diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config')
7 files changed, 739 insertions, 6 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index c719484fa..13e7cb0f1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -24,12 +24,13 @@ package at.gv.egovernment.moa.id.config; -import iaik.ixsil.util.Utils; import iaik.pki.pathvalidation.ChainingModes; import iaik.utils.RFC2253NameParser; import iaik.utils.RFC2253NameParserException; import java.math.BigInteger; +import java.net.MalformedURLException; +import java.net.URL; import java.security.Principal; import java.util.ArrayList; import java.util.HashMap; @@ -39,20 +40,23 @@ import java.util.List; import java.util.Map; import java.util.Vector; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.ws.message.encoder.MessageEncodingException; import org.w3c.dom.Attr; import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; import org.w3c.dom.traversal.NodeIterator; -import com.sun.xml.internal.fastinfoset.stax.events.Util; - import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.Schema; import at.gv.egovernment.moa.id.auth.data.SchemaImpl; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter; import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; +import at.gv.egovernment.moa.id.config.stork.CPEPS; +import at.gv.egovernment.moa.id.config.stork.SignatureCreationParameter; +import at.gv.egovernment.moa.id.config.stork.SignatureVerificationParameter; import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; @@ -63,6 +67,12 @@ import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathException; import at.gv.egovernment.moa.util.XPathUtils; +import eu.stork.vidp.messages.builder.STORKMessagesBuilder; +import eu.stork.vidp.messages.common.STORKConstants; +import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; +import eu.stork.vidp.messages.stork.RequestedAttributes; +import eu.stork.vidp.messages.util.SAMLUtil; +import eu.stork.vidp.messages.util.XMLUtil; /** * A class that builds configuration data from a DOM based representation. @@ -80,6 +90,12 @@ public class ConfigurationBuilder { protected static final String CONF = Constants.MOA_ID_CONFIG_PREFIX + ":"; /** an XPATH-Expression */ protected static final String DSIG = Constants.DSIG_PREFIX + ":"; + + /** an XPATH-Expression */ + protected static final String STORK = Constants.STORK_PREFIX + ":"; + + /** an XPATH-Expression */ + protected static final String STORKP= Constants.STORKP_PREFIX + ":"; // // chaining mode constants appearing in the configuration file @@ -220,8 +236,58 @@ public class ConfigurationBuilder { protected static final String VERIFY_INFOBOXES_INFOBOX_XPATH = CONF + "Infobox"; + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_CPEPS = + ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities/" + CONF + "STORK/" + CONF + "C-PEPS"; + + /** STORK Config AttributeName */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_COUNTRY_CODE = "countryCode"; + + /** STORK Config AttributeName */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_URL = "URL"; + + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_CREATION_PARAMETER = + ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities/" + CONF + "STORK/" + CONF + "SAMLSigningParameter/" + + CONF + "SignatureCreationParameter" ; + + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_REQUESTED_ATTRIBUTES = + STORK + "RequestedAttribute"; + + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_VERIFICATION_PARAMETER = + ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities/" + CONF + "STORK/" + CONF + "SAMLSigningParameter/" + + CONF + "SignatureVerificationParameter"; + + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_KEYSTORE = + CONF + "KeyStore"; + + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_KEYNAME = + CONF + "KeyName"; + + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_KEYSTORE_PASSWORD = + CONF + "KeyStore/@password"; + + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_KEYNAME_PASSWORD = + CONF + "KeyName/@password"; + + /** STORK Config XPATH-Expression */ + public static final String AUTH_FOREIGN_IDENTITIES_STORK_TRUSTPROFILE_ID = + CONF + "TrustProfileID"; + /** STORK Config XPATH-Expression */ + public static final String OA_AUTH_COMPONENT_STORK_QAA = + CONF + "STORK/" + STORK + "QualityAuthenticationAssuranceLevel"; + /** STORK Config XPATH-Expression */ + public static final String OA_AUTH_COMPONENT_STORK_REQUESTED_ATTRIBUTE = + CONF + "STORK/" + STORKP + "RequestedAttributes/" + STORK + "RequestedAttribute"; + /** * main configuration file directory name used to configure MOA-ID */ @@ -615,6 +681,32 @@ public class ConfigurationBuilder { oap.setMandateProfiles(profiles); } } + + //add STORK Configuration specific to OA (RequestedAttributes, QAALevel) + QualityAuthenticationAssuranceLevel qaaLevel = buildOaSTORKQAALevel(authComponent); + if (qaaLevel != null) { + oap.setQaaLevel(qaaLevel); + Logger.debug("Using non-MOA-default STORK QAALevel for this OA " + "(" + oap.getPublicURLPrefix() + "): " + qaaLevel.getValue()); + } + + RequestedAttributes additionalRequestedAttributes = buildOaSTORKRequestedAttributes(authComponent); + + if(!additionalRequestedAttributes.getRequestedAttributes().isEmpty()) { + //we have additional STORK attributes to request for this OA + Logger.debug("Using non-MOA-default STORK RequestedAttributes for this OA " + "(" + oap.getPublicURLPrefix() + "): "); + for (RequestedAttribute addReqAttr : additionalRequestedAttributes.getRequestedAttributes()) { + if (!SAMLUtil.containsAttribute(oap.getRequestedAttributes().getRequestedAttributes(),addReqAttr.getName())) { + addReqAttr.detach(); + oap.getRequestedAttributes().getRequestedAttributes().add(addReqAttr); + Logger.debug("Requesting additional attribute: " + addReqAttr.getName() + ", isRequired: " + addReqAttr.isRequired()); + } + } + + } else { + //do nothing, only request default attributes + } + + } OA_set.add(oap); } @@ -633,7 +725,7 @@ public class ConfigurationBuilder { */ private int buildConditionLength(String length) { - if (Util.isEmptyString(length)) + if (StringUtils.isEmpty(length)) return -1; else return new Integer(length).intValue(); @@ -1035,6 +1127,228 @@ public class ConfigurationBuilder { return new VerifyInfoboxParameters(defaultIdentifiers, infoboxParameters); } } + + /** + * Creates a SignatureCreationParameter object from the MOA-ID configuration + * This configuration object contains KeyStore and Key data for signature creation (STORK SAML Signature Creation). + * + * @return KeyStore and Key data for signature creation (STORK SAML Signature Creation) + */ + public SignatureCreationParameter buildSTORKSignatureCreationParameter() { + + Logger.debug("Loading STORK signature creation parameters."); + + Element signatureCreationParameterElement = (Element)XPathUtils.selectSingleNode(configElem_, AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_CREATION_PARAMETER); + if (signatureCreationParameterElement == null) { + Logger.debug("No STORK signature parameters found, " + AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_CREATION_PARAMETER + "is missing."); + return null; + } + + SignatureCreationParameter signatureCreationParameter = new SignatureCreationParameter(); + + Element keyStoreElement = (Element)XPathUtils.selectSingleNode(signatureCreationParameterElement, AUTH_FOREIGN_IDENTITIES_STORK_KEYSTORE); + if (keyStoreElement==null) { + Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_KEYSTORE + "is missing."); + return null; + } + + Element keyNameElement = (Element)XPathUtils.selectSingleNode(signatureCreationParameterElement, AUTH_FOREIGN_IDENTITIES_STORK_KEYNAME); + if (keyNameElement==null) { + Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_KEYNAME + "is missing."); + return null; + } + + String keyStorePath = DOMUtils.getText(keyStoreElement); + if (StringUtils.isEmpty(keyStorePath)) { + Logger.error("No KeyStorePath for STORK SAML Signing Certificate provided!"); + return