aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java107
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenericFrontChannelRedirectTask.java66
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java1221
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java702
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java72
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java56
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java154
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java83
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java62
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java68
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java37
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java11
27 files changed, 796 insertions, 1989 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 66093b851..a35b45af2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -63,10 +63,8 @@ public class MOAIDAuthInitializer {
*/
public static void initialize(GenericWebApplicationContext rootContext) throws ConfigurationException,
PKIException, IOException, GeneralSecurityException {
- Logger.setHierarchy("moa.id.auth");
- Logger.info("Default java file.encoding: "
- + System.getProperty("file.encoding"));
-
+ Logger.info("Set SystemProperty for UTF-8 file.encoding as default");
+ System.setProperty("file.encoding", "UTF-8");
//JDK bug workaround according to:
// http://jce.iaik.tugraz.at/products/03_cms/faq/index.php#JarVerifier
@@ -149,11 +147,7 @@ public class MOAIDAuthInitializer {
throw new ConfigurationException("config.10", new Object[] { e
.toString() }, e);
}
-
-
- //IAIK.addAsProvider();
- //ECCProvider.addAsProvider();
-
+
Security.insertProviderAt(IAIK.getInstance(), 0);
ECCelerate eccProvider = ECCelerate.getInstance();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 3e6308bf6..acf59cebf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -36,6 +36,7 @@ import java.util.Map.Entry;
import javax.annotation.PostConstruct;
+import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.w3c.dom.DOMException;
@@ -75,11 +76,15 @@ import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
@@ -212,6 +217,18 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
try {
//generate basic authentication data
generateBasicAuthData(authData, protocolRequest, session);
+
+ //set Austrian eID demo-mode flag
+ authData.setIseIDNewDemoMode(Boolean.parseBoolean(
+ oaParam.getConfigurationValue(
+ MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE,
+ String.valueOf(false))));
+
+ if (authData.isIseIDNewDemoMode()) {
+ Logger.info("Demo-mode for 'New Austrian eID' is active. Set 'BaseIDTransferRestrication' to true");
+ authData.setBaseIDTransferRestrication(true);
+
+ }
// #### generate MOA-ID specific authentication data ######
@@ -519,7 +536,27 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
}
//build foreign bPKs
- generateForeignbPK(authData, oaParam.foreignbPKSectorsRequested());
+ generateForeignbPK(oaParam, authData);
+
+
+ if (Boolean.parseBoolean(
+ oaParam.getConfigurationValue(
+ MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE,
+ String.valueOf(false)))) {
+ Logger.info("Demo-Mode for Austrian eID is active. Post-Processing authData according the new requirements ... ");
+
+ //build additional bPKs
+ Logger.debug("Search for additional bPKs");
+ generateAdditonalbPK(authData, oaParam.additionalbPKSectorsRequested());
+
+ Logger.debug("Clearing identitylink ... ");
+ authData.setIdentityLink(null);
+
+ Logger.debug("Clearing authBlock ... ");
+ authData.setAuthBlock(null);
+
+ Logger.info("Post-Processing for Austrian eID finished");
+ }
//####################################################################
//copy all generic authentication information, which are not processed before to authData
@@ -773,9 +810,41 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
}
- private void generateForeignbPK(MOAAuthenticationData authData, List<String> foreignSectors) {
+ private void generateForeignbPK(IOAAuthParameters oaParam, MOAAuthenticationData authData) {
+ List<String> foreignSectors = oaParam.foreignbPKSectorsRequested();
+
if (foreignSectors != null && !foreignSectors.isEmpty()) {
- Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... ");
+ Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... ");
+
+
+ String mandatorBaseId = null;
+ String mandatorBaseIdType = null;
+ boolean isMandatorBaseIdAvailable = false;
+ if (authData.isUseMandate()) {
+ try {
+ Logger.trace("Mandates are used. Extracting mandators sourceID from mandate to calculate foreign encrypted bPKs... ");
+
+ //TODO: remove this workaround in a further version!!!
+ boolean flagBak = authData.isBaseIDTransferRestrication();
+ authData.setBaseIDTransferRestrication(false);
+ mandatorBaseId = new MandateNaturalPersonSourcePinAttributeBuilder().build(
+ oaParam, authData, new SimpleStringAttributeGenerator());
+ mandatorBaseIdType = new MandateNaturalPersonSourcePinTypeAttributeBuilder().build(
+ oaParam, authData, new SimpleStringAttributeGenerator());
+ authData.setBaseIDTransferRestrication(flagBak);
+
+ isMandatorBaseIdAvailable = StringUtils.isNotEmpty(mandatorBaseId) && StringUtils.isNotEmpty(mandatorBaseIdType);
+ if (!isMandatorBaseIdAvailable)
+ Logger.debug("Can NOT extract mandators sourceId for natural persons from mandate.");
+
+ } catch (Exception e) {
+ Logger.debug("Can NOT extract mandators sourceId for natural persons from mandate. Reason: " + e.getMessage());
+ if (Logger.isTraceEnabled())
+ Logger.warn("Detail: ", e);
+
+ }
+ }
+
for (String foreignSector : foreignSectors) {
Logger.trace("Process sector: " + foreignSector + " ... ");
if (encKeyMap.containsKey(foreignSector)) {
@@ -805,9 +874,23 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
authData.getIdentificationType(),
sector);
String foreignbPK = BPKBuilder.encryptBPK(bpk.getFirst(), bpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey());
- authData.getEncbPKList().add("(" + foreignSector + "|" + foreignbPK + ")");
+
+ authData.getEncbPKList().add(Pair.newInstance(foreignbPK, foreignSector));
Logger.debug("Foreign bPK for sector: " + foreignSector + " created.");
+
+ //calculate foreign bPKs for natural-person mandates
+ if (isMandatorBaseIdAvailable) {
+ Pair<String, String> mandatorbpk = new BPKBuilder().generateAreaSpecificPersonIdentifier(
+ mandatorBaseId,
+ mandatorBaseIdType,
+ sector);
+ String foreignMandatorbPK = BPKBuilder.encryptBPK(mandatorbpk.getFirst(), mandatorbpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey());
+
+ authData.getEncMandateNaturalPersonbPKList().add(Pair.newInstance(foreignMandatorbPK, foreignSector));
+ Logger.debug("Foreign mandator bPK for sector: " + foreignSector + " created.");
+
+ }
}
} catch (Exception e) {
@@ -827,4 +910,20 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
}
+ private void generateAdditonalbPK(MOAAuthenticationData authData, List<String> additionalbPKSectorsRequested) throws EAAFBuilderException {
+ if (additionalbPKSectorsRequested != null && !additionalbPKSectorsRequested.isEmpty()) {
+ Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... ");
+ for (String sector : additionalbPKSectorsRequested) {
+ Logger.trace("Process sector: " + sector + " ... ");
+ Pair<String, String> bpk = new BPKBuilder().generateAreaSpecificPersonIdentifier(
+ authData.getIdentificationValue(),
+ authData.getIdentificationType(),
+ sector);
+
+ Logger.trace("Calculate additional bPK for sector: " + bpk.getSecond() + " with value: " + bpk.getFirst() );
+ authData.addAdditionalbPKPair(bpk);
+
+ }
+ }
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenericFrontChannelRedirectTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenericFrontChannelRedirectTask.java
new file mode 100644
index 000000000..e19d40773
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenericFrontChannelRedirectTask.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("GenericFrontChannelRedirectTask")
+public class GenericFrontChannelRedirectTask extends AbstractAuthServletTask {
+
+ @Autowired IGUIFormBuilder guiBuilder;
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+ throws TaskExecutionException {
+ try {
+ //perform redirect to itself to get out from BKU communication
+ Logger.trace("Perform generic 'http Redirect' to MOA-ID ... ");
+ performRedirectToItself(pendingReq, response, GeneralProcessEngineSignalController.ENDPOINT_GENERIC);
+
+ } catch (Exception e) {
+ Logger.info("Generic redirect to MOA-ID: General Exception. Msg:" + e.getMessage());
+ throw new TaskExecutionException(pendingReq, "MOA-ID-Auth: General Exception.", e);
+
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 0285dd75b..14a2b583b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -105,6 +105,7 @@ public class LogOutServlet {
} catch (Exception e) {
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed.");
+ Logger.warn("Requested URL is not in PublicPrefix Configuration");
return;
} finally {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index e5a8bb739..478462adb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -86,7 +86,8 @@ public class RedirectServlet {
List<String> allowedPublicUrlPrefixes = authConfig.getPublicURLPrefix();
if ((oa == null && !checkRedirectToItself(url, allowedPublicUrlPrefixes))
- || !authConfig.getPublicURLPrefix().contains(authURL)) {
+ || !authConfig.getPublicURLPrefix().contains(authURL)) {
+ Logger.warn("Requested URL " + authURL + " is not in PublicPrefix Configuration");
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid");
return;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
index 5aa3a691f..791aa51b7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
@@ -38,6 +38,7 @@ import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moaspss.logging.Logger;
/**
* @author tlenz
@@ -58,6 +59,8 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor {
String uniqueSessionIdentifier = null;
+ Logger.trace("PreProcess req. in " + UniqueSessionIdentifierInterceptor.class.getName());
+
//if SSOManager is available, search SessionIdentifier in SSO session
if (ssomanager != null) {
String ssoId = ssomanager.getSSOSessionID(request);
@@ -78,8 +81,10 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor {
}
//if NO SSOSession and no PendingRequest create new SessionIdentifier
- if (StringUtils.isEmpty(uniqueSessionIdentifier))
+ if (StringUtils.isEmpty(uniqueSessionIdentifier)) {
uniqueSessionIdentifier = Random.nextHexRandom16();
+ Logger.debug("Set new UniqueSessionIdentifier: " + uniqueSessionIdentifier);
+ }
TransactionIDUtils.setSessionId(uniqueSessionIdentifier);
request.setAttribute(EAAFConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
deleted file mode 100644
index c25751aa4..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ /dev/null
@@ -1,1221 +0,0 @@
-///*******************************************************************************
-// * Copyright 2014 Federal Chancellery Austria
-// * MOA-ID has been developed in a cooperation between BRZ, the Federal
-// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
-// *
-// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
-// * the European Commission - subsequent versions of the EUPL (the "Licence");
-// * You may not use this work except in compliance with the Licence.
-// * You may obtain a copy of the Licence at:
-// * http://www.osor.eu/eupl/
-// *
-// * Unless required by applicable law or agreed to in writing, software
-// * distributed under the Licence is distributed on an "AS IS" basis,
-// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// * See the Licence for the specific language governing permissions and
-// * limitations under the Licence.
-// *
-// * This product combines work with different licenses. See the "NOTICE" text
-// * file for details on the various modules and licenses.
-// * The "NOTICE" text file is part of the distribution. Any derivative works
-// * that you distribute must include a readable copy of the "NOTICE" text file.
-// ******************************************************************************/
-///*
-// * Copyright 2003 Federal Chancellery Austria
-// * MOA-ID has been developed in a cooperation between BRZ, the Federal
-// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
-// *
-// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
-// * the European Commission - subsequent versions of the EUPL (the "Licence");
-// * You may not use this work except in compliance with the Licence.
-// * You may obtain a copy of the Licence at:
-// * http://www.osor.eu/eupl/
-// *
-// * Unless required by applicable law or agreed to in writing, software
-// * distributed under the Licence is distributed on an "AS IS" basis,
-// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// * See the Licence for the specific language governing permissions and
-// * limitations under the Licence.
-// *
-// * This product combines work with different licenses. See the "NOTICE" text
-// * file for details on the various modules and licenses.
-// * The "NOTICE" text file is part of the distribution. Any derivative works
-// * that you distribute must include a readable copy of the "NOTICE" text file.
