aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules')
-rw-r--r--id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java4
-rw-r--r--id/server/modules/moa-id-module-eIDAS/.gitignore1
-rw-r--r--id/server/modules/moa-id-module-eIDAS/pom.xml62
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java94
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java61
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java25
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java239
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java14
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java4
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java32
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java181
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java5
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java238
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java42
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java11
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java68
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java5
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java3
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java3
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java1
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java5
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java5
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java2
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java3
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java49
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java72
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java49
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java48
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java50
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java51
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java49
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java70
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java31
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder30
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute31
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml74
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml17
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/eID4U_TUG_scopes.map27
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java253
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/test/resources/SpringTest-context.xml12
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java4
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java3
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java14
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java4
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java33
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java22
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java31
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java35
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java1
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java30
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java6
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java21
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java6
-rw-r--r--id/server/modules/moa-id-modules-saml1/pom.xml8
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java94
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java14
-rw-r--r--id/server/modules/pom.xml2
76 files changed, 2903 insertions, 225 deletions
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java
index 5cee90658..cd3f1f788 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java
@@ -322,7 +322,9 @@ public class EidasCentralAuthMetadataProvider extends SimpleMetadataProvider
try {
//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
- PVPConstants.SSLSOCKETFACTORYNAME,
+ PVPConstants.SSLSOCKETFACTORYNAME,
+ moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
moaAuthConfig.getTrustedCACertificates(),
null,
AuthConfiguration.DEFAULT_X509_CHAININGMODE,
diff --git a/id/server/modules/moa-id-module-eIDAS/.gitignore b/id/server/modules/moa-id-module-eIDAS/.gitignore
new file mode 100644
index 000000000..b83d22266
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/.gitignore
@@ -0,0 +1 @@
+/target/
diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml
index cf3325d24..5f4192645 100644
--- a/id/server/modules/moa-id-module-eIDAS/pom.xml
+++ b/id/server/modules/moa-id-module-eIDAS/pom.xml
@@ -12,11 +12,13 @@
<properties>
<repositoryPath>${basedir}/../../../../repository</repositoryPath>
- <eidas-commons.version>1.4.0</eidas-commons.version>
- <eidas-light-commons.version>1.4.0</eidas-light-commons.version>
- <eidas-saml-engine.version>1.4.0</eidas-saml-engine.version>
- <eidas-encryption.version>1.4.0</eidas-encryption.version>
- <eidas-configmodule.version>1.4.0</eidas-configmodule.version>
+ <eidas-commons.version>1.4.3</eidas-commons.version>
+ <eidas-light-commons.version>1.4.3</eidas-light-commons.version>
+ <eidas-saml-engine.version>1.4.3</eidas-saml-engine.version>
+ <eidas-encryption.version>1.4.3</eidas-encryption.version>
+ <eidas-configmodule.version>1.4.3</eidas-configmodule.version>
+
+ <eID4U.module.version>0.2</eID4U.module.version>
</properties>
@@ -48,18 +50,48 @@
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-lib</artifactId>
</dependency>
+
+ <dependency>
+ <groupId>MOA.id.server.modules</groupId>
+ <artifactId>moa-id-modul-citizencard_authentication</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>*</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>MOA.id.server.modules</groupId>
+ <artifactId>moa-id-module-openID</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>*</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
<dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-test</artifactId>
- <scope>test</scope>
- </dependency>
-
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>test</scope>
- </dependency>
+ <groupId>eu.eidas.extension.eID4U</groupId>
+ <artifactId>eID4U_commons</artifactId>
+ <version>${eID4U.module.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.google.code.findbugs</groupId>
+ <artifactId>jsr305</artifactId>
+ <version>3.0.1</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
<!-- eidas Commons -->
<dependency>
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java
new file mode 100644
index 000000000..d3aa7b4a0
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequestStorage;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl;
+import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AustrianAuthWitheID4UAuthenticationModulImpl extends DefaultCitizenCardAuthModuleImpl {
+
+ private int priority = 1;
+
+ @Autowired private IRequestStorage requestStore;
+
+
+ @Override
+ public int getPriority() {
+ return priority;
+ }
+
+ /**
+ * Sets the priority of this module. Default value is {@code 0}.
+ * @param priority The priority.
