diff options
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src')
20 files changed, 349 insertions, 371 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java index d6cacf4fe..8471439e2 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java @@ -72,4 +72,11 @@ public class Constants { public static final String eIDAS_HTTP_ENDPOINT_IDP_REDIRECT = "/eidas/idp/redirect"; public static final String eIDAS_HTTP_ENDPOINT_METADATA = "/eidas/metadata"; + //Event-Codes for Revisionslog + public static final int eIDAS_REVERSIONSLOG_METADATA = 3400; + public static final int eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST = 3401; + public static final int eIDAS_REVERSIONSLOG_IDP_AUTHRESPONSE = 3402; + public static final int eIDAS_REVERSIONSLOG_SP_AUTHREQUEST= 3403; + public static final int eIDAS_REVERSIONSLOG_SP_AUTHRESPONSE= 3404; + } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java index 9b634ff4d..1759a7281 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java @@ -54,7 +54,7 @@ public class MOAIDCertificateManagerConfigurationImpl extends try { initalizeConfiguration(); - } catch (at.gv.egovernment.moa.id.config.ConfigurationException e) { + } catch (at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException e) { Logger.error("eIDAS SAML-engine initialization FAILED", e); } @@ -89,7 +89,7 @@ public class MOAIDCertificateManagerConfigurationImpl extends try { initalizeConfiguration(); - } catch (at.gv.egovernment.moa.id.config.ConfigurationException e) { + } catch (at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException e) { Logger.error("eIDAS SAML-engine initialization FAILED", e); } @@ -103,10 +103,10 @@ public class MOAIDCertificateManagerConfigurationImpl extends /** * Initialize eIDAS SAML-engine from MOA-ID configuration - * @throws at.gv.egovernment.moa.id.config.ConfigurationException + * @throws at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException * */ - private void initalizeConfiguration() throws at.gv.egovernment.moa.id.config.ConfigurationException { + private void initalizeConfiguration() throws at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException { //initialize configuration MOAeIDASSAMLEngineConfigurationImpl tmp = new MOAeIDASSAMLEngineConfigurationImpl(); tmp.initialize(); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java index 584910ea5..5d1874157 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java @@ -37,7 +37,7 @@ import java.util.Properties; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.FileUtils; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java index bdd8c8e72..1ba344fd1 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java @@ -1,7 +1,7 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.config; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; import eu.eidas.auth.engine.core.impl.EncryptionSW; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationSpringResourceProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationSpringResourceProvider.java new file mode 100644 index 000000000..70bd7b3d7 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationSpringResourceProvider.java @@ -0,0 +1,28 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +public class eIDASAuthenticationSpringResourceProvider implements SpringResourceProvider { + + @Override + public String getName() { + return "MOA-ID eIDAS-Authentication SpringResourceProvider"; + } + + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Resource[] getResourcesToLoad() { + ClassPathResource eIDASAuthConfig = new ClassPathResource("/moaid_eidas_auth.beans.xml", eIDASAuthenticationSpringResourceProvider.class); + + return new Resource[] {eIDASAuthConfig}; + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java index 6a0cf6dfa..9adffe6fd 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java @@ -22,22 +22,26 @@ */ package at.gv.egovernment.moa.id.auth.modules.eidas; +import java.io.IOException; + import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet; +import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.logging.Logger; /** * @author tlenz * */ -@WebServlet(urlPatterns = { "/eidas/sp/post", "/eidas/sp/redirect"}, loadOnStartup = 1) -public class eIDASSignalServlet extends ProcessEngineSignalServlet { - - private static final long serialVersionUID = 8215688005533754459L; +@Controller +public class eIDASSignalServlet extends AbstractProcessEngineSignalController { public eIDASSignalServlet() { super(); @@ -46,18 +50,25 @@ public class eIDASSignalServlet extends ProcessEngineSignalServlet { } + @RequestMapping(value = { "/eidas/sp/post", + "/eidas/sp/redirect" + }, + method = {RequestMethod.POST, RequestMethod.GET}) + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + signalProcessManagement(req, resp); + } @Override /** - * Protocol specific implementation to get the sessionID + * Protocol specific implementation to get the pending-requestID * from http request object * * @param request The http Servlet-Request object - * @return The SessionId + * @return The Pending-request id * */ - public String getMoaSessionId(HttpServletRequest request) { - String sessionId = super.getMoaSessionId(request); + public String getPendingRequestId(HttpServletRequest request) { + String sessionId = super.getPendingRequestId(request); try { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java index 965abcde1..d0454688a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java @@ -26,14 +26,15 @@ import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider; import org.opensaml.xml.XMLObject; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing; import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter; import at.gv.egovernment.moa.id.saml2.MetadataFilterChain; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -178,7 +179,7 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi //add Metadata filters MetadataFilterChain filter = new MetadataFilterChain(); - filter.addFilter(new MOAeIDASMetadataSignatureFilter( + filter.addFilter(new MOASPMetadataSignatureFilter( authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE))); httpProvider.setMetadataFilter(filter); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataSignatureFilter.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataSignatureFilter.java deleted file mode 100644 index c9f3e5bcd..000000000 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataSignatureFilter.java +++ /dev/null @@ -1,132 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth.modules.eidas.engine; - -import java.io.IOException; -import java.io.StringWriter; - -import javax.xml.transform.Transformer; -import javax.xml.transform.TransformerConfigurationException; -import javax.xml.transform.TransformerException; -import javax.xml.transform.TransformerFactory; -import javax.xml.transform.TransformerFactoryConfigurationError; -import javax.xml.transform.dom.DOMSource; -import javax.xml.transform.stream.StreamResult; - -import org.opensaml.saml2.metadata.EntityDescriptor; -import org.opensaml.saml2.metadata.provider.FilterException; -import org.opensaml.saml2.metadata.provider.MetadataFilter; -import org.opensaml.xml.XMLObject; - -import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.logging.Logger; - -/** - * @author tlenz - * - */ -public class MOAeIDASMetadataSignatureFilter implements MetadataFilter { - - private String trustProfileID = null; - - /** - * - */ - public MOAeIDASMetadataSignatureFilter(String trustProfileID) { - this.trustProfileID = trustProfileID; - - } - - - /* (non-Javadoc) - * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) - */ - @Override - public void doFilter(XMLObject metadata) throws FilterException { - if (metadata instanceof EntityDescriptor) { - if (((EntityDescriptor) metadata).isSigned()) { - EntityDescriptor entityDes = (EntityDescriptor) metadata; - //check signature; - try { - Transformer transformer = TransformerFactory.newInstance() - .newTransformer(); - StringWriter sw = new StringWriter(); - StreamResult sr = new StreamResult(sw); - DOMSource source = new DOMSource(metadata.getDOM()); - transformer.transform(source, sr); - sw.close(); - String metadataXML = sw.toString(); - - SignatureVerificationUtils sigVerify = - new SignatureVerificationUtils(); - VerifyXMLSignatureResponse result = sigVerify.verify( - metadataXML.getBytes(), trustProfileID); - - //check signature-verification result - if (result.getSignatureCheckCode() != 0) { - Logger.warn("eIDAS Metadata signature-verification FAILED!" - + " Metadata: " + entityDes.getEntityID() - + " StatusCode:" + result.getSignatureCheckCode()); - throw new FilterException("eIDAS Metadata signature-verification FAILED!" - + " Metadata: " + entityDes.getEntityID() - + " StatusCode:" + result.getSignatureCheckCode()); - - } - - if (result.getCertificateCheckCode() != 0) { - Logger.warn("eIDAS Metadata certificate-verification FAILED!" - + " Metadata: " + entityDes.getEntityID() - + " StatusCode:" + result.getCertificateCheckCode()); - throw new FilterException("eIDAS Metadata certificate-verification FAILED!" - + " Metadata: " + entityDes.getEntityID() - + " StatusCode:" + result.getCertificateCheckCode()); - - } - - - } catch (MOAIDException | TransformerFactoryConfigurationError | TransformerException | IOException e) { - Logger.error("eIDAS Metadata verification has an interal error.", e); - throw new FilterException("eIDAS Metadata verification has an interal error." - + " Message:" + e.getMessage()); - - } - - - } else { - Logger.warn("eIDAS Metadata root-element