-// */
-//
-//
-//package at.gv.egovernment.moa.id.config.auth;
-//
-//import java.io.File;
-//import java.io.FileInputStream;
-//import java.io.FileNotFoundException;
-//import java.io.IOException;
-//import java.math.BigInteger;
-//import java.net.MalformedURLException;
-//import java.util.ArrayList;
-//import java.util.Arrays;
-//import java.util.Date;
-//import java.util.HashMap;
-//import java.util.List;
-//import java.util.Map;
-//import java.util.Properties;
-//
-//import javax.xml.bind.JAXBContext;
-//import javax.xml.bind.Unmarshaller;
-//
-//import org.hibernate.cfg.Configuration;
-//
-//import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-//import at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetMISSessionIDTask;
-//import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-//import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
-//
-//import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
-//import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.Organization;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.SSO;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink;
-//import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
-//import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
-//import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore;
-//import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
-//import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
-//import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
-//import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
-//import at.gv.egovernment.moa.id.config.ConfigurationException;
-//import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-//import at.gv.egovernment.moa.id.config.ConfigurationProviderImpl;
-//import at.gv.egovernment.moa.id.config.ConfigurationUtils;
-//import at.gv.egovernment.moa.id.config.ConnectionParameter;
-//import at.gv.egovernment.moa.id.config.ConnectionParameterForeign;
-//import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP;
-//import at.gv.egovernment.moa.id.config.ConnectionParameterMandate;
-//import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed;
-//import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig;
-//import at.gv.egovernment.moa.id.config.stork.STORKConfig;
-//import at.gv.egovernment.moa.id.data.IssuerAndSerial;
-//import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStore;
-//import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-//import at.gv.egovernment.moa.logging.Logger;
-//import at.gv.egovernment.moa.util.MiscUtil;
-//import at.gv.util.config.EgovUtilPropertiesConfiguration;
-//
-//import com.fasterxml.jackson.annotation.JsonIgnore;
-//import com.fasterxml.jackson.annotation.JsonProperty;
-//
-///**
-// * A class providing access to the Auth Part of the MOA-ID configuration data.
-// *
-// * <p>Configuration data is read from an XML file, whose location is given by
-// * the <code>moa.id.configuration</code> system property.</p>
-// * <p>This class implements the Singleton pattern. The <code>reload()</code>
-// * method can be used to update the configuration data. Therefore, it is not
-// * guaranteed that consecutive calls to <code>getInstance()</code> will return
-// * the same <code>AuthConfigurationProvider</code> all the time. During the
-// * processing of a web service request, the current
-// * <code>TransactionContext</code> should be used to obtain the
-// * <code>AuthConfigurationProvider</code> local to that request.</p>
-// *
-// * @author Patrick Peck
-// * @author Stefan Knirsch
-// *
-// * @version $Id$
-// *
-// *@deprecated Use {@link AuthConfigProviderFactory} instead
-// */
-//public class AuthConfigurationProvider extends ConfigurationProviderImpl implements AuthConfiguration {
-//
-//// /** DEFAULT_ENCODING is "UTF-8" */
-//// private static final String DEFAULT_ENCODING="UTF-8";
-// /**
-// * The name of the generic configuration property giving the authentication session time out.
-// */
-// public static final String AUTH_SESSION_TIMEOUT_PROPERTY =
-// "AuthenticationSession.TimeOut";
-// /**
-// * The name of the generic configuration property giving the authentication data time out.
-// */
-// public static final String AUTH_DATA_TIMEOUT_PROPERTY =
-// "AuthenticationData.TimeOut";
-//
-// /**
-// * BKUSelectionType HTMLComplete, according to schema type <code>BKUSelectionType</code>
-// */
-// public static final String BKU_SELECTION_TYPE_HTMLCOMPLETE =
-// "HTMLComplete";
-//
-// /**
-// * BKUSelectionType HTMLSelect, according to schema type <code>BKUSelectionType</code>
-// */
-// public static final String BKU_SELECTION_TYPE_HTMLSELECT =
-// "HTMLSelect";
-//
-// /**
-// * The name of the generic configuration property allowing https connection to
-// * the user frontend servlets ("StartAuthentication" and "SelectBKU" servlets)
-// */
-// public static final String FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY =
-// "FrontendServlets.EnableHTTPConnection";
-//
-// /**
-// * The name of the generic configuration property allowing to set a individual
-// * DATA URL used to communicate with the BKU (SecurityLayer)
-// */
-// public static final String INDIVIDUAL_DATA_URL_PREFIX =
-// "FrontendServlets.DataURLPrefix";
-//
-// /** Singleton instance. <code>null</code>, if none has been created. */
-// private static AuthConfigurationProvider instance;
-//
-// //
-// // configuration data
-// //
-// private static MOAIDConfiguration moaidconfig = null;
-//
-// private static Properties props = null;
-//
-// private static STORKConfig storkconfig = null;
-//
-// private static TimeOuts timeouts = null;
-//
-// private static PVP2 pvp2general = null;
-//
-// private static String alternativesourceid = null;
-//
-// private static List<String> legacyallowedprotocols = new ArrayList<String>();
-// private static ProtocolAllowed allowedProtcols = null;
-//
-// private static VerifyAuthBlock verifyidl = null;
-//
-// private static ConnectionParameter MoaSpConnectionParameter = null;
-// private static ConnectionParameter ForeignIDConnectionParameter = null;
-// private static ConnectionParameter OnlineMandatesConnectionParameter = null;
-//
-// private static String MoaSpIdentityLinkTrustProfileID = null;
-//
-// private static List<String> TransformsInfos = null;
-// private static List<String> IdentityLinkX509SubjectNames = new ArrayList<String>();
-//
-// private static Map<String, String> SLRequestTemplates = new HashMap<String, String>();
-// private static Map<String, String> DefaultBKUURLs = new HashMap<String, String>();
-//
-// private static SSO ssoconfig = null;
-//
-// private EgovUtilPropertiesConfiguration eGovUtilsConfig = null;
-//
-// private static Date date = null;
-//
-// private String publicURLPreFix = null;
-//
-// /**
-// * Return the single instance of configuration data.
-// *
-// * @return AuthConfigurationProvider The current configuration data.
-// * @throws ConfigurationException
-// */
-// public static synchronized AuthConfigurationProvider getInstance()
-// throws ConfigurationException {
-//
-// if (instance == null) {
-// reload();
-// }
-// return instance;
-// }
-//
-// public static Date getTimeStamp() {
-// return date;
-// }
-//
-// /**
-// * Reload the configuration data and set it if successful.
-// *
-// * @return AuthConfigurationProvider The loaded configuration data.
-// * @throws ConfigurationException Failure to load the configuration data.
-// */
-// public static synchronized AuthConfigurationProvider reload()
-// throws ConfigurationException {
-// String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
-// if (fileName == null) {
-// throw new ConfigurationException("config.01", null);
-// }
-// Logger.info("Loading MOA-ID-AUTH configuration " + fileName);
-//
-// instance = new AuthConfigurationProvider(fileName);
-// return instance;
-// }
-//
-//
-// /**
-// * Constructor for AuthConfigurationProvider.
-// * @param fileName
-// * @throws ConfigurationException
-// */
-// public AuthConfigurationProvider(String fileName)
-// throws ConfigurationException {
-//
-// load(fileName);
-// }
-//
-// /**
-// * Protected constructor. Used by unit tests.
-// */
-// protected AuthConfigurationProvider() {
-// }
-//
-// /**
-// * Load the configuration data from XML file with the given name and build
-// * the internal data structures representing the MOA ID configuration.
-// *
-// * @param fileName The name of the XML file to load.
-// * @throws ConfigurationException The MOA configuration could not be
-// * read/built.
-// */
-// private void load(String fileName) throws ConfigurationException {
-//
-// try {
-// //Initial Hibernate Framework
-// Logger.trace("Initializing Hibernate framework.");
-//
-// //Load MOAID-2.0 properties file
-// File propertiesFile = new File(fileName);
-// FileInputStream fis = null;
-// props = new Properties();
-//
-// // determine the directory of the root config file
-// rootConfigFileDir = new File(fileName).getParent();
-//
-// try {
-// rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
-//
-// } catch (MalformedURLException t) {
-// throw new ConfigurationException("config.03", null, t);
-// }
-//
-// try {
-// fis = new FileInputStream(propertiesFile);
-// props.load(fis);
-//
-// // read MOAID Session Hibernate properties
-// Properties moaSessionProp = new Properties();
-// for (Object key : props.keySet()) {
-// String propPrefix = "moasession.";
-// if (key.toString().startsWith(propPrefix+"hibernate")) {
-// String propertyName = key.toString().substring(propPrefix.length());
-// moaSessionProp.put(propertyName, props.get(key.toString()));
-// }
-// }
-//
-// // read Config Hibernate properties
-// Properties configProp = new Properties();
-// for (Object key : props.keySet()) {
-// String propPrefix = "configuration.";
-// if (key.toString().startsWith(propPrefix+"hibernate")) {
-// String propertyName = key.toString().substring(propPrefix.length());
-// configProp.put(propertyName, props.get(key.toString()));
-// }
-// }
-//
-// // read advanced logging properties
-// Properties statisticProps = new Properties();
-// for (Object key : props.keySet()) {
-// String propPrefix = "advancedlogging.";
-// if (key.toString().startsWith(propPrefix+"hibernate")) {
-// String propertyName = key.toString().substring(propPrefix.length());
-// statisticProps.put(propertyName, props.get(key.toString()));
-// }
-// }
-//
-// // initialize hibernate
-// synchronized (AuthConfigurationProvider.class) {
-//
-// //Initial config Database
-// // ConfigurationDBUtils.initHibernate(configProp);
-//
-// //initial MOAID Session Database
-// Configuration config = new Configuration();
-// config.addAnnotatedClass(AssertionStore.class);
-// config.addAnnotatedClass(AuthenticatedSessionStore.class);
-// config.addAnnotatedClass(OASessionStore.class);
-// config.addAnnotatedClass(OldSSOSessionIDStore.class);
-// config.addAnnotatedClass(ExceptionStore.class);
-// config.addAnnotatedClass(InterfederationSessionStore.class);
-// config.addAnnotatedClass(ProcessInstanceStore.class);
-// config.addProperties(moaSessionProp);
-// MOASessionDBUtils.initHibernate(config, moaSessionProp);
-//
-// //initial advanced logging
-// if (isAdvancedLoggingActive()) {
-// Logger.info("Advanced statistic log is activated, starting initialization process ...");
-// Configuration statisticconfig = new Configuration();
-// statisticconfig.addAnnotatedClass(StatisticLog.class);
-// statisticconfig.addProperties(statisticProps);
-// StatisticLogDBUtils.initHibernate(statisticconfig, statisticProps);
-// Logger.info("Advanced statistic log is initialized.");
-// }
-//
-// }
-// Logger.trace("Hibernate initialization finished.");
-//
-// } catch (FileNotFoundException e) {
-// throw new ConfigurationException("config.03", null, e);