+ */
+ public void setPriority(int priority) {
+ this.priority = priority;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
+ */
+ @Override
+ public String selectProcess(ExecutionContext context) {
+ String selectedProcessID = super.selectProcess(context);
+ if (MiscUtil.isNotEmpty(selectedProcessID)) {
+ String pendingReqId = (String)context.get(EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID);
+
+ if (StringUtils.isEmpty(pendingReqId))
+ Logger.warn("Process execution context contains NO 'pendingReqId'. Looks very suspect!");
+
+ else {
+ IRequest pendingReq = requestStore.getPendingRequest(pendingReqId);
+ if (pendingReq != null && pendingReq instanceof EIDASData) {
+ return "eID4UAttributCollectionAuthentication";
+
+ }
+ }
+ }
+
+ return selectedProcessID;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
+ */
+ @Override
+ public String[] getProcessDefinitions() {
+ return new String[] { "classpath:eid4u.Authentication.process.xml" };
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java
new file mode 100644
index 000000000..c8c65ce76
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java
@@ -0,0 +1,61 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.util.CookieUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+@Controller
+public class eID4UAPSignalServlet extends AbstractProcessEngineSignalController {
+
+ public eID4UAPSignalServlet() {
+ Logger.debug("Registering servlet " + getClass().getName() +
+ " with mappings '"+ eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN + "'.");
+
+ }
+
+ @RequestMapping(value = {eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN },
+ method = {RequestMethod.POST, RequestMethod.GET})
+ public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ signalProcessManagement(req, resp);
+ }
+
+ @Override
+ /**
+ * Protocol specific implementation to get the pending-requestID
+ * from http request object
+ *
+ * @param request The http Servlet-Request object
+ * @return The Pending-request id
+ *
+ */
+ public String getPendingRequestId(HttpServletRequest request) {
+ String pendigReqId = super.getPendingRequestId(request);
+
+ if (MiscUtil.isEmpty(pendigReqId)) {
+ Logger.trace("No 'pendingReqID', seach for 'state' parameter in eID4U use-case ... ");
+ pendigReqId = request.getParameter(OAuth20Constants.PARAM_STATE);
+ if (MiscUtil.isEmpty(pendigReqId)) {
+ Logger.trace("No 'pendingReqID', seach HTTP-Cookie in eID4U use-case ... ");
+ pendigReqId = CookieUtils.getValueFromCookie(request, eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME);
+ if (MiscUtil.isEmpty(pendigReqId))
+ Logger.info("NO eID4U cookie or 'state' parameter with pendingReqId.");
+
+ }
+ }
+
+ return pendigReqId;
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java
new file mode 100644
index 000000000..45eb161d3
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java
@@ -0,0 +1,25 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+public class eID4UConstants {
+
+ //configuration parameter
+ public static final String CONFIG_PROPS_AP_CONSENT_ENTITYID = "moa.id.protocols.eIDAS.eID4U.AP.consent.entityID";
+ public static final String CONFIG_PROPS_AP_CONSENT_URL = "moa.id.protocols.eIDAS.eID4U.AP.consent.url";
+ public static final String CONFIG_PROPS_AP_SCOPES = "moa.id.protocols.eIDAS.eID4U.AP.scopes.full";
+ public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_URL = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.url";
+ public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_PARAM_GRANTTYPE = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.param.granttype";
+ public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_USERNAME = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.username";
+ public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_PASSWORD = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.password";
+ public static final String CONFIG_PROPS_AP_DATASERVICE_URL = "moa.id.protocols.eIDAS.eID4U.AP.dataservice.url";
+
+ //session parameter
+ public static final String HTTP_TRANSACTION_COOKIE_NAME = "eID4APTransactionId";
