aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java55
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java61
-rw-r--r--id/ConfigWebTool/src/main/resources/applicationResources_de.properties8
-rw-r--r--id/ConfigWebTool/src/main/resources/applicationResources_en.properties8
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp21
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java76
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java4
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java1
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java3
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java24
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java3
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java38
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java26
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java5
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java43
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java37
16 files changed, 366 insertions, 47 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
index ad99f5d22..2f51e68b4 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
@@ -85,6 +85,11 @@ public class OAAuthenticationData implements IOnlineApplicationData {
private boolean useTestIDLValidationTrustStore = false;
private boolean useTestAuthblockValidationTrustStore = false;
+
+ //SL2.0
+ private boolean sl20Active = false;
+ private String sl20EndPoints = null;
+
/**
*
*/
@@ -253,6 +258,29 @@ public class OAAuthenticationData implements IOnlineApplicationData {
useTestIDLValidationTrustStore = oaauth.getTestCredentials().isUseTestIDLTrustStore();
}
+ //parse SL2.0 information
+ if (oaauth.isSl20Active()) {
+ //parse SL2.0 endpoint information
+ if (oaauth.getSl20EndPoints() != null) {
+ if (KeyValueUtils.isCSVValueString(oaauth.getSl20EndPoints()))
+ sl20EndPoints = KeyValueUtils.normalizeCSVValueString(oaauth.getSl20EndPoints());
+
+ else {
+ if (oaauth.getSl20EndPoints().contains(KeyValueUtils.CSV_DELIMITER)) {
+ //remove trailing comma if exist
+ sl20EndPoints = oaauth.getSl20EndPoints().substring(0,
+ oaauth.getSl20EndPoints().indexOf(KeyValueUtils.CSV_DELIMITER));
+
+ } else
+ sl20EndPoints = oaauth.getSl20EndPoints();
+
+ }
+ }
+ sl20Active = oaauth.isSl20Active();
+
+ }
+
+
return null;
}
@@ -392,7 +420,10 @@ public class OAAuthenticationData implements IOnlineApplicationData {
testing.setUseTestIDLTrustStore(useTestIDLValidationTrustStore);
-
+ //store SL2.0 information
+ authoa.setSl20Active(isSl20Active());
+ authoa.setSl20EndPoints(getSl20EndPoints());
+
return null;
}
@@ -768,6 +799,28 @@ public class OAAuthenticationData implements IOnlineApplicationData {
public List<String> getSzrgwServicesList() {
return szrgwServicesList;
}
+
+
+ public boolean isSl20Active() {
+ return sl20Active;
+ }
+
+ public void setSl20Active(boolean sl20Active) {
+ this.sl20Active = sl20Active;
+ }
+
+ public String getSl20EndPoints() {
+ return sl20EndPoints;
+ }
+
+ public void setSl20EndPoints(String sl20EndPoints) {
+ if (MiscUtil.isNotEmpty(sl20EndPoints))
+ this.sl20EndPoints =
+ KeyValueUtils.removeAllNewlineFromString(sl20EndPoints);
+ else
+ this.sl20EndPoints = sl20EndPoints;
+ }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
index a758088b1..32ef4a6cc 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
@@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
@@ -187,7 +188,65 @@ public class OAAuthenticationDataValidation {
}
-
+
+ if (form.isSl20Active()) {
+ if (MiscUtil.isNotEmpty(form.getSl20EndPoints())) {
