diff options
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas')
3 files changed, 126 insertions, 24 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java index d1ad4b665..d3aa7b4a0 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java @@ -26,7 +26,6 @@ package at.gv.egovernment.moa.id.auth.modules.eidas; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; - import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IRequestStorage; import at.gv.egiz.eaaf.core.api.data.EAAFConstants; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java index 71b7b927e..7cd276043 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java @@ -1,24 +1,43 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; +import java.util.Map; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egiz.eid4u.api.attributes.natural.IdType; +import at.gv.egiz.eid4u.api.attributes.natural.MaritalState; +import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthAction; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; import at.gv.egovernment.moa.logging.Logger; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.Builder; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; @Component("CollectAddtionalAttributesTask") public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { + @Autowired private OAuth20AuthAction openIDAuthAction; + @Autowired private ITransactionStorage transactionStorage; + @Autowired private AuthenticationDataBuilder authDataBuilder; + @Override - public void execute(ExecutionContext arg0, HttpServletRequest arg1, HttpServletResponse arg2) + public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp) throws TaskExecutionException { try{ if (pendingReq instanceof EIDASData) { @@ -29,7 +48,7 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { Builder reqEid4uAttrListBuilder = ImmutableAttributeMap.builder(); ImmutableAttributeMap reqAttrList = eidasReq.getEidasRequestedAttributes(); for (String el : Definitions.EID4UATTRIBUTEELIST) { - if(reqAttrList.getAttributeValuesByNameUri(el) == null) { + if(reqAttrList.getAttributeValuesByNameUri(el) != null) { Logger.debug("Find eID4U attr: " + el); reqEid4uAttrListBuilder.put(reqAttrList.getDefinitionByNameUri(el)); @@ -40,8 +59,46 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { ImmutableAttributeMap reqEid4uAttrList = reqEid4uAttrListBuilder.build(); if (reqEid4uAttrList != null && reqEid4uAttrList.size() > 0) { Logger.info("Starting eID4U attribute collection process ... "); - //TODO: implement collection process + + //generate scope from attributes + + + //load connection parameters to TUG + String uniqueID = null; + + + /* + *build openID and set connect token + */ + + //generate fake OpenID_Connect request + OAuth20AuthRequest fakeOpenIDReq = new OAuth20AuthRequest(); + fakeOpenIDReq.setOnlineApplicationConfiguration(authConfig.getServiceProviderConfiguration(uniqueID)); + fakeOpenIDReq.setScope("openId profile"); + + //populate with SessionData + fakeOpenIDReq.setRawDataToTransaction( + pendingReq.getSessionData(AuthenticationSessionWrapper.class) + .getKeyValueRepresentationFromAuthSession()); + + //generate authData + IAuthData authData = authDataBuilder.buildAuthenticationData(fakeOpenIDReq); + + //generate OpenIDConenct token + String accessToken = Random.nextHexRandom32(); + OAuth20SessionObject o = new OAuth20SessionObject(); + o.setScope(fakeOpenIDReq.getScope()); + o.setCode(accessToken); + Map<String, Object> idToken = openIDAuthAction.generateIDToken(o, fakeOpenIDReq, authData, accessToken); + o.setAuthDataSession(idToken); + transactionStorage.put(accessToken, o, -1); + + //forward to TUG + + + //TODO: implement collection process + populateEid4uDummyAttributes(); } else @@ -58,4 +115,49 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { } + private void populateEid4uDummyAttributes() { + try { + eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress.Builder