diff options
Diffstat (limited to 'id/server/modules')
164 files changed, 4001 insertions, 1514 deletions
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 7ea4ee436..34567131b 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -25,12 +25,18 @@ import org.w3c.dom.Element; import org.w3c.dom.NodeList; import org.xml.sax.SAXException; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -38,7 +44,6 @@ import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BKUException; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.exception.ServiceException; @@ -57,22 +62,18 @@ import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; +import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.logging.SpecificTraceLogger; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moaspss.logging.LogMsg; @@ -93,7 +94,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { @Autowired private MOAReversionLogger revisionsLogger; @Autowired private AuthConfiguration authConfig; - + /** * Constructor for AuthenticationServer. */ @@ -145,9 +146,9 @@ public class AuthenticationServer extends BaseAuthenticationServer { } //load OnlineApplication configuration - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[]{pendingReq.getOAURL()}); + throw new AuthenticationException("auth.00", new Object[]{pendingReq.getSPEntityId()}); //load Template String templateURL = pendingReq.getGenericData( @@ -200,7 +201,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { //build DataURL for BKU request String dataURL = new DataURLBuilder().buildDataURL( - pendingReq.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, pendingReq.getRequestID()); + pendingReq.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, pendingReq.getPendingRequestId()); //removed in MOAID 2.0 String pushInfobox = ""; @@ -295,7 +296,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() .build(identityLink, authConfig - .getMoaSpIdentityLinkTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseIDLTestTrustStore())); + .getMoaSpIdentityLinkTrustProfileID(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).isUseIDLTestTrustStore())); // invokes the call Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance() @@ -304,7 +305,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { IVerifiyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( domVerifyXMLSignatureResponse).parseData(); - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); // validates the <VerifyXMLSignatureResponse> VerifyXMLSignatureResponseValidator.getInstance().validate( @@ -320,8 +321,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { //Removed in MOA-ID 2.0 //verifyInfoboxes(session, infoboxReadResponseParameters, false); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED); return "found!"; } @@ -399,7 +399,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { throw new AuthenticationException("auth.10", new Object[]{ GET_MIS_SESSIONID, PARAM_SESSIONID}); - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); try { // sets the extended SAML attributes for OID (Organwalter) setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam @@ -434,9 +434,9 @@ public class AuthenticationServer extends BaseAuthenticationServer { */ public String getCreateXMLSignatureRequestAuthBlockOrRedirect( IAuthenticationSession session, IRequest pendingReq) throws ConfigurationException, - BuildException, ValidateException { + BuildException, ValidateException, EAAFBuilderException { - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); // builds the AUTH-block String authBlock = buildAuthenticationBlock(session, oaParam, pendingReq); @@ -449,7 +449,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { transformsInfos); SpecificTraceLogger.trace("Req. Authblock: " + createXMLSignatureRequest); - SpecificTraceLogger.trace("OA config: " + pendingReq.getOnlineApplicationConfiguration().toString()); + SpecificTraceLogger.trace("OA config: " + pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).toString()); SpecificTraceLogger.trace("saml1RequestedTarget: " + pendingReq.getGenericData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class)); SpecificTraceLogger.trace("saml1RequestedFriendlyName: " + pendingReq.getGenericData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class)); @@ -515,8 +515,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { xmlReadInfoboxResponse); X509Certificate cert = p.parseCertificate(); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED); return cert; @@ -534,7 +533,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @throws ConfigurationException */ private String buildAuthenticationBlock(IAuthenticationSession session, - IOAAuthParameters oaParam, IRequest pendingReq) throws BuildException, ConfigurationException { + IOAAuthParameters oaParam, IRequest pendingReq) throws BuildException, ConfigurationException, EAAFBuilderException { IIdentityLink identityLink = session.getIdentityLink(); String issuer = identityLink.getName(); @@ -933,7 +932,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { public void verifyAuthenticationBlock(IRequest pendingReq, IAuthenticationSession session, String xmlCreateXMLSignatureReadResponse) throws AuthenticationException, BuildException, ParseException, - ConfigurationException, ServiceException, ValidateException, BKUException { + ConfigurationException, ServiceException, ValidateException, BKUException, EAAFBuilderException { if (session == null) throw new AuthenticationException("auth.10", new Object[]{ @@ -967,7 +966,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call List<String> vtids = authConfig.getMoaSpAuthBlockVerifyTransformsInfoIDs(); - String tpid = authConfig.getMoaSpAuthBlockTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseAuthBlockTestTestStore()); + String tpid = authConfig.getMoaSpAuthBlockTrustProfileID(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).isUseAuthBlockTestTestStore()); Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); // debug output @@ -997,7 +996,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { } } - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); // validates the <VerifyXMLSignatureResponse> VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp, @@ -1037,10 +1036,10 @@ public class AuthenticationServer extends BaseAuthenticationServer { session.setForeigner(false); //set QAA Level four in case of card authentifcation - session.setQAALevel(PVPConstants.STORK_QAA_1_4); + session.setQAALevel(PVPConstants.EIDAS_QAA_HIGH); + - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED); revisionsLogger.logPersonalInformationEvent(pendingReq, session.getIdentityLink() ); @@ -1072,7 +1071,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { */ protected Element createIdentificationBPK(Element mandatePerson, - String baseid, String target) throws BuildException { + String baseid, String target) throws BuildException, EAAFBuilderException { Element identificationBpK = mandatePerson.getOwnerDocument() .createElementNS(Constants.PD_NS_URI, "Identification"); Element valueBpK = mandatePerson.getOwnerDocument().createElementNS( diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java index 9a807ca00..a2a38c9dd 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java @@ -31,10 +31,10 @@ import javax.xml.transform.TransformerException; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; /** diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index bc28d4f0e..a46c81d06 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -47,21 +47,21 @@ import javax.xml.transform.stream.StreamResult; import org.w3c.dom.Element; import org.w3c.dom.Node; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; @@ -69,8 +69,7 @@ import at.gv.egovernment.moa.util.StringUtils; * Builder for the authentication block <code><saml:Assertion></code> * to be included in a <code><CreateXMLSignatureResponse></code>. * - * @author Paul Ivancsics - * @version $Id$ + * @author Paul Ivancsics */ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertionBuilder implements Constants { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java index a904242e1..8e80fbbbb 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java @@ -49,9 +49,9 @@ package at.gv.egovernment.moa.id.auth.builder; import java.io.IOException; import java.text.MessageFormat; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.FileUtils; /** * Builder for the <code><VerifyXMLSignatureRequest></code> structure diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index f7aba5e53..e4063903d 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -156,9 +156,10 @@ public class GetIdentityLinkFormBuilder extends Builder { String dataURL, String certInfoXMLRequest, String certInfoDataURL, - String pushInfobox, IOAAuthParameters oaParam, + String pushInfobox, + IOAAuthParameters oaParam, String appletheigth, - String appletwidth, + String appletwidth, String contextURL) throws BuildException { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java index 9dcc93e9f..fb65bac04 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java @@ -49,10 +49,10 @@ package at.gv.egovernment.moa.id.auth.builder; import org.w3c.dom.Element; import org.w3c.dom.Node; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; /** * Builder for the <code>lt;pr:Person></code> element to be inserted diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java index 306c871fc..ee58b7fa1 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java @@ -50,9 +50,9 @@ import java.text.MessageFormat; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; /** diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java index 7caf2f5a1..1962d6c82 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java @@ -3,9 +3,9 @@ package at.gv.egovernment.moa.id.auth.modules.internal; import org.apache.commons.lang3.StringUtils; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; /** * Module descriptor @@ -16,7 +16,7 @@ public class DefaultCitizenCardAuthModuleImpl implements AuthModule { public int getPriority() { return 0; } - + @Override public String selectProcess(ExecutionContext context) { //select process if BKU is selected and it is no STORK authentication @@ -26,10 +26,16 @@ public class DefaultCitizenCardAuthModuleImpl implements AuthModule { if (performBKUSelectionObj != null && performBKUSelectionObj instanceof Boolean) performBKUSelection = (boolean) performBKUSelectionObj; - if ( (StringUtils.isBlank((String) context.get("ccc")) && - StringUtils.isBlank((String) context.get("CCC")) ) && - StringUtils.isNotBlank((String) context.get(MOAIDAuthConstants.PARAM_BKU)) && - !performBKUSelection) + if ( (StringUtils.isBlank((String) context.get("ccc")) + && StringUtils.isBlank((String) context.get("CCC")) +// && ( StringUtils.isBlank((String) context.get("useeIDAS")) +// || ( StringUtils.isNotBlank((String) context.get("useeIDAS")) +// && !Boolean.parseBoolean((String) context.get("useeIDAS")) +// ) +// ) + ) + && StringUtils.isNotBlank((String) context.get(MOAIDAuthConstants.PARAM_BKU)) && !performBKUSelection ) + return "DefaultAuthentication"; else diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java index 000a47438..f53dfae45 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java @@ -10,15 +10,15 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.BooleanUtils; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; import at.gv.egovernment.moa.logging.Logger; @@ -50,10 +50,9 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask { throws TaskExecutionException { Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); - try { + try { //execute default task initialization - defaultTaskInitialization(req, executionContext); - + AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); boolean useMandate = moasession.isMandateUsed(); boolean identityLinkAvailable = BooleanUtils.isTrue((Boolean) executionContext.get("identityLinkAvailable")); if (!identityLinkAvailable && useMandate) { @@ -66,7 +65,7 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask { // build dataurl (to the VerifyCertificateSerlvet) String dataurl = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), REQ_VERIFY_CERTIFICATE, - pendingReq.getRequestID()); + pendingReq.getPendingRequestId()); CitizenCardServletUtils.writeCreateXMLSignatureRequest(resp, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); @@ -77,9 +76,6 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask { } catch (IOException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); - } catch (MOADatabaseException e1) { - throw new TaskExecutionException(pendingReq, e1.getMessage(), e1); - } finally { } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java index e1495f254..af8f780ec 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java @@ -10,14 +10,15 @@ import org.springframework.stereotype.Component; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; @@ -61,20 +62,18 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { - try { + try { //execute default task initialization - defaultTaskInitialization(req, executionContext); - + AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); + //normal MOA-ID authentication Logger.debug("Starting normal MOA-ID authentication"); String getIdentityLinkForm = authServer.startAuthentication(moasession, req, pendingReq); if (BooleanUtils.isTrue((Boolean) executionContext.get("useMandate"))) - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, moasession.getBkuURL()); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, moasession.getBkuURL()); if (!StringUtils.isEmpty(getIdentityLinkForm)) { byte[] content = getIdentityLinkForm.getBytes("UTF-8"); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java index ba778002d..ef9ddc1cd 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java @@ -1,42 +1,18 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.PARAM_XMLRESPONSE; -import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.security.cert.CertificateException; -import java.util.Map; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.xml.transform.TransformerException; -import org.apache.commons.fileupload.FileUploadException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; -import org.w3c.dom.Element; -import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.client.SZRGWClientException; -import at.gv.egovernment.moa.id.client.utils.SZRGWClientUtils; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; /** * Evaluates the {@code CreateXMLSignatureResponse}, extracts signature and certificate and asks the SZR Gateway for an identity link.<p/> @@ -71,86 +47,87 @@ public class GetForeignIDTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { - - Logger.debug("POST GetForeignIDServlet"); - - Map<String, String> parameters; - try { - parameters = getParameters(req); - - } catch (FileUploadException | IOException e) { - Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); - throw new TaskExecutionException(pendingReq, "Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage())); - } - - try { - //check if response exists - String xmlCreateXMLSignatureResponse = (String) parameters.get(PARAM_XMLRESPONSE); - if (!ParamValidatorUtils.isValidXMLDocument(xmlCreateXMLSignatureResponse)) { - throw new WrongParametersException("GetForeignID", PARAM_XMLRESPONSE, "auth.12"); - - } - Logger.debug(xmlCreateXMLSignatureResponse); - - //execute default task initialization - defaultTaskInitialization(req, executionContext); - - - CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse) - .parseResponseDsig(); - - try { - String serializedAssertion = DOMUtils.serializeNode(csresp.getDsigSignature()); - moasession.setAuthBlock(serializedAssertion); + throw new MOAIDException("auth.36", new Object[]{"Foreign authentication IS ONLY supported by using eIDAS"}); - } catch (TransformerException e) { - throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - - } catch (IOException e) { - throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - - } - - Element signature = csresp.getDsigSignature(); - - try { - moasession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(signature)); - - } catch (CertificateException e) { - Logger.error("Could not extract certificate from CreateXMLSignatureResponse"); - throw new MOAIDException("auth.14", null); - } - - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_CONNECTED); - // make SZR request to the identity link - CreateIdentityLinkResponse response = SZRGWClientUtils.getIdentityLink(pendingReq, signature); - - if (null != response.getErrorResponse()) { - // TODO fix exception parameter - throw new SZRGWClientException("service.08", (String) response.getErrorResponse().getErrorCode(), - (String) response.getErrorResponse().getInfo()); - } else { - IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream( - response.getIdentityLink())); - IIdentityLink identitylink = ilParser.parseIdentityLink(); - moasession.setIdentityLink(identitylink); - - // set QAA Level four in case of card authentifcation - moasession.setQAALevel(PVPConstants.STORK_QAA_1_4); - - authServer.getForeignAuthenticationData(moasession); - - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED); - - //store pending request - requestStoreage.storePendingRequest(pendingReq); - - - } +// Logger.debug("POST GetForeignIDServlet"); +// +// Map<String, String> parameters; +// +// +// parameters = getParameters(req); +// +// } catch (FileUploadException | IOException e) { +// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); +// throw new TaskExecutionException(pendingReq, "Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage())); +// } +// +// try { +// //check if response exists +// String xmlCreateXMLSignatureResponse = (String) parameters.get(PARAM_XMLRESPONSE); +// if (!ParamValidatorUtils.isValidXMLDocument(xmlCreateXMLSignatureResponse)) { +// throw new WrongParametersException("GetForeignID", PARAM_XMLRESPONSE, "auth.12"); +// +// } +// Logger.debug(xmlCreateXMLSignatureResponse); +// +// //execute default task initialization +// AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); +// +// CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse) +// .parseResponseDsig(); +// +// try { +// String serializedAssertion = DOMUtils.serializeNode(csresp.getDsigSignature()); +// moasession.setAuthBlock(serializedAssertion); +// +// } catch (TransformerException e) { +// throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); +// +// } catch (IOException e) { +// throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); +// +// } +// +// Element signature = csresp.getDsigSignature(); +// +// try { +// moasession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(signature)); +// +// } catch (CertificateException e) { +// Logger.error("Could not extract certificate from CreateXMLSignatureResponse"); +// throw new MOAIDException("auth.14", null); +// } +// +// revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_CONNECTED); +// +// // make SZR request to the identity link +// CreateIdentityLinkResponse response = SZRGWClientUtils.getIdentityLink(pendingReq, signature); +// +// if (null != response.getErrorResponse()) { +// // TODO fix exception parameter +// throw new SZRGWClientException("service.08", (String) response.getErrorResponse().getErrorCode(), +// (String) response.getErrorResponse().getInfo()); +// } else { +// IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream( +// response.getIdentityLink())); +// IIdentityLink identitylink = ilParser.parseIdentityLink(); +// moasession.setIdentityLink(identitylink); +// +// // set QAA Level four in case of card authentifcation +// moasession.setQAALevel(PVPConstants.EIDAS_QAA_HIGH); +// +// authServer.getForeignAuthenticationData(moasession); +// +// revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED); +// +// //store pending request +// pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); +// requestStoreage.storePendingRequest(pendingReq); +// +// +// } } catch (MOAIDException ex) { throw new TaskExecutionException(pendingReq, ex.getMessage(), ex); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java index 3383cf201..af4abe813 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java @@ -15,20 +15,23 @@ import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; import org.xml.sax.SAXException; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.data.MISMandate; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; import iaik.pki.PKIException; /** @@ -58,28 +61,29 @@ import iaik.pki.PKIException; public class GetMISSessionIDTask extends AbstractAuthServletTask { @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; + @Autowired private AuthConfiguration moaAuthConfig; @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { - + Logger.debug("POST GetMISSessionIDServlet"); try { //execute default task initialization - defaultTaskInitialization(req, executionContext); + AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); //get MIS sessionID String misSessionID = moasession.getMISSessionID(); //get mandates from MIS - ConnectionParameterInterface connectionParameters = authConfig - .getOnlineMandatesConnectionParameter(pendingReq.getOnlineApplicationConfiguration()); + ConnectionParameterInterface connectionParameters = moaAuthConfig + .getOnlineMandatesConnectionParameter(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class)); SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( - authConfig, + moaAuthConfig, connectionParameters); List<MISMandate> list = MISSimpleClient.sendGetMandatesRequest( - connectionParameters.getUrl(), misSessionID, sslFactory, authConfig); + connectionParameters.getUrl(), misSessionID, sslFactory, moaAuthConfig); //check if mandates received if (list == null || list.size() == 0) { @@ -87,8 +91,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { throw new AuthenticationException("auth.15", null); } - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED); // for now: list contains only one element @@ -114,9 +117,10 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { moasession.setMISMandate(mandate); //log mandate specific set of events - revisionsLogger.logMandateEventSet(pendingReq, mandate); + //revisionsLogger.logMandateEventSet(pendingReq, mandate); //store pending request with new MOASession data information + pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java index 88a235978..ab53671f2 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java @@ -30,19 +30,21 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; /** @@ -53,11 +55,12 @@ import at.gv.egovernment.moa.util.MiscUtil; public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { @Autowired StartAuthentificationParameterParser authInitialisationParser; + @Autowired private AuthConfiguration moaAuthConfig; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { @@ -81,10 +84,10 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { } protected void internalInitializeWithoutPersist(ExecutionContext executionContext, - HttpServletRequest request, HttpServletResponse response) throws WrongParametersException, MOAIDException, MOADatabaseException { + HttpServletRequest request, HttpServletResponse response) throws EAAFException { Logger.info("BKU is selected -> Start BKU communication ..."); - defaultTaskInitialization(request, executionContext); + AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); boolean isLegacyRequest = false; Object isLegacyRequestObj = executionContext.get("isLegacyRequest"); @@ -109,14 +112,13 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { } //load OA Config - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() }); + throw new AuthenticationException("auth.00", new Object[] { pendingReq.getSPEntityId() }); else { - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid); //get Target from config or from request in case of SAML 1 String target = null; @@ -128,7 +130,7 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { String bkuURL = oaParam.getBKUURL(bkuid); if (MiscUtil.isEmpty(bkuURL)) { Logger.info("No OA specific BKU defined. Use BKU from default configuration"); - bkuURL = authConfig.getDefaultBKUURL(bkuid); + bkuURL = moaAuthConfig.getDefaultBKUURL(bkuid); } //search for OA specific template @@ -139,13 +141,13 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { templateURL = oaTemplateURLList.get(0); } else { - templateURL = authConfig.getSLRequestTemplates(bkuid); + templateURL = moaAuthConfig.getSLRequestTemplates(bkuid); } //make url absolut if it is a local url if (MiscUtil.isNotEmpty(templateURL)) templateURL = FileUtils.makeAbsoluteURL(templateURL, - authConfig.getRootConfigFileDir()); + moaAuthConfig.getRootConfigFileDir()); if (oaParam.isOnlyMandateAllowed()) useMandate = "true"; @@ -156,7 +158,7 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { //parse all OA parameters i authInitialisationParser.parse( moasession, target, - pendingReq.getOAURL(), + pendingReq.getSPEntityId(), bkuURL, templateURL, useMandate, diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java index f7a816c74..d1d0ef086 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java @@ -7,11 +7,12 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; import at.gv.egovernment.moa.logging.Logger; @@ -40,7 +41,7 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask { @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { // note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet @@ -49,13 +50,14 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask { try { //initialize task - defaultTaskInitialization(req, executionContext); + AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); //build authBlock String createXMLSignatureRequest = authServer .getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq); //store pending request with new MOASession data information + pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); requestStoreage.storePendingRequest(pendingReq); //write response diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java index d2fd4d1de..7c9702b8b 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java @@ -30,23 +30,26 @@ import javax.net.ssl.SSLSocketFactory; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.commons.api.exceptions.MISSimpleClientException; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; /** * @author tlenz @@ -55,7 +58,9 @@ import at.gv.egovernment.moa.util.DOMUtils; @Component("PrepareGetMISMandateTask") public class PrepareGetMISMandateTask extends AbstractAuthServletTask { - /* (non-Javadoc) + @Autowired private AuthConfiguration moaAuthConfig; + + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override @@ -66,11 +71,11 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { //mandate Mode try { //perform default task initialization - defaultTaskInitialization(request, executionContext); + AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); ConnectionParameterInterface connectionParameters = - authConfig.getOnlineMandatesConnectionParameter(pendingReq.getOnlineApplicationConfiguration()); - SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(authConfig, connectionParameters); + moaAuthConfig.getOnlineMandatesConnectionParameter(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class)); + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(moaAuthConfig, connectionParameters); // get identitity link as byte[] Element elem = moasession.getIdentityLink().getSamlAssertion(); @@ -83,9 +88,9 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { String redirectURL = new DataURLBuilder().buildDataURL( pendingReq.getAuthURL(), GET_MIS_SESSIONID, - pendingReq.getRequestID()); + pendingReq.getPendingRequestId()); - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); List<String> profiles = oaParam.getMandateProfiles(); if (profiles == null) { @@ -101,8 +106,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { //TODO: check in case of SSO!!! String targetType = oaParam.getAreaSpecificTargetIdentifier(); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED, mandateReferenceValue); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED, mandateReferenceValue); MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest( connectionParameters.getUrl(), @@ -115,7 +119,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { targetType, authBlock, sslFactory, - authConfig); + moaAuthConfig); if (misSessionID == null) { Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null."); @@ -127,10 +131,10 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { moasession.setMISSessionID(misSessionID.getSessiondId()); //store pending request with new MOASession data information + pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); requestStoreage.storePendingRequest(pendingReq); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT); response.setStatus(302); response.addHeader("Location", redirectMISGUI); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java index ddd52c337..3b70c55e9 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java @@ -13,13 +13,14 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -55,7 +56,7 @@ import at.gv.egovernment.moa.logging.Logger; * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet}. * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * - */ + */ @Component("VerifyAuthenticationBlockTask") public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { @@ -86,15 +87,15 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12"); //execute default task initialization - defaultTaskInitialization(req, executionContext); + AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); //verify authBlock authServer.verifyAuthenticationBlock(pendingReq, moasession, createXMLSignatureResponse); //store pending request with new MOASession data information + pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); requestStoreage.storePendingRequest(pendingReq); } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java index 6aefb75a1..5b207d33e 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java @@ -13,14 +13,15 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.util.CertificateUtils; @@ -56,7 +57,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { @@ -76,10 +77,9 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { try { //execute default task initialization - defaultTaskInitialization(req, executionContext); + AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); //read certificate from response X509Certificate cert = authServer.getCertificate(pendingReq, parameters); @@ -98,6 +98,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { authServer.getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq); //store pending request with new MOASession data information + pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); requestStoreage.storePendingRequest(pendingReq); CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate"); @@ -113,8 +114,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { } // Foreign Identities Modus - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND); String createXMLSignatureRequest = authServer.createXMLSignatureRequestForeignID(pendingReq, cert); @@ -123,7 +123,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { new DataURLBuilder().buildDataURL( pendingReq.getAuthURL(), REQ_GET_FOREIGN_ID, - pendingReq.getRequestID()); + pendingReq.getPendingRequestId()); CitizenCardServletUtils.writeCreateXMLSignatureRequest(resp, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java index 4408f3852..99eba56c1 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java @@ -10,13 +10,14 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; /** @@ -48,7 +49,7 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { @@ -65,15 +66,15 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { try { //execute default task initialization - defaultTaskInitialization(req, executionContext); + AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); //verify identityLink boolean identityLinkAvailable = authServer.verifyIdentityLink(pendingReq, moasession, parameters) != null; //store pending request with new MOASession data information + pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); requestStoreage.storePendingRequest(pendingReq); //set 'identityLink exists' flag to context diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java index eca231094..0b5db368f 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java @@ -58,14 +58,14 @@ import org.w3c.dom.Element; import org.w3c.dom.NodeList; import org.w3c.dom.traversal.NodeIterator; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BKUException; import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; /** * Parses an <code><InfoboxReadResponse></code> returned from diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java index 390467bf8..4c9c15e99 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java @@ -53,12 +53,12 @@ import java.util.Vector; import org.w3c.dom.Document; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.auth.data.InfoboxToken; import at.gv.egovernment.moa.id.auth.data.InfoboxTokenImpl; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; /** * Parses and unmarshales <code>InfoboxReadResponse<code>. diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java index 154092b03..8458bce01 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java @@ -63,14 +63,14 @@ import org.apache.xpath.XPathAPI; import org.w3c.dom.Document; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BKUException; import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; import iaik.x509.X509Certificate; /** diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java index 139be49fe..582af517c 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java @@ -31,6 +31,8 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; + /** * @author tlenz * diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 8e3ccb01b..01ef4ee26 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -56,28 +56,29 @@ import javax.xml.bind.DatatypeConverter; import org.jaxen.SimpleNamespaceContext; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.logging.SpecificTraceLogger; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; -import at.gv.egovernment.moa.util.XPathUtils; /** * @@ -136,9 +137,9 @@ public class CreateXMLSignatureResponseValidator { * @throws ConfigurationException */ public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, IAuthenticationSession session, IRequest pendingReq) - throws ValidateException, BuildException, ConfigurationException { + throws ValidateException, BuildException, ConfigurationException, EAAFBuilderException { // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); String oaURL = oaParam.getPublicURLPrefix(); IIdentityLink identityLink = session.getIdentityLink(); @@ -663,11 +664,11 @@ public class CreateXMLSignatureResponseValidator { } catch (Exception e) { SpecificTraceLogger.trace("Validate AuthBlock with SSO"); SpecificTraceLogger.trace("Signed AuthBlock: " + session.getAuthBlock()); - SpecificTraceLogger.trace("OA config: " + pendingReq.getOnlineApplicationConfiguration().toString()); + SpecificTraceLogger.trace("OA config: " + pendingReq.getServiceProviderConfiguration().toString()); throw e; } - + } public void validateSigningDateTime( CreateXMLSignatureResponse csresp) throws ValidateException { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java index 7bb07df74..e023a6507 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -63,17 +63,17 @@ import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; /** diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java index d093cc7f0..01e349d0f 