.java
new file mode 100644
index 000000000..c6b5ed821
--- /dev/null
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthConstants.java
@@ -0,0 +1,118 @@
+/*
+ * Copyright 2019 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidproxyauth;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EIDProxyAuthConstants {
+
+ public static final String MODULE_NAME_FOR_LOGGING = "E-ID proxy authentication";
+
+ public static final int METADATA_VALIDUNTIL_IN_HOURS = 24;
+
+ public static final String HTTP_PARAM_EIDPROXY_AUTH_SELECTION = "forwardToEID";
+
+ public static final String ENDPOINT_POST = "/sp/eid/post";
+ public static final String ENDPOINT_REDIRECT = "/sp/eid/redirect";
+ public static final String ENDPOINT_METADATA = "/sp/eid/metadata";
+
+ public static final String CONFIG_PROPS_PREFIX = "modules.eidproxyauth.";
+ public static final String CONFIG_PROPS_KEYSTORE = CONFIG_PROPS_PREFIX + "keystore.path";
+ public static final String CONFIG_PROPS_KEYSTOREPASSWORD = CONFIG_PROPS_PREFIX + "keystore.password";
+ public static final String CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.password";
+ public static final String CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.alias";
+ public static final String CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.password";
+ public static final String CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.alias";
+ public static final String CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.password";
+ public static final String CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.alias";
+ public static final String CONFIG_PROPS_NODE_ENTITYID = CONFIG_PROPS_PREFIX + "EID.entityId";
+ public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "EID.metadataUrl";
+ public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "EID.trustprofileID";
+ public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX + "required.additional.attributes";
+
+
+ public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EAAFConstants.EIDAS_LOA_HIGH;
+ public static final List<Trible<String, String, Boolean>> DEFAULT_REQUIRED_PVP_ATTRIBUTES =
+ Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
+ private static final long serialVersionUID = 1L;
+ {
+ //add PVP Version attribute
+ add(Trible.newInstance(PVPConstants.PVP_VERSION_NAME, PVPConstants.PVP_VERSION_FRIENDLY_NAME, false));
+
+ //request entity information
+ add(Trible.newInstance(PVPConstants.GIVEN_NAME_NAME, PVPConstants.GIVEN_NAME_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PVPConstants.PRINCIPAL_NAME_NAME, PVPConstants.PRINCIPAL_NAME_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PVPConstants.BIRTHDATE_NAME, PVPConstants.BIRTHDATE_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PVPConstants.BPK_NAME, PVPConstants.BPK_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PVPConstants.BPK_LIST_NAME, PVPConstants.BPK_LIST_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PVPConstants.ENC_BPK_LIST_NAME, PVPConstants.ENC_BPK_LIST_FRIENDLY_NAME, false));
+
+ //E-ID metadata attributes
+ add(Trible.newInstance(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, PVPConstants.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PVPConstants.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, PVPConstants.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PVPConstants.EID_IDENTITY_STATUS_LEVEL_NAME, PVPConstants.EID_IDENTITY_STATUS_LEVEL_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PVPConstants.EID_ISSUING_NATION_NAME, PVPConstants.EID_ISSUING_NATION_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PVPConstants.EID_SIGNER_CERTIFICATE_NAME, PVPConstants.EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PVPConstants.EID_CCS_URL_NAME, PVPConstants.EID_CCS_URL_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PVPConstants.EID_E_ID_TOKEN_NAME, PVPConstants.EID_E_ID_TOKEN_FRIENDLY_NAME, false));
+
+ //mandate attributes
+ add(Trible.newInstance(PVPConstants.MANDATE_TYPE_NAME, PVPConstants.MANDATE_TYPE_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PVPConstants.MANDATE_TYPE_OID_NAME, PVPConstants.MANDATE_TYPE_OID_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME, PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PVPConstants.MANDATE_NAT_PER_BPK_NAME, PVPConstants.MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PVPConstants.MANDATE_NAT_PER_BPK_LIST_NAME, PVPConstants.MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PVPConstants.MANDATE_NAT_PER_ENC_BPK_LIST_NAME, PVPConstants.MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME, PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME, PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME, PVPConstants.MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME, PVPConstants.MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PVPConstants.MANDATE_PROF_REP_OID_NAME, PVPConstants.MANDATE_PROF_REP_OID_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PVPConstants.MANDATE_PROF_REP_DESC_NAME, PVPConstants.MANDATE_PROF_REP_DESC_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PVPConstants.MANDATE_REFERENCE_VALUE_NAME, PVPConstants.MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false));
+
+ }
+ });
+
+ public static final List<String> DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES =
+ Collections.unmodifiableList(new ArrayList<String>() {
+ private static final long serialVersionUID = 1L;
+ {
+ for (Trible<String, String, Boolean> el : DEFAULT_REQUIRED_PVP_ATTRIBUTES)
+ add(el.getFirst());
+ }
+ });
+}
+
+
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java
new file mode 100644
index 000000000..16bcdb421
--- /dev/null
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2019 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidproxyauth;
+
+import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EIDProxyAuthModuleImpl implements AuthModule {
+
+ private int priority = 0;
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
+ */
+ @Override
+ public int getPriority() {
+ return priority;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
+ */
+ @Override
+ public String selectProcess(ExecutionContext context) {
+ Logger.trace("Select E-ID authentication process ... ");
+ return "EIDAuthentication";
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
+ */
+ @Override
+ public String[] getProcessDefinitions() {
+ return new String[] { "classpath:EID_connector_auth.process.xml" };
+ }
+
+ /**
+ * @param priority the priority to set
+ */
+ public void setPriority(int priority) {
+ this.priority = priority;
+
+ }
+}
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthSpringResourceProvider.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthSpringResourceProvider.java
new file mode 100644
index 000000000..a38b84122
--- /dev/null
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthSpringResourceProvider.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2019 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidproxyauth;
+
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+
+import at.gv.egiz.components.spring.api.SpringResourceProvider;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EIDProxyAuthSpringResourceProvider implements SpringResourceProvider {
+
+ /* (non-Javadoc)
+ * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad()
+ */
+ @Override
+ public Resource[] getResourcesToLoad() {
+ ClassPathResource federationAuthConfig = new ClassPathResource("/moaid_EID_connector.beans.xml", EIDProxyAuthSpringResourceProvider.class);
+
+ return new Resource[] {federationAuthConfig};
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan()
+ */
+ @Override
+ public String[] getPackagesToScan() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName()
+ */
+ @Override
+ public String getName() {
+ return "MOA-ID Auth-module 'E-ID Authentication'";
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/config/EIDAuthMetadataConfiguration.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/config/EIDAuthMetadataConfiguration.java
new file mode 100644
index 000000000..bd1157142
--- /dev/null
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/config/EIDAuthMetadataConfiguration.java
@@ -0,0 +1,355 @@
+/*
+ * Copyright 2019 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.config;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.NameIDType;
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.Organization;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.xml.security.credential.Credential;
+
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.EIDAuthCredentialProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EIDAuthMetadataConfiguration implements IPVPMetadataBuilderConfiguration {
+
+ private Collection<RequestedAttribute> additionalAttributes = null;
+
+
+ private String authURL;
+ private EIDAuthCredentialProvider credentialProvider;
+ private IPVP2BasicConfiguration pvpConfiguration;
+
+ public EIDAuthMetadataConfiguration(String authURL,
+ EIDAuthCredentialProvider credentialProvider,
+ IPVP2BasicConfiguration pvpConfiguration) {
+ this.authURL = authURL;
+ this.credentialProvider = credentialProvider;
