diff options
Diffstat (limited to 'id/server/modules')
76 files changed, 2903 insertions, 225 deletions
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java index 5cee90658..cd3f1f788 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java @@ -322,7 +322,9 @@ public class EidasCentralAuthMetadataProvider extends SimpleMetadataProvider try { //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( - PVPConstants.SSLSOCKETFACTORYNAME, + PVPConstants.SSLSOCKETFACTORYNAME, + moaAuthConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), moaAuthConfig.getTrustedCACertificates(), null, AuthConfiguration.DEFAULT_X509_CHAININGMODE, diff --git a/id/server/modules/moa-id-module-eIDAS/.gitignore b/id/server/modules/moa-id-module-eIDAS/.gitignore new file mode 100644 index 000000000..b83d22266 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/.gitignore @@ -0,0 +1 @@ +/target/ diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index cf3325d24..5f4192645 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -12,11 +12,13 @@ <properties> <repositoryPath>${basedir}/../../../../repository</repositoryPath> - <eidas-commons.version>1.4.0</eidas-commons.version> - <eidas-light-commons.version>1.4.0</eidas-light-commons.version> - <eidas-saml-engine.version>1.4.0</eidas-saml-engine.version> - <eidas-encryption.version>1.4.0</eidas-encryption.version> - <eidas-configmodule.version>1.4.0</eidas-configmodule.version> + <eidas-commons.version>1.4.3</eidas-commons.version> + <eidas-light-commons.version>1.4.3</eidas-light-commons.version> + <eidas-saml-engine.version>1.4.3</eidas-saml-engine.version> + <eidas-encryption.version>1.4.3</eidas-encryption.version> + <eidas-configmodule.version>1.4.3</eidas-configmodule.version> + + <eID4U.module.version>0.2</eID4U.module.version> </properties> @@ -48,18 +50,48 @@ <groupId>MOA.id.server</groupId> <artifactId>moa-id-lib</artifactId> </dependency> + + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-modul-citizencard_authentication</artifactId> + <exclusions> + <exclusion> + <groupId>*</groupId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-openID</artifactId> + <exclusions> + <exclusion> + <groupId>*</groupId> + </exclusion> + </exclusions> + </dependency> <dependency> - <groupId>org.springframework</groupId> - <artifactId>spring-test</artifactId> - <scope>test</scope> - </dependency> - - <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - <scope>test</scope> - </dependency> + <groupId>eu.eidas.extension.eID4U</groupId> + <artifactId>eID4U_commons</artifactId> + <version>${eID4U.module.version}</version> + </dependency> + + <dependency> + <groupId>com.google.code.findbugs</groupId> + <artifactId>jsr305</artifactId> + <version>3.0.1</version> + </dependency> + + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-test</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <scope>test</scope> + </dependency> <!-- eidas Commons --> <dependency> diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java new file mode 100644 index 000000000..d3aa7b4a0 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java @@ -0,0 +1,94 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidas; + + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl; +import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class AustrianAuthWitheID4UAuthenticationModulImpl extends DefaultCitizenCardAuthModuleImpl { + + private int priority = 1; + + @Autowired private IRequestStorage requestStore; + + + @Override + public int getPriority() { + return priority; + } + + /** + * Sets the priority of this module. Default value is {@code 0}. + * @param priority The priority. + */ + public void setPriority(int priority) { + this.priority = priority; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) + */ + @Override + public String selectProcess(ExecutionContext context) { + String selectedProcessID = super.selectProcess(context); + if (MiscUtil.isNotEmpty(selectedProcessID)) { + String pendingReqId = (String)context.get(EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID); + + if (StringUtils.isEmpty(pendingReqId)) + Logger.warn("Process execution context contains NO 'pendingReqId'. Looks very suspect!"); + + else { + IRequest pendingReq = requestStore.getPendingRequest(pendingReqId); + if (pendingReq != null && pendingReq instanceof EIDASData) { + return "eID4UAttributCollectionAuthentication"; + + } + } + } + + return selectedProcessID; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:eid4u.Authentication.process.xml" }; + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java new file mode 100644 index 000000000..c8c65ce76 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java @@ -0,0 +1,61 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; +import at.gv.egovernment.moa.id.util.CookieUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +@Controller +public class eID4UAPSignalServlet extends AbstractProcessEngineSignalController { + + public eID4UAPSignalServlet() { + Logger.debug("Registering servlet " + getClass().getName() + + " with mappings '"+ eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN + "'."); + + } + + @RequestMapping(value = {eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN }, + method = {RequestMethod.POST, RequestMethod.GET}) + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + signalProcessManagement(req, resp); + } + + @Override + /** + * Protocol specific implementation to get the pending-requestID + * from http request object + * + * @param request The http Servlet-Request object + * @return The Pending-request id + * + */ + public String getPendingRequestId(HttpServletRequest request) { + String pendigReqId = super.getPendingRequestId(request); + + if (MiscUtil.isEmpty(pendigReqId)) { + Logger.trace("No 'pendingReqID', seach for 'state' parameter in eID4U use-case ... "); + pendigReqId = request.getParameter(OAuth20Constants.PARAM_STATE); + if (MiscUtil.isEmpty(pendigReqId)) { + Logger.trace("No 'pendingReqID', seach HTTP-Cookie in eID4U use-case ... "); + pendigReqId = CookieUtils.getValueFromCookie(request, eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME); + if (MiscUtil.isEmpty(pendigReqId)) + Logger.info("NO eID4U cookie or 'state' parameter with pendingReqId."); + + } + } + + return pendigReqId; + + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java new file mode 100644 index 000000000..45eb161d3 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java @@ -0,0 +1,25 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas; + +public class eID4UConstants { + + //configuration parameter + public static final String CONFIG_PROPS_AP_CONSENT_ENTITYID = "moa.id.protocols.eIDAS.eID4U.AP.consent.entityID"; + public static final String CONFIG_PROPS_AP_CONSENT_URL = "moa.id.protocols.eIDAS.eID4U.AP.consent.url"; + public static final String CONFIG_PROPS_AP_SCOPES = "moa.id.protocols.eIDAS.eID4U.AP.scopes.full"; + public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_URL = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.url"; + public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_PARAM_GRANTTYPE = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.param.granttype"; + public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_USERNAME = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.username"; + public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_PASSWORD = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.password"; + public static final String CONFIG_PROPS_AP_DATASERVICE_URL = "moa.id.protocols.eIDAS.eID4U.AP.dataservice.url"; + + //session parameter + public static final String HTTP_TRANSACTION_COOKIE_NAME = "eID4APTransactionId"; + public static final String HTTP_ENDPOINT_AP_CONSENT_RETURN = "/eidas/eid4u/resume"; + + //process context + public static final String PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS = "collecteID4UAttr"; + public static final String PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER = "eID4UAttrProvbPK"; + + + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java new file mode 100644 index 000000000..69cc131ff --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java @@ -0,0 +1,239 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; + +import org.apache.commons.lang3.StringUtils; + +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; + +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moaspss.logging.Logger; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; + +public class AttributeScopeMapper { + + private static AttributeScopeMapper instance = null; + + public static final String Scope_Delimiter = " "; + + public static final String Citizenship = "ANY@tugraz.idm.attr.Citizenship"; + public static final String CityOfBirth = "ANY@tugraz.idm.attr.CityOfBirth"; + public static final String CountryOfBirth = "ANY@tugraz.idm.attr.CountryOfBirth"; + public static final String CurrentDegreeName = "ANY@tugraz.idm.attr.CurrentDegreeName"; + public static final String CurrentFieldOfStudy = "ANY@tugraz.idm.attr.CurrentFieldOfStudy"; + public static final String CurrentLevelOfStudy = "ANY@tugraz.idm.attr.CurrentLevelOfStudy"; + public static final String EmailStud = "ANY@tugraz.idm.attr.EmailStud"; + public static final String Gender = "ANY@tugraz.idm.attr.Gender"; + public static final String HomeInstitutionName = "ANY@tugraz.idm.attr.HomeInstitutionName"; + public static final String HomeInstitutionCountry = "ANY@tugraz.idm.attr.HomeInstitutionCountry"; + + public static final String HomeInstitutionAddressCountryCode = "ANY@tugraz.idm.attr.HomeInstitutionAddressCountryCode"; + public static final String HomeInstitutionAddressPostalCode = "ANY@tugraz.idm.attr.HomeInstitutionAddressPostalCode"; + public static final String HomeInstitutionAddressStreet = "ANY@tugraz.idm.attr.HomeInstitutionAddressStreet"; + public static final String HomeInstitutionAddressCity = "ANY@tugraz.idm.attr.HomeInstitutionAddressCity"; + + public static final String PermanentAddressCity = "ANY@tugraz.idm.attr.PermanentAddressCity"; + public static final String PermanentAddressCountryCode = "ANY@tugraz.idm.attr.PermanentAddressCountryCode"; + public static final String PermanentAddressPostalCode = "ANY@tugraz.idm.attr.PermanentAddressPostalCode"; + public static final String PermanentAddressStreet = "ANY@tugraz.idm.attr.PermanentAddressStreet"; + + public static final String StudyAddressCity = "ANY@tugraz.idm.attr.StudyAddressCity"; + public static final String StudyAddressCountryCode = "ANY@tugraz.idm.attr.StudyAddressCountryCode"; + public static final String StudyAddressPostalCode = "ANY@tugraz.idm.attr.StudyAddressPostalCode"; + public static final String StudyAddressStreet = "ANY@tugraz.idm.attr.StudyAddressStreet"; + + private static List<String> complexeScopes = new ArrayList<String>(); + + private static final Map<String, String> eIDASToScopes = Collections.unmodifiableMap(new HashMap<String,String>() { + private static final long serialVersionUID = 1L; + { + put(Definitions.CITIZENSHIP_NAME, Citizenship); + put(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PLACE_OF_BIRTH.getNameUri().toString(), + CityOfBirth); + put(Definitions.COUNTRYOFBIRTH_NAME, CountryOfBirth); + put(Definitions.CURRENTDEGREE_NAME, CurrentDegreeName); + put(Definitions.FIELDOFSTUDY_NAME, CurrentFieldOfStudy); + put(Definitions.CURRENTLEVELOFSTUDY_NAME, CurrentLevelOfStudy); + put(Definitions.EMAIL_NAME, EmailStud); + put(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.GENDER.getNameUri().toString(), + Gender); + put(Definitions.HOMEINSTITUTIONNAME_NAME, HomeInstitutionName); + put(Definitions.HOMEINSTITUTIONCOUNTRY_NAME, HomeInstitutionCountry); + + put(Definitions.HOMEINSTITUTIONADDRESS_NAME, + HomeInstitutionAddressCountryCode + Scope_Delimiter + + HomeInstitutionAddressPostalCode + Scope_Delimiter + + HomeInstitutionAddressStreet + Scope_Delimiter + + HomeInstitutionAddressCity); + put(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), + PermanentAddressCity + Scope_Delimiter + + PermanentAddressCountryCode + Scope_Delimiter + + PermanentAddressPostalCode + Scope_Delimiter + + PermanentAddressStreet); + put(Definitions.TEMPORARYADDRESS_NAME, + StudyAddressCity + Scope_Delimiter + + StudyAddressCountryCode + Scope_Delimiter + + StudyAddressPostalCode + Scope_Delimiter + + StudyAddressStreet); + + } + }); + + private static Map<String, String> scopesToeIDAS = Collections.unmodifiableMap(new HashMap<String,String>() { + private static final long serialVersionUID = 1L; + { + Iterator<Entry<String, String>> it = eIDASToScopes.entrySet().iterator(); + while (it.hasNext()) { + Entry<String, String> el = it.next(); + String[] value = el.getValue().split(Scope_Delimiter); + if (value.length == 1) + put(el.getValue(), el.getKey()); + + else { + for (String i : value) { + put(i, el.getKey()); + complexeScopes.add(i); + + } + } + } + } + }); + + + + + public static AttributeScopeMapper getInstance() { + if (instance == null) { + instance = new AttributeScopeMapper(); + + } + + return instance; + } + + /** + * Map a eID4U attribute-name into a TUG Scope + * + * @param eID4UAttributeName eID4U attribute-name + * @return TUG Scope + */ + public String getTUGScopesForAttribute(String eID4UAttributeName) { + if (eIDASToScopes.containsKey(eID4UAttributeName)) + return eIDASToScopes.get(eID4UAttributeName); + + else { + Logger.info("eID4U attribute '" + eID4UAttributeName + "' CAN NOT provides from TUG"); + return StringUtils.EMPTY; + + } + + } + + /** + * Map a TUG Scope into an eID4u attribute-name + * + * @param scope TUG scope + * @return eID4u attribute name + */ + public String geteIDASAttrFromScope(String scope) { + return scopesToeIDAS.get(scope); + + } + + /** + * Check if an TUG scope is part of a complex eID4u attribute + * + * @param scope TUG scope + * @return true if scope is part of a complex attribute, otherwise false + */ + public boolean isComplexeScope(String scope) { + return complexeScopes.contains(scope); + + } + + /** + * Convert the TUG Attribute-provider response into a Map<attributeName, attributeValue> of eID4U