+ public static final String HTTP_ENDPOINT_AP_CONSENT_RETURN = "/eidas/eid4u/resume";
+
+ //process context
+ public static final String PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS = "collecteID4UAttr";
+ public static final String PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER = "eID4UAttrProvbPK";
+
+
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java
new file mode 100644
index 000000000..69cc131ff
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java
@@ -0,0 +1,239 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import org.apache.commons.lang3.StringUtils;
+
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moaspss.logging.Logger;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
+
+public class AttributeScopeMapper {
+
+ private static AttributeScopeMapper instance = null;
+
+ public static final String Scope_Delimiter = " ";
+
+ public static final String Citizenship = "ANY@tugraz.idm.attr.Citizenship";
+ public static final String CityOfBirth = "ANY@tugraz.idm.attr.CityOfBirth";
+ public static final String CountryOfBirth = "ANY@tugraz.idm.attr.CountryOfBirth";
+ public static final String CurrentDegreeName = "ANY@tugraz.idm.attr.CurrentDegreeName";
+ public static final String CurrentFieldOfStudy = "ANY@tugraz.idm.attr.CurrentFieldOfStudy";
+ public static final String CurrentLevelOfStudy = "ANY@tugraz.idm.attr.CurrentLevelOfStudy";
+ public static final String EmailStud = "ANY@tugraz.idm.attr.EmailStud";
+ public static final String Gender = "ANY@tugraz.idm.attr.Gender";
+ public static final String HomeInstitutionName = "ANY@tugraz.idm.attr.HomeInstitutionName";
+ public static final String HomeInstitutionCountry = "ANY@tugraz.idm.attr.HomeInstitutionCountry";
+
+ public static final String HomeInstitutionAddressCountryCode = "ANY@tugraz.idm.attr.HomeInstitutionAddressCountryCode";
+ public static final String HomeInstitutionAddressPostalCode = "ANY@tugraz.idm.attr.HomeInstitutionAddressPostalCode";
+ public static final String HomeInstitutionAddressStreet = "ANY@tugraz.idm.attr.HomeInstitutionAddressStreet";
+ public static final String HomeInstitutionAddressCity = "ANY@tugraz.idm.attr.HomeInstitutionAddressCity";
+
+ public static final String PermanentAddressCity = "ANY@tugraz.idm.attr.PermanentAddressCity";
+ public static final String PermanentAddressCountryCode = "ANY@tugraz.idm.attr.PermanentAddressCountryCode";
+ public static final String PermanentAddressPostalCode = "ANY@tugraz.idm.attr.PermanentAddressPostalCode";
+ public static final String PermanentAddressStreet = "ANY@tugraz.idm.attr.PermanentAddressStreet";
+
+ public static final String StudyAddressCity = "ANY@tugraz.idm.attr.StudyAddressCity";
+ public static final String StudyAddressCountryCode = "ANY@tugraz.idm.attr.StudyAddressCountryCode";
+ public static final String StudyAddressPostalCode = "ANY@tugraz.idm.attr.StudyAddressPostalCode";
+ public static final String StudyAddressStreet = "ANY@tugraz.idm.attr.StudyAddressStreet";
+
+ private static List<String> complexeScopes = new ArrayList<String>();
+
+ private static final Map<String, String> eIDASToScopes = Collections.unmodifiableMap(new HashMap<String,String>() {
+ private static final long serialVersionUID = 1L;
+ {
+ put(Definitions.CITIZENSHIP_NAME, Citizenship);
+ put(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PLACE_OF_BIRTH.getNameUri().toString(),
+ CityOfBirth);
+ put(Definitions.COUNTRYOFBIRTH_NAME, CountryOfBirth);
+ put(Definitions.CURRENTDEGREE_NAME, CurrentDegreeName);
+ put(Definitions.FIELDOFSTUDY_NAME, CurrentFieldOfStudy);
+ put(Definitions.CURRENTLEVELOFSTUDY_NAME, CurrentLevelOfStudy);
+ put(Definitions.EMAIL_NAME, EmailStud);
+ put(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.GENDER.getNameUri().toString(),
+ Gender);
+ put(Definitions.HOMEINSTITUTIONNAME_NAME, HomeInstitutionName);
+ put(Definitions.HOMEINSTITUTIONCOUNTRY_NAME, HomeInstitutionCountry);
+
+ put(Definitions.HOMEINSTITUTIONADDRESS_NAME,
+ HomeInstitutionAddressCountryCode + Scope_Delimiter
+ + HomeInstitutionAddressPostalCode + Scope_Delimiter
+ + HomeInstitutionAddressStreet + Scope_Delimiter
