diff options
25 files changed, 445 insertions, 31 deletions
diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml index c601296ac..e3e9ee4f0 100644 --- a/id/server/auth/pom.xml +++ b/id/server/auth/pom.xml @@ -152,6 +152,11 @@ <artifactId>moa-id-module-openID</artifactId> </dependency> + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-elga_mandate_service</artifactId> + </dependency> + <!-- <dependency> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-module-pvp2</artifactId> diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java index 36390ba62..d5fc90023 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java @@ -74,7 +74,7 @@ public abstract class AbstractController extends MOAIDAuthConstants { private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; private static final String HTMLTEMPLATEFULL = "error_message.html"; - private static String CONTEXTPATH = "#CONTEXTPATH#"; + private static String CONTEXTPATH = "contextPath"; @Autowired protected StatisticLogger statisticLogger; @Autowired protected IRequestStorage requestStorage; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java index 1d9a57b48..3f9093a21 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java @@ -103,19 +103,21 @@ public class GUILayoutBuilderServlet extends AbstractController { } private IRequest extractPendingRequest(HttpServletRequest req) { - try { - String authURL = HTTPUtils.extractAuthURLFromRequest(req); + try { String pendingReqID = StringEscapeUtils.escapeHtml( req.getParameter(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); - if (MiscUtil.isNotEmpty(pendingReqID) && authConfig.getPublicURLPrefix().contains(authURL)) { + if (MiscUtil.isNotEmpty(pendingReqID)) { IRequest pendingReq = requestStorage.getPendingRequest(pendingReqID); - if (pendingReq != null) + if (pendingReq != null) { + Logger.trace("GUI-Layout builder: Pending-request:" + + pendingReqID + " found -> Build specific template"); return pendingReq; - + + } } - Logger.info("Prohibit GUI-Layout builder-request. No pending-request or wrong auth-URL."); + Logger.trace("GUI-Layout builder: No pending-request found -> Use default templates"); } catch (Exception e) { Logger.warn("GUI-Layout builder-servlet has an error during request-preprocessing.", e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index 427bb9464..9397f1132 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -111,10 +111,8 @@ public class IDPSingleLogOutServlet extends AbstractController { else context.put("errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - - context.put(SSOManager.CONTEXTPATH, authURL); - ssoManager.printSingleLogOutInfo(context, resp); + ssoManager.printSingleLogOutInfo(context, resp, authURL); } catch (MOAIDException e) { handleErrorNoRedirect(e, req, resp, false); @@ -209,7 +207,7 @@ public class IDPSingleLogOutServlet extends AbstractController { MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); try { - ssoManager.printSingleLogOutInfo(context, resp); + ssoManager.printSingleLogOutInfo(context, resp, authURL); } catch (MOAIDException e) { e.printStackTrace(); @@ -223,7 +221,7 @@ public class IDPSingleLogOutServlet extends AbstractController { context.put("successMsg", MOAIDMessageProvider.getInstance().getMessage("slo.02", null)); try { - ssoManager.printSingleLogOutInfo(context, resp); + ssoManager.printSingleLogOutInfo(context, resp, authURL); } catch (MOAIDException e) { e.printStackTrace(); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/Pair.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java index eb3cfcccb..0b46345d3 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/Pair.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java @@ -20,7 +20,7 @@ * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.oauth20; +package at.gv.egovernment.moa.id.data; public class Pair<P1, P2> { private final P1 first; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 73d682c21..a97486097 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -554,8 +554,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { context.put("redirectURLs", sloReqList); context.put("timeoutURL", timeOutURL); context.put("timeout", SLOTIMEOUT); - context.put(SSOManager.CONTEXTPATH, authURL); - ssoManager.printSingleLogOutInfo(context, httpResp); + ssoManager.printSingleLogOutInfo(context, httpResp, authURL); } else { @@ -575,7 +574,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { else context.put("errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - ssoManager.printSingleLogOutInfo(context, httpResp); + ssoManager.printSingleLogOutInfo(context, httpResp, authURL); } @@ -593,7 +592,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { VelocityContext context = new VelocityContext(); context.put("errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - ssoManager.printSingleLogOutInfo(context, httpResp); + ssoManager.printSingleLogOutInfo(context, httpResp, authURL); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index 856410d7b..3b7c99d5a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -64,7 +64,7 @@ import at.gv.egovernment.moa.util.MiscUtil; public class SSOManager { private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; private static final String HTMLTEMPLATEFULL = "slo_template.html"; - public static String CONTEXTPATH = "#CONTEXTPATH#"; + public static String CONTEXTPATH = "contextPath"; private static final String SSOCOOKIE = "MOA_ID_SSO"; private static final String SSOINTERFEDERATION = "MOA_INTERFEDERATION_SSO"; @@ -313,9 +313,10 @@ public class SSOManager { } - public void printSingleLogOutInfo(VelocityContext context, HttpServletResponse httpResp) throws MOAIDException { + public void printSingleLogOutInfo(VelocityContext context, HttpServletResponse httpResp, String authURL) throws MOAIDException { try { Logger.trace("Initialize VelocityEngine..."); + context.put(CONTEXTPATH, authURL); InputStream is = null; String pathLocation = null; @@ -362,7 +363,7 @@ public class SSOManager { BufferedReader reader = new BufferedReader(new InputStreamReader(is )); //set default elements to velocity context - context.put("contextpath", authConfig.getPublicURLPrefix()); + //context.put(CONTEXTPATH, authConfig.getPublicURLPrefix()); StringWriter writer = new StringWriter(); //velocityEngine.evaluate(context, writer, "SLO_Template", reader); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java index a9fc994ec..0ab630dc2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java @@ -67,10 +67,12 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon try { //load stored exception from database Throwable throwable = transactionStorage.get(errorid, Throwable.class); - transactionStorage.remove(errorid); - + if (throwable != null) { - if (pendingReq != null) { + //remove exception if it was found + transactionStorage.remove(errorid); + + if (pendingReq != null) { revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR); //build protocol-specific error message if possible diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java new file mode 100644 index 000000000..4def39d54 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java @@ -0,0 +1,67 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.protocols.builder.attributes; + +import java.io.IOException; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; + +public class HolderOfKey implements IPVPAttributeBuilder { + + public String getName() { + return PVP_HOLDEROFKEY_NAME; + } + + public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + + try { + byte[] certEncoded = authData.getGenericData( + MOAIDAuthConstants.MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE, + byte[].class); + + if (certEncoded != null) { + return g.buildStringAttribute(PVP_HOLDEROFKEY_FRIENDLY_NAME, PVP_HOLDEROFKEY_NAME, + Base64Utils.encode(certEncoded)); + + } + + } + catch (IOException e) { + Logger.info("Encode AuthBlock BASE64 failed."); + } + throw new UnavailableAttributeException(PVP_HOLDEROFKEY_NAME); + + } + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(PVP_HOLDEROFKEY_NAME, PVP_HOLDEROFKEY_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java index dc0cab8c3..1d2754e3f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java @@ -274,4 +274,8 @@ public interface PVPConstants { public static final String CHARGE_CODE_NAME = URN_OID_PREFIX + CHARGE_CODE_OID; public static final String CHARGE_CODE_FRIENDLY_NAME = "CHARGE-CODE"; public static final int CHARGE_CODE_MAX_LENGTH = 32767; + + public static final String PVP_HOLDEROFKEY_OID = "1.2.40.0.10.2.1.1.261.xx.xx"; + public static final String PVP_HOLDEROFKEY_NAME = URN_OID_PREFIX + PVP_VERSION_OID; + public static final String PVP_HOLDEROFKEY_FRIENDLY_NAME = "HOLDER-OF-KEY-CERTIFICATE"; } diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder index bb98bcc6f..8e5d6ee3c 100644 --- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder +++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder @@ -28,3 +28,4 @@ at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttri at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.PrincipalNameAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.PVPVersionAttributeBuilder +at.gv.egovernment.moa.id.protocols.builder.attributes.HolderOfKey diff --git a/id/server/idserverlib/src/main/resources/resources/templates/error_message.html b/id/server/idserverlib/src/main/resources/resources/templates/error_message.html index 6cc8b99e2..4fd4d63cd 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/error_message.