+ this.pvpConfiguration = pvpConfiguration;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataValidUntil()
+ */
+ @Override
+ public int getMetadataValidUntil() {
+ return EIDProxyAuthConstants.METADATA_VALIDUNTIL_IN_HOURS;
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildEntitiesDescriptorAsRootElement()
+ */
+ @Override
+ public boolean buildEntitiesDescriptorAsRootElement() {
+ return false;
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildIDPSSODescriptor()
+ */
+ @Override
+ public boolean buildIDPSSODescriptor() {
+ return false;
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildSPSSODescriptor()
+ */
+ @Override
+ public boolean buildSPSSODescriptor() {
+ return true;
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityIDPostfix()
+ */
+ @Override
+ public String getEntityID() {
+ return authURL + EIDProxyAuthConstants.ENDPOINT_METADATA;
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityFriendlyName()
+ */
+ @Override
+ public String getEntityFriendlyName() {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getContactPersonInformation()
+ */
+ @Override
+ public List<ContactPerson> getContactPersonInformation() {
+ try {
+ return pvpConfiguration.getIDPContacts();
+
+ } catch (EAAFException e) {
+ Logger.warn("Can not load Metadata entry: Contect Person", e);
+ return null;
+
+ }
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getOrgansiationInformation()
+ */
+ @Override
+ public Organization getOrgansiationInformation() {
+ try {
+ return pvpConfiguration.getIDPOrganisation();
+
+ } catch (EAAFException e) {
+ Logger.warn("Can not load Metadata entry: Organisation", e);
+ return null;
+
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataSigningCredentials()
+ */
+ @Override
+ public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException {
+ return credentialProvider.getIDPMetaDataSigningCredential();
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getRequestorResponseSigningCredentials()
+ */
+ @Override
+ public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException {
+ return credentialProvider.getIDPAssertionSigningCredential();
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEncryptionCredentials()
+ */
+ @Override
+ public Credential getEncryptionCredentials() throws CredentialsNotAvailableException {
+ return credentialProvider.getIDPAssertionEncryptionCredential();
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSOPostBindingURL()
+ */
+ @Override
+ public String getIDPWebSSOPostBindingURL() {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSORedirectBindingURL()
+ */
+ @Override
+ public String getIDPWebSSORedirectBindingURL() {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLOPostBindingURL()
+ */
+ @Override
+ public String getIDPSLOPostBindingURL() {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLORedirectBindingURL()
+ */
+ @Override
+ public String getIDPSLORedirectBindingURL() {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServicePostBindingURL()
+ */
+ @Override
+ public String getSPAssertionConsumerServicePostBindingURL() {
+ return authURL + EIDProxyAuthConstants.ENDPOINT_POST;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServiceRedirectBindingURL()
+ */
+ @Override
+ public String getSPAssertionConsumerServiceRedirectBindingURL() {
+ return authURL + EIDProxyAuthConstants.ENDPOINT_REDIRECT;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOPostBindingURL()
+ */
+ @Override
+ public String getSPSLOPostBindingURL() {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLORedirectBindingURL()
+ */
+ @Override
+ public String getSPSLORedirectBindingURL() {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOSOAPBindingURL()
+ */
+ @Override
+ public String getSPSLOSOAPBindingURL() {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleAttributes()
+ */
+ @Override
+ public List<Attribute> getIDPPossibleAttributes() {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleNameITTypes()
+ */
+ @Override
+ public List<String> getIDPPossibleNameITTypes() {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPRequiredAttributes()
+ */
+ @Override
+ public Collection<RequestedAttribute> getSPRequiredAttributes() {
+ Map<String, RequestedAttribute> requestedAttributes = new HashMap<String, RequestedAttribute>();
+ for (Trible<String, String, Boolean> el : EIDProxyAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES)
+ requestedAttributes.put(el.getFirst(), PVPAttributeBuilder.buildReqAttribute(el.getFirst(), el.getSecond(), el.getThird()));
+
+ if (additionalAttributes != null) {
+ Logger.trace("Add additional PVP attributes into metadata ... ");
+ for (RequestedAttribute el : additionalAttributes) {
+ if (requestedAttributes.containsKey(el.getName()))
+ Logger.debug("Attribute " + el.getName() + " is already added by default configuration. Overwrite it by user configuration");
+
+ requestedAttributes.put(el.getName(), el);
+
+ }
+ }
+
+ return requestedAttributes.values();
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAllowedNameITTypes()
+ */
+ @Override
+ public List<String> getSPAllowedNameITTypes() {
+ return Arrays.asList(NameIDType.PERSISTENT);
+
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#getSPNameForLogging()
+ */
+ @Override
+ public String getSPNameForLogging() {
+ return EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAssertionSigned()
+ */
+ @Override
+ public boolean wantAssertionSigned() {
+ return false;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAuthnRequestSigned()
+ */
+ @Override
+ public boolean wantAuthnRequestSigned() {
+ return true;
+ }
+
+ /**
+ * Add additonal PVP attributes that are required by this deployment
+ *
+ * @param additionalAttr List of PVP attribute name and isRequired flag
+ */
+ public void setAdditionalRequiredAttributes(List<Pair<String, Boolean>> additionalAttr) {
+ if (additionalAttr != null) {
+ additionalAttributes = new ArrayList<RequestedAttribute>();
+ for (Pair<String, Boolean> el : additionalAttr) {
+ Attribute attributBuilder = PVPAttributeBuilder.buildEmptyAttribute(el.getFirst());
+ if (attributBuilder != null) {
+ additionalAttributes.add(
+ PVPAttributeBuilder.buildReqAttribute(
+ attributBuilder.getName(),
+ attributBuilder.getFriendlyName(),
+ el.getSecond()));
+
+ } else
+ Logger.info("NO PVP attribute with name: " + el.getFirst());
+
+ }
+ }
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/config/EIDAuthRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/config/EIDAuthRequestBuilderConfiguration.java
new file mode 100644
index 000000000..5ed41c397
--- /dev/null
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/config/EIDAuthRequestBuilderConfiguration.java
@@ -0,0 +1,271 @@
+/*
+ * Copyright 2019 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.config;
+
+import java.util.List;
+
+import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.xml.security.credential.Credential;
+import org.w3c.dom.Element;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation;
+import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EIDAuthRequestBuilderConfiguration implements IPVPAuthnRequestBuilderConfiguruation {
+
+ private boolean isPassive;
+ private String SPEntityID;
+ private String QAA_Level;
+ private EntityDescriptor idpEntity;
+ private Credential signCred;
+ private String scopeRequesterId;
+ private String providerName;
+ private List<EAAFRequestedAttribute> requestedAttributes;
+ private String reqId;
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#isPassivRequest()
+ */
+ @Override
+ public Boolean isPassivRequest() {
+ return this.isPassive;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAssertionConsumerServiceId()
+ */
+ @Override
+ public Integer getAssertionConsumerServiceId() {
+ return 0;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getEntityID()
+ */
+ @Override
+ public String getSPEntityID() {
+ return this.SPEntityID;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy()
+ */
+ @Override
+ public String getNameIDPolicyFormat() {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy()
+ */
+ @Override
+ public boolean getNameIDPolicyAllowCreation() {
+ return true;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnContextClassRef()
+ */
+ @Override
+ public String getAuthnContextClassRef() {
+ return this.QAA_Level;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnContextComparison()
+ */
+ @Override
+ public AuthnContextComparisonTypeEnumeration getAuthnContextComparison() {
+ return AuthnContextComparisonTypeEnumeration.MINIMUM;
+ }
+
+ /**
+ * @param isPassive the isPassive to set
+ */
+ public void setPassive(boolean isPassive) {
+ this.isPassive = isPassive;
+ }
+
+ /**
+ * @param sPEntityID the sPEntityID to set
+ */
+ public void setSPEntityID(String sPEntityID) {
+ SPEntityID = sPEntityID;
+ }
+
+ /**
+ * @param qAA_Level the qAA_Level to set
+ */
+ public void setQAA_Level(String qAA_Level) {
+ QAA_Level = qAA_Level;
+ }
+
+ /**
+ * @param idpEntity the idpEntity to set
+ */
+ public void setIdpEntity(EntityDescriptor idpEntity) {
+ this.idpEntity = idpEntity;
+ }
+
+ /**
+ * @param signCred the signCred to set
+ */