+ log.debug("Validate SL2.0 configuration ... ");
+ List<String> sl20Endpoints = KeyValueUtils.getListOfCSVValues(form.getSl20EndPoints());
+ if (sl20Endpoints.size() == 1) {
+ String value = sl20Endpoints.get(0);
+
+ if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) &&
+ value.contains(KeyValueUtils.KEYVVALUEDELIMITER)) {
+ log.warn("SL2.0 endpoint '" + value + "' has wrong format");
+ errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong",
+ new Object[] {value}, request ));
+
+ } else if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) &&
+ !value.contains(KeyValueUtils.KEYVVALUEDELIMITER) ) {
+ log.info("Find one SL2.0 endpoint without 'default='. Start update ... ");
+ form.setSl20EndPoints(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER + value);
+
+ }
+
+ } else {
+ boolean findDefault = false;
+ for (String el : sl20Endpoints) {
+ if (!el.contains(KeyValueUtils.KEYVVALUEDELIMITER)) {
+ log.warn("SL2.0 endpoint '" + el + "' has wrong format");
+ errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong",
+ new Object[] {el}, request ));
+
+ } else {
+ if (el.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER)) {
+ log.debug("Find default endpoint.");
+ findDefault = true;
+
+ } else {
+ String firstPart = el.split(KeyValueUtils.KEYVVALUEDELIMITER)[0];
+ try {
+ Integer.valueOf(firstPart);
+
+ } catch (NumberFormatException e) {
+ log.warn("SL2.0 endpoint '" + el + "' has wrong format", e);
+ errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong",
+ new Object[] {el}, request ));
+
+ }
+ }
+ }
+ }
+
+ if (!findDefault) {
+ log.warn("SL2.0 endpoints contains NO default endpoint");
+ errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.default",
+ new Object[] {}, request ));
+
+ }
+ }
+ }
+ }
+
return errors;
}
}
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
index 2006625ff..047d4b200 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
@@ -562,3 +562,11 @@ validation.general.form.appletredirecttarget=Der RedirectTarget beinhaltet einen
validation.general.form.fonttype=Der BKU-Auswahl Schrifttyp enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
validation.general.form.applet.width=Die Appleth\u00F6he ist keine g\\u00FCltige Zahl.
validation.general.form.applet.height=Die Appletbreite ist keine g\\u00FCltige Zahl.
+
+
+###new
+webpages.oaconfig.general.sl20.header=Security Layer für mobile Authententifizierung
+webpages.oaconfig.general.sl20.enable=SL2.0 aktivieren
+webpages.oaconfig.general.sl20.endpoints=VDA Endpunkt URLs
+validation.general.sl20.endpoints.default=SL2.0 Endpunkt beinhaltet keinen 'default' Endpunkt.
+validation.general.sl20.endpoints.wrong=SL2.0 Endpunkt ist ung\\u00FCltig formatiert {0}.
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
index 694294df7..43fa0f3ae 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
@@ -559,3 +559,11 @@ validation.general.form.appletredirecttarget=RedirectTarget contains invalud val
validation.general.form.fonttype=Font type for CCE selection contains forbidden characters. The following characters are not allowed\: {0}
validation.general.form.applet.width=The height of applet is invalid number.
validation.general.form.applet.height=The width of applet is invalid number.
+
+
+###new
+webpages.oaconfig.general.sl20.header=Security Layer for mobile Authentication
+webpages.oaconfig.general.sl20.enable=Activate SL2.0
+webpages.oaconfig.general.sl20.endpoints=VDA endPoint URLs
+validation.general.sl20.endpoints.default=SL2.0 endpoint contains NO 'default'.