-//
-// } catch (IOException e) {
-// throw new ConfigurationException("config.03", null, e);
-//
-// } catch (ExceptionInInitializerError e) {
-// throw new ConfigurationException("config.17", null, e);
-//
-// } finally {
-// if (fis != null)
-// fis.close();
-//
-// }
-//
-//
-// //Initialize OpenSAML for STORK
-// Logger.info("Starting initialization of OpenSAML...");
-// MOADefaultBootstrap.bootstrap();
-// //DefaultBootstrap.bootstrap();
-// Logger.debug("OpenSAML successfully initialized");
-//
-//
-// String legacyconfig = props.getProperty("configuration.xml.legacy");
-// String xmlconfig = props.getProperty("configuration.xml");
-//// String xmlconfigout = props.getProperty("configuration.xml.out");
-//
-//
-// //configure eGovUtils client implementations
-//
-// //read eGovUtils client configuration
-// Properties eGovUtilsConfigProp = new Properties();
-// for (Object key : props.keySet()) {
-// String propPrefix = "service.";
-// if (key.toString().startsWith(propPrefix+"egovutil")) {
-// String propertyName = key.toString().substring(propPrefix.length());
-// eGovUtilsConfigProp.put(propertyName, props.get(key.toString()));
-// }
-// }
-// if (!eGovUtilsConfigProp.isEmpty()) {
-// Logger.info("Start eGovUtils client implementation configuration ...");
-// eGovUtilsConfig =
-// new EgovUtilPropertiesConfiguration(eGovUtilsConfigProp, rootConfigFileDir);
-// }
-//
-//
-// //TODO: removed in MOA-ID 3.x
-//// //check if XML config should be used
-//// if (MiscUtil.isNotEmpty(legacyconfig) || MiscUtil.isNotEmpty(xmlconfig)) {
-//// Logger.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!");
-//// //moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
-//// moaidconfig = NewConfigurationDBRead.getMOAIDConfiguration();
-//// if (moaidconfig.getAuthComponentGeneral()!= null || moaidconfig.getChainingModes() != null || moaidconfig.getTrustedCACertificates() != null || moaidconfig.getDefaultBKUs() != null
-//// || moaidconfig.getSLRequestTemplates() != null || moaidconfig.getTimestampItem() != null || moaidconfig.getPvp2RefreshItem() != null) {
-////
-//// // ConfigurationDBUtils.delete(moaidconfig);
-//// for(String key : MOAIDConfigurationConstants.getMOAIDConfigurationKeys()){
-//// NewConfigurationDBWrite.delete(key);
-//// }
-//// }
-////
-////
-//// //List<OnlineApplication> oas = ConfigurationDBRead.getAllOnlineApplications();
-//// List<OnlineApplication> oas = NewConfigurationDBRead.getAllOnlineApplications();
-//// if (oas != null && oas.size() > 0) {
-//// // for (OnlineApplication oa : oas)
-//// // ConfigurationDBUtils.delete(oa);
-//// NewConfigurationDBWrite.delete(MOAIDConfigurationConstants.ONLINE_APPLICATIONS_KEY);
-//// }
-//// }
-////
-//// //load legacy config if it is configured
-//// if (MiscUtil.isNotEmpty(legacyconfig)) {
-//// Logger.warn("WARNING! MOA-ID 2.0 is started with legacy configuration. This setup is not recommended!");
-////
-//// MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(new File(legacyconfig), rootConfigFileDir, null);
-////
-//// List<OnlineApplication> oas = moaconfig.getOnlineApplication();
-//// // for (OnlineApplication oa : oas)
-//// // ConfigurationDBUtils.save(oa);
-//// NewConfigurationDBWrite.saveOnlineApplications(oas);
-////
-//// moaconfig.setOnlineApplication(null);
-//// // ConfigurationDBUtils.save(moaconfig);
-//// NewConfigurationDBWrite.save(moaconfig);
-////
-//// Logger.info("Legacy Configuration load is completed.");
-////
-////
-//// }
-////
-//// //load MOA-ID 2.x config from XML
-//// if (MiscUtil.isNotEmpty(xmlconfig)) {
-//// Logger.warn("Load configuration from MOA-ID 2.x XML configuration");
-////
-//// try {
-//// JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
-//// Unmarshaller m = jc.createUnmarshaller();
-//// File file = new File(xmlconfig);
-//// MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(file);
-//// //ConfigurationDBUtils.save(moaconfig);
-////
-//// List<OnlineApplication> importoas = moaconfig.getOnlineApplication();
-//// // for (OnlineApplication importoa : importoas) {
-//// // ConfigurationDBUtils.saveOrUpdate(importoa);
-//// // }
-////
-//// NewConfigurationDBWrite.saveOnlineApplications(importoas);
-////
-//// moaconfig.setOnlineApplication(null);
-//// //ConfigurationDBUtils.saveOrUpdate(moaconfig);
-//// NewConfigurationDBWrite.save(moaconfig);
-////
-//// } catch (Exception e) {
-//// Logger.warn("MOA-ID XML configuration can not be loaded from File.", e);
-//// throw new ConfigurationException("config.02", null);
-//// }
-//// Logger.info("XML Configuration load is completed.");
-//// }
-//
-// reloadDataBaseConfig();
-//
-//
-// } catch (Throwable t) {
-// throw new ConfigurationException("config.02", null, t);
-// }
-// }
-//
-// protected MOAIDConfiguration loadDataBaseConfig() {
-// return ConfigurationDBRead.getMOAIDConfiguration();
-// }
-//
-// public synchronized void reloadDataBaseConfig() throws ConfigurationException {
-//
-// Logger.info("Read MOA-ID 2.0 configuration from database.");
-// moaidconfig = loadDataBaseConfig();
-// Logger.info("MOA-ID 2.0 is loaded.");
-//
-// if (moaidconfig == null) {
-// Logger.warn("NO MOA-ID configuration found.");
-// throw new ConfigurationException("config.18", null);
-// }
-//
-// //build STORK Config
-// AuthComponentGeneral auth = getAuthComponentGeneral();
-// ForeignIdentities foreign = auth.getForeignIdentities();
-// if (foreign == null ) {
-// Logger.warn("Error in MOA-ID Configuration. No STORK configuration found.");
-// } else
-// storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir);
-//
-// //load Chaining modes
-// ChainingModes cm = moaidconfig.getChainingModes();
-// if (cm != null) {
-// defaultChainingMode = cm.getSystemDefaultMode().value();
-//
-// List<TrustAnchor> tas = cm.getTrustAnchor();
-//
-// chainingModes = new HashMap<IssuerAndSerial, String>();
-// for (TrustAnchor ta : tas) {
-// IssuerAndSerial is = new IssuerAndSerial(ta.getX509IssuerName(), ta.getX509SerialNumber());
-// chainingModes.put(is, ta.getMode().value());
-// }
-// } else {
-// Logger.warn("Error in MOA-ID Configuration. No ChainingMode configuration found.");
-// throw new ConfigurationException("config.02", null);
-// }
-//
-// //set Trusted CA certs directory
-// trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates();
-//
-// //set CertStoreDirectory
-// setCertStoreDirectory();
-//
-// //set TrustManagerRevocationChecking
-// setTrustManagerRevocationChecking();
-//
-// //set default timeouts
-// timeouts = new TimeOuts();
-// timeouts.setAssertion(new BigInteger("300"));
-// timeouts.setMOASessionCreated(new BigInteger("2700"));
-// timeouts.setMOASessionUpdated(new BigInteger("1200"));
-//
-// //search timeouts in config
-// if (auth.getGeneralConfiguration() != null) {
-// if (auth.getGeneralConfiguration().getTimeOuts() != null) {
-// if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() != null)
-// timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion());
-//
-// if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() != null)
-// timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated());
-//
-// if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() != null)
-// timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated());
-//
-// } else {
-// Logger.info("No TimeOuts defined. Use default values");
-// }
-// }
-//
-// // sets the authentication session and authentication data time outs
-// AuthenticationServer.getInstance()
-// .setSecondsSessionTimeOutCreated(timeouts.getMOASessionCreated().longValue());
-//
-// AuthenticationServer.getInstance()
-// .setSecondsSessionTimeOutUpdated(timeouts.getMOASessionUpdated().longValue());
-//
-// AuthenticationServer.getInstance()
-// .setSecondsAuthDataTimeOut(timeouts.getAssertion().longValue());
-//
-//
-//
-// //set PVP2 general config
-// Protocols protocols = auth.getProtocols();
-// if (protocols != null) {
-//
-// allowedProtcols = new ProtocolAllowed();
-//
-// if (protocols.getSAML1() != null) {
-// allowedProtcols.setSAML1Active(protocols.getSAML1().isIsActive());
-//
-// //load alternative sourceID
-// if (MiscUtil.isNotEmpty(protocols.getSAML1().getSourceID()))
-// alternativesourceid = protocols.getSAML1().getSourceID();
-//
-// }
-//
-// if (protocols.getOAuth() != null) {
-// allowedProtcols.setOAUTHActive(protocols.getOAuth().isIsActive());
-// }
-//
-// if (protocols.getPVP2() != null) {
-// PVP2 el = protocols.getPVP2();
-//
-// allowedProtcols.setPVP21Active(el.isIsActive());
-//
-// pvp2general = new PVP2();
-// pvp2general.setIssuerName(el.getIssuerName());
-// pvp2general.setPublicURLPrefix(el.getPublicURLPrefix());
-//
-// if (el.getOrganization() != null) {
-// Organization org = new Organization();
-// pvp2general.setOrganization(org);
-// org.setDisplayName(el.getOrganization().getDisplayName());
-// org.setName(el.getOrganization().getName());
-// org.setURL(el.getOrganization().getURL());
-// }
-//
-// if (el.getContact() != null) {
-// List<Contact> cont = new ArrayList<Contact>();
-// pvp2general.setContact(cont);
-// for (Contact e : el.getContact()) {
-// Contact c = new Contact();
-// c.setCompany(e.getCompany());
-// c.setGivenName(e.getGivenName());
-// c.getMail().addAll(e.getMail());
-// c.getPhone().addAll(e.getPhone());
-// c.setSurName(e.getSurName());
-// c.setType(e.getType());
-// cont.add(c);
-// }
-// }
-// }
-// } else {
-// Logger.warn("Error in MOA-ID Configuration. No general Protcol configuration found.");
-// }
-//
-// //set alternativeSourceID
-// if (auth.getGeneralConfiguration() != null) {
-//
-// //TODO: can be removed in a further version, because it is moved to SAML1 config
-// if (MiscUtil.isEmpty(alternativesourceid))
-// alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID();
-//
-// if (MiscUtil.isNotEmpty(auth.getGeneralConfiguration().getPublicURLPreFix()))
-// publicURLPreFix = auth.getGeneralConfiguration().getPublicURLPreFix();
-//
-// else {
-// Logger.error("No Public URL Prefix configured.");
-// throw new ConfigurationException("config.05", new Object[]{"Public URL Prefix"});
-// }
-//
-// } else {
-// Logger.warn("Error in MOA-ID Configuration. No GeneralConfig defined.");
-// throw new ConfigurationException("config.02", null);
-// }
-//
-// //set LegacyAllowedProtocols
-// try {
-// if (auth.getProtocols() != null) {
-// Protocols procols = auth.getProtocols();
-// if (procols.getLegacyAllowed() != null) {
-// LegacyAllowed legacy = procols.getLegacyAllowed();
-// legacyallowedprotocols = new ArrayList<String>(legacy.getProtocolName());
-// }
-// }
-// } catch (Exception e) {
-// Logger.info("No protocols found with legacy allowed flag!");
-// }
-//
-// //set VerifyAuthBlockConfig
-// MOASP moasp = getMOASPConfig(auth);
-//
-// VerifyAuthBlock el = moasp.getVerifyAuthBlock();
-// if (el != null) {
-// verifyidl = new VerifyAuthBlock();
-// verifyidl.setTrustProfileID(el.getTrustProfileID());
-// verifyidl.setVerifyTransformsInfoProfileID(new ArrayList<String>(el.getVerifyTransformsInfoProfileID()));
-// }
-// else {
-// Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation.");
-// throw new ConfigurationException("config.02", null);
-// }
-//
-// //set MOASP connection parameters
-// if (moasp.getConnectionParameter() != null)
-// MoaSpConnectionParameter = new ConnectionParameterMOASP(moasp.getConnectionParameter(), props, this.rootConfigFileDir);
-// else
-// MoaSpConnectionParameter = null;
-//
-// //set ForeignIDConnectionParameters
-// if (foreign != null) {
-// ForeignIDConnectionParameter = new ConnectionParameterForeign(foreign.getConnectionParameter(), props, this.rootConfigFileDir);
-// } else {
-// Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to SZRGW Service found");
-// }
-//
-// //set OnlineMandateConnectionParameters
-// OnlineMandates ovs = auth.getOnlineMandates();