attributes + * + * + * @param jsonObject TUG AP response + * @return Map of eID4U attributes, but never null + */ + public Map<String, Object> populateEid4uAttributesFromTugResponse(JsonObject jsonObject) { + Map<String, Object> result = new HashMap<String, Object>(); + Map<String, String> complexAttr = new HashMap<String, String>(); + + Iterator<Entry<String, JsonElement>> it = jsonObject.entrySet().iterator(); + while (it.hasNext()) { + Entry<String, JsonElement> el = it.next(); + String key = el.getKey(); + + Logger.trace("Starting TUG scrope mapping for: " + key + " ... "); + String eIDASAttr = AttributeScopeMapper.getInstance().geteIDASAttrFromScope(key); + if (StringUtils.isNotEmpty(eIDASAttr)) { + if (!AttributeScopeMapper.getInstance().isComplexeScope(key)) { + Logger.debug("Map simple TUG scope: " + key + " to eIDAS attribute: " + eIDASAttr); + result.put(eIDASAttr, el.getValue().getAsString()); + + } else { + Logger.trace("Find complex TUG scope: " + key); + complexAttr.put(eIDASAttr, null); + + } + + } else + Logger.info("Can NOT map TUG scope: " + key + " to any eID4U attribute"); + + } + + //TODO: can only Map address attributes + Iterator<String> complIt = complexAttr.keySet().iterator(); + while(complIt.hasNext()) { + String attr = complIt.next(); + + eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress.Builder address = PostalAddress.builder(); + if (Definitions.HOMEINSTITUTIONADDRESS_NAME.equals(attr)) { + address.postCode(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressPostalCode).getAsString()); + address.postName(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressCity).getAsString()); + address.cvAddressArea(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressStreet).getAsString()); + address.thoroughfare(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressStreet).getAsString()); + result.put(attr, address.build()); + + } else if (Definitions.TEMPORARYADDRESS_NAME.equals(attr)) { + address.postCode(jsonObject.get(AttributeScopeMapper.StudyAddressPostalCode).getAsString()); + address.postName(jsonObject.get(AttributeScopeMapper.StudyAddressCity).getAsString()); + address.cvAddressArea(jsonObject.get(AttributeScopeMapper.StudyAddressStreet).getAsString()); + address.thoroughfare(jsonObject.get(AttributeScopeMapper.StudyAddressStreet).getAsString()); + result.put(attr, address.build()); + + } else if (eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString().equals(attr)) { + address.postCode(jsonObject.get(AttributeScopeMapper.PermanentAddressPostalCode).getAsString()); + address.postName(jsonObject.get(AttributeScopeMapper.PermanentAddressCity).getAsString()); + address.cvAddressArea(jsonObject.get(AttributeScopeMapper.PermanentAddressStreet).getAsString()); + address.thoroughfare(jsonObject.get(AttributeScopeMapper.PermanentAddressStreet).getAsString()); + result.put(attr, address.build()); + + } else { + Logger.warn("Complexe eID4U attribute: " + attr + " is NOT SUPPORTED yet!"); + + } + + } + + return result; + + } + + + private AttributeScopeMapper() { + + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java index f347022b8..d5b1a9e4e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java @@ -1,5 +1,7 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.engine; +import java.util.Collection; + import org.opensaml.saml2.core.AuthnRequest; import org.opensaml.saml2.core.Response; import org.w3c.dom.Document; @@ -26,9 +28,9 @@ public class MOAProtocolEngine extends ProtocolEngine { * */ @Override - public Correlated unmarshallResponse(byte[] responseBytes) throws EIDASSAMLEngineException { + public Correlated unmarshallResponse(byte[] responseBytes, Collection<String> metadataWhitelist, boolean checkWhitelist) throws EIDASSAMLEngineException { try { - return super.unmarshallResponse(responseBytes); + return super.unmarshallResponse(responseBytes, metadataWhitelist, checkWhitelist); } catch (EIDASSAMLEngineException e) { if (responseBytes != null ) { @@ -45,7 +47,7 @@ public class MOAProtocolEngine extends ProtocolEngine { if (startInternalMetadataRefesh(entityID)) { Logger.debug("Metadata refresh success. Revalidate eIDAS Response ..."); - return super.unmarshallResponse(responseBytes); + return super.unmarshallResponse(responseBytes, metadataWhitelist, checkWhitelist); } Logger.info("eIDAS metadata refresh not possible or not successful."); @@ -61,9 +63,9 @@ public class MOAProtocolEngine extends ProtocolEngine { * */ @Override - public AuthnRequest unmarshallRequest(byte[] requestBytes) throws EIDASSAMLEngineException { + public AuthnRequest unmarshallRequest(byte[] requestBytes, Collection<String> whitelistMetadata, boolean checkWhitelist) throws EIDASSAMLEngineException { try { - return super.unmarshallRequest(requestBytes); + return super.unmarshallRequest(requestBytes, whitelistMetadata, checkWhitelist); } catch (EIDASSAMLEngineException e) { @@ -81,7 +83,7 @@ public class MOAProtocolEngine extends ProtocolEngine { if (startInternalMetadataRefesh(entityID)) { Logger.debug("Metadata refresh success. Revalidate eIDAS Authn. Request ..."); - return super.unmarshallRequest(requestBytes); + return super.unmarshallRequest(requestBytes, whitelistMetadata, checkWhitelist); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java index aca818532..feeff6f84 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java @@ -440,7 +440,9 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider imp AuthConfiguration moaAuthConfig = (AuthConfiguration) basicConfig; //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( - PVPConstants.SSLSOCKETFACTORYNAME, + PVPConstants.SSLSOCKETFACTORYNAME, + basicConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), moaAuthConfig.getTrustedCACertificates(), null, AuthConfiguration.DEFAULT_X509_CHAININGMODE, diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java new file mode 100644 index 000000000..b7a9fcba9 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java @@ -0,0 +1,32 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class eID4UAPException extends EIDASException { + + /** + * + */ + private static final long serialVersionUID = 1L; + + public eID4UAPException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + public eID4UAPException(String messageId, Object[] parameters, Throwable e) { + super(messageId, parameters, e); + } + + @Override + public String getStatusCodeFirstLevel() { + return StatusCode.RESPONDER_URI; + + } + + @Override + public String getStatusCodeSecondLevel() { + return StatusCode.AUTHN_FAILED_URI; + + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java new file mode 100644 index 000000000..a58bc4f8d --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java @@ -0,0 +1,181 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; + +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import com.google.common.collect.UnmodifiableIterator; + +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants; +import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper; +import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; +import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthAction; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20Protocol; +import at.gv.egovernment.moa.id.util.CookieUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.Builder; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.ImmutableAttributeEntry; + +@Component("CollectAddtionalAttributesTask") +public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { + + @Autowired private OAuth20AuthAction openIDAuthAction; + @Autowired private ITransactionStorage transactionStorage; + @Autowired private AuthenticationDataBuilder authDataBuilder; + + @Override + public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp) + throws TaskExecutionException { + try{ + context.put(eID4UConstants.PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS, false); + + if (pendingReq instanceof EIDASData) { + EIDASData eidasReq = (EIDASData) pendingReq; + Logger.debug("Find eIDAS Auth. Req. Check if eID4U attributes are requested ..."); + + //select all eID4U attributes from requested attributes + Builder reqEid4uAttrListBuilder = ImmutableAttributeMap.builder(); + ImmutableAttributeMap reqAttrList = eidasReq.getEidasRequestedAttributes(); + for (String el : Definitions.EID4UATTRIBUTEELIST) { + if(reqAttrList.getAttributeValuesByNameUri(el) != null) { + Logger.debug("Find eID4U attr: " + el); + reqEid4uAttrListBuilder.put(reqAttrList.getDefinitionByNameUri(el)); + + } + } + + //collect eID4U attributes, if some attributes are selected before + ImmutableAttributeMap reqEid4uAttrList = reqEid4uAttrListBuilder.build(); + if (reqEid4uAttrList != null && reqEid4uAttrList.size() > 0) { + Logger.info("Starting eID4U attribute collection process ... "); + + //mark execution context with eID4U AP flag + context.put(eID4UConstants.PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS, true); + + //load connection parameters to TUG + String uniqueID = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_CONSENT_ENTITYID); + String redirectURI = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_CONSENT_URL); + String scopes = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_SCOPES); + + if (MiscUtil.isEmpty(scopes)) { + //generate scope from attributes + scopes = mapReqAttributesIntoScopes(reqEid4uAttrList); + + } + + Logger.debug("Load eID4U AP-Config:" + + " EntityID: " + uniqueID + + " RedirectURL:" + redirectURI + + " Scopes: " + scopes); + + + /* + *build openID and set connect token + */ + + //generate fake OpenID_Connect request + OAuth20AuthRequest fakeOpenIDReq = new OAuth20AuthRequest(); + fakeOpenIDReq.initialize(httpReq, authConfig); + fakeOpenIDReq.setSPEntityId(uniqueID); + fakeOpenIDReq.setModule(OAuth20Protocol.NAME); + fakeOpenIDReq.setOnlineApplicationConfiguration(authConfig.getServiceProviderConfiguration(uniqueID)); + fakeOpenIDReq.setScope("openId profile"); + + //populate with SessionData + fakeOpenIDReq.setRawDataToTransaction( + pendingReq.getSessionData(AuthenticationSessionWrapper.class) + .getKeyValueRepresentationFromAuthSession()); + + //generate authData + IAuthData authData = authDataBuilder.buildAuthenticationData(fakeOpenIDReq); + + //generate OpenIDConenct token + String accessToken = Random.nextHexRandom32(); + OAuth20SessionObject o = new OAuth20SessionObject(); + o.setScope(fakeOpenIDReq.getScope()); + o.setCode(accessToken); + Map<String, Object> idToken = openIDAuthAction.generateIDToken(o, fakeOpenIDReq, authData, accessToken); + o.setAuthDataSession(idToken); + transactionStorage.put(accessToken, o, -1); + + //forward to TUG + httpResp.setStatus(HttpServletResponse.SC_FOUND); + redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_OPENID_CODE, accessToken); + redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_SCOPE, scopes); + redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_STATE, + pendingReq.getPendingRequestId()); + redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_REDIRECT_URI, + pendingReq.getAuthURL() + eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN); + + final String finalUrl = redirectURI; + httpResp.addHeader("Location", finalUrl); + Logger.debug("REDIRECT TO: " + finalUrl.toString()); + + //set session cookie, because eID4U AP from TUG maybe not support pendingReqIds on request level + CookieUtils.setCookie(httpReq, httpResp, + eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME, + pendingReq.getPendingRequestId(), -1); + + //set user's bPK into pendingRequst because TUG AttributeProvider needs it + pendingReq.setRawDataToTransaction( + eID4UConstants.PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER, + new BPKAttributeBuilder().build( + fakeOpenIDReq.getServiceProviderConfiguration(), + authData, + new SimpleStringAttributeGenerator())); + requestStoreage.storePendingRequest(pendingReq); + + } else + Logger.debug("No eID4U attributes found. Skip eID4U attribute collection"); + + } else + Logger.debug("No eIDAS Request found. Skip eID4U attribute collection"); + + } catch (Exception e) { + Logger.error("eID4U AttributeProvider communication FAILED.", e); + throw new TaskExecutionException(pendingReq, "eID4U AttributeProvider communication FAILED", e); + + } + + } + + private String mapReqAttributesIntoScopes(ImmutableAttributeMap reqEid4uAttrList) { + String result = StringUtils.EMPTY; + UnmodifiableIterator<ImmutableAttributeEntry<?>> it = reqEid4uAttrList.entrySet().iterator(); + while (it.hasNext()) { + ImmutableAttributeEntry<?