+validation.general.sl20.endpoints.wrong=SL2.0 endpoint {0} is not valid. \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp
index 59661091b..d2668e264 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp
@@ -68,6 +68,27 @@
</s:if>
<div class="oa_config_block">
+ <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.sl20.header", request) %></h3>
+ <s:checkbox name="authOA.sl20Active"
+ value="%{authOA.sl20Active}"
+ labelposition="left"
+ key="webpages.oaconfig.general.sl20.enable"
+ cssClass="checkbox">
+ </s:checkbox>
+
+ <s:textarea name="authOA.sl20EndPoints"
+ value="%{authOA.sl20EndPoints}"
+ labelposition="left"
+ key="webpages.oaconfig.general.sl20.endpoints"
+ cssClass="textfield_long"
+ rows="3"
+ requiredLabel="true"
+ style="height:120px;">
+ </s:textarea>
+ </div>
+
+
+ <div class="oa_config_block">
<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.testing.header", request) %></h3>
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
index 25855dcb6..956d07c44 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
@@ -279,6 +279,82 @@ public class ServicesAuthenticationInformationTask extends AbstractTaskValidator
LanguageHelper.getErrorString("validation.general.szrgw.url.valid", new Object[]{check})));
}
+
+
+
+
+
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS);
+ if (input.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED) != null &&
+ Boolean.valueOf(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED))) {
+ if (MiscUtil.isNotEmpty(check)) {
+ log.debug("Validate SL2.0 configuration ... ");
+ List<String> sl20Endpoints = KeyValueUtils.getListOfCSVValues(check);
+ if (sl20Endpoints.size() == 1) {
+ String value = sl20Endpoints.get(0);
+
+ if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) &&
+ value.contains(KeyValueUtils.KEYVVALUEDELIMITER)) {
+ log.warn("SL2.0 endpoint '" + value + "' has wrong format");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS,
+ "SL2.0 - EndPoint URLs",
+ LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", new Object[]{value})));
+
+ } else if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) &&
+ !value.contains(KeyValueUtils.KEYVVALUEDELIMITER) ) {
+ log.info("Find one SL2.0 endpoint without 'default='. Start updateing ... ");
+ sl20Endpoints.remove(0);
+ sl20Endpoints.add(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER + value);
+
+ }
+
+ } else {
+ boolean findDefault = false;
+ for (String el : sl20Endpoints) {
+ if (!el.contains(KeyValueUtils.KEYVVALUEDELIMITER)) {
+ log.warn("SL2.0 endpoint '" + el + "' has wrong format");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS,
+ "SL2.0 - EndPoint URLs",
+ LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", new Object[]{el})));
+
+ } else {
+ if (el.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER)) {
+ log.debug("Find default endpoint.");
+ findDefault = true;
+
+ } else {
+ String firstPart = el.split(KeyValueUtils.KEYVVALUEDELIMITER)[0];
+ try {
+ Integer.valueOf(firstPart);
+
+ } catch (NumberFormatException e) {
+ log.warn("SL2.0 endpoint '" + el + "' has wrong format", e);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS,
+ "SL2.0 - EndPoint URLs",
+ LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", new Object[]{el})));
+
+ }
+ }
+ }
+ }
+
+ if (!findDefault) {
+ log.warn("SL2.0 endpoints contains NO default endpoint");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS,
+ "SL2.0 - EndPoint URLs",
+ LanguageHelper.getErrorString("validation.general.sl20.endpoints.default", new Object[]{})));
+
+ }
+ }
+ }
+ }
+
+
+
if (!errors.isEmpty())
throw new ConfigurationTaskValidationException(errors);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index e093ce1e2..db0170e54 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -476,7 +476,9 @@ public class AuthenticationManager extends MOAIDAuthConstants {
try {
//put pending-request ID on execurtionContext
executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID());
-
+ executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_SP_CONFIG, pendingReq.getOnlineApplicationConfiguration());
+
+
// create process instance
String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext);
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
index 6f6735d48..58f930590 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
@@ -190,6 +190,7 @@ public class MOAIDAuthConstants extends MOAIDConstants{
public static final String PROCESSCONTEXT_ISLEGACYREQUEST = "isLegacyRequest";
public static final String PROCESSCONTEXT_UNIQUE_OA_IDENTFIER = "uniqueSPId";