-// if (ovs != null) {
-// OnlineMandatesConnectionParameter = new ConnectionParameterMandate(ovs.getConnectionParameter(), props, this.rootConfigFileDir);
-//
-// } else {
-// Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to OVS Service found");
-// }
-//
-// //set MOASP IdentityLink Trust-ProfileID
-// VerifyIdentityLink verifyidl = moasp.getVerifyIdentityLink();
-// if (verifyidl != null)
-// MoaSpIdentityLinkTrustProfileID = verifyidl.getTrustProfileID();
-// else {
-// Logger.warn("Error in MOA-ID Configuration. No Trustprofile for IdentityLink validation.");
-// throw new ConfigurationException("config.02", null);
-// }
-//
-// //set SL transformation infos
-// SecurityLayer seclayer = auth.getSecurityLayer();
-// if (seclayer == null) {
-// Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration->SecurityLayer found");
-// throw new ConfigurationException("config.02", null);
-// } else {
-// TransformsInfos = ConfigurationUtils.getTransformInfos(seclayer.getTransformsInfo());
-//
-// if (TransformsInfos == null || TransformsInfos.size() == 0) {
-// Logger.error("No Security-Layer Transformation found.");
-// throw new ConfigurationException("config.05", new Object[]{"Security-Layer Transformation"});
-// }
-//
-// }
-//
-// //set IdentityLinkSignerSubjectNames
-// IdentityLinkX509SubjectNames = new ArrayList<String>();
-// IdentityLinkSigners idlsigners = auth.getIdentityLinkSigners();
-// if (idlsigners != null) {
-// Logger.debug("Load own IdentityLinkX509SubjectNames");
-// IdentityLinkX509SubjectNames.addAll(new ArrayList<String>(idlsigners.getX509SubjectName()));
-// }
-//
-// // now add the default identity link signers
-// String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID;
-// for (int i=0; i<identityLinkSignersWithoutOID.length; i++) {
-// String identityLinkSigner = identityLinkSignersWithoutOID[i];
-// if (!IdentityLinkX509SubjectNames.contains(identityLinkSigner)) {
-// IdentityLinkX509SubjectNames.add(identityLinkSigner);
-// }
-// }
-//
-// //set SLRequestTemplates
-// SLRequestTemplates templ = moaidconfig.getSLRequestTemplates();
-// if (templ == null) {
-// Logger.warn("Error in MOA-ID Configuration. No SLRequestTemplates found");
-// throw new ConfigurationException("config.02", null);
-// } else {
-// SLRequestTemplates.put(IOAAuthParameters.ONLINEBKU, templ.getOnlineBKU());
-// SLRequestTemplates.put(IOAAuthParameters.LOCALBKU, templ.getLocalBKU());
-// SLRequestTemplates.put(IOAAuthParameters.HANDYBKU, templ.getHandyBKU());
-// }
-//
-// //set Default BKU URLS
-// DefaultBKUs bkuuls = moaidconfig.getDefaultBKUs();
-// if (bkuuls != null) {
-// DefaultBKUURLs.put(IOAAuthParameters.ONLINEBKU, bkuuls.getOnlineBKU());
-// DefaultBKUURLs.put(IOAAuthParameters.LOCALBKU, bkuuls.getLocalBKU());
-// DefaultBKUURLs.put(IOAAuthParameters.HANDYBKU, bkuuls.getHandyBKU());
-// }
-//
-// //set SSO Config
-// if (auth.getSSO()!= null) {
-// ssoconfig = new SSO();
-// ssoconfig.setFriendlyName(auth.getSSO().getFriendlyName());
-// ssoconfig.setPublicURL(auth.getSSO().getPublicURL());
-// ssoconfig.setSpecialText(auth.getSSO().getSpecialText());
-// ssoconfig.setTarget(auth.getSSO().getTarget());
-//
-// if (auth.getSSO().getIdentificationNumber() != null) {
-// IdentificationNumber value = new IdentificationNumber();
-// value.setType(auth.getSSO().getIdentificationNumber().getType());
-// value.setValue(auth.getSSO().getIdentificationNumber().getValue());
-// ssoconfig.setIdentificationNumber(value);
-// }
-// } else {
-// Logger.warn("Error in MOA-ID Configuration. No Single Sign-On Config found");
-// }
-//
-// //close Database
-// //
-//
-// date = new Date();
-// }
-//
-//
-// private Properties getGeneralProperiesConfig(final String propPrefix) {
-// Properties configProp = new Properties();
-// for (Object key : props.keySet()) {
-// if (key.toString().startsWith(propPrefix)) {
-// String propertyName = key.toString().substring(propPrefix.length());
-// configProp.put(propertyName, props.get(key.toString()));
-// }
-// }
-// return configProp;
-// }
-//
-// public Properties getGeneralPVP2ProperiesConfig() {
-// return this.getGeneralProperiesConfig("protocols.pvp2.");
-// }
-//
-// public Properties getGeneralOAuth20ProperiesConfig() {
-// return this.getGeneralProperiesConfig("protocols.oauth20.");
-// }
-//
-// public ProtocolAllowed getAllowedProtocols() {
-// return allowedProtcols;
-// }
-//
-// public PVP2 getGeneralPVP2DBConfig() {
-// return pvp2general;
-// }
-//
-// public TimeOuts getTimeOuts() throws ConfigurationException {
-// return timeouts;
-// }
-//
-// public String getAlternativeSourceID() throws ConfigurationException {
-// return alternativesourceid;
-// }
-//
-// public List<String> getLegacyAllowedProtocols() {
-// return legacyallowedprotocols;
-// }
-//
-//
-// /**
-// * Provides configuration information regarding the online application behind
-// * the given URL, relevant to the MOA-ID Auth component.
-// *
-// * @param oaURL URL requested for an online application
-// * @return an <code>OAAuthParameter</code>, or <code>null</code>
-// * if none is applicable
-// */
-// public OAAuthParameter getOnlineApplicationParameter(String oaURL) {
-//
-// OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(oaURL);
-//
-// if (oa == null) {
-// Logger.warn("Online application with identifier " + oaURL + " is not found.");
-// return null;
-// }
-//
-// return new OAAuthParameter(oa);
-// }
-//
-//
-// /**
-// * Return a string with a url-reference to the VerifyAuthBlock trust
-// * profile id within the moa-sp part of the authentication component
-// *
-// * @return String with a url-reference to the VerifyAuthBlock trust profile ID
-// * @throws ConfigurationException
-// */
-// public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException {
-// return verifyidl.getTrustProfileID();
-// }
-//
-// /**
-// * Return a string array with references to all verify transform info
-// * IDs within the moa-sp part of the authentication component
-// * @return A string array containing all urls to the
-// * verify transform info IDs
-// * @throws ConfigurationException
-// */
-// public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException {
-// return verifyidl.getVerifyTransformsInfoProfileID();
-// }
-//
-// /**
-// * Return a ConnectionParameter bean containing all information
-// * of the authentication component moa-sp element
-// * @return ConnectionParameter of the authentication component moa-sp element
-// * @throws ConfigurationException
-// */
-// public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException {
-// return MoaSpConnectionParameter;
-// }
-//
-// /**
-// * Return a ConnectionParameter bean containing all information
-// * of the authentication component foreigid element
-// * @return ConnectionParameter of the authentication component foreignid element
-// * @throws ConfigurationException
-// */
-// public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException {
-// return ForeignIDConnectionParameter;
-// }
-//
-// /**
-// * Return a ConnectionParameter bean containing all information
-// * of the authentication component OnlineMandates element
-// * @return ConnectionParameter of the authentication component OnlineMandates element
-// * @throws ConfigurationException
-// */
-// public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException {
-// return OnlineMandatesConnectionParameter;
-// }
-//
-// /**
-// * Return a string with a url-reference to the VerifyIdentityLink trust
-// * profile id within the moa-sp part of the authentication component
-// * @return String with a url-reference to the VerifyIdentityLink trust profile ID
-// * @throws ConfigurationException
-// */
-// public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException {
-// return MoaSpIdentityLinkTrustProfileID;
-// }
-//
-// /**
-// * Returns the transformsInfos.
-// * @return String[]
-// * @throws ConfigurationException
-// */
-// public List<String> getTransformsInfos() throws ConfigurationException {
-// return TransformsInfos;
-// }
-//
-// /**
-// * Returns the identityLinkX509SubjectNames.
-// * @return List
-// * @throws ConfigurationException
-// */
-// public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException {
-// return IdentityLinkX509SubjectNames;
-// }
-//
-// public List<String> getSLRequestTemplates() throws ConfigurationException {
-// return new ArrayList<String>(SLRequestTemplates.values());
-// }
-//
-// public String getSLRequestTemplates(String type) throws ConfigurationException {
-// String el = SLRequestTemplates.get(type);
-// if (MiscUtil.isNotEmpty(el))
-// return el;
-// else {
-// Logger.warn("getSLRequestTemplates: BKU Type does not match: "
-// + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU);
-// return null;
-// }
-// }
-//
-// public List<String> getDefaultBKUURLs() throws ConfigurationException {
-// return new ArrayList<String>(DefaultBKUURLs.values());
-// }
-//
-// public String getDefaultBKUURL(String type) throws ConfigurationException {
-// String el = DefaultBKUURLs.get(type);
-// if (MiscUtil.isNotEmpty(el))
-// return el;
-// else {
-// Logger.warn("getSLRequestTemplates: BKU Type does not match: "
-// + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU);
-// return null;
-// }
-// }
-//
-//// public boolean isSSOBusinessService() throws ConfigurationException {
-////
-//// if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null)
-//// return true;
-//// else
-//// return false;
-//// }
-//
-// public String getSSOTagetIdentifier() throws ConfigurationException {
-// if (ssoconfig != null)
-// return ssoconfig.getTarget();
-// else
-// return null;
-// }
-//
-//// public String getSSOTarget() throws ConfigurationException {
-//// if (ssoconfig!= null)
-//// return ssoconfig.getTarget();
-////
-//// return null;
-//// }
-//
-// public String getSSOFriendlyName() {
-// if (ssoconfig!= null) {
-// if (MiscUtil.isNotEmpty(ssoconfig.getFriendlyName()))
-// return ssoconfig.getFriendlyName();
-// }
-//
-// return "Default MOA-ID friendly name for SSO";
-// }
-//
-// public String getSSOSpecialText() {
-// if (ssoconfig!= null) {
-// String text = ssoconfig.getSpecialText();
-// if (MiscUtil.isEmpty(text))
-// text = new String();
-//
-// return text;
-// }
-// return new String();
-// }
-//
-// public String getMOASessionEncryptionKey() {
-//
-// String prop = props.getProperty("configuration.moasession.key");
-// if (MiscUtil.isEmpty(prop))
-// return null;
-// else
-// return prop;
-// }
-//
-// /**
-// * @return
-// */
-// public String getMOAConfigurationEncryptionKey() {
-// String prop = props.getProperty("configuration.moaconfig.key");
-// if (MiscUtil.isEmpty(prop))
-// return null;
-// else
-// return prop;
-// }
-//
-// public boolean isIdentityLinkResigning() {
-// String prop = props.getProperty("configuration.resignidentitylink.active", "false");
-// return Boolean.valueOf(prop);
-// }
-//
-// public String getIdentityLinkResigningKey() {
-// String prop = props.getProperty("configuration.resignidentitylink.keygroup");
-// if (MiscUtil.isNotEmpty(prop))
-// return prop;
-// else
-// return null;
-// }
-//
-// /**
-// * Checks if is fakeIdL is activated.
-// *
-// * @return true, if fake IdLs are available for stork
-// */
-// public boolean isStorkFakeIdLActive() {
-// String prop = props.getProperty("stork.fakeIdL.active", "false");
-// return Boolean.valueOf(prop);
-// }
-//
-// /**
-// * Gets the countries which will receive a fake IdL
-// *
-// * @return the countries
-// */
-// public List<String> getStorkFakeIdLCountries() {
-// String prop = props.getProperty("stork.fakeIdL.countries", "");
-// return Arrays.asList(prop.replaceAll(" ", "").split(","));
-// }
-//
-// /**
-// * Gets the resigning key (group) for the stork fake IdL.