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/error_message.html @@ -1,7 +1,7 @@ <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> - <link rel="stylesheet" href="#CONTEXTPATH#/css/buildCSS" /> + <link rel="stylesheet" href="$contextPath/css/buildCSS" /> <title>An error arise ... </title> </head> diff --git a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html index 220dd980a..b3eb18082 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html @@ -3,7 +3,7 @@ <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <!-- MOA-ID 2.x BKUSelection Layout CSS --> - <link rel="stylesheet" href="#CONTEXTPATH#/css/buildCSS" /> + <link rel="stylesheet" href="$contextPath/css/buildCSS" /> #if($timeoutURL) <script type="text/javascript"> diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/AuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java index 29118ac17..cbdef7093 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/AuthModuleImpl.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java @@ -10,13 +10,19 @@ import at.gv.egovernment.moa.id.process.api.ExecutionContext; /** * Module descriptor */ -public class AuthModuleImpl implements AuthModule { +public class DefaultCitizenCardAuthModuleImpl implements AuthModule { @Override public int getPriority() { return 0; } + public String getProcessName() { + return "DefaultAuthentication"; + + + } + @Override public String selectProcess(ExecutionContext context) { //select process if BKU is selected and it is no STORK authentication @@ -29,7 +35,7 @@ public class AuthModuleImpl implements AuthModule { if (StringUtils.isBlank((String) context.get("ccc")) && StringUtils.isNotBlank((String) context.get(MOAIDAuthConstants.PARAM_BKU)) && !performBKUSelection) - return "DefaultAuthentication"; + return getProcessName(); else return null; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule index 02b4e5d7c..e628fbd1b 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule @@ -1,2 +1,2 @@ # The default moaid process -at.gv.egovernment.moa.id.auth.modules.internal.AuthModuleImpl +at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl diff --git a/id/server/modules/moa-id-module-elga_mandate_service/.gitignore b/id/server/modules/moa-id-module-elga_mandate_service/.gitignore new file mode 100644 index 000000000..b83d22266 --- /dev/null +++ b/id/server/modules/moa-id-module-elga_mandate_service/.gitignore @@ -0,0 +1 @@ +/target/ diff --git a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml new file mode 100644 index 000000000..3b5d1ba66 --- /dev/null +++ b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml @@ -0,0 +1,47 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-modules</artifactId> + <version>${moa-id-version}</version> + </parent> + <artifactId>moa-id-module-elga_mandate_service</artifactId> + <version>${moa-id-module-elga_mandate_client}</version> + <name>ELGA mandate-service client</name> + <description>This authentication module implements a + client to integrate ELGA mandates in the MOA-ID identification and authentication process. + </description> + <organization> + <name>EGIZ</name> + <url>https://www.egiz.gv.at</url> + </organization> + <developers> + <developer> + <name>Thomas Lenz</name> + <organization>EGIZ</organization> + <email>thomas.lenz@egiz.gv.at</email> + </developer> + </developers> + + <properties> + <repositoryPath>${basedir}/../../../../repository</repositoryPath> + </properties> + + <dependencies> + <dependency> + <groupId>MOA.id.server</groupId> + <artifactId>moa-id-lib</artifactId> + </dependency> + + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-modul-citizencard_authentication</artifactId> + <exclusions> + <exclusion> + <groupId>*</groupId> + </exclusion> + </exclusions> + </dependency> + </dependencies> + +</project>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java new file mode 100644 index 000000000..935cefdf9 --- /dev/null +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java @@ -0,0 +1,51 @@ +package at.gv.egovernment.moa.id.auth.modules.elgamandates; +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/** + * @author tlenz + * + */ +public class ELGAMandatesAuthConstants { + + public static final int METADATA_VALIDUNTIL_IN_HOURS = 24; + + public static final String ENDPOINT_POST = "/sp/elga_mandate/post"; + public static final String ENDPOINT_REDIRECT = "/sp/elga_mandate/redirect"; + public static final String ENDPOINT_METADATA = "/sp/elga_mandate/metadata"; + + public static final String CONFIG_PROPS_PREFIX = "modules.elga_mandate."; + public static final String CONFIG_PROPS_KEYSTORE = CONFIG_PROPS_PREFIX + "keystore.path"; + public static final String CONFIG_PROPS_KEYSTOREPASSWORD = CONFIG_PROPS_PREFIX + "keystore.password"; + public static final String CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.password"; + public static final String CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.alias"; + public static final String CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.password"; + public static final String CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.alias"; + public static final String CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.password"; + public static final String CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.alias"; + + public static final String CONFIG_DEFAULT_QAA_STORK_LEVEL = "http://www.stork.gov.eu/1.0/citizenQAALevel/4"; + public static final String CONFIG_DEFAULT_QAA_SECCLASS_LEVEL = "http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3"; + +} diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java new file mode 100644 index 000000000..7f7af704c --- /dev/null +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java @@ -0,0 +1,69 @@ +package at.gv.egovernment.moa.id.auth.modules.elgamandates; +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl; + +/** + * This authentication module extens the default citizen + * + * @author tlenz + * + */ +public class ELGAMandatesAuthModuleImpl extends DefaultCitizenCardAuthModuleImpl { + + private int priority = 0; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() + */ + @Override + public int getPriority() { + return priority; + } + + @Override + public String getProcessName() { + return "DefaultAuthenticationWithELGAMandates"; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml" }; + } + + /** + * @param priority the priority to set + */ + public void setPriority(int priority) { + this.priority = priority; + + } + + +} diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesSpringResourceProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesSpringResourceProvider.java new file mode 100644 index 000000000..649e8e5f5 --- /dev/null +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesSpringResourceProvider.java @@ -0,0 +1,64 @@ +package at.gv.egovernment.moa.id.auth.modules.elgamandates; +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +/** + * @author tlenz + * + */ +public class ELGAMandatesSpringResourceProvider implements SpringResourceProvider { + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad() + */ + @Override + public Resource[] getResourcesToLoad() { + ClassPathResource elgaAuthConfig = new ClassPathResource("/moaid_elga_mandate_client_auth.beans.xml", ELGAMandatesSpringResourceProvider.class); + + return new Resource[] {elgaAuthConfig}; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan() + */ + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName() + */ + @Override + public String getName() { + return "MOA-ID Auth-module 'ELGA Mandate-Client'"; + } + +} diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 000000000..1ebc153ce --- /dev/null +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesSpringResourceProvider
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml new file mode 100644 index 000000000..1c0071c4a --- /dev/null +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml @@ -0,0 +1,53 @@ +<?xml version="1.0" encoding="UTF-8"?> +<pd:ProcessDefinition id="DefaultAuthenticationWithELGAMandates" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> + +<!-- + - National authentication with Austrian Citizen Card and mobile signature with our without mandate. + - Legacy authentication for foreign citizens using MOCCA supported signature cards. +--> + <pd:Task id="initializeBKUAuthentication" class="InitializeBKUAuthenticationTask" /> + <pd:Task id="createIdentityLinkForm" class="CreateIdentityLinkFormTask" /> + <pd:Task id="verifyIdentityLink" class="VerifyIdentityLinkTask" async="true" /> + <pd:Task id="verifyAuthBlock" class="VerifyAuthenticationBlockTask" async="true" /> + <pd:Task id="verifyCertificate" class="VerifyCertificateTask" async="true" /> + <pd:Task id="getMISMandate" class="GetMISSessionIDTask" async="true" /> + <pd:Task id="certificateReadRequest" class="CertificateReadRequestTask" /> + <pd:Task id="prepareAuthBlockSignature" class="PrepareAuthBlockSignatureTask" /> + <pd:Task id="prepareGetMISMandate" class="PrepareGetMISMandateTask" /> + <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> + <pd:Task id="getForeignID" class="GetForeignIDTask" async="true" /> + + <!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. --> + <pd:StartEvent id="start" /> + + <pd:Transition from="start" to="initializeBKUAuthentication" /> + + <pd:Transition from="initializeBKUAuthentication" to="createIdentityLinkForm" /> + + <pd:Transition from="createIdentityLinkForm" to="verifyIdentityLink" /> + + <pd:Transition from="verifyIdentityLink" to="certificateReadRequest" conditionExpression="!ctx['identityLinkAvailable'] || ctx['useMandate']" /> + <pd:Transition from="verifyIdentityLink" to="prepareAuthBlockSignature" /> + + <pd:Transition from="prepareAuthBlockSignature" to="verifyAuthBlock" /> + <!-- Note: verifyAuthBlock still creates a MIS session and redirects the user to the MIS gui. This should be separated from the auth block verification. --> + + <pd:Transition from="certificateReadRequest" to="verifyCertificate" /> + <!-- Note: verifyCertificate still creates the auth block to be signed which should be separated from certificat verification. --> + + <pd:Transition from="verifyCertificate" to="verifyAuthBlock" conditionExpression="ctx['useMandate']" /> + <pd:Transition from="verifyCertificate" to="getForeignID" /> + + <pd:Transition from="verifyAuthBlock" to="prepareGetMISMandate" conditionExpression="ctx['useMandate']" /> + <pd:Transition from="verifyAuthBlock" to="finalizeAuthentication" /> + + <pd:Transition from="prepareGetMISMandate" to="getMISMandate" /> + + <pd:Transition from="getMISMandate" to="finalizeAuthentication" /> + <pd:Transition from="getForeignID" to="finalizeAuthentication" /> + + <pd:Transition from="finalizeAuthentication" to="end" /> + + <pd:EndEvent id="end" /> + +</pd:ProcessDefinition> diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml new file mode 100644 index 000000000..89f1edd06 --- /dev/null +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml @@ -0,0 +1,36 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + +<!-- ELGA mandate-service client beans --> + <bean id="elgaMandatesAuthModule" class="at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthModuleImpl"> + <property name="priority" value="1" /> + </bean> + + <bean id="FederatedAuthCredentialProvider" + class="at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider"/> + + <bean id="FederatedAuthMetadataController" + class="at.gv.egovernment.moa.id.auth.modules.federatedauth.controller.FederatedAuthMetadataController"/> + + <bean id="FederatedAuthSignalController" + class="at.gv.egovernment.moa.id.auth.modules.federatedauth.controller.FederatedAuthSignalController"/> + + +<!-- Federated Authentication Process Tasks --> + <bean id="CreateFederatedAuthnRequestTask" + class="at.gv.egovernment.moa.id.auth.modules.federatedauth.tasks.CreateAuthnRequestTask" + scope="prototype"/> + + <bean id="ReceiveFederatedAuthnResponseTask" + class="at.gv.egovernment.moa.id.auth.modules.federatedauth.tasks.ReceiveAuthnResponseTask" + scope="prototype"/> + +</beans>
\ No newline at end of file diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index 94e1f7a3b..77d63c35c 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -27,8 +27,7 @@ <module>moa-id-module-eIDAS</module> <!-- <module>moa-id-module-pvp2</module> --> <module>moa-id-modules-federated_authentication</module> - - <module>moa-id-module-ssoTransfer</module> + <module>moa-id-module-elga_mandate_service</module> </modules> <dependencies> @@ -28,6 +28,8 @@ <moa-spss-version>2.0.5-RC1</moa-spss-version> <configtool-version>2.2.0-OPB-Snapshot</configtool-version> <demo-oa-version>2.0.5</demo-oa-version> + + <moa-id-module-elga_mandate_client>1.0.0-Snapshot</moa-id-module-elga_mandate_client> <!-- Library Versions --> <org.springframework.version>4.2.4.RELEASE</org.springframework.version> @@ -480,12 +482,18 @@ <artifactId>moa-id-module-pvp2</artifactId> <version>${moa-id-version}</version> </dependency> - <dependency> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-modules-federated_authentication</artifactId> <version>${moa-id-version}</version> </dependency> + + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-elga_mandate_service</artifactId> + <version>${moa-id-module-elga_mandate_client}</version> + </dependency> + <dependency> |