+ + HomeInstitutionAddressCity);
+ put(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(),
+ PermanentAddressCity + Scope_Delimiter
+ + PermanentAddressCountryCode + Scope_Delimiter
+ + PermanentAddressPostalCode + Scope_Delimiter
+ + PermanentAddressStreet);
+ put(Definitions.TEMPORARYADDRESS_NAME,
+ StudyAddressCity + Scope_Delimiter
+ + StudyAddressCountryCode + Scope_Delimiter
+ + StudyAddressPostalCode + Scope_Delimiter
+ + StudyAddressStreet);
+
+ }
+ });
+
+ private static Map<String, String> scopesToeIDAS = Collections.unmodifiableMap(new HashMap<String,String>() {
+ private static final long serialVersionUID = 1L;
+ {
+ Iterator<Entry<String, String>> it = eIDASToScopes.entrySet().iterator();
+ while (it.hasNext()) {
+ Entry<String, String> el = it.next();
+ String[] value = el.getValue().split(Scope_Delimiter);
+ if (value.length == 1)
+ put(el.getValue(), el.getKey());
+
+ else {
+ for (String i : value) {
+ put(i, el.getKey());
+ complexeScopes.add(i);
+
+ }
+ }
+ }
+ }
+ });
+
+
+
+
+ public static AttributeScopeMapper getInstance() {
+ if (instance == null) {
+ instance = new AttributeScopeMapper();
+
+ }
+
+ return instance;
+ }
+
+ /**
+ * Map a eID4U attribute-name into a TUG Scope
+ *
+ * @param eID4UAttributeName eID4U attribute-name
+ * @return TUG Scope
+ */
+ public String getTUGScopesForAttribute(String eID4UAttributeName) {
+ if (eIDASToScopes.containsKey(eID4UAttributeName))
+ return eIDASToScopes.get(eID4UAttributeName);
+
+ else {
+ Logger.info("eID4U attribute '" + eID4UAttributeName + "' CAN NOT provides from TUG");
+ return StringUtils.EMPTY;
+
+ }
+
+ }
+
+ /**
+ * Map a TUG Scope into an eID4u attribute-name
+ *
+ * @param scope TUG scope
+ * @return eID4u attribute name
+ */
+ public String geteIDASAttrFromScope(String scope) {
+ return scopesToeIDAS.get(scope);
+
+ }
+
+ /**
+ * Check if an TUG scope is part of a complex eID4u attribute
+ *
+ * @param scope TUG scope
+ * @return true if scope is part of a complex attribute, otherwise false
+ */
+ public boolean isComplexeScope(String scope) {
+ return complexeScopes.contains(scope);
+
+ }
+
+ /**
+ * Convert the TUG Attribute-provider response into a Map<attributeName, attributeValue> of eID4U attributes
+ *
+ *
+ * @param jsonObject TUG AP response
+ * @return Map of eID4U attributes, but never null
+ */
+ public Map<String, Object> populateEid4uAttributesFromTugResponse(JsonObject jsonObject) {
+ Map<String, Object> result = new HashMap<String, Object>();
+ Map<String, String> complexAttr = new HashMap<String, String>();
+
+ Iterator<Entry<String, JsonElement>> it = jsonObject.entrySet().iterator();
+ while (it.hasNext()) {
+ Entry<String, JsonElement> el = it.next();
+ String key = el.getKey();
+
+ Logger.trace("Starting TUG scrope mapping for: " + key + " ... ");
+ String eIDASAttr = AttributeScopeMapper.getInstance().geteIDASAttrFromScope(key);
+ if (StringUtils.isNotEmpty(eIDASAttr)) {
+ if (!AttributeScopeMapper.getInstance().isComplexeScope(key)) {
+ Logger.debug("Map simple TUG scope: " + key + " to eIDAS attribute: " + eIDASAttr);
+ result.put(eIDASAttr, el.getValue().getAsString());
+
+ } else {
+ Logger.trace("Find complex TUG scope: " + key);
+ complexAttr.put(eIDASAttr, null);
+
+ }
+
+ } else
+ Logger.info("Can NOT map TUG scope: " + key + " to any eID4U attribute");
+
+ }
+
+ //TODO: can only Map address attributes
+ Iterator<String> complIt = complexAttr.keySet().iterator();
+ while(complIt.hasNext()) {
+ String attr = complIt.next();
+
+ eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress.Builder address = PostalAddress.builder();
+ if (Definitions.HOMEINSTITUTIONADDRESS_NAME.equals(attr)) {
+ address.postCode(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressPostalCode).getAsString());
+ address.postName(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressCity).getAsString());
+ address.cvAddressArea(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressStreet).getAsString());
+ address.thoroughfare(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressStreet).getAsString());
+ result.put(attr, address.build());
+