-// *
-// * @return the resigning key
-// */
-// public String getStorkFakeIdLResigningKey() {
-// String prop = props.getProperty("stork.fakeIdL.keygroup");
-// if (MiscUtil.isNotEmpty(prop))
-// return prop;
-// else
-// return null;
-// }
-//
-// /**
-// * Gets the countries for which it is configured to require no signature
-// *
-// * @return the stork no signature countries
-// */
-// public List<String> getStorkNoSignatureCountries() {
-// String prop = props.getProperty("stork.fakeIdL.noSignatureCountries", "");
-// return Arrays.asList(prop.replaceAll(" ", "").split(","));
-// }
-//
-// @JsonProperty("isMonitoringActive")
-// public boolean isMonitoringActive() {
-// String prop = props.getProperty("configuration.monitoring.active", "false");
-// return Boolean.valueOf(prop);
-// }
-//
-// public String getMonitoringTestIdentityLinkURL() {
-// String prop = props.getProperty("configuration.monitoring.test.identitylink.url");
-// if (MiscUtil.isNotEmpty(prop))
-// return prop;
-// else
-// return null;
-// }
-//
-// public String getMonitoringMessageSuccess() {
-// String prop = props.getProperty("configuration.monitoring.message.success");
-// if (MiscUtil.isNotEmpty(prop))
-// return prop;
-// else
-// return null;
-// }
-//
-// public boolean isAdvancedLoggingActive() {
-// String prop = props.getProperty("configuration.advancedlogging.active", "false");
-// return Boolean.valueOf(prop);
-// }
-//
-// public String getPublicURLPrefix() {
-// return publicURLPreFix;
-// }
-//
-// public boolean isPVP2AssertionEncryptionActive() {
-// String prop = props.getProperty("protocols.pvp2.assertion.encryption.active", "true");
-// return Boolean.valueOf(prop);
-// }
-//
-// public boolean isCertifiacteQCActive() {
-// String prop = props.getProperty("configuration.validation.certificate.QC.ignore", "false");
-// return !Boolean.valueOf(prop);
-// }
-//
-//
-// //Load document service url from moa properties
-// public String getDocumentServiceUrl() {
-// String prop = props.getProperty("stork.documentservice.url", "false");
-// return prop;
-// }
-//
-//
-// public boolean isPVPSchemaValidationActive() {
-// String prop = props.getProperty("protocols.pvp2.schemavalidation", "true");
-// return Boolean.valueOf(prop);
-// }
-//
-// /**
-// * Returns the STORK Configuration
-// * @return STORK Configuration
-// * @throws ConfigurationException
-// */
-// public STORKConfig getStorkConfig() throws ConfigurationException {
-//
-// return storkconfig;
-// }
-//
-// /**
-// * @return the eGovUtilsConfig
-// */
-//@JsonIgnore
-//public EgovUtilPropertiesConfiguration geteGovUtilsConfig() {
-// return eGovUtilsConfig;
-//}
-//
-//private void setCertStoreDirectory() throws ConfigurationException {
-// AuthComponentGeneral auth = getAuthComponentGeneral();
-//
-// if (auth.getGeneralConfiguration() != null)
-// certstoreDirectory = rootConfigFileDir + auth.getGeneralConfiguration().getCertStoreDirectory();
-// else {
-// Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined.");
-// throw new ConfigurationException("config.02", null);
-// }
-// }
-//
-// private void setTrustManagerRevocationChecking() throws ConfigurationException {
-// AuthComponentGeneral auth = getAuthComponentGeneral();
-//
-// if (auth.getGeneralConfiguration() != null &&
-// auth.getGeneralConfiguration().isTrustManagerRevocationChecking() != null)
-// trustmanagerrevoationchecking = auth.getGeneralConfiguration().isTrustManagerRevocationChecking();
-// else {
-// Logger.warn("No TrustMangerRevoationChecking defined. Use default value = TRUE");
-// throw new ConfigurationException("config.02", null);
-// }
-// }
-//
-// private static AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException {
-// AuthComponentGeneral authgeneral = moaidconfig.getAuthComponentGeneral();
-// if (authgeneral == null) {
-// Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found");
-// throw new ConfigurationException("config.02", null);
-// }
-// return authgeneral;
-// }
-//
-// private static MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException {
-// MOASP moasp = authgeneral.getMOASP();
-//
-// if (moasp == null) {
-// Logger.warn("Error in MOA-ID Configuration. No MOASP configuration found");
-// throw new ConfigurationException("config.02", null);
-// }
-// return moasp;
-// }
-//
-///* (non-Javadoc)
-// * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getConfigurationWithPrefix(java.lang.String)
-// */
-//@Override
-//public Properties getConfigurationWithPrefix(String Prefix) {
-// // TODO Auto-generated method stub
-// return null;
-//}
-//
-///* (non-Javadoc)
-// * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getConfigurationWithKey(java.lang.String)
-// */
-//@Override
-//public String getConfigurationWithKey(String key) {
-// // TODO Auto-generated method stub
-// return null;
-//}
-//
-//}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
index a2dfeba2f..ab2a07f7c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
@@ -263,6 +263,19 @@ public String getKeyBoxIdentifier() {
returnValue.setProvideAllErrors(
Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_RETURNERROR)));
+ if (Boolean.parseBoolean(
+ spConfiguration.getConfigurationValue(
+ MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE,
+ String.valueOf(false)))) {
+ Logger.info("Demo-mode for 'New Austrian eID' is active. Restrict SAML1 response ... ");
+ returnValue.setProvideBaseId(false);
+ returnValue.setProvideAuthBlock(false);
+ returnValue.setProvideIdl(false);
+ returnValue.setProvideMandate(false);
+
+ }
+
+
return returnValue;
}
@@ -920,6 +933,16 @@ public List<String> foreignbPKSectorsRequested() {
}
+@Override
+public List<String> additionalbPKSectorsRequested() {
+ String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS);
+ if (MiscUtil.isNotEmpty(value))
+ return KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(value));
+
+ else
+ return null;
+
+}
@Override
@@ -1002,4 +1025,5 @@ public boolean isConfigurationValue(String key, boolean defaultValue) {
}
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index 390b77dab..1b2d203c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -541,6 +541,12 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
}
@Override
+ public List<String> additionalbPKSectorsRequested() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
public boolean containsConfigurationKey(String arg0) {
// TODO Auto-generated method stub
return false;
@@ -593,6 +599,5 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
public String getLoAMatchingMode() {
return EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM;
}
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
index ff4b96aab..af4cf6fa7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
@@ -5,6 +5,7 @@ import java.util.List;
import org.w3c.dom.Element;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
public interface IMOAAuthData extends IAuthData{
@@ -17,7 +18,22 @@ public interface IMOAAuthData extends IAuthData{
*/
String getQAALevel();
- List<String> getEncbPKList();
+ /**
+ * Get a List of Pair<Encrytped bPK, bPKTarget>, where the bPKTarget is formated according
+ * to Section 3.2.7 ENC-BPK-LIST in PVP Attribute-Profile 2.1.3
+ *
+ * @return
+ */
+ List<Pair<String, String>> getEncbPKList();
+
+ /**
+ * Get a List of Pair<Encrytped bPK, bPKTarget> for natural-person mandates, where
+ * the bPKTarget is formated according to Section 3.2.7 ENC-BPK-LIST in PVP Attribute-Profile 2.1.3
+ *
+ * @return
+ */
+ List<Pair<String, String>> getEncMandateNaturalPersonbPKList();
+
byte[] getSignerCertificate();
String getAuthBlock();
boolean isPublicAuthority();
@@ -35,4 +51,10 @@ public interface IMOAAuthData extends IAuthData{
String getPvpAttribute_OU();
List<AuthenticationRole> getAuthenticationRoles();
+ /**
+ * Indicate Austrian eID demo-mode
+ *
+ * @return true if it is in demo-mode, otherwise false
+ */
+ public boolean isIseIDNewDemoMode();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
index ca0ae0687..897a06e62 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
@@ -29,6 +29,7 @@ import java.util.List;
import org.w3c.dom.Element;
import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
@@ -54,8 +55,10 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
private byte[] signerCertificate = null;
private String authBlock = null;
private String QAALevel = null;
- private List<String> encbPKList;
-
+
+ private List<Pair<String, String>> encbPKList;
+ private List<Pair<String, String>> encMandateNaturalPersonbPKList;
+
//ISA 1.18 attributes
private List<AuthenticationRole> roles = null;
private String pvpAttribute_OU = null;
@@ -69,6 +72,8 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
private LoALevelMapper loaMapper;
+ private boolean iseIDNewDemoMode = false;
+
public MOAAuthenticationData(ILoALevelMapper loaMapper) {
if (loaMapper instanceof LoALevelMapper)
this.loaMapper = (LoALevelMapper) loaMapper;
@@ -104,9 +109,9 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
}
@Override
- public List<String> getEncbPKList() {
+ public List<Pair<String, String>> getEncbPKList() {
if (this.encbPKList == null)
- this.encbPKList = new ArrayList<String>();
+ this.encbPKList = new ArrayList<Pair<String, String>>();
return this.encbPKList;
}
@@ -291,10 +296,27 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
}
/**
+ * Set a List of encrypted bPKs where each List element is formated according
+ * to Section 3.2.7 ENC-BPK-LIST in PVP Attribte-Profile 2.1.3
+ *
* @param encbPKList the encbPKList to set
*/
public void setEncbPKList(List<String> encbPKList) {
- this.encbPKList = encbPKList;
+ if (encbPKList != null) {
+ for (String el : encbPKList) {
+ Logger.trace("Processing foreign bPK string: " + el );
+ int index = el.indexOf("|");
+ if (index >= 0) {
+ String encbPK = el.substring(index+1);
+ String second = el.substring(0, index);
+ getEncbPKList().add(Pair.newInstance(encbPK, second));
+
+ } else
+ Logger.info("Foreign bPK: " + el + " is misformatted. Ignore it");
+
+ }
+
+ }
}
@@ -321,648 +343,32 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
public void setQualifiedCertificate(boolean qualifiedCertificate) {
this.qualifiedCertificate = qualifiedCertificate;
}
-
-
-// private static final long serialVersionUID = -1042697056735596866L;
-// public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
-//
-// /**
-// * URL of the MOA-ID Auth component issueing this assertion
-// */
-// private String issuer;
-// /**
-// * time instant of issue of this assertion
-// */
-// private Date issueInstant;
-// /**
-// * user identification value (Stammzahl); <code>null</code>,
-// * if the authentication module is configured not to return this data
-// */
-// private String identificationValue;
-// /**
-// * user identification type
-// */
-// private String identificationType;
-//
-// /**
-// * user identityLink specialized to OAParamter
-// */
-// private IIdentityLink identityLink;
-//
-// /**
-// * application specific user identifier (bPK/wbPK)
-// */
-// private String bPK;
-//
-// /**
-// * application specific user identifier type
-// */
-// private String bPKType;
-//
-// /**
-// * given name of the user
-// */
-// private String givenName;
-// /**
-// * family name of the user
-// */
-// private String familyName;
-// /**
-// * date of birth of the user
-// */
-// private Date dateOfBirth;
-// /**
-// * says whether the certificate is a qualified certificate or not
-// */
-//
-// /**
-// * says whether the certificate is a public authority or not
-// */
-// /**
-// * public authority code (Beh&ouml;rdenkennzeichen - BKZ)
-// */
-//
-//
-// /**
-// * URL of the BKU
-// */
-//
-// /**
-// * the corresponding <code>lt;saml:Assertion&gt;</code>
-// */
-//
-// private boolean isBaseIDTransferRestrication = true;
-//
-//
-// /**
-// * STORK attributes from response
-// */
-// private String ccc = null;
-//
-// private Map<String, Object> genericDataStorate = new HashedMap<String, Object>();
-//
-//
-//
-// private String authBlock = null;
-// private List<String> encbPKList = null;
-//
-// //ISA 1.18 attributes
-// private List<AuthenticationRole> roles = null;
-// private String pvpAttribute_OU = null;
-//
-// private boolean useMandate = false;
-// private IMISMandate mandate = null;
-// private String mandateReferenceValue = null;
-//
-// private boolean foreigner =false;
-// private String QAALevel = null;
-//
-// private boolean ssoSession = false;
-// private Date ssoSessionValidTo = null;
-//
-//// private boolean interfederatedSSOSession = false;
-//// private String interfederatedIDP = null;
-//
-// private String sessionIndex = null;
-// private String nameID = null;
-// private String nameIDFormat = null;
-//
-// public AuthenticationData() {
-// issueInstant = new Date();
-// }
-//
-// /**
-// * Returns the publicAuthority.
-// * @return boolean
-// */
-// public boolean isPublicAuthority() {
-// return publicAuthority;
-// }
-//
-// /**
-// * Returns the publicAuthorityCode.
-// * @return String
-// */
-// public String getPublicAuthorityCode() {
-// return publicAuthorityCode;
-// }
-//
-// /**
-// * Returns the qualifiedCertificate.
-// * @return boolean
-// */
-// public boolean isQualifiedCertificate() {
-// return qualifiedCertificate;
-// }
-//
-// /**
-// * Returns the bPK.
-// * @return String
-// */
-// public String getBPK() {
-// return bPK;
-// }
-//
-// /**
-// * Sets the publicAuthority.
-// * @param publicAuthority The publicAuthority to set
-// */
-// public void setPublicAuthority(boolean publicAuthority) {
-// this.publicAuthority = publicAuthority;
-// }
-//
-// /**
-// * Sets the publicAuthorityCode.