MUST be signed."); - throw new FilterException("eIDAS Metadata root-element MUST be signed.'"); - - } - - } else { - Logger.warn("eIDAS Metadata root-element is not of type 'EntityDescriptor'"); - throw new FilterException("eIDAS Metadata root-element is not of type 'EntityDescriptor'"); - - } - - } - -} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java index 98bc559d2..20f18b772 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java @@ -22,7 +22,7 @@ */ package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions; -import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; /** * @author tlenz diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java index f4d6c4ad4..7a696cd2f 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java @@ -31,41 +31,33 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.parsers.ParserConfigurationException; +import org.springframework.stereotype.Component; import org.w3c.dom.Element; import org.w3c.dom.Node; import org.xml.sax.SAXException; -import eu.eidas.auth.commons.IPersonalAttributeList; - import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.XPathUtils; +import eu.eidas.auth.commons.IPersonalAttributeList; /** * @author tlenz * */ +@Component("CreateIdentityLinkTask") public class CreateIdentityLinkTask extends AbstractAuthServletTask { /* (non-Javadoc) @@ -76,27 +68,13 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try{ - String moasessionid = (String) executionContext.get(MOAIDAuthConstants.PARAM_SESSIONID); - String pendingRequestID = (String) executionContext.get("pendingRequestID"); - - //load pending request - IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID); - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); - - } - - //load MOASession object and OA-configuration - AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid); - IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration(); - + defaultTaskInitialization(request, executionContext); + //get eIDAS attributes from MOA-Session IPersonalAttributeList eIDASAttributes = moasession.getGenericDataFromSession( AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, IPersonalAttributeList.class); - AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); IdentityLink identityLink = null; //connect SZR-Gateway @@ -146,7 +124,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { //resign IDL IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); - Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), config.getStorkFakeIdLResigningKey()); + Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), authConfig.getStorkFakeIdLResigningKey()); identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink(); } else { @@ -164,19 +142,19 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { throw new MOAIDException("stork.10", null); } - MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED); moasession.setForeigner(true); moasession.setIdentityLink(identityLink); moasession.setBkuURL("Not applicable (eIDASAuthentication)"); //store MOA-session to database - AuthenticationSessionStoreage.storeSession(moasession); + authenticatedSessionStorage.storeSession(moasession); } catch (ParseException | MOAIDException | MOADatabaseException | ParserConfigurationException | SAXException | IOException e) { - throw new TaskExecutionException("IdentityLink generation for foreign person FAILED.", e); + throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); } catch (eIDASAttributeException e) { - throw new TaskExecutionException("Minimum required eIDAS attributeset not found.", e); + throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java index 18432fd1c..7f3c4bddc 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java @@ -34,7 +34,23 @@ import org.apache.commons.lang3.StringUtils; import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; +import org.springframework.stereotype.Component; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; +import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; +import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.CPEPS; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.logging.Logger; import eu.eidas.auth.commons.EIDASAuthnRequest; import eu.eidas.auth.commons.EIDASUtil; import eu.eidas.auth.commons.EidasLoaCompareType; @@ -45,32 +61,12 @@ import eu.eidas.auth.commons.PersonalAttributeList; import eu.eidas.auth.engine.EIDASSAMLEngine; import eu.eidas.auth.engine.core.eidas.SPType; import eu.eidas.engine.exceptions.EIDASSAMLEngineException; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; -import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; -import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.stork.CPEPS; -import