+ } else if (Definitions.TEMPORARYADDRESS_NAME.equals(attr)) {
+ address.postCode(jsonObject.get(AttributeScopeMapper.StudyAddressPostalCode).getAsString());
+ address.postName(jsonObject.get(AttributeScopeMapper.StudyAddressCity).getAsString());
+ address.cvAddressArea(jsonObject.get(AttributeScopeMapper.StudyAddressStreet).getAsString());
+ address.thoroughfare(jsonObject.get(AttributeScopeMapper.StudyAddressStreet).getAsString());
+ result.put(attr, address.build());
+
+ } else if (eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString().equals(attr)) {
+ address.postCode(jsonObject.get(AttributeScopeMapper.PermanentAddressPostalCode).getAsString());
+ address.postName(jsonObject.get(AttributeScopeMapper.PermanentAddressCity).getAsString());
+ address.cvAddressArea(jsonObject.get(AttributeScopeMapper.PermanentAddressStreet).getAsString());
+ address.thoroughfare(jsonObject.get(AttributeScopeMapper.PermanentAddressStreet).getAsString());
+ result.put(attr, address.build());
+
+ } else {
+ Logger.warn("Complexe eID4U attribute: " + attr + " is NOT SUPPORTED yet!");
+
+ }
+
+ }
+
+ return result;
+
+ }
+
+
+ private AttributeScopeMapper() {
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java
index f347022b8..d5b1a9e4e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java
@@ -1,5 +1,7 @@
package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
+import java.util.Collection;
+
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.Response;
import org.w3c.dom.Document;
@@ -26,9 +28,9 @@ public class MOAProtocolEngine extends ProtocolEngine {
*
*/
@Override
- public Correlated unmarshallResponse(byte[] responseBytes) throws EIDASSAMLEngineException {
+ public Correlated unmarshallResponse(byte[] responseBytes, Collection<String> metadataWhitelist, boolean checkWhitelist) throws EIDASSAMLEngineException {
try {
- return super.unmarshallResponse(responseBytes);
+ return super.unmarshallResponse(responseBytes, metadataWhitelist, checkWhitelist);
} catch (EIDASSAMLEngineException e) {
if (responseBytes != null ) {
@@ -45,7 +47,7 @@ public class MOAProtocolEngine extends ProtocolEngine {
if (startInternalMetadataRefesh(entityID)) {
Logger.debug("Metadata refresh success. Revalidate eIDAS Response ...");
- return super.unmarshallResponse(responseBytes);
+ return super.unmarshallResponse(responseBytes, metadataWhitelist, checkWhitelist);
}
Logger.info("eIDAS metadata refresh not possible or not successful.");
@@ -61,9 +63,9 @@ public class MOAProtocolEngine extends ProtocolEngine {
*
*/
@Override
- public AuthnRequest unmarshallRequest(byte[] requestBytes) throws EIDASSAMLEngineException {
+ public AuthnRequest unmarshallRequest(byte[] requestBytes, Collection<String> whitelistMetadata, boolean checkWhitelist) throws EIDASSAMLEngineException {
try {
- return super.unmarshallRequest(requestBytes);
+ return super.unmarshallRequest(requestBytes, whitelistMetadata, checkWhitelist);
} catch (EIDASSAMLEngineException e) {
@@ -81,7 +83,7 @@ public class MOAProtocolEngine extends ProtocolEngine {
if (startInternalMetadataRefesh(entityID)) {
Logger.debug("Metadata refresh success. Revalidate eIDAS Authn. Request ...");
- return super.unmarshallRequest(requestBytes);
+ return super.unmarshallRequest(requestBytes, whitelistMetadata, checkWhitelist);
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index aca818532..feeff6f84 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -440,7 +440,9 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider imp
AuthConfiguration moaAuthConfig = (AuthConfiguration) basicConfig;
//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
- PVPConstants.SSLSOCKETFACTORYNAME,
+ PVPConstants.SSLSOCKETFACTORYNAME,
+ basicConfig.getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
moaAuthConfig.getTrustedCACertificates(),
null,
AuthConfiguration.DEFAULT_X509_CHAININGMODE,
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java
new file mode 100644
index 000000000..b7a9fcba9
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java