> el = it.next(); + String scope = AttributeScopeMapper.getInstance().getTUGScopesForAttribute( + el.getKey().getNameUri().toString()); + + if (result.isEmpty()) + result = scope; + else + result += " " + scope; + + } + + return result; + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java index 1788facf0..274a23674 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java @@ -57,11 +57,14 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider); //validate SAML token + //TODO: maybe add whitelist IAuthenticationResponse samlResp = engine.unmarshallResponseAndValidate(decSamlToken, request.getRemoteHost(), Constants.CONFIG_PROPS_SKEWTIME_BEFORE, Constants.CONFIG_PROPS_SKEWTIME_AFTER, - pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA); + pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA, + null, + false); if (samlResp.isEncrypted()) { Logger.info("Received encrypted eIDAS SAML-Response."); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java new file mode 100644 index 000000000..e878f8ab1 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java @@ -0,0 +1,238 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; + +import java.io.InputStreamReader; +import java.nio.charset.StandardCharsets; +import java.util.Base64; +import java.util.Map; +import java.util.Map.Entry; + +import javax.net.ssl.SSLSocketFactory; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.io.IOUtils; +import org.apache.http.Header; +import org.apache.http.HttpHeaders; +import org.apache.http.HttpResponse; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.protocol.HttpClientContext; +import org.apache.http.client.utils.URIBuilder; +import org.apache.http.impl.client.CloseableHttpClient; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants; +import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper; +import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eID4UAPException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport; +import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; +import at.gv.egovernment.moa.id.util.CookieUtils; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +@Component("ReceiveConsentForAddtionalAttributesTask") +public class ReceiveConsentForAddtionalAttributesTask extends AbstractAuthServletTask { + + private static final int HashMap = 0; + @Autowired private AuthConfiguration moaAuthConfig; + + @Override + public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp) + throws TaskExecutionException { + try{ + if (pendingReq instanceof EIDASData) { + EIDASData eidasReq = (EIDASData) pendingReq; + + //delete eID4U http Cookie with pendingRequestId + CookieUtils.deleteCookie(httpReq, httpResp, eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME); + + String authCode = httpReq.getParameter(OAuth20Constants.RESPONSE_CODE); + if (MiscUtil.isEmpty(authCode)) { + Logger.info("Find NO OAuth2 authCode as http parameter 'code'. eID4U AP process stopping ... "); + throw new eID4UAPException("NO OAuth2 'authCode' to access AP", null); + + } + Logger.trace("Find OAuth2 'code' with: " + authCode); + + /* + * access backend service with authCode + * + */ + String tokenServiceURL = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_URL); + String tokenServiceUsername = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_USERNAME); + String tokenServicePassword = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_PASSWORD); + + if (MiscUtil.isEmpty(tokenServiceURL)) { + Logger.info("NO TokenService URL in configuration for eID4U AP. "); + throw new eID4UAPException("NO TokenService URL in configuration for eID4U AP.", null); + + } + + //open http client + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( + moaAuthConfig, + tokenServiceURL); + CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient( + sslFactory, + authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); + + //build request URL + URIBuilder uriBuilderToken = new URIBuilder(tokenServiceURL); + uriBuilderToken.addParameter(OAuth20Constants.PARAM_GRANT_TYPE, + authConfig.getBasicConfiguration( + eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_PARAM_GRANTTYPE, + OAuth20Constants.PARAM_GRANT_TYPE_VALUE_AUTHORIZATION_CODE)); + uriBuilderToken.addParameter(OAuth20Constants.RESPONSE_CODE, authCode); + Logger.trace("Full eID4U Token-Service request URL: " + uriBuilderToken.build()); + + HttpGet httpGetToken = new HttpGet(uriBuilderToken.build()); + + HttpClientContext localContext = HttpClientContext.create(); + if (MiscUtil.isNotEmpty(tokenServiceUsername)) { + Logger.debug("Find AuthCredentials for eID4U AP. Injecting credentials ... "); + + //Raw work-around, because API solution does not work well + String auth = tokenServiceUsername.trim() + ":" + tokenServicePassword.trim(); + byte[] encodedAuth = Base64.getEncoder().encode(auth.getBytes(StandardCharsets.ISO_8859_1)); + String authHeader = "Basic " + new String(encodedAuth); + httpGetToken.setHeader(HttpHeaders.AUTHORIZATION, authHeader); + + //API solutuion +// HttpHost targetHost = new HttpHost(uriBuilderToken.build().toString()); +// AuthCache authCache = new BasicAuthCache(); +// authCache.put(targetHost, new BasicScheme()); +// +// CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); +// credentialsProvider.setCredentials(AuthScope.ANY, +// new UsernamePasswordCredentials(tokenServiceUsername.trim(), tokenServicePassword.trim())); +// localContext.setCredentialsProvider(credentialsProvider); +// localContext.setAuthCache(authCache); + + } + + //request tokenService + HttpResponse httpResultToken = httpClient.execute(httpGetToken, localContext); + + Logger.trace("Receive http StatusCode: " + httpResultToken.getStatusLine().getStatusCode() + + " from eID4U AP TokenService"); + + if (Logger.isTraceEnabled()) { + for (Header el : httpResultToken.getAllHeaders()) + Logger.trace("Resp. Headername:" + el.getName() + " Value:" + el.getValue()); + } + + if (httpResultToken.getStatusLine().getStatusCode() != 200) { + Logger.info("eID4U AP TokenService anwser with StatusCode:" + httpResultToken.getStatusLine().getStatusCode() + + " eID4U AP process stopping ... "); + if (httpResultToken.getEntity().getContent() != null) + Logger.trace("StatusMessage: " + IOUtils.toString(httpResultToken.getEntity().getContent(), "UTF-8")); + throw new eID4UAPException("eID4U AP TokenService return statusCode: " + httpResultToken.getStatusLine().getStatusCode(), null); + + } + + //parse AccessToken from TokenService response + JsonElement fullToken = new JsonParser().parse( + new InputStreamReader(httpResultToken.getEntity().getContent())); + Logger.trace("FullToken: " + fullToken.toString()); + String accessToken = fullToken.getAsJsonObject().get(OAuth20Constants.RESPONSE_ACCESS_TOKEN).getAsString(); + + + //call Attribute Provider to receice eID4U attributes from TUG + String attrProviderServiceURL = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_DATASERVICE_URL); + if (MiscUtil.isEmpty(attrProviderServiceURL)) { + Logger.info("NO Attr.Provider Service URL in configuration for eID4U AP. "); + throw new eID4UAPException("NO Attr.Provider URL in configuration for eID4U AP.", null); + + } + + + URIBuilder uriBuilderAttrProv = new URIBuilder(attrProviderServiceURL); + HttpGet httpGetData = new HttpGet(uriBuilderAttrProv.build()); + + //encode and add token as header + String authHeader = "Bearer " + accessToken; + httpGetData.setHeader(HttpHeaders.AUTHORIZATION, authHeader); + + //get and add bPK as header + httpGetData.setHeader( + "X-PVP-BPK", + pendingReq.getRawData(eID4UConstants.PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER, String.class)); + + if (Logger.isTraceEnabled()) { + for (Header el : httpGetData.getAllHeaders()) + Logger.trace("Req. Headername:" + el.getName() + " Value:" + el.getValue()); + } + + //request Attribute Provider + HttpResponse httpResultData = httpClient.execute(httpGetData); + + //parse response + Logger.trace("Receive http StatusCode: " + httpResultData.getStatusLine().getStatusCode() + + " from eID4U Attr.Provider Service"); + + if (Logger.isTraceEnabled()) { + for (Header el : httpResultData.getAllHeaders()) + Logger.trace("Resp. Headername:" + el.getName() + " Value:" + el.getValue()); + } + + if (httpResultData.getStatusLine().getStatusCode() != 200) { + Logger.info("eID4U Attr.Provider Service anwser with StatusCode:" + httpResultData.getStatusLine().getStatusCode() + + " eID4U AP process stopping ... "); + if (httpResultData.getEntity().getContent() != null) + Logger.trace("StatusMessage: " + IOUtils.toString(httpResultData.getEntity().getContent(), "UTF-8")); + + throw new eID4UAPException("eID4U Attr.Provider Service return statusCode: " + httpResultData.getStatusLine().getStatusCode(), null); + + } + + + //parse eID4U attributes from Attr.Provider service response + JsonElement fullAttrSet = new JsonParser().parse( + new InputStreamReader(httpResultData.getEntity().getContent())); + Logger.trace("FullAttrSet: " + fullAttrSet.toString()); + + //populate eID4U attributes + populateEid4uAttributes(fullAttrSet.getAsJsonObject()); + + //store pendingRequest + requestStoreage.storePendingRequest(pendingReq); + + + } else + Logger.debug("No eIDAS Request found. Skip eID4U attribute collection"); + + } catch (Exception e) { + Logger.error("IdentityLink generation for foreign person FAILED.", e); + throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + + } + + } + + private void populateEid4uAttributes(JsonObject jsonObject) throws EAAFStorageException { + try { + AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + Map<String, Object> eID4UAttributes = AttributeScopeMapper.getInstance().populateEid4uAttributesFromTugResponse(jsonObject); + for (Entry<String, Object> el : eID4UAttributes.entrySet()) + session.setGenericDataToSession(el.getKey(), el.getValue()); + + } catch (EAAFStorageException e) { + Logger.warn("Can NOT inject authentication data into user object.", e); + throw e; + } + + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java index bb52d2ffe..44a313885 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java @@ -69,12 +69,11 @@ import org.opensaml.xml.security.credential.UsageType; import org.opensaml.xml.security.keyinfo.KeyInfoGenerator; import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory; import org.opensaml.xml.signature.KeyInfo; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import com.google.common.collect.ImmutableSortedSet; import com.google.common.collect.Ordering; +import at.gv.egovernment.moa.logging.Logger; import eu.eidas.auth.commons.EIDASUtil; import eu.eidas.auth.commons.EidasStringUtil; import eu.eidas.auth.commons.attribute.AttributeDefinition; @@ -108,7 +107,6 @@ import eu.eidas.util.Preconditions; * */ public class NewMoaEidasMetadata { - private static final Logger LOGGER = LoggerFactory.getLogger(EidasMetadata.class.getName()); private final String metadata; private final String entityId; private static final Set<String> DEFAULT_BINDING = new HashSet() { @@ -180,7 +178,7 @@ public class NewMoaEidasMetadata { dm.setAlgorithm(digestMethod); eidasExtensions.getUnknownXMLObjects().add(dm); } else { - NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding DigestMethod extension"); + Logger.info("BUSINESS EXCEPTION error adding DigestMethod extension"); } } } @@ -197,7 +195,7 @@ public class NewMoaEidasMetadata { spTypeObj.setSPType(this.params.getSpType()); eidasExtensions.getUnknownXMLObjects().add(spTypeObj); } else { - NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding SPType extension"); + Logger.info("BUSINESS EXCEPTION error adding SPType extension"); } } generateDigest(eidasExtensions); @@ -212,7 +210,7 @@ public class NewMoaEidasMetadata { sm.setAlgorithm(signMethod); eidasExtensions.getUnknownXMLObjects().add(sm); } else { - NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding SigningMethod extension"); + Logger.info("BUSINESS EXCEPTION error adding SigningMethod extension"); } } } @@ -378,8 +376,12 @@ public class NewMoaEidasMetadata { new ImmutableSortedSet.Builder<>(Ordering.<AttributeDefinition<?>>natural()); for (String attr : eIDASAttributeBuilder.getAllProvideableeIDASAttributes()) { - AttributeDefinition<?> supAttr = params.getIdpEngine().getProtocolProcessor().getAttributeDefinitionNullable(attr); - builder.add(supAttr); + Logger.trace("Build metadata-attr: " + attr); + AttributeDefinition<?> supAttr = params.getIdpEngine().getProtocolProcessor().getAttributeDefinitionNullable(attr); + if (supAttr == null) + Logger.warn("Suspect eIDAS attribute definition: " + attr); + else + builder.add(supAttr); } return builder.build(); @@ -444,11 +446,11 @@ public class NewMoaEidasMetadata { url.setURL(new LocalizedString(this.params.getOrganization().getUrl(), "en")); organization.getURLs().add(url); } catch (IllegalAccessException iae) { - NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", iae.getMessage()); - NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", iae); + Logger.info("ERROR : error generating the OrganizationData: " + iae.getMessage()); + Logger.warn("ERROR : error generating the OrganizationData:", iae); } catch (NoSuchFieldException nfe) { - NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", nfe.getMessage()); - NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", nfe); + Logger.info("ERROR : error generating the OrganizationData: " + nfe.getMessage()); + Logger.warn("ERROR : error generating the OrganizationData:", nfe); } } return organization; @@ -463,11 +465,11 @@ public class NewMoaEidasMetadata { else if (contactType == ContactPersonTypeEnumeration.TECHNICAL) currentContact = this.params.getTechnicalContact(); else { - NewMoaEidasMetadata.LOGGER.error("ERROR: unsupported contact type"); + Logger.error("ERROR: unsupported contact type"); } contact = (ContactPerson) BuilderFactoryUtil.buildXmlObject(ContactPerson.class); if (currentContact == null) { - NewMoaEidasMetadata.LOGGER.error("ERROR: cannot retrieve contact from the configuration"); + Logger.error("ERROR: cannot retrieve contact from the configuration"); return contact; } @@ -486,11 +488,11 @@ public class NewMoaEidasMetadata { populateContact(contact, currentContact, emailAddressObj, company, givenName, surName, phoneNumber); } catch (IllegalAccessException iae) { - NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", iae.getMessage()); - NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", iae); + Logger.info("ERROR : error generating the OrganizationData: " + iae.getMessage()); + Logger.warn("ERROR : error generating the OrganizationData: ", iae); } catch (NoSuchFieldException nfe) { - NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", nfe.getMessage()); - NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", nfe); + Logger.info("ERROR : error generating the OrganizationData: " + nfe.getMessage()); + Logger.warn("ERROR : error generating the OrganizationData: ", nfe); } return contact; } @@ -546,8 +548,8 @@ public class NewMoaEidasMetadata { } return EidasStringUtil.toString(OpenSamlHelper.marshall(entityDescriptor, false)); } catch (Exception ex) { - NewMoaEidasMetadata.LOGGER.info("ERROR : SAMLException ", ex.getMessage()); - NewMoaEidasMetadata.LOGGER.debug("ERROR : SAMLException ", ex); + Logger.info("ERROR : SAMLException: " + ex.getMessage()); + Logger.warn("ERROR : SAMLException ", ex); throw new IllegalStateException(ex); } } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java index 6d20caa4b..b000c317e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java @@ -33,6 +33,7 @@ import org.opensaml.xml.ConfigurationException; import