at.gv.egovernment.moa.id.config.stork.StorkAttribute; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestStorage; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.VelocityProvider; -import at.gv.egovernment.moa.logging.Logger; /** * @author tlenz * */ +@Component("GenerateAuthnRequestTask") public class GenerateAuthnRequestTask extends AbstractAuthServletTask { /* (non-Javadoc) @@ -81,32 +77,19 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - try{ - String moasessionid = (String) executionContext.get(MOAIDAuthConstants.PARAM_SESSIONID); - String pendingRequestID = (String) executionContext.get("pendingRequestID"); - - //load pending request - IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID); - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: '{}' Maybe, a transaction timeout occure.", new Object[] {pendingRequestID}); - throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); - - } - - //load MOASession object, configuration and OA-configuration - AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid); + try{ + //get service-provider configuration IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration(); - AuthConfiguration moaconfig = AuthConfigurationProviderFactory.getInstance(); // get target country String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC); if (StringUtils.isEmpty(citizenCountryCode)) { // illegal state; task should not have been executed without a selected country - throw new AuthenticationException("stork.22", new Object[] { moasessionid }); + throw new AuthenticationException("stork.22", new Object[] { pendingReq.getRequestID() }); } - CPEPS cpeps = moaconfig.getStorkConfig().getCPEPS(citizenCountryCode); + CPEPS cpeps = authConfig.getStorkConfig().getCPEPS(citizenCountryCode); if(null == cpeps) { Logger.error("PEPS unknown for country", new Object[] {citizenCountryCode}); throw new AuthenticationException("Unknown PEPS for citizen country '{}'", new Object[] {citizenCountryCode}); @@ -115,6 +98,12 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { String destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination String metadataUrl = cpeps.getPepsURL().toString().split(";")[0].trim(); + + //TODO: switch to entityID + revisionsLogger.logEvent(oaConfig, pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED, + metadataUrl); + // assemble requested attributes Collection<StorkAttribute> attributesFromConfig = oaConfig.getRequestedSTORKAttributes(); @@ -127,7 +116,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { newAttribute.setName(current.getName()); boolean globallyMandatory = false; - for (StorkAttribute currentGlobalAttribute : moaconfig.getStorkConfig().getStorkAttributes()) + for (StorkAttribute currentGlobalAttribute : authConfig.getStorkConfig().getStorkAttributes()) if (current.getName().equals(currentGlobalAttribute.getName())) { globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory()); break; @@ -141,10 +130,10 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { //build eIDAS AuthnRequest EIDASAuthnRequest authnRequest = new EIDASAuthnRequest(); - authnRequest.setProviderName(moaconfig.getPublicURLPrefix()); + authnRequest.setProviderName(pendingReq.getAuthURL()); authnRequest.setPersonalAttributeList(pAttList); - authnRequest.setIssuer(moaconfig.getPublicURLPrefix() + Constants.eIDAS_HTTP_ENDPOINT_METADATA); + authnRequest.setIssuer(pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA); authnRequest.setDestination(destination); authnRequest.setEidasNameidFormat(EIDASAuthnRequest.NAMEID_FORMAT_UNSPECIFIED); @@ -170,7 +159,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { context.put(actionType, SAMLRequest); Logger.debug("Encoded " + actionType + " original: " + SAMLRequest); - context.put("RelayState", moasessionid); + context.put("RelayState", pendingReq.getRequestID()); Logger.debug("Using assertion consumer url as action: " + destination); context.put("action", destination); @@ -187,6 +176,10 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { response.setContentType("text/html;charset=UTF-8"); response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8")); + revisionsLogger.logEvent(oaConfig, pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED, + authnRequest.getSamlId()); + } catch (IOException e) { Logger.error("Velocity IO error: " + e.getMessage()); throw new MOAIDException("stork.15", null); // TODO @@ -197,14 +190,13 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { }catch (EIDASSAMLEngineException e){ Logger.error("eIDAS AuthnRequest generation FAILED.", e); - throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", + throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", new EIDASEngineException("Could not generate token for Saml Request", e)); - } catch (EIDASEngineException | MOAIDException | MOADatabaseException e) { - throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", e); + } catch (EIDASEngineException | MOAIDException e) { + throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", e); - } - + } } } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java index 693807d63..5d1b7fb6f 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java @@ -3,59 +3,46 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import eu.eidas.auth.commons.EIDASAuthnResponse; -import eu.eidas.auth.commons.EIDASUtil; -import eu.eidas.auth.engine.EIDASSAMLEngine; -import eu.eidas.engine.exceptions.EIDASSAMLEngineException; +import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +import eu.eidas.auth.commons.EIDASAuthnResponse; +import eu.eidas.auth.commons.EIDASUtil; +import eu.eidas.auth.engine.EIDASSAMLEngine; +import eu.eidas.engine.exceptions.EIDASSAMLEngineException; +@Component("ReceiveAuthnResponseTask") public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - try{ - String moasessionid = (String) executionContext.get(MOAIDAuthConstants.PARAM_SESSIONID); - String pendingRequestID = (String) executionContext.get("pendingRequestID"); - - //load pending request - IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID); - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); - - } - - //load MOASession object and OA-configuration - AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid); - IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration(); - - //get SAML Response and decode it + try{ + //get SAML Response String base64SamlToken = request.getParameter("SAMLResponse"); if (MiscUtil.isEmpty(base64SamlToken)) { Logger.warn("No eIDAS SAMLReponse found in http request."); throw new MOAIDException("HTTP request includes no eIDAS SAML-Response element.", null); - } + } + + //get MOASession + defaultTaskInitialization(request, executionContext); + + //decode SAML response byte[] decSamlToken = EIDASUtil.decodeSAMLToken(base64SamlToken); //get eIDAS SAML-engine @@ -78,7 +65,6 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { //update MOA-Session data with received information Logger.debug("Store eIDAS response information into MOA-session."); moasession.setQAALevel(samlResp.getAssuranceLevel()); - moasession.setCcc(samlResp.getCountry()); moasession.setGenericDataToSession( AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, @@ -87,20 +73,28 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { moasession.setGenericDataToSession( AuthenticationSessionStorageConstants.eIDAS_RESPONSE, decSamlToken); - - //set general information to MOA-Session - moasession.setAuthURL(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/"); + //set issuer nation as PVP attribute into MOASession + moasession.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry()); + //store MOA-session to database - AuthenticationSessionStoreage.storeSession(moasession); + authenticatedSessionStorage.storeSession(moasession); + + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED, + samlResp.getSamlId()); }catch (EIDASSAMLEngineException e) { Logger.error("eIDAS AuthnRequest generation FAILED.", e); - throw new TaskExecutionException("eIDAS Response processing FAILED.", + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); + throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", new EIDASEngineException("Could not validate eIDAS response", e)); } catch (EIDASEngineException | MOAIDException | MOADatabaseException e) { - throw new TaskExecutionException("eIDAS Response processing FAILED.", e); + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); + throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java index 38a4d8757..563c3a18c 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java @@ -1,13 +1,17 @@ package at.gv.egovernment.moa.id.protocols.eidas; -import java.util.List; +import java.util.Collection; -import org.opensaml.saml2.core.Attribute; +import org.springframework.beans.factory.config.BeanDefinition; +import org.springframework.context.annotation.Scope; +import org.springframework.stereotype.Component; -import eu.eidas.auth.commons.EIDASAuthnRequest; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList; import at.gv.egovernment.moa.id.moduls.RequestImpl; +import eu.eidas.auth.commons.EIDASAuthnRequest; +@Component("EIDASData") +@Scope(value = BeanDefinition.SCOPE_PROTOTYPE) public class EIDASData extends RequestImpl { /** The Constant serialVersionUID. */ @@ -25,7 +29,7 @@ public class EIDASData extends RequestImpl { private String remoteRelayState; @Override - public List<Attribute> getRequestedAttributes() { + public Collection<String> getRequestedAttributes() { // TODO Auto-generated method stub return null; } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index 072f1661a..1c0e60c63 