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java @@ -56,9 +56,10 @@ import javax.servlet.http.HttpServletResponse; import com.google.common.net.MediaType; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; +import at.gv.egiz.eaaf.core.impl.utils.ServletUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; @@ -69,7 +70,7 @@ import at.gv.egovernment.moa.logging.Logger; */ public class CitizenCardServletUtils extends ServletUtils{ - /** + /** * Writes out whether the CreateXMLSignatureRequest or a Redirect for form input processing * depending on the requests starting text. * @@ -88,7 +89,7 @@ public class CitizenCardServletUtils extends ServletUtils{ if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) { resp.setStatus(307); String dataURL = new DataURLBuilder().buildDataURL( - pendingReq.getAuthURL(), MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK, pendingReq.getRequestID()); + pendingReq.getAuthURL(), MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK, pendingReq.getPendingRequestId()); resp.addHeader("Location", dataURL); //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) @@ -100,7 +101,7 @@ public class CitizenCardServletUtils extends ServletUtils{ Logger.debug("Finished POST " + servletName); } else { - String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), servletGoal, pendingReq.getRequestID()); + String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), servletGoal, pendingReq.getPendingRequestId()); resp.setContentType("text/html"); resp.setStatus(302); resp.addHeader("Location", redirectURL); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java index 26d50905e..fe0e659c7 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -70,12 +70,12 @@ import org.w3c.dom.Node; import org.w3c.dom.NodeList; import org.xml.sax.SAXException; -import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.MISSimpleClientException; import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule index e628fbd1b..e628fbd1b 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java index ec15a209c..9d59b60f3 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java @@ -48,10 +48,9 @@ package test.at.gv.egovernment.moa.id.auth.builder; import org.w3c.dom.Document; import test.at.gv.egovernment.moa.id.UnitTestCase; - +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; /** * @author Paul Ivancsics diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java index f2fde6322..f83f57144 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java @@ -46,9 +46,9 @@ package test.at.gv.egovernment.moa.id.auth.builder; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.util.Constants; import test.at.gv.egovernment.moa.id.UnitTestCase; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java index 977764878..88b973457 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java @@ -46,20 +46,19 @@ package test.at.gv.egovernment.moa.id.auth.parser; -import iaik.security.rsa.RSAPublicKey; - import java.io.FileOutputStream; import java.io.RandomAccessFile; import java.security.PublicKey; import org.w3c.dom.Document; -import test.at.gv.egovernment.moa.id.UnitTestCase; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; import at.gv.egovernment.moa.id.util.ECDSAKeyValueConverter; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; +import iaik.security.rsa.RSAPublicKey; +import test.at.gv.egovernment.moa.id.UnitTestCase; /** * @author Paul Ivancsics @@ -74,7 +73,7 @@ public class IdentityLinkAssertionParserTest extends UnitTestCase { } public void setUp() { - try { + try { RandomAccessFile s = new RandomAccessFile( "data/test/xmldata/testperson1/InfoboxReadResponse.xml", diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java index 38bf1cab6..58c6b66d0 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java @@ -48,10 +48,10 @@ package test.at.gv.egovernment.moa.id.auth.parser; import java.io.RandomAccessFile; -import test.at.gv.egovernment.moa.id.UnitTestCase; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import test.at.gv.egovernment.moa.id.UnitTestCase; /** * @author Paul Ivancsics @@ -64,7 +64,7 @@ public class InfoboxReadResponseParserTest extends UnitTestCase { public InfoboxReadResponseParserTest(String name) { super(name); } - + public void setUp() { } diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml new file mode 100644 index 000000000..c340f90c9 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml @@ -0,0 +1,59 @@ +<?xml version="1.0"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-modules</artifactId> + <version>${moa-id-version}</version> + </parent> + <artifactId>moa-id-module-AT_eIDAS_connector</artifactId> + <name>moa-id-module-AT_eIDAS_connector</name> + <url>http://maven.apache.org</url> + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + <repositoryPath>${basedir}/../../../../repository</repositoryPath> + </properties> + + <profiles> + <profile> + <id>default</id> + <activation> + <activeByDefault>true</activeByDefault> + </activation> + <repositories> + <repository> + <id>local</id> + <name>local</name> + <url>file:${basedir}/../../../../repository</url> + </repository> + <repository> + <id>egiz-commons</id> + <url>https://demo.egiz.gv.at/int-repo/</url> + <releases> + <enabled>true</enabled> + </releases> + </repository> + </repositories> + </profile> + </profiles> + + <dependencies> + <dependency> + <groupId>MOA.id.server</groupId> + <artifactId>moa-id-lib</artifactId> + </dependency> + + + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-test</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <scope>test</scope> + </dependency> + </dependencies> +</project> diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java new file mode 100644 index 000000000..19950a078 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java @@ -0,0 +1,94 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; + +/** + * @author tlenz + * + */ +public class EidasCentralAuthConstants { + + public static final String MODULE_NAME_FOR_LOGGING = "eIDAS central authentication"; + + public static final int METADATA_VALIDUNTIL_IN_HOURS = 24; + + public static final String HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION = "useeIDAS"; + + public static final String ENDPOINT_POST = "/sp/eidas/post"; + public static final String ENDPOINT_REDIRECT = "/sp/eidas/redirect"; + public static final String ENDPOINT_METADATA = "/sp/eidas/metadata"; + + public static final String CONFIG_PROPS_PREFIX = "modules.eidascentralauth."; + public static final String CONFIG_PROPS_KEYSTORE = CONFIG_PROPS_PREFIX + "keystore.path"; + public static final String CONFIG_PROPS_KEYSTOREPASSWORD = CONFIG_PROPS_PREFIX + "keystore.password"; + public static final String CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.password"; + public static final String CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.alias"; + public static final String CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.password"; + public static final String CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.alias"; + public static final String CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.password"; + public static final String CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.alias"; + public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX + "required.additional.attributes"; + public static final String CONFIG_PROPS_NODE_ENTITYID = CONFIG_PROPS_PREFIX + "node.entityId"; + public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "node.metadataUrl"; + public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "node.trustprofileID"; + + + public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EAAFConstants.EIDAS_LOA_HIGH; + public static final List<Trible<String, String, Boolean>> DEFAULT_REQUIRED_PVP_ATTRIBUTES = + Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() { + private static final long serialVersionUID = 1L; + { + //add PVP Version attribute + add(Trible.newInstance(PVPConstants.PVP_VERSION_NAME, PVPConstants.PVP_VERSION_FRIENDLY_NAME, true)); + + //request entity information + add(Trible.newInstance(PVPConstants.GIVEN_NAME_NAME, PVPConstants.GIVEN_NAME_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.PRINCIPAL_NAME_NAME, PVPConstants.PRINCIPAL_NAME_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.BIRTHDATE_NAME, PVPConstants.BIRTHDATE_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.BPK_NAME, PVPConstants.BPK_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, PVPConstants.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, PVPConstants.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.EID_ISSUING_NATION_NAME, PVPConstants.EID_ISSUING_NATION_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.EID_IDENTITY_LINK_NAME, PVPConstants.EID_IDENTITY_LINK_FRIENDLY_NAME, false)); + } + }); + + public static final List<String> DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES = + Collections.unmodifiableList(new ArrayList<String>() { + private static final long serialVersionUID = 1L; + { + for (Trible<String, String, Boolean> el : DEFAULT_REQUIRED_PVP_ATTRIBUTES) + add(el.getFirst()); + } + }); +} + + diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java new file mode 100644 index 000000000..821a200c7 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java @@ -0,0 +1,103 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth; + +import java.io.Serializable; + +import javax.annotation.PostConstruct; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class EidasCentralAuthModuleImpl implements AuthModule { + + @Autowired(required=true) private AuthenticationManager authManager; + + private int priority = 0; + + @PostConstruct + protected void initalCentralEidasAuthentication() { + //parameter to whiteList + authManager.addParameterNameToWhiteList(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION); + + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() + */ + @Override + public int getPriority() { + return priority; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) + */ + @Override + public String selectProcess(ExecutionContext context) { + Serializable paramObj = context.get(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION); + if (paramObj != null ) { + if (paramObj instanceof String) { + String param = (String)paramObj; + if (StringUtils.isNotEmpty(param) && Boolean.parseBoolean(param)) { + Logger.debug("Centrial eIDAS authentication process selected "); + return "centrialEidasAuthentication"; + + } else + Logger.trace(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION + + " is empty or has value: " + Boolean.parseBoolean(param)); + + } else + Logger.info("Find suspect http param '" + EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION + + "' of type: " + paramObj.getClass().getName()); + } + return null; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:eIDAS_central_node_auth.process.xml" }; + } + + /** + * @param priority the priority to set + */ + public void setPriority(int priority) { + this.priority = priority; + + } +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthSpringResourceProvider.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthSpringResourceProvider.java new file mode 100644 index 000000000..beaaee619 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthSpringResourceProvider.java @@ -0,0 +1,63 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +/** + * @author tlenz + * + */ +public class EidasCentralAuthSpringResourceProvider implements SpringResourceProvider { + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad() + */ + @Override + public Resource[] getResourcesToLoad() { + ClassPathResource federationAuthConfig = new ClassPathResource("/moaid_eIDAS_central_node_auth.beans.xml", EidasCentralAuthSpringResourceProvider.class); + + return new Resource[] {federationAuthConfig}; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan() + */ + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName() + */ + @Override + public String getName() { + return "MOA-ID Auth-module 'central eIDAS Authentication'"; + } + +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthMetadataConfiguration.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthMetadataConfiguration.java new file mode 100644 index 000000000..aad1244f1 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthMetadataConfiguration.java @@ -0,0 +1,355 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.NameIDType; +import org.opensaml.saml2.metadata.ContactPerson; +import org.opensaml.saml2.metadata.Organization; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.xml.security.credential.Credential; + +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class EidasCentralAuthMetadataConfiguration implements IPVPMetadataBuilderConfiguration { + + private Collection<RequestedAttribute> additionalAttributes = null; + + + private String authURL; + private EidasCentralAuthCredentialProvider credentialProvider; + private IPVP2BasicConfiguration pvpConfiguration; + + public EidasCentralAuthMetadataConfiguration(String authURL, + EidasCentralAuthCredentialProvider credentialProvider, + IPVP2BasicConfiguration pvpConfiguration) { + this.authURL = authURL; + this.credentialProvider = credentialProvider; + this.pvpConfiguration = pvpConfiguration; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataValidUntil() + */ + @Override + public int getMetadataValidUntil() { + return EidasCentralAuthConstants.METADATA_VALIDUNTIL_IN_HOURS; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildEntitiesDescriptorAsRootElement() + */ + @Override + public boolean buildEntitiesDescriptorAsRootElement() { + return false; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildIDPSSODescriptor() + */ + @Override + public boolean buildIDPSSODescriptor() { + return false; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildSPSSODescriptor() + */ + @Override + public boolean buildSPSSODescriptor() { + return true; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityIDPostfix() + */ + @Override + public String getEntityID() { + return authURL + EidasCentralAuthConstants.ENDPOINT_METADATA; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityFriendlyName() + */ + @Override + public String getEntityFriendlyName() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getContactPersonInformation() + */ + @Override + public List<ContactPerson> getContactPersonInformation() { + try { + return pvpConfiguration.getIDPContacts(); + + } catch (EAAFException e) { + Logger.warn("Can not load Metadata entry: Contect Person", e); + return null; + + } + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getOrgansiationInformation() + */ + @Override + public Organization getOrgansiationInformation() { + try { + return pvpConfiguration.getIDPOrganisation(); + + } catch (EAAFException e) { + Logger.warn("Can not load Metadata entry: Organisation", e); + return null; + + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataSigningCredentials() + */ + @Override + public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getIDPMetaDataSigningCredential(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getRequestorResponseSigningCredentials() + */ + @Override + public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getIDPAssertionSigningCredential(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEncryptionCredentials() + */ + @Override + public Credential getEncryptionCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getIDPAssertionEncryptionCredential(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSOPostBindingURL() + */ + @Override + public String getIDPWebSSOPostBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSORedirectBindingURL() + */ + @Override + public String getIDPWebSSORedirectBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLOPostBindingURL() + */ + @Override + public String getIDPSLOPostBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLORedirectBindingURL() + */ + @Override + public String getIDPSLORedirectBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServicePostBindingURL() + */ + @Override + public String getSPAssertionConsumerServicePostBindingURL() { + return authURL + EidasCentralAuthConstants.ENDPOINT_POST; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServiceRedirectBindingURL() + */ + @Override + public String getSPAssertionConsumerServiceRedirectBindingURL() { + return authURL + EidasCentralAuthConstants.ENDPOINT_REDIRECT; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOPostBindingURL() + */ + @Override + public String getSPSLOPostBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLORedirectBindingURL() + */ + @Override + public String getSPSLORedirectBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOSOAPBindingURL() + */ + @Override + public String getSPSLOSOAPBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleAttributes() + */ + @Override + public List<Attribute> getIDPPossibleAttributes() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleNameITTypes() + */ + @Override + public List<String> getIDPPossibleNameITTypes() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPRequiredAttributes() + */ + @Override + public Collection<RequestedAttribute> getSPRequiredAttributes() { + Map<String, RequestedAttribute> requestedAttributes = new HashMap<String, RequestedAttribute>(); + for (Trible<String, String, Boolean> el : EidasCentralAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES) + requestedAttributes.put(el.getFirst(), PVPAttributeBuilder.buildReqAttribute(el.getFirst(), el.getSecond(), el.getThird())); + + if (additionalAttributes != null) { + Logger.trace("Add additional PVP attributes into metadata ... "); + for (RequestedAttribute el : additionalAttributes) { + if (requestedAttributes.containsKey(el.getName())) + Logger.debug("Attribute " + el.getName() + " is already added by default configuration. Overwrite it by user configuration"); + + requestedAttributes.put(el.getName(), el); + + } + } + + return requestedAttributes.values(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAllowedNameITTypes() + */ + @Override + public List<String> getSPAllowedNameITTypes() { + return Arrays.asList(NameIDType.PERSISTENT); + + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#getSPNameForLogging() + */ + @Override + public String getSPNameForLogging() { + return EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAssertionSigned() + */ + @Override + public boolean wantAssertionSigned() { + return false; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAuthnRequestSigned() + */ + @Override + public boolean wantAuthnRequestSigned() { + return true; + } + + /** + * Add additonal PVP attributes that are required by this deployment + * + * @param additionalAttr List of PVP attribute name and isRequired flag + */ + public void setAdditionalRequiredAttributes(List<Pair<String, Boolean>> additionalAttr) { + if (additionalAttr != null) { + additionalAttributes = new ArrayList<RequestedAttribute>(); + for (Pair<String, Boolean> el : additionalAttr) { + Attribute attributBuilder = PVPAttributeBuilder.buildEmptyAttribute(el.getFirst()); + if (attributBuilder != null) { + additionalAttributes.add( + PVPAttributeBuilder.buildReqAttribute( + attributBuilder.getName(), + attributBuilder.getFriendlyName(), + el.getSecond())); + + } else + Logger.info("NO PVP attribute with name: " + el.getFirst()); + + } + } + } + +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java new file mode 100644 index 000000000..8376f3aad --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java @@ -0,0 +1,272 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config; + +import java.util.List; + +import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.xml.security.credential.Credential; +import org.w3c.dom.Element; + +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; + +/** + * @author tlenz + * + */ +public class EidasCentralAuthRequestBuilderConfiguration implements IPVPAuthnRequestBuilderConfiguruation { + + private boolean isPassive; + private String SPEntityID; + private String QAA_Level; + private EntityDescriptor idpEntity; + private Credential signCred; + private String scopeRequesterId; + private String providerName; + private List<EAAFRequestedAttribute> requestedAttributes; + private String reqId; + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#isPassivRequest() + */ + @Override + public Boolean isPassivRequest() { + return this.isPassive; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAssertionConsumerServiceId() + */ + @Override + public Integer getAssertionConsumerServiceId() { + return 0; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getEntityID() + */ + @Override + public String getSPEntityID() { + return this.SPEntityID; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy() + */ + @Override + public String getNameIDPolicyFormat() { + return NameID.PERSISTENT; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy() + */ + @Override + public boolean getNameIDPolicyAllowCreation() { + return true; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnContextClassRef() + */ + @Override + public String getAuthnContextClassRef() { + return this.QAA_Level; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnContextComparison() + */ + @Override + public AuthnContextComparisonTypeEnumeration getAuthnContextComparison() { + return AuthnContextComparisonTypeEnumeration.MINIMUM; + } + + /** + * @param isPassive the isPassive to set + */ + public void setPassive(boolean isPassive) { + this.isPassive = isPassive; + } + + /** + * @param sPEntityID the sPEntityID to set + */ + public void setSPEntityID(String sPEntityID) { + SPEntityID = sPEntityID; + } + + /** + * @param qAA_Level the qAA_Level to set + */ + public void setQAA_Level(String qAA_Level) { + QAA_Level = qAA_Level; + } + + /** + * @param idpEntity the idpEntity to set + */ + public void setIdpEntity(EntityDescriptor idpEntity) { + this.idpEntity = idpEntity; + } + + /** + * @param signCred the signCred to set + */ + public void setSignCred(Credential signCred) { + this.signCred = signCred; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnRequestSigningCredential() + */ + @Override + public Credential getAuthnRequestSigningCredential() { + return this.signCred; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getIDPEntityDescriptor() + */ + @Override + public EntityDescriptor getIDPEntityDescriptor() { + return this.idpEntity; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameID() + */ + @Override + public String getSubjectNameID() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSPNameForLogging() + */ + @Override + public String getSPNameForLogging() { + return EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDFormat() + */ + @Override + public String getSubjectNameIDFormat() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getRequestID() + */ + @Override + public String getRequestID() { + return this.reqId; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDQualifier() + */ + @Override + public String getSubjectNameIDQualifier() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationMethode() + */ + @Override + public String getSubjectConformationMethode() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationDate() + */ + @Override + public Element getSubjectConformationDate() { + return null; + } + + @Override + public List<EAAFRequestedAttribute> getRequestedAttributes() { + return this.requestedAttributes; + + } + + @Override + public String getProviderName() { + return this.providerName; + } + + @Override + public String getScopeRequesterId() { + return this.scopeRequesterId; + } + + /** + * Set the entityId of the SP that requests the proxy for eIDAS authentication + * + * @param scopeRequesterId + */ + public void setScopeRequesterId(String scopeRequesterId) { + this.scopeRequesterId = scopeRequesterId; + } + + /** + * Set a friendlyName for the SP that requests the proxy for eIDAS authentication + * + * @param providerName + */ + public void setProviderName(String providerName) { + this.providerName = providerName; + } + + /** + * Set a Set of PVP attributes that a requested by using requested attributes + * + * @param requestedAttributes + */ + public void setRequestedAttributes(List<EAAFRequestedAttribute> requestedAttributes) { + this.requestedAttributes = requestedAttributes; + } + + /** + * Set a RequestId for this Authn. Request + * + * @param reqId + */ + public void setRequestId(String reqId) { + this.reqId = reqId; + } + + + + +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java new file mode 100644 index 000000000..4898c8f1e --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java @@ -0,0 +1,133 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import com.google.common.net.MediaType; + +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config.EidasCentralAuthMetadataConfiguration; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@Controller +public class EidasCentralAuthMetadataController extends AbstractController { + + @Autowired PVPMetadataBuilder metadatabuilder; + @Autowired AuthConfiguration authConfig; + @Autowired EidasCentralAuthCredentialProvider credentialProvider; + @Autowired IPVP2BasicConfiguration pvpConfiguration; + + public EidasCentralAuthMetadataController() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + + " with mappings '" + EidasCentralAuthConstants.ENDPOINT_METADATA + + "'."); + + } + + @RequestMapping(value = EidasCentralAuthConstants.ENDPOINT_METADATA, + method = {RequestMethod.GET}) + public void getSPMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException { + //check PublicURL prefix + try { + String authURL = HTTPUtils.extractAuthURLFromRequest(req); + if (!authConfig.getPublicURLPrefix().contains(authURL)) { + resp.sendError(HttpServletResponse.SC_FORBIDDEN, "No valid request URL"); + return; + + } else { + //initialize metadata builder configuration + EidasCentralAuthMetadataConfiguration metadataConfig = + new EidasCentralAuthMetadataConfiguration(authURL, credentialProvider, pvpConfiguration); + metadataConfig.setAdditionalRequiredAttributes(getAdditonalRequiredAttributes()); + + + //build metadata + String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig); + + //write response + byte[] content = xmlMetadata.getBytes("UTF-8"); + resp.setStatus(HttpServletResponse.SC_OK); + resp.setContentLength(content.length); + resp.setContentType(MediaType.XML_UTF_8.toString()); + resp.getOutputStream().write(content); + + } + + } catch (Exception e) { + Logger.warn("Build federated-authentication PVP metadata FAILED.", e); + handleErrorNoRedirect(e, req, resp, false); + + } + + } + + private List<Pair<String, Boolean>> getAdditonalRequiredAttributes() { + Map<String, String> addReqAttributes = authConfig.getBasicMOAIDConfigurationWithPrefix(EidasCentralAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST); + if (addReqAttributes != null) { + List<Pair<String, Boolean>> result = new ArrayList<Pair<String, Boolean>>(); + for (String el : addReqAttributes.values()) { + if (MiscUtil.isNotEmpty(el)) { + Logger.trace("Parse additional attr. definition: " + el); + List<String> attr = KeyValueUtils.getListOfCSVValues(el.trim()); + if (attr.size() == 2) { + result.add(Pair.newInstance(attr.get(0), Boolean.parseBoolean(attr.get(1)))); + + } else + Logger.info("IGNORE additional attr. definition: " + el + + " Reason: Format not valid"); + } + } + + return result; + } + + return null; + } + +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthSignalController.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthSignalController.java new file mode 100644 index 000000000..1486ef841 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthSignalController.java @@ -0,0 +1,67 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.text.StringEscapeUtils; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Controller +public class EidasCentralAuthSignalController extends AbstractProcessEngineSignalController { + + public EidasCentralAuthSignalController() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + + " with mappings '" + EidasCentralAuthConstants.ENDPOINT_POST + + "' and '" + EidasCentralAuthConstants.ENDPOINT_REDIRECT + "'."); + + } + + @RequestMapping(value = { EidasCentralAuthConstants.ENDPOINT_POST, + EidasCentralAuthConstants.ENDPOINT_REDIRECT + }, + method = {RequestMethod.POST, RequestMethod.GET}) + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + signalProcessManagement(req, resp); + + } + + public String getPendingRequestId(HttpServletRequest request) { + return StringEscapeUtils.escapeHtml4(request.getParameter("RelayState")); + + } +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java new file mode 100644 index 000000000..c3c3331e1 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java @@ -0,0 +1,210 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.tasks; + +import java.security.NoSuchAlgorithmException; +import java.util.ArrayList; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.xml.security.SecurityException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config.EidasCentralAuthRequestBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@Component("CreateEidasCentrialAuthnRequestTask") +public class CreateAuthnRequestTask extends AbstractAuthServletTask { + + @Autowired PVPAuthnRequestBuilder authnReqBuilder; + @Autowired EidasCentralAuthCredentialProvider credential; + @Autowired EidasCentralAuthMetadataProvider metadataService; + + //@Autowired(required=true) ILoALevelMapper loaMapper; + //@Autowired(required=true) MOAMetadataProvider metadataProvider; + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try{ + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_SELECTED); + + //check if eIDAS authentication is enabled for this SP + if (!Boolean.parseBoolean(pendingReq.getServiceProviderConfiguration().getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED, String.valueOf(false)))) { + Logger.info("eIDAS authentication is NOT enabled for OA: " + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier()); + throw new MOAIDException("eIDAS authentication is NOT enabled for OA: " + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(), null); + + } + + // get entityID for central ms-specific eIDAS node + String msNodeEntityID = getCentraleIDASNodeEntityId(pendingReq.getServiceProviderConfiguration()); + + + if (MiscUtil.isEmpty(msNodeEntityID)) { + Logger.info("eIDAS authentication not possible -> NO EntityID for central eIDAS node FOUND!"); + throw new MOAIDException("NO EntityID for central eIDAS node FOUND", null); + + } + + //load metadata with metadataURL, as backup + String metadataURL = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_METADATAURL); + if (MiscUtil.isNotEmpty(metadataURL)) { + Logger.warn("Use not recommended metadata-provider initialization!" + + " SAML2 'Well-Known-Location' is the preferred methode."); + Logger.info("Initialize 'ms-specific eIDAS node' metadata-provider with URL:" + metadataURL); + metadataService.addMetadataWithMetadataURL(metadataURL); + + } + + //load IDP SAML2 entitydescriptor + EntityDescriptor entityDesc = metadataService.getEntityDescriptor(msNodeEntityID); + if (entityDesc == null) { + Logger.error("Requested 'ms-specific eIDAS node' " + entityDesc + + " has no valid metadata or metadata is not found"); + throw new MOAIDException("Requested 'ms-specific eIDAS node' " + entityDesc + + " has no valid metadata or metadata is not found", null); + + } + + //setup AuthnRequestBuilder configuration + EidasCentralAuthRequestBuilderConfiguration authnReqConfig = new EidasCentralAuthRequestBuilderConfiguration(); + SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + authnReqConfig.setRequestId(gen.generateIdentifier()); + authnReqConfig.setIdpEntity(entityDesc); + authnReqConfig.setPassive(false); + authnReqConfig.setSignCred(credential.getIDPAssertionSigningCredential()); + authnReqConfig.setSPEntityID(pendingReq.getAuthURL() + EidasCentralAuthConstants.ENDPOINT_METADATA); + authnReqConfig.setQAA_Level( + pendingReq.getServiceProviderConfiguration().getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, + EidasCentralAuthConstants.CONFIG_DEFAULT_LOA_EIDAS_LEVEL)); + + authnReqConfig.setScopeRequesterId(pendingReq.getServiceProviderConfiguration().getUniqueIdentifier()); + authnReqConfig.setProviderName(pendingReq.getServiceProviderConfiguration().getFriendlyName()); + authnReqConfig.setRequestedAttributes(buildRequestedAttributes()); + + //build and transmit AuthnRequest + authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response); + + revisionsLogger.logEvent(pendingReq, + MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_REQUESTED, + authnReqConfig.getRequestID()); + + } catch (MOAIDException e) { + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } catch (MetadataProviderException e) { + throw new TaskExecutionException(pendingReq, "Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED.", e); + + } catch (MessageEncodingException | NoSuchAlgorithmException | SecurityException e) { + Logger.error("Build PVP2.1 AuthnRequest for SSO inderfederation FAILED", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } catch (Exception e) { + Logger.error("Build PVP2.1 AuthnRequest for SSO inderfederation FAILED", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + } + + private String getCentraleIDASNodeEntityId(ISPConfiguration spConfiguration) { + //load from service-provider configuration + String msNodeEntityID = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL); + + if (StringUtils.isEmpty(msNodeEntityID)) { + Logger.debug("No SP-specific central eIDAS-node URL. Switch to general configuration ... "); + if (authConfig instanceof AuthConfiguration) { + AuthConfiguration moaAuthConfig = (AuthConfiguration)authConfig; + List<String> configuratedEntityIDs = KeyValueUtils.getListOfCSVValues( + moaAuthConfig.getConfigurationWithKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL)); + + if (configuratedEntityIDs.size() > 0) + msNodeEntityID = configuratedEntityIDs.get(0); + else + Logger.info("No central eIDAS-node URL in IDP configuration. Switch to backup configuration ... "); + + } else + Logger.info("Basic configuration is NOT of type '" + AuthConfiguration.class.getName() + + "' Switch to generic Type ... "); + + + if (StringUtils.isEmpty(msNodeEntityID)) + msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID); + + } + + return msNodeEntityID; + } + + private List<EAAFRequestedAttribute> buildRequestedAttributes() { + List<EAAFRequestedAttribute> attributs = new ArrayList<EAAFRequestedAttribute>(); + + //build EID sector for identification attribute + Attribute attr = PVPAttributeBuilder.buildEmptyAttribute(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME); + EAAFRequestedAttribute reqAttr = SAML2Utils.generateReqAuthnAttributeSimple( + attr , + true, + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + attributs.add(reqAttr ); + + //TODO: add mandate information if mandates are used!!!! + + return attributs; + } + +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java new file mode 100644 index 000000000..c034dc95e --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java @@ -0,0 +1,251 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.tasks; + +import java.io.IOException; +import java.util.Set; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.transform.TransformerException; + +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.ws.message.decoder.MessageDecodingException; +import org.opensaml.xml.io.MarshallingException; +import