dummyAddr = PostalAddress.builder(); + dummyAddr.postCode("8020"); + dummyAddr.postName("Graz"); + dummyAddr.addressId("25"); + dummyAddr.cvAddressArea("Mustergasse"); + dummyAddr.locatorDesignator("25"); + dummyAddr.thoroughfare("Mustergasse"); + + AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + session.setGenericDataToSession(Definitions.IDTYPE_NAME, IdType.PASSPORT); + session.setGenericDataToSession(Definitions.IDNUMBER_NAME, "P0571414"); + session.setGenericDataToSession(Definitions.IDISSUER_NAME, "Magistrat Nirgendwo"); + session.setGenericDataToSession(Definitions.IDEXPIREDATE_NAME, "2020-01-01"); + session.setGenericDataToSession(Definitions.EHICID_NAME, "80010000012345678990"); + session.setGenericDataToSession(Definitions.NATIONALITY_NAME, "AT"); + session.setGenericDataToSession(Definitions.CITIZENSHIP_FRIENDLYNAME, "AT"); + session.setGenericDataToSession(Definitions.MARITALSTATE_NAME, MaritalState.SINGLE); + session.setGenericDataToSession(Definitions.COUNTRYOFBIRTH_NAME, "AT"); + session.setGenericDataToSession(Definitions.EMAIL_NAME, "max.mustermann@domain.at"); + session.setGenericDataToSession(Definitions.PHONE_NAME, "+43666111222444"); + session.setGenericDataToSession(Definitions.TEMPORARYADDRESS_NAME, dummyAddr.build()); + session.setGenericDataToSession(Definitions.TAXIDENTIFICATIONNUMBER_NAME, "AT/1213454654718"); + session.setGenericDataToSession(Definitions.HOMEINSTITUTIONNAME_NAME, "Graz Technical University"); + session.setGenericDataToSession(Definitions.HOMEINSTITUTIONIDENTIFIER_NAME, "A GRAZ02"); + session.setGenericDataToSession(Definitions.HOMEINSTITUTIONCOUNTRY_NAME, "AT"); + session.setGenericDataToSession(Definitions.HOMEINSTITUTIONADDRESS_NAME, dummyAddr.build()); + session.setGenericDataToSession(Definitions.CURRENTLEVELOFSTUDY_NAME, "7"); + session.setGenericDataToSession(Definitions.FIELDOFSTUDY_NAME, "52"); + session.setGenericDataToSession(Definitions.CURRENTDEGREE_NAME, "MsC"); + session.setGenericDataToSession(Definitions.DEGREE_NAME, "6"); + session.setGenericDataToSession(Definitions.DEGREEAWARDINGINSTITUTION_NAME, "Graz Technical University"); + session.setGenericDataToSession(Definitions.GRADUATIONYEAR_NAME, "2016"); + session.setGenericDataToSession(Definitions.DEGREECOUNTRY_NAME, "AT"); + + //TODO: not all attributes are populated with dummy values + + } catch (EAAFStorageException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + } + } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java index 1e5609e4e..44a313885 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java @@ -69,12 +69,11 @@ import org.opensaml.xml.security.credential.UsageType; import org.opensaml.xml.security.keyinfo.KeyInfoGenerator; import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory; import org.opensaml.xml.signature.KeyInfo; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import com.google.common.collect.ImmutableSortedSet; import com.google.common.collect.Ordering; +import at.gv.egovernment.moa.logging.Logger; import eu.eidas.auth.commons.EIDASUtil; import eu.eidas.auth.commons.EidasStringUtil; import eu.eidas.auth.commons.attribute.AttributeDefinition; @@ -108,7 +107,6 @@ import eu.eidas.util.Preconditions; * */ public class NewMoaEidasMetadata { - private static final Logger LOGGER = LoggerFactory.getLogger(EidasMetadata.class.getName()); private final String metadata; private final String entityId; private static final Set<String> DEFAULT_BINDING = new HashSet() { @@ -180,7 +178,7 @@ public class NewMoaEidasMetadata { dm.setAlgorithm(digestMethod); eidasExtensions.getUnknownXMLObjects().add(dm); } else { - NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding DigestMethod extension"); + Logger.info("BUSINESS EXCEPTION error adding DigestMethod extension"); } } } @@ -197,7 +195,7 @@ public class NewMoaEidasMetadata { spTypeObj.setSPType(this.params.getSpType()); eidasExtensions.getUnknownXMLObjects().add(spTypeObj); } else { - NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding SPType extension"); + Logger.info("BUSINESS EXCEPTION error adding SPType extension"); } } generateDigest(eidasExtensions); @@ -212,7 +210,7 @@ public class NewMoaEidasMetadata { sm.setAlgorithm(signMethod); eidasExtensions.getUnknownXMLObjects().add(sm); } else { - NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding SigningMethod extension"); + Logger.info("BUSINESS EXCEPTION error adding SigningMethod extension"); } } } @@ -378,9 +376,12 @@ public class NewMoaEidasMetadata { new ImmutableSortedSet.Builder<>(Ordering.<AttributeDefinition<?>>natural()); for (String attr : eIDASAttributeBuilder.getAllProvideableeIDASAttributes()) { - NewMoaEidasMetadata.LOGGER.trace("Build metadata-attr: " + attr); + Logger.trace("Build metadata-attr: " + attr); AttributeDefinition<?> supAttr = params.getIdpEngine().getProtocolProcessor().getAttributeDefinitionNullable(attr); - builder.add(supAttr); + if (supAttr == null) + Logger.warn("Suspect eIDAS attribute definition: " + attr); + else + builder.add(supAttr); } return builder.build(); @@ -445,11 +446,11 @@ public class NewMoaEidasMetadata { url.setURL(new LocalizedString(this.params.getOrganization().getUrl(), "en")); organization.getURLs().add(url); } catch (IllegalAccessException iae) { - NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", iae.getMessage()); - NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", iae); + Logger.info("ERROR : error generating the OrganizationData: " + iae.getMessage()); + Logger.warn("ERROR : error generating the OrganizationData:", iae); } catch (NoSuchFieldException nfe) { - NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", nfe.getMessage()); - NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", nfe); + Logger.info("ERROR : error generating the OrganizationData: " + nfe.getMessage()); + Logger.warn("ERROR : error generating the OrganizationData:", nfe); } } return organization; @@ -464,11 +465,11 @@ public class NewMoaEidasMetadata { else if (contactType == ContactPersonTypeEnumeration.TECHNICAL) currentContact = this.params.getTechnicalContact(); else { - NewMoaEidasMetadata.LOGGER.error("ERROR: unsupported contact type"); + Logger.error("ERROR: unsupported contact type"); } contact = (ContactPerson) BuilderFactoryUtil.buildXmlObject(ContactPerson.class); if (currentContact == null) { - NewMoaEidasMetadata.LOGGER.error("ERROR: cannot retrieve contact from the configuration"); + Logger.error("ERROR: cannot retrieve contact from the configuration"); return contact; } @@ -487,11 +488,11 @@ public class NewMoaEidasMetadata { populateContact(contact, currentContact, emailAddressObj, company, givenName, surName, phoneNumber); } catch (IllegalAccessException iae) { - NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", iae.getMessage()); - NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", iae); + Logger.info("ERROR : error generating the OrganizationData: " + iae.getMessage()); + Logger.warn("ERROR : error generating the OrganizationData: ", iae); } catch (NoSuchFieldException nfe) { - NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", nfe.getMessage()); - NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", nfe); + Logger.info("ERROR : error generating the OrganizationData: " + nfe.getMessage()); + Logger.warn("ERROR : error generating the OrganizationData: ", nfe); } return contact; } @@ -547,8 +548,8 @@ public class NewMoaEidasMetadata { } return EidasStringUtil.toString(OpenSamlHelper.marshall(entityDescriptor, false)); } catch (Exception ex) { - NewMoaEidasMetadata.LOGGER.info("ERROR : SAMLException ", ex.getMessage()); - NewMoaEidasMetadata.LOGGER.debug("ERROR : SAMLException ", ex); + Logger.info("ERROR : SAMLException: " + ex.getMessage()); + Logger.warn("ERROR : SAMLException ", ex); throw new IllegalStateException(ex); } } |