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -22,45 +22,40 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.eidas; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IModulInfo; -import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.EIDASAuthnRequest; import eu.eidas.auth.commons.EIDASUtil; import eu.eidas.auth.engine.EIDASSAMLEngine; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import java.util.HashMap; - /** - * Stork 2 Protocol Support + * eIDAS Protocol Support for outbound authentication * - * @author bsuzic + * @author tlenz */ -public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo { +public class EIDASProtocol extends AbstractAuthProtocolModulController { public static final String NAME = EIDASProtocol.class.getName(); public static final String PATH = "eidas"; - public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest"; - - private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); - - static { - actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest()); - } - public String getName() { return NAME; } @@ -69,20 +64,72 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo { return PATH; } - public IAction getAction(String action) { - return actions.get(action); - } - - public EIDASProtocol() { - super(); - } - + //eIDAS metadata end-point + @RequestMapping(value = "/eidas/metadata", method = {RequestMethod.GET}) + public void eIDASMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException { + + //create pendingRequest object + EIDASData pendingReq = applicationContext.getBean(EIDASData.class); + pendingReq.initialize(req); + pendingReq.setModule(NAME); + pendingReq.setNeedAuthentication(false); + pendingReq.setAuthenticated(false); + + revisionsLogger.logEvent( + pendingReq.getUniqueSessionIdentifier(), + pendingReq.getUniqueTransactionIdentifier(), + MOAIDEventConstants.TRANSACTION_IP, + req.getRemoteAddr()); + + + EidasMetaDataRequest metadataAction = applicationContext.getBean(EidasMetaDataRequest.class); + metadataAction.processRequest(pendingReq, + req, resp, null); + + revisionsLogger.logEvent( + pendingReq.getUniqueSessionIdentifier(), + pendingReq.getUniqueTransactionIdentifier(), + Constants.eIDAS_REVERSIONSLOG_METADATA); + } + + + //PVP2.x IDP POST-Binding end-point + @RequestMapping(value = "/eidas/ColleagueRequest", method = {RequestMethod.POST}) + public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { + + //create pending-request object + EIDASData pendingReq = applicationContext.getBean(EIDASData.class); + pendingReq.initialize(req); + pendingReq.setModule(NAME); + + revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); + revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier()); + revisionsLogger.logEvent( + pendingReq.getUniqueSessionIdentifier(), + pendingReq.getUniqueTransactionIdentifier(), + MOAIDEventConstants.TRANSACTION_IP, + req.getRemoteAddr()); + + //preProcess eIDAS request + preProcess(req, resp, pendingReq); + + revisionsLogger.logEvent(pendingReq, Constants.eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST); + + //AuthnRequest needs authentication + pendingReq.setNeedAuthentication(true); + + //set protocol action, which should be executed after authentication + pendingReq.setAction(eIDASAuthenticationRequest.class.getName()); + + //switch to session authentication + performAuthentication(req, resp, pendingReq); + } + /* First request step - send it to BKU selection for user authentication. After the user credentials and other info are obtained, in the second step the request will be processed and the user redirected */ - public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action, - String sessionId, String transactionId) throws MOAIDException { + public void preProcess(HttpServletRequest request, HttpServletResponse response, EIDASData pendingReq) throws MOAIDException { Logger.info("received an eIDaS request"); @@ -101,46 +148,40 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo { //validate SAML token EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken); - // memorize important stuff - EIDASData result = new EIDASData(); - // - memorize remote ip - result.setRemoteAddress(request.getRemoteAddr()); + pendingReq.setRemoteAddress(request.getRemoteAddr()); // - memorize relaystate String relayState = request.getParameter("RelayState"); - result.setRemoteRelayState(relayState); + pendingReq.setRemoteRelayState(relayState); // - memorize country code of target country - result.setTarget(samlReq.getCountry()); + pendingReq.setGenericDataToSession( + RequestImpl.eIDAS_GENERIC_REQ_DATA_COUNTRY, samlReq.getCountry()); // - memorize requested attributes - result.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList())); + pendingReq.