org.opensaml.xml.security.SecurityException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@Component("ReceiveFederatedAuthnResponseTask") +public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { + + @Autowired private SAMLVerificationEngineSP samlVerificationEngine; + @Autowired private EidasCentralAuthCredentialProvider credentialProvider; + @Autowired(required=true) EidasCentralAuthMetadataProvider metadataProvider; + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + InboundMessage msg = null; + + try { + + IDecoder decoder = null; + EAAFURICompare comperator = null; + //select Response Binding + if (request.getMethod().equalsIgnoreCase("POST")) { + decoder = new PostBinding(); + comperator = new EAAFURICompare(pendingReq.getAuthURL() + EidasCentralAuthConstants.ENDPOINT_POST); + Logger.trace("Receive PVP Response from 'ms-specific eIDAS node', by using POST-Binding."); + + } else if (request.getMethod().equalsIgnoreCase("GET")) { + decoder = new RedirectBinding(); + comperator = new EAAFURICompare(pendingReq.getAuthURL() + EidasCentralAuthConstants.ENDPOINT_REDIRECT); + Logger.trace("Receive PVP Response from 'ms-specific eIDAS node', by using Redirect-Binding."); + + } else { + Logger.warn("Receive PVP Response, but Binding (" + + request.getMethod() + ") is not supported."); + throw new AuthnResponseValidationException("sp.pvp2.03", new Object[] {EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING}); + + } + + //decode PVP response object + msg = (InboundMessage) decoder.decode( + request, response, metadataProvider, true, + comperator); + + if (MiscUtil.isEmpty(msg.getEntityID())) { + throw new InvalidProtocolRequestException("sp.pvp2.04", + new Object[] {EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING}); + + } + + //validate response signature + if(!msg.isVerified()) { + samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); + msg.setVerified(true); + + } + + //validate assertion + PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg); + + //validate entityId of response + String msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID); + String respEntityId = msg.getEntityID(); + if (!msNodeEntityID.equals(respEntityId)) { + Logger.warn("Response Issuer is not a 'ms-specific eIDAS node'. Stopping eIDAS authentication ..."); + throw new AuthnResponseValidationException("sp.pvp2.08", + new Object[] {EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING, + msg.getEntityID()}); + + } + + //initialize Attribute extractor + AssertionAttributeExtractor extractor = + new AssertionAttributeExtractor((Response) processedMsg.getResponse()); + + getAuthDataFromInterfederation(extractor, pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class)); + + //store pending-request + requestStoreage.storePendingRequest(pendingReq); + + //write log entries + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID); + Logger.info("Receive a valid assertion from IDP " + msg.getEntityID()); + + } catch (MessageDecodingException | SecurityException e) { + String samlRequest = request.getParameter("SAMLRequest"); + Logger.warn("Receive INVALID PVP Response from 'ms-specific eIDAS node': " + samlRequest, e); + throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from federated IDP", e); + + } catch (IOException | MarshallingException | TransformerException e) { + Logger.warn("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e); + throw new TaskExecutionException(pendingReq, "Processing PVP response from 'ms-specific eIDAS node' FAILED.", e); + + } catch (CredentialsNotAvailableException e) { + Logger.error("PVP response decrytion FAILED. No credential found.", e); + throw new TaskExecutionException(pendingReq, "PVP response decrytion FAILED. No credential found.", e); + + } catch (AssertionValidationExeption | AuthnResponseValidationException e) { + Logger.info("PVP response validation FAILED. Msg:" + e.getMessage()); + throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e); + + } catch (Exception e) { + Logger.warn("PVP response validation FAILED. Msg:" + e.getMessage(), e); + throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e); + + } + + } + + private void getAuthDataFromInterfederation(AssertionAttributeExtractor extractor, IOAAuthParameters spConfig) throws BuildException, ConfigurationException{ + try { + //check if all attributes are include + if (!extractor.containsAllRequiredAttributes() + && !extractor.containsAllRequiredAttributes(EidasCentralAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES)) { + Logger.warn("PVP Response from federated IDP contains not all requested attributes."); + throw new AssertionValidationExeption("sp.pvp2.06", new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING}); + + } + + //copy attributes into MOASession + Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames(); + for (String el : includedAttrNames) { + String value = extractor.getSingleAttributeValue(el); + pendingReq.setGenericDataToSession(el, value); + Logger.debug("Add PVP-attribute " + el + " into MOASession"); + + } + + } catch (AssertionValidationExeption e) { + throw new BuildException("builder.06", null, e); + + } catch (EAAFStorageException e) { + throw new BuildException("builder.06", null, e); + + } + } + + /** + * PreProcess AuthResponse and Assertion + * @param msg + * @throws TransformerException + * @throws MarshallingException + * @throws IOException + * @throws CredentialsNotAvailableException + * @throws AssertionValidationExeption + * @throws AuthnResponseValidationException + */ + private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException { + Logger.debug("Start PVP21 assertion processing... "); + Response samlResp = (Response) msg.getResponse(); + + // check SAML2 response status-code + if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + //validate PVP 2.1 assertion + samlVerificationEngine.validateAssertion(samlResp, true, + credentialProvider.getIDPAssertionEncryptionCredential(), + pendingReq.getAuthURL() + EidasCentralAuthConstants.ENDPOINT_METADATA, + EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING); + + msg.setSAMLMessage(SAML2Utils.asDOMDocument(samlResp).getDocumentElement()); + revisionsLogger.logEvent(pendingReq, + MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED, + samlResp.getID()); + return msg; + + } else { + Logger.info("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue() + + " from 'ms-specific eIDAS node'."); + revisionsLogger.logEvent(pendingReq, + MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR); + throw new AuthnResponseValidationException("sp.pvp2.05", + new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING, + samlResp.getIssuer().getValue(), + samlResp.getStatus().getStatusCode().getValue(), + samlResp.getStatus().getStatusMessage().getMessage()}); + + } + + } + +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthCredentialProvider.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthCredentialProvider.java new file mode 100644 index 000000000..f2f8530f6 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthCredentialProvider.java @@ -0,0 +1,124 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; + +/** + * @author tlenz + * + */ +@Service("EidasCentralAuthCredentialProvider") +public class EidasCentralAuthCredentialProvider extends AbstractCredentialProvider { + + @Autowired AuthConfiguration authConfig; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath() + */ + @Override + public String getKeyStoreFilePath() throws ConfigurationException { + return FileUtils.makeAbsoluteURL( + authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_KEYSTORE), + authConfig.getRootConfigFileDir()); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStorePassword() + */ + @Override + public String getKeyStorePassword() { + return authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getMetadataKeyAlias() + */ + @Override + public String getMetadataKeyAlias() { + return authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getMetadataKeyPassword() + */ + @Override + public String getMetadataKeyPassword() { + return authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getSignatureKeyAlias() + */ + @Override + public String getSignatureKeyAlias() { + return authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getSignatureKeyPassword() + */ + @Override + public String getSignatureKeyPassword() { + return authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getEncryptionKeyAlias() + */ + @Override + public String getEncryptionKeyAlias() { + return authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getEncryptionKeyPassword() + */ + @Override + public String getEncryptionKeyPassword() { + return authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getCredentialName() + */ + @Override + public String getFriendlyName() { + return "eIDAS centrial authentication"; + } + +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java new file mode 100644 index 000000000..5cee90658 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java @@ -0,0 +1,345 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils; + +import java.net.MalformedURLException; +import java.util.List; +import java.util.Timer; + +import javax.xml.namespace.QName; + +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.MOAHttpClient; +import org.apache.commons.httpclient.params.HttpClientParams; +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.RoleDescriptor; +import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.saml2.metadata.provider.MetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.parse.BasicParserPool; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.IDestroyableObject; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ + +@Service("EidasCentralAuthMetadataProvider") +public class EidasCentralAuthMetadataProvider extends SimpleMetadataProvider + implements IDestroyableObject { + @Autowired(required=true) AuthConfiguration moaAuthConfig; + + private ChainingMetadataProvider metadataProvider = new ChainingMetadataProvider(); + private Timer timer = null; + + + public EidasCentralAuthMetadataProvider() { + metadataProvider.setRequireValidMetadata(true); + + } + + public void addMetadataWithMetadataURL(String metadataURL) throws MetadataProviderException { + internalInitialize(metadataURL); + + } + + public void destroy() { + fullyDestroy(); + + } + + + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#requireValidMetadata() + */ + @Override + public boolean requireValidMetadata() { + return metadataProvider.requireValidMetadata(); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#setRequireValidMetadata(boolean) + */ + @Override + public void setRequireValidMetadata(boolean requireValidMetadata) { + metadataProvider.setRequireValidMetadata(requireValidMetadata); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadataFilter() + */ + @Override + public MetadataFilter getMetadataFilter() { + return metadataProvider.getMetadataFilter(); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#setMetadataFilter(org.opensaml.saml2.metadata.provider.MetadataFilter) + */ + @Override + public void setMetadataFilter(MetadataFilter newFilter) throws MetadataProviderException { + Logger.fatal("Set Metadata Filter is not implemented her!"); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadata() + */ + @Override + public XMLObject getMetadata() throws MetadataProviderException { + return metadataProvider.getMetadata(); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getEntitiesDescriptor(java.lang.String) + */ + @Override + public EntitiesDescriptor getEntitiesDescriptor(String name) throws MetadataProviderException { + return metadataProvider.getEntitiesDescriptor(name); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getEntityDescriptor(java.lang.String) + */ + @Override + public EntityDescriptor getEntityDescriptor(String entityID) throws MetadataProviderException { + try { + //search if metadata is already loaded + EntityDescriptor entityDesc = metadataProvider.getEntityDescriptor(entityID); + + if (entityDesc != null) + return entityDesc; + else + Logger.info("No ms-specific eIDAS node: " + entityID + " Starting refresh process ..."); + + } catch (MetadataProviderException e) { + Logger.info("Access ms-specific eIDAS node: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ..."); + + } + + //(re)initialize ms-specific eIDAS node + internalInitialize(entityID); + + //search again after reload (re)initialization + try { + EntityDescriptor entityDesc = metadataProvider.getEntityDescriptor(entityID); + if (entityDesc == null) { + Logger.error("MS-specific eIDAS node Client ERROR: No EntityID with "+ entityID); + throw new MetadataProviderException("No EntityID with "+ entityID); + } + + return entityDesc; + + } catch (MetadataProviderException e) { + Logger.error("MS-specific eIDAS node Client ERROR: Metadata extraction FAILED.", e); + throw new MetadataProviderException("Metadata extraction FAILED", e); + + } + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName) + */ + @Override + public List<RoleDescriptor> getRole(String entityID, QName roleName) throws MetadataProviderException { + try { + //search if metadata is already loaded + List<RoleDescriptor> role = metadataProvider.getRole(entityID, roleName); + + if (role != null) + return role; + else + Logger.info("No ms-specific eIDAS node: " + entityID + " Starting refresh process ..."); + + } catch (MetadataProviderException e) { + Logger.info("Access ms-specific eIDAS node: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ..."); + + } + + //(re)initialize ms-specific eIDAS node + internalInitialize(entityID); + + //search again after reload (re)initialization + return metadataProvider.getRole(entityID, roleName); + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName, java.lang.String) + */ + @Override + public RoleDescriptor getRole(String entityID, QName roleName, String supportedProtocol) + throws MetadataProviderException { + try { + //search if metadata is already loaded + RoleDescriptor role = metadataProvider.getRole(entityID, roleName, supportedProtocol); + + if (role != null) + return role; + else + Logger.info("No ms-specific eIDAS node: " + entityID + " Starting refresh process ..."); + + } catch (MetadataProviderException e) { + Logger.info("Access ms-specific eIDAS node: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ..."); + + } + + //(re)initialize ms-specific eIDAS node + internalInitialize(entityID); + + //search again after reload (re)initialization + return metadataProvider.getRole(entityID, roleName, supportedProtocol); + } + + private synchronized void internalInitialize(String metdataURL) throws MetadataProviderException { + + //check if metadata with EntityID already exists in chaining metadata provider + boolean addNewMetadata = true; + try { + addNewMetadata = (metadataProvider.getEntityDescriptor(metdataURL) == null); + + } catch (MetadataProviderException e) {} + + //switch between metadata refresh and add new metadata + if (addNewMetadata) { + //Metadata provider seems not loaded --> Add new metadata provider + Logger.info("Initialize PVP MetadataProvider:" + metdataURL + " to connect ms-specific eIDAS node"); + + String trustProfileID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_TRUSTPROFILEID); + if (MiscUtil.isEmpty(trustProfileID)) { + Logger.error("Create ms-specific eIDAS node Client FAILED: No trustProfileID to verify PVP metadata." ); + throw new MetadataProviderException("No trustProfileID to verify PVP metadata."); + } + + //initialize Timer if it is null + if (timer == null) + timer = new Timer(true); + + //create metadata validation filter chain + MetadataFilterChain filter = new MetadataFilterChain(); + filter.addFilter(new SchemaValidationFilter(true)); + filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID)); + + MetadataProvider idpMetadataProvider = createNewSimpleMetadataProvider(metdataURL, + filter, + EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING, + timer, + new BasicParserPool(), + createHttpClient(metdataURL)); + + if (idpMetadataProvider == null) { + Logger.error("Create ms-specific eIDAS node Client FAILED."); + throw new MetadataProviderException("Can not initialize 'ms-specific eIDAS node' metadata provider."); + + } + + idpMetadataProvider.setRequireValidMetadata(true); + metadataProvider.addMetadataProvider(idpMetadataProvider); + + } else { + //Metadata provider seems already loaded --> start refresh process + List<MetadataProvider> loadedProvider = metadataProvider.getProviders(); + for (MetadataProvider el : loadedProvider) { + if (el instanceof HTTPMetadataProvider) { + HTTPMetadataProvider prov = (HTTPMetadataProvider)el; + if (prov.getMetadataURI().equals(metdataURL)) + prov.refresh(); + + } else + Logger.warn("'ms-specific eIDAS node' Metadata provider is not of Type 'HTTPMetadataProvider'! Something is suspect!!!!"); + + } + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.IDestroyableObject#fullyDestroy() + */ + @Override + public void fullyDestroy() { + Logger.info("Destroy 'ms-specific eIDAS node' PVP metadata pool ... "); + + if (metadataProvider != null) { + metadataProvider.destroy(); + + } + + if (timer != null) + timer.cancel(); + + } + + private HttpClient createHttpClient(String metadataURL) { + MOAHttpClient httpClient = new MOAHttpClient(); + HttpClientParams httpClientParams = new HttpClientParams(); + httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT); + httpClient.setParams(httpClientParams); + + if (metadataURL.startsWith("https:")) { + try { + //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + PVPConstants.SSLSOCKETFACTORYNAME, + moaAuthConfig.getTrustedCACertificates(), + null, + AuthConfiguration.DEFAULT_X509_CHAININGMODE, + moaAuthConfig.isTrustmanagerrevoationchecking(), + moaAuthConfig.getRevocationMethodOrder(), + moaAuthConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); + + httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); + + } catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) { + Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); + + } + } + + return httpClient; + + } +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 000000000..5954455a4 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthSpringResourceProvider
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/eIDAS_central_node_auth.process.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/eIDAS_central_node_auth.process.xml new file mode 100644 index 000000000..02bf7bcad --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/eIDAS_central_node_auth.process.xml @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8"?> +<pd:ProcessDefinition id="centrialEidasAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> + + <pd:Task id="createEidasAuthnRequest" class="CreateEidasCentrialAuthnRequestTask" /> + <pd:Task id="receiveEidasAuthnResponse" class="ReceiveEidasCentrialAuthnResponseTask" async="true" /> + <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> + + <pd:StartEvent id="start" /> + + <pd:Transition from="start" to="createEidasAuthnRequest" /> + <pd:Transition from="createEidasAuthnRequest" to="receiveEidasAuthnResponse"/> + <pd:Transition from="receiveEidasAuthnResponse" to="finalizeAuthentication"/> + <pd:Transition from="finalizeAuthentication" to="end" /> + + <pd:EndEvent id="end" /> + +</pd:ProcessDefinition>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml new file mode 100644 index 000000000..f57d4a94b --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml @@ -0,0 +1,43 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + +<!-- Federated authentication services --> + <bean id="EidasCentralAuthCredentialProvider" + class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider"/> + + <bean id="EidasCentralAuthMetadataController" + class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller.EidasCentralAuthMetadataController"/> + + <bean id="EidasCentralAuthModuleImpl" + class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthModuleImpl"> + <property name="priority" value="2" /> + </bean> + + <bean id="EidasCentralAuthSignalController" + class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller.EidasCentralAuthSignalController"/> + + <bean id="EidasCentralAuthMetadataProvider" + class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider" /> + + <bean id="pvpAuthnRequestBuilder" + class="at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder" /> + +<!-- Federated Authentication Process Tasks --> + <bean id="CreateEidasCentrialAuthnRequestTask" + class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.tasks.CreateAuthnRequestTask" + scope="prototype"/> + + <bean id="ReceiveEidasCentrialAuthnResponseTask" + class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.tasks.ReceiveAuthnResponseTask" + scope="prototype"/> + +</beans>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java index 0b7b674a4..b17f0c121 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java @@ -29,13 +29,13 @@ import javax.annotation.PostConstruct; import org.springframework.beans.factory.annotation.Autowired; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.tasks.FirstBKAMobileAuthTask; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; -import at.gv.egovernment.moa.id.moduls.AuthenticationManager; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -48,7 +48,7 @@ public class BKAMobileAuthModule implements AuthModule { private int priority = 2; @Autowired(required=true) protected AuthConfiguration authConfig; - @Autowired(required=true) private AuthenticationManager authManager; + @Autowired(required=true) private IAuthenticationManager authManager; private List<String> uniqueIDsDummyAuthEnabled = new ArrayList<String>(); private String noAuthHeaderValue = null; @@ -58,7 +58,7 @@ public class BKAMobileAuthModule implements AuthModule { */ @Override public int getPriority() { - return priority; + return priority; } /** @@ -71,8 +71,8 @@ public class BKAMobileAuthModule implements AuthModule { @PostConstruct public void initialDummyAuthWhiteList() { - String sensitiveSpIdentifier = authConfig.getBasicMOAIDConfiguration("modules.bkamobileAuth.entityID"); - noAuthHeaderValue = authConfig.getBasicMOAIDConfiguration("modules.bkamobileAuth.noAuthHeaderValue", "0"); + String sensitiveSpIdentifier = authConfig.getBasicConfiguration("modules.bkamobileAuth.entityID"); + noAuthHeaderValue = authConfig.getBasicConfiguration("modules.bkamobileAuth.noAuthHeaderValue", "0"); Logger.info("Dummy authentication is sensitive on 'X-MOA-VDA' value: " + noAuthHeaderValue); if (MiscUtil.isNotEmpty(sensitiveSpIdentifier)) { @@ -96,7 +96,7 @@ public class BKAMobileAuthModule implements AuthModule { */ @Override public String selectProcess(ExecutionContext context) { - String spEntityID = (String) context.get(MOAIDAuthConstants.PROCESSCONTEXT_UNIQUE_OA_IDENTFIER); + String spEntityID = (String) context.get(EAAFConstants.PROCESS_ENGINE_SERVICE_PROVIDER_ENTITYID); String sl20ClientTypeHeader = (String) context.get("SL2ClientType".toLowerCase()); String sl20VDATypeHeader = (String) context.get("X-MOA-VDA".toLowerCase()); if (MiscUtil.isNotEmpty(spEntityID)) { diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java index 15cf298f1..ec43adccc 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java @@ -29,6 +29,7 @@ import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.spec.InvalidKeySpecException; import java.security.spec.KeySpec; +import java.util.Date; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; @@ -53,16 +54,18 @@ import com.google.gson.JsonObject; import com.google.gson.JsonParseException; import com.google.gson.JsonParser; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; @@ -88,9 +91,9 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { private static final String EIDCONTAINER_KEY_SALT = "salt"; private static final String EIDCONTAINER_KEY_IV = "iv"; private static final String EIDCONTAINER_EID = "eid"; - private static final String EIDCONTAINER_KEY_IDL = "idl"; + private static final String EIDCONTAINER_KEY_IDL = "idl"; private static final String EIDCONTAINER_KEY_BINDINGCERT = "cert"; - + public static final String REQ_PARAM_eID_BLOW = "eidToken"; @Autowired(required=true) private AuthConfiguration authConfig; @@ -111,8 +114,8 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { throw new MOAIDException("NO eID data blob included!", null); } - parseDemoValuesIntoMOASession(pendingReq, pendingReq.getMOASession(), eIDBlobRawB64); - + parseDemoValuesIntoMOASession(pendingReq, eIDBlobRawB64); + } catch (MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); @@ -133,7 +136,9 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { * @throws MOAIDException * @throws IOException */ - private void parseDemoValuesIntoMOASession(IRequest pendingReq, IAuthenticationSession moaSession, String eIDBlobRawB64) throws MOAIDException, IOException { + private void parseDemoValuesIntoMOASession(IRequest pendingReq, String eIDBlobRawB64) throws MOAIDException, IOException { + IAuthenticationSession moaSession = new AuthenticationSession("1235", new Date()); + Logger.debug("Check eID blob signature ... "); byte[] eIDBlobRaw = Base64Utils.decode(eIDBlobRawB64.trim(), false); @@ -205,10 +210,12 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { moaSession.setUseMandates(false); moaSession.setForeigner(false); moaSession.setBkuURL("http://egiz.gv.at/BKA_MobileAuthTest"); - moaSession.setQAALevel(PVPConstants.STORK_QAA_1_3); + moaSession.setQAALevel(PVPConstants.EIDAS_QAA_SUBSTANTIAL); Logger.info("Session Restore completed"); + pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession()); + } catch (MOAIDException e) { throw e; @@ -236,6 +243,10 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { Logger.error("Can not extract mobile-app binding-certificate from eID blob.", e); throw new MOAIDException("Can not extract mobile-app binding-certificate from eID blob.", null, e); + } catch (EAAFStorageException e) { + Logger.error("Can not populate pending-request with eID data.", e); + throw new MOAIDException("Can not populate pending-request with eID data.", null, e); + } finally { } @@ -243,7 +254,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { } private SecretKey generateDecryptionKey(byte[] salt) throws MOAIDException { - String decryptionPassPhrase = authConfig.getBasicMOAIDConfiguration(CONF_EID_TOKEN_ENCRYPTION_KEY, "DEFAULTPASSWORD"); + String decryptionPassPhrase = authConfig.getBasicConfiguration(CONF_EID_TOKEN_ENCRYPTION_KEY, "DEFAULTPASSWORD"); try { SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); KeySpec spec = new PBEKeySpec(decryptionPassPhrase.toCharArray(), salt, 2000, 128); @@ -276,7 +287,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { } SignerInfo signerInfos = verifySigResult.getSignerInfo(); DateTime date = new DateTime(signerInfos.getSigningTime().getTime()); - Integer signingTimeJitter = Integer.valueOf(authConfig.getBasicMOAIDConfiguration(CONF_SIGNING_TIME_JITTER, "5")); + Integer signingTimeJitter = Integer.valueOf(authConfig.getBasicConfiguration(CONF_SIGNING_TIME_JITTER, "5")); if (date.plusMinutes(signingTimeJitter).isBeforeNow()) { Logger.warn("CMS signature-time is before: " + date.plusMinutes(signingTimeJitter)); throw new MOAIDException("CMS signature-time is before: " + date.plusMinutes(signingTimeJitter), null); @@ -290,7 +301,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { cmsSigVerifyReq.setSignatories(VerifyCMSSignatureRequestImpl.ALL_SIGNATORIES); cmsSigVerifyReq.setExtended(false); cmsSigVerifyReq.setPDF(false); - cmsSigVerifyReq.setTrustProfileId(authConfig.getBasicMOAIDConfiguration(CONF_MOASPSS_TRUSTPROFILE, "!!NOT SET!!!")); + cmsSigVerifyReq.setTrustProfileId(authConfig.getBasicConfiguration(CONF_MOASPSS_TRUSTPROFILE, "!!NOT SET!!!")); cmsSigVerifyReq.setCMSSignature(new ByteArrayInputStream(eIDBlobRaw)); return cmsSigVerifyReq; } diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java index 4b18e7112..5e79aee8e 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java @@ -25,24 +25,29 @@ package at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.tasks; import java.io.IOException; import java.io.InputStream; import java.net.URL; +import java.util.Date; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; /** * @author tlenz @@ -50,17 +55,19 @@ import at.gv.egovernment.moa.util.FileUtils; */ @Component("SecondBKAMobileAuthTask") public class SecondBKAMobileAuthTask extends AbstractAuthServletTask { - + + @Autowired AuthConfiguration moaAuthConfig; + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - + try { Logger.info("Add user credentials for BKA MobileAuth SAML2 test and finalize authentication"); - parseDemoValuesIntoMOASession(pendingReq, pendingReq.getMOASession()); + parseDemoValuesIntoMOASession(pendingReq); // store MOASession into database requestStoreage.storePendingRequest(pendingReq); @@ -78,27 +85,32 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask { * @param pendingReq * @param moaSession * @throws MOAIDException + * @throws EAAFStorageException */ - private void parseDemoValuesIntoMOASession(IRequest pendingReq, IAuthenticationSession moaSession) throws MOAIDException { + private void parseDemoValuesIntoMOASession(IRequest pendingReq) throws MOAIDException, EAAFStorageException { + IAuthenticationSession moaSession = new AuthenticationSession("1233", new Date()); + moaSession.setUseMandates(false); moaSession.setForeigner(false); moaSession.setBkuURL("http://egiz.gv.at/BKA_MobileAuthTest"); - moaSession.setQAALevel(PVPConstants.STORK_QAA_1_4); + moaSession.setQAALevel(PVPConstants.EIDAS_QAA_HIGH); try { - String idlurl = FileUtils.makeAbsoluteURL(authConfig.getMonitoringTestIdentityLinkURL(), authConfig.getRootConfigFileDir()); + String idlurl = FileUtils.makeAbsoluteURL(moaAuthConfig.getMonitoringTestIdentityLinkURL(), moaAuthConfig.getRootConfigFileDir()); URL keystoreURL = new URL(idlurl); InputStream idlstream = keystoreURL.openStream(); IIdentityLink identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink(); moaSession.setIdentityLink(identityLink); - + } catch (ParseException | IOException e) { Logger.error("IdentityLink is not parseable.", e); throw new MOAIDException("IdentityLink is not parseable.", null); } + pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession()); + } } diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationModulImpl.java index 6e3170534..6883e0cb5 100644 --- a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationModulImpl.java +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationModulImpl.java @@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.auth.modules.eidas_v2; import org.apache.commons.lang3.StringUtils; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule; import at.gv.egovernment.moa.id.process.api.ExecutionContext; /** diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASSignalServlet.java index 3198d04a3..9a98c1ae1 100644 --- a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASSignalServlet.java +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASSignalServlet.java @@ -32,7 +32,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/CreateIdentityLinkTask.java index dec4f6a89..b0add27ba 100644 --- a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/CreateIdentityLinkTask.java +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/CreateIdentityLinkTask.java @@ -33,10 +33,10 @@ import org.springframework.stereotype.Component; import org.w3c.dom.Element; import org.w3c.dom.Node; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/GenerateAuthnRequestTask.java index 3085d0e70..08496afcc 100644 --- a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/GenerateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/GenerateAuthnRequestTask.java @@ -45,15 +45,15 @@ import org.springframework.util.StringUtils; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.eidas_v2.Constants; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.CPEPS; import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/ReceiveAuthnResponseTask.java index 9ead5e4fe..03e345b43 100644 --- a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/ReceiveAuthnResponseTask.java @@ -7,10 +7,10 @@ import org.opensaml.saml2.core.StatusCode; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java index 74cf665ca..bad1f4e41 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java @@ -31,7 +31,7 @@ import org.apache.xml.security.signature.XMLSignature; import org.opensaml.xml.encryption.EncryptionConstants; import org.opensaml.xml.signature.SignatureConstants; -import at.gv.egovernment.moa.id.data.Trible; +import at.gv.egiz.eaaf.core.impl.data.Trible; /** * @author tlenz diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java index 78793d3fc..5e4745f7c 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java @@ -35,12 +35,12 @@ import java.util.List; import java.util.Map; import java.util.Properties; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.samlengineconfig.BinaryParameter; import eu.eidas.samlengineconfig.EngineInstance; @@ -131,7 +131,7 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends private Properties loadConfigurationFromExternalFile(String key) throws ConfigurationException { String configFile = - AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration(key); + AuthConfigurationProviderFactory.getInstance().getBasicConfiguration(key); if (MiscUtil.isEmpty(configFile)) { Logger.warn("No eIDAS SAML-engine configuration key: " + key + " found in MOA-ID properties configuration file."); @@ -150,7 +150,7 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends Properties inputProps = loadConfigurationFromExternalFile(configKey); String configFile = - AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration(configKey); + AuthConfigurationProviderFactory.getInstance().getBasicConfiguration(configKey); PropsParameter outputProps = new PropsParameter(); outputProps.setFileName(configFile); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java index 384d6be0b..f7a6ff495 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java @@ -34,10 +34,10 @@ import java.util.List; import java.util.Map.Entry; import java.util.Properties; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; import eu.eidas.samlengineconfig.ConfigurationParameter; import eu.eidas.samlengineconfig.InstanceConfiguration; import eu.eidas.samlengineconfig.StringParameter; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java index 7b044522c..ec042949a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java @@ -24,8 +24,8 @@ package at.gv.egovernment.moa.id.auth.modules.eidas; import org.apache.commons.lang3.StringUtils; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; /** * @author tlenz @@ -37,7 +37,7 @@ public class eIDASAuthenticationModulImpl implements AuthModule { @Override public int getPriority() { - return priority; + return priority; } /** diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java index 16d909331..49d98ed33 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java @@ -32,7 +32,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java index a2ec47a45..aca818532 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java @@ -1,5 +1,6 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.engine; +import java.net.MalformedURLException; import java.util.ArrayList; import java.util.Date; import java.util.HashMap; @@ -11,6 +12,9 @@ import java.util.Timer; import javax.xml.namespace.QName; +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.MOAHttpClient; +import