-// * @param publicAuthorityIdentification The publicAuthorityCode to set
-// */
-// public void setPublicAuthorityCode(String publicAuthorityIdentification) {
-// this.publicAuthorityCode = publicAuthorityIdentification;
-// }
-//
-// /**
-// * Sets the qualifiedCertificate.
-// * @param qualifiedCertificate The qualifiedCertificate to set
-// */
-// public void setQualifiedCertificate(boolean qualifiedCertificate) {
-// this.qualifiedCertificate = qualifiedCertificate;
-// }
-//
-// /**
-// * Sets the bPK.
-// * @param bPK The bPK to set
-// */
-// public void setBPK(String bPK) {
-// this.bPK = bPK;
-// }
-//
-// /**
-// * Returns the dateOfBirth.
-// * @return String
-// */
-// public Date getDateOfBirth() {
-// return dateOfBirth;
-// }
-//
-// public String getFormatedDateOfBirth() {
-// DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
-// if (getDateOfBirth() != null)
-// return pvpDateFormat.format(getDateOfBirth());
-// else
-// return "2999-12-31";
-// }
-//
-// /**
-// * Returns the familyName.
-// * @return String
-// */
-// public String getFamilyName() {
-// return familyName;
-// }
-//
-// /**
-// * Returns the givenName.
-// * @return String
-// */
-// public String getGivenName() {
-// return givenName;
-// }
-//
-// /**
-// * Holds the baseID of a citizen
-// *
-// * @return baseID
-// */
-// public String getIdentificationValue() {
-// return identificationValue;
-// }
-//
-// /**
-// * Holds the type of the baseID
-// *
-// * @return baseID-Type
-// */
-// public String getIdentificationType() {
-// return identificationType;
-// }
-//
-// /**
-// * Returns the issueInstant.
-// * @return String
-// */
-// public String getIssueInstantString() {
-// return DateTimeUtils.buildDateTimeUTC(issueInstant);
-//
-// }
-//
-// /**
-// * Returns the issueInstant.
-// * @return String
-// */
-// public Date getIssueInstant() {
-// return issueInstant;
-//
-// }
-//
-// public void setIssueInstant(Date date) {
-// this.issueInstant = date;
-// }
-//
-// /**
-// * Returns the issuer.
-// * @return String
-// */
-// public String getIssuer() {
-// return issuer;
-// }
-//
-// /**
-// * Returns the BKU URL.
-// * @return String
-// */
-// public String getBkuURL() {
-// return bkuURL;
-// }
-//
-// /**
-// * Sets the dateOfBirth.
-// * @param dateOfBirth The dateOfBirth to set
-// */
-// public void setDateOfBirth(Date dateOfBirth) {
-// this.dateOfBirth = dateOfBirth;
-// }
-//
-// public void setDateOfBirth(String dateOfBirth) {
-// try {
-// if (MiscUtil.isNotEmpty(dateOfBirth)) {
-// DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
-// this.dateOfBirth = identityLinkFormat.parse(dateOfBirth);
-// }
-//
-// } catch (ParseException e) {
-// Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e);
-//
-// }
-// }
-//
-// /**
-// * Sets the familyName.
-// * @param familyName The familyName to set
-// */
-// public void setFamilyName(String familyName) {
-// this.familyName = familyName;
-// }
-//
-// /**
-// * Sets the givenName.
-// * @param givenName The givenName to set
-// */
-// public void setGivenName(String givenName) {
-// this.givenName = givenName;
-// }
-//
-// /**
-// * Sets the identificationValue.
-// * @param identificationValue The identificationValue to set
-// */
-// public void setIdentificationValue(String identificationValue) {
-// this.identificationValue = identificationValue;
-// }
-//
-// /**
-// * Sets the identificationType.
-// * @param identificationType The identificationType to set
-// */
-// public void setIdentificationType(String identificationType) {
-// this.identificationType = identificationType;
-// }
-//
-// /**
-// * Sets the issuer.
-// * @param issuer The issuer to set
-// */
-// public void setIssuer(String issuer) {
-// this.issuer = issuer;
-// }
-//
-// /**
-// * Sets the bkuURL
-// * @param url The BKU URL to set
-// */
-// public void setBkuURL(String url) {
-// this.bkuURL = url;
-// }
-//
-// public String getBPKType() {
-// return bPKType;
-// }
-//
-// public void setBPKType(String bPKType) {
-// this.bPKType = bPKType;
-// }
-//
-
-//
-//
-
-//
-//
-// public String getEIDASQAALevel() {
-// if (this.QAALevel != null &&
-// this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
-// String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel);
-// if (MiscUtil.isNotEmpty(mappedQAA))
-// return mappedQAA;
-//
-// else {
-// Logger.error("STORK QAA-level:" + this.QAALevel
-// + " can not be mapped to eIDAS QAA-level! Use "
-// + PVPConstants.EIDAS_QAA_LOW + " as default value.");
-// return PVPConstants.EIDAS_QAA_LOW;
-//
-// }
-//
-//
-// } else
-// return this.QAALevel;
-//
-// }
-//
-//
-// /**
-// * @return
-// */
-// public boolean isForeigner() {
-// return this.foreigner;
-// }
-//
-//
-// /**
-// * @param foreigner the foreigner to set
-// */
-// public void setForeigner(boolean foreigner) {
-// this.foreigner = foreigner;
-// }
-//
-//
-
-//
-// /**
-// * @return the ssoSession
-// */
-// public boolean isSsoSession() {
-// return ssoSession;
-// }
-//
-//
-// /**
-// * @param ssoSession the ssoSession to set
-// */
-// public void setSsoSession(boolean ssoSession) {
-// this.ssoSession = ssoSession;
-// }
-//
-// /**
-// * @return the mandateReferenceValue
-// */
-// public String getMandateReferenceValue() {
-// return mandateReferenceValue;
-// }
-//
-// /**
-// * @param mandateReferenceValue the mandateReferenceValue to set
-// */
-// public void setMandateReferenceValue(String mandateReferenceValue) {
-// this.mandateReferenceValue = mandateReferenceValue;
-// }
-//
-// /**
-// * CountryCode of the citizen which is identified and authenticated
-// *
-// * @return the CountryCode <pre>like. AT, SI, ...</pre>
-// */
-// public String getCcc() {
-// return ccc;
-// }
-//
-// /**
-// * @param ccc the ccc to set
-// */
-// public void setCcc(String ccc) {
-// this.ccc = ccc;
-// }
-//
-// /**
-// * @return the sessionIndex
-// */
-// public String getSessionIndex() {
-// return sessionIndex;
-// }
-//
-// /**
-// * @param sessionIndex the sessionIndex to set
-// */
-// public void setSessionIndex(String sessionIndex) {
-// this.sessionIndex = sessionIndex;
-// }
-//
-// /* (non-Javadoc)
-// * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID()
-// */
-// @Override
-// public String getNameID() {
-// return this.nameID;
-// }
-//
-// /**
-// * @param nameID the nameID to set
-// */
-// public void setNameID(String nameID) {
-// this.nameID = nameID;
-// }
-//
-// /**
-// * @return the nameIDFormat
-// */
-// public String getNameIDFormat() {
-// return nameIDFormat;
-// }
-//
-// /**
-// * @param nameIDFormat the nameIDFormat to set
-// */
-// public void setNameIDFormat(String nameIDFormat) {
-// this.nameIDFormat = nameIDFormat;
-// }
-//
-//// /**
-//// * @return the interfederatedSSOSession
-//// */
-//// public boolean isInterfederatedSSOSession() {
-//// return interfederatedSSOSession;
-//// }
-////
-//// /**
-//// * @param interfederatedSSOSession the interfederatedSSOSession to set
-//// */
-//// public void setInterfederatedSSOSession(boolean interfederatedSSOSession) {
-//// this.interfederatedSSOSession = interfederatedSSOSession;
-//// }
-////
-//// /**
-//// * @return the interfederatedIDP
-//// */
-//// public String getInterfederatedIDP() {
-//// return interfederatedIDP;
-//// }
-////
-//// /**
-//// * @param interfederatedIDP the interfederatedIDP to set
-//// */
-//// public void setInterfederatedIDP(String interfederatedIDP) {
-//// this.interfederatedIDP = interfederatedIDP;
-//// }
-//
-// /**
-// * @return the ssoSessionValidTo
-// */
-// public Date getSsoSessionValidTo() {
-// return ssoSessionValidTo;
-// }
-//
-// /**
-// * @param ssoSessionValidTo the ssoSessionValidTo to set
-// */
-// public void setSsoSessionValidTo(Date ssoSessionValidTo) {
-// this.ssoSessionValidTo = ssoSessionValidTo;
-// }
-//
-// /**
-// * @return the encbPKList
-// */
-// public List<String> getEncbPKList() {
-// return encbPKList;
-// }
-//
-// /**
-// * @param encbPKList the encbPKList to set
-// */
-// public void setEncbPKList(List<String> encbPKList) {
-// this.encbPKList = encbPKList;
-// }
-//
-// /**
-// * @return the roles
-// */
-// public List<AuthenticationRole> getAuthenticationRoles() {
-//// if (this.roles == null) {
-//// this.roles = new ArrayList<AuthenticationRole>();
-//// this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole"));
-//// this.roles.add(new AuthenticationRole("yypvprole", "yypvprole"));
-//// }
-//
-// return roles;
-// }
-//
-// //ISA 1.18 attributes
-// /**
-// * @param roles the roles to set
-// */
-// public void addAuthenticationRole(AuthenticationRole role) {
-// if (this.roles == null)
-// this.roles = new ArrayList<AuthenticationRole>();
-//
-// this.roles.add(role);
-// }
-//
-// /**
-// * @return the pvpAttribute_OU
-// */
-// public String getPvpAttribute_OU() {
-// return pvpAttribute_OU;
-// }
-//
-// /**
-// * @param pvpAttribute_OU the pvpAttribute_OU to set
-// */
-// public void setPvpAttribute_OU(String pvpAttribute_OU) {
-// this.pvpAttribute_OU = pvpAttribute_OU;
-// }
-//
-// /* (non-Javadoc)
-// * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService()
-// */
-// @Override
-// public boolean isBaseIDTransferRestrication() {
-// return isBaseIDTransferRestrication;
-// }
-//
-// /**
-// * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set
-// */
-// public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) {
-// this.isBaseIDTransferRestrication = isBaseIDTransferRestrication;
-// }
-//
-// /**
-// * Returns a generic data-object with is stored with a specific identifier
-// *
-// * @param key The specific identifier of the data object
-// * @param clazz The class type which is stored with this key
-// * @return The data object or null if no data is found with this key
-// */
-// public <T> T getGenericData(String key, final Class<T> clazz) {
-// if (MiscUtil.isNotEmpty(key)) {
-// Object data = genericDataStorate.get(key);
-//
-// if (data == null)
-// return null;
-//
-// try {
-// @SuppressWarnings("unchecked")
-// T test = (T) data;
-// return test;
-//
-// } catch (Exception e) {
-// Logger.warn("Generic authentication-data object can not be casted to requsted type", e);
-// return null;
-//
-// }
-//
-// }
-//
-// Logger.warn("Can not load generic session-data with key='null'");