@@ -0,0 +1,32 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class eID4UAPException extends EIDASException {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ public eID4UAPException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ public eID4UAPException(String messageId, Object[] parameters, Throwable e) {
+ super(messageId, parameters, e);
+ }
+
+ @Override
+ public String getStatusCodeFirstLevel() {
+ return StatusCode.RESPONDER_URI;
+
+ }
+
+ @Override
+ public String getStatusCodeSecondLevel() {
+ return StatusCode.AUTHN_FAILED_URI;
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java
new file mode 100644
index 000000000..a58bc4f8d
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java
@@ -0,0 +1,181 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import com.google.common.collect.UnmodifiableIterator;
+
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
+import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthAction;
+import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
+import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20Protocol;
+import at.gv.egovernment.moa.id.util.CookieUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.Builder;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.ImmutableAttributeEntry;
+
+@Component("CollectAddtionalAttributesTask")
+public class CollectAddtionalAttributesTask extends AbstractAuthServletTask {
+
+ @Autowired private OAuth20AuthAction openIDAuthAction;
+ @Autowired private ITransactionStorage transactionStorage;
+ @Autowired private AuthenticationDataBuilder authDataBuilder;
+
+ @Override
+ public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp)
+ throws TaskExecutionException {
+ try{
+ context.put(eID4UConstants.PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS, false);
+
+ if (pendingReq instanceof EIDASData) {
+ EIDASData eidasReq = (EIDASData) pendingReq;
+ Logger.debug("Find eIDAS Auth. Req. Check if eID4U attributes are requested ...");
+
+ //select all eID4U attributes from requested attributes
+ Builder reqEid4uAttrListBuilder = ImmutableAttributeMap.builder();
+ ImmutableAttributeMap reqAttrList = eidasReq.getEidasRequestedAttributes();
+ for (String el : Definitions.EID4UATTRIBUTEELIST) {
+ if(reqAttrList.getAttributeValuesByNameUri(el) != null) {
+ Logger.debug("Find eID4U attr: " + el);
+ reqEid4uAttrListBuilder.put(reqAttrList.getDefinitionByNameUri(el));
+
+ }
+ }
+
+ //collect eID4U attributes, if some attributes are selected before
+ ImmutableAttributeMap reqEid4uAttrList = reqEid4uAttrListBuilder.build();
+ if (reqEid4uAttrList != null && reqEid4uAttrList.size() > 0) {
+ Logger.info("Starting eID4U attribute collection process ... ");
+
+ //mark execution context with eID4U AP flag
+ context.put(eID4UConstants.PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS, true);
+
+ //load connection parameters to TUG
+ String uniqueID = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_CONSENT_ENTITYID);
+ String redirectURI = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_CONSENT_URL);
+ String scopes = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_SCOPES);
+
+ if (MiscUtil.isEmpty(scopes)) {
+ //generate scope from attributes
+ scopes = mapReqAttributesIntoScopes(reqEid4uAttrList);
+
+ }
+
+ Logger.debug("Load eID4U AP-Config:"
+ + " EntityID: " + uniqueID
+ + " RedirectURL:" + redirectURI
+ + " Scopes: " + scopes);
+
+
+ /*
+ *build openID and set connect token
+ */
+
+ //generate fake OpenID_Connect request
+ OAuth20AuthRequest fakeOpenIDReq = new OAuth20AuthRequest();
+ fakeOpenIDReq.initialize(httpReq, authConfig);
+ fakeOpenIDReq.setSPEntityId(uniqueID);
+ fakeOpenIDReq.setModule(OAuth20Protocol.NAME);
+ fakeOpenIDReq.setOnlineApplicationConfiguration(authConfig.getServiceProviderConfiguration(uniqueID));
+ fakeOpenIDReq.setScope("openId profile");
+
+ //populate with SessionData
+ fakeOpenIDReq.setRawDataToTransaction(
+ pendingReq.getSessionData(AuthenticationSessionWrapper.class)
+ .getKeyValueRepresentationFromAuthSession());
+
+ //generate authData
+ IAuthData authData = authDataBuilder.buildAuthenticationData(fakeOpenIDReq);
+
+ //generate OpenIDConenct token
+ String accessToken = Random.nextHexRandom32();
