aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-eIDAS/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src/main')
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java2
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java29
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java4
3 files changed, 34 insertions, 1 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 5166f090d..d6cacf4fe 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -39,7 +39,7 @@ public class Constants {
//default implementations for eIDAS SAML-engine functionality
public static final String SAML_SIGNING_IMPLENTATION = "eu.eidas.auth.engine.core.impl.SignSW";
- public static final String SAML_ENCRYPTION_IMPLENTATION = "eu.eidas.auth.engine.core.impl.EncryptionSW";
+ public static final String SAML_ENCRYPTION_IMPLENTATION = "at.gv.egovernment.moa.id.auth.modules.eidas.config.ModifiedEncryptionSW";
//configuration property keys
public static final String CONIG_PROPS_EIDAS_PREFIX="moa.id.protocols.eIDAS";
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
new file mode 100644
index 000000000..bdd8c8e72
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
@@ -0,0 +1,29 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.config;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.eidas.auth.engine.core.impl.EncryptionSW;
+
+/**
+ * This encryption module asks the moa configuration on whether to encrypt the response or not. In doubt, encryption is enforced.
+ */
+public class ModifiedEncryptionSW extends EncryptionSW {
+
+ @Override
+ public boolean isEncryptionEnable(String countryCode) {
+ // - encrypt if so configured
+ try {
+ AuthConfiguration moaconfig = AuthConfigurationProviderFactory.getInstance();
+ Boolean useEncryption = moaconfig.getStorkConfig().getCPEPS(countryCode).isXMLSignatureSupported();
+ Logger.info(useEncryption ? "using encryption" : "do not use encrpytion");
+ return useEncryption;
+ } catch(NullPointerException | ConfigurationException e) {
+ Logger.warn("failed to gather information about encryption for countryCode " + countryCode + " - thus, enabling encryption");
+ if(Logger.isDebugEnabled())
+ e.printStackTrace();
+ return true;
+ }
+ }
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
index 238c823cf..68ff0425a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
@@ -115,6 +115,10 @@ public class AuthenticationRequest implements IAction {
try {
EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+ // encryption is done by the SamlEngine, i.e. by the module we provide in the config
+ // but we need to set the appropriate request issuer
+ engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer());
+
// check if we have the destination available, supply it if not
if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) {
String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(