diff options
3 files changed, 34 insertions, 1 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java index d1de2e96b..909b29fab 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java @@ -39,7 +39,7 @@ public class Constants { //default implementations for eIDAS SAML-engine functionality public static final String SAML_SIGNING_IMPLENTATION = "eu.eidas.auth.engine.core.impl.SignSW"; - public static final String SAML_ENCRYPTION_IMPLENTATION = "eu.eidas.auth.engine.core.impl.EncryptionSW"; + public static final String SAML_ENCRYPTION_IMPLENTATION = "at.gv.egovernment.moa.id.auth.modules.eidas.config.ModifiedEncryptionSW"; //configuration property keys public static final String CONIG_PROPS_EIDAS_PREFIX="moa.id.protocols.eIDAS"; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java new file mode 100644 index 000000000..bdd8c8e72 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java @@ -0,0 +1,29 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas.config; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.logging.Logger; +import eu.eidas.auth.engine.core.impl.EncryptionSW; + +/** + * This encryption module asks the moa configuration on whether to encrypt the response or not. In doubt, encryption is enforced. + */ +public class ModifiedEncryptionSW extends EncryptionSW { + + @Override + public boolean isEncryptionEnable(String countryCode) { + // - encrypt if so configured + try { + AuthConfiguration moaconfig = AuthConfigurationProviderFactory.getInstance(); + Boolean useEncryption = moaconfig.getStorkConfig().getCPEPS(countryCode).isXMLSignatureSupported(); + Logger.info(useEncryption ? "using encryption" : "do not use encrpytion"); + return useEncryption; + } catch(NullPointerException | ConfigurationException e) { + Logger.warn("failed to gather information about encryption for countryCode " + countryCode + " - thus, enabling encryption"); + if(Logger.isDebugEnabled()) + e.printStackTrace(); + return true; + } + } +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java index 0702c34d5..d75d4b1b9 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java @@ -118,6 +118,10 @@ public class eIDASAuthenticationRequest implements IAction { try { EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine(); + // encryption is done by the SamlEngine, i.e. by the module we provide in the config + // but we need to set the appropriate request issuer + engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer()); + // check if we have the destination available, supply it if not if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) { String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata( |