4 files changed, 137 insertions, 2 deletions

diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthConstants.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthConstants.java
index b057ecaf8..7fcabca1e 100644
--- a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthConstants.java
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthConstants.java
@@ -38,13 +38,14 @@ public class EIDProxyAuthConstants {
 
 	public static final String MODULE_NAME_FOR_LOGGING = "E-ID proxy authentication";
 	
-	public static final int METADATA_VALIDUNTIL_IN_HOURS = 24; 
+	public static final int METADATA_VALIDUNTIL_IN_HOURS = 24 * 365 * 10; 
 	
 	public static final String HTTP_PARAM_EIDPROXY_AUTH_SELECTION = "forwardToEID";
 	
 	public static final String ENDPOINT_POST = "/sp/eid/post";
 	public static final String ENDPOINT_REDIRECT = "/sp/eid/redirect";
 	public static final String ENDPOINT_METADATA = "/sp/eid/metadata";
+	public static final String ENDPOINT_APPREG_INFO = "/eid/getappregid";
 
 	public static final String CONFIG_PROPS_PREFIX = "modules.eidproxyauth.";	
 	public static final String CONFIG_PROPS_KEYSTORE = CONFIG_PROPS_PREFIX + "keystore.path";
@@ -61,6 +62,9 @@ public class EIDProxyAuthConstants {
 	public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX + "required.additional.attributes";
 	public static final String CONFIG_PROPS_DISABLE_PROCESS_ENFORCEMENT = CONFIG_PROPS_PREFIX + "enforce.process.disabled";
 	