org.apache.commons.httpclient.params.HttpClientParams; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.RoleDescriptor; @@ -22,44 +26,39 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider; import org.opensaml.xml.XMLObject; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.auth.IDestroyableObject; -import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing; -import at.gv.egovernment.moa.id.auth.IPostStartupInitializable; +import at.gv.egiz.eaaf.core.api.IDestroyableObject; +import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing; +import at.gv.egiz.eaaf.core.api.IPostStartupInitializable; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter; -import at.gv.egovernment.moa.id.saml2.MetadataFilterChain; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.engine.AbstractProtocolEngine; @Service("eIDASMetadataProvider") -public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider implements ObservableMetadataProvider, - IGarbageCollectorProcessing, IDestroyableObject, IMOARefreshableMetadataProvider, IPostStartupInitializable{ +public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider implements ObservableMetadataProvider, + IGarbageCollectorProcessing, IDestroyableObject, IRefreshableMetadataProvider, IPostStartupInitializable{ - private Timer timer = null; + @Autowired(required=true) IConfiguration basicConfig; + + private Timer timer = null; private MetadataProvider internalProvider; private Map<String, Date> lastAccess = null; - -// public static MOAeIDASChainingMetadataProvider getInstance() { -// if (instance == null) { -// synchronized (mutex) { -// if (instance == null) { -// instance = new MOAeIDASChainingMetadataProvider(); -// MOAGarbageCollector.addModulForGarbageCollection(instance); -// } -// } -// } -// return instance; -// } - - public MOAeIDASChainingMetadataProvider() { internalProvider = new ChainingMetadataProvider(); lastAccess = new HashMap<String, Date>(); @@ -71,23 +70,36 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider */ @Override public void executeAfterStartup() { - initializeEidasMetadataFromFileSystem(); + try { + initializeEidasMetadataFromFileSystem(); + + } catch (ConfigurationException e) { + Logger.error("Post start-up initialization of eIDAS Metadata-Provider FAILED.", e); + + } } - protected void initializeEidasMetadataFromFileSystem() { - Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX); - if (!metadataToLoad.isEmpty()) { - Logger.info("Load static configurated eIDAS metadata ... "); - for (String metaatalocation : metadataToLoad.values()) { - String absMetadataLocation = FileUtils.makeAbsoluteURL(metaatalocation, authConfig.getRootConfigFileDir()); - Logger.info(" Load eIDAS metadata from: " + absMetadataLocation); - refreshMetadataProvider(absMetadataLocation); + protected void initializeEidasMetadataFromFileSystem() throws ConfigurationException { + try { + Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX); + if (!metadataToLoad.isEmpty()) { + Logger.info("Load static configurated eIDAS metadata ... "); + for (String metaatalocation : metadataToLoad.values()) { + String absMetadataLocation = FileUtils.makeAbsoluteURL(metaatalocation, authConfig.getConfigurationRootDirectory()); + Logger.info(" Load eIDAS metadata from: " + absMetadataLocation); + refreshMetadataProvider(absMetadataLocation); + } + + Logger.info("Load static configurated eIDAS metadata finished "); } - Logger.info("Load static configurated eIDAS metadata finished "); - } + } catch (MalformedURLException e) { + Logger.warn("MOA-ID configuration error." , e); + throw new ConfigurationException("MOA-ID configuration error.", null, e); + + } } @@ -229,11 +241,12 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider //add Metadata filters MetadataFilterChain filter = new MetadataFilterChain(); filter.addFilter(new MOASPMetadataSignatureFilter( - authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE))); + authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE))); - return createNewMoaMetadataProvider(metadataURL, filter, + return createNewSimpleMetadataProvider(metadataURL, filter, "eIDAS metadata-provider", - timer, AbstractProtocolEngine.getSecuredParserPool()); + timer, AbstractProtocolEngine.getSecuredParserPool(), + createHttpClient(metadataURL)); } @@ -414,5 +427,40 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider if (observer != null) observer.onEvent(this); } + + private HttpClient createHttpClient(String metadataURL) { + MOAHttpClient httpClient = new MOAHttpClient(); + HttpClientParams httpClientParams = new HttpClientParams(); + httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT); + httpClient.setParams(httpClientParams); + + if (metadataURL.startsWith("https:")) { + try { + if (basicConfig instanceof AuthConfiguration) { + AuthConfiguration moaAuthConfig = (AuthConfiguration) basicConfig; + //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + PVPConstants.SSLSOCKETFACTORYNAME, + moaAuthConfig.getTrustedCACertificates(), + null, + AuthConfiguration.DEFAULT_X509_CHAININGMODE, + moaAuthConfig.isTrustmanagerrevoationchecking(), + moaAuthConfig.getRevocationMethodOrder(), + moaAuthConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); + + httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); + + } + + } catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) { + Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); + + } + } + + return httpClient; + + } } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java index 9adc221e5..3851ead2d 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java @@ -31,7 +31,7 @@ import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataProviderException; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; import eu.eidas.auth.engine.ProtocolEngineI; import eu.eidas.auth.engine.metadata.MetadataFetcherI; import eu.eidas.auth.engine.metadata.MetadataSignerI; @@ -65,8 +65,8 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataFetcherI { * @return true if refresh was successful, otherwise false */ public boolean refreshMetadata(String entityId) { - if (this.metadataprovider instanceof IMOARefreshableMetadataProvider ) - return ((IMOARefreshableMetadataProvider)this.metadataprovider).refreshMetadataProvider(entityId); + if (this.metadataprovider instanceof IRefreshableMetadataProvider ) + return ((IRefreshableMetadataProvider)this.metadataprovider).refreshMetadataProvider(entityId); else return false; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java index cf3a13e32..103781470 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java @@ -24,31 +24,35 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; import java.io.InputStream; import java.text.SimpleDateFormat; +import java.util.Date; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.joda.time.DateTime; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.w3c.dom.Element; import org.w3c.dom.Node; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; /** @@ -58,18 +62,18 @@ import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; @Component("CreateIdentityLinkTask") public class CreateIdentityLinkTask extends AbstractAuthServletTask { + @Autowired private AuthConfiguration moaAuthConfig; + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ + */ @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { - try{ - defaultTaskInitialization(request, executionContext); - + throws TaskExecutionException { + try{ //get eIDAS attributes from MOA-Session - ImmutableAttributeMap eIDASAttributes = moasession.getGenericDataFromSession( + ImmutableAttributeMap eIDASAttributes = pendingReq.getGenericData( AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, ImmutableAttributeMap.class); @@ -138,7 +142,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { //resign IDL IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); - Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), authConfig.getStorkFakeIdLResigningKey()); + Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), moaAuthConfig.getStorkFakeIdLResigningKey()); identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink(); } else { @@ -156,10 +160,13 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { throw new MOAIDException("stork.10", null); } - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED); + AuthenticationSession moasession = new AuthenticationSession("1234", new Date()); moasession.setForeigner(true); moasession.setIdentityLink(identityLink); moasession.setBkuURL("Not applicable (eIDASAuthentication)"); + pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); + //store MOA-session to database requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java index d21334faf..0e8bf2a5a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java @@ -44,23 +44,24 @@ import org.springframework.util.StringUtils; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.CPEPS; import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.EidasStringUtil; @@ -87,14 +88,14 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try{ //get service-provider configuration - IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaConfig = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); // get target and validate citizen countryCode String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC); @@ -104,7 +105,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { throw new AuthenticationException("eIDAS.03", new Object[] { "" }); } - CPEPS cpeps = authConfig.getStorkConfig().getCPEPSWithFullName(citizenCountryCode); + CPEPS cpeps = ((AuthConfiguration)authConfig).getStorkConfig().getCPEPSWithFullName(citizenCountryCode); if(null == cpeps) { Logger.error("PEPS unknown for country: " + citizenCountryCode); throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode}); @@ -161,7 +162,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { } //TODO: switch to entityID - revisionsLogger.logEvent(oaConfig, pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED, metadataUrl); @@ -181,7 +182,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { } else { boolean globallyMandatory = false; - for (StorkAttribute currentGlobalAttribute : authConfig.getStorkConfig().getStorkAttributes()) + for (StorkAttribute currentGlobalAttribute : ((AuthConfiguration)authConfig).getStorkConfig().getStorkAttributes()) if (current.getName().equals(currentGlobalAttribute.getName())) { globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory()); break; @@ -195,7 +196,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { //request if (reqAttrList.isEmpty()) { - Logger.info("No attributes requested by OA:" + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() + Logger.info("No attributes requested by OA:" + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier() + " --> Request attr:" + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + " by default"); AttributeDefinition<?> newAttribute = SAMLEngineUtils.getMapOfAllAvailableAttributes().get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); Builder<?> attrBuilder = AttributeDefinition.builder(newAttribute).required(true); @@ -235,7 +236,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { //set service provider (eIDAS node) countryCode authnRequestBuilder.serviceProviderCountryCode( - authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT")); + authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT")); //set citizen country code for foreign uses authnRequestBuilder.citizenCountryCode(cpeps.getCountryCode()); @@ -302,7 +303,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { String actionType = "SAMLRequest"; context.put(actionType, SAMLRequest); - context.put("RelayState", pendingReq.getRequestID()); + context.put("RelayState", pendingReq.getPendingRequestId()); context.put("action", authnReqEndpoint.getLocation()); Logger.debug("Using SingleSignOnService url as action: " + authnReqEndpoint.getLocation()); @@ -323,7 +324,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { response.setContentLength(content.length); response.getOutputStream().write(content); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED, authnRequest.getRequest().getId()); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java index 5e83f0a3f..55416e92b 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java @@ -7,18 +7,19 @@ import org.opensaml.saml2.core.StatusCode; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASResponseNotSuccessException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; +import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.eidas.validator.eIDASResponseValidator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; @@ -36,7 +37,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - try{ + try{ //get SAML Response String base64SamlToken = request.getParameter("SAMLResponse"); if (MiscUtil.isEmpty(base64SamlToken)) { @@ -46,7 +47,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { } //get MOASession - defaultTaskInitialization(request, executionContext); + //defaultTaskInitialization(request, executionContext); //decode SAML response byte[] decSamlToken = EidasStringUtil.decodeBytesFromBase64(base64SamlToken); @@ -79,7 +80,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { // ********************************************************** // ******* MOA-ID specific response validation ********** // ********************************************************** - String spCountry = authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"); + String spCountry = authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"); eIDASResponseValidator.validateResponse(pendingReq, samlResp, spCountry); @@ -90,23 +91,23 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { //update MOA-Session data with received information Logger.debug("Store eIDAS response information into MOA-session."); - moasession.setQAALevel(samlResp.getLevelOfAssurance()); - - moasession.setGenericDataToSession( + pendingReq.setGenericDataToSession(AuthProzessDataConstants.VALUE_QAALEVEL, samlResp.getLevelOfAssurance()); + + pendingReq.setGenericDataToSession( AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, samlResp.getAttributes()); - moasession.setGenericDataToSession( + pendingReq.setGenericDataToSession( AuthenticationSessionStorageConstants.eIDAS_RESPONSE, decSamlToken); //set issuer nation as PVP attribute into MOASession - moasession.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry()); + pendingReq.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry()); //store MOA-session to database requestStoreage.storePendingRequest(pendingReq); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED, samlResp.getId()); @@ -116,20 +117,20 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { }catch (EIDASSAMLEngineException e) { Logger.warn("eIDAS Response validation FAILED.", e); Logger.debug("eIDAS response was: " + request.getParameter("SAMLResponse")); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", new EIDASEngineException("eIDAS.09", new Object[]{e.getMessage()}, e)); } catch (MOADatabaseException e) { - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", new MOAIDException("init.04", new Object[]{""}, e)); } catch (Exception e) { Logger.warn("eIDAS Response processing FAILED.", e); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); throw new TaskExecutionException(pendingReq, e.getMessage(), new MOAIDException("eIDAS.10", new Object[]{e.getMessage()}, e)); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAWhiteListConfigurator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAWhiteListConfigurator.java index a2c6a3ad9..9d1ec6d98 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAWhiteListConfigurator.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAWhiteListConfigurator.java @@ -29,7 +29,7 @@ import org.apache.commons.lang.StringUtils; import com.google.common.collect.ImmutableSet; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; /** * @author tlenz diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java index 02a5df098..6d20caa4b 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java @@ -32,6 +32,7 @@ import org.opensaml.common.xml.SAMLSchemaBuilder; import org.opensaml.xml.ConfigurationException; import org.opensaml.xml.XMLConfigurator; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAExtendedSWSigner; import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl; @@ -41,7 +42,6 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProvid import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.AttributeRegistries; @@ -82,7 +82,7 @@ public class SAMLEngineUtils { //load additional eIDAS attribute definitions String additionalAttributeConfigFile = - AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration( + AuthConfigurationProviderFactory.getInstance().getBasicConfiguration( Constants.CONIG_PROPS_EIDAS_SAMLENGINE_ATTIONAL_ATTRIBUTE_DEFINITIONS); AttributeRegistry addAttrDefinitions = AttributeRegistries.empty(); if (MiscUtil.isNotEmpty(additionalAttributeConfigFile)) { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java index d43fa1622..e3b58d259 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java @@ -22,7 +22,7 @@ */ package at.gv.egovernment.moa.id.auth.modules.eidas.utils; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; /** * @author tlenz @@ -37,7 +37,7 @@ public class SimpleEidasAttributeGenerator implements IAttributeGenerator<String public String buildStringAttribute(String friendlyName, String name, String value) { return value; - } + } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildIntegerAttribute(java.lang.String, java.lang.String, int) diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java index f148421bd..200215308 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java @@ -30,14 +30,16 @@ import java.util.ServiceLoader; import com.google.common.collect.ImmutableSet; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.attribute.AttributeDefinition; @@ -52,7 +54,7 @@ import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException; */ public class eIDASAttributeBuilder extends PVPAttributeBuilder { private static IAttributeGenerator<String> generator = new SimpleEidasAttributeGenerator(); - + private static List<String> listOfSupportedeIDASAttributes; private static ServiceLoader<IeIDASAttribute> eIDASAttributLoader = ServiceLoader.load(IeIDASAttribute.class); @@ -66,8 +68,12 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder { while (moduleLoaderInterator.hasNext()) { try { IeIDASAttribute modul = moduleLoaderInterator.next(); - Logger.info("Loading eIDAS attribut-builder Modul Information: " + modul.getName()); - supportAttrList.add(modul.getName()); + if (modul.getClass().isAnnotationPresent(eIDASMetadata.class)) { + Logger.info("Loading eIDAS attribut-builder Modul Information: " + modul.getName()); + supportAttrList.add(modul.getName()); + + } else + Logger.trace(modul.getName() + " is not an eIDAS metadata attribute"); } catch(Throwable e) { Logger.error("Check configuration! " + "Some attribute-builder modul" + @@ -99,7 +105,7 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder { * @param authData Authentication data that contains user information for attribute generation * @return eIDAS attribute response {@link Pair} or null if the attribute generation FAILES */ - public static Pair<AttributeDefinition<?>,ImmutableSet<AttributeValue<?>>> buildAttribute(AttributeDefinition<?> attr, IOAAuthParameters onlineApplicationConfiguration, + public static Pair<AttributeDefinition<?>,ImmutableSet<AttributeValue<?>>> buildAttribute(AttributeDefinition<?> attr, ISPConfiguration onlineApplicationConfiguration, IAuthData authData) { String attrName = attr.getNameUri().toString(); @@ -110,11 +116,15 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder { if (attrBuilder != null) { try { String attrValue = attrBuilder.build(onlineApplicationConfiguration, authData, generator); + boolean isMandatesUsed = false; + if (authData instanceof IMOAAuthData) + isMandatesUsed = ((IMOAAuthData)authData).isUseMandate(); + if (MiscUtil.isNotEmpty(attrValue)) { //set uniqueIdentifier attribute, because eIDAS SAMLEngine use this flag to select the // Subject->NameID value from this attribute Builder<?> eIDASAttrBuilder = AttributeDefinition.builder(attr); - eIDASAttrBuilder.uniqueIdentifier(evaluateUniqueID(attrName, authData.isUseMandate())); + eIDASAttrBuilder.uniqueIdentifier(evaluateUniqueID(attrName, isMandatesUsed)); AttributeDefinition<?> returnAttr = eIDASAttrBuilder.build(); //unmarshal attribute value into eIDAS attribute @@ -135,7 +145,7 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder { } - } catch (AttributeException e) { + } catch (AttributeBuilderException e) { Logger.debug("Attribute can not generate requested attribute:" + attr.getNameUri().toString() + " Reason:" + e.getMessage()); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java index 30e1e4505..3075ab9cf 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java @@ -25,8 +25,8 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.utils; import java.util.regex.Matcher; import java.util.regex.Pattern; +import at.gv.egiz.eaaf.core.impl.data.Trible; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; -import at.gv.egovernment.moa.id.data.Trible; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java index 694efab80..a9a3ef01f 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java @@ -1,13 +1,10 @@ package at.gv.egovernment.moa.id.protocols.eidas; -import java.util.Collection; - -import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.protocol.IAuthenticationRequest; @@ -30,13 +27,7 @@ public class EIDASData extends RequestImpl { private String remoteIPAddress; private String remoteRelayState; - - @Override - public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { - // TODO Auto-generated method stub - return null; - } - + /** * Gets the eidas requested attributes. * diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index 2948c0d53..42ca6e507 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -43,8 +43,14 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IModulInfo; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator; @@ -54,12 +60,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.MOAIDConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; -import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.EidasStringUtil; @@ -80,11 +81,13 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException; * * @author tlenz */ -@Controller -public class EIDASProtocol extends AbstractAuthProtocolModulController { +@Controller +public class EIDASProtocol extends AbstractAuthProtocolModulController implements IModulInfo { + public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE"; + public static final String NAME = EIDASProtocol.class.getName(); - public static final String PATH = "eidas"; + public static final String PATH = "id_eidas"; @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider; @@ -102,17 +105,18 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { return NAME; } - public String getPath() { - return PATH; - } + @Override + public String getAuthProtocolIdentifier() { + return PATH; + } //eIDAS metadata end-point @RequestMapping(value = "/eidas/metadata", method = {RequestMethod.GET}) - public void eIDASMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException { + public void eIDASMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException { //create pendingRequest object EIDASData pendingReq = applicationContext.getBean(EIDASData.class); - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(NAME); pendingReq.setNeedAuthentication(false); pendingReq.setAuthenticated(false); @@ -137,11 +141,11 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { //PVP2.x IDP POST-Binding end-point @RequestMapping(value = "/eidas/ColleagueRequest", method = {RequestMethod.POST}) - public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { + public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { //create pending-request object EIDASData pendingReq = applicationContext.getBean(EIDASData.class); - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(NAME); revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); @@ -191,7 +195,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider); String cititzenCountryCode = - authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, + authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, MOAIDAuthConstants.COUNTRYCODE_AUSTRIA); @@ -221,7 +225,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { } //check eIDAS node configuration - IOAAuthParameters oaConfig = authConfig.getOnlineApplicationParameter(samlReq.getIssuer()); + ISPConfiguration oaConfig = authConfig.getServiceProviderConfiguration(samlReq.getIssuer()); if (oaConfig == null) throw new EIDASAuthnRequestProcessingException("eIDAS.08", new Object[]{samlReq.getIssuer()}); @@ -346,7 +350,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { pendingReq.setRemoteRelayState(relayState); //store level of assurance - pendingReq.setGenericDataToSession(RequestImpl.eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE, + pendingReq.setGenericDataToSession(eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE, eIDASSamlReq.getEidasLevelOfAssurance().stringValue()); //set flag if transiend identifier is requested @@ -363,7 +367,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { pendingReq.setEidasRequest(eIDASSamlReq); // - memorize OA url - pendingReq.setOAURL(samlReq.getIssuer()); + pendingReq.setSPEntityId(samlReq.getIssuer()); // - memorize OA config pendingReq.setOnlineApplicationConfiguration(oaConfig); @@ -486,7 +490,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { private boolean iseIDASTargetAValidOrganisation(String reqCC, String bPKTargetArea) { if (MiscUtil.isNotEmpty(reqCC)) { List<String> allowedOrganisations = KeyValueUtils.getListOfCSVValues( - authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROPS_EIDAS_BPK_TARGET_PREFIX + reqCC.toLowerCase())); + authConfig.getBasicConfiguration(Constants.CONFIG_PROPS_EIDAS_BPK_TARGET_PREFIX + reqCC.toLowerCase())); if (allowedOrganisations.contains(bPKTargetArea)) { Logger.debug(bPKTargetArea + " is a valid OrganisationIdentifier for request-country: "+ reqCC); return true; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java index cc9b09107..bfdb46a11 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java @@ -28,6 +28,12 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; @@ -35,13 +41,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.utils.NewMoaEidasMetadata; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.logging.Logger; import eu.eidas.auth.engine.ProtocolEngineI; import eu.eidas.auth.engine.metadata.ContactData; @@ -56,9 +56,10 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException; */ @Service("EidasMetaDataRequest") public class EidasMetaDataRequest implements IAction { - + @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider; @Autowired(required=true) AuthConfiguration authConfig; + @Autowired(required=true) IPVP2BasicConfiguration pvpConfiguration; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData) @@ -136,7 +137,7 @@ public class EidasMetaDataRequest implements IAction { metadataConfigBuilder.authnRequestsSigned(true); metadataConfigBuilder.wantAssertionsSigned(true); metadataConfigBuilder.assuranceLevel( - authConfig.getBasicMOAIDConfiguration( + authConfig.getBasicConfiguration( Constants.CONIG_PROPS_EIDAS_NODE_LoA, MOAIDAuthConstants.eIDAS_LOA_HIGH)); @@ -150,10 +151,10 @@ public class EidasMetaDataRequest implements IAction { //add organisation information from PVP metadata information Organization pvpOrganisation = null; try { - pvpOrganisation = PVPConfiguration.getInstance().getIDPOrganisation(); + pvpOrganisation = pvpConfiguration.getIDPOrganisation(); eu.eidas.auth.engine.metadata.ContactData.Builder technicalContact = ContactData.builder(); - List<ContactPerson> contacts = PVPConfiguration.getInstance().getIDPContacts(); + List<ContactPerson> contacts = pvpConfiguration.getIDPContacts(); if (contacts != null && contacts.size() >= 1) { ContactPerson contact = contacts.get(0); technicalContact.givenName(contact.getGivenName().getName()); @@ -172,7 +173,7 @@ public class EidasMetaDataRequest implements IAction { if (pvpOrganisation != null) { eu.eidas.auth.engine.metadata.OrganizationData.Builder organizationConfig = OrganizationData.builder(); organizationConfig.url(pvpOrganisation.getURLs().get(0).getURL().getLocalString()); - organizationConfig.name(authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRY, "Austria")); + organizationConfig.name(authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRY, "Austria")); //TODO: add display name and maybe update name @@ -187,7 +188,7 @@ public class EidasMetaDataRequest implements IAction { metadataConfigBuilder.supportContact(ContactData.builder(technicalContact.build()).build()); - } catch (ConfigurationException | NullPointerException e) { + } catch (NullPointerException | EAAFException e) { Logger.warn("Can not load Organisation or Contact from Configuration", e); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/IeIDASAttribute.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/IeIDASAttribute.java index 15060fb52..84b68f91a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/IeIDASAttribute.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/IeIDASAttribute.java @@ -22,12 +22,12 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; /** * @author tlenz * */ -public interface IeIDASAttribute extends IAttributeBuilder{ +public interface IeIDASAttribute extends IAttributeBuilder{ } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java index 64e5ae770..2f42cc43e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java @@ -22,14 +22,15 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.BirthdateAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BirthdateAttributeBuilder; /** * @author tlenz * */ +@eIDASMetadata public class eIDASAttrDateOfBirth extends BirthdateAttributeBuilder implements IeIDASAttribute { - + @Override public String getName() { return eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.DATE_OF_BIRTH.getNameUri().toString(); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java index 4195eeeef..9505a0a62 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java @@ -22,21 +22,22 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; /** * @author tlenz * */ +@eIDASMetadata public class eIDASAttrFamilyName implements IeIDASAttribute{ /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#getName() */ - @Override + @Override public String getName() { return eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_FAMILY_NAME.getNameUri().toString(); } @@ -45,8 +46,8 @@ public class eIDASAttrFamilyName implements IeIDASAttribute{ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator) */ @Override - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) - throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { return g.buildStringAttribute(null, getName(), authData.getFamilyName()); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java index 2a654ac44..7307b4f2a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java @@ -22,15 +22,16 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; /** * @author tlenz * */ +@eIDASMetadata public class eIDASAttrGivenName implements IeIDASAttribute{ /* (non-Javadoc) @@ -45,8 +46,8 @@ public class eIDASAttrGivenName implements IeIDASAttribute{ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator) */ @Override - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) - throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { return g.buildStringAttribute(null, getName(), authData.getGivenName()); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java index 63a4e89d5..1ac4560b0 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java @@ -29,6 +29,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF * */ @Deprecated +@eIDASMetadata public class eIDASAttrLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute { @Override diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java index 4d89aec3d..66359e240 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java @@ -22,11 +22,12 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -35,27 +36,30 @@ import at.gv.egovernment.moa.util.MiscUtil; * */ @Deprecated +@eIDASMetadata public class eIDASAttrLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute { @Override - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - if(authData.isUseMandate()) { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + + if (authData instanceof IMOAAuthData) { + if(((IMOAAuthData)authData).isUseMandate()) { - //extract eIDAS unique Id prefix from naturalPerson bPK identifier - if (MiscUtil.isEmpty(authData.getBPKType()) + //extract eIDAS unique Id prefix from naturalPerson bPK identifier + if (MiscUtil.isEmpty(authData.getBPKType()) || !authData.getBPKType().startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { - Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); - throw new AttributeException("Suspect bPKType for eIDAS identifier generation"); + Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); + throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation"); - } - - //add eIDAS eID prefix to legal person identifier - String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1); - String legalPersonID = prefix.replaceAll("\\+", "/") + "/" + getLegalPersonIdentifierFromMandate(authData); - return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, - MANDATE_LEG_PER_SOURCE_PIN_NAME, legalPersonID); + } + //add eIDAS eID prefix to legal person identifier + String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1); + String legalPersonID = prefix.replaceAll("\\+", "/") + "/" + getLegalPersonIdentifierFromMandate(((IMOAAuthData)authData)); + return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_LEG_PER_SOURCE_PIN_NAME, legalPersonID); + } } return null; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java index cb659c2b1..76ca3a94d 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java @@ -24,14 +24,14 @@ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; import java.security.MessageDigest; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Trible; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -40,6 +40,7 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ +@eIDASMetadata public class eIDASAttrNaturalPersonalIdentifier implements IeIDASAttribute{ /* (non-Javadoc) @@ -54,8 +55,8 @@ public class eIDASAttrNaturalPersonalIdentifier implements IeIDASAttribute{ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator) */ @Override - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) - throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { String personalID = authData.getBPK(); //generate eIDAS conform 'PersonalIdentifier' attribute @@ -64,7 +65,7 @@ public class eIDASAttrNaturalPersonalIdentifier implements IeIDASAttribute{ if (MiscUtil.isEmpty(authData.getBPKType()) || !authData.getBPKType().startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); - throw new AttributeException("Suspect bPKType for eIDAS identifier generation"); + throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation"); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeDateOfBirth.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeDateOfBirth.java index 43d2f96c2..ed86d6e4b 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeDateOfBirth.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeDateOfBirth.java @@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPerso * @author tlenz * */ +@eIDASMetadata public class eIDASAttrRepresentativeDateOfBirth extends MandateNaturalPersonBirthDateAttributeBuilder implements IeIDASAttribute { @Override diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeFamilyName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeFamilyName.java index 924a275b1..5db88e71e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeFamilyName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeFamilyName.java @@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPerso * @author tlenz * */ +@eIDASMetadata public class eIDASAttrRepresentativeFamilyName extends MandateNaturalPersonFamilyNameAttributeBuilder implements IeIDASAttribute{ /* (non-Javadoc) diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeGivenName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeGivenName.java index 2de585918..0a7c514aa 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeGivenName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeGivenName.java @@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPerso * @author tlenz * */ +@eIDASMetadata public class eIDASAttrRepresentativeGivenName extends MandateNaturalPersonGivenNameAttributeBuilder implements IeIDASAttribute{ /* (non-Javadoc) diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java index 92456d202..638b01bb1 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java @@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF * @author tlenz * */ +@eIDASMetadata public class eIDASAttrRepresentativeLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute { @Override diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java index 47cc71e01..fd245c3eb 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java @@ -22,11 +22,12 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -34,27 +35,31 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ +@eIDASMetadata public class eIDASAttrRepresentativeLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute { @Override - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - if(authData.isUseMandate()) { - - //extract eIDAS unique Id prefix from naturalPerson bPK identifier - if (MiscUtil.isEmpty(authData.getBPKType()) - || !authData.getBPKType().startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { - Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); - throw new AttributeException("Suspect bPKType for eIDAS identifier generation"); + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + + if (authData instanceof IMOAAuthData) { + if(((IMOAAuthData)authData).isUseMandate()) { + + //extract eIDAS unique Id prefix from naturalPerson bPK identifier + if (MiscUtil.isEmpty(authData.getBPKType()) + || !authData.getBPKType().startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { + Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); + throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation"); + + } + + //add eIDAS eID prefix to legal person identifier + String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1); + String legalPersonID = prefix.replaceAll("\\+", "/") + "/" + getLegalPersonIdentifierFromMandate(((IMOAAuthData)authData)); + return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_LEG_PER_SOURCE_PIN_NAME, legalPersonID); - } - - //add eIDAS eID prefix to legal person identifier - String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1); - String legalPersonID = prefix.replaceAll("\\+", "/") + "/" + getLegalPersonIdentifierFromMandate(authData); - return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, - MANDATE_LEG_PER_SOURCE_PIN_NAME, legalPersonID); - + } } return null; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java index 52396ae90..f7e135bae 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java @@ -24,16 +24,16 @@ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; import java.security.MessageDigest; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.data.Trible; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -42,6 +42,7 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ +@eIDASMetadata public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNaturalPersonBPKAttributeBuilder implements IeIDASAttribute{ /* (non-Javadoc) @@ -56,8 +57,8 @@ public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNat * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator) */ @Override - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) - throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { try { Pair<String, String> calcResult = internalBPKGenerator(oaParam, authData); @@ -71,7 +72,7 @@ public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNat if (MiscUtil.isEmpty(type) || !type.startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); - throw new AttributeException("Suspect bPKType for eIDAS identifier generation"); + throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation"); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java new file mode 100644 index 000000000..db072203d --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java @@ -0,0 +1,5 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; + +public @interface eIDASMetadata { + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java index ee0f72f34..f6a67db9d 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java @@ -36,19 +36,20 @@ import org.springframework.stereotype.Service; import com.google.common.collect.ImmutableSet; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl; +import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeBuilder; import at.gv.egovernment.moa.id.commons.MOAIDConstants; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.data.SLOInformationImpl; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.logging.Logger; import eu.eidas.auth.commons.EidasStringUtil; import eu.eidas.auth.commons.attribute.AttributeDefinition; @@ -71,9 +72,9 @@ import eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils; */ @Service("eIDASAuthenticationRequest") -public class eIDASAuthenticationRequest implements IAction { +public class eIDASAuthenticationRequest implements IAction { - @Autowired protected MOAReversionLogger revisionsLogger; + @Autowired protected IRevisionLogger revisionsLogger; @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider; @@ -93,7 +94,8 @@ public class eIDASAuthenticationRequest implements IAction { ImmutableAttributeMap reqAttributeList = (ImmutableAttributeMap) eidasRequest.getEidasRequestedAttributes(); //add mandate attr. to requested attributes of eMandates are used an no mandate attr. are requested - if (authData.isUseMandate()) { + if (authData instanceof IMOAAuthData + && ((IMOAAuthData)authData).isUseMandate()) { Logger.trace("eMandates are used. Starting eIDAS requsted attr. update process ...."); Builder reqAttrWithMandates = ImmutableAttributeMap.builder(reqAttributeList); @@ -154,7 +156,7 @@ public class eIDASAuthenticationRequest implements IAction { //add attributes responseBuilder.attributes(eIDASAttrbutMap); - //set success statuscode + //set success statuscode responseBuilder.statusCode(StatusCode.SUCCESS_URI); //build response @@ -246,7 +248,7 @@ public class eIDASAuthenticationRequest implements IAction { private void buildAndAddAttribute(ImmutableAttributeMap.Builder attrMapBuilder, AttributeDefinition<?> attr, IRequest req, IAuthData authData) throws MOAIDException { Pair<AttributeDefinition<?>, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute( - attr, req.getOnlineApplicationConfiguration(), authData); + attr, req.getServiceProviderConfiguration(), authData); if(eIDASAttr == null) { if (attr.isRequired()) { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java index f0527bc5e..5dcd9499e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java @@ -22,12 +22,13 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.validator; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.data.Trible; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils; -import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.Trible; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.protocol.IAuthenticationResponse; @@ -46,7 +47,7 @@ public class eIDASResponseValidator { * validate received LoA against minimum required LoA | *_____________________________________________________| */ - LevelOfAssurance reqLoA = LevelOfAssurance.fromString(pendingReq.getOnlineApplicationConfiguration().getQaaLevel()); + LevelOfAssurance reqLoA = LevelOfAssurance.fromString(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getQaaLevel()); LevelOfAssurance respLoA = LevelOfAssurance.fromString(samlResp.getLevelOfAssurance()); if (respLoA.numericValue() < reqLoA.numericValue()) { Logger.error("eIDAS Response LevelOfAssurance is lower than the required! " diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index 3c11c725d..3c11c725d 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java index 7ca4590bb..72c95d9c7 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java @@ -26,7 +26,7 @@ import java.util.ArrayList; import java.util.Collections; import java.util.List; -import at.gv.egovernment.moa.id.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; /** diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java index f14ffb111..0d460f293 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java @@ -25,10 +25,10 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates; import org.springframework.beans.factory.annotation.Autowired; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.util.MiscUtil; /** @@ -40,14 +40,14 @@ import at.gv.egovernment.moa.util.MiscUtil; public class ELGAMandatesAuthModuleImpl extends DefaultCitizenCardAuthModuleImpl { @Autowired private AuthConfiguration authConfig; - + private int priority = 0; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() */ @Override - public int getPriority() { + public int getPriority() { return priority; } diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java index 5743590f9..482d8ef85 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java @@ -33,14 +33,14 @@ import org.opensaml.saml2.metadata.Organization; import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.xml.security.credential.Credential; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.logging.Logger; /** @@ -51,11 +51,12 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon private String authURL; private ELGAMandatesCredentialProvider credentialProvider; + private IPVP2BasicConfiguration pvpConfiguration; - public ELGAMandatesMetadataConfiguration(String authURL, ELGAMandatesCredentialProvider credentialProvider) { + public ELGAMandatesMetadataConfiguration(String authURL, ELGAMandatesCredentialProvider credentialProvider, IPVP2BasicConfiguration pvpConfiguration) { this.authURL = authURL; this.credentialProvider = credentialProvider; - + this.pvpConfiguration = pvpConfiguration; } @@ -118,9 +119,9 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon @Override public List<ContactPerson> getContactPersonInformation() { try { - return PVPConfiguration.getInstance().getIDPContacts(); + return pvpConfiguration.getIDPContacts(); - } catch (ConfigurationException e) { + } catch (EAAFException e) { Logger.warn("Can not load Metadata entry: Contect Person", e); return null; @@ -134,9 +135,9 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon @Override public Organization getOrgansiationInformation() { try { - return PVPConfiguration.getInstance().getIDPOrganisation(); + return pvpConfiguration.getIDPOrganisation(); - } catch (ConfigurationException e) { + } catch (EAAFException e) { Logger.warn("Can not load Metadata entry: Organisation", e); return null; diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java index b67d263fc..6548f9fcf 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java @@ -22,6 +22,8 @@ */ package at.gv.egovernment.moa.id.auth.modules.elgamandates.config; +import java.util.List; + import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; @@ -38,9 +40,10 @@ import org.opensaml.xml.security.credential.Credential; import org.w3c.dom.Document; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; /** @@ -298,6 +301,22 @@ public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequest } + + @Override + public List<EAAFRequestedAttribute> getRequestedAttributes() { + return null; + + } + + @Override + public String getProviderName() { + return null; + } + + @Override + public String getScopeRequesterId() { + return null; + } } diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java index ca7401ab7..d52cd750a 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java @@ -34,14 +34,15 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesMetadataConfiguration; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; -import at.gv.egovernment.moa.id.auth.servlet.AbstractController; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; -import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; /** @@ -54,6 +55,7 @@ public class ELGAMandateMetadataController extends AbstractController { @Autowired PVPMetadataBuilder metadatabuilder; @Autowired AuthConfiguration authConfig; @Autowired ELGAMandatesCredentialProvider credentialProvider; + @Autowired IPVP2BasicConfiguration pvpConfiguration; public ELGAMandateMetadataController() { super(); @@ -76,7 +78,7 @@ public class ELGAMandateMetadataController extends AbstractController { } else { //initialize metadata builder configuration IPVPMetadataBuilderConfiguration metadataConfig = - new ELGAMandatesMetadataConfiguration(authURL, credentialProvider); + new ELGAMandatesMetadataConfiguration(authURL, credentialProvider, pvpConfiguration); //build metadata String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig); diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java index 585e72c2f..503884edd 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java @@ -32,8 +32,8 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; -import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java index f05446771..5c1f8e7bb 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java @@ -28,14 +28,14 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -50,7 +50,7 @@ public class EvaluateMandateServiceTask extends AbstractAuthServletTask { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { @@ -68,7 +68,7 @@ public class EvaluateMandateServiceTask extends AbstractAuthServletTask { if (useELGA) { //validate service-provider again if (!ELGAMandateUtils.checkServiceProviderAgainstELGAModulConfigration(authConfig, pendingReq)) { - Logger.info("Service-Provider: " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() + Logger.info("Service-Provider: " + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier() + " does not fulfill requirements to use ELGA-MandateService."); throw new MOAIDException("service.10", new Object[]{ ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java index 81c3322c9..25f303816 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java @@ -37,30 +37,30 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnResponseValidationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -70,7 +70,7 @@ import at.gv.egovernment.moa.util.MiscUtil; */ @Component("ReceiveElgaMandateResponseTask") public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { - + @Autowired SAMLVerificationEngineSP samlVerificationEngine; @Autowired ELGAMandatesCredentialProvider credentialProvider; @Autowired ELGAMandateServiceMetadataProvider metadataProvider; @@ -78,24 +78,24 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { InboundMessage msg = null; try { IDecoder decoder = null; - MOAURICompare comperator = null; + EAAFURICompare comperator = null; //select Response Binding if (request.getMethod().equalsIgnoreCase("POST")) { decoder = new PostBinding(); - comperator = new MOAURICompare(pendingReq.getAuthURL() + comperator = new EAAFURICompare(pendingReq.getAuthURL() + ELGAMandatesAuthConstants.ENDPOINT_POST); Logger.debug("Receive PVP Response from ELGA mandate-service, by using POST-Binding."); } else if (request.getMethod().equalsIgnoreCase("GET")) { decoder = new RedirectBinding(); - comperator = new MOAURICompare(pendingReq.getAuthURL() + comperator = new EAAFURICompare(pendingReq.getAuthURL() + ELGAMandatesAuthConstants.ENDPOINT_REDIRECT); Logger.debug("Receive PVP Response from ELGA mandate-service, by using Redirect-Binding."); @@ -130,7 +130,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { //validate assertion - MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg); + PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg); //write ELGA mandate information into MOASession AssertionAttributeExtractor extractor = @@ -144,12 +144,6 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { } - - - //load MOASession object - defaultTaskInitialization(request, executionContext); - - /** * Mandate Reference-Value is generated from ELGA MandateServie --> * MOA-ID generated reference value is not equal to reference-value from ELGA MandateService @@ -169,7 +163,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames(); for (String el : includedAttrNames) { - moasession.setGenericDataToSession(el, extractor.getSingleAttributeValue(el)); + pendingReq.setGenericDataToSession(el, extractor.getSingleAttributeValue(el)); Logger.debug("Add PVP-attribute " + el + " into MOASession"); } @@ -186,11 +180,13 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { extractor.getSingleAttributeValue(PVPConstants.MANDATE_TYPE_NAME)); revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE, MOAReversionLogger.NAT_PERSON); - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH, - revisionsLogger.buildPersonInformationHash( - extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME), - extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME), - extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME))); + + //TODO!!!! +// revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH, +// revisionsLogger.buildPersonInformationHash( +// extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME), +// extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME), +// extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME))); Logger.info("Receive a valid assertion from ELGA mandate-service " + msg.getEntityID()); @@ -220,7 +216,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { } catch (AssertionValidationExeption | AuthnResponseValidationException e) { Logger.info("ELGA mandate-service: PVP response validation FAILED. Msg:" + e.getMessage()); - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, e.getMessageId()); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, e.getErrorId()); throw new TaskExecutionException(pendingReq, "ELGA mandate-service: PVP response validation FAILED.", e); } catch (Exception e) { @@ -242,13 +238,13 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { * @throws AssertionValidationExeption * @throws AuthnResponseValidationException */ - private MOAResponse preProcessAuthResponse(MOAResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException { + private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException { Logger.debug("Start PVP-2.1 assertion processing... "); Response samlResp = (Response) msg.getResponse(); //validate 'inResponseTo' attribute String authnReqID = pendingReq.getGenericData( - PVPTargetConfiguration.DATAID_INTERFEDERATION_REQUESTID, String.class); + MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID, String.class); String inResponseTo = samlResp.getInResponseTo(); if (MiscUtil.isEmpty(authnReqID) || MiscUtil.isEmpty(inResponseTo) || diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java index 76108cafe..625623f4a 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java @@ -28,13 +28,13 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils; import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; /** @@ -45,7 +45,7 @@ import at.gv.egovernment.moa.logging.Logger; public class RedirectToMandateSelectionTask extends AbstractAuthServletTask { @Autowired IGUIFormBuilder guiBuilder; - + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java index 299eb442e..658502d2c 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java @@ -35,23 +35,24 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesRequestBuilderConfiguration; import at.gv.egovernment.moa.id.auth.modules.elgamandates.exceptions.ELGAMetadataException; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; @@ -67,7 +68,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { @Autowired ELGAMandatesCredentialProvider credential; @Autowired AuthConfiguration authConfig; @Autowired ELGAMandateServiceMetadataProvider metadataService; - + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @@ -76,7 +77,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { throws TaskExecutionException { try{ // get IDP entityID from Online Application configuration - String elgaMandateServiceEntityID = pendingReq.getOnlineApplicationConfiguration().getConfigurationValue(ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID); + String elgaMandateServiceEntityID = pendingReq.getServiceProviderConfiguration().getConfigurationValue(ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID); // use first ELGA Mandate-Service from general MOA-ID configuration, of no OA specific exists if (MiscUtil.isEmpty(elgaMandateServiceEntityID)) { @@ -100,7 +101,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { } //load metadata with metadataURL, as backup - String metadataURL = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATAURL); + String metadataURL = authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATAURL); if (MiscUtil.isNotEmpty(metadataURL)) { Logger.warn("Use not recommended metadata-provider initialization!" + " SAML2 'Well-Known-Location' is the preferred methode."); @@ -113,7 +114,8 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { EntityDescriptor entityDesc = metadataService.getEntityDescriptor(elgaMandateServiceEntityID); //load MOASession from database - defaultTaskInitialization(request, executionContext); + AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); + //setup AuthnRequestBuilder configuration ELGAMandatesRequestBuilderConfiguration authnReqConfig = new ELGAMandatesRequestBuilderConfiguration(); @@ -125,7 +127,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { //set bPK of representative String representativeBPK = null; - String configTarget = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_SUBJECTNAMEID_TARGET); + String configTarget = authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_SUBJECTNAMEID_TARGET); if (MiscUtil.isEmpty(configTarget)) { Logger.warn("Connect ELGA Mandate-Service FAILED -> No bPK-Type for SubjectNameID found."); throw new MOAIDException("service.10", @@ -191,7 +193,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { //set MandateReferenceValue as RequestID authnReqConfig.setRequestID(moasession.getMandateReferenceValue()); pendingReq.setGenericDataToSession( - PVPTargetConfiguration.DATAID_INTERFEDERATION_REQUESTID, + MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID, authnReqConfig.getRequestID()); //set SubjectConformationDate diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java index 52970e240..854f9d2bb 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java @@ -28,18 +28,18 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithFileSystemLoad; -import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils; import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; /** @@ -51,7 +51,7 @@ public class SelectMandateServiceTask extends AbstractAuthServletTask { @Autowired IGUIFormBuilder guiBuilder; - /* (non-Javadoc) + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override @@ -67,7 +67,7 @@ public class SelectMandateServiceTask extends AbstractAuthServletTask { ELGAMandatesAuthConstants.TEMPLATE_MANDATE_SERVICE_SELECTION, MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL, GeneralProcessEngineSignalController.ENDPOINT_GENERIC, - authConfig.getRootConfigFileDir()); + authConfig.getConfigurationRootDirectory().toURL().toString()); guiBuilder.build(response, config, "Mandate-Service selection"); diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java index adc2a310b..e8cfae10a 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java @@ -22,11 +22,15 @@ */ package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils; +import java.net.MalformedURLException; import java.util.List; import java.util.Timer; import javax.xml.namespace.QName; +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.MOAHttpClient; +import org.apache.commons.httpclient.params.HttpClientParams; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.RoleDescriptor; @@ -37,14 +41,19 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.xml.XMLObject; import org.opensaml.xml.parse.BasicParserPool; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.auth.IDestroyableObject; +import at.gv.egiz.eaaf.core.api.IDestroyableObject; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter; -import at.gv.egovernment.moa.id.saml2.MetadataFilterChain; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -54,9 +63,10 @@ import at.gv.egovernment.moa.util.MiscUtil; */ @Service("ELGAMandate_MetadataProvider") -public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvider +public class ELGAMandateServiceMetadataProvider extends SimpleMetadataProvider implements IDestroyableObject { - + @Autowired(required=true) AuthConfiguration moaAuthConfig; + private ChainingMetadataProvider metadataProvider = new ChainingMetadataProvider(); private Timer timer = null; @@ -238,7 +248,7 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide //Metadata provider seems not loaded --> Add new metadata provider Logger.info("Initialize PVP MetadataProvider:" + metdataURL + " to connect ELGA Mandate-Service"); - String trustProfileID = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATA_TRUSTPROFILE); + String trustProfileID = authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATA_TRUSTPROFILE); if (MiscUtil.isEmpty(trustProfileID)) { Logger.error("Create ELGA Mandate-Service Client FAILED: No trustProfileID to verify PVP metadata." ); throw new MetadataProviderException("No trustProfileID to verify PVP metadata."); @@ -253,11 +263,12 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide filter.addFilter(new SchemaValidationFilter(true)); filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID)); - MetadataProvider idpMetadataProvider = createNewMoaMetadataProvider(metdataURL, + MetadataProvider idpMetadataProvider = createNewSimpleMetadataProvider(metdataURL, filter, ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, timer, - new BasicParserPool()); + new BasicParserPool(), + createHttpClient(metdataURL)); if (idpMetadataProvider == null) { Logger.error("Create ELGA Mandate-Service Client FAILED."); @@ -300,4 +311,35 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide timer.cancel(); } + + private HttpClient createHttpClient(String metadataURL) { + MOAHttpClient httpClient = new MOAHttpClient(); + HttpClientParams httpClientParams = new HttpClientParams(); + httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT); + httpClient.setParams(httpClientParams); + + if (metadataURL.startsWith("https:")) { + try { + //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + PVPConstants.SSLSOCKETFACTORYNAME, + moaAuthConfig.getTrustedCACertificates(), + null, + AuthConfiguration.DEFAULT_X509_CHAININGMODE, + moaAuthConfig.isTrustmanagerrevoationchecking(), + moaAuthConfig.getRevocationMethodOrder(), + moaAuthConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); + + httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); + + } catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) { + Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); + + } + } + + return httpClient; + + } } diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java index 03f8fa195..6fa9c5a77 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java @@ -24,10 +24,11 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils; import java.util.List; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; -import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; /** * @author tlenz @@ -39,11 +40,11 @@ public class ELGAMandateUtils { * * @return true, if ELGA mandateservice is allowed, otherwise false */ - public static boolean checkServiceProviderAgainstELGAModulConfigration(AuthConfiguration authConfig, IRequest pendingReq) { + public static boolean checkServiceProviderAgainstELGAModulConfigration(IConfiguration authConfig, IRequest pendingReq) { String allowedMandateTypesCSV = - authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ALLOWED_MANDATE_TYPES); + authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ALLOWED_MANDATE_TYPES); List<String> allowedMandateTypes = KeyValueUtils.getListOfCSVValues(allowedMandateTypesCSV); - List<String> spMandateProfiles = pendingReq.getOnlineApplicationConfiguration().getMandateProfiles(); + List<String> spMandateProfiles = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getMandateProfiles(); boolean isELGAMandateServiceAllowed = false; if (spMandateProfiles != null) { diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java index f5bcdb70b..dd4e5d340 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java @@ -25,10 +25,11 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider; -import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; /** * @author tlenz @@ -43,9 +44,9 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath() */ @Override - public String getKeyStoreFilePath() { + public String getKeyStoreFilePath() throws ConfigurationException { return FileUtils.makeAbsoluteURL( - authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_KEYSTORE), + authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_KEYSTORE), authConfig.getRootConfigFileDir()); } @@ -54,7 +55,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getKeyStorePassword() { - return authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim(); + return authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim(); } @@ -63,7 +64,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getMetadataKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( ELGAMandatesAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD).trim(); } @@ -72,7 +73,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getMetadataKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( ELGAMandatesAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD).trim(); } @@ -81,7 +82,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getSignatureKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( ELGAMandatesAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD).trim(); } @@ -90,7 +91,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getSignatureKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( ELGAMandatesAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD).trim(); } @@ -99,7 +100,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getEncryptionKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( ELGAMandatesAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD).trim(); } @@ -108,7 +109,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getEncryptionKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( ELGAMandatesAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD).trim(); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java index 9060f35c5..76e7f0901 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java @@ -24,9 +24,9 @@ package at.gv.egovernment.moa.id.protocols.oauth20; import java.util.Properties; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.util.FileUtils; public class OAuth20Configuration { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java index 9b19e0a4d..19fdb3fee 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java @@ -30,23 +30,25 @@ import org.apache.commons.lang.StringUtils; import com.google.gson.JsonObject; import com.google.gson.JsonPrimitive; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIdentityLinkBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIssuingNationAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIdentityLinkBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIssuingNationAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN; -import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSectorForIDAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate; -import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePIN; -import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePINType; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder; @@ -61,8 +63,6 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepOIDAt import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder; import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; public final class OAuth20AttributeBuilder { @@ -70,7 +70,7 @@ public final class OAuth20AttributeBuilder { private OAuth20AttributeBuilder() { throw new InstantiationError(); } - + private static IAttributeGenerator<Pair<String, JsonPrimitive>> generator = new IAttributeGenerator<Pair<String, JsonPrimitive>>() { public Pair<String, JsonPrimitive> buildStringAttribute(final String friendlyName, final String name, final String value) { @@ -206,7 +206,7 @@ public final class OAuth20AttributeBuilder { } private static void addAttibutes(final List<IAttributeBuilder> builders, final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) { + final ISPConfiguration oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) { for (IAttributeBuilder b : builders) { try { //TODO: better solution requires more refactoring :( @@ -222,40 +222,40 @@ public final class OAuth20AttributeBuilder { jsonObject.add(attribute.getFirst(), attribute.getSecond()); } } - catch (AttributeException e) { + catch (AttributeBuilderException e) { Logger.info("Cannot add attribute " + b.getName()); } } } public static void addScopeOpenId(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData, + final ISPConfiguration oaParam, final IAuthData authData, final OAuth20AuthRequest oAuthRequest) { addAttibutes(buildersOpenId, jsonObject, oaParam, authData, oAuthRequest); } public static void addScopeProfile(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersProfile, jsonObject, oaParam, authData, null); } public static void addScopeEID(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersEID, jsonObject, oaParam, authData, null); } public static void addScopeEIDGov(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersEIDGov, jsonObject, oaParam, authData, null); } public static void addScopeMandate(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersMandate, jsonObject, oaParam, authData, null); } public static void addScopeSTORK(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersSTORK, jsonObject, oaParam, authData, null); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java index a43c8fce9..b3586245b 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdAudiencesAttribute implements IAttributeBuilder { @@ -35,9 +34,9 @@ public class OpenIdAudiencesAttribute implements IAttributeBuilder { return "aud"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - return g.buildStringAttribute(this.getName(), "", oaParam.getPublicURLPrefix()); + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + return g.buildStringAttribute(this.getName(), "", oaParam.getUniqueIdentifier()); } public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java index