+ public void setSignCred(Credential signCred) {
+ this.signCred = signCred;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnRequestSigningCredential()
+ */
+ @Override
+ public Credential getAuthnRequestSigningCredential() {
+ return this.signCred;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getIDPEntityDescriptor()
+ */
+ @Override
+ public EntityDescriptor getIDPEntityDescriptor() {
+ return this.idpEntity;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameID()
+ */
+ @Override
+ public String getSubjectNameID() {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSPNameForLogging()
+ */
+ @Override
+ public String getSPNameForLogging() {
+ return EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDFormat()
+ */
+ @Override
+ public String getSubjectNameIDFormat() {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getRequestID()
+ */
+ @Override
+ public String getRequestID() {
+ return this.reqId;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDQualifier()
+ */
+ @Override
+ public String getSubjectNameIDQualifier() {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationMethode()
+ */
+ @Override
+ public String getSubjectConformationMethode() {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationDate()
+ */
+ @Override
+ public Element getSubjectConformationDate() {
+ return null;
+ }
+
+ @Override
+ public List<EAAFRequestedAttribute> getRequestedAttributes() {
+ return this.requestedAttributes;
+
+ }
+
+ @Override
+ public String getProviderName() {
+ return this.providerName;
+ }
+
+ @Override
+ public String getScopeRequesterId() {
+ return this.scopeRequesterId;
+ }
+
+ /**
+ * Set the entityId of the SP that requests the proxy for eIDAS authentication
+ *
+ * @param scopeRequesterId
+ */
+ public void setScopeRequesterId(String scopeRequesterId) {
+ this.scopeRequesterId = scopeRequesterId;
+ }
+
+ /**
+ * Set a friendlyName for the SP that requests the proxy for eIDAS authentication
+ *
+ * @param providerName
+ */
+ public void setProviderName(String providerName) {
+ this.providerName = providerName;
+ }
+
+ /**
+ * Set a Set of PVP attributes that a requested by using requested attributes
+ *
+ * @param requestedAttributes
+ */
+ public void setRequestedAttributes(List<EAAFRequestedAttribute> requestedAttributes) {
+ this.requestedAttributes = requestedAttributes;
+ }
+
+ /**
+ * Set a RequestId for this Authn. Request
+ *
+ * @param reqId
+ */
+ public void setRequestId(String reqId) {
+ this.reqId = reqId;
+ }
+
+
+
+
+}
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthMetadataController.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthMetadataController.java
new file mode 100644
index 000000000..90ecb0942
--- /dev/null
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthMetadataController.java
@@ -0,0 +1,133 @@
+/*
+ * Copyright 2019 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.controller;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import com.google.common.net.MediaType;
+
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder;
+import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.config.EIDAuthMetadataConfiguration;
+import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.EIDAuthCredentialProvider;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+@Controller
+public class EIDAuthMetadataController extends AbstractController {
+
+ @Autowired PVPMetadataBuilder metadatabuilder;
+ @Autowired AuthConfiguration authConfig;
+ @Autowired EIDAuthCredentialProvider credentialProvider;
+ @Autowired IPVP2BasicConfiguration pvpConfiguration;
+
+ public EIDAuthMetadataController() {
+ super();
+ Logger.debug("Registering servlet " + getClass().getName()
+ + " with mappings '" + EIDProxyAuthConstants.ENDPOINT_METADATA
+ + "'.");
+
+ }
+
+ @RequestMapping(value = EIDProxyAuthConstants.ENDPOINT_METADATA,
+ method = {RequestMethod.GET})
+ public void getSPMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException {
+ //check PublicURL prefix
+ try {
+ String authURL = HTTPUtils.extractAuthURLFromRequest(req);
+ if (!authConfig.getPublicURLPrefix().contains(authURL)) {
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN, "No valid request URL");
+ return;
+
+ } else {
+ //initialize metadata builder configuration
+ EIDAuthMetadataConfiguration metadataConfig =
+ new EIDAuthMetadataConfiguration(authURL, credentialProvider, pvpConfiguration);
+ metadataConfig.setAdditionalRequiredAttributes(getAdditonalRequiredAttributes());
+
+ //build metadata
+ String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
+
+ //write response
+ byte[] content = xmlMetadata.getBytes("UTF-8");
+ resp.setStatus(HttpServletResponse.SC_OK);
+ resp.setContentLength(content.length);
+ resp.setContentType(MediaType.XML_UTF_8.toString());
+ resp.getOutputStream().write(content);
+
+ }
+
+ } catch (Exception e) {
+ Logger.warn("Build E-ID Proxy PVP metadata FAILED.", e);
+ protAuthService.handleErrorNoRedirect(e, req, resp, false);
+
+ }
+
+ }
+
+ private List<Pair<String, Boolean>> getAdditonalRequiredAttributes() {
+ Map<String, String> addReqAttributes = authConfig.getBasicConfigurationWithPrefix(EIDProxyAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST);
+ if (addReqAttributes != null) {
+ List<Pair<String, Boolean>> result = new ArrayList<Pair<String, Boolean>>();
+ for (String el : addReqAttributes.values()) {
+ if (MiscUtil.isNotEmpty(el)) {
+ Logger.trace("Parse additional attr. definition: " + el);
+ List<String> attr = KeyValueUtils.getListOfCSVValues(el.trim());
+ if (attr.size() == 2) {
+ result.add(Pair.newInstance(attr.get(0), Boolean.parseBoolean(attr.get(1))));
+
+ } else
+ Logger.info("IGNORE additional attr. definition: " + el
+ + " Reason: Format not valid");
+ }
+ }
+
+ return result;
+ }
+
+ return null;
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthSignalController.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthSignalController.java
new file mode 100644
index 000000000..16a6e5aab
--- /dev/null
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthSignalController.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2019 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.controller;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.text.StringEscapeUtils;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
+import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Controller
+public class EIDAuthSignalController extends AbstractProcessEngineSignalController {
+
+ public EIDAuthSignalController() {
+ super();
+ Logger.debug("Registering servlet " + getClass().getName()
+ + " with mappings '" + EIDProxyAuthConstants.ENDPOINT_POST
+ + "' and '" + EIDProxyAuthConstants.ENDPOINT_REDIRECT + "'.");
+
+ }
+
+ @RequestMapping(value = { EIDProxyAuthConstants.ENDPOINT_POST,
+ EIDProxyAuthConstants.ENDPOINT_REDIRECT
+ },
+ method = {RequestMethod.POST, RequestMethod.GET})
+ public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException {
+ signalProcessManagement(req, resp);
+
+ }
+
+ public String getPendingRequestId(HttpServletRequest request) {
+ return StringEscapeUtils.escapeHtml4(request.getParameter("RelayState"));
+
+ }
+}
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/CreateAuthnRequestTask.java
new file mode 100644
index 000000000..38a7c4add
--- /dev/null
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/CreateAuthnRequestTask.java
@@ -0,0 +1,146 @@
+/*
+ * Copyright 2019 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.tasks;
+
+import java.security.NoSuchAlgorithmException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.xml.security.SecurityException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.config.EIDAuthRequestBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.EIDAuthCredentialProvider;
+import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.EIDAuthMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.Utils;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("CreateEIDSystemAuthnRequestTask")
+public class CreateAuthnRequestTask extends AbstractAuthServletTask {
+
+ @Autowired PVPAuthnRequestBuilder authnReqBuilder;
+ @Autowired EIDAuthCredentialProvider credential;
+ @Autowired EIDAuthMetadataProvider metadataService;
+
+ //@Autowired(required=true) ILoALevelMapper loaMapper;
+ //@Autowired(required=true) MOAMetadataProvider metadataProvider;
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+ throws TaskExecutionException {
+ try{
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_EID_SERVICE_SELECTED);
+
+ // get entityID for central ms-specific eIDAS node
+ String msNodeEntityID = Utils.getEIDSystemEntityId(pendingReq.getServiceProviderConfiguration(), authConfig);
+
+
+ if (MiscUtil.isEmpty(msNodeEntityID)) {
+ Logger.info("E-ID authentication not possible -> NO EntityID for E-ID System FOUND!");
+ throw new MOAIDException("NO EntityID for E-ID System FOUND", null);
+
+ }
+
+ //load metadata with metadataURL, as backup
+ String metadataURL = authConfig.getBasicConfiguration(EIDProxyAuthConstants.CONFIG_PROPS_NODE_METADATAURL);
+ if (MiscUtil.isNotEmpty(metadataURL)) {
+ Logger.warn("Use not recommended metadata-provider initialization!"