org.opensaml.xml.XMLConfigurator; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eid4u.api.attributes.Definitions; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAExtendedSWSigner; import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl; @@ -112,6 +113,16 @@ public class SAMLEngineUtils { SAMLSchemaBuilder.addExtensionSchema( at.gv.egovernment.moa.util.Constants.SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION); + //add eID4U schemes + SAMLSchemaBuilder.addExtensionSchema( + Definitions.SAML2_eID4U_CORE_EXTENSIONS_SCHEMA_LOCATION); + SAMLSchemaBuilder.addExtensionSchema( + Definitions.SAML2_eID4U_PERSON_EXTENSIONS_SCHEMA_LOCATION); + SAMLSchemaBuilder.addExtensionSchema( + Definitions.SAML2_eID4U_STUDIES_EXTENSIONS_SCHEMA_LOCATION); + SAMLSchemaBuilder.addExtensionSchema( + Definitions.SAML2_eID4U_EXT_EUROPASS3_EXTENSIONS_SCHEMA_LOCATION); + eIDASEngine = engine; } catch (EIDASSAMLEngineException | ConfigurationException e) { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java deleted file mode 100644 index e3b58d259..000000000 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth.modules.eidas.utils; - -import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; - -/** - * @author tlenz - * - */ -public class SimpleEidasAttributeGenerator implements IAttributeGenerator<String> { - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildStringAttribute(java.lang.String, java.lang.String, java.lang.String) - */ - @Override - public String buildStringAttribute(String friendlyName, String name, String value) { - return value; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildIntegerAttribute(java.lang.String, java.lang.String, int) - */ - @Override - public String buildIntegerAttribute(String friendlyName, String name, int value) { - return String.valueOf(value); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildLongAttribute(java.lang.String, java.lang.String, long) - */ - @Override - public String buildLongAttribute(String friendlyName, String name, long value) { - return String.valueOf(value); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildEmptyAttribute(java.lang.String, java.lang.String) - */ - @Override - public String buildEmptyAttribute(String friendlyName, String name) { - return null; - } - -} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java index 200215308..d2323d161 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java @@ -38,6 +38,7 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.data.IMOAAuthData; +import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; import at.gv.egovernment.moa.logging.Logger; @@ -53,7 +54,7 @@ import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException; * */ public class eIDASAttributeBuilder extends PVPAttributeBuilder { - private static IAttributeGenerator<String> generator = new SimpleEidasAttributeGenerator(); + private static IAttributeGenerator<String> generator = new SimpleStringAttributeGenerator(); private static List<String> listOfSupportedeIDASAttributes; private static ServiceLoader<IeIDASAttribute> eIDASAttributLoader = @@ -105,7 +106,7 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder { * @param authData Authentication data that contains user information for attribute generation * @return eIDAS attribute response {@link Pair} or null if the attribute generation FAILES */ - public static Pair<AttributeDefinition<?>,ImmutableSet<AttributeValue<?>>> buildAttribute(AttributeDefinition<?> attr, ISPConfiguration onlineApplicationConfiguration, + public static Pair<?, ImmutableSet<AttributeValue<?>>> buildAttribute(AttributeDefinition<?> attr, ISPConfiguration onlineApplicationConfiguration, IAuthData authData) { String attrName = attr.getNameUri().toString(); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index d268dd2f6..7c9e66ba0 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -203,7 +203,8 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement //***** validate eIDAS request ********* //**************************************** //validate SAML token - IAuthenticationRequest samlReq = engine.unmarshallRequestAndValidate(decSamlToken, cititzenCountryCode ); + //TODO: maybe add whitelist feature + IAuthenticationRequest samlReq = engine.unmarshallRequestAndValidate(decSamlToken, cititzenCountryCode, null, false); //validate internal JAVA class type if (!(samlReq instanceof IEidasAuthenticationRequest)) { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java index 1ac4560b0..d9232a2f3 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java @@ -28,7 +28,8 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF * @author tlenz * */ -@Deprecated + + @eIDASMetadata public class eIDASAttrLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java index 66359e240..e10f42b37 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java @@ -35,7 +35,6 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ -@Deprecated @eIDASMetadata public class eIDASAttrLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java index 638b01bb1..cea28662e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java @@ -28,7 +28,10 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF * @author tlenz * */ -@eIDASMetadata + +/* + * Is not a valid eIDAS attribute at the moment, because representative has to be a natural person + */ public class eIDASAttrRepresentativeLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute { @Override diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java index fd245c3eb..7c527ff67 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java @@ -35,7 +35,10 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ -@eIDASMetadata + +/* + * Is not a valid eIDAS attribute at the moment, because representative has to be a natural person + */ public class eIDASAttrRepresentativeLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute { @Override diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java index f7e135bae..14ba239a1 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java @@ -61,7 +61,7 @@ public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNat throws AttributeBuilderException { try { - Pair<String, String> calcResult = internalBPKGenerator(oaParam, authData); + Pair<String, String> calcResult = getBpkForSp(oaParam, authData); if (calcResult != null) { String personalID = calcResult.getFirst(); String type = calcResult.getSecond(); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java index db072203d..9321182da 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java @@ -1,5 +1,8 @@ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; +import java.lang.annotation.Retention; + +@Retention(java.lang.annotation.RetentionPolicy.RUNTIME) public @interface eIDASMetadata { } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java new file mode 100644 index 000000000..2f066bc6b --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class CititzenshipAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.CITIZENSHIP_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.CITIZENSHIP_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.CITIZENSHIP_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java new file mode 100644 index 000000000..8ef79b774 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class CountryOfBirthAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.COUNTRYOFBIRTH_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.COUNTRYOFBIRTH_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.COUNTRYOFBIRTH_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java new file mode 100644 index 000000000..7b4c16a5a --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class CurrentDegreeAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.CURRENTDEGREE_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.CURRENTDEGREE_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.CURRENTDEGREE_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java new file mode 100644 index 000000000..5210676c2 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class CurrentLevelOfStudyAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.CURRENTLEVELOFSTUDY_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.CURRENTLEVELOFSTUDY_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.CURRENTLEVELOFSTUDY_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java new file mode 100644 index 000000000..4b8e6ec29 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java @@ -0,0 +1,49 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.generic.Document; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class CurrentPhotoAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + Object docObj= authData.getGenericData(getName(), Object.class); + + if (docObj instanceof Document) { + return g.buildStringAttribute(Definitions.CURRENTPHOTO_FRIENDLYNAME, getName(), ((Document)docObj).toString()); + + + } else if (docObj instanceof String) { + if (StringUtils.isNotEmpty((String)docObj)) + return g.buildStringAttribute(Definitions.CURRENTPHOTO_FRIENDLYNAME, getName(), (String)docObj); + + } + + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.CURRENTPHOTO_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.CURRENTPHOTO_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java new file mode 100644 index 000000000..4f0a0d2fc --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class DegreeAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.DEGREE_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.DEGREE_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.DEGREE_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java new file mode 100644 index 000000000..8b480914b --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class DegreeAwardingInstituteAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.DEGREEAWARDINGINSTITUTION_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.DEGREEAWARDINGINSTITUTION_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.DEGREEAWARDINGINSTITUTION_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java new file mode 100644 index 000000000..b3b58c9da --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class DegreeCountryAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.DEGREECOUNTRY_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.DEGREECOUNTRY_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.DEGREECOUNTRY_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java new file mode 100644 index 000000000..f37b8ea65 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class EHICIDAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.EHICID_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.EHICID_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.EHICID_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java new file mode 100644 index 000000000..c1dba7eff --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class EMailAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.EMAIL_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.EMAIL_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.EMAIL_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java new file mode 100644 index 000000000..ba486079e --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class FieldOfStudyAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.FIELDOFSTUDY_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.FIELDOFSTUDY_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.FIELDOFSTUDY_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java new file mode 100644 index 000000000..cf1bc4b07 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class GraduationYearAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.GRADUATIONYEAR_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.GRADUATIONYEAR_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.GRADUATIONYEAR_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java new file mode 100644 index 000000000..73ab6fdda --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java @@ -0,0 +1,72 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import java.io.IOException; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException; +import eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddressAttributeValue; + +@eIDASMetadata +public class HomeInstituteAddressAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + Object obj= authData.getGenericData(getName(), Object.class); + + if (obj instanceof PostalAddress) { + try { + return g.buildStringAttribute(Definitions.HOMEINSTITUTIONADDRESS_FRIENDLYNAME, getName(), + new CurrentAddressAttributeValueMarshaller().marshal( + new PostalAddressAttributeValue((PostalAddress) obj))); + + } catch (AttributeValueMarshallingException e) { + Logger.warn("Can NOT build attribute: " + getName(), e); + + } + + } else if (obj instanceof String) { + if (StringUtils.isNotEmpty((String)obj)) { + try { + return g.buildStringAttribute(Definitions.HOMEINSTITUTIONADDRESS_FRIENDLYNAME, getName(), + Base64Utils.encode(((String) obj).getBytes())); + + } catch (IOException e) { + Logger.warn("Can NOT build attribute: " + getName(), e); + + } + + } + + } + + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONADDRESS_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.HOMEINSTITUTIONADDRESS_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java new file mode 100644 index 000000000..4b80b53ca --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class HomeInstituteCountryAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.HOMEINSTITUTIONCOUNTRY_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONCOUNTRY_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.HOMEINSTITUTIONCOUNTRY_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java new file mode 100644 index 000000000..e8c7a9169 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class HomeInstituteIdentifierAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.HOMEINSTITUTIONIDENTIFIER_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONIDENTIFIER_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.HOMEINSTITUTIONIDENTIFIER_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java new file mode 