public static final String PROCESSCONTEXT_SSL_CLIENT_CERTIFICATE = MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE;
+ public static final String PROCESSCONTEXT_SP_CONFIG = "spConfig";
//General protocol-request data-store keys
public static final String AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE = "authProces_SecurityLayerTemplate";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
index 332764edf..4e697f099 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
@@ -22,6 +22,7 @@
*/
package at.gv.egovernment.moa.id.commons.api;
+import java.io.Serializable;
import java.security.PrivateKey;
import java.util.Collection;
import java.util.List;
@@ -37,7 +38,7 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
* @author tlenz
*
*/
-public interface IOAAuthParameters {
+public interface IOAAuthParameters extends Serializable{
public static final String CONFIG_KEY_RESTRICTIONS_BASEID_INTERNAL = "configuration.restrictions.baseID.idpProcessing";
public static final String CONFIG_KEY_RESTRICTIONS_BASEID_TRANSMISSION = "configuration.restrictions.baseID.spTransmission";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
index 48d64225c..f42c1eb69 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
@@ -181,12 +181,26 @@ public class ConfigurationMigrationUtils {
else
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, StringUtils.EMPTY);
+
//convert selected SZR-GW service
if (MiscUtil.isNotEmpty(oa.getSelectedSZRGWServiceURL()))
result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL, oa.getSelectedSZRGWServiceURL());
AuthComponentOA oaauth = oa.getAuthComponentOA();
if (oaauth != null) {
+
+ //convert SL20 infos
+ if (oaauth.isSl20Active() != null)
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED, oaauth.isSl20Active().toString());
+ else
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED, Boolean.FALSE.toString());
+
+ if (MiscUtil.isNotEmpty(oaauth.getSl20EndPoints()))
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, oaauth.getSl20EndPoints());
+ else
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, StringUtils.EMPTY);
+
+
//convert business identifier
IdentificationNumber idnumber = oaauth.getIdentificationNumber();
@@ -777,6 +791,16 @@ public class ConfigurationMigrationUtils {
}
+ //set SL20 things
+ if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED)))
+ authoa.setSl20Active(Boolean.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED)));
+ else
+ authoa.setSl20Active(false);
+
+ authoa.setSl20EndPoints(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS));
+
+
+
dbOA.setSelectedSZRGWServiceURL(oa.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL));
dbOA.setMandateServiceSelectionTemplateURL(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL));
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
index 8b52e4e0c..9d5553277 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
@@ -84,6 +84,9 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants {
public static final String SERVICE_AUTH_BKU_AUTHBLOCKTEXT = AUTH + ".authblock.additionaltext";
public static final String SERVICE_AUTH_BKU_AUTHBLOCK_REMOVEBPK = AUTH + ".authblock.removebPK";
+ public static final String SERVICE_AUTH_SL20_ENABLED = AUTH + ".sl20.enabled";
+ public static final String SERVICE_AUTH_SL20_ENDPOINTS = AUTH + ".sl20.endpoints";
+
private static final String SERVICE_AUTH_TEMPLATES = AUTH + "." + TEMPLATES;
public static final String SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA = SERVICE_AUTH_TEMPLATES + ".bkuselection.data";
public static final String SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW = SERVICE_AUTH_TEMPLATES + ".bkuselection.preview";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java
index 04efb0afe..852df16e6 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java
@@ -11,23 +11,17 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
+
import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.OneToMany;
-import javax.persistence.Table;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlTransient;
import javax.xml.bind.annotation.XmlType;
+
import org.jvnet.jaxb2_commons.lang.Equals;
import org.jvnet.jaxb2_commons.lang.EqualsStrategy;
import org.jvnet.jaxb2_commons.lang.HashCode;
@@ -162,6 +156,13 @@ public class AuthComponentOA
@XmlAttribute(name = "Hjid")
protected Long hjid;
+
+ @XmlTransient
+ protected Boolean sl20Active;
+ @XmlTransient
+ protected String sl20EndPoints;
+
+
/**
* Gets the value of the bkuurls property.