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList())); // - memorize whole request - samlReq.setPersonalAttributeList(result.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list - result.setEidasRequest(samlReq); + samlReq.setPersonalAttributeList(pendingReq.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list + pendingReq.setEidasRequest(samlReq); // - memorize OA url - result.setOAURL(samlReq.getIssuer()); - + pendingReq.setOAURL(samlReq.getIssuer()); + // - memorize OA config - OAAuthParameter oaConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(result.getOAURL()); + IOAAuthParameters oaConfig = authConfig.getOnlineApplicationParameter(pendingReq.getOAURL()); if (oaConfig == null) - throw new AuthenticationException("stork.12", new Object[]{result.getOAURL()}); - result.setOnlineApplicationConfiguration(oaConfig); + throw new AuthenticationException("stork.12", new Object[]{pendingReq.getOAURL()}); + pendingReq.setOnlineApplicationConfiguration(oaConfig); - return result; } catch(Exception e) { Logger.error("error in preprocessing step", e); throw new MOAIDException("error in preprocessing step", null); + } } - public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) { - return null; - } - public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable { return false; } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java index a625de74e..4e45d2f47 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java @@ -14,23 +14,23 @@ * See the Licence for the specific language governing permissions and * limitations under the Licence. *******************************************************************************/ -package at.gv.egovernment.moa.id.auth.modules.eidas.utils; +package at.gv.egovernment.moa.id.protocols.eidas; -import java.io.IOException; - -import javax.servlet.ServletException; -import javax.servlet.annotation.WebServlet; -import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.slf4j.Logger; import org.springframework.http.MediaType; +import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; +import at.gv.egovernment.moa.id.moduls.IAction; import eu.eidas.auth.engine.EIDASSAMLEngine; import eu.eidas.auth.engine.core.eidas.SPType; import eu.eidas.auth.engine.metadata.MetadataConfigParams; @@ -41,20 +41,22 @@ import eu.eidas.engine.exceptions.SAMLEngineException; /** * First version to provide some valid metadata to an asking eIDaS node */ -@WebServlet("/eidas/metadata") -public class EidasMetaDataServlet extends HttpServlet { - private static final long serialVersionUID = -2129228304760706063L; - private Logger logger = org.slf4j.LoggerFactory.getLogger(EidasMetaDataServlet.class); - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - try { +@Service("EidasMetaDataRequest") +public class EidasMetaDataRequest implements IAction { + private Logger logger = org.slf4j.LoggerFactory.getLogger(EidasMetaDataRequest.class); + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData) + */ + @Override + public SLOInformationInterface processRequest(IRequest req, + HttpServletRequest httpReq, HttpServletResponse httpResp, + IAuthData authData) throws MOAIDException { + + try { logger.debug("EidasMetaDataServlet GET"); - AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); - String pubURLPrefix = config.getPublicURLPrefix(); + String pubURLPrefix = req.getAuthURL(); String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA; @@ -63,14 +65,36 @@ public class EidasMetaDataServlet extends HttpServlet { logger.trace(metaData); - response.setContentType(MediaType.APPLICATION_XML.getType()); - response.getWriter().print(metaData); - response.flushBuffer(); + httpResp.setContentType(MediaType.APPLICATION_XML.getType()); + httpResp.getWriter().print(metaData); + httpResp.flushBuffer(); } catch (Exception e) { e.printStackTrace(); } - } + + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp) { + return false; + + } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName() + */ + @Override + public String getDefaultActionName() { + return "eIDAS-Metadata Action"; + + } + public String generateMetadata(String metadata_url, String sp_return_url) throws SAMLEngineException, EIDASEngineException{ String metadata="invalid metadata"; @@ -80,16 +104,15 @@ public class EidasMetaDataServlet extends HttpServlet { MetadataConfigParams mcp=new MetadataConfigParams(); generator.setConfigParams(mcp); generator.initialize(engine); + mcp.setEntityID(metadata_url); mcp.setSpType(SPType.DEFAULT_VALUE); - + mcp.setAssertionConsumerUrl(sp_return_url); + mcp.setAssuranceLevel("http://eidas.europa.eu/LoA/substantial"); // TODO make configurable + generator.addSPRole(); - String returnUrl = sp_return_url; - mcp.setAssertionConsumerUrl(returnUrl); - generator.addIDPRole(); - mcp.setAssuranceLevel("http://eidas.europa.eu/LoA/substantial"); // TODO