100644 index 000000000..1f72b9a37 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class HomeInstituteNameAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.HOMEINSTITUTIONNAME_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONNAME_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.HOMEINSTITUTIONNAME_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java new file mode 100644 index 000000000..1983c10d1 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java @@ -0,0 +1,49 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import java.text.DateFormat; +import java.text.SimpleDateFormat; +import java.util.Date; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class IdExpireddateAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + Object dateObj= authData.getGenericData(getName(), Object.class); + + if (dateObj instanceof Date) { + DateFormat pvpDateFormat = new SimpleDateFormat(Definitions.DATE_FORMAT_PATTERN); + String dateString = pvpDateFormat.format(dateObj); + return g.buildStringAttribute(Definitions.IDEXPIREDATE_FRIENDLYNAME, getName(), dateString); + + } else if (dateObj instanceof String) { + return g.buildStringAttribute(Definitions.IDEXPIREDATE_FRIENDLYNAME, getName(), (String) dateObj); + + } else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.IDEXPIREDATE_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.IDEXPIREDATE_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java new file mode 100644 index 000000000..7b04069e2 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class IdIssuerAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.IDISSUER_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.IDISSUER_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.IDISSUER_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java new file mode 100644 index 000000000..956caab68 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class IdNumberAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.IDNUMBER_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.IDNUMBER_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.IDNUMBER_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java new file mode 100644 index 000000000..e2aff59e9 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java @@ -0,0 +1,48 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egiz.eid4u.api.attributes.natural.IdType; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class IdTypeAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + Object idTypeObj= authData.getGenericData(getName(), Object.class); + + if (idTypeObj instanceof IdType) + return g.buildStringAttribute(Definitions.IDTYPE_FRIENDLYNAME, getName(), ((IdType)idTypeObj).getValue()); + + else if (idTypeObj instanceof String) { + String idType = (String)idTypeObj; + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.IDTYPE_FRIENDLYNAME, getName(), idType); + } + + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.IDTYPE_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.IDTYPE_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java new file mode 100644 index 000000000..4c88a54c1 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java @@ -0,0 +1,50 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.CertificatesType; +import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.generic.Document; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class LanguageCertificatesAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + Object certObj= authData.getGenericData(getName(), Object.class); + + if (certObj instanceof CertificatesType) { + return g.buildStringAttribute(Definitions.LANGUAGECERTIFICATES_FRIENDLYNAME, getName(), ((CertificatesType)certObj).toString()); + + + } else if (certObj instanceof String) { + if (StringUtils.isNotEmpty((String)certObj)) + return g.buildStringAttribute(Definitions.LANGUAGECERTIFICATES_FRIENDLYNAME, getName(), (String) certObj); + + } + + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.LANGUAGECERTIFICATES_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.LANGUAGECERTIFICATES_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java new file mode 100644 index 000000000..b3c30a8a2 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java @@ -0,0 +1,51 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.CertificatesType; +import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.LanguageLevelType; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class LanguageProficiencyAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + Object certObj= authData.getGenericData(getName(), Object.class); + + if (certObj instanceof LanguageLevelType) { + return g.buildStringAttribute(Definitions.LANGUAGEPROFICIENCY_FRIENDLYNAME, getName(), ((LanguageLevelType)certObj).toString()); + + + } else if (certObj instanceof String) { + if (StringUtils.isNotEmpty((String)certObj)) + + return g.buildStringAttribute(Definitions.LANGUAGEPROFICIENCY_FRIENDLYNAME, getName(), (String) certObj); + + } + + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.LANGUAGEPROFICIENCY_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.LANGUAGEPROFICIENCY_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java new file mode 100644 index 000000000..98410a606 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java @@ -0,0 +1,49 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egiz.eid4u.api.attributes.natural.MaritalState; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class MaritalstateAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + Object valueObj = authData.getGenericData(getName(), Object.class); + + if (valueObj instanceof MaritalState) + return g.buildStringAttribute(Definitions.MARITALSTATE_FRIENDLYNAME, getName(), ((MaritalState)valueObj).getValue()); + + else if (valueObj instanceof String) { + String value = (String)valueObj; + if (StringUtils.isNotEmpty(value)); + return g.buildStringAttribute(Definitions.MARITALSTATE_FRIENDLYNAME, getName(), value); + + } + + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.MARITALSTATE_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.EHICID_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java new file mode 100644 index 000000000..724b2494e --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class NationalityAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.NATIONALITY_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.NATIONALITY_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.NATIONALITY_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java new file mode 100644 index 000000000..51e78bac2 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class PhoneAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.PHONE_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.PHONE_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.PHONE_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java new file mode 100644 index 000000000..9888ce3c0 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class TaxIdentificationNumberAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.TAXIDENTIFICATIONNUMBER_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.TAXIDENTIFICATIONNUMBER_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.TAXIDENTIFICATIONNUMBER_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java new file mode 100644 index 000000000..9a57750cf --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java @@ -0,0 +1,70 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import java.io.IOException; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException; +import eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddressAttributeValue; + +@eIDASMetadata +public class TemporaryAddressAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + Object obj= authData.getGenericData(getName(), Object.class); + + if (obj instanceof PostalAddress) { + try { + return g.buildStringAttribute(Definitions.TEMPORARYADDRESS_FRIENDLYNAME, getName(), + new CurrentAddressAttributeValueMarshaller().marshal( + new PostalAddressAttributeValue((PostalAddress) obj))); + + } catch (AttributeValueMarshallingException e) { + Logger.warn("Can NOT build attribute: " + getName(), e); + + } + + } else if (obj instanceof String) { + if (StringUtils.isNotEmpty((String)obj)) + try { + return g.buildStringAttribute(Definitions.TEMPORARYADDRESS_FRIENDLYNAME, getName(), + Base64Utils.encode(((String) obj).getBytes())); + + } catch (IOException e) { + Logger.warn("Can NOT build attribute: " + getName(), e); + + } + + } + + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.TEMPORARYADDRESS_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.TEMPORARYADDRESS_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java index f6a67db9d..b42d3273f 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java @@ -87,7 +87,9 @@ public class eIDASAuthenticationRequest implements IAction { else throw new MOAIDException("got wrong IRequest type. is: {}, should be: {}", new String[] {req.getClass().toString(), EIDASData.class.toString()}); - + + ProtocolEngineI engine = at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider); + String subjectNameID = null; //gather attributes @@ -129,6 +131,21 @@ public class eIDASAuthenticationRequest implements IAction { Logger.trace("eIDAS requsted attr. update process finished"); } + + + + //TODO: eID4U testcode + //************************************************************************** +// Builder reqAttrWitheID4U = ImmutableAttributeMap.builder(reqAttributeList); +// AttributeDefinition<?> attrDef = +// engine.getProtocolProcessor().getAttributeDefinitionNullable( +// Definitions.IDTYPE_NAME); +// reqAttrWitheID4U.put(AttributeDefinition.builder(attrDef).required(false).build()); +// +// reqAttributeList = reqAttrWitheID4U.build(); + + //************************************************************************** + Logger.trace("Starting eIDAS response generation ...."); @@ -164,9 +181,7 @@ public class eIDASAuthenticationRequest implements IAction { String token = null; IResponseMessage eIDASRespMsg = null; - try { - ProtocolEngineI engine = at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider); - + try { // encryption is done by the SamlEngine, i.e. by the module we provide in the config // but we need to set the appropriate request issuer //engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer()); @@ -247,16 +262,18 @@ public class eIDASAuthenticationRequest implements IAction { } private void buildAndAddAttribute(ImmutableAttributeMap.Builder attrMapBuilder, AttributeDefinition<?> attr, IRequest req, IAuthData authData) throws MOAIDException { - Pair<AttributeDefinition<?>, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute( + Pair<?, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute( attr, req.getServiceProviderConfiguration(), authData); if(eIDASAttr == null) { if (attr.isRequired()) { Logger.info("eIDAS Attr:" + attr.getNameUri() + " is marked as 'Required' but not available."); - throw new MOAIDException("eIDAS.15", new Object[]{attr.getFriendlyName()}); + + //TODO!!!!!!! + //throw new MOAIDException("eIDAS.15", new Object[]{attr.getFriendlyName()}); } else - Logger.info("eIDAS Attr:" + attr.getNameUri() + " is not available."); + Logger.debug("eIDAS Attr:" + attr.getNameUri() + " is not available."); } else { //add attribute to Map diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index 3c11c725d..3a05c47ac 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -1,7 +1,8 @@ at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrDateOfBirth at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrFamilyName at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrGivenName -at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalName +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalPersonIdentifier at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeDateOfBirth at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeFamilyName @@ -9,3 +10,30 @@ at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentat at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalName at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalPersonIdentifier at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdTypeAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdNumberAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdIssuerAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdExpireddateAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EHICIDAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.NationalityAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CititzenshipAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.MaritalstateAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CountryOfBirthAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EMailAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.PhoneAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TemporaryAddressAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentPhotoAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TaxIdentificationNumberAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteNameAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteIdentifierAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteCountryAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteAddressAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentLevelOfStudyAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.FieldOfStudyAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentDegreeAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAwardingInstituteAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.GraduationYearAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeCountryAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageProficiencyAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageCertificatesAttrBuilder
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute index ad87adb6a..2a147e18c 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute @@ -2,9 +2,38 @@ at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrDateOfBirth at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrFamilyName at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrGivenName at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalName +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalPersonIdentifier at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeDateOfBirth at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeFamilyName at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeGivenName at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalName at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalPersonIdentifier -at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier
\ No newline at end of file +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdTypeAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdNumberAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdIssuerAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdExpireddateAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EHICIDAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.NationalityAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CititzenshipAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.MaritalstateAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CountryOfBirthAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EMailAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.PhoneAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TemporaryAddressAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentPhotoAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TaxIdentificationNumberAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteNameAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteIdentifierAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteCountryAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteAddressAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentLevelOfStudyAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.FieldOfStudyAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentDegreeAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAwardingInstituteAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.GraduationYearAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeCountryAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageProficiencyAttrBuilder +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageCertificatesAttrBuilder diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml new file mode 100644 index 000000000..4ab49641f --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml @@ -0,0 +1,74 @@ +<?xml version="1.0" encoding="UTF-8"?> +<pd:ProcessDefinition id="eID4UAttributCollectionAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> + +<!-- + - National authentication with Austrian Citizen Card and mobile signature with our without mandate. + - Legacy authentication for foreign citizens using MOCCA supported signature cards. +--> + <pd:Task id="initializeBKUAuthentication" class="InitializeBKUAuthenticationTask" /> + <pd:Task id="createIdentityLinkForm" class="CreateIdentityLinkFormTask" /> + <pd:Task id="verifyIdentityLink" class="VerifyIdentityLinkTask" async="true" /> + <pd:Task id="verifyAuthBlock" class="VerifyAuthenticationBlockTask" async="true" /> + <pd:Task id="verifyCertificate" class="VerifyCertificateTask" async="true" /> + <pd:Task id="getMISMandate" class="GetMISSessionIDTask" async="true" /> + <pd:Task id="certificateReadRequest" class="CertificateReadRequestTask" /> + <pd:Task id="prepareAuthBlockSignature" class="PrepareAuthBlockSignatureTask" /> + <pd:Task id="prepareGetMISMandate" class="PrepareGetMISMandateTask" /> + <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> + <pd:Task id="getForeignID" class="GetForeignIDTask" async="true" /> + <pd:Task id="userRestrictionTask" class="UserRestrictionTask" /> + <pd:Task id="genericFrontChannelRedirectTask" class="GenericFrontChannelRedirectTask"/> + + <!-- eID4U extensions --> + <pd:Task id="collectAddtionalAttributesTask" class="CollectAddtionalAttributesTask" async="true"/> + <pd:Task id="receiveConsentForAddtionalAttributesTask" class="ReceiveConsentForAddtionalAttributesTask" async="true"/> + + + + + <!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. --> + <pd:StartEvent id="start" /> + + <pd:Transition from="start" to="initializeBKUAuthentication" /> + + <pd:Transition from="initializeBKUAuthentication" to="createIdentityLinkForm" /> + + <pd:Transition from="createIdentityLinkForm" to="verifyIdentityLink" /> + + <pd:Transition from="verifyIdentityLink" to="certificateReadRequest" conditionExpression="!ctx['identityLinkAvailable'] || ctx['useMandate']" /> + <pd:Transition from="verifyIdentityLink" to="prepareAuthBlockSignature" /> + + <pd:Transition from="prepareAuthBlockSignature" to="verifyAuthBlock" /> + <!-- Note: verifyAuthBlock still creates a MIS session and redirects the user to the MIS gui. This should be separated from the auth block verification. --> + + <pd:Transition from="certificateReadRequest" to="verifyCertificate" /> + <!-- Note: verifyCertificate still creates the auth block to be signed which should be separated from certificat verification. --> + + <pd:Transition from="verifyCertificate" to="verifyAuthBlock" conditionExpression="ctx['useMandate']" /> + <pd:Transition from="verifyCertificate" to="getForeignID" /> + + <pd:Transition from="verifyAuthBlock" to="prepareGetMISMandate" conditionExpression="ctx['useMandate']" /> + <pd:Transition from="verifyAuthBlock" to="userRestrictionTask" /> + + <pd:Transition from="prepareGetMISMandate" to="getMISMandate" /> + + <pd:Transition from="getMISMandate" to="userRestrictionTask" /> + <pd:Transition from="getForeignID" to="userRestrictionTask" /> + + + <pd:Transition from="userRestrictionTask" to="genericFrontChannelRedirectTask" /> + + <!-- eID4U tasks for attribute collection --> + <pd:Transition from="genericFrontChannelRedirectTask" to="collectAddtionalAttributesTask" /> + + <pd:Transition from="collectAddtionalAttributesTask" to="receiveConsentForAddtionalAttributesTask" conditionExpression="ctx['collecteID4UAttr']" /> + <pd:Transition from="collectAddtionalAttributesTask" to="finalizeAuthentication" conditionExpression="!ctx['collecteID4UAttr']" /> + + <pd:Transition from="receiveConsentForAddtionalAttributesTask" to="finalizeAuthentication" /> + + + <pd:Transition from="finalizeAuthentication" to="end" /> + + <pd:EndEvent id="end" /> + +</pd:ProcessDefinition> diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml index 20395f210..da4a2a95b 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml @@ -9,9 +9,17 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + <bean id="eID4UAuthProcessImpl" + class="at.gv.egovernment.moa.id.auth.modules.eidas.AustrianAuthWitheID4UAuthenticationModulImpl"> + <property name="priority" value="1" /> + </bean> + <bean id="eIDASSignalServlet" class="at.gv.egovernment.moa.id.auth.modules.eidas.eIDASSignalServlet"/> + <bean id="eID4UAPSignalServlet" + class="at.gv.egovernment.moa.id.auth.modules.eidas.eID4UAPSignalServlet"/> + <bean id="EIDASProtocol" class="at.gv.egovernment.moa.id.protocols.eidas.EIDASProtocol"/> @@ -30,5 +38,14 @@ <bean id="CreateIdentityLinkTask" class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.CreateIdentityLinkTask" scope="prototype"/> + + <bean id="CollectAddtionalAttributesTask" + class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.CollectAddtionalAttributesTask" + scope="prototype"/> + + <bean id="ReceiveConsentForAddtionalAttributesTask" + class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.ReceiveConsentForAddtionalAttributesTask" + scope="prototype"/> + </beans>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/eID4U_TUG_scopes.map b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/eID4U_TUG_scopes.map new file mode 100644 index 000000000..6a8a28dd4 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/eID4U_TUG_scopes.map @@ -0,0 +1,27 @@ +ANY@tugraz.idm.attr.Citizenship=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/Citizenship +ANY@tugraz.idm.attr.CityOfBirth=http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth +ANY@tugraz.idm.attr.CountryOfBirth=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/CountryOfBirth +ANY@tugraz.idm.attr.CurrentDegreeName=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/CurrentDegree +ANY@tugraz.idm.attr.CurrentFieldOfStudy=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/FieldOfStudy +ANY@tugraz.idm.attr.CurrentLevelOfStudy=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/CurrentLevelOfStudy +ANY@tugraz.idm.attr.EmailStud=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/Email +ANY@tugraz.idm.attr.Gender=http://eidas.europa.eu/attributes/naturalperson/Gender +ANY@tugraz.idm.attr.HomeInstitutionName=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Name +ANY@tugraz.idm.attr.HomeInstitutionCountry=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Country + + +ANY@tugraz.idm.attr.HomeInstitutionAddressCountryCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address +ANY@tugraz.idm.attr.HomeInstitutionAddressPostalCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address +ANY@tugraz.idm.attr.HomeInstitutionAddressStreet=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address +ANY@tugraz.idm.attr.HomrInstitutionAddressCity=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address + + +ANY@tugraz.idm.attr.PermanentAddressCity=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress +ANY@tugraz.idm.attr.PermanentAddressCountryCode=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress +ANY@tugraz.idm.attr.PermanentAddressPostalCode=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress +ANY@tugraz.idm.attr.PermanentAddressStreet=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress + +ANY@tugraz.idm.attr.StudyAddressCity=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress +ANY@tugraz.idm.attr.StudyAddressCountryCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress +ANY@tugraz.idm.attr.StudyAddressPostalCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress +ANY@tugraz.idm.attr.StudyAddressStreet=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java b/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java new file mode 100644 index 000000000..0daa90b40 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java @@ -0,0 +1,253 @@ +package test.at.gv.egovernment.moa.id.modules.eidas.eid4u; + +import java.io.UnsupportedEncodingException; +import java.util.Base64; +import java.util.Map; + +import org.junit.Assert; +import org.junit.Test; + +import com.google.gson.JsonElement; +import com.google.gson.JsonParseException; +import com.google.gson.JsonParser; + +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; + + +public class AttributeScopeMapperTest { + + private static final String TUG_AP_RESPONSE_B64 = "ewogICAiQU5ZQHR1Z3Jhei5pZG0uYXR0ci5Db3VudHJ5T2ZCaXJ0aCI6IiIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkN1cnJlbnREZWdyZWVOYW1lIjoiRHIudGVjaG4uIiwKICAgIkFOWUB0dWdyYXouaWRtLmF0dHIuQ3VycmVudEZpZWxkT2ZTdHVkeSI6IjA2ODg7OTk5OSIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkN1cnJlbnRMZXZlbE9mU3R1ZHkiOiI4IiwKICAgIkFOWUB0dWdyYXouaWRtLmF0dHIuRW1haWxTdHVkIjoidC5rZXJuQHN0dWRlbnQudHVncmF6LmF0IiwKICAgIkFOWUB0dWdyYXouaWRtLmF0dHIuSG9tZUluc3RpdHV0aW9uQWRkcmVzc0NvdW50cnlDb2RlIjoiQVQiLAogICAiQU5ZQHR1Z3Jhei5pZG0uYXR0ci5Ib21lSW5zdGl0dXRpb25BZGRyZXNzUG9zdGFsQ29kZSI6IjgwMTAiLAogICAiQU5ZQHR1Z3Jhei5pZG0uYXR0ci5Ib21lSW5zdGl0dXRpb25BZGRyZXNzU3RyZWV0IjoiUmVjaGJhdWVyc3RyYcOfZSAxMiIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkhvbWVJbnN0aXR1dGlvbkNvdW50cnkiOiJBVCIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkhvbWVJbnN0aXR1dGlvbk5hbWUiOiJHcmF6IFVuaXZlcnNpdHkgT2YgVGVjaG5vbG9neSIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkhvbWVJbnN0aXR1dGlvbkFkZHJlc3NDaXR5IjoiR3JheiIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLlN0dWR5QWRkcmVzc0NpdHkiOiJGcm9obmxlaXRlbiIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLlN0dWR5QWRkcmVzc1Bvc3RhbENvZGUiOiI4MTMwIiwKICAgIkFOWUB0dWdyYXouaWRtLmF0dHIuU3R1ZHlBZGRyZXNzQ291bnRyeUNvZGUiOiJBVCIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLlN0dWR5QWRkcmVzc1N0cmVldCI6IkvDvGhhdSAyMiIKfQ=="; + + private AttributeScopeMapper mapper = null; + + @Test + public void dummyTest() throws Exception { + + + } + + @Test + public void checkTugApResponseMapping() throws JsonParseException, UnsupportedEncodingException { + JsonElement fullAttrSet = new JsonParser().parse(new String( + Base64.getDecoder().decode(TUG_AP_RESPONSE_B64.getBytes()), "UTF-8")); + + Map<String, Object> result = getMapper().populateEid4uAttributesFromTugResponse(fullAttrSet.getAsJsonObject()); + + Assert.assertTrue("eID4u attribte-table is EMPTY after mapping", !result.isEmpty()); + + Assert.assertTrue(result.containsKey(Definitions.COUNTRYOFBIRTH_NAME)); + Assert.assertEquals("", result.get(Definitions.COUNTRYOFBIRTH_NAME)); + + Assert.assertTrue(result.containsKey(Definitions.CURRENTDEGREE_NAME)); + Assert.assertEquals("Dr.techn.", result.get(Definitions.CURRENTDEGREE_NAME)); + + Assert.assertTrue(result.containsKey(Definitions.FIELDOFSTUDY_NAME)); + Assert.assertEquals("0688;9999", result.get(Definitions.FIELDOFSTUDY_NAME)); + + Assert.assertTrue(result.containsKey(Definitions.CURRENTLEVELOFSTUDY_NAME)); + Assert.assertEquals("8", result.get(Definitions.CURRENTLEVELOFSTUDY_NAME)); + + Assert.assertTrue(result.containsKey(Definitions.EMAIL_NAME)); + Assert.assertEquals("t.kern@student.tugraz.at", result.get(Definitions.EMAIL_NAME)); + + Assert.assertTrue(result.containsKey(Definitions.HOMEINSTITUTIONNAME_NAME)); + Assert.assertEquals("Graz University Of Technology", result.get(Definitions.HOMEINSTITUTIONNAME_NAME)); + + Assert.assertTrue(result.containsKey(Definitions.HOMEINSTITUTIONCOUNTRY_NAME)); + Assert.assertEquals("AT", result.get(Definitions.HOMEINSTITUTIONCOUNTRY_NAME)); + + Assert.assertTrue(result.containsKey(Definitions.HOMEINSTITUTIONADDRESS_NAME)); + checkComplexeAddress( + result.get(Definitions.HOMEINSTITUTIONADDRESS_NAME), + "AT", + "8010", + "Rechbauerstraße 