*
@@ -522,11 +523,28 @@ public class AuthComponentOA
+
public Long getHjid() {
return hjid;
}
- /**
+ public Boolean isSl20Active() {
+ return sl20Active;
+ }
+
+ public void setSl20Active(Boolean sl20Active) {
+ this.sl20Active = sl20Active;
+ }
+
+ public String getSl20EndPoints() {
+ return sl20EndPoints;
+ }
+
+ public void setSl20EndPoints(String sl20EndPoints) {
+ this.sl20EndPoints = sl20EndPoints;
+ }
+
+ /**
* Sets the value of the hjid property.
*
* @param value
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
index 40ef5a23a..a206c9125 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
@@ -34,6 +34,7 @@ import java.util.Set;
import org.apache.commons.lang3.StringUtils;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
/**
@@ -44,6 +45,8 @@ public class KeyValueUtils {
public static final String KEY_DELIMITER = ".";
public static final String CSV_DELIMITER = ",";
+ public static final String KEYVVALUEDELIMITER = "=";
+ public static final String DEFAULT_VALUE = "default";
/**
* Convert Java properties into a Map<String, String>
@@ -328,6 +331,29 @@ public class KeyValueUtils {
}
/**
+ * Convert a List of String elements to a Map of Key/Value pairs
+ * <br>
+ * Every List element used as a key/value pair and the '=' sign represents the delimiter between key and value
+ *
+ * @param elements List of key/value elements
+ * @return Map of Key / Value pairs, but never null
+ */
+ public static Map<String, String> convertListToMap(List<String> elements) {
+ Map<String, String> map = new HashMap<String, String>();
+ for (String el : elements) {
+ if (el.contains(KEYVVALUEDELIMITER)) {
+ String[] split = el.split(KEYVVALUEDELIMITER);
+ map.put(split[0], split[1]);
+
+ } else
+ Logger.debug("Key/Value Mapper: '" + el + "' contains NO '='. Ignore it.");
+
+ }
+
+ return map;
+ }
+
+ /**
* This method remove all newline delimiter (\n or \r\n) from input data
*
* @param value Input String
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java
index 9fcb3aa58..f474461bf 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java
@@ -6,7 +6,8 @@ public class Constants {
public static final String HTTP_ENDPOINT_RESUME = "/sl20/resume";
public static final String CONFIG_PROP_PREFIX = "modules.sl20";
- public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT = CONFIG_PROP_PREFIX + ".vda.urls.qualeID.endpoint";
+ public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID = CONFIG_PROP_PREFIX + ".vda.urls.qualeID.endpoint.";
+ public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT = "default";
public static final String CONFIG_PROP_VDA_AUTHBLOCK_ID = CONFIG_PROP_PREFIX + ".vda.authblock.id";
public static final String CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID = CONFIG_PROP_PREFIX + ".vda.authblock.transformation.id";
public static final String CONFIG_PROP_SECURITY_KEYSTORE_PATH = CONFIG_PROP_PREFIX + ".security.keystore.path";
@@ -16,7 +17,7 @@ public class Constants {
public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS = CONFIG_PROP_PREFIX + ".security.encryption.alias";;
public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD = CONFIG_PROP_PREFIX + ".security.encryption.password";
- public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST = CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + ".";
+ public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST = CONFIG_PROP_VDA_ENDPOINT_QUALeID;
public static final String CONFIG_PROP_SP_LIST = CONFIG_PROP_PREFIX + ".sp.entityIds.";
public static final String CONFIG_PROP_DISABLE_EID_VALIDATION = CONFIG_PROP_PREFIX + ".security.eID.validation.disable";
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
index 367e7b604..2c106b52e 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
@@ -27,15 +27,18 @@ import java.util.List;
import javax.annotation.PostConstruct;
-import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import at.gv.egovernment.moa.id.auth.modules.AuthModule;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
/**
* @author tlenz
@@ -75,23 +78,43 @@ public class SL20AuthenticationModulImpl implements AuthModule {
*/
@Override
public String selectProcess(ExecutionContext context) {
+ Object spConfigObj = context.get(MOAIDAuthConstants.PROCESSCONTEXT_SP_CONFIG);
+ IOAAuthParameters spConfig = null;
+ if (spConfigObj != null && spConfigObj instanceof IOAAuthParameters)
+ spConfig = (IOAAuthParameters)spConfigObj;
+
String sl20ClientTypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase());
String sl20VDATypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase());
- if ( StringUtils.isNotBlank(sl20ClientTypeHeader)
-// && (
-// StringUtils.isNotBlank(sl20VDATypeHeader)
-// //&& VDA_TYPE_IDS.contains(sl20VDATypeHeader.trim())
-// )
- ) {
- Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "' header found");
+ if (spConfig != null &&
+ MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED)) &&
+ Boolean.valueOf(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED))) {
+ Logger.debug("SL2.0 is enabled for " + spConfig.getPublicURLPrefix());
+ Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + ": " + sl20ClientTypeHeader);
+ Logger.trace(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE + ": " + sl20VDATypeHeader);
return "SL20Authentication";
} else {
- Logger.trace("No '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "' header found");
+ Logger.trace("SL2.0 is NOT enabled for " + spConfig.getPublicURLPrefix());
return null;
- }
+ }
+
+
+// if ( StringUtils.isNotBlank(sl20ClientTypeHeader)
+//// && (
+//// StringUtils.isNotBlank(sl20VDATypeHeader)
+//// //&& VDA_TYPE_IDS.contains(sl20VDATypeHeader.trim())
+//// )
+// ) {
+// Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "' header found");
+// return "SL20Authentication";
+//
+// } else {
+// Logger.trace("No '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "' header found");
+// return null;
+//
+// }
}
/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
index b87d614c5..883ae07f2 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
@@ -39,7 +39,9 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUti
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.util.SSLUtils;
@@ -202,30 +204,22 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
}
private String extractVDAURLForSpecificOA(IOAAuthParameters oaConfig, ExecutionContext executionContext) {
+ String spSpecificVDAEndpoints = oaConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS);
+ Map<String, String> endPointMap = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
+ if (MiscUtil.isNotEmpty(spSpecificVDAEndpoints)) {
+ endPointMap.putAll(KeyValueUtils.convertListToMap(
+ KeyValueUtils.getListOfCSVValues(
+ KeyValueUtils.normalizeCSVValueString(spSpecificVDAEndpoints))));
+ Logger.debug("Find OA specific SL2.0 endpoints. Updating endPoint list ... ");
+
+ }
+
+ Logger.trace("Find #" + endPointMap.size() + " SL2.0 endpoints ... ");
- //selection based on EntityID
-// Map<String, String> listOfVDAs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
-// Map<String, String> listOfSPs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_SP_LIST);
-//
-// for (Entry<String, String> el : listOfSPs.entrySet()) {
-// List<String> spEntityIds = KeyValueUtils.getListOfCSVValues(el.getValue());
-// if (spEntityIds.contains(oaConfig.getPublicURLPrefix())) {
-// Logger.trace("Select VDA endPoint with Id: " + el.getKey());
-// if (listOfVDAs.containsKey(el.getKey()))
-// return listOfVDAs.get(el.getKey());
-//
-// else
-// Logger.info("No VDA endPoint with Id: " + el.getKey());
-//
-// } else
-// Logger.trace("SP list: " + el.getKey() + " does not contain OAIdentifier: " + oaConfig.getPublicURLPrefix());
-//
-// }
-
//selection based on request Header
String sl20VDATypeHeader = (String) executionContext.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase());
if (MiscUtil.isNotEmpty(sl20VDATypeHeader)) {
- String vdaURL = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST + sl20VDATypeHeader);
+ String vdaURL = endPointMap.get(sl20VDATypeHeader);
if (MiscUtil.isNotEmpty(vdaURL))
return vdaURL.trim();
@@ -235,7 +229,8 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
}
Logger.info("NO SP specific VDA endpoint found. Use default VDA");
- return authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT);
+ return endPointMap.getOrDefault(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT,
+ Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT);
}