null; + } + signatureCreationParameter.setKeyStorePath(FileUtils.makeAbsoluteURL(keyStorePath, rootConfigFileDir_)); + Logger.trace("Found KeyStorePath for STORK SAML Signing Certificate: " + keyStorePath); + + String keyStorePassword = XPathUtils.getAttributeValue(signatureCreationParameterElement, AUTH_FOREIGN_IDENTITIES_STORK_KEYSTORE_PASSWORD, ""); + signatureCreationParameter.setKeyStorePassword(keyStorePassword); + + String keyName = DOMUtils.getText(keyNameElement); + if (StringUtils.isEmpty(keyName)) { + Logger.warn(AUTH_FOREIGN_IDENTITIES_STORK_KEYSTORE_PASSWORD + "is missing."); + return null; + } + signatureCreationParameter.setKeyName(keyName); + Logger.trace("Found KeyName for STORK SAML Signing Certificate: " + keyName); + + String keyPassword = XPathUtils.getAttributeValue(signatureCreationParameterElement, AUTH_FOREIGN_IDENTITIES_STORK_KEYNAME_PASSWORD, ""); + signatureCreationParameter.setKeyPassword(keyPassword); + + Logger.info("STORK signature creation parameters loaded."); + + return signatureCreationParameter; + + } + + /** + * Creates a SignatureVerificationParameter object from the MOA-ID configuration + * This configuration object contains the TrustProfile to be used for signature verification (STORK SAML Signature Verification) + * + * @return TrustProfileID for signature verification (STORK SAML Signature Verification) + */ + public SignatureVerificationParameter buildSTORKSignatureVerificationParameter() { + + Logger.debug("Loading STORK signature verification parameters."); + + Element signatureVerificationParameterElement = (Element)XPathUtils.selectSingleNode(configElem_, AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_VERIFICATION_PARAMETER); + if (signatureVerificationParameterElement == null) { + Logger.debug("No STORK verification parameters found, " +AUTH_FOREIGN_IDENTITIES_STORK_SIGNATURE_VERIFICATION_PARAMETER + "is missing."); + return null; + } + + SignatureVerificationParameter signatureVerificationParameter = new SignatureVerificationParameter(); + + String trustProfileID = XPathUtils.getElementValue(signatureVerificationParameterElement, AUTH_FOREIGN_IDENTITIES_STORK_TRUSTPROFILE_ID, null); + if (StringUtils.isEmpty(trustProfileID)) { + Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_TRUSTPROFILE_ID + "is missing."); + return null; + } + Logger.trace("Using the following MOA-SP TrustProfile for STORK SAML signature verification: " + trustProfileID); + signatureVerificationParameter.setTrustProfileID(trustProfileID); + + Logger.info("STORK signature verification parameters loaded."); + + return signatureVerificationParameter; + } + + /** + * Builds a C-PEPS object from configuration + * @param cpepsElement DOM Element of C-PEPS from configuration + * @return C-PEPS object + */ + public CPEPS buildSTORKCpeps(Element cpepsElement) { + + String countryCode = cpepsElement.getAttribute(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_COUNTRY_CODE); + String cpepsURLString = cpepsElement.getAttribute(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_URL); + if (StringUtils.isEmpty(countryCode)) { + Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_COUNTRY_CODE + "is missing."); + return null; + } + if (StringUtils.isEmpty(cpepsURLString)) { + Logger.error(AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_URL + "is missing."); + return null; + } + + URL cpepsURL; + try { + cpepsURL = new URL(cpepsURLString); + } catch (MalformedURLException e) { + Logger.error("Provided CPEPS-URL (" + cpepsURLString + ") for country " + countryCode + " is not a URL", e); + return null; + } + CPEPS cpeps = new CPEPS(countryCode, cpepsURL); + Logger.debug("Adding C-PEPS for country: " + cpeps.getCountryCode() + ", URL: " + cpeps.getPepsURL()); + + Element reqAttributeElement; + NodeIterator reqAttributeIterator = XPathUtils.selectNodeIterator(cpepsElement, AUTH_FOREIGN_IDENTITIES_STORK_CPEPS_REQUESTED_ATTRIBUTES); + + while ((reqAttributeElement = (Element) reqAttributeIterator.nextNode()) != null) { + RequestedAttribute requestedAttribute; + try { + requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(reqAttributeElement); + } catch (MessageEncodingException e) { + Logger.error("Provided RequestedAttributes for CPEPS from country " + countryCode + " is malformed.", e); + return null; + } + //only add if STORK attribute is correct + if (STORKConstants.FULL_STORK_ATTRIBUTE_SET.contains(requestedAttribute.getName())) { + cpeps.addCountrySpecificRequestedAttribute(requestedAttribute); + Logger.debug("Adding also country specific requested attribute for C-PEPS (" + countryCode + "): " + requestedAttribute.getName() + ", isRequired: " + requestedAttribute.isRequired()); + } else { + Logger.warn("Skipping addition of requested STORK Attribute, attribute unknown : " + requestedAttribute.getName()); + } + + } + + return cpeps; + } + + /** + * Builds the supported C-PEPS Map from configuration + * @return Map of C-PEPS + */ + public Map<String, CPEPS> buildSTORKcPEPSMap() { + + Logger.debug("Loading STORK C-PEPS information"); + + Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>(); + + NodeIterator cpepsIterator = XPathUtils.selectNodeIterator(configElem_, AUTH_FOREIGN_IDENTITIES_STORK_CPEPS); + + Element cpepsElement; + CPEPS cpeps; + + while ((cpepsElement = (Element) cpepsIterator.nextNode()) != null) { + cpeps = buildSTORKCpeps(cpepsElement); + if (cpeps != null) { + cpepsMap.put(cpeps.getCountryCode(), cpeps); + } + } + + if(!cpepsMap.isEmpty()) { + Logger.info("STORK C-PEPS information loaded"); + } + + return cpepsMap; + + } + + /** + * Builds the required STORK QAALevel for this OA + * @param authComponentElement DOM Element of AuthComponent (from MOA configuration) + * @return STORK QAALevel for this OA + */ + public QualityAuthenticationAssuranceLevel buildOaSTORKQAALevel(Element authComponentElement) { + Element qaaLevelElement = (Element)XPathUtils.selectSingleNode(authComponentElement, OA_AUTH_COMPONENT_STORK_QAA); + + if (qaaLevelElement == null) return null; + + try { + QualityAuthenticationAssuranceLevel qaaLevel = (QualityAuthenticationAssuranceLevel) SAMLUtil.unmarshallMessage(qaaLevelElement); + return qaaLevel; + } catch (MessageEncodingException e) { + Logger.error("Could not build STORK QAALevel, using default."); + return null; + } + + } + + /** + * Builds the Requested Attributes specific for an OA + * @param authComponentElement DOM Element of AuthComponent (from MOA configuration) + * @return STORK RequestedAttributes for this OA + */ + public RequestedAttributes buildOaSTORKRequestedAttributes(Element authComponentElement) { + List<RequestedAttribute> reqAttributeList = new ArrayList<RequestedAttribute>(); + + + Element reqAttributeElement; + NodeIterator reqAttributeIterator = XPathUtils.selectNodeIterator(authComponentElement, OA_AUTH_COMPONENT_STORK_REQUESTED_ATTRIBUTE); + + while ((reqAttributeElement = (Element) reqAttributeIterator.nextNode()) != null) { + RequestedAttribute requestedAttribute; + try { + requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(reqAttributeElement); + } catch (MessageEncodingException e) { + Logger.error("Provided RequestedAttributes Online Application is malformed.", e); + return null; + } + //only add if STORK attribute is correct + if (STORKConstants.FULL_STORK_ATTRIBUTE_SET.contains(requestedAttribute.getName())) { + reqAttributeList.add(requestedAttribute); + } else { + Logger.warn("Skipping addition of requested STORK Attribute, attribute unknown : " + requestedAttribute.getName()); + } + } + + return STORKMessagesBuilder.buildRequestedAttributes(reqAttributeList); + } /** * Method warn. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 04b92f209..b6ffb0c59 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -35,13 +35,17 @@ import java.util.List; import org.w3c.dom.Element; import org.w3c.dom.Node; +import eu.stork.vidp.messages.common.STORKBootstrap; + import at.gv.egovernment.moa.id.config.ConfigurationBuilder; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathUtils; /** @@ -183,6 +187,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider { */ private List trustedBKUs; + /** + * Holds general information for STORK (e.g. C-PEPS connection parameter, SAML signing parameters, etc.) + */ + private STORKConfig storkConfig; + /** * Return the single instance of configuration data. * @@ -263,7 +272,12 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } catch (MalformedURLException t) { throw new ConfigurationException("config.03", null, t); } - + + //Initialize OpenSAML for STORK + Logger.trace("Starting initialization of OpenSAML..."); + STORKBootstrap.bootstrap(); + Logger.debug("OpenSAML successfully initialized"); + // build the internal datastructures builder = new ConfigurationBuilder(configElem, rootConfigFileDir); bKUConnectionParameter = builder.buildAuthBKUConnectionParameter(); @@ -293,6 +307,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { trustedCACertificates = builder.getTrustedCACertificates(); trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); trustedBKUs = builder.getTrustedBKUs(); + storkConfig = new STORKConfig(builder.buildSTORKSignatureCreationParameter(),builder.buildSTORKSignatureVerificationParameter(), builder.buildSTORKcPEPSMap()); } catch (Throwable t) { throw new ConfigurationException("config.02", null, t); @@ -370,6 +385,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } return null; } + /** * Return a string with a url-reference to the VerifyAuthBlock trust @@ -484,4 +500,14 @@ public class AuthConfigurationProvider extends ConfigurationProvider { return defaultVerifyInfoboxParameters; } + /** + * Retruns the STORK Configuration + * @return STORK Configuration + */ + public STORKConfig getStorkConfig() { + return storkConfig; + } + + + }
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 2959d9208..091a01bf7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -24,7 +24,15 @@ package at.gv.egovernment.moa.id.config.auth; +import java.util.ArrayList; + +import org.opensaml.saml2.metadata.RequestedAttribute; + import at.gv.egovernment.moa.id.config.OAParameter; +import eu.stork.vidp.messages.builder.STORKMessagesBuilder; +import eu.stork.vidp.messages.common.STORKConstants; +import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; +import eu.stork.vidp.messages.stork.RequestedAttributes; /** * Configuration parameters belonging to an online application, @@ -117,12 +125,28 @@ public class OAAuthParameter extends OAParameter { private String mandateProfiles; /** - * BZ + * * Type for authentication number (e.g. Firmenbuchnummer) */ private String identityLinkDomainIdentifierType; /** + * STORK QAA Level, Default = 4 + */ + private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4); + + /** + * STORK RequestedAttributes for Online Application + * Default RequestedAttributes are: eIdentifier, givenName, surname, dateOfBirth + */ + private RequestedAttributes requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes( + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, true, null), + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null), + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null), + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null)); + + +/** * Returns <code>true</code> if the Security Layer version is version 1.2, * otherwise <code>false</code>. * @return <code>true</code> if the Security Layer version is version 1.2, @@ -441,4 +465,38 @@ public class OAAuthParameter extends OAParameter { return this.mandateProfiles; } + /** + * Returns the defined STORK QAALevel + * @return STORK QAALevel + */ + public QualityAuthenticationAssuranceLevel getQaaLevel() { + return qaaLevel; + } + + /** + * Sets the STORK QAALevel + * @param qaaLevel + */ + public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) { + this.qaaLevel = qaaLevel; + } + + /** + * Returns the desired STORK Requested Attributes + * @return STORK Requested Attributes + */ + public RequestedAttributes getRequestedAttributes() { + return requestedAttributes; + } + + /** + * Sets the desired STORK Requested Attributes + * @param requestedAttributes + */ + public void setRequestedAttributes(RequestedAttributes requestedAttributes) { + this.requestedAttributes = requestedAttributes; + } + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java new file mode 100644 index 000000000..a5b160454 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java @@ -0,0 +1,98 @@ +/**