+	public static final String CONFIG_PROPS_ENABLE_APPREG_IDENTIFIER_GENERATION_ENDPOINT = 
+			CONFIG_PROPS_PREFIX + "endpoint.appreginfo.enable";
+	
 	public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EAAFConstants.EIDAS_LOA_HIGH;	
 	public static final List<Trible<String, String, Boolean>> DEFAULT_REQUIRED_PVP_ATTRIBUTES = 
 			Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EidAppRegIdentifierGenerationController.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EidAppRegIdentifierGenerationController.java
new file mode 100644
index 000000000..091feb7fc
--- /dev/null
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EidAppRegIdentifierGenerationController.java
@@ -0,0 +1,113 @@
+package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.controller;
+
+import java.io.IOException;
+import java.net.URL;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.Utils;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+@Controller
+public class EidAppRegIdentifierGenerationController extends AbstractController {
+	
+	private static final String GUI_TEMPLATE_APPREG_ID = "appreg_id_generator.html";
+	
+	@Autowired IGUIFormBuilder guiBuilder;
+	
+	
+	@RequestMapping(value = EIDProxyAuthConstants.ENDPOINT_APPREG_INFO, 
+			method = {RequestMethod.GET})
+	public void getAppRegSpId(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException {
+		if (!authConfig.getBasicConfigurationBoolean(
+				EIDProxyAuthConstants.CONFIG_PROPS_ENABLE_APPREG_IDENTIFIER_GENERATION_ENDPOINT, true)) {
+			Logger.info("Endpoint: " + EIDProxyAuthConstants.ENDPOINT_APPREG_INFO + " DISABLED!");
+			resp.setStatus(HttpStatus.FORBIDDEN.value());
+			return;
+			
+		}
+		
+		String authUrl;
+		DefaultGUIFormBuilderConfiguration config;
+		try {
+			String authUrlString = HTTPUtils.extractAuthURLFromRequest(req);
+			URL authReqURL = new URL(authUrlString);
+			authUrl = authConfig.validateIDPURL(authReqURL);	
+			config = new DefaultGUIFormBuilderConfiguration(
+					authUrl, 
+					GUI_TEMPLATE_APPREG_ID, 
+					null);
+			
+		} catch (Exception e) {	
+			Logger.warn("Bad request on: " + EIDProxyAuthConstants.ENDPOINT_APPREG_INFO, e);
+			resp.setStatus(HttpStatus.BAD_REQUEST.value());
+			resp.getWriter().write(e.getMessage());
+			return;			
+			
+		}
+		
+		
+		try {
+			String oaURL = req.getParameter(MOAIDAuthConstants.PARAM_OA);
+			if (MiscUtil.isEmpty(oaURL)) {
+				Logger.info("Receive OA parameter in SAML1 like request. Can not generate AppReg Identifier");
+				throw new WrongParametersException(EIDProxyAuthConstants.ENDPOINT_APPREG_INFO, MOAIDAuthConstants.PARAM_OA,
+						"auth.12");
+				
+			}
+			
+			if (!ParamValidatorUtils.isValidOA(oaURL))
+				throw new WrongParametersException(EIDProxyAuthConstants.ENDPOINT_APPREG_INFO, MOAIDAuthConstants.PARAM_OA,
+						"auth.12");
+			
+			IOAAuthParameters oaParam = authConfig.getServiceProviderConfiguration(oaURL, IOAAuthParameters.class);			
+			if (oaParam == null) {
+				Logger.info("No configuration for application with ID: " + oaURL);
+				throw new InvalidProtocolRequestException("auth.00",new Object[] { null });
+			
+			}
+			
+			String appRegId = Utils.getEidSystemApplicationId(oaParam, authUrl);					
+			config.putCustomParameterWithOutEscaption(null, "appregId", appRegId);			
+			guiBuilder.build(req, resp, config, "AppReg Id generation GUI");
+						
+			
+		} catch (Exception e) {
+			Logger.warn("Can not build AppReg Identifier", e);			
+			config.putCustomParameterWithOutEscaption(null, "error", e.getMessage());			
+			try {
+				guiBuilder.build(req, resp, config, "AppReg Id generation GUI");
+				
+			} catch (GUIBuildException e1) {
+				Logger.error("Internal server error", e);
+				resp.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
+				
+			}
+						
+		}
+		
+		
+	}
+	
+	
+}
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/CreateAuthnRequestTask.java
index 38a7c4add..177103051 100644
--- a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/CreateAuthnRequestTask.java
@@ -112,7 +112,8 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			authnReqConfig.setPassive(false);
 			authnReqConfig.setSignCred(credential.getIDPAssertionSigningCredential());
 			authnReqConfig.setSPEntityID(pendingReq.getAuthURL() + EIDProxyAuthConstants.ENDPOINT_METADATA);						
-			authnReqConfig.setScopeRequesterId(pendingReq.getServiceProviderConfiguration().getUniqueIdentifier());
+			authnReqConfig.setScopeRequesterId(
+					Utils.getEidSystemApplicationId(pendingReq.getServiceProviderConfiguration(), pendingReq.getAuthURL()));
 					
 			//build and transmit AuthnRequest
 			authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response);
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/Utils.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/Utils.java
index cd578d373..0de1a9df2 100644
--- a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/Utils.java
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/Utils.java
@@ -14,6 +14,23 @@ import at.gv.egovernment.moa.logging.Logger;
 
 public class Utils {
 
+	public static final String PARAM_APPREG_SP_ID = "?sp=";
+	
+	public static String getEidSystemApplicationId(ISPConfiguration spConfiguration, String authUrl) {
+		StringBuilder builder = new StringBuilder();
+		if (authUrl.endsWith("/")) {
+			builder.append(authUrl.substring(0, authUrl.length() - 1));
+			
+		} else {
+			builder.append(authUrl);
+			
+		}		
+		builder.append(PARAM_APPREG_SP_ID);
+		builder.append(spConfiguration.getUniqueIdentifier());		
+		return builder.toString();
+		
+	}
+	
 	public static String getEIDSystemEntityId(ISPConfiguration spConfiguration, IConfiguration authConfig) {
 		//load from service-provider configuration
 		String msNodeEntityID = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_EID_SYSTEM_SERVICE_URL);