+ OAuth20SessionObject o = new OAuth20SessionObject();
+ o.setScope(fakeOpenIDReq.getScope());
+ o.setCode(accessToken);
+ Map<String, Object> idToken = openIDAuthAction.generateIDToken(o, fakeOpenIDReq, authData, accessToken);
+ o.setAuthDataSession(idToken);
+ transactionStorage.put(accessToken, o, -1);
+
+ //forward to TUG
+ httpResp.setStatus(HttpServletResponse.SC_FOUND);
+ redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_OPENID_CODE, accessToken);
+ redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_SCOPE, scopes);
+ redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_STATE,
+ pendingReq.getPendingRequestId());
+ redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_REDIRECT_URI,
+ pendingReq.getAuthURL() + eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN);
+
+ final String finalUrl = redirectURI;
+ httpResp.addHeader("Location", finalUrl);
+ Logger.debug("REDIRECT TO: " + finalUrl.toString());
+
+ //set session cookie, because eID4U AP from TUG maybe not support pendingReqIds on request level
+ CookieUtils.setCookie(httpReq, httpResp,
+ eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME,
+ pendingReq.getPendingRequestId(), -1);
+
+ //set user's bPK into pendingRequst because TUG AttributeProvider needs it
+ pendingReq.setRawDataToTransaction(
+ eID4UConstants.PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER,
+ new BPKAttributeBuilder().build(
+ fakeOpenIDReq.getServiceProviderConfiguration(),
+ authData,
+ new SimpleStringAttributeGenerator()));
+ requestStoreage.storePendingRequest(pendingReq);
+
+ } else
+ Logger.debug("No eID4U attributes found. Skip eID4U attribute collection");
+
+ } else
+ Logger.debug("No eIDAS Request found. Skip eID4U attribute collection");
+
+ } catch (Exception e) {
+ Logger.error("eID4U AttributeProvider communication FAILED.", e);
+ throw new TaskExecutionException(pendingReq, "eID4U AttributeProvider communication FAILED", e);
+
+ }
+
+ }
+
+ private String mapReqAttributesIntoScopes(ImmutableAttributeMap reqEid4uAttrList) {
+ String result = StringUtils.EMPTY;
+ UnmodifiableIterator<ImmutableAttributeEntry<?>> it = reqEid4uAttrList.entrySet().iterator();
+ while (it.hasNext()) {
+ ImmutableAttributeEntry<?> el = it.next();
+ String scope = AttributeScopeMapper.getInstance().getTUGScopesForAttribute(
+ el.getKey().getNameUri().toString());
+
+ if (result.isEmpty())
+ result = scope;
+ else
+ result += " " + scope;
+
+ }
+
+ return result;
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 1788facf0..274a23674 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -57,11 +57,14 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
//validate SAML token
+ //TODO: maybe add whitelist
IAuthenticationResponse samlResp = engine.unmarshallResponseAndValidate(decSamlToken,
request.getRemoteHost(),
Constants.CONFIG_PROPS_SKEWTIME_BEFORE,
Constants.CONFIG_PROPS_SKEWTIME_AFTER,
- pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
+ pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA,
+ null,
+ false);
if (samlResp.isEncrypted()) {
Logger.info("Received encrypted eIDAS SAML-Response.");
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java
new file mode 100644
index 000000000..e878f8ab1
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java
@@ -0,0 +1,238 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+
+import java.io.InputStreamReader;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.http.Header;
+import org.apache.http.HttpHeaders;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.protocol.HttpClientContext;
+import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eID4UAPException;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport;
+import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.util.CookieUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+@Component("ReceiveConsentForAddtionalAttributesTask")
+public class ReceiveConsentForAddtionalAttributesTask extends AbstractAuthServletTask {
+
+ private static final int HashMap = 0;
+ @Autowired private AuthConfiguration moaAuthConfig;
+
+ @Override
+ public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp)