+ + " SAML2 'Well-Known-Location' is the preferred methode.");
+ Logger.info("Initialize 'E-ID System' metadata-provider with URL:" + metadataURL);
+ metadataService.addMetadataWithMetadataURL(metadataURL);
+
+ }
+
+ //load IDP SAML2 entitydescriptor
+ EntityDescriptor entityDesc = metadataService.getEntityDescriptor(msNodeEntityID);
+ if (entityDesc == null) {
+ Logger.error("Requested 'E-ID System' " + entityDesc
+ + " has no valid metadata or metadata is not found");
+ throw new MOAIDException("Requested 'E-ID System' " + entityDesc
+ + " has no valid metadata or metadata is not found", null);
+
+ }
+
+ //setup AuthnRequestBuilder configuration
+ EIDAuthRequestBuilderConfiguration authnReqConfig = new EIDAuthRequestBuilderConfiguration();
+ SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
+ authnReqConfig.setRequestId(gen.generateIdentifier());
+ authnReqConfig.setIdpEntity(entityDesc);
+ authnReqConfig.setPassive(false);
+ authnReqConfig.setSignCred(credential.getIDPAssertionSigningCredential());
+ authnReqConfig.setSPEntityID(pendingReq.getAuthURL() + EIDProxyAuthConstants.ENDPOINT_METADATA);
+ authnReqConfig.setScopeRequesterId(pendingReq.getServiceProviderConfiguration().getUniqueIdentifier());
+
+ //build and transmit AuthnRequest
+ authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response);
+
+ revisionsLogger.logEvent(pendingReq,
+ MOAIDEventConstants.AUTHPROCESS_EID_SERVICE_REQUESTED,
+ authnReqConfig.getRequestID());
+
+ } catch (MOAIDException e) {
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+
+ } catch (MetadataProviderException e) {
+
+ throw new TaskExecutionException(pendingReq,
+ "Build PVP2.1 AuthnRequest to connect 'E-ID System' FAILED.",
+ new AuthnRequestBuildException("sp.pvp2.02", new Object[] {"'E-ID System'"},e ));
+
+ } catch (MessageEncodingException | NoSuchAlgorithmException | SecurityException e) {
+ Logger.error("Build PVP2.1 AuthnRequest to connect 'E-ID System' FAILED", e);
+ throw new TaskExecutionException(pendingReq,
+ e.getMessage(),
+ new AuthnRequestBuildException("sp.pvp2.13", new Object[] {"'E-ID System'"},e ));
+
+ } catch (Exception e) {
+ Logger.error("Build PVP2.1 AuthnRequest to connect 'E-ID System' FAILED", e);
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+
+ }
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java
new file mode 100644
index 000000000..6d8d85f34
--- /dev/null
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java
@@ -0,0 +1,286 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.tasks;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.TransformerException;
+
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.ws.message.decoder.MessageDecodingException;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.security.SecurityException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.EIDAuthCredentialProvider;
+import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.EIDAuthMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.Utils;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("ReceiveEIDSystemAuthnResponseTask")
+public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
+
+ @Autowired private SAMLVerificationEngineSP samlVerificationEngine;
+ @Autowired private EIDAuthCredentialProvider credentialProvider;
+ @Autowired(required=true) EIDAuthMetadataProvider metadataProvider;
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+ throws TaskExecutionException {
+ InboundMessage msg = null;
+
+ try {
+
+ IDecoder decoder = null;
+ EAAFURICompare comperator = null;
+ //select Response Binding
+ if (request.getMethod().equalsIgnoreCase("POST")) {
+ decoder = new PostBinding();
+ comperator = new EAAFURICompare(pendingReq.getAuthURL() + EIDProxyAuthConstants.ENDPOINT_POST);
+ Logger.trace("Receive PVP Response from 'E-ID System', by using POST-Binding.");
+
+ } else if (request.getMethod().equalsIgnoreCase("GET")) {
+ decoder = new RedirectBinding();
+ comperator = new EAAFURICompare(pendingReq.getAuthURL() + EIDProxyAuthConstants.ENDPOINT_REDIRECT);
+ Logger.trace("Receive PVP Response from 'E-ID System', by using Redirect-Binding.");
+
+ } else {
+ Logger.warn("Receive PVP Response, but Binding ("
+ + request.getMethod() + ") is not supported.");
+ throw new AuthnResponseValidationException("sp.pvp2.03", new Object[] {EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING});
+
+ }
+
+ //decode PVP response object
+ msg = (InboundMessage) decoder.decode(
+ request, response, metadataProvider, true,
+ comperator);
+
+ if (MiscUtil.isEmpty(msg.getEntityID())) {
+ throw new InvalidProtocolRequestException("sp.pvp2.04",
+ new Object[] {EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING});
+
+ }
+
+ //validate response signature
+ if(!msg.isVerified()) {
+ samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
+ msg.setVerified(true);
+
+ }
+
+ //validate assertion
+ PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg);
+
+ //validate entityId of response
+ String msNodeEntityID = Utils.getEIDSystemEntityId(pendingReq.getServiceProviderConfiguration(), authConfig);
+ String respEntityId = msg.getEntityID();
+ if (!msNodeEntityID.equals(respEntityId)) {
+ Logger.warn("Response Issuer is not a 'E-ID System'. Stopping authentication via E-ID Proxy ...");
+ throw new AuthnResponseValidationException("sp.pvp2.08",
+ new Object[] {EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING,
+ msg.getEntityID()});
+
+ }
+
+ //initialize Attribute extractor
+ AssertionAttributeExtractor extractor =
+ new AssertionAttributeExtractor((Response) processedMsg.getResponse());
+
+ getAuthDataFromInterfederation(extractor, pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class));
+
+ //store pending-request
+ requestStoreage.storePendingRequest(pendingReq);
+
+ //write log entries
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_EID_SERVICE_ATTRIBUTES_VALID);
+ Logger.info("Receive a valid assertion from E-ID System " + msg.getEntityID());
+
+ } catch (MessageDecodingException | SecurityException e) {
+ String samlRequest = request.getParameter("SAMLRequest");
+ Logger.warn("Receive INVALID PVP Response from 'E-ID System': " + samlRequest, e);
+ throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from federated IDP",
+ new AuthnResponseValidationException("sp.pvp2.11", new Object[] {"'E-ID System'"}, e));
+
+ } catch (IOException | MarshallingException | TransformerException e) {
+ Logger.warn("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
+ throw new TaskExecutionException(pendingReq, "Processing PVP response from 'E-ID System' FAILED.",
+ new AuthnResponseValidationException("sp.pvp2.12", new Object[] {"'E-ID System'", e.getMessage()}, e));
+
+ } catch (CredentialsNotAvailableException e) {
+ Logger.error("PVP response decrytion FAILED. No credential found.", e);
+ throw new TaskExecutionException(pendingReq, "PVP response decrytion FAILED. No credential found.",
+ new AuthnResponseValidationException("sp.pvp2.10", new Object[] {"'E-ID System'"}, e));
+
+ } catch (AssertionValidationExeption | AuthnResponseValidationException e) {
+ Logger.info("PVP response validation FAILED. Msg:" + e.getMessage());
+ throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.",
+ new AuthnResponseValidationException("sp.pvp2.10", new Object[] {"'E-ID System'"}, e));
+
+ } catch (Exception e) {
+ Logger.warn("PVP response validation FAILED. Msg:" + e.getMessage(), e);
+ throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.",
+ new AuthnResponseValidationException("sp.pvp2.12", new Object[] {"'E-ID System'", e.getMessage()}, e));
+
+ }
+
+ }
+
+ private void getAuthDataFromInterfederation(AssertionAttributeExtractor extractor, IOAAuthParameters spConfig) throws BuildException, ConfigurationException{
+ try {