-// return null;
-//
-// }
-//
-// /**
-// * Store a generic data-object to session with a specific identifier
-// *
-// * @param key Identifier for this data-object
-// * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
-// * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
-// */
-// public void setGenericData(String key, Object object) throws SessionDataStorageException {
-// if (MiscUtil.isEmpty(key)) {
-// Logger.warn("Generic session-data can not be stored with a 'null' key");
-// throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null);
-//
-// }
-//
-// if (object != null) {
-// if (!Serializable.class.isInstance(object)) {
-// Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface");
-// throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null);
-//
-// }
-// }
-//
-// if (genericDataStorate.containsKey(key))
-// Logger.debug("Overwrite generic data with key:" + key);
-// else
-// Logger.trace("Add generic data with key:" + key + " to session.");
-//
-// genericDataStorate.put(key, object);
-// }
+
+
+ public boolean isIseIDNewDemoMode() {
+ return iseIDNewDemoMode;
+ }
+
+ /**
+ * Set eID demo-mode into AuthData
+ * @param iseIDNewDemoMode true if it is in demo-mode, otherwise false
+ */
+ public void setIseIDNewDemoMode(boolean iseIDNewDemoMode) {
+ this.iseIDNewDemoMode = iseIDNewDemoMode;
+ }
+
+ public List<Pair<String, String>> getEncMandateNaturalPersonbPKList() {
+ if (this.encMandateNaturalPersonbPKList == null)
+ this.encMandateNaturalPersonbPKList = new ArrayList<Pair<String, String>>();
+
+ return this.encMandateNaturalPersonbPKList;
+
+ }
+
+ public void setEncMandateNaturalPersonbPKList(List<Pair<String, String>> encMandateNaturalPersonbPKList) {
+ this.encMandateNaturalPersonbPKList = encMandateNaturalPersonbPKList;
+ }
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index b5005d0c9..2b550f21e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -26,7 +26,6 @@ import java.util.Date;
import java.util.Map;
import java.util.Map.Entry;
-import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -59,6 +58,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.CookieUtils;
import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -329,12 +329,12 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
} else {
//check if IDP cookie is set
- String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION);
+ String cookie = CookieUtils.getValueFromCookie(httpReq, SSOINTERFEDERATION);
if (MiscUtil.isNotEmpty(cookie)) {
Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie);
moaReq.setRawDataToTransaction(DATAID_INTERFEDERATIOIDP_URL, cookie);
- deleteCookie(httpReq, httpResp, SSOINTERFEDERATION);
+ CookieUtils.deleteCookie(httpReq, httpResp, SSOINTERFEDERATION);
}
}
@@ -345,7 +345,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
}
public void setInterfederationIDPCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String value) {
- setCookie(httpReq, httpResp, SSOINTERFEDERATION, value, INTERFEDERATIONCOOKIEMAXAGE);
+ CookieUtils.setCookie(httpReq, httpResp, SSOINTERFEDERATION, value, INTERFEDERATIONCOOKIEMAXAGE);
}
@@ -443,7 +443,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
public String getSSOSessionID(HttpServletRequest httpReq) {
- return getValueFromCookie(httpReq, SSOCOOKIE);
+ return CookieUtils.getValueFromCookie(httpReq, SSOCOOKIE);
}
@@ -510,43 +510,43 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
private void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) {
- setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1);
+ CookieUtils.setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1);
}
private void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) {
- deleteCookie(httpReq, httpResp, SSOCOOKIE);
+ CookieUtils.deleteCookie(httpReq, httpResp, SSOCOOKIE);
}
- private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) {
- Cookie[] cookies = httpReq.getCookies();
-
- if (cookies != null) {
- for (Cookie cookie : cookies) {
- if (cookie.getName().equals(cookieName)) {
- return cookie.getValue();
- }
- }
- }
- return null;
- }
-
- private void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp,
- String cookieName, String cookieValue, int maxAge) {
-
- Cookie cookie = new Cookie(cookieName, cookieValue);
- cookie.setMaxAge(maxAge);
- cookie.setSecure(true);
- cookie.setHttpOnly(true);
- cookie.setPath(httpReq.getContextPath());
-
- httpResp.addCookie(cookie);
- }
-
- private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) {
- setCookie(httpReq, httpResp, cookieName, "", 0);
-
- }
+// private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) {
+// Cookie[] cookies = httpReq.getCookies();
+//
+// if (cookies != null) {
+// for (Cookie cookie : cookies) {
+// if (cookie.getName().equals(cookieName)) {
+// return cookie.getValue();
+// }
+// }
+// }
+// return null;
+// }
+//
+// private void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp,
+// String cookieName, String cookieValue, int maxAge) {
+//
+// Cookie cookie = new Cookie(cookieName, cookieValue);
+// cookie.setMaxAge(maxAge);
+// cookie.setSecure(true);
+// cookie.setHttpOnly(true);
+// cookie.setPath(httpReq.getContextPath());
+//
+// httpResp.addCookie(cookie);
+// }
+//
+// private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) {
+// setCookie(httpReq, httpResp, cookieName, "", 0);
+//
+// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java
new file mode 100644
index 000000000..c5a8d88b7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java
@@ -0,0 +1,56 @@
+
+package at.gv.egovernment.moa.id.protocols.builder.attributes;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+
+@PVPMETADATA
+public class BPKListAttributeBuilder extends BPKAttributeBuilder implements IPVPAttributeBuilder {
+
+ private static final Logger log = LoggerFactory.getLogger(BPKListAttributeBuilder.class);
+
+ public static final String DELIMITER_BPK_LIST = ";";
+ public static final String LIST_ELEMENT_START = "(";
+ public static final String LIST_ELEMENT_END = ")";
+
+ public String getName() {
+ return BPK_LIST_NAME;
+ }
+
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+ String result = LIST_ELEMENT_START + getBpkForSP(authData) + LIST_ELEMENT_END;
+
+ //add additional bPKs if someone are available
+ if (authData.getAdditionalbPKs() != null && !authData.getAdditionalbPKs().isEmpty()) {
+ log.info("Adding additional bPKs into bPK attribute");
+ for (Pair<String, String> el : authData.getAdditionalbPKs()) {
+ result += DELIMITER_BPK_LIST
+ + LIST_ELEMENT_START
+ + removeBpkTypePrefix(el.getSecond())
+ + DELIMITER_BPKTYPE_BPK
+ + attrMaxSize(el.getFirst())
+ + LIST_ELEMENT_END;
+
+ }
+ log.trace("Authenticate user with bPK-List: " + result);
+ }
+
+ log.trace("Authenticate user with bPK/wbPK: " + result);
+ return g.buildStringAttribute(BPK_LIST_FRIENDLY_NAME, BPK_LIST_NAME, result);
+ }
+
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(BPK_LIST_FRIENDLY_NAME, BPK_LIST_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
index 139bb15cc..a1a5825b3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
@@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
+@Deprecated
@PVPMETADATA
public class EIDAuthBlock implements IPVPAttributeBuilder {
@@ -49,6 +50,13 @@ public class EIDAuthBlock implements IPVPAttributeBuilder {
try {
if (authData instanceof IMOAAuthData) {
+
+ if (((IMOAAuthData)authData).isIseIDNewDemoMode()) {
+ Logger.info(EID_AUTH_BLOCK_FRIENDLY_NAME + " is NOT available in Austrian eID demo-mode");
+ throw new UnavailableAttributeException(EID_AUTH_BLOCK_NAME);
+
+ }
+
String authblock = ((IMOAAuthData)authData).getAuthBlock();
if (MiscUtil.isNotEmpty(authblock)) {
return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
index 44043ec40..bf7187e51 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
@@ -28,6 +28,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.logging.Logger;
@@ -35,6 +36,8 @@ import at.gv.egovernment.moa.logging.Logger;
@PVPMETADATA
public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
+ public static final String DELIMITER_ENCBPK_TARGET = "|";
+
public String getName() {
return ENC_BPK_LIST_NAME;
}
@@ -45,12 +48,22 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
if (authData instanceof IMOAAuthData) {
if (((IMOAAuthData)authData).getEncbPKList() != null &&
((IMOAAuthData)authData).getEncbPKList().size() > 0) {
- String value = ((IMOAAuthData)authData).getEncbPKList().get(0);
- for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++)
- value += ";"+((IMOAAuthData)authData).getEncbPKList().get(i);
+ Pair<String, String> value = ((IMOAAuthData)authData).getEncbPKList().get(0);
+ String result = BPKListAttributeBuilder.LIST_ELEMENT_START
+ + value.getSecond() + DELIMITER_ENCBPK_TARGET + value.getFirst()
+ + BPKListAttributeBuilder.LIST_ELEMENT_END;
+
+ for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++) {
+ Pair<String, String> el = ((IMOAAuthData)authData).getEncbPKList().get(i);
+ result += BPKListAttributeBuilder.DELIMITER_BPK_LIST
+ + BPKListAttributeBuilder.LIST_ELEMENT_START
+ + el.getSecond() + DELIMITER_ENCBPK_TARGET + el.getFirst()
+ + BPKListAttributeBuilder.LIST_ELEMENT_END;
+
+ }
return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME,
- value);
+ result);
}
@@ -59,16 +72,6 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
throw new UnavailableAttributeException(ENC_BPK_LIST_NAME);
-// String encbpk = "XXX01234567890XXX";
-// String type = "Bereich";
-// String vkz = "Verfahrenskennzeichen";
-//
-// //TODO: implement encrypted bPK support
-//
-// Logger.trace("Authenticate user with encrypted bPK " + vkz + "+" + type + "|" + encbpk);
-//
-// return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME,
-// vkz + "+" + type + "|" + encbpk);
}
public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
index a40c0fefb..fb101467a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -48,8 +48,16 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if (authData instanceof IMOAAuthData) {
+ if (authData instanceof IMOAAuthData) {
if (((IMOAAuthData)authData).isUseMandate()) {
+
+ if (((IMOAAuthData)authData).isIseIDNewDemoMode()) {
+ Logger.info(MANDATE_FULL_MANDATE_FRIENDLY_NAME + " is NOT available in Austrian eID demo-mode");
+ return null;
+
+ }
+
+
//only provide full mandate if it is included.