+ *
+ */
+package at.gv.egovernment.moa.id.config.stork;
+
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+
+/**
+ * Encpasulates C-PEPS information according MOA configuration
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class CPEPS {
+
+ /** Country Code of C-PEPS */
+ private String countryCode;
+
+ /** URL of C-PEPS */
+ private URL pepsURL;
+
+ /** Specific attributes to be requested for this C-PEPS */
+ private List<RequestedAttribute> countrySpecificRequestedAttributes = new ArrayList<RequestedAttribute>();
+
+ /**
+ * Constructs a C-PEPS
+ * @param countryCode ISO Country Code of C-PEPS
+ * @param pepsURL URL of C-PEPS
+ */
+ public CPEPS(String countryCode, URL pepsURL) {
+ super();
+ this.countryCode = countryCode;
+ this.pepsURL = pepsURL;
+ }
+
+ /**
+ * Gets the country code of this C-PEPS
+ * @return ISO country code
+ */
+ public String getCountryCode() {
+ return countryCode;
+ }
+
+ /**
+ * Sets the country code of this C-PEPS
+ * @param countryCode ISO country code
+ */
+ public void setCountryCode(String countryCode) {
+ this.countryCode = countryCode;
+ }
+
+ /**
+ * Gets the URL of this C-PEPS
+ * @return C-PEPS URL
+ */
+ public URL getPepsURL() {
+ return pepsURL;
+ }
+
+ /**
+ * Sets the C-PEPS URL
+ * @param pepsURL C-PEPS URL
+ */
+ public void setPepsURL(URL pepsURL) {
+ this.pepsURL = pepsURL;
+ }
+
+ /**
+ * Gets the country specific attributes of this C-PEPS
+ * @return List of country specific attributes
+ */
+ public List<RequestedAttribute> getCountrySpecificRequestedAttributes() {
+ return countrySpecificRequestedAttributes;
+ }
+
+ /**
+ * Sets the country specific attributes
+ * @param countrySpecificRequestedAttributes List of country specific requested attributes
+ */
+ public void setCountrySpecificRequestedAttributes(
+ List<RequestedAttribute> countrySpecificRequestedAttributes) {
+ this.countrySpecificRequestedAttributes = countrySpecificRequestedAttributes;
+ }
+
+ /**
+ * Adds a Requested attribute to the country specific attribute List
+ * @param countrySpecificRequestedAttribute Additional country specific requested attribute to add
+ */
+ public void addCountrySpecificRequestedAttribute(RequestedAttribute countrySpecificRequestedAttribute) {
+ this.countrySpecificRequestedAttributes.add(countrySpecificRequestedAttribute);
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java new file mode 100644 index 000000000..485a44421 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -0,0 +1,90 @@ +/**
+ *
+ */
+package at.gv.egovernment.moa.id.config.stork;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.util.StringUtils;
+
+/**
+ * Encapsulates several STORK configuration parameters according MOA configuration
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class STORKConfig {
+
+ /** STORK SAML signature creation parameters */
+ private SignatureCreationParameter signatureCreationParameter;
+
+ /** STORK SAML signature verification parameters */
+ private SignatureVerificationParameter signatureVerificationParameter;
+
+ /** Map of supported C-PEPSs */
+ private Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>();
+
+
+ /**
+ * Constructs a STORK Config object
+ * @param signatureCreationParameter STORK SAML Signature creation parameters
+ * @param signatureVerificationParameter STORK SAML Signature verification parameters
+ * @param cpepsMap Map of supported C-PEPS
+ */
+ public STORKConfig(SignatureCreationParameter signatureCreationParameter,
+ SignatureVerificationParameter signatureVerificationParameter,
+ Map<String, CPEPS> cpepsMap) {
+ super();
+ this.signatureCreationParameter = signatureCreationParameter;
+ this.signatureVerificationParameter = signatureVerificationParameter;