+ //check if all attributes are include
+// if (!extractor.containsAllRequiredAttributes()
+// && !extractor.containsAllRequiredAttributes(EIDProxyAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES)) {
+// Logger.warn("PVP Response from 'E-ID System' contains not all requested attributes.");
+// throw new AssertionValidationExeption("sp.pvp2.06", new Object[]{EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING});
+//
+// }
+
+ //copy attributes into MOASession
+ AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
+ Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
+ for (String el : includedAttrNames) {
+ String value = extractor.getSingleAttributeValue(el);
+ session.setGenericDataToSession(el, value);
+ Logger.debug("Add PVP-attribute " + el + " into MOASession");
+
+ }
+
+ //set foreigner flag
+ List<String> eidIssuer = extractor.getAttributeValues(PVPConstants.EID_ISSUING_NATION_NAME);
+ if (eidIssuer != null && !eidIssuer.isEmpty() && MiscUtil.isNotEmpty(eidIssuer.get(0))) {
+ String cc = eidIssuer.get(0);
+ Logger.debug("Find Attr: '" + PVPConstants.EID_ISSUING_NATION_FRIENDLY_NAME + "' with value: " + cc);
+ if (EAAFConstants.COUNTRYCODE_AUSTRIA.equals(cc))
+ session.setForeigner(false);
+ else
+ session.setForeigner(true);
+
+ }
+
+ //set BKU URL
+ List<String> ccsUrl = extractor.getAttributeValues(PVPConstants.EID_CCS_URL_NAME);
+ if (ccsUrl != null && !ccsUrl.isEmpty() && MiscUtil.isNotEmpty(ccsUrl.get(0)))
+ session.setBkuURL(ccsUrl.get(0));
+ else if (extractor.getFullAssertion().getIssuer() != null &&
+ StringUtils.isNotEmpty(extractor.getFullAssertion().getIssuer().getValue()))
+ session.setBkuURL(extractor.getFullAssertion().getIssuer().getValue());
+ else
+ session.setBkuURL("E-ID_Authentication");
+
+
+// } catch (AssertionValidationExeption e) {
+// throw new BuildException("builder.06", null, e);
+
+ } catch (EAAFStorageException e) {
+ throw new BuildException("builder.06", null, e);
+
+ }
+ }
+
+ /**
+ * PreProcess AuthResponse and Assertion
+ * @param msg
+ * @throws TransformerException
+ * @throws MarshallingException
+ * @throws IOException
+ * @throws CredentialsNotAvailableException
+ * @throws AssertionValidationExeption
+ * @throws AuthnResponseValidationException
+ */
+ private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException {
+ Logger.debug("Start PVP21 assertion processing... ");
+ Response samlResp = (Response) msg.getResponse();
+
+ // check SAML2 response status-code
+ if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
+ //validate PVP 2.1 assertion
+ samlVerificationEngine.validateAssertion(samlResp, true,
+ credentialProvider.getIDPAssertionEncryptionCredential(),
+ pendingReq.getAuthURL() + EIDProxyAuthConstants.ENDPOINT_METADATA,
+ EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING);
+
+ msg.setSAMLMessage(SAML2Utils.asDOMDocument(samlResp).getDocumentElement());
+ revisionsLogger.logEvent(pendingReq,
+ MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED,
+ samlResp.getID());
+ return msg;
+
+ } else {
+ Logger.info("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue()
+ + " from 'E-ID System'.");
+ revisionsLogger.logEvent(pendingReq,
+ MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR);
+ throw new AuthnResponseValidationException("sp.pvp2.05",
+ new Object[]{EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING,
+ samlResp.getIssuer().getValue(),
+ samlResp.getStatus().getStatusCode().getValue(),
+ samlResp.getStatus().getStatusMessage().getMessage()});
+
+ }
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthCredentialProvider.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthCredentialProvider.java
new file mode 100644
index 000000000..a9b886a85
--- /dev/null
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthCredentialProvider.java
@@ -0,0 +1,124 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
+import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+
+/**
+ * @author tlenz
+ *
+ */
+@Service("EIDAuthCredentialProvider")
+public class EIDAuthCredentialProvider extends AbstractCredentialProvider {
+
+ @Autowired AuthConfiguration authConfig;
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath()
+ */
+ @Override
+ public String getKeyStoreFilePath() throws ConfigurationException {
+ return FileUtils.makeAbsoluteURL(
+ authConfig.getBasicConfiguration(EIDProxyAuthConstants.CONFIG_PROPS_KEYSTORE),
+ authConfig.getRootConfigFileDir());
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStorePassword()
+ */
+ @Override
+ public String getKeyStorePassword() {
+ return authConfig.getBasicConfiguration(EIDProxyAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim();
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getMetadataKeyAlias()
+ */
+ @Override
+ public String getMetadataKeyAlias() {
+ return authConfig.getBasicConfiguration(
+ EIDProxyAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD).trim();
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getMetadataKeyPassword()
+ */
+ @Override
+ public String getMetadataKeyPassword() {
+ return authConfig.getBasicConfiguration(
+ EIDProxyAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD).trim();
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getSignatureKeyAlias()
+ */
+ @Override
+ public String getSignatureKeyAlias() {
+ return authConfig.getBasicConfiguration(
+ EIDProxyAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD).trim();
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getSignatureKeyPassword()
+ */
+ @Override
+ public String getSignatureKeyPassword() {
+ return authConfig.getBasicConfiguration(
+ EIDProxyAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD).trim();
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getEncryptionKeyAlias()
+ */
+ @Override
+ public String getEncryptionKeyAlias() {
+ return authConfig.getBasicConfiguration(
+ EIDProxyAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD).trim();
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getEncryptionKeyPassword()
+ */
+ @Override
+ public String getEncryptionKeyPassword() {
+ return authConfig.getBasicConfiguration(
+ EIDProxyAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD).trim();
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getCredentialName()
+ */
+ @Override
+ public String getFriendlyName() {
+ return "E-ID Proxy authentication";
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthMetadataProvider.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthMetadataProvider.java
new file mode 100644
index 000000000..649cfa691
--- /dev/null
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthMetadataProvider.java
@@ -0,0 +1,347 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils;
+
+import java.net.MalformedURLException;
+import java.util.List;
+import java.util.Timer;
+
+import javax.xml.namespace.QName;
+
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.MOAHttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.parse.BasicParserPool;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.components.spring.api.IDestroyableObject;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
+import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+
+@Service("EIDAuthMetadataProvider")
+public class EIDAuthMetadataProvider extends SimpleMetadataProvider
+ implements IDestroyableObject {
+ @Autowired(required=true) AuthConfiguration moaAuthConfig;
+
+ private ChainingMetadataProvider metadataProvider = new ChainingMetadataProvider();
+ private Timer timer = null;
+
+
+ public EIDAuthMetadataProvider() {
+ metadataProvider.setRequireValidMetadata(true);
+
+ }
+
+ public void addMetadataWithMetadataURL(String metadataURL) throws MetadataProviderException {
+ internalInitialize(metadataURL);
+
+ }
+
+ public void destroy() {
+ fullyDestroy();
+
+ }
+
+
+
+ /* (non-Javadoc)
+ * @see org.opensaml.saml2.metadata.provider.MetadataProvider#requireValidMetadata()
+ */
+ @Override
+ public boolean requireValidMetadata() {
+ return metadataProvider.requireValidMetadata();
+
+ }
+
+ /* (non-Javadoc)
+ * @see org.opensaml.saml2.metadata.provider.MetadataProvider#setRequireValidMetadata(boolean)
+ */
+ @Override
+ public void setRequireValidMetadata(boolean requireValidMetadata) {
+ metadataProvider.setRequireValidMetadata(requireValidMetadata);
+
+ }
+
+ /* (non-Javadoc)
+ * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadataFilter()
+ */
+ @Override
+ public MetadataFilter getMetadataFilter() {
+ return metadataProvider.getMetadataFilter();
+
+ }
+
+ /* (non-Javadoc)
+ * @see org.opensaml.saml2.metadata.provider.MetadataProvider#setMetadataFilter(org.opensaml.saml2.metadata.provider.MetadataFilter)
+ */
+ @Override
+ public void setMetadataFilter(MetadataFilter newFilter) throws MetadataProviderException {
+ Logger.fatal("Set Metadata Filter is not implemented her!");
+
+ }
+
+ /* (non-Javadoc)
+ * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadata()
+ */
+ @Override
+ public XMLObject getMetadata() throws MetadataProviderException {
+ return metadataProvider.getMetadata();
+
+ }
+
+ /* (non-Javadoc)
+ * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getEntitiesDescriptor(java.lang.String)
+ */
+ @Override
+ public EntitiesDescriptor getEntitiesDescriptor(String name) throws MetadataProviderException {
+ return metadataProvider.getEntitiesDescriptor(name);
+
+ }
+
+ /* (non-Javadoc)
+ * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getEntityDescriptor(java.lang.String)
+ */
+ @Override
+ public EntityDescriptor getEntityDescriptor(String entityID) throws MetadataProviderException {
+ try {
+ //search if metadata is already loaded
+ EntityDescriptor entityDesc = metadataProvider.getEntityDescriptor(entityID);
+
+ if (entityDesc != null)
+ return entityDesc;
+ else
+ Logger.info("No metadata from centrial E-ID system " + entityID + " Starting refresh process ...");
+
+ } catch (MetadataProviderException e) {
+ Logger.info("Access metadata from centrial E-ID system: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ...");
+
+ }
+
+ //(re)initialize ms-specific eIDAS node
+ internalInitialize(entityID);
+
+ //search again after reload (re)initialization
+ try {
+ EntityDescriptor entityDesc = metadataProvider.getEntityDescriptor(entityID);
+ if (entityDesc == null) {
+ Logger.error("E-ID Proxy Client ERROR: No EntityID with "+ entityID);
+ throw new MetadataProviderException("No EntityID with "+ entityID);
+ }
+
+ return entityDesc;
+
+ } catch (MetadataProviderException e) {
+ Logger.error("E-ID Proxy Client ERROR: Metadata extraction FAILED.", e);
+ throw new MetadataProviderException("Metadata extraction FAILED", e);
+
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName)
+ */
+ @Override
+ public List<RoleDescriptor> getRole(String entityID, QName roleName) throws MetadataProviderException {
+ try {
+ //search if metadata is already loaded
+ List<RoleDescriptor> role = metadataProvider.getRole(entityID, roleName);
+
+ if (role != null)
+ return role;
+ else
+ Logger.info("No metadata from centrial E-ID system: " + entityID + " Starting refresh process ...");
+
+ } catch (MetadataProviderException e) {
+ Logger.info("Access metadata from centrial E-ID system: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ...");
+
+ }
+
+ //(re)initialize ms-specific eIDAS node
+ internalInitialize(entityID);
+
+ //search again after reload (re)initialization
+ return metadataProvider.getRole(entityID, roleName);
+ }
+
+ /* (non-Javadoc)
+ * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName, java.lang.String)
+ */
+ @Override
+ public RoleDescriptor getRole(String entityID, QName roleName, String supportedProtocol)
+ throws MetadataProviderException {
+ try {
+ //search if metadata is already loaded
+ RoleDescriptor role = metadataProvider.getRole(entityID, roleName, supportedProtocol);
+
+ if (role != null)
+ return role;
+ else
+ Logger.info("No metadata from centrial E-ID system: " + entityID + " Starting refresh process ...");
+
+ } catch (MetadataProviderException e) {
+ Logger.info("Access metadata from centrial E-ID system: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ...");
+
+ }
+
+ //(re)initialize ms-specific eIDAS node
+ internalInitialize(entityID);
+
+ //search again after reload (re)initialization
+ return metadataProvider.getRole(entityID, roleName, supportedProtocol);
+ }
+
+ private synchronized void internalInitialize(String metdataURL) throws MetadataProviderException {
+
+ //check if metadata with EntityID already exists in chaining metadata provider
+ boolean addNewMetadata = true;
+ try {
+ addNewMetadata = (metadataProvider.getEntityDescriptor(metdataURL) == null);
+
+ } catch (MetadataProviderException e) {}
+
+ //switch between metadata refresh and add new metadata
+ if (addNewMetadata) {
+ //Metadata provider seems not loaded --> Add new metadata provider
+ Logger.info("Initialize PVP MetadataProvider:" + metdataURL + " to connect centrial E-ID system");
+
+ String trustProfileID = authConfig.getBasicConfiguration(EIDProxyAuthConstants.CONFIG_PROPS_NODE_TRUSTPROFILEID);
+ if (MiscUtil.isEmpty(trustProfileID)) {
+ Logger.error("Create E-ID proxy client FAILED: No trustProfileID to verify PVP metadata." );
+ throw new MetadataProviderException("No trustProfileID to verify PVP metadata.");
+ }
+
+ //initialize Timer if it is null
+ if (timer == null)
+ timer = new Timer(true);
+
+ //create metadata validation filter chain
+ MetadataFilterChain filter = new MetadataFilterChain();
+ filter.addFilter(new SchemaValidationFilter(true));
+ filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID));
+
+ MetadataProvider idpMetadataProvider = createNewSimpleMetadataProvider(metdataURL,
+ filter,
+ EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING,
+ timer,
+ new BasicParserPool(),
+ createHttpClient(metdataURL));
+
+ if (idpMetadataProvider == null) {
+ Logger.error("Create E-ID Proxy client FAILED.");
+ throw new MetadataProviderException("Can not initialize 'E-ID Proxy client' metadata provider.");
+
+ }
+
+ idpMetadataProvider.setRequireValidMetadata(true);
+ metadataProvider.addMetadataProvider(idpMetadataProvider);
+
+ } else {
+ //Metadata provider seems already loaded --> start refresh process
+ List<MetadataProvider> loadedProvider = metadataProvider.getProviders();
+ for (MetadataProvider el : loadedProvider) {
+ if (el instanceof HTTPMetadataProvider) {
+ HTTPMetadataProvider prov = (HTTPMetadataProvider)el;
+ if (prov.getMetadataURI().equals(metdataURL))
+ prov.refresh();
+
+ } else
+ Logger.warn("'E-ID Proxy client' Metadata provider is not of Type 'HTTPMetadataProvider'! Something is suspect!!!!");
+
+ }
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.IDestroyableObject#fullyDestroy()
+ */
+ @Override
+ public void fullyDestroy() {
+ Logger.info("Destroy 'E-ID Proxy client' PVP metadata pool ... ");
+
+ if (metadataProvider != null) {
+ metadataProvider.destroy();
+
+ }
+
+ if (timer != null)
+ timer.cancel();
+
+ }
+
+ private HttpClient createHttpClient(String metadataURL) {
+ MOAHttpClient httpClient = new MOAHttpClient();
+ HttpClientParams httpClientParams = new HttpClientParams();
+ httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
+ httpClient.setParams(httpClientParams);
+
+ if (metadataURL.startsWith("https:")) {
+ try {
+ //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
+ MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+ PVPConstants.SSLSOCKETFACTORYNAME,
+ moaAuthConfig.getBasicConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
+ moaAuthConfig.getTrustedCACertificates(),
+ null,
+ AuthConfiguration.DEFAULT_X509_CHAININGMODE,
+ moaAuthConfig.isTrustmanagerrevoationchecking(),
+ moaAuthConfig.getRevocationMethodOrder(),
+ moaAuthConfig.getBasicConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
+
+ httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+
+ } catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) {
+ Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
+
+ }
+ }
+
+ return httpClient;
+
+ }
+}
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/Utils.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/Utils.java
new file mode 100644
index 000000000..cd578d373
--- /dev/null
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/Utils.java
@@ -0,0 +1,45 @@
+package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils;
+
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class Utils {
+
+ public static String getEIDSystemEntityId(ISPConfiguration spConfiguration, IConfiguration authConfig) {
+ //load from service-provider configuration
+ String msNodeEntityID = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_EID_SYSTEM_SERVICE_URL);
+
+ if (StringUtils.isEmpty(msNodeEntityID)) {
+ Logger.debug("No SP-specific E-ID system URL. Switch to general configuration ... ");
+ if (authConfig instanceof AuthConfiguration) {
+ AuthConfiguration moaAuthConfig = (AuthConfiguration)authConfig;
+ List<String> configuratedEntityIDs = KeyValueUtils.getListOfCSVValues(
+ moaAuthConfig.getConfigurationWithKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_EID_SYSTEM_SERVICE_URL));
+
+ if (configuratedEntityIDs.size() > 0)
+ msNodeEntityID = configuratedEntityIDs.get(0);
+ else
+ Logger.info("No E-ID system URL in IDP configuration. Switch to backup configuration ... ");
+
+ } else
+ Logger.info("Basic configuration is NOT of type '" + AuthConfiguration.class.getName()
+ + "' Switch to generic Type ... ");
+
+
+ if (StringUtils.isEmpty(msNodeEntityID))
+ msNodeEntityID = authConfig.getBasicConfiguration(EIDProxyAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
+
+ }
+
+ return msNodeEntityID;
+ }
+}
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/EID_connector_auth.process.xml b/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/EID_connector_auth.process.xml
new file mode 100644
index 000000000..aee4ab403
--- /dev/null
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/EID_connector_auth.process.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="EIDAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
+
+ <pd:Task id="createEIDAuthnRequest" class="CreateEIDSystemAuthnRequestTask" />
+ <pd:Task id="receiveEIDAuthnResponse" class="ReceiveEIDSystemAuthnResponseTask" async="true" />
+ <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" />
+
+ <pd:StartEvent id="start" />
+
+ <pd:Transition from="start" to="createEIDAuthnRequest" />
+ <pd:Transition from="createEIDAuthnRequest" to="receiveEIDAuthnResponse"/>
+ <pd:Transition from="receiveEIDAuthnResponse" to="finalizeAuthentication"/>
+ <pd:Transition from="finalizeAuthentication" to="end" />
+
+ <pd:EndEvent id="end" />
+
+</pd:ProcessDefinition> \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
new file mode 100644
index 000000000..7e511c22f
--- /dev/null
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
@@ -0,0 +1 @@
+at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthSpringResourceProvider \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/moaid_EID_connector.beans.xml b/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/moaid_EID_connector.beans.xml
new file mode 100644
index 000000000..93c70213d
--- /dev/null
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/moaid_EID_connector.beans.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+
+<!-- Federated authentication services -->
+ <bean id="EidasCentralAuthCredentialProvider"
+ class="at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.EIDAuthCredentialProvider"/>
+
+ <bean id="EidasCentralAuthMetadataController"
+ class="at.gv.egovernment.moa.id.auth.modules.eidproxyauth.controller.EIDAuthMetadataController"/>
+
+ <bean id="EidasCentralAuthModuleImpl"
+ class="at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthModuleImpl">
+ <property name="priority" value="2" />
+ </bean>
+
+ <bean id="EidasCentralAuthSignalController"
+ class="at.gv.egovernment.moa.id.auth.modules.eidproxyauth.controller.EIDAuthSignalController"/>
+
+ <bean id="EidasCentralAuthMetadataProvider"
+ class="at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.EIDAuthMetadataProvider" />
+
+ <bean id="pvpAuthnRequestBuilder"
+ class="at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder" />
+
+<!-- Federated Authentication Process Tasks -->
+ <bean id="CreateEIDSystemAuthnRequestTask"
+ class="at.gv.egovernment.moa.id.auth.modules.eidproxyauth.tasks.CreateAuthnRequestTask"
+ scope="prototype"/>
+
+ <bean id="ReceiveEIDSystemAuthnResponseTask"
+ class="at.gv.egovernment.moa.id.auth.modules.eidproxyauth.tasks.ReceiveAuthnResponseTask"
+ scope="prototype"/>
+
+</beans> \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index 2a401bb04..a1d6bb225 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -82,7 +82,7 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider imp
protected void initializeEidasMetadataFromFileSystem() throws ConfigurationException {
try {
- Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX);
+ Map<String, String> metadataToLoad = authConfig.getBasicConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX);
if (!metadataToLoad.isEmpty()) {
Logger.info("Load static configurated eIDAS metadata ... ");
for (String metaatalocation : metadataToLoad.values()) {
@@ -441,14 +441,14 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider imp
//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
PVPConstants.SSLSOCKETFACTORYNAME,
- basicConfig.getBasicMOAIDConfigurationBoolean(
+ basicConfig.getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
moaAuthConfig.getTrustedCACertificates(),
null,
AuthConfiguration.DEFAULT_X509_CHAININGMODE,
moaAuthConfig.isTrustmanagerrevoationchecking(),
moaAuthConfig.getRevocationMethodOrder(),
- moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+ moaAuthConfig.getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java
index e878f8ab1..3e7dcbdfc 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java
@@ -86,7 +86,7 @@ public class ReceiveConsentForAddtionalAttributesTask extends AbstractAuthServle
tokenServiceURL);
CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient(
sslFactory,
- authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true));
+ authConfig.getBasicConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true));
//build request URL
URIBuilder uriBuilderToken = new URIBuilder(tokenServiceURL);
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
index aa4dfbe60..f97267b3d 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
@@ -323,14 +323,14 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMetadataProvider
//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
PVPConstants.SSLSOCKETFACTORYNAME,
- moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+ moaAuthConfig.getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
moaAuthConfig.getTrustedCACertificates(),
null,
AuthConfiguration.DEFAULT_X509_CHAININGMODE,
moaAuthConfig.isTrustmanagerrevoationchecking(),
moaAuthConfig.getRevocationMethodOrder(),
- moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+ moaAuthConfig.getBasicConfigurationBoolean(
AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
index 3408cf538..a0b759ced 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
@@ -97,7 +97,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
X509Certificate encCert = null;
- if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_ENABLE_EID_ENCRYPTION, true))
+ if (authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_ENABLE_EID_ENCRYPTION, true))
encCert = joseTools.getEncryptionCertificate();
else
Logger.info("eID data encryption is disabled by configuration");
@@ -120,7 +120,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
vdaQualeIDUrl);
CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient(
sslFactory,
- moaAuthConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true));
+ moaAuthConfig.getBasicConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true));
//build http POST request
HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualeIDUrl).build());
@@ -211,7 +211,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
private String extractVDAURLForSpecificOA(ISPConfiguration oaConfig, ExecutionContext executionContext) {
String spSpecificVDAEndpoints = oaConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS);
- Map<String, String> endPointMap = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
+ Map<String, String> endPointMap = authConfig.getBasicConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
if (MiscUtil.isNotEmpty(spSpecificVDAEndpoints)) {
endPointMap.putAll(KeyValueUtils.convertListToMap(
KeyValueUtils.getListOfCSVValues(
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
index fc386b796..1826f824d 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
@@ -103,10 +103,10 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
//validate signature
VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(
sl20ReqObj, joseTools,
- authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true));
+ authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true));
if ( (payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned())) {
- if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) {
+ if (authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) {
Logger.info("SL20 result from VDA was not valid signed");
throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."});
@@ -133,7 +133,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
JsonElement qualeIDResult = SL20JSONExtractorUtils.extractSL20Result(
payLoad, joseTools,
- authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_ENCRYPTION, true));
+ authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_ENCRYPTION, true));
//extract attributes from result
Map<String, String> eIDData = SL20JSONExtractorUtils.getMapOfStringElements(qualeIDResult);
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
index 0c97641c7..468a91293 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
@@ -94,7 +94,7 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
//TODO: add LoA verification
} catch (MOAIDException e) {
- if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_DISABLE_EID_VALIDATION, false)) {
+ if (authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_DISABLE_EID_VALIDATION, false)) {
Logger.warn("SL20 eID data validation IS DISABLED!!");
Logger.warn("SL20 eID data IS NOT VALID!!! Reason: " + e.getMessage(), e);
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java
index 7b82eb253..b43eb22f8 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java
@@ -127,7 +127,7 @@ public class DummyAuthConfig implements AuthConfiguration {
}
@Override
- public Map<String, String> getBasicMOAIDConfigurationWithPrefix(String prefix) {
+ public Map<String, String> getBasicConfigurationWithPrefix(String prefix) {
// TODO Auto-generated method stub
return null;
}
@@ -395,13 +395,6 @@ public class DummyAuthConfig implements AuthConfiguration {
}
@Override
- public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) {
- // TODO Auto-generated method stub
- return false;
- }
-
-
- @Override
public URI getConfigurationRootDirectory() {
// TODO Auto-generated method stub
return null;
@@ -425,4 +418,16 @@ public class DummyAuthConfig implements AuthConfiguration {
return null;
}
+ @Override
+ public Boolean getBasicConfigurationBoolean(String key) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean getBasicConfigurationBoolean(String key, boolean defaultValue) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
index efbfd8472..912ad5859 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
@@ -28,6 +28,7 @@ import java.util.List;
import org.w3c.dom.Element;
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_VALUES;
import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -405,5 +406,17 @@ public class SSOTransferAuthenticationData implements IMOAAuthData {
return null;
}
+ @Override
+ public byte[] getEIDToken() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public EID_IDENTITY_STATUS_LEVEL_VALUES getEIDStatus() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
}
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 10ae63e17..fc8fb5955 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -54,6 +54,8 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDEIDTokenBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidIdentityStatusLevelAttributeBuiler;
import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
@@ -393,6 +395,42 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
+ try {
+ String onlineIDL = new EIDEIDTokenBuilder().build(
+ oaParam,
+ authData,
+ new SimpleStringAttributeGenerator());
+ if (MiscUtil.isNotEmpty(onlineIDL)) {
+ Logger.trace("Adding Online-IDL: " + onlineIDL + " as attribute into SAML1 assertion ... ");
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ PVPAttributeDefinitions.EID_E_ID_TOKEN_FRIENDLY_NAME, onlineIDL,
+ Constants.MOA_NS_URI,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ }
+ } catch (AttributeBuilderException e) {
+ Logger.info("Can NOT build additional 'Online-IDL' attribute. Reason: " + e.getMessage());
+
+ }
+
+ try {
+ String eidStatusLevel = new EidIdentityStatusLevelAttributeBuiler().build(
+ oaParam,
+ authData,
+ new SimpleStringAttributeGenerator());
+ if (MiscUtil.isNotEmpty(eidStatusLevel)) {
+ Logger.trace("Adding IdentityStatusLevel: " + eidStatusLevel + " as attribute into SAML1 assertion ... ");
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_FRIENDLY_NAME, eidStatusLevel,
+ Constants.MOA_NS_URI,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ }
+ } catch (AttributeBuilderException e) {
+ Logger.info("Can NOT build additional 'IdentityStatusLevel' attribute. Reason: " + e.getMessage());
+
+ }
+
//for mandates
try {
String additionalMandatorBpks = new MandateNaturalPersonBPKListAttributeBuilder().build(
@@ -429,6 +467,8 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
Logger.info("Can NOT build foreign Mandator bPKs. Reason: " + e.getMessage());
}
+
+
}
diff --git a/id/server/modules/module-monitoring/pom.xml b/id/server/modules/module-monitoring/pom.xml
index 0718f9017..252d20000 100644
--- a/id/server/modules/module-monitoring/pom.xml
+++ b/id/server/modules/module-monitoring/pom.xml
@@ -18,9 +18,13 @@
</properties>
<dependencies>
- <dependency>
+ <!-- dependency>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-modul-citizencard_authentication</artifactId>
+ </dependency-->
+ <dependency>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-lib</artifactId>
</dependency>
</dependencies>
diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml
index a86090178..85dc122dd 100644
--- a/id/server/modules/pom.xml
+++ b/id/server/modules/pom.xml
@@ -35,8 +35,9 @@
<module>moa-id-module-ssoTransfer</module>
<module>moa-id-module-bkaMobilaAuthSAML2Test</module>
- <module>moa-id-module-sl20_authentication</module>
+ <module>moa-id-module-sl20_authentication</module>
<module>moa-id-module-AT_eIDAS_connector</module>
+ <module>moa-id-module-E-ID_connector</module>
</modules>
<dependencies>