//In case of federation only a short mandate could be include
if (((IMOAAuthData)authData).getMandate() != null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index f67f79dcf..4d41cc19b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -22,11 +22,13 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.builder.attributes;
+import org.apache.commons.lang3.StringUtils;
import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
@@ -36,9 +38,9 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
@@ -57,42 +59,10 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
try {
- Pair<String, String> calcResult = internalBPKGenerator((IOAAuthParameters)oaParam, authData);
- if (calcResult != null) {
- String bpk = calcResult.getFirst();
- String type = calcResult.getSecond();
-
- if (MiscUtil.isEmpty(bpk))
- throw new UnavailableAttributeException(BPK_NAME);
-
- if (type != null) {
- if (type.startsWith(Constants.URN_PREFIX_WBPK))
- type = type.substring((Constants.URN_PREFIX_WBPK + "+").length());
-
- else if (type.startsWith(Constants.URN_PREFIX_CDID))
- type = type.substring((Constants.URN_PREFIX_CDID + "+").length());
-
- else if (type.startsWith(Constants.URN_PREFIX_EIDAS))
- type = type.substring((Constants.URN_PREFIX_EIDAS + "+").length());
-
- } else {
- Logger.debug("bPK type is 'null' --> use it as it is");
-
- }
-
- if (bpk.length() > BPK_MAX_LENGTH) {
- bpk = bpk.substring(0, BPK_MAX_LENGTH);
- }
-
- Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type);
-
- if (type != null)
- return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, type + ":" + bpk);
- else
- return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, bpk);
-
- }
-
+ String bPKResult = getBpkAttributeStringForSP(oaParam, authData);
+ if (StringUtils.isNoneEmpty(bPKResult))
+ return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, bPKResult);
+
}
catch (BuildException | ConfigurationException | EAAFBuilderException e) {
Logger.error("Failed to generate IdentificationType");
@@ -103,12 +73,109 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
return null;
}
-
+
public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME);
}
- protected Pair<String, String> internalBPKGenerator(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException {
+ protected Pair<String, String> getBpkForSp(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException {
+ Pair<String, String> baseId = getBaseIdFromMandate(oaParam, authData);
+ Pair<String, String> bPKResult = null;
+
+ if (baseId != null) {
+ if (baseId.getSecond() != null && baseId.getSecond().equals(Constants.URN_PREFIX_BASEID))
+ bPKResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(baseId.getFirst(),
+ oaParam.getAreaSpecificTargetIdentifier());
+ else {
+ Logger.debug("No BaseId target in mandate. Use it as it is ... ");
+ bPKResult = Pair.newInstance(baseId.getFirst(), null);
+
+ }
+ }
+
+ return bPKResult;
+
+ }
+
+
+ /**
+ * Generate the bPK String for this specific SP
+ *
+ * @param oaParam
+ * @param authData
+ * @return
+ * @throws UnavailableAttributeException
+ * @throws EAAFBuilderException
+ * @throws ConfigurationException
+ * @throws BuildException
+ * @throws NoMandateDataAttributeException
+ */
+ protected String getBpkAttributeStringForSP(ISPConfiguration oaParam, IAuthData authData) throws UnavailableAttributeException, EAAFBuilderException, NoMandateDataAttributeException, BuildException, ConfigurationException {
+ Pair<String, String> bPKResult = getBpkForSp(oaParam, authData);
+ if (bPKResult != null) {
+ String bpk = bPKResult.getFirst();
+ String type = bPKResult.getSecond();
+
+ if (MiscUtil.isEmpty(bpk))
+ throw new UnavailableAttributeException(BPK_NAME);
+
+ if (type != null)
+ type = removeBpkTypePrefix(type);
+ else
+ Logger.debug("bPK type is 'null' --> use it as it is");
+
+ bpk = attrMaxSize(bpk);
+
+ Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type);
+
+ if (type != null)
+ return type + BPKAttributeBuilder.DELIMITER_BPKTYPE_BPK + bpk;
+ else
+ return bpk;
+
+ }
+
+ return null;
+
+ }
+
+
+ /**
+ * Limit the attribute value to maximum size
+ *
+ * @param attr
+ * @return
+ */
+ protected String attrMaxSize(String attr) {
+ if (attr != null && attr.length() > BPK_MAX_LENGTH) {
+ attr = attr.substring(0, BPK_MAX_LENGTH);
+ }
+ return attr;
+
+ }
+
+ /**
+ * Remove bPKType prefix if available
+ *
+ * @param type
+ * @return
+ */
+ protected String removeBpkTypePrefix(String type) {
+ if (type.startsWith(EAAFConstants.URN_PREFIX_WBPK))
+ return type.substring((EAAFConstants.URN_PREFIX_WBPK).length());
+
+ else if (type.startsWith(EAAFConstants.URN_PREFIX_CDID))
+ return type.substring((EAAFConstants.URN_PREFIX_CDID).length());
+
+ else if (type.startsWith(EAAFConstants.URN_PREFIX_EIDAS))
+ return type.substring((EAAFConstants.URN_PREFIX_EIDAS).length());
+
+ else
+ return type;
+
+ }
+
+ protected Pair<String, String> getBaseIdFromMandate(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException {
//get PVP attribute directly, if exists
Pair<String, String> calcResult = null;
if (authData instanceof IMOAAuthData) {
@@ -136,13 +203,8 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
Logger.info("Failed to generate IdentificationType");
throw new NoMandateDataAttributeException();
}
-
-
- if (id.getType().equals(Constants.URN_PREFIX_BASEID))
- calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(),
- oaParam.getAreaSpecificTargetIdentifier());
- else
- calcResult = Pair.newInstance(id.getValue().getValue(), id.getType());
+
+ calcResult = Pair.newInstance(id.getValue().getValue(), id.getType());
} else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java
new file mode 100644
index 000000000..fd00e2f61
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java
@@ -0,0 +1,83 @@
+
+package at.gv.egovernment.moa.id.protocols.builder.attributes;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+@PVPMETADATA
+public class MandateNaturalPersonBPKListAttributeBuilder extends MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_NAT_PER_BPK_LIST_NAME;
+ }
+
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+
+ try {
+ String result = getBpkAttributeStringForSP(oaParam, authData);
+
+ if (result != null) {
+ result = BPKListAttributeBuilder.LIST_ELEMENT_START + result + BPKListAttributeBuilder.LIST_ELEMENT_END;
+
+ //add additional bPKs if someone are available
+ if (authData.getAdditionalbPKs() != null && !authData.getAdditionalbPKs().isEmpty()) {
+ Logger.info("Additional bPKs available. Calculate additional bPKs for mandate ... ");
+ Pair<String, String> baseId = getBaseIdFromMandate(oaParam, authData);
+ if (baseId != null && StringUtils.isNotEmpty(baseId.getSecond())
+ && baseId.getSecond().equals(Constants.URN_PREFIX_BASEID)) {
+ for (Pair<String, String> el : authData.getAdditionalbPKs()) {
+
+ Pair<String, String> addBpk =
+ new BPKBuilder().generateAreaSpecificPersonIdentifier(
+ baseId.getFirst(),
+ el.getSecond());
+
+ Logger.trace("Calculate bPK with " + addBpk.toString());
+
+ result += BPKListAttributeBuilder.DELIMITER_BPK_LIST
+ + BPKListAttributeBuilder.LIST_ELEMENT_START
+ + removeBpkTypePrefix(addBpk.getSecond())
+ + BPKAttributeBuilder.DELIMITER_BPKTYPE_BPK
+ + attrMaxSize(addBpk.getFirst())
+ + BPKListAttributeBuilder.LIST_ELEMENT_END;
+
+ }
+ }
+ }
+
+ Logger.trace("Authenticate user with List of bPK/wbPK: " + result + " for mandate");
+ return g.buildStringAttribute(MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_LIST_NAME, result);
+
+ }
+
+ return null;
+
+ } catch (BuildException | ConfigurationException | EAAFBuilderException e) {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAttributeException();
+
+ }
+
+ }
+
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_LIST_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java
new file mode 100644
index 000000000..220ccd94e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java
@@ -0,0 +1,62 @@
+
+package at.gv.egovernment.moa.id.protocols.builder.attributes;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.logging.Logger;
+
+@PVPMETADATA
+public class MandateNaturalPersonEncBPKListAttributeBuilder implements IPVPAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_NAT_PER_ENC_BPK_LIST_NAME;
+ }
+
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+
+ if (authData instanceof IMOAAuthData) {
+ if (((IMOAAuthData) authData).isUseMandate()) {
+ if (((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList() != null &&
+ ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().size() > 0) {
+ Pair<String, String> value = ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().get(0);
+ String result = BPKListAttributeBuilder.LIST_ELEMENT_START
+ + value.getSecond() + EncryptedBPKAttributeBuilder.DELIMITER_ENCBPK_TARGET + value.getFirst()
+ + BPKListAttributeBuilder.LIST_ELEMENT_END;
+
+ for (int i=1; i<((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().size(); i++) {
+ Pair<String, String> el = ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().get(i);
+ result += BPKListAttributeBuilder.DELIMITER_BPK_LIST
+ + BPKListAttributeBuilder.LIST_ELEMENT_START
+ + el.getSecond() + EncryptedBPKAttributeBuilder.DELIMITER_ENCBPK_TARGET + el.getFirst()
+ + BPKListAttributeBuilder.LIST_ELEMENT_END;
+
+ }
+
+ return g.buildStringAttribute(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_ENC_BPK_LIST_NAME,
+ result);
+
+ }
+
+ } else
+ Logger.trace(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME + " is only availabe if mandates are used");
+
+ } else
+ Logger.info(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME + " is only available in MOA-ID context");
+
+ throw new UnavailableAttributeException(MANDATE_NAT_PER_ENC_BPK_LIST_NAME);
+
+ }
+
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_ENC_BPK_LIST_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
index 32b45a595..88648b56e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
@@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.No
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
+@Deprecated
@PVPMETADATA
public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttributeBuilder {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
index 90a0d61c9..223994e6e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
@@ -38,6 +38,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.No
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
+@Deprecated
@PVPMETADATA
public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAttributeBuilder {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java
new file mode 100644
index 000000000..5daa71b1f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.builder.attributes;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SimpleStringAttributeGenerator implements IAttributeGenerator<String> {
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildStringAttribute(java.lang.String, java.lang.String, java.lang.String)
+ */
+ @Override
+ public String buildStringAttribute(String friendlyName, String name, String value) {
+ return value;
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildIntegerAttribute(java.lang.String, java.lang.String, int)
+ */
+ @Override
+ public String buildIntegerAttribute(String friendlyName, String name, int value) {
+ return String.valueOf(value);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildLongAttribute(java.lang.String, java.lang.String, long)
+ */
+ @Override
+ public String buildLongAttribute(String friendlyName, String name, long value) {
+ return String.valueOf(value);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildEmptyAttribute(java.lang.String, java.lang.String)
+ */
+ @Override
+ public String buildEmptyAttribute(String friendlyName, String name) {
+ return null;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 1fa17c683..4fc37d88f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -145,7 +145,9 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider {
try {
//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
- PVPConstants.SSLSOCKETFACTORYNAME,
+ PVPConstants.SSLSOCKETFACTORYNAME,
+ moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
moaAuthConfig.getTrustedCACertificates(),
null,
AuthConfiguration.DEFAULT_X509_CHAININGMODE,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
index d7ada1f36..bd908f894 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
@@ -75,7 +75,9 @@ public class MOASAMLSOAPClient {
//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
SecureProtocolSocketFactory sslprotocolsocketfactory =
new MOAHttpProtocolSocketFactory(
- PVPConstants.SSLSOCKETFACTORYNAME,
+ PVPConstants.SSLSOCKETFACTORYNAME,
+ AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(),
null,
AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(),
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
index 8d36e81bb..df43316ca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
@@ -36,7 +36,7 @@ import org.springframework.dao.DataAccessException;
import org.springframework.data.redis.core.RedisOperations;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.core.SessionCallback;
-import org.springframework.data.redis.serializer.JacksonJsonRedisSerializer;
+import org.springframework.data.redis.serializer.RedisSerializer;
import org.springframework.stereotype.Service;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
@@ -58,7 +58,7 @@ public class RedisTransactionStorage implements ITransactionStorage {
protected AuthConfiguration authConfig;
@Autowired
- private JacksonJsonRedisSerializer assertionStoreSerializer;
+ private RedisSerializer<AssertionStore> assertionStoreSerializer;
public RedisTemplate<String, Object> getTemplate(){
return this.redisTemplate;
@@ -69,10 +69,11 @@ public class RedisTransactionStorage implements ITransactionStorage {
}
public boolean containsKey(String key) {
+
try {
searchInDatabase(key);
return true;
-
+
} catch (MOADatabaseException e) {
return false;
}
@@ -371,7 +372,7 @@ public void putRaw(String key, Object element) throws EAAFException {
+ " found. Process gets stopped.");
}
- redisTemplate.opsForValue().set(as.getArtifact(), new String(assertionStoreSerializer.serialize(element)),expTime,TimeUnit.MILLISECONDS);
+ redisTemplate.opsForValue().set(as.getArtifact(), new String(assertionStoreSerializer.serialize(as)),expTime,TimeUnit.MILLISECONDS);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java
new file mode 100644
index 000000000..21cbd574f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java
@@ -0,0 +1,37 @@
+package at.gv.egovernment.moa.id.util;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public class CookieUtils {
+ public static String getValueFromCookie(HttpServletRequest httpReq, String cookieName) {
+ Cookie[] cookies = httpReq.getCookies();
+
+ if (cookies != null) {
+ for (Cookie cookie : cookies) {
+ if (cookie.getName().equals(cookieName)) {
+ return cookie.getValue();
+ }
+ }
+ }
+ return null;
+ }
+
+ public static void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp,
+ String cookieName, String cookieValue, int maxAge) {
+
+ Cookie cookie = new Cookie(cookieName, cookieValue);
+ cookie.setMaxAge(maxAge);
+ cookie.setSecure(true);
+ cookie.setHttpOnly(true);
+ cookie.setPath(httpReq.getContextPath());
+
+ httpResp.addCookie(cookie);
+ }
+
+ public static void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) {
+ setCookie(httpReq, httpResp, cookieName, "", 0);
+
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index 611dff3b1..6bf44a527 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -61,6 +61,7 @@ import javax.net.ssl.SSLSocketFactory;
import org.apache.regexp.RE;
import org.apache.regexp.RESyntaxException;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider;
import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -93,6 +94,10 @@ public class SSLUtils {
ConfigurationProvider conf, String url )
throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
+ boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE,
+ false);
+
// else create new SSLSocketFactory
String trustStoreURL = conf.getTrustedCACertificates();
@@ -107,6 +112,7 @@ public class SSLUtils {
try {
SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
url,
+ useStandardJavaTrustStore,
null,
trustStoreURL,
acceptedServerCertURL,
@@ -148,6 +154,10 @@ public class SSLUtils {
ConnectionParameterInterface connParam)
throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
+ boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE,
+ false);
+
// else create new SSLSocketFactory
String trustStoreURL = conf.getTrustedCACertificates();
@@ -162,6 +172,7 @@ public class SSLUtils {
try {
SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
connParam.getUrl(),
+ useStandardJavaTrustStore,
null,
trustStoreURL,
acceptedServerCertURL,