+ this.cpepsMap = cpepsMap;
+ }
+
+ public SignatureCreationParameter getSignatureCreationParameter() {
+ return signatureCreationParameter;
+ }
+
+ public void setSignatureCreationParameter(
+ SignatureCreationParameter signatureCreationParameter) {
+ this.signatureCreationParameter = signatureCreationParameter;
+ }
+
+ public SignatureVerificationParameter getSignatureVerificationParameter() {
+ return signatureVerificationParameter;
+ }
+
+ public void setSignatureVerificationParameter(
+ SignatureVerificationParameter signatureVerificationParameter) {
+ this.signatureVerificationParameter = signatureVerificationParameter;
+ }
+
+ public Map<String, CPEPS> getCpepsMap() {
+ return cpepsMap;
+ }
+
+ public void setCpepsMap(Map<String, CPEPS> cpepsMap) {
+ this.cpepsMap = cpepsMap;
+ }
+
+ public boolean isSTORKAuthentication(String ccc) {
+
+ if (StringUtils.isEmpty(ccc) || this.cpepsMap.isEmpty())
+ return false;
+
+ if (this.cpepsMap.containsKey(ccc.toUpperCase()))
+ return true;
+ else
+ return false;
+
+ }
+
+ public CPEPS getCPEPS(String ccc) {
+ if (isSTORKAuthentication(ccc))
+ return this.cpepsMap.get(ccc);
+ else
+ return null;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java new file mode 100644 index 000000000..1f66b7752 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java @@ -0,0 +1,112 @@ +/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.id.config.stork;
+
+/**
+ * Encapsulates signature creation parameters according MOA configuration
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class SignatureCreationParameter {
+
+ /** KeyStore Path */
+ private String keyStorePath;
+
+ /** KeyStore Password */
+ private String keyStorePassword;
+
+ /** Signing Key Name */
+ private String keyName;
+
+ /** Signing Key Password */
+ private String keyPassword;
+
+ /**
+ * Gets the KeyStore Path
+ * @return File Path to KeyStore
+ */
+ public String getKeyStorePath() {
+ return keyStorePath;
+ }
+
+ /**
+ * Sets the KeyStore Path
+ * @param keyStorePath Path to KeyStore
+ */
+ public void setKeyStorePath(String keyStorePath) {
+ this.keyStorePath = keyStorePath;
+ }
+
+ /**
+ * Gets the KeyStore Password
+ * @return Password to KeyStore
+ */
+ public String getKeyStorePassword() {
+ return keyStorePassword;
+ }
+
+ /**
+ * Sets the KeyStore Password
+ * @param keyStorePassword Password to KeyStore
+ */
+ public void setKeyStorePassword(String keyStorePassword) {
+ this.keyStorePassword = keyStorePassword;
+ }
+
+ /**
+ * Gets the Signing Key Name
+ * @return Siging Key Name
+ */
+ public String getKeyName() {
+ return keyName;
+ }
+
+ /**
+ * Sets the Signing Key Name
+ * @param keyName Signing Key Name
+ */
+ public void setKeyName(String keyName) {
+ this.keyName = keyName;
+ }
+
+ /**
+ * Gets the Signing Key Password
+ * @return Signing Key Password
+ */
+ public String getKeyPassword() {
+ return keyPassword;
+ }
+
+ /**
+ * Sets the Signing Key Password
+ * @param keyPassword Signing Key Password
+ */
+ public void setKeyPassword(String keyPassword) {
+ this.keyPassword = keyPassword;
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java new file mode 100644 index 000000000..2d8402e4d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java @@ -0,0 +1,35 @@ +/**
+ *
+ */
+package at.gv.egovernment.moa.id.config.stork;
+
+/**
+ * Encapsulates Signature Verification data for STORK according MOA configuration
+ *
+ * @author bzwattendorfer
+ *
+ */
+public class SignatureVerificationParameter {
+
+ /** ID of the MOA-SP TrustProfile to be used for STORK SAML signature verification */
+ private String trustProfileID;
+
+ /**
+ * Gets the MOA-SP TrustProfileID
+ * @return TrustProfileID of MOA-SP for STORK signature verification
+ */
+ public String getTrustProfileID() {
+ return trustProfileID;
+ }
+
+ /**
+ * Sets the MOA-SP TrustProfileID
+ * @param trustProfileID TrustProfileID of MOA-SP for STORK signature verification
+ */
+ public void setTrustProfileID(String trustProfileID) {
+ this.trustProfileID = trustProfileID;
+ }
+
+
+
+}
|