make configurable - + metadata = generator.generateMetadata(); return metadata; } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java index 967231110..d9663092f 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java @@ -32,22 +32,22 @@ import javax.servlet.http.HttpServletResponse; import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; +import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; +import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import eu.eidas.auth.commons.EIDASAuthnResponse; import eu.eidas.auth.commons.EIDASStatusCode; @@ -61,11 +61,14 @@ import eu.eidas.auth.engine.metadata.MetadataUtil; * Second request step - after authentication of the user is done and moasession obtained, * process request and forward the user further to PEPS and/or other entities * - * @author bsuzic + * @author tlenz */ -public class AuthenticationRequest implements IAction { +@Service("eIDASAuthenticationRequest") +public class eIDASAuthenticationRequest implements IAction { + @Autowired protected MOAReversionLogger revisionsLogger; + @Override public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { EIDASData eidasRequest; @@ -86,8 +89,9 @@ public class AuthenticationRequest implements IAction { case Constants.eIDAS_ATTR_DATEOFBIRTH: newValue = new SimpleDateFormat("YYYY-MM-dd").format(authData.getDateOfBirth()); break; case Constants.eIDAS_ATTR_CURRENTFAMILYNAME: newValue = authData.getFamilyName();break; case Constants.eIDAS_ATTR_CURRENTGIVENNAME: newValue = authData.getGivenName();break; - case Constants.eIDAS_ATTR_PERSONALIDENTIFIER: newValue = new BPKBuilder().buildStorkeIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(), - eidasRequest.getTarget()); break; + + //TODO: change bPK builder !!!!!! + case Constants.eIDAS_ATTR_PERSONALIDENTIFIER: newValue = authData.getBPK(); break; } if("".equals(newValue)) @@ -104,8 +108,7 @@ public class AuthenticationRequest implements IAction { response.setPersonalAttributeList(resultingAttributeList); // - create metadata url - AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); - String pubURLPrefix = config.getPublicURLPrefix(); + String pubURLPrefix = req.getAuthURL(); String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA; response.setIssuer(metadata_url); @@ -136,6 +139,8 @@ public class AuthenticationRequest implements IAction { e.printStackTrace(); } + revisionsLogger.logEvent(req, Constants.eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST); + // send the response try { VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 000000000..cd2416a91 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.modules.eidas.eIDASAuthenticationSpringResourceProvider
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo deleted file mode 100644 index 31d15951c..000000000 --- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.IModulInfo +++ /dev/null @@ -1 +0,0 @@ -at.gv.egovernment.moa.id.protocols.eidas.EIDASProtocol
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml index f24ff1c28..4ff64e76d 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml @@ -2,10 +2,10 @@ <pd:ProcessDefinition id="eIDASAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> - <pd:Task id="createAuthnRequest" class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.GenerateAuthnRequestTask" /> - <pd:Task id="receiveAuthnResponse" class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.ReceiveAuthnResponseTask" async="true" /> - <pd:Task id="finalizeAuthentication" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.FinalizeAuthenticationTask" /> - <pd:Task id="generateIdentityLink" class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.CreateIdentityLinkTask" /> + <pd:Task id="createAuthnRequest" class="GenerateAuthnRequestTask" /> + <pd:Task id="receiveAuthnResponse" class="ReceiveAuthnResponseTask" async="true" /> + <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> + <pd:Task id="generateIdentityLink" class="CreateIdentityLinkTask" /> <pd:StartEvent id="start" /> <pd:Transition from="start" to="createAuthnRequest" /> diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml new file mode 100644 index 000000000..a3f5042a1 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + +<!-- Authentication Process Tasks --> + <bean id="GenerateAuthnRequestTask" + class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.GenerateAuthnRequestTask" + scope="prototype"/> + + <bean id="ReceiveAuthnResponseTask" + class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.ReceiveAuthnResponseTask" + scope="prototype"/> + + <bean id="CreateIdentityLinkTask" + class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.CreateIdentityLinkTask" + scope="prototype"/> + +</beans>
\ No newline at end of file |