+ throws TaskExecutionException {
+ try{
+ if (pendingReq instanceof EIDASData) {
+ EIDASData eidasReq = (EIDASData) pendingReq;
+
+ //delete eID4U http Cookie with pendingRequestId
+ CookieUtils.deleteCookie(httpReq, httpResp, eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME);
+
+ String authCode = httpReq.getParameter(OAuth20Constants.RESPONSE_CODE);
+ if (MiscUtil.isEmpty(authCode)) {
+ Logger.info("Find NO OAuth2 authCode as http parameter 'code'. eID4U AP process stopping ... ");
+ throw new eID4UAPException("NO OAuth2 'authCode' to access AP", null);
+
+ }
+ Logger.trace("Find OAuth2 'code' with: " + authCode);
+
+ /*
+ * access backend service with authCode
+ *
+ */
+ String tokenServiceURL = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_URL);
+ String tokenServiceUsername = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_USERNAME);
+ String tokenServicePassword = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_PASSWORD);
+
+ if (MiscUtil.isEmpty(tokenServiceURL)) {
+ Logger.info("NO TokenService URL in configuration for eID4U AP. ");
+ throw new eID4UAPException("NO TokenService URL in configuration for eID4U AP.", null);
+
+ }
+
+ //open http client
+ SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(
+ moaAuthConfig,
+ tokenServiceURL);
+ CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient(
+ sslFactory,
+ authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true));
+
+ //build request URL
+ URIBuilder uriBuilderToken = new URIBuilder(tokenServiceURL);
+ uriBuilderToken.addParameter(OAuth20Constants.PARAM_GRANT_TYPE,
+ authConfig.getBasicConfiguration(
+ eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_PARAM_GRANTTYPE,
+ OAuth20Constants.PARAM_GRANT_TYPE_VALUE_AUTHORIZATION_CODE));
+ uriBuilderToken.addParameter(OAuth20Constants.RESPONSE_CODE, authCode);
+ Logger.trace("Full eID4U Token-Service request URL: " + uriBuilderToken.build());
+
+ HttpGet httpGetToken = new HttpGet(uriBuilderToken.build());
+
+ HttpClientContext localContext = HttpClientContext.create();
+ if (MiscUtil.isNotEmpty(tokenServiceUsername)) {
+ Logger.debug("Find AuthCredentials for eID4U AP. Injecting credentials ... ");
+
+ //Raw work-around, because API solution does not work well
+ String auth = tokenServiceUsername.trim() + ":" + tokenServicePassword.trim();
+ byte[] encodedAuth = Base64.getEncoder().encode(auth.getBytes(StandardCharsets.ISO_8859_1));
+ String authHeader = "Basic " + new String(encodedAuth);
+ httpGetToken.setHeader(HttpHeaders.AUTHORIZATION, authHeader);
+
+ //API solutuion
+// HttpHost targetHost = new HttpHost(uriBuilderToken.build().toString());
+// AuthCache authCache = new BasicAuthCache();
+// authCache.put(targetHost, new BasicScheme());
+//
+// CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
+// credentialsProvider.setCredentials(AuthScope.ANY,
+// new UsernamePasswordCredentials(tokenServiceUsername.trim(), tokenServicePassword.trim()));
+// localContext.setCredentialsProvider(credentialsProvider);
+// localContext.setAuthCache(authCache);
+
+ }
+
+ //request tokenService
+ HttpResponse httpResultToken = httpClient.execute(httpGetToken, localContext);
+
+ Logger.trace("Receive http StatusCode: " + httpResultToken.getStatusLine().getStatusCode()
+ + " from eID4U AP TokenService");
+
+ if (Logger.isTraceEnabled()) {
+ for (Header el : httpResultToken.getAllHeaders())
+ Logger.trace("Resp. Headername:" + el.getName() + " Value:" + el.getValue());
+ }
+
+ if (httpResultToken.getStatusLine().getStatusCode() != 200) {
+ Logger.info("eID4U AP TokenService anwser with StatusCode:" + httpResultToken.getStatusLine().getStatusCode()
+ + " eID4U AP process stopping ... ");
+ if (httpResultToken.getEntity().getContent() != null)
+ Logger.trace("StatusMessage: " + IOUtils.toString(httpResultToken.getEntity().getContent(), "UTF-8"));
+ throw new eID4UAPException("eID4U AP TokenService return statusCode: " + httpResultToken.getStatusLine().getStatusCode(), null);
+
+ }
+
+ //parse AccessToken from TokenService response
+ JsonElement fullToken = new JsonParser().parse(
+ new InputStreamReader(httpