deactivated PVP EntityCategory mapper as default

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2017-11-28 10:54:34 +0100
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2017-11-28 10:54:34 +0100
commit: 91b54c413aca1f214de482e7ea899bdec114880d (patch)
tree: 3b9118a4858a574829449ce4ac3bab71ea72a38e /id
parent: bbc999c5d7912d0658216e7a8f59619135731ebf (diff)
download: moa-id-spss-91b54c413aca1f214de482e7ea899bdec114880d.tar.gz
moa-id-spss-91b54c413aca1f214de482e7ea899bdec114880d.tar.bz2
moa-id-spss-91b54c413aca1f214de482e7ea899bdec114880d.zip
6 files changed, 52 insertions, 29 deletions
diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties
index 15084b387..4228b0d3a 100644
--- a/id/server/data/deploy/conf/moa-id/moa-id.properties
+++ b/id/server/data/deploy/conf/moa-id/moa-id.properties
@@ -43,12 +43,6 @@ service.foreignidentities.acceptedServerCertificates=
 service.foreignidentities.clientKeyStore=keys/....
 service.foreignidentities.clientKeyStorePassword=
 
-##STORK 2
-stork.fakeIdL.active=false
-stork.fakeIdL.countries=
-stork.fakeIdL.keygroup=
-stork.documentservice.url=
-
 ##Protocol configuration##
 #PVP2
 protocols.pvp2.idp.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
@@ -59,6 +53,7 @@ protocols.pvp2.idp.ks.assertion.sign.alias=pvp_assertion
 protocols.pvp2.idp.ks.assertion.sign.keypassword=password
 protocols.pvp2.idp.ks.assertion.encryption.alias=pvp_assertion
 protocols.pvp2.idp.ks.assertion.encryption.keypassword=password
+protocols.pvp2.metadata.entitycategories.active=false
 
 #OpenID connect (OAuth)
 protocols.oauth20.jwt.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
index e6b86204a..1972d2150 100644
--- a/id/server/doc/handbook/config/config.html
+++ b/id/server/doc/handbook/config/config.html
@@ -576,6 +576,11 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
     <td>password</td>
     <td>Passwort des Schl&uuml;ssels mit dem PVP 2.1 Assertion f&uuml;r MOA-ID-Auth als Service Provider durch einen weiteren IDP Verschl&uuml;sselt werden sollen (siehe Kapitel <a href="./../interfederation/interfederation.html">Interfederation</a>)</td>
   </tr>
+  <tr>
+    <td>protocols.pvp2.metadata.entitycategories.active</td>
+    <td>true / <strong>false</strong></td>
+    <td>Funktion zum Mappen einer in den Metadaten enthaltenen PVP EntityCategory auf ein Set von PVP Attributen, welche von MOA-ID returniert werden sollen.</td>
+  </tr>
 </table>
 <p>&nbsp;</p>
 <h6><a name="basisconfig_moa_id_auth_param_protocol_openid" id="uebersicht_bekanntmachung11"></a>2.2.2.3.2 OpenID Connect</h6>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index 332604257..d3e340a90 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -1311,7 +1311,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 		String value = properties.getProperty(key);
 		
 		if (MiscUtil.isNotEmpty(value))
-			return Boolean.valueOf(value);
+			return Boolean.valueOf(value.trim());
 						
 		return defaultValue;
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 585aac805..7f6f9b88c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -51,6 +51,7 @@ import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.auth.IDestroyableObject;
 import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
@@ -491,7 +492,10 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 	private PVPMetadataFilterChain buildMetadataFilterChain(IOAAuthParameters oaParam, String metadataURL, byte[] certificate) throws CertificateException, ConfigurationException {
 		PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate);
 		filterChain.getFilters().add(new SchemaValidationFilter());
-		filterChain.getFilters().add(new PVPEntityCategoryFilter());
+		filterChain.getFilters().add(
+				new PVPEntityCategoryFilter(authConfig.getBasicMOAIDConfigurationBoolean(
+						AuthConfiguration.PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER, 
+						false)));
 		
 		if (oaParam.isInderfederationIDP()) {
 			Logger.info("Online-Application is an interfederated IDP. Add addional Metadata policies");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
index 95d30db49..ed96f1962 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
@@ -54,6 +54,17 @@ import at.gv.egovernment.moaspss.logging.Logger;
 public class PVPEntityCategoryFilter implements MetadataFilter {
 
 
+	private boolean isUsed = false;
+	
+	/**
+	 * Filter to map PVP EntityCategories into a set of single PVP attributes 
+	 * 
+	 * @param isUsed if true PVP EntityCategories are mapped, otherwise they are ignored
+	 * 
+	 */
+	public PVPEntityCategoryFilter(boolean isUsed) {
+		this.isUsed = isUsed;
+	}
 	
 	
 	/* (non-Javadoc)
@@ -61,31 +72,38 @@ public class PVPEntityCategoryFilter implements MetadataFilter {
 	 */
 	@Override
 	public void doFilter(XMLObject metadata) throws FilterException {
-		String entityId = null;
-		try {
-			if (metadata instanceof EntitiesDescriptor) {
-				Logger.trace("Find EnitiesDescriptor ... ");
-				EntitiesDescriptor entitiesDesc = (EntitiesDescriptor) metadata;
-				if (entitiesDesc.getEntityDescriptors() != null) {
-					for (EntityDescriptor el : entitiesDesc.getEntityDescriptors()) 
-						resolveEntityCategoriesToAttributes(el);
+		
+		if (isUsed) {
+			Logger.trace("Map PVP EntityCategory to single PVP Attributes ... ");
+			String entityId = null;
+			try {
+				if (metadata instanceof EntitiesDescriptor) {
+					Logger.trace("Find EnitiesDescriptor ... ");
+					EntitiesDescriptor entitiesDesc = (EntitiesDescriptor) metadata;
+					if (entitiesDesc.getEntityDescriptors() != null) {
+						for (EntityDescriptor el : entitiesDesc.getEntityDescriptors()) 
+							resolveEntityCategoriesToAttributes(el);
+						
+					}
+									
+				} else if (metadata instanceof EntityDescriptor) {
+					Logger.trace("Find EntityDescriptor");
+					resolveEntityCategoriesToAttributes((EntityDescriptor)metadata);
 					
-				}
-								
-			} else if (metadata instanceof EntityDescriptor) {
-				Logger.trace("Find EntityDescriptor");
-				resolveEntityCategoriesToAttributes((EntityDescriptor)metadata);
+					
+				} else
+					throw new MOAIDException("Invalid Metadata file Root element is no Entities- or EntityDescriptor", null);
 				
 				
-			} else
-				throw new MOAIDException("Invalid Metadata file Root element is no Entities- or EntityDescriptor", null);
-			
-			
-			
-		} catch (Exception e) {
-			Logger.warn("SAML2 Metadata processing FAILED: Can not resolve EntityCategories for metadata: " + entityId, e);
+				
+			} catch (Exception e) {
+				Logger.warn("SAML2 Metadata processing FAILED: Can not resolve EntityCategories for metadata: " + entityId, e);
+				
+			}
 			
-		}
+		} else
+			Logger.trace("Filter to map PVP EntityCategory to single PVP Attributes is deactivated");
+		
 	}
 
 	private void resolveEntityCategoriesToAttributes(EntityDescriptor metadata) {
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
index 07b07d980..4dda4c736 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
@@ -13,6 +13,7 @@ public interface AuthConfiguration extends ConfigurationProvider{
 
 	public static final String PROP_KEY_SSL_HOSTNAME_VALIDATION = "configuration.ssl.validation.hostname";
 	public static final String PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION = "service.onlinemandates.ssl.validation.hostname";
+	public static final String PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER = "protocols.pvp2.metadata.entitycategories.active";
 	
 	public static final String DEFAULT_X509_CHAININGMODE = "pkix";
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2017-11-28 10:54:34 +0100
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2017-11-28 10:54:34 +0100
commit	91b54c413aca1f214de482e7ea899bdec114880d (patch)
tree	3b9118a4858a574829449ce4ac3bab71ea72a38e /id
parent	bbc999c5d7912d0658216e7a8f59619135731ebf (diff)
download	moa-id-spss-91b54c413aca1f214de482e7ea899bdec114880d.tar.gz moa-id-spss-91b54c413aca1f214de482e7ea899bdec114880d.tar.bz2 moa-id-spss-91b54c413aca1f214de482e7ea899bdec114880d.zip