c6775b692..933ee8904 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdAuthenticationTimeAttribute implements IAttributeBuilder { @@ -35,9 +34,9 @@ public class OpenIdAuthenticationTimeAttribute implements IAttributeBuilder { return "auth_time"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - return g.buildLongAttribute(this.getName(), "", ((long) (authData.getIssueInstant().getTime() / 1000))); + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + return g.buildLongAttribute(this.getName(), "", ((long) (authData.getAuthenticationIssueInstant().getTime() / 1000))); } public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java index 5f32e32a2..04efa3979 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java @@ -24,12 +24,11 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; import java.util.Date; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdExpirationTimeAttribute implements IAttributeBuilder { @@ -39,8 +38,8 @@ public class OpenIdExpirationTimeAttribute implements IAttributeBuilder { return "exp"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000 + expirationTime)); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java index 04f38faf6..459d2b1cd 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java @@ -24,12 +24,11 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; import java.util.Date; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdIssueInstantAttribute implements IAttributeBuilder { @@ -37,8 +36,8 @@ public class OpenIdIssueInstantAttribute implements IAttributeBuilder { return "iat"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000)); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java index ff19a618a..2f4124c32 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdIssuerAttribute implements IAttributeBuilder { @@ -35,9 +34,9 @@ public class OpenIdIssuerAttribute implements IAttributeBuilder { return "iss"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - return g.buildStringAttribute(this.getName(), "", authData.getIssuer()); + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + return g.buildStringAttribute(this.getName(), "", authData.getAuthenticationIssuer()); } public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java index eda276df2..66b6a2518 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java @@ -22,27 +22,27 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.util.MiscUtil; public class OpenIdNonceAttribute implements IAttributeBuilder { - public String getName() { + public String getName() { return "nonce"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildStringAttribute(this.getName(), "", null); } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { if (MiscUtil.isNotEmpty(oAuthRequest.getNonce())) return g.buildStringAttribute(this.getName(), "", oAuthRequest.getNonce()); else diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java index 7de90e98e..e3e717ec3 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdSubjectIdentifierAttribute implements IAttributeBuilder { @@ -35,8 +34,8 @@ public class OpenIdSubjectIdentifierAttribute implements IAttributeBuilder { return "sub"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildStringAttribute(this.getName(), "", authData.getBPK()); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java index 3ebadba52..d23877395 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class ProfileDateOfBirthAttribute implements IAttributeBuilder { @@ -35,8 +34,8 @@ public class ProfileDateOfBirthAttribute implements IAttributeBuilder { return "birthdate"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildStringAttribute(this.getName(), "", authData.getFormatedDateOfBirth()); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java index 89209b062..540962a29 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class ProfileFamilyNameAttribute implements IAttributeBuilder { @@ -35,8 +34,8 @@ public class ProfileFamilyNameAttribute implements IAttributeBuilder { return "family_name"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildStringAttribute(this.getName(), "", authData.getFamilyName()); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java index 895037b2e..f6f774a46 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class ProfileGivenNameAttribute implements IAttributeBuilder { @@ -35,8 +34,8 @@ public class ProfileGivenNameAttribute implements IAttributeBuilder { return "given_name"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildStringAttribute(this.getName(), "", authData.getGivenName()); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java index cd7b8312d..17ed6b40d 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java @@ -34,11 +34,11 @@ import java.security.interfaces.RSAPublicKey; import org.apache.commons.lang.StringUtils; import org.opensaml.xml.security.x509.BasicX509Credential; +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Configuration; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20CertificateErrorException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.KeyStoreUtils; public final class OAuth20SignatureUtil { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index b7c54203f..b00675e7c 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -33,16 +33,18 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.data.SLOInformationImpl; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder; @@ -53,21 +55,19 @@ import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorE import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthJsonToken; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; @Service("OAuth20AuthAction") class OAuth20AuthAction implements IAction { - @Autowired protected MOAReversionLogger revisionsLogger; + @Autowired protected IRevisionLogger revisionsLogger; @Autowired protected ITransactionStorage transactionStorage; public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req; - String responseType = oAuthRequest.getResponseType(); + String responseType = oAuthRequest.getResponseType(); revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST); @@ -111,7 +111,7 @@ class OAuth20AuthAction implements IAction { //TODO: maybe add bPK / wbPK to SLO information - SLOInformationInterface sloInformation = new SLOInformationImpl(req.getAuthURL(), req.getOnlineApplicationConfiguration().getPublicURLPrefix(), accessToken, null, null, req.requestedModule()); + SLOInformationInterface sloInformation = new SLOInformationImpl(req.getAuthURL(), req.getServiceProviderConfiguration().getUniqueIdentifier(), accessToken, null, null, req.requestedModule()); return sloInformation; } @@ -156,9 +156,9 @@ class OAuth20AuthAction implements IAction { private Pair<String, String> buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, IAuthData authData) throws MOAIDException, SignatureException { - IOAAuthParameters oaParam = oAuthRequest.getOnlineApplicationConfiguration(); + ISPConfiguration oaParam = oAuthRequest.getServiceProviderConfiguration(); - OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer()); + OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getAuthenticationIssuer()); OAuthJsonToken token = new OAuthJsonToken(signer); StringBuilder resultScopes = new StringBuilder(); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index 258b77b98..40701d91d 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -22,30 +22,22 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; -import java.util.Collection; -import java.util.HashMap; -import java.util.Map; - import javax.servlet.http.HttpServletRequest; -import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; -import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.logging.Logger; @Component("OAuth20AuthRequest") @@ -102,7 +94,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { * the state to set */ public void setState(String state) { - this.state = state; + this.state = state; } /** @@ -188,7 +180,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { // check if client id and redirect uri are ok try { // OAOAUTH20 cannot be null at this point. check was done in base request - IOAAuthParameters oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL()); + ISPConfiguration oAuthConfig = authConfig.getServiceProviderConfiguration(this.getSPEntityId()); if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) @@ -200,46 +192,46 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID); - } catch (ConfigurationException e) { + } catch (EAAFConfigurationException e) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() - */ - @Override - public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { - Map<String, String> reqAttr = new HashMap<String, String>(); - for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION) - reqAttr.put(el, ""); - - for (String s : scope.split(" ")) { - if (s.equalsIgnoreCase("profile")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("eID")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("eID_gov")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("mandate")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("stork")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork()) - reqAttr.put(el.getName(), ""); - - } - } - - //return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator()); - return reqAttr.keySet(); - } +// /* (non-Javadoc) +// * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() +// */ +// @Override +// public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { +// Map<String, String> reqAttr = new HashMap<String, String>(); +// for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION) +// reqAttr.put(el, ""); +// +// for (String s : scope.split(" ")) { +// if (s.equalsIgnoreCase("profile")) { +// for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile()) +// reqAttr.put(el.getName(), ""); +// +// } else if (s.equalsIgnoreCase("eID")) { +// for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid()) +// reqAttr.put(el.getName(), ""); +// +// } else if (s.equalsIgnoreCase("eID_gov")) { +// for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov()) +// reqAttr.put(el.getName(), ""); +// +// } else if (s.equalsIgnoreCase("mandate")) { +// for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate()) +// reqAttr.put(el.getName(), ""); +// +// } else if (s.equalsIgnoreCase("stork")) { +// for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork()) +// reqAttr.put(el.getName(), ""); +// +// } +// } +// +// //return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator()); +// return reqAttr.keySet(); +// } } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java index 3ab283db5..2ce5234ac 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java @@ -30,12 +30,13 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException; @@ -49,6 +50,8 @@ abstract class OAuth20BaseRequest extends RequestImpl { protected Set<String> allowedParameters = new HashSet<String>(); + @Autowired(required=true) protected IConfiguration authConfig; + protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded) throws OAuth20Exception { String param = request.getParameter(name); Logger.debug("Reading param " + name + " from HttpServletRequest with value " + param); @@ -70,8 +73,8 @@ abstract class OAuth20BaseRequest extends RequestImpl { if (!ParamValidatorUtils.isValidOA(oaURL)) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } - this.setOAURL(oaURL); - IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL); + this.setSPEntityId(oaURL); + ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaURL); if (oaParam == null) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); @@ -83,7 +86,7 @@ abstract class OAuth20BaseRequest extends RequestImpl { throw new OAuth20OANotSupportedException(); } } - catch (ConfigurationException e) { + catch (EAAFConfigurationException e) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index d72fe9686..30e89d15a 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -17,24 +17,24 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.gson.JsonObject; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IModulInfo; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.util.ErrorResponseUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @Controller -public class OAuth20Protocol extends AbstractAuthProtocolModulController { +public class OAuth20Protocol extends AbstractAuthProtocolModulController implements IModulInfo { public static final String NAME = OAuth20Protocol.class.getName(); public static final String PATH = "id_oauth20"; @@ -48,15 +48,16 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController { PVPConstants.BPK_NAME }); - public String getName() { + public String getName() { return NAME; } - - public String getPath() { + + @Override + public String getAuthProtocolIdentifier() { return PATH; } - /** + /** * */ public OAuth20Protocol() { @@ -67,22 +68,22 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController { //OpenID Connect auth request @RequestMapping(value = "/oauth2/auth", method = {RequestMethod.POST, RequestMethod.GET}) - public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { - if (!authConfig.getAllowedProtocols().isOAUTHActive()) { - Logger.info("OpenID-Connect is deaktivated!"); - throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); - - } + public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException { +// if (!authConfig.getAllowedProtocols().isOAUTHActive()) { +// Logger.info("OpenID-Connect is deaktivated!"); +// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); +// +// } OAuth20AuthRequest pendingReq = applicationContext.getBean(OAuth20AuthRequest.class); try { - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(OAuth20Protocol.NAME); pendingReq.populateParameters(req); - } catch (OAuth20Exception e) { + } catch (EAAFException e) { Logger.info("OpenID-Connect request has a validation error: " + e.getMessage()); - throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), e); + throw new InvalidProtocolRequestException(e.getErrorId(), e.getParams(), e); } @@ -101,22 +102,22 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController { //openID Connect tokken request @RequestMapping(value = "/oauth2/token", method = {RequestMethod.POST, RequestMethod.GET}) - public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { - if (!authConfig.getAllowedProtocols().isOAUTHActive()) { - Logger.info("OpenID-Connect is deaktivated!"); - throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); - - } + public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException { +// if (!authConfig.getAllowedProtocols().isOAUTHActive()) { +// Logger.info("OpenID-Connect is deaktivated!"); +// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); +// +// } OAuth20TokenRequest pendingReq = applicationContext.getBean(OAuth20TokenRequest.class); try { - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(OAuth20Protocol.NAME); pendingReq.populateParameters(req); - } catch (OAuth20Exception e) { + } catch (EAAFException e) { Logger.info("OpenID-Connect request has a validation error: " + e.getMessage()); - throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), e); + throw new InvalidProtocolRequestException(e.getErrorId(), e.getParams(), e); } @@ -148,18 +149,16 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController { String errorUri = protocolRequest.getAuthURL() +"/" + OAuth20Constants.ERRORPAGE; String moaError = null; - - ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); - + if (e instanceof OAuth20Exception) { errorCode = ((OAuth20Exception) e).getErrorCode(); errorDescription = URLEncoder.encode(((OAuth20Exception) e).getMessageId() + ": " + e.getMessage(), "UTF-8"); - moaError = errorUtils.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId()); + moaError = statusMessager.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId()); } else { errorCode = OAuth20Constants.ERROR_SERVER_ERROR; errorDescription = URLEncoder.encode(e.getMessage(), "UTF-8"); - moaError = errorUtils.getResponseErrorCode(e); + moaError = statusMessager.getResponseErrorCode(e); } String paramRedirect = null; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java index 2117e2ab8..f3dcbd295 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java @@ -31,31 +31,31 @@ import org.springframework.stereotype.Service; import com.google.gson.JsonObject; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20UnauthorizedClientException; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.logging.Logger; @Service("OAuth20TokenAction") class OAuth20TokenAction implements IAction { - @Autowired protected MOAReversionLogger revisionsLogger; + @Autowired protected IRevisionLogger revisionsLogger; @Autowired protected ITransactionStorage transactionStorage; public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { - + OAuth20SessionObject auth20SessionObject = null; try { OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java index 50638ebf8..e14914512 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java @@ -22,19 +22,16 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; -import java.util.Collection; - import javax.servlet.http.HttpServletRequest; -import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; @@ -141,7 +138,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { // check if client id and secret are ok try { // OAOAUTH20 cannot be null at this point. check was done in base request - IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL()); + ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(this.getSPEntityId()); if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) { throw new OAuth20AccessDeniedException(); @@ -154,7 +151,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { this.setOnlineApplicationConfiguration(oaParam); } - catch (ConfigurationException e) { + catch (EAAFConfigurationException e) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } @@ -165,11 +162,11 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { this.allowedParameters.add(OAuth20Constants.PARAM_REDIRECT_URI); } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() - */ - @Override - public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { - return null; - } +// /* (non-Javadoc) +// * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() +// */ +// @Override +// public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { +// return null; +// } } diff --git a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java index 35bbac6e7..824d64171 100644 --- a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java +++ b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java @@ -30,10 +30,9 @@ import org.opensaml.xml.security.x509.BasicX509Credential; import org.testng.Assert; import org.testng.annotations.Test; +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Signer; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Verifier; -import at.gv.egovernment.moa.util.KeyStoreUtils; - import net.oauth.jsontoken.crypto.Signer; import net.oauth.jsontoken.crypto.Verifier; diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java index 2c106b52e..9c2d47ca7 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java @@ -29,14 +29,14 @@ import javax.annotation.PostConstruct; import org.springframework.beans.factory.annotation.Autowired; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -52,8 +52,8 @@ public class SL20AuthenticationModulImpl implements AuthModule { @Autowired(required=true) private AuthenticationManager authManager; @Override - public int getPriority() { - return priority; + public int getPriority() { + return priority; } /** @@ -78,10 +78,9 @@ public class SL20AuthenticationModulImpl implements AuthModule { */ @Override public String selectProcess(ExecutionContext context) { - Object spConfigObj = context.get(MOAIDAuthConstants.PROCESSCONTEXT_SP_CONFIG); - IOAAuthParameters spConfig = null; - if (spConfigObj != null && spConfigObj instanceof IOAAuthParameters) - spConfig = (IOAAuthParameters)spConfigObj; + ISPConfiguration spConfig = (ISPConfiguration) context.get(EAAFConstants.PROCESSCONTEXT_SP_CONFIG); +// if (spConfigObj != null && spConfigObj instanceof IOAAuthParameters) +// spConfig = (IOAAuthParameters)spConfigObj; String sl20ClientTypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase()); String sl20VDATypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase()); @@ -89,13 +88,13 @@ public class SL20AuthenticationModulImpl implements AuthModule { if (spConfig != null && MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED)) && Boolean.valueOf(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED))) { - Logger.debug("SL2.0 is enabled for " + spConfig.getPublicURLPrefix()); + Logger.debug("SL2.0 is enabled for " + spConfig.getUniqueIdentifier()); Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + ": " + sl20ClientTypeHeader); Logger.trace(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE + ": " + sl20VDATypeHeader); return "SL20Authentication"; } else { - Logger.trace("SL2.0 is NOT enabled for " + spConfig.getPublicURLPrefix()); + Logger.trace("SL2.0 is NOT enabled for " + spConfig.getUniqueIdentifier()); return null; } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java index 4f8ef0a76..87e9e933d 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java @@ -31,7 +31,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java index 8456cfad5..42783468d 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java @@ -30,6 +30,8 @@ import com.google.gson.JsonElement; import com.google.gson.JsonParser; import com.google.gson.JsonSyntaxException; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; @@ -37,11 +39,10 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20SecurityEx import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoBuildException; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.utils.X509Utils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.FileUtils; -import at.gv.egovernment.moa.util.KeyStoreUtils; import at.gv.egovernment.moa.util.MiscUtil; @Service @@ -151,7 +152,7 @@ public class JsonSecurityUtils implements IJOSETools{ //TODO: jws.setCertificateChainHeaderValue(signCertChain); jws.setX509CertSha256ThumbprintHeaderValue(signCertChain[0]); - + return jws.getCompactSerialization(); } catch (JoseException e) { @@ -179,9 +180,9 @@ public class JsonSecurityUtils implements IJOSETools{ String x5t256 = jws.getX509CertSha256ThumbprintHeaderValue(); if (x5cCerts != null) { Logger.debug("Found x509 certificate in JOSE header ... "); - Logger.trace("Sorting received X509 certificates ... "); + Logger.trace("Sorting received X509 certificates ... "); List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); - + if (trustedCerts.contains(sortedX5cCerts.get(0))) { selectedKey = sortedX5cCerts.get(0).getPublicKey(); @@ -224,7 +225,7 @@ public class JsonSecurityUtils implements IJOSETools{ throw new SL20SecurityException("JWS signature invalide."); } - + //load payLoad Logger.debug("SL2.0 commando signature validation sucessfull"); @@ -245,7 +246,7 @@ public class JsonSecurityUtils implements IJOSETools{ public JsonElement decryptPayload(String compactSerialization) throws SL20Exception { try { JsonWebEncryption receiverJwe = new JsonWebEncryption(); - + //set security constrains receiverJwe.setAlgorithmConstraints( new AlgorithmConstraints(ConstraintType.WHITELIST, @@ -257,7 +258,7 @@ public class JsonSecurityUtils implements IJOSETools{ //set payload receiverJwe.setCompactSerialization(compactSerialization); - + //validate key from header against key from config List<X509Certificate> x5cCerts = receiverJwe.getCertificateChainHeaderValue(); String x5t256 = receiverJwe.getX509CertSha256ThumbprintHeaderValue(); @@ -265,7 +266,7 @@ public class JsonSecurityUtils implements IJOSETools{ Logger.debug("Found x509 certificate in JOSE header ... "); Logger.trace("Sorting received X509 certificates ... "); List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); - + if (!sortedX5cCerts.get(0).equals(encCertChain[0])) { Logger.info("Certificate from JOSE header does NOT match encryption certificate"); Logger.debug("JOSE certificate: " + sortedX5cCerts.get(0).toString()); @@ -324,34 +325,34 @@ public class JsonSecurityUtils implements IJOSETools{ return null; } - private String getKeyStoreFilePath() { + private String getKeyStoreFilePath() throws ConfigurationException { return FileUtils.makeAbsoluteURL( - authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH), + authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH), authConfig.getRootConfigFileDir()); } private String getKeyStorePassword() { - return authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD).trim(); + return authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD).trim(); } private String getSigningKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS).trim(); } private String getSigningKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD).trim(); } private String getEncryptionKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS).trim(); } private String getEncryptionKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD).trim(); } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java index 18428e554..599a67dfd 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java @@ -13,6 +13,11 @@ import org.opensaml.xml.io.UnmarshallerFactory; import org.w3c.dom.Element; import org.xml.sax.SAXException; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20eIDDataValidationException; @@ -23,16 +28,11 @@ import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil; import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.DOMUtils; public class QualifiedeIDVerifier { @@ -65,9 +65,9 @@ public class QualifiedeIDVerifier { public static IVerifiyXMLSignatureResponse verifyAuthBlock(String authBlockB64, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException, IOException { String trustProfileId = authConfig.getMoaSpAuthBlockTrustProfileID(oaParam.isUseAuthBlockTestTestStore()); List<String> verifyTransformsInfoProfileID = - KeyValueUtils.getListOfCSVValues( + KeyValueUtils.getListOfCSVValues( KeyValueUtils.normalizeCSVValueString( - authConfig.getBasicMOAIDConfiguration( + authConfig.getBasicConfiguration( at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID))); SignatureVerificationUtils sigVerify = new SignatureVerificationUtils(); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java index 04daa5999..fec78d88c 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java @@ -23,11 +23,15 @@ import org.springframework.stereotype.Component; import com.google.gson.JsonObject; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; @@ -38,13 +42,9 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20HttpBindingUtils import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONBuilderUtils; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moaspss.logging.Logger; @@ -53,18 +53,19 @@ import at.gv.egovernment.moaspss.logging.Logger; public class CreateQualeIDRequestTask extends AbstractAuthServletTask { @Autowired(required=true) private IJOSETools joseTools; + @Autowired private AuthConfiguration moaAuthConfig; - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { Logger.debug("Starting SL2.0 authentication process .... "); - + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, "sl20auth"); try { //get service-provider configuration - IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration(); + ISPConfiguration oaConfig = pendingReq.getServiceProviderConfiguration(); //get basic configuration parameters String vdaQualeIDUrl = extractVDAURLForSpecificOA(oaConfig, executionContext); @@ -76,7 +77,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, vdaQualeIDUrl); - String authBlockId = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_AUTHBLOCK_ID); + String authBlockId = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_VDA_AUTHBLOCK_ID); if (MiscUtil.isEmpty(authBlockId)) { Logger.error("NO AuthBlock Template identifier for qualified eID (" + Constants.CONFIG_PROP_VDA_AUTHBLOCK_ID + ")"); throw new SL20Exception("sl20.03", new Object[]{"NO AuthBlock Template identifier for qualified eID"}); @@ -85,11 +86,11 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { //build DataURL for qualified eID response String dataURL = new DataURLBuilder().buildDataURL( - pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_DATAURL, pendingReq.getRequestID()); + pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_DATAURL, pendingReq.getPendingRequestId()); //build qualifiedeID command Map<String, String> qualifiedeIDParams = new HashMap<String, String>(); - qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID, oaConfig.getPublicURLPrefix()); + qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID, oaConfig.getUniqueIdentifier()); qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME, oaConfig.getFriendlyName()); qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPCOUNTRYCODE, "AT"); //qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE, UUID.randomUUID().toString()); @@ -115,11 +116,11 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { //open http client SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( - authConfig, + moaAuthConfig, vdaQualeIDUrl); CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient( sslFactory, - authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); + moaAuthConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); //build http POST request HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualeIDUrl).build()); @@ -207,8 +208,8 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { } } - - private String extractVDAURLForSpecificOA(IOAAuthParameters oaConfig, ExecutionContext executionContext) { + + private String extractVDAURLForSpecificOA(ISPConfiguration oaConfig, ExecutionContext executionContext) { String spSpecificVDAEndpoints = oaConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS); Map<String, String> endPointMap = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST); if (MiscUtil.isNotEmpty(spSpecificVDAEndpoints)) { @@ -216,7 +217,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { KeyValueUtils.getListOfCSVValues( KeyValueUtils.normalizeCSVValueString(spSpecificVDAEndpoints)))); Logger.debug("Find OA specific SL2.0 endpoints. Updating endPoint list ... "); - + } Logger.trace("Find #" + endPointMap.size() + " SL2.0 endpoints ... "); @@ -231,7 +232,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { else Logger.info("Can NOT find VDA with Id: " + sl20VDATypeHeader + ". Use default VDA"); - } + } Logger.info("NO SP specific VDA endpoint found. Use default VDA"); return endPointMap.getOrDefault(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT, diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java index bf42ef9ca..a3175713a 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -21,11 +21,15 @@ import com.google.gson.JsonObject; import com.google.gson.JsonParser; import com.google.gson.JsonSyntaxException; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; +import at.gv.egiz.eaaf.core.impl.utils.StreamUtils; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; @@ -35,11 +39,8 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.IJOSETools; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONBuilderUtils; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.egovernment.moa.util.StreamUtils; import at.gv.egovernment.moaspss.logging.Logger; @@ -52,7 +53,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { String sl20Result = null; - + try { Logger.debug("Receiving SL2.0 response process .... "); JsonObject sl20ReqObj = null; @@ -72,25 +73,25 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { Logger.info("NO SL2.0 commando or result FOUND."); throw new SL20Exception("sl20.04", null); } - + } Logger.trace("Received SL2.0 result: " + sl20Result); revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, request.getRemoteAddr()); - + //parse SL2.0 command/result into JSON try { JsonParser jsonParser = new JsonParser(); JsonElement sl20Req = jsonParser.parse(Base64Url.decodeToUtf8String(sl20Result)); sl20ReqObj = sl20Req.getAsJsonObject(); - + } catch (JsonSyntaxException e) { Logger.warn("SL2.0 command or result is NOT valid JSON.", e); Logger.debug("SL2.0 msg: " + sl20Result); throw new SL20Exception("sl20.02", new Object[]{"SL2.0 command or result is NOT valid JSON."}, e); - - } + } + //validate reqId with inResponseTo String sl20ReqId = pendingReq.getGenericData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class); String inRespTo = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true); @@ -98,39 +99,39 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { Logger.info("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); throw new SL20SecurityException("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); } - - + + //validate signature - VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20ReqObj, joseTools, + VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad( + sl20ReqObj, joseTools, authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)); if ( (payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned())) { if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) { Logger.info("SL20 result from VDA was not valid signed"); throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."}); - + } else { Logger.warn("SL20 result from VDA is NOT valid signed, but signatures-verification is DISABLED by configuration!"); } - } /*TODO validate certificate by using MOA-SPSS * currently, the certificate is validated in IJOSETools by using a pkcs12 or jks keystore */ List<X509Certificate> sigCertChain = payLoadContainer.getCertChain(); - - + + //extract payloaf JsonObject payLoad = payLoadContainer.getPayload(); - + //check response type if (SL20JSONExtractorUtils.getStringValue( payLoad, SL20Constants.SL20_COMMAND_CONTAINER_NAME, true) .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID)) { Logger.debug("Find " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result .... "); - + JsonElement qualeIDResult = SL20JSONExtractorUtils.extractSL20Result( payLoad, joseTools, authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_ENCRYPTION, true)); @@ -141,16 +142,16 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK); String ccsURL = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL); String LoA = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA); - - - + + + if (MiscUtil.isEmpty(idlB64) || MiscUtil.isEmpty(authBlockB64) || MiscUtil.isEmpty(LoA) || MiscUtil.isEmpty(ccsURL)) { Logger.info("SL20 'qualifiedeID' result does NOT contain all required attributes."); throw new SLCommandoParserException("SL20 'qualifiedeID' result does NOT contain all required attributes."); } - + //cache qualified eID data into pending request pendingReq.setGenericDataToSession( Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, @@ -164,7 +165,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { pendingReq.setGenericDataToSession( Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, LoA); - + } else { Logger.info("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result"); throw new SLCommandoParserException("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result"); @@ -189,9 +190,9 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { new TaskExecutionException(pendingReq, e.getMessage(), e)); } finally { - //store pending request - requestStoreage.storePendingRequest(pendingReq); - + //store pending request + requestStoreage.storePendingRequest(pendingReq); + //write SL2.0 response if (sl20ReqObj != null) buildResponse(request, response, sl20ReqObj); @@ -241,58 +242,58 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { } private void buildResponse(HttpServletRequest request, HttpServletResponse response, JsonObject sl20ReqObj) throws IOException, SL20Exception { - //create response - Map<String, String> reqParameters = new HashMap<String, String>(); - reqParameters.