12", + "Graz"); + + Assert.assertTrue(result.containsKey(Definitions.TEMPORARYADDRESS_NAME)); + checkComplexeAddress( + result.get(Definitions.TEMPORARYADDRESS_NAME), + "AT", + "8130", + "Kühau 22", + "Frohnleiten"); + + } + + private void checkComplexeAddress(Object toCheck, String cc, String postalCode, String Street, String city) { + Assert.assertNotNull(toCheck); + Assert.assertTrue(toCheck instanceof PostalAddress); + + PostalAddress addr = (PostalAddress)toCheck; + Assert.assertEquals(postalCode, addr.getPostCode()); + Assert.assertEquals(Street, addr.getCvAddressArea()); + Assert.assertEquals(Street, addr.getThoroughfare()); + Assert.assertEquals(city, addr.getPostName()); + + } + + @Test + public void checkCitizenship() throws Exception { + checkBasicMappingInitialization(Definitions.CITIZENSHIP_NAME, AttributeScopeMapper.Citizenship, false); + + } + + @Test + public void checkCityOfBirth() throws Exception { + checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PLACE_OF_BIRTH.getNameUri().toString(), AttributeScopeMapper.CityOfBirth, false); + + } + + @Test + public void checkCountryOfBirth() throws Exception { + checkBasicMappingInitialization(Definitions.COUNTRYOFBIRTH_NAME, AttributeScopeMapper.CountryOfBirth, false); + + } + + @Test + public void checkCurrentDegreeName() throws Exception { + checkBasicMappingInitialization(Definitions.CURRENTDEGREE_NAME, AttributeScopeMapper.CurrentDegreeName, false); + + } + + @Test + public void checkCurrentFieldOfStudy() throws Exception { + checkBasicMappingInitialization(Definitions.FIELDOFSTUDY_NAME, AttributeScopeMapper.CurrentFieldOfStudy, false); + } + + @Test + public void checkCurrentLevelOfStudy() throws Exception { + checkBasicMappingInitialization(Definitions.CURRENTLEVELOFSTUDY_NAME, AttributeScopeMapper.CurrentLevelOfStudy, false); + + } + + @Test + public void checkEmailStud() throws Exception { + checkBasicMappingInitialization(Definitions.EMAIL_NAME, AttributeScopeMapper.EmailStud, false); + + } + + @Test + public void checkGender() throws Exception { + checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.GENDER.getNameUri().toString(), AttributeScopeMapper.Gender, false); + + } + + @Test + public void checkHomeInstitutionName() throws Exception { + checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONNAME_NAME, AttributeScopeMapper.HomeInstitutionName, false); + + } + + @Test + public void checkHomeInstitutionCountry() throws Exception { + checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONCOUNTRY_NAME, AttributeScopeMapper.HomeInstitutionCountry, false); + + } + + @Test + public void checkHomeInstitutionAddressCountryCode() throws Exception { + checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONADDRESS_NAME, AttributeScopeMapper.HomeInstitutionAddressCountryCode, true); + + } + + @Test + public void checkHomeInstitutionAddressPostalCode() throws Exception { + checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONADDRESS_NAME, AttributeScopeMapper.HomeInstitutionAddressPostalCode, true); + + } + + @Test + public void checkHomeInstitutionAddressStreet() throws Exception { + checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONADDRESS_NAME, AttributeScopeMapper.HomeInstitutionAddressStreet, true); + + } + + @Test + public void checkHomeInstitutionAddressCity() throws Exception { + checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONADDRESS_NAME, AttributeScopeMapper.HomeInstitutionAddressCity, true); + + } + + @Test + public void checkPermanentAddressCity() throws Exception { + checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), AttributeScopeMapper.PermanentAddressCity, true); + + } + + @Test + public void checkPermanentAddressCountryCode() throws Exception { + checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), AttributeScopeMapper.PermanentAddressCountryCode, true); + + } + + @Test + public void checkPermanentAddressPostalCode() throws Exception { + checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), AttributeScopeMapper.PermanentAddressPostalCode, true); + + } + + @Test + public void checkPermanentAddressStreet() throws Exception { + checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), AttributeScopeMapper.PermanentAddressStreet, true); + + } + + @Test + public void checkStudyAddressCity() throws Exception { + checkBasicMappingInitialization(Definitions.TEMPORARYADDRESS_NAME, AttributeScopeMapper.StudyAddressCity, true); + + } + + @Test + public void checkStudyAddressCountryCode() throws Exception { + checkBasicMappingInitialization(Definitions.TEMPORARYADDRESS_NAME, AttributeScopeMapper.StudyAddressCountryCode, true); + + } + + @Test + public void checkStudyAddressPostalCode() throws Exception { + checkBasicMappingInitialization(Definitions.TEMPORARYADDRESS_NAME, AttributeScopeMapper.StudyAddressPostalCode, true); + + } + + @Test + public void checkStudyAddressStreet() throws Exception { + checkBasicMappingInitialization(Definitions.TEMPORARYADDRESS_NAME, AttributeScopeMapper.StudyAddressStreet, true); + + } + + private void checkBasicMappingInitialization(String eid4Uattr, String scope, boolean isComplexe) { + Assert.assertTrue((getMapper().isComplexeScope(scope) == isComplexe)); + + String eid4UattrRes = getMapper().geteIDASAttrFromScope(scope); + Assert.assertEquals(eid4Uattr, eid4UattrRes); + + String scopeRes = getMapper().getTUGScopesForAttribute(eid4Uattr); + if (isComplexe) { + Assert.assertNotNull(scopeRes); + Assert.assertTrue(scopeRes.contains(scope)); + + } else + Assert.assertEquals(scope, scopeRes); + + } + + private void checkAddress() { + + + } + + private AttributeScopeMapper getMapper() { + if (mapper == null) + mapper = AttributeScopeMapper.getInstance(); + + return mapper; + } + + + + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/test/resources/SpringTest-context.xml b/id/server/modules/moa-id-module-eIDAS/src/test/resources/SpringTest-context.xml new file mode 100644 index 000000000..7af79d60c --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/test/resources/SpringTest-context.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + +</beans> diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java index e8cfae10a..7bb98c719 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java @@ -322,7 +322,9 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMetadataProvider try { //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( - PVPConstants.SSLSOCKETFACTORYNAME, + PVPConstants.SSLSOCKETFACTORYNAME, + moaAuthConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), moaAuthConfig.getTrustedCACertificates(), null, AuthConfiguration.DEFAULT_X509_CHAININGMODE, diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java index b0736ff2e..cc987bfe7 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java @@ -56,7 +56,8 @@ public final class OAuth20Constants { public static final String PARAM_SCOPE = "scope"; public static final String PARAM_MOA_MOD = "mod"; public static final String PARAM_MOA_ACTION = "action"; - + public static final String PARAM_OPENID_CODE = "openid_code"; + // reponse parameters public static final String RESPONSE_CODE = "code"; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java index 19fdb3fee..9779b0cf4 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java @@ -44,16 +44,20 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType; import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; +import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate; +import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBirthDateAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonFamilyNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonGivenNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder; @@ -95,8 +99,9 @@ public final class OAuth20AttributeBuilder { private static final List<IAttributeBuilder> buildersProfile = new ArrayList<IAttributeBuilder>(); private static final List<IAttributeBuilder> buildersEID = new ArrayList<IAttributeBuilder>(); private static final List<IAttributeBuilder> buildersEIDGov = new ArrayList<IAttributeBuilder>(); - private static final List<IAttributeBuilder> buildersMandate = new ArrayList<IAttributeBuilder>(); - private static final List<IAttributeBuilder> buildersSTORK = new ArrayList<IAttributeBuilder>(); + private static final List<IAttributeBuilder> buildersMandate = new ArrayList<IAttributeBuilder>(); + @Deprecated private static final List<IAttributeBuilder> buildersSTORK = new ArrayList<IAttributeBuilder>(); + static { // openId buildersOpenId.add(new OpenIdIssuerAttribute()); @@ -120,11 +125,14 @@ public final class OAuth20AttributeBuilder { buildersEID.add(new EIDAuthBlock()); buildersEID.add(new EIDSignerCertificate()); buildersEID.add(new BPKAttributeBuilder()); + buildersEID.add(new BPKListAttributeBuilder()); + buildersEID.add(new EncryptedBPKAttributeBuilder()); // eID_gov buildersEIDGov.add(new EIDSourcePIN()); buildersEIDGov.add(new EIDSourcePINType()); buildersEIDGov.add(new EIDIdentityLinkBuilder()); + buildersEIDGov.add(new BPKListAttributeBuilder()); // mandate buildersMandate.add(new MandateTypeAttributeBuilder()); @@ -133,6 +141,8 @@ public final class OAuth20AttributeBuilder { buildersMandate.add(new MandateNaturalPersonSourcePinAttributeBuilder()); buildersMandate.add(new MandateNaturalPersonSourcePinTypeAttributeBuilder()); buildersMandate.add(new MandateNaturalPersonBPKAttributeBuilder()); + buildersMandate.add(new MandateNaturalPersonBPKListAttributeBuilder()); + buildersMandate.add(new MandateNaturalPersonEncBPKListAttributeBuilder()); buildersMandate.add(new MandateNaturalPersonFamilyNameAttributeBuilder()); buildersMandate.add(new MandateNaturalPersonGivenNameAttributeBuilder()); buildersMandate.add(new MandateNaturalPersonBirthDateAttributeBuilder()); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index b00675e7c..3b300c824 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -58,7 +58,7 @@ import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner; import at.gv.egovernment.moa.logging.Logger; @Service("OAuth20AuthAction") -class OAuth20AuthAction implements IAction { +public class OAuth20AuthAction implements IAction { @Autowired protected IRevisionLogger revisionsLogger; @Autowired protected ITransactionStorage transactionStorage; @@ -131,7 +131,7 @@ class OAuth20AuthAction implements IAction { } - private Map<String, Object> generateIDToken(OAuth20SessionObject auth20SessionObject, + public Map<String, Object> generateIDToken(OAuth20SessionObject auth20SessionObject, OAuth20AuthRequest oAuthRequest, IAuthData authData, String accessToken) throws SignatureException, MOAIDException { // create response diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index 0350a113c..4dc99262e 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -24,19 +24,20 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; import javax.servlet.http.HttpServletRequest; +import org.apache.commons.lang.StringUtils; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; import at.gv.egovernment.moa.logging.Logger; @@ -160,7 +161,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { } @Override - protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception { + protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig, ISPConfiguration oAuthConfig) throws OAuth20Exception { this.setResponseType(this.getParam(request, OAuth20Constants.PARAM_RESPONSE_TYPE, true)); this.setState(this.getParam(request, OAuth20Constants.PARAM_STATE, true)); this.setRedirectUri(this.getParam(request, OAuth20Constants.PARAM_REDIRECT_URI, true)); @@ -178,25 +179,23 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_STATE); } - // check if client id and redirect uri are ok - try { - // OAOAUTH20 cannot be null at this point. check was done in base request - ISPConfiguration oAuthConfig = authConfig.getServiceProviderConfiguration(this.getSPEntityId()); - - - if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) - || !this.getRedirectUri().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) { - throw new OAuth20AccessDeniedException(); - } - - this.setOnlineApplicationConfiguration(oAuthConfig); - Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID); + // OAOAUTH20 cannot be null at this point. check was done in base request + if (StringUtils.isEmpty(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET)) + || StringUtils.isEmpty(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) + || StringUtils.isEmpty(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) { + throw new OAuth20OANotSupportedException(); + } + + if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) + || !this.getRedirectUri().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) { + throw new OAuth20AccessDeniedException(); - } catch (EAAFConfigurationException e) { - throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } + this.setOnlineApplicationConfiguration(oAuthConfig); + Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID); + } // /* (non-Javadoc) diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java index 118de861c..9cceea7d5 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java @@ -35,10 +35,8 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; -import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; -import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -77,21 +75,17 @@ abstract class OAuth20BaseRequest extends RequestImpl { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } - if (StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET)) - || StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) - || StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) { - throw new OAuth20OANotSupportedException(); - } + // oAuth + this.populateSpecialParameters(request, authConfig, oaParam); + + // cleanup parameters + this.checkAllowedParameters(request); + } catch (EAAFConfigurationException e) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } - - // oAuth - this.populateSpecialParameters(request, authConfig); - - // cleanup parameters - this.checkAllowedParameters(request); + } private void checkAllowedParameters(final HttpServletRequest request) throws OAuth20WrongParameterException { @@ -112,6 +106,6 @@ abstract class OAuth20BaseRequest extends RequestImpl { } - protected abstract void populateSpecialParameters(final HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception; + protected abstract void populateSpecialParameters(final HttpServletRequest request, IConfiguration authConfig, ISPConfiguration oaParam) throws OAuth20Exception; } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 9f4174bf0..0952ba0a6 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -11,6 +11,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @@ -21,10 +22,12 @@ import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IModulInfo; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; @@ -47,7 +50,9 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, PVPConstants.BPK_NAME }); - + + @Autowired(required=true) AuthConfiguration moaAuthConfig; + public String getName() { return NAME; } @@ -68,12 +73,12 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme //OpenID Connect auth request @RequestMapping(value = "/oauth2/auth", method = {RequestMethod.POST, RequestMethod.GET}) - public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException { -// if (!authConfig.getAllowedProtocols().isOAUTHActive()) { -// Logger.info("OpenID-Connect is deaktivated!"); -// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); -// -// } + public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException, IOException { + if (!moaAuthConfig.getAllowedProtocols().isOAUTHActive()) { + Logger.info("OpenID-Connect is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); + + } OAuth20AuthRequest pendingReq = applicationContext.getBean(OAuth20AuthRequest.class); try { @@ -102,12 +107,12 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme //openID Connect tokken request @RequestMapping(value = "/oauth2/token", method = {RequestMethod.POST, RequestMethod.GET}) - public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException { -// if (!authConfig.getAllowedProtocols().isOAUTHActive()) { -// Logger.info("OpenID-Connect is deaktivated!"); -// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); -// -// } + public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException, IOException, InvalidProtocolRequestException { + if (!moaAuthConfig.getAllowedProtocols().isOAUTHActive()) { + Logger.info("OpenID-Connect is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); + + } OAuth20TokenRequest pendingReq = applicationContext.getBean(OAuth20TokenRequest.class); try { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java index 89e4252b1..9a3613ea1 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java @@ -24,20 +24,20 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; import javax.servlet.http.HttpServletRequest; +import org.apache.commons.lang.StringUtils; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidGrantException; -import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException; import at.gv.egovernment.moa.logging.Logger; @Component("OAuth20TokenRequest") @@ -125,7 +125,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { } @Override - protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception { + protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig, ISPConfiguration oaParam) throws OAuth20Exception { this.setCode(this.getParam(request, OAuth20Constants.RESPONSE_CODE, true)); this.setGrantType(this.getParam(request, OAuth20Constants.PARAM_GRANT_TYPE, true)); this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true)); @@ -136,26 +136,21 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { throw new OAuth20InvalidGrantException(); } - // check if client id and secret are ok - try { - // OAOAUTH20 cannot be null at this point. check was done in base request - ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(this.getSPEntityId()); - - if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) { - throw new OAuth20AccessDeniedException(); - } - - if (!this.getClientSecret().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))) { - throw new OAuth20AccessDeniedException(); - } - - this.setOnlineApplicationConfiguration(oaParam); - + // OAOAUTH20 cannot be null at this point. check was done in base request + if (StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET)) + || StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) + throw new OAuth20OANotSupportedException(); + + if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) { + throw new OAuth20AccessDeniedException(); } - catch (EAAFConfigurationException e) { - throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); + + if (!this.getClientSecret().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))) { + throw new OAuth20AccessDeniedException(); } + this.setOnlineApplicationConfiguration(oaParam); + Logger.info("Dispatch OpenIDConnect TokenRequest: ClientID=" + this.clientID); //add valid parameters diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java index 87e9e933d..a8c4a941e 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java @@ -55,6 +55,7 @@ public class SL20SignalServlet extends AbstractProcessEngineSignalController { }, method = {RequestMethod.POST, RequestMethod.GET}) public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + Logger.trace("Receive req. on SL2.0 servlet with pendingReqId ... "); signalProcessManagement(req, resp); } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java index 6811d1016..0c97641c7 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java @@ -77,15 +77,20 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask { //validate eID data QualifiedeIDVerifier.verifyIdentityLink(idl, pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class), - (AuthConfiguration) authConfig); + (AuthConfiguration) authConfig); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED); + + //validate AuthBlock authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock( authBlockB64, pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class), (AuthConfiguration) authConfig); - + QualifiedeIDVerifier.checkConsistencyOfeIDData(sl20ReqId, idl, authBlockExtractor, authBlockVerificationResult); - + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED); + + //TODO: add LoA verification } catch (MOAIDException e) { @@ -97,24 +102,21 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask { throw e; } - - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED); - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED); - - - + //add into session AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); moasession.setIdentityLink(idl); moasession.setBkuURL(ccsURL); - //TODO: from AuthBlock - if (authBlockVerificationResult != null) + moasession.setQAALevel(LoA); + + if (authBlockVerificationResult != null) { moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(authBlockVerificationResult.getSigningDateTime())); - else + moasession.setSignerCertificate(authBlockVerificationResult.getX509certificate()); + + } else moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar.getInstance())); - moasession.setQAALevel(LoA); - + //store pending request requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java index 69e3e7995..0d6086118 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java @@ -323,4 +323,10 @@ public class DummyOA implements IOAAuthParameters { return false; } + @Override + public List<String> additionalbPKSectorsRequested() { + // TODO Auto-generated method stub + return null; + } + } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java index 044366eb6..e7280f847 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -29,6 +29,7 @@ import java.util.List; import org.w3c.dom.Element; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; @@ -197,7 +198,7 @@ public class SSOTransferAuthenticationData implements IMOAAuthData { * @see at.gv.egovernment.moa.id.data.IAuthData#getEncbPKList() */ @Override - public List<String> getEncbPKList() { + public List<Pair<String, String>> getEncbPKList() { // TODO Auto-generated method stub return null; } @@ -374,5 +375,23 @@ public class SSOTransferAuthenticationData implements IMOAAuthData { return false; } + @Override + public List<Pair<String, String>> getAdditionalbPKs() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isIseIDNewDemoMode() { + // TODO Auto-generated method stub + return false; + } + + @Override + public List<Pair<String, String>> getEncMandateNaturalPersonbPKList() { + // TODO Auto-generated method stub + return null; + } + } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java index c9bccb708..9e7a4fe8c 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java @@ -482,4 +482,10 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters { return null; } + @Override + public List<String> additionalbPKSectorsRequested() { + // TODO Auto-generated method stub + return null; + } + } diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml index 8b232cf29..3a401d80e 100644 --- a/id/server/modules/moa-id-modules-saml1/pom.xml +++ b/id/server/modules/moa-id-modules-saml1/pom.xml @@ -38,10 +38,10 @@ <!-- Only for development to use SAML1 protocol SAML1 is removed from official OPB release --> - <dependency> +<!-- <dependency> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-module-eIDAS</artifactId> - </dependency> + </dependency> --> <!-- <dependency> <groupId>MOA</groupId> @@ -62,10 +62,10 @@ <artifactId>moa-id-modul-citizencard_authentication</artifactId> </dependency> - <dependency> +<!-- <dependency> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-module-eIDAS</artifactId> - </dependency> + </dependency> --> <dependency> <groupId>junit</groupId> diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index c8f01f67d..64a4bae63 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -48,6 +48,7 @@ import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.data.Pair; @@ -71,7 +72,13 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.data.MOAAuthenticationData; +import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -338,7 +345,92 @@ public class SAML1AuthenticationServer extends AuthenticationServer { ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); } - + + //add additional bPKs and foreign bPKs in case of Austrian eID demo-mode + if (Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, + String.valueOf(false)))) { + Logger.info("Demo-mode for 'New Austrian eID' is active. Add additonal attributes ... "); + + if (oaAttributes == null) + oaAttributes = new ArrayList<ExtendedSAMLAttribute>(); + + try { + String additionalBpks = new BPKListAttributeBuilder().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + if (MiscUtil.isNotEmpty(additionalBpks)) { + Logger.trace("Adding additional bPKs: " + additionalBpks + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.BPK_LIST_FRIENDLY_NAME, additionalBpks, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + } catch (AttributeBuilderException e) { + Logger.info("Can NOT build additional bPKs. Reason: " + e.getMessage()); + + } + + try { + String encryptedBpks = new EncryptedBPKAttributeBuilder().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + if (MiscUtil.isNotEmpty(encryptedBpks)) { + Logger.trace("Adding foreign bPKs: " + encryptedBpks + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME, encryptedBpks, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + } catch (AttributeBuilderException e) { + Logger.info("Can NOT build additional foreign bPKs. Reason: " + e.getMessage()); + + } + + //for mandates + try { + String additionalMandatorBpks = new MandateNaturalPersonBPKListAttributeBuilder().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + if (MiscUtil.isNotEmpty(additionalMandatorBpks)) { + Logger.trace("Adding additional Mandator bPKs: " + additionalMandatorBpks + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, additionalMandatorBpks, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + } catch (AttributeBuilderException e) { + Logger.info("Can NOT build additional Mandator bPKs. Reason: " + e.getMessage()); + + } + + try { + String encryptedMandatorBpks = new MandateNaturalPersonEncBPKListAttributeBuilder().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + if (MiscUtil.isNotEmpty(encryptedMandatorBpks)) { + Logger.trace("Adding foreign Mandator bPKs: " + encryptedMandatorBpks + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, encryptedMandatorBpks, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + } catch (AttributeBuilderException e) { + Logger.info("Can NOT build foreign Mandator bPKs. Reason: " + e.getMessage()); + + } + + } + String samlAssertion = null; //add mandate info's if (authData.isUseMandate()) { diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 30d740a2a..20c66d7a2 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -41,11 +41,13 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; @@ -90,6 +92,8 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement PVPConstants.EID_SOURCE_PIN_TYPE_NAME }); + @Autowired(required=true) AuthConfiguration moaAuthConfig; + public String getName() { return NAME; } @@ -102,11 +106,11 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement @RequestMapping(value = "/StartAuthentication", method = {RequestMethod.POST, RequestMethod.GET}) public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { -// if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) { -// Logger.info("SAML1 is deaktivated!"); -// throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" }); -// -// } + if (!moaAuthConfig.getAllowedProtocols().isSAML1Active()) { + Logger.info("SAML1 is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" }); + + } SAML1RequestImpl pendingReq = applicationContext.getBean(SAML1RequestImpl.class); pendingReq.initialize(req, authConfig); diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index 06c9a341a..a86090178 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -65,4 +65,4 @@ </dependency> </dependencies> -</project>
\ No newline at end of file +</project> |