1 files changed, 147 insertions, 0 deletions

diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java
new file mode 100644
index 000000000..d087b9fe2
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java
@@ -0,0 +1,147 @@
+/*
+ * Copyright 2021 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ehvd;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.stream.Collectors;
+
+import javax.annotation.PostConstruct;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EhvdServiceAuthModule extends DefaultCitizenCardAuthModuleImpl {
+
+  private int priority = 2;
+
+  @Autowired(required = true)
+  protected IConfigurationWithSP authConfig;
+
+  private Collection<String> uniqueIDsEnabled;
+
+  /*
+   * (non-Javadoc)
+   *
+   * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
+   */
+  @Override
+  public int getPriority() {
+    return priority;
+
+  }
+
+  /**
+   * Sets the priority of this module. Default value is {@code 0}.
+   *
+   * @param priority The priority.
+   */
+  public void setPriority(int priority) {
+    this.priority = priority;
+
+  }
+
+  @PostConstruct
+  private void initialDummyAuthWhiteList() {
+    if (authConfig.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) {
+      Logger.info("AuthModule for 'EHVD injection' is enabled");
+
+      // load allowed service-provider Id's
+      uniqueIDsEnabled = authConfig.getBasicConfigurationWithPrefix(
+          ConfigurationProperties.PROP_MODULE_SP_PREFIX).values().stream()
+          .filter(el -> StringUtils.isNotEmpty(el))
+          .collect(Collectors.toSet());
+
+      if (!uniqueIDsEnabled.isEmpty()) {
+        Logger.info("EHVD communication is enabled for ....");
+        uniqueIDsEnabled.forEach(el -> Logger.info("   EntityID: " + el));
+
+      }
+
+    } else {
+      uniqueIDsEnabled = Collections.emptySet();
+      Logger.info("AuthModule for 'EHVD injection' is disabled");
+
+    }
+
+  }
+
+  /*
+   * (non-Javadoc)
+   *
+   * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.
+   * egovernment.moa.id.process.api.ExecutionContext)
+   */
+  @Override
+  public String selectProcess(ExecutionContext context, IRequest pendingReq) {
+
+    if (authConfig.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) {
+      final String spEntityID = pendingReq.getServiceProviderConfiguration().getUniqueIdentifier();
+      Logger.trace("Checking EHVD communication for SP: " + spEntityID + " ....");
+      final boolean ccAuthRequested = StringUtils.isNotEmpty(super.selectProcess(context, pendingReq));
+      if (uniqueIDsEnabled.contains(spEntityID) && ccAuthRequested) {
+        Logger.debug("EHVD communication is allowed for SP: " + spEntityID);
+        return "DefaultAuthenticationWithEHVDInteraction";
+
+      } else {
+        if (Logger.isDebugEnabled()) {
+          if (ccAuthRequested) {
+            Logger.debug("Unique SP-Id: " + spEntityID + " is not in whitelist for EHVD communication.");
+
+          } else {
+            Logger.trace("No CititzenCard authentication requested. EHVD communication skipped too");
+
+          }
+        }
+      }
+
+    } else {
+      Logger.trace("'EHVD injection' authentication is disabled");
+
+    }
+
+    return null;
+
+  }
+
+  /*
+   * (non-Javadoc)
+   *
+   * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
+   */
+  @Override
+  public String[] getProcessDefinitions() {
+    return new String[] { "classpath:/DefaultAuth_with_ehvd_interaction.process.xml" };
+  }
+
+}