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID()); - JsonObject callReqParams = SL20JSONBuilderUtils.createCallCommandParameters( - new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, null), - SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, - false, - reqParameters); - JsonObject callCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams); - - //build first redirect command for app + //create response + Map<String, String> reqParameters = new HashMap<String, String>(); + reqParameters.put(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID, pendingReq.getPendingRequestId()); + JsonObject callReqParams = SL20JSONBuilderUtils.createCallCommandParameters( + new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.ENDPOINT_FINALIZEPROTOCOL, null), + SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, + false, + reqParameters); + JsonObject callCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams); + + //build first redirect command for app JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters( generateICPRedirectURLForDebugging(), callCommand, null, true); - JsonObject redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams); - - //build second redirect command for IDP - JsonObject redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters( - new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, null), - redirectOneCommand, null, false); - JsonObject redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams); - - //build generic SL2.0 response container - String transactionId = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID, false); - JsonObject respContainer = SL20JSONBuilderUtils.createGenericRequest( - UUID.randomUUID().toString(), - transactionId, - redirectTwoCommand, - null); - + JsonObject redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams); + + //build second redirect command for IDP + JsonObject redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters( + new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.ENDPOINT_FINALIZEPROTOCOL, null), + redirectOneCommand, null, true); + JsonObject redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams); + + //build generic SL2.0 response container + String transactionId = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID, false); + JsonObject respContainer = SL20JSONBuilderUtils.createGenericRequest( + UUID.randomUUID().toString(), + transactionId, + redirectTwoCommand, + null); + //workaround for A-Trust - if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && + if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE) || true) { Logger.debug("Client request containts 'native client' header ... "); Logger.trace("SL20 response to VDA: " + respContainer); - StringWriter writer = new StringWriter(); - writer.write(respContainer.toString()); - final byte[] content = writer.toString().getBytes("UTF-8"); - response.setStatus(HttpServletResponse.SC_OK); - response.setContentLength(content.length); - response.setContentType(ContentType.APPLICATION_JSON.toString()); - response.getOutputStream().write(content); - - - } else { - Logger.info("SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"); - throw new SL20Exception("sl20.06", - new Object[] {"SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"}); - - } - } + StringWriter writer = new StringWriter(); + writer.write(respContainer.toString()); + final byte[] content = writer.toString().getBytes("UTF-8"); + response.setStatus(HttpServletResponse.SC_OK); + response.setContentLength(content.length); + response.setContentType(ContentType.APPLICATION_JSON.toString()); + response.getOutputStream().write(content); + + + } else { + Logger.info("SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"); + throw new SL20Exception("sl20.06", + new Object[] {"SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"}); + + } + } /** * Generates a IPC redirect URL that is configured on IDP side @@ -301,20 +302,20 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { */ private String generateICPRedirectURLForDebugging() { final String PATTERN_PENDING_REQ_ID = "#PENDINGREQID#"; - - String ipcRedirectURLConfig = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_IPC_RETURN_URL); + + String ipcRedirectURLConfig = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_IPC_RETURN_URL); if (MiscUtil.isNotEmpty(ipcRedirectURLConfig)) { if (ipcRedirectURLConfig.contains(PATTERN_PENDING_REQ_ID)) { Logger.trace("Find 'pendingReqId' pattern in IPC redirect URL. Update url ... "); ipcRedirectURLConfig = ipcRedirectURLConfig.replaceAll( "#PENDINGREQID#", - MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingReq.getRequestID()); - + EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID + "=" + pendingReq.getPendingRequestId()); + } return ipcRedirectURLConfig; } - + return null; } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java index 06b670d0a..403423e46 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java @@ -9,19 +9,22 @@ import javax.servlet.http.HttpServletResponse; import org.opensaml.saml2.core.Assertion; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier.QualifiedeIDVerifier; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moaspss.logging.Logger; @@ -72,10 +75,15 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask { //validate eID data - QualifiedeIDVerifier.verifyIdentityLink(idl, pendingReq.getOnlineApplicationConfiguration(), authConfig); + QualifiedeIDVerifier.verifyIdentityLink(idl, + pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class), + (AuthConfiguration) authConfig); authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock( - authBlockB64, pendingReq.getOnlineApplicationConfiguration(), authConfig); + authBlockB64, + pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class), + (AuthConfiguration) authConfig); + QualifiedeIDVerifier.checkConsistencyOfeIDData(sl20ReqId, idl, authBlockExtractor, authBlockVerificationResult); //TODO: add LoA verification @@ -96,7 +104,7 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask { //add into session - defaultTaskInitialization(request, executionContext); + AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); moasession.setIdentityLink(idl); moasession.setBkuURL(ccsURL); //TODO: from AuthBlock diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_SIC.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_SIC.java index bb8598483..1c41b22fd 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_SIC.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_SIC.java @@ -1,41 +1,41 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth; -import java.io.IOException; -import java.io.InputStreamReader; - -import org.apache.commons.io.IOUtils; -import org.junit.Before; -import org.junit.runner.RunWith; -import org.opensaml.xml.ConfigurationException; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -import com.google.gson.JsonElement; -import com.google.gson.JsonParser; - -import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; -import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration({ "/SpringTest-context.xml" }) -public class EIDDataVerifier_SIC extends eIDDataVerifierTest { - - @Before - public void init() throws SLCommandoParserException, IOException, ConfigurationException, at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException { - String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_sic.json"))); - JsonParser jsonParser = new JsonParser(); - JsonElement result = jsonParser.parse(eIDDataString).getAsJsonObject(); - - eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result); - if (eIDData == null || eIDData.isEmpty()) - throw new SLCommandoParserException("Can not load eID data"); - - } - - @Override - protected String getSl20ReqId() { - return "_40972fd777c59da1ebeed2b8d633a300"; - } - - -} +//import java.io.IOException; +//import java.io.InputStreamReader; +// +//import org.apache.commons.io.IOUtils; +//import org.junit.Before; +//import org.junit.runner.RunWith; +//import org.opensaml.xml.ConfigurationException; +//import org.springframework.test.context.ContextConfiguration; +//import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +// +//import com.google.gson.JsonElement; +//import com.google.gson.JsonParser; +// +//import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +//import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; + +//@RunWith(SpringJUnit4ClassRunner.class) +//@ContextConfiguration({ "/SpringTest-context.xml" }) +//public class EIDDataVerifier_SIC extends eIDDataVerifierTest { +// +// @Before +// public void init() throws SLCommandoParserException, IOException, ConfigurationException, at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException { +// String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_sic.json"))); +// JsonParser jsonParser = new JsonParser(); +// JsonElement result = jsonParser.parse(eIDDataString).getAsJsonObject(); +// +// eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result); +// if (eIDData == null || eIDData.isEmpty()) +// throw new SLCommandoParserException("Can not load eID data"); +// +// } +// +// @Override +// protected String getSl20ReqId() { +// return "_40972fd777c59da1ebeed2b8d633a300"; +// } +// +// +//} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java index 9ed8f06e9..fe12e9b76 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java @@ -1,10 +1,15 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata; import java.io.IOException; +import java.net.URI; +import java.net.URL; import java.util.List; import java.util.Map; import java.util.Properties; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; @@ -89,7 +94,7 @@ public class DummyAuthConfig implements AuthConfiguration { } @Override - public String getBasicMOAIDConfiguration(String key) { + public String getBasicConfiguration(String key) { if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID.equals(key)) return "SL20Authblock_v1.0,SL20Authblock_v1.0_SIC,SL20Authblock_v1.0_OWN"; @@ -116,7 +121,7 @@ public class DummyAuthConfig implements AuthConfiguration { } @Override - public String getBasicMOAIDConfiguration(String key, String defaultValue) { + public String getBasicConfiguration(String key, String defaultValue) { // TODO Auto-generated method stub return null; } @@ -158,12 +163,6 @@ public class DummyAuthConfig implements AuthConfiguration { } @Override - public IOAAuthParameters getOnlineApplicationParameter(String oaURL) { - // TODO Auto-generated method stub - return null; - } - - @Override public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException { if (useTestTrustStore) return "MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten"; @@ -184,13 +183,6 @@ public class DummyAuthConfig implements AuthConfiguration { } @Override - public ConnectionParameterInterface getForeignIDConnectionParameter(IOAAuthParameters oaParameters) - throws ConfigurationException { - // TODO Auto-generated method stub - return null; - } - - @Override public ConnectionParameterInterface getOnlineMandatesConnectionParameter(IOAAuthParameters oaParameters) throws ConfigurationException { // TODO Auto-generated method stub @@ -408,4 +400,40 @@ public class DummyAuthConfig implements AuthConfiguration { return false; } + @Override + public URI getConfigurationFilePath() { + // TODO Auto-generated method stub + return null; + } + + @Override + public URI getConfigurationRootDirectory() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Properties getFullConfigurationProperties() { + // TODO Auto-generated method stub + return null; + } + + @Override + public ISPConfiguration getServiceProviderConfiguration(String arg0) throws EAAFConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public <T> T getServiceProviderConfiguration(String arg0, Class<T> arg1) throws EAAFConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String validateIDPURL(URL arg0) throws EAAFException { + // TODO Auto-generated method stub + return null; + } + } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java index 7e1037fc7..69e3e7995 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java @@ -39,22 +39,6 @@ public class DummyOA implements IOAAuthParameters { } @Override - public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException { - return false; - } - - @Override - public boolean hasBaseIdTransferRestriction() throws ConfigurationException { - return false; - } - - @Override - public String getAreaSpecificTargetIdentifier() throws ConfigurationException { - // TODO Auto-generated method stub - return null; - } - - @Override public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException { // TODO Auto-generated method stub return null; @@ -267,4 +251,76 @@ public class DummyOA implements IOAAuthParameters { return null; } + @Override + public boolean containsConfigurationKey(String arg0) { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getAreaSpecificTargetIdentifier() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getConfigurationValue(String arg0, String arg1) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getLoAMatchingMode() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getRequiredLoA() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getTargetsWithNoBaseIdInternalProcessingRestriction() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getTargetsWithNoBaseIdTransferRestriction() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getUniqueIdentifier() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Boolean isConfigurationValue(String arg0) { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isConfigurationValue(String arg0, boolean arg1) { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean hasBaseIdInternalProcessingRestriction() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean hasBaseIdTransferRestriction() { + // TODO Auto-generated method stub + return false; + } + } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java index 54ea882de..20ff41fe7 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java @@ -10,16 +10,16 @@ import org.opensaml.DefaultBootstrap; import org.opensaml.saml2.core.Assertion; import org.springframework.beans.factory.annotation.Autowired; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata.DummyAuthConfig; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata.DummyOA; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier.QualifiedeIDVerifier; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.Configurator; diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java index 2a2b7bf80..b9d08a20f 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java @@ -22,8 +22,8 @@ */ package at.gv.egovernment.moa.id.auth.modules.ssotransfer; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; /** * @author tlenz @@ -49,7 +49,7 @@ public class SSOTransferAuthModuleImpl implements AuthModule{ this.priority = priority; } - /* (non-Javadoc) + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) */ @Override diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java index 4ce77d861..044366eb6 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -28,21 +28,21 @@ import java.util.List; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.data.AuthenticationRole; -import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.logging.Logger; /** * @author tlenz * - */ -public class SSOTransferAuthenticationData implements IAuthData { + */ +public class SSOTransferAuthenticationData implements IMOAAuthData { private IAuthenticationSession authSession = null; boolean isIDPPrivateService = true; @@ -55,21 +55,38 @@ public class SSOTransferAuthenticationData implements IAuthData { } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#getIssueInstant() + * @see at.gv.egovernment.moa.id.data.IAuthData#isBaseIDTransferRestrication() */ @Override - public Date getIssueInstant() { + public boolean isBaseIDTransferRestrication() { + return this.isIDPPrivateService; + } + + + @Override + public Date getAuthenticationIssueInstant() { // TODO Auto-generated method stub return null; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#getIssuer() - */ + @Override - public String getIssuer() { + public String getAuthenticationIssueInstantString() { + // TODO Auto-generated method stub + return null; + } + + + @Override + public String getAuthenticationIssuer() { + // TODO Auto-generated method stub + return null; + } + + + @Override + public String getCiticenCountryCode() { // TODO Auto-generated method stub return null; } @@ -328,15 +345,6 @@ public class SSOTransferAuthenticationData implements IAuthData { } /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#getCcc() - */ - @Override - public String getCcc() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.data.IAuthData#getEIDASQAALevel() */ @Override @@ -354,13 +362,17 @@ public class SSOTransferAuthenticationData implements IAuthData { return this.authSession.getGenericDataFromSession(key, clazz); } + @Override + public String getInterfederatedIDP() { + // TODO Auto-generated method stub + return null; + } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#isBaseIDTransferRestrication() - */ @Override - public boolean isBaseIDTransferRestrication() { - return this.isIDPPrivateService; + public boolean isInterfederatedSSOSession() { + // TODO Auto-generated method stub + return false; } + } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java index a97e5944a..c9bccb708 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java @@ -35,11 +35,16 @@ import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; /** - * @author tlenz + * @author tlenz * */ public class SSOTransferOnlineApplication implements IOAAuthParameters { + /** + * + */ + private static final long serialVersionUID = 1L; + public SSOTransferOnlineApplication() { } @@ -391,35 +396,82 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters { } /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#hasBaseIdInternalProcessingRestriction() + * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifierFriendlyName() */ @Override - public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException { + public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean containsConfigurationKey(String arg0) { + // TODO Auto-generated method stub return false; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#hasBaseIdTransferRestriction() - */ @Override - public boolean hasBaseIdTransferRestriction() throws ConfigurationException { + public List<String> getTargetsWithNoBaseIdInternalProcessingRestriction() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getTargetsWithNoBaseIdTransferRestriction() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getUniqueIdentifier() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAreaSpecificTargetIdentifier() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean hasBaseIdInternalProcessingRestriction() { + // TODO Auto-generated method stub return false; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifier() - */ @Override - public String getAreaSpecificTargetIdentifier() throws ConfigurationException { + public boolean hasBaseIdTransferRestriction() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getConfigurationValue(String arg0, String arg1) { // TODO Auto-generated method stub return null; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifierFriendlyName() - */ @Override - public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException { + public Boolean isConfigurationValue(String arg0) { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isConfigurationValue(String arg0, boolean arg1) { + // TODO Auto-generated method stub + return false; + } + + @Override + public List<String> getRequiredLoA() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getLoAMatchingMode() { // TODO Auto-generated method stub return null; } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java index af64e745e..dc2baab7d 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java @@ -72,11 +72,18 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.gson.JsonObject; import com.google.gson.JsonParser; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; @@ -84,20 +91,16 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import net.glxn.qrgen.QRCode; import net.glxn.qrgen.image.ImageType; @@ -138,7 +141,7 @@ public class SSOTransferServlet{ * @throws IOException */ @RequestMapping(value = { "/TestTransferSSOSession" - }, + }, method = {RequestMethod.GET}) public void testTransferSSOSessionGUIWithoutAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { try { @@ -200,7 +203,7 @@ public class SSOTransferServlet{ InputStream idlstream = idlURL.openStream(); moaSession.setIdentityLink(new IdentityLinkAssertionParser(idlstream).parseIdentityLink()); internalTransferPersonalInformation(req, resp, container, moaSession, true); - + } else { Logger.info("Servlet " + getClass().getName() + " receive a token:" + token + ", which references an empty data object."); @@ -267,6 +270,14 @@ public class SSOTransferServlet{ Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); + } catch (ConfigurationException e) { + Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); + + } catch (EAAFException e) { + Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); + } } else { @@ -367,6 +378,11 @@ public class SSOTransferServlet{ } catch (NoSuchPaddingException e) { e.printStackTrace(); resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); + + } catch (EAAFException e) { + e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); + } @@ -405,10 +421,10 @@ public class SSOTransferServlet{ if (ssomanager.isValidSSOSession(ssoid, null)) { //create first step of SSO Transfer GUI - IAuthenticationSession authSession = authenticationSessionStorage.getInternalMOASessionWithSSOID(ssoid); - if(authSession != null) { + String ssoSessionId = authenticationSessionStorage.getInternalSSOSessionWithSSOID(ssoid); + if(ssoSessionId != null) { internalCreateQRCodeForTransfer(resp, authURL, - authSession.getSessionID(), + ssoSessionId, SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE, config); return; @@ -436,7 +452,7 @@ public class SSOTransferServlet{ } private void internalTransferPersonalInformation(HttpServletRequest req, HttpServletResponse resp, - SSOTransferContainer container, IAuthenticationSession moaSession, boolean developmentMode) throws IOException, InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, OperatorCreationException, CredentialsNotAvailableException, PKCSException, CertificateException, SessionDataStorageException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException { + SSOTransferContainer container, IAuthenticationSession moaSession, boolean developmentMode) throws IOException, InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, OperatorCreationException, CredentialsNotAvailableException, PKCSException, CertificateException, SessionDataStorageException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException, EAAFStorageException { Logger.debug(""); JsonObject receivedData = getJSONObjectFromPostMessage(req, developmentMode); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java index e92925dfb..bf215373d 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java @@ -32,9 +32,9 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; -import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; -import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java index be27de9a1..95590b51a 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java @@ -33,9 +33,12 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; @@ -43,9 +46,6 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -61,7 +61,7 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ + */ @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) @@ -86,7 +86,7 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { String nonce = Random.nextLongRandom(); GUIUtils.buildSSOTransferGUI(guiBuilder, response, authURL, - pendingReq.getRequestID(), nonce, dhKeyIDP.getF()); + pendingReq.getPendingRequestId(), nonce, dhKeyIDP.getF()); //store DH params and nonce to pending-request SSOTransferContainer container = new SSOTransferContainer(); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index 1a216f0df..c7e42c8ab 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -27,6 +27,7 @@ import java.io.IOException; import java.io.PrintWriter; import java.math.BigInteger; import java.security.MessageDigest; +import java.util.Date; import javax.crypto.Cipher; import javax.crypto.spec.DHPublicKeySpec; @@ -43,20 +44,22 @@ import com.google.common.net.MediaType; import com.google.gson.JsonObject; import com.google.gson.JsonParser; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -72,7 +75,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { @Autowired SSOContainerUtils ssoTransferUtils; @Autowired IGUIFormBuilder guiBuilder; - /* (non-Javadoc) + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override @@ -186,8 +189,10 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { Logger.debug("MobileDevice is valid. --> Starting session reconstruction ..."); //transfer SSO Assertion into MOA-Session - ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, pendingReq.getMOASession(), attributeExtractor); - + AuthenticationSession moaSession = new AuthenticationSession("1235", new Date()); + ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moaSession, attributeExtractor); + pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession()); + // store MOASession into database requestStoreage.storePendingRequest(pendingReq); @@ -244,15 +249,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } else { //session is valid --> load MOASession object - try { - defaultTaskInitialization(request, executionContext); - - } catch (MOAIDException | MOADatabaseException e1) { - Logger.error("Database Error! MOASession is not stored!"); - throw new TaskExecutionException(pendingReq, "Load MOASession FAILED.", e1); - - } - + + IAuthenticationSession moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); DateTime moaSessionCreated = new DateTime(moasession.getSessionCreated().getTime()); if (moaSessionCreated.plusMinutes(1).isBeforeNow()) { Logger.warn("No SSO session-container received. Stop authentication process after time-out."); @@ -274,7 +272,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } GUIUtils.buildSSOTransferGUI(guiBuilder, response, - authURL, pendingReq.getRequestID(), nonce, container.getDhParams().getF()); + authURL, pendingReq.getPendingRequestId(), nonce, container.getDhParams().getF()); } catch (IOException | MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java index 9cfe12791..1a4a9b80b 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java @@ -30,11 +30,11 @@ import javax.servlet.http.HttpServletResponse; import com.google.gson.JsonObject; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -71,7 +71,7 @@ public class GUIUtils { try { String containerURL = authURL + SSOTransferConstants.SERVLET_SSOTRANSFER_FROM_SMARTPHONE - + "?" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + requestID; + + "?" + EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID + "=" + requestID; diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index 568ffb330..cf7723c70 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -97,6 +97,20 @@ import org.w3c.dom.NodeList; import com.google.gson.JsonObject; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.idp.exception.SAMLRequestNotSignedException; +import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.PVP2AssertionBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; @@ -105,28 +119,17 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferOnlineA import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -140,6 +143,9 @@ import iaik.x509.X509Certificate; @Service("SSOContainerUtils") public class SSOContainerUtils { + @Autowired(required=true) private IPVP2BasicConfiguration pvpConfiguration; + @Autowired(required=true) private PVP2AssertionBuilder assertionBuilder; + private static final String PVP_HOLDEROFKEY_NAME = PVPConstants.URN_OID_PREFIX + "1.2.40.0.10.2.1.1.261.xx.xx"; @@ -207,7 +213,7 @@ public class SSOContainerUtils { Logger.error("SignerCertificate is not parseable.", e); } - + String idlStr = attributeExtractor.getSingleAttributeValue(PVPConstants.EID_IDENTITY_LINK_NAME); try { if (MiscUtil.isNotEmpty(idlStr)) { @@ -271,7 +277,7 @@ public class SSOContainerUtils { } - public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException { + public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException, SAMLRequestNotSignedException, NoCredentialsException, CredentialsNotAvailableException, AssertionValidationExeption { final BasicParserPool ppMgr = new BasicParserPool(); final HashMap<String, Boolean> features = new HashMap<String, Boolean>(); features.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); @@ -295,7 +301,7 @@ public class SSOContainerUtils { } catch (ValidationException e) { Logger.error("Failed to validate Signature", e); throw new SAMLRequestNotSignedException(e); - } + } Credential credential = credentials.getIDPAssertionSigningCredential(); if (credential == null) { @@ -339,7 +345,7 @@ public class SSOContainerUtils { public String generateSignedAndEncryptedSSOContainer(String authURL, IAuthenticationSession authSession, Date date, byte[] hashedSecret) { try { - String entityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL); + String entityID = pvpConfiguration.getIDPEntityId(authURL); AuthnContextClassRef authnContextClassRef = SAML2Utils .createSAMLObject(AuthnContextClassRef.class); authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); @@ -366,9 +372,9 @@ public class SSOContainerUtils { String sessionIndex = SAML2Utils.getSecureIdentifier(); - IAuthData authData = new SSOTransferAuthenticationData(authConfig, authSession); + IMOAAuthData authData = new SSOTransferAuthenticationData(authConfig, authSession); - Assertion assertion = PVP2AssertionBuilder.buildGenericAssertion( + Assertion assertion = assertionBuilder.buildGenericAssertion( entityID, entityID, new DateTime(date.getTime()), @@ -404,7 +410,7 @@ public class SSOContainerUtils { return container.toString(); - } catch (ConfigurationException | EncryptionException | CredentialsNotAvailableException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | NoSuchPaddingException e) { + } catch (EncryptionException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | NoSuchPaddingException | EAAFException e) { Logger.warn("SSO container generation FAILED.", e); } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java index 8ca087e1d..a2441bc1f 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java @@ -39,7 +39,7 @@ import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; import org.bouncycastle.math.ec.ECPoint; import org.bouncycastle.util.BigIntegers; -import at.gv.egovernment.moa.id.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egovernment.moa.util.Base64Utils; import iaik.security.random.SeedGenerator; diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java index 49275c6eb..4068d2d99 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java @@ -22,9 +22,9 @@ */ package at.gv.egovernment.moa.id.auth.modules.federatedauth; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; /** * @author tlenz @@ -39,7 +39,7 @@ public class FederatedAuthenticationModuleImpl implements AuthModule { public int getPriority() { // TODO Auto-generated method stub return 0; - } + } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java index 1fff56f8d..a1b8631dc 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java @@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.config; import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; -import java.util.Iterator; import java.util.List; import org.opensaml.saml2.core.Attribute; @@ -35,16 +34,15 @@ import org.opensaml.saml2.metadata.Organization; import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.xml.security.credential.Credential; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.data.Trible; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.logging.Logger; /** @@ -58,11 +56,14 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo private String authURL; private FederatedAuthCredentialProvider credentialProvider; + private IPVP2BasicConfiguration pvpConfiguration; - public FederatedAuthMetadataConfiguration(String authURL, FederatedAuthCredentialProvider credentialProvider) { + public FederatedAuthMetadataConfiguration(String authURL, + FederatedAuthCredentialProvider credentialProvider, + IPVP2BasicConfiguration pvpConfiguration) { this.authURL = authURL; this.credentialProvider = credentialProvider; - + this.pvpConfiguration = pvpConfiguration; } @@ -125,9 +126,9 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo @Override public List<ContactPerson> getContactPersonInformation() { try { - return PVPConfiguration.getInstance().getIDPContacts(); + return pvpConfiguration.getIDPContacts(); - } catch (ConfigurationException e) { + } catch (EAAFException e) { Logger.warn("Can not load Metadata entry: Contect Person", e); return null; @@ -141,9 +142,9 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo @Override public Organization getOrgansiationInformation() { try { - return PVPConfiguration.getInstance().getIDPOrganisation(); + return pvpConfiguration.getIDPOrganisation(); - } catch (ConfigurationException e) { + } catch (EAAFException e) { Logger.warn("Can not load Metadata entry: Organisation", e); return null; diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java index 000590923..50da5187b 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java @@ -22,14 +22,17 @@ */ package at.gv.egovernment.moa.id.auth.modules.federatedauth.config; +import java.util.List; + import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.xml.security.credential.Credential; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation; /** * @author tlenz @@ -207,5 +210,21 @@ public class FederatedAuthnRequestBuilderConfiguration implements IPVPAuthnReque return null; } + @Override + public List<EAAFRequestedAttribute> getRequestedAttributes() { + return null; + + } + + @Override + public String getProviderName() { + return null; + } + + @Override + public String getScopeRequesterId() { + return null; + } + } diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java index e86d31708..6a733adb8 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java @@ -34,14 +34,15 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthMetadataConfiguration; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; -import at.gv.egovernment.moa.id.auth.servlet.AbstractController; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; -import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; /** @@ -54,6 +55,7 @@ public class FederatedAuthMetadataController extends AbstractController { @Autowired PVPMetadataBuilder metadatabuilder; @Autowired AuthConfiguration authConfig; @Autowired FederatedAuthCredentialProvider credentialProvider; + @Autowired IPVP2BasicConfiguration pvpConfiguration; public FederatedAuthMetadataController() { super(); @@ -76,7 +78,7 @@ public class FederatedAuthMetadataController extends AbstractController { } else { //initialize metadata builder configuration IPVPMetadataBuilderConfiguration metadataConfig = - new FederatedAuthMetadataConfiguration(authURL, credentialProvider); + new FederatedAuthMetadataConfiguration(authURL, credentialProvider, pvpConfiguration); //build metadata String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig); diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java index 431ed5ef1..5edd36248 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java @@ -32,8 +32,8 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; -import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java index f5896bc25..20fd5ebc4 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java @@ -35,21 +35,21 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthnRequestBuilderConfiguration; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestBuildException; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -59,10 +59,11 @@ import at.gv.egovernment.moa.util.MiscUtil; */ @Component("CreateFederatedAuthnRequestTask") public class CreateAuthnRequestTask extends AbstractAuthServletTask { - + @Autowired PVPAuthnRequestBuilder authnReqBuilder; @Autowired FederatedAuthCredentialProvider credential; @Autowired(required=true) MOAMetadataProvider metadataProvider; + @Autowired(required=true) ILoALevelMapper loaMapper; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) @@ -72,7 +73,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { throws TaskExecutionException { try{ // get IDP entityID - String idpEntityID = pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class); + String idpEntityID = pendingReq.getGenericData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class); if (MiscUtil.isEmpty(idpEntityID)) { Logger.info("Interfederation not possible -> not inderfederation IDP EntityID found!"); @@ -81,7 +82,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { } //load IDP configuration from MOA-ID Configuration - IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(idpEntityID); + IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(idpEntityID, IOAAuthParameters.class); //validate IDP if (!idpConfig.isInderfederationIDP() || !idpConfig.isInboundSSOInterfederationAllowed()) { Logger.info("Requested interfederation IDP " + idpEntityID + " is not valid for interfederation."); @@ -117,7 +118,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { //build and transmit AuthnRequest authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response); - } catch (MOAIDException | MetadataProviderException e) { + } catch (MetadataProviderException e) { throw new TaskExecutionException(pendingReq, "Build PVP2.1 AuthnRequest for SSO inderfederation FAILED.", e); } catch (MessageEncodingException | NoSuchAlgorithmException | SecurityException e) { @@ -156,7 +157,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { } private String evaluateRequiredQAALevel() { - IOAAuthParameters sp = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters sp = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); //check if STORK protocol module is in ClassPath Object storkRequst = null; @@ -182,7 +183,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { pendingReq.getClass().isInstance(storkRequst)) { try { - secClass = PVPtoSTORKMapper.getInstance().mapToSecClass( + secClass = loaMapper.mapToSecClass( PVPConstants.STORK_QAA_PREFIX + String.valueOf(storkSecClass)); } catch (Exception e) { diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java index dea5e4894..f5af84405 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.tasks; import java.io.IOException; import java.util.Arrays; import java.util.Collection; +import java.util.Collections; import java.util.List; import java.util.Set; @@ -41,42 +42,39 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; -import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnResponseValidationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -89,7 +87,7 @@ import at.gv.egovernment.moa.util.MiscUtil; public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { @Autowired private SAMLVerificationEngineSP samlVerificationEngine; - @Autowired private FederatedAuthCredentialProvider credentialProvider; + @Autowired private FederatedAuthCredentialProvider credentialProvider; @Autowired private SSOManager ssoManager; @Autowired private AttributQueryBuilder attributQueryBuilder; @Autowired private AuthenticationDataBuilder authDataBuilder; @@ -107,17 +105,17 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { try { - IDecoder decoder = null; - MOAURICompare comperator = null; + IDecoder decoder = null; + EAAFURICompare comperator = null; //select Response Binding if (request.getMethod().equalsIgnoreCase("POST")) { decoder = new PostBinding(); - comperator = new MOAURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_POST); + comperator = new EAAFURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_POST); Logger.trace("Receive PVP Response from federated IDP, by using POST-Binding."); } else if (request.getMethod().equalsIgnoreCase("GET")) { decoder = new RedirectBinding(); - comperator = new MOAURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_REDIRECT); + comperator = new EAAFURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_REDIRECT); Logger.trace("Receive PVP Response from federated IDP, by using Redirect-Binding."); } else { @@ -133,7 +131,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { comperator); if (MiscUtil.isEmpty(msg.getEntityID())) { - throw new InvalidProtocolRequestException("sp.pvp2.04", new Object[] {FederatedAuthConstants.MODULE_NAME_FOR_LOGGING}); + throw new InvalidProtocolRequestException("sp.pvp2.04", + new Object[] {FederatedAuthConstants.MODULE_NAME_FOR_LOGGING}); } @@ -147,11 +146,11 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE); //validate assertion - MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg); + PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg); //load IDP and SP configuration - IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(msg.getEntityID()); - IOAAuthParameters spConfig = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class); + IOAAuthParameters spConfig = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); //check if response Entity is valid if (!idpConfig.isInderfederationIDP()) { @@ -161,10 +160,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { msg.getEntityID()}); } - - //load MOASession from database - defaultTaskInitialization(request, executionContext); - + //initialize Attribute extractor AssertionAttributeExtractor extractor = new AssertionAttributeExtractor((Response) processedMsg.getResponse()); @@ -173,11 +169,11 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { if (spConfig.isInderfederationIDP()) { //SP is a federated IDP --> answer only with nameID and wait for attribute-Query pendingReq.setGenericDataToSession( - PVPTargetConfiguration.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, true); + MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, true); pendingReq.setGenericDataToSession( - PVPTargetConfiguration.DATAID_INTERFEDERATION_NAMEID, extractor.getNameID()); + MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, extractor.getNameID()); pendingReq.setGenericDataToSession( - PVPTargetConfiguration.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel()); + MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel()); authenticatedSessionStorage. addFederatedSessionInformation(pendingReq, @@ -187,7 +183,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { //SP is real Service-Provider --> check attributes in response // and start Attribute-Query if required - getAuthDataFromInterfederation(extractor, pendingReq.getOnlineApplicationConfiguration(), + getAuthDataFromInterfederation(extractor, pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class), idpConfig); //store federatedIDP to MOASession @@ -199,8 +195,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { } //store valid assertion into pending-request - pendingReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg); - pendingReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID()); + pendingReq.setGenericDataToSession(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg); + pendingReq.setGenericDataToSession(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID()); //store pending-request requestStoreage.storePendingRequest(pendingReq); @@ -225,13 +221,21 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { } catch (AssertionValidationExeption | AuthnResponseValidationException e) { Logger.info("PVP response validation FAILED. Msg:" + e.getMessage()); if (msg != null) { - IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(msg.getEntityID()); - - //remove federated IDP from SSO session if exists - ssoManager.removeInterfederatedSSOIDP(msg.getEntityID(), request); + IOAAuthParameters idpConfig = null; + try { + idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class); + //remove federated IDP from SSO session if exists + ssoManager.removeInterfederatedSSOIDP(msg.getEntityID(), request); + + //select next step + handleAuthnResponseValidationProblem(executionContext, idpConfig, e); + + } catch (EAAFConfigurationException e1) { + Logger.error("Can not handle error during an internal problem. ", e1); + throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e); + + } - //select next step - handleAuthnResponseValidationProblem(executionContext, idpConfig, e); } else throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e); @@ -256,22 +260,25 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { try { Logger.debug("Service Provider is no federated IDP --> start Attribute validation or requesting ... "); - Collection<String> requestedAttr = pendingReq.getRequestedAttributes(metadataProvider); + + //TODO!!!!! + //Collection<String> requestedAttr = pendingReq.getRequestedAttributes(metadataProvider); + Collection<String> requestedAttr = Collections.emptyList(); //check if SAML2 Assertion contains a minimal set of attributes //TODO: switch back to correct attribute query if (!extractor.containsAllRequiredAttributes() - && !extractor.containsAllRequiredAttributes(minimalIDLAttributeNamesList)) { + && !extractor.containsAllRequiredAttributes(minimalIDLAttributeNamesList) ) { Logger.info("Received assertion does no contain a minimum set of attributes. Starting AttributeQuery process ..."); //build attributQuery request List<Attribute> attributs = attributQueryBuilder.buildSAML2AttributeList(spConfig, requestedAttr.iterator()); - //request IDP to get additional attributes - extractor = authDataBuilder.getAuthDataFromAttributeQuery(attributs, extractor.getNameID(), - idpConfig, pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_METADATA); +// //request IDP to get additional attributes +// extractor = authDataBuilder.getAuthDataFromAttributeQuery(attributs, extractor.getNameID(), +// idpConfig, pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_METADATA); } else { Logger.info("Interfedation response include a minimal set of attributes with are required. Skip AttributQuery request step. "); @@ -303,29 +310,23 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { } } - moasession.setGenericDataToSession(el, value); + pendingReq.setGenericDataToSession(el, value); Logger.debug("Add PVP-attribute " + el + " into MOASession"); } //set validTo from this federated IDP response - moasession.setGenericDataToSession( + pendingReq.setGenericDataToSession( AuthenticationSessionStorageConstants.FEDERATION_RESPONSE_VALIDE_TO, extractor.getAssertionNotOnOrAfter()); - } catch (AttributQueryException e) { - throw new BuildException("builder.06", null, e); - - } catch (SessionDataStorageException e) { - throw new BuildException("builder.06", null, e); - } catch (AssertionValidationExeption e) { throw new BuildException("builder.06", null, e); - } catch (AssertionAttributeExtractorExeption e) { + } catch (MOAIDException e) { throw new BuildException("builder.06", null, e); - } catch (MOAIDException e) { + } catch (EAAFStorageException e) { throw new BuildException("builder.06", null, e); } @@ -366,7 +367,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { * @throws AssertionValidationExeption * @throws AuthnResponseValidationException */ - private MOAResponse preProcessAuthResponse(MOAResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException { + private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException { Logger.debug("Start PVP21 assertion processing... "); Response samlResp = (Response) msg.getResponse(); diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java index aac253083..38568cdd8 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java @@ -25,10 +25,11 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.utils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider; -import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; /** * @author tlenz @@ -43,9 +44,9 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath() */ @Override - public String getKeyStoreFilePath() { + public String getKeyStoreFilePath() throws ConfigurationException { return FileUtils.makeAbsoluteURL( - authConfig.getBasicMOAIDConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTORE), + authConfig.getBasicConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTORE), authConfig.getRootConfigFileDir()); } @@ -54,7 +55,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getKeyStorePassword() { - return authConfig.getBasicMOAIDConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim(); + return authConfig.getBasicConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim(); } @@ -63,7 +64,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getMetadataKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( FederatedAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD).trim(); } @@ -72,7 +73,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getMetadataKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( FederatedAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD).trim(); } @@ -81,7 +82,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getSignatureKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( FederatedAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD).trim(); } @@ -90,7 +91,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getSignatureKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( FederatedAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD).trim(); } @@ -99,7 +100,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getEncryptionKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( FederatedAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD).trim(); } @@ -108,7 +109,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getEncryptionKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( FederatedAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD).trim(); } diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index f6c8cb6e3..7ab222fa0 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -32,7 +32,6 @@ import java.util.List; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; -import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -41,7 +40,7 @@ import at.gv.egovernment.moa.util.StringUtils; /** * Builder for the authentication data <code><saml:Assertion></code> - * to be provided by the MOA ID Auth component. + * to be provided by the MOA ID Auth component. * * @author Paul Ivancsics * @version $Id$ @@ -277,8 +276,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB if (!useCondition) { assertion = MessageFormat.format(AUTH_DATA, new Object[] { authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstantString(), + authData.getAuthenticationIssuer(), + authData.getAuthenticationIssueInstantString(), pkType, pkValue, StringUtils.removeXMLDeclaration(xmlAuthBlock), @@ -302,8 +301,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB assertion = MessageFormat.format(AUTH_DATA_WITH_CONDITIONS, new Object[] { authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstantString(), + authData.getAuthenticationIssuer(), + authData.getAuthenticationIssueInstantString(), notBefore, notOnOrAfter, pkType, @@ -400,8 +399,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB if (!useCondition) { assertion = MessageFormat.format(AUTH_DATA_MANDATE, new Object[] { authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstantString(), + authData.getAuthenticationIssuer(), + authData.getAuthenticationIssueInstantString(), pkType, pkValue, StringUtils.removeXMLDeclaration(xmlAuthBlock), @@ -426,8 +425,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB assertion = MessageFormat.format(AUTH_DATA_MANDATE_WITH_CONDITIONS, new Object[] { authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstantString(), + authData.getAuthenticationIssuer(), + authData.getAuthenticationIssueInstantString(), notBefore, notOnOrAfter, pkType, diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index 99d5d9063..92bcce24b 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -28,15 +28,15 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationImpl; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; @@ -49,9 +49,9 @@ public class GetArtifactAction implements IAction { public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData obj) throws AuthenticationException { - String oaURL = (String) req.getOAURL(); + String oaURL = (String) req.getSPEntityId(); - String sourceID = null; + String sourceID = null; if (req instanceof SAML1RequestImpl) { SAML1RequestImpl saml1req = (SAML1RequestImpl) req; sourceID = saml1req.getSourceID(); @@ -68,7 +68,7 @@ public class GetArtifactAction implements IAction { } try { - IOAAuthParameters oaParam = req.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = req.getServiceProviderConfiguration(IOAAuthParameters.class); //TODO: add eIDAS to SAML1 protocol if it is really necessary @@ -121,7 +121,7 @@ public class GetArtifactAction implements IAction { new SLOInformationImpl(req.getAuthURL(), oaParam.getPublicURLPrefix(), authData.getAssertionID(), null, null, req.requestedModule()); return sloInformation; - + } catch (Exception ex) { Logger.error("SAML1 Assertion build error", ex); throw new AuthenticationException("SAML1 Assertion build error.", new Object[]{}, ex); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java index 13df30862..dcb7cb7ee 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java @@ -72,20 +72,19 @@ import org.xml.sax.SAXException; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; -import at.gv.egovernment.moa.id.auth.servlet.AbstractController; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.ErrorResponseUtils; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; -import at.gv.egovernment.moa.util.XPathUtils; /** * Web service for picking up authentication data created in the MOA-ID Auth component. @@ -98,7 +97,7 @@ import at.gv.egovernment.moa.util.XPathUtils; * since SAML1 is deprecated MOA-ID >= 2.0.0 * * @author tlenz - */ + */ @Controller public class GetAuthenticationDataService extends AbstractController implements Constants { @@ -257,7 +256,7 @@ public class GetAuthenticationDataService extends AbstractController implements // no SAML artifact given in request statusCode = "samlp:Requester"; statusMessageCode = "1202"; - + } else if (samlArtifactList.getLength() > 1) { // too many SAML artifacts given in request statusCode = "samlp:Requester"; @@ -280,9 +279,7 @@ public class GetAuthenticationDataService extends AbstractController implements try { Throwable error = saml1AuthServer.getErrorResponse(samlArtifact); statusCode = "samlp:Responder"; - - ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); - + if (error instanceof MOAIDException) { statusMessageCode = ((MOAIDException)error).getMessageId(); statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage()); @@ -291,8 +288,9 @@ public class GetAuthenticationDataService extends AbstractController implements statusMessage = StringEscapeUtils.escapeXml(error.getMessage()); } - subStatusCode = errorUtils.getResponseErrorCode(error); - + subStatusCode = statusMessager.getResponseErrorCode(error); + + } catch (Exception e) { //no authentication data for given SAML artifact statusCode = "samlp:Requester"; @@ -340,7 +338,7 @@ public class GetAuthenticationDataService extends AbstractController implements is = Thread.currentThread() .getContextClassLoader() .getResourceAsStream(templateURL); - + VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); BufferedReader reader = new BufferedReader(new InputStreamReader(is )); StringWriter writer = new StringWriter(); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java index 2a7cce89e..51d722dc4 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java @@ -49,9 +49,10 @@ package at.gv.egovernment.moa.id.protocols.saml1; import java.text.ParseException; import java.util.List; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.data.MOAAuthenticationData; +import at.gv.egovernment.moa.id.util.LoALevelMapper; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DateTimeUtils; @@ -62,7 +63,7 @@ import at.gv.egovernment.moa.util.DateTimeUtils; * @version $Id$ */ -public class SAML1AuthenticationData extends AuthenticationData { +public class SAML1AuthenticationData extends MOAAuthenticationData { /** * */ @@ -88,7 +89,8 @@ public class SAML1AuthenticationData extends AuthenticationData { private List<ExtendedSAMLAttribute> extendedSAMLAttributesOA; - public SAML1AuthenticationData() { + public SAML1AuthenticationData(LoALevelMapper loaMapper) { + super(loaMapper); this.setMajorVersion(1); this.setMinorVersion(0); this.setAssertionID(Random.nextRandom()); @@ -137,7 +139,7 @@ public void setAssertionID(String assertionID) { public void setIssueInstant(String date) { try { - setIssueInstant(DateTimeUtils.parseDateTime(date)); + setAuthenticationIssueInstant(DateTimeUtils.parseDateTime(date)); } catch (ParseException e) { Logger.error("Parse IssueInstant element FAILED.", e); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index bf4a55e46..78dc80815 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -43,9 +43,17 @@ import org.xml.sax.SAXException; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; @@ -57,21 +65,14 @@ import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Pair; +import at.gv.egovernment.moa.id.data.MOAAuthenticationData; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; import at.gv.util.xsd.persondata.IdentificationType; @@ -86,7 +87,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { @Autowired private ITransactionStorage authenticationDataStore; - /** + /** * time out in milliseconds used by {@link cleanup} for authentication data * store */ @@ -103,8 +104,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } Throwable error = null; try { - error = authenticationDataStore - .get(samlArtifact, Throwable.class); + error = authenticationDataStore.get(samlArtifact, Throwable.class); if (error == null) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); @@ -114,7 +114,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { authenticationDataStore.remove(samlArtifact); - } catch (MOADatabaseException e) { + } catch (EAAFException e) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); throw new AuthenticationException("1206", new Object[] { samlArtifact }); } @@ -189,7 +189,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } - } catch (MOADatabaseException e) { + } catch (EAAFException e) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); throw new AuthenticationException("1206", new Object[] { samlArtifact }); } @@ -201,10 +201,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } public String BuildErrorAssertion(Throwable error, IRequest protocolRequest) - throws BuildException, MOADatabaseException { + throws EAAFException { String samlArtifact = new SAMLArtifactBuilder().build( - protocolRequest.getOAURL(), protocolRequest.getRequestID(), + protocolRequest.getSPEntityId(), protocolRequest.getPendingRequestId(), null); authenticationDataStore.put(samlArtifact, error, authDataTimeOut); @@ -428,7 +428,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { //authData.setSamlAssertion(samlAssertion); String samlArtifact = new SAMLArtifactBuilder().build( - authData.getIssuer(), Random.nextRandom(), + authData.getAuthenticationIssuer(), Random.nextRandom(), sourceID); storeAuthenticationData(samlArtifact, samlAssertion); @@ -443,10 +443,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } - private String generateMandateDate(IOAAuthParameters oaParam, AuthenticationData authData + private String generateMandateDate(IOAAuthParameters oaParam, MOAAuthenticationData authData ) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, - ValidateException { + ValidateException, EAAFBuilderException { if (authData == null) throw new AuthenticationException("auth.10", new Object[] { @@ -491,7 +491,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { && Constants.URN_PREFIX_BASEID .equals(identificationType)) { // now we calculate the wbPK and do so if we got it from the - // BKU + // BKU //load IdentityLinkDomainType from OAParam Pair<String, String> targedId = new BPKBuilder().generateAreaSpecificPersonIdentifier( @@ -548,7 +548,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } else { ; - } + } return DOMUtils.serializeNode(prPerson); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 19fadb318..398119a7f 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -35,18 +35,20 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IModulInfo; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -59,10 +61,10 @@ import at.gv.egovernment.moa.util.URLEncoder; * @deprecated * @author tlenz * - */ + */ @Controller -public class SAML1Protocol extends AbstractAuthProtocolModulController { +public class SAML1Protocol extends AbstractAuthProtocolModulController implements IModulInfo { @Autowired private SAML1AuthenticationServer saml1AuthServer; @@ -92,21 +94,22 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController { return NAME; } - public String getPath() { + @Override + public String getAuthProtocolIdentifier() { return PATH; + } - @RequestMapping(value = "/StartAuthentication", method = {RequestMethod.POST, RequestMethod.GET}) - public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { - if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) { - Logger.info("SAML1 is deaktivated!"); - throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" }); - - } + public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { +// if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) { +// Logger.info("SAML1 is deaktivated!"); +// throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" }); +// +// } SAML1RequestImpl pendingReq = applicationContext.getBean(SAML1RequestImpl.class); - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(NAME); revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); @@ -127,15 +130,15 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController { public void preProcess(HttpServletRequest request, - HttpServletResponse response, SAML1RequestImpl pendingRequest) throws MOAIDException { + HttpServletResponse response, SAML1RequestImpl pendingRequest) throws MOAIDException, InvalidProtocolRequestException, EAAFConfigurationException, EAAFStorageException { try { - String oaURL = (String) request.getParameter(PARAM_OA); + String oaURL = (String) request.getParameter(MOAIDAuthConstants.PARAM_OA); //oaURL = StringEscapeUtils.escapeHtml(oaURL); - String target = (String) request.getParameter(PARAM_TARGET); + String target = (String) request.getParameter(MOAIDAuthConstants.PARAM_TARGET); target = StringEscapeUtils.escapeHtml(target); - String sourceID = request.getParameter(PARAM_SOURCEID); + String sourceID = request.getParameter(MOAIDAuthConstants.PARAM_SOURCEID); sourceID = StringEscapeUtils.escapeHtml(sourceID); //the target parameter is used to define the OA in SAML1 standard @@ -146,25 +149,25 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController { if (MiscUtil.isEmpty(oaURL)) { Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!"); - throw new WrongParametersException("StartAuthentication", PARAM_OA, + throw new WrongParametersException("StartAuthentication", MOAIDAuthConstants.PARAM_OA, "auth.12"); } if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, + throw new WrongParametersException("StartAuthentication", MOAIDAuthConstants.PARAM_OA, "auth.12"); - pendingRequest.setOAURL(oaURL); + pendingRequest.setSPEntityId(oaURL); Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL); if (!ParamValidatorUtils.isValidSourceID(sourceID)) - throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); + throw new WrongParametersException("StartAuthentication", MOAIDAuthConstants.PARAM_SOURCEID, "auth.12"); //load Target only from OA config - IOAAuthParameters oaParam = authConfig.getOnlineApplicationParameter(oaURL); + IOAAuthParameters oaParam = authConfig.getServiceProviderConfiguration(oaURL, IOAAuthParameters.class); if (oaParam == null) throw new InvalidProtocolRequestException("auth.00", @@ -225,15 +228,15 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController { HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable{ - if (!protocolRequest.getOnlineApplicationConfiguration().getSAML1Parameter().isProvideAllErrors()) + if (!protocolRequest.getServiceProviderConfiguration(IOAAuthParameters.class).getSAML1Parameter().isProvideAllErrors()) return false; else { String samlArtifactBase64 = saml1AuthServer.BuildErrorAssertion(e, protocolRequest); String url = protocolRequest.getAuthURL() + "/RedirectServlet"; - url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8")); - url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getSPEntityId(), "UTF-8")); + url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); url = response.encodeRedirectURL(url); response.setContentType("text/html"); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java index 1d3525626..4d3e60dd7 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java @@ -22,18 +22,11 @@ */ package at.gv.egovernment.moa.id.protocols.saml1; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; - -import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; -import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; /** * @author tlenz @@ -45,7 +38,7 @@ public class SAML1RequestImpl extends RequestImpl { private static final long serialVersionUID = -4961979968425683115L; - private String sourceID = null; + private String sourceID = null; private String target = null; /** @@ -78,29 +71,29 @@ public class SAML1RequestImpl extends RequestImpl { this.target = target; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() - */ - @Override - public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { - - List<String> reqAttr = new ArrayList<String>(); - reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION); - - SAML1ConfigurationParameters saml1 = this.getOnlineApplicationConfiguration().getSAML1Parameter(); - if (saml1 != null) { - if (saml1.isProvideAUTHBlock()) - reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME); - - if (saml1.isProvideCertificate()) - reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME); - - if (saml1.isProvideFullMandatorData()) - reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME); - } - - return reqAttr; - - } +// /* (non-Javadoc) +// * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() +// */ +// @Override +// public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { +// +// List<String> reqAttr = new ArrayList<String>(); +// reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION); +// +// SAML1ConfigurationParameters saml1 = this.getOnlineApplicationConfiguration().getSAML1Parameter(); +// if (saml1 != null) { +// if (saml1.isProvideAUTHBlock()) +// reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME); +// +// if (saml1.isProvideCertificate()) +// reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME); +// +// if (saml1.isProvideFullMandatorData()) +// reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME); +// } +// +// return reqAttr; +// +// } } diff --git a/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java b/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java index 961c8d0b5..4591e456f 100644 --- a/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java +++ b/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java @@ -46,9 +46,9 @@ package test.at.gv.egovernment.moa.id.auth.parser; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; -import at.gv.egovernment.moa.id.util.Random; import test.at.gv.egovernment.moa.id.UnitTestCase; /* @@ -63,7 +63,7 @@ public class SAMLArtifactParserTest extends UnitTestCase { public SAMLArtifactParserTest(String name) { super(name); } - + public void testParseTypeCode() throws Exception { String sessionID = Random.nextRandom(); String samlArtifact = new SAMLArtifactBuilder().build(URL1, sessionID, null); diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java index b21c5e93f..3676ca7d7 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java @@ -25,10 +25,10 @@ package at.gv.egovernment.moa.id.monitoring; import java.util.ArrayList; import java.util.List; -import at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger; +import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -94,8 +94,8 @@ public class DatabaseTestModule implements TestModuleInterface{ private String testMOAAdvancedLoggingDatabase() { try { - statLogUtils.testConnection(); - + statLogUtils.internalTesting(); + Logger.trace("Finish Test: AdvancedLoggingDataBase"); return null; diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java index 867855c49..1aae0f8d0 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java @@ -28,6 +28,7 @@ import java.util.List; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; @@ -36,7 +37,6 @@ import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters; @@ -56,7 +56,7 @@ public class IdentityLinkTestModule implements TestModuleInterface { public void initializeTest(long delayParam, String url, AuthConfiguration authConfig) throws Exception{ - if (MiscUtil.isNotEmpty(url)) { + if (MiscUtil.isNotEmpty(url)) { URL keystoreURL = new URL(url); InputStream idlstream = keystoreURL.openStream(); @@ -64,7 +64,7 @@ public class IdentityLinkTestModule implements TestModuleInterface { this.authConfig = authConfig; } - } + } public List<String> performTests() throws Exception{ Logger.trace("Start MOA-ID IdentityLink Test"); @@ -76,7 +76,7 @@ public class IdentityLinkTestModule implements TestModuleInterface { Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() .build(identityLink, config .getMoaSpIdentityLinkTrustProfileID(false)); - + // invokes the call Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance() .verifyXMLSignature(domVerifyXMLSignatureRequest); diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java index 1fa878d60..55b360ce2 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java @@ -29,12 +29,12 @@ import java.util.Map; import org.springframework.beans.factory.annotation.Autowired; -import at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger; +import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; public class TestManager{ diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index a9aed2d24..06c9a341a 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -36,6 +36,7 @@ <module>moa-id-module-bkaMobilaAuthSAML2Test</module> <module>moa-id-module-sl20_authentication</module> + <module>moa-id-module-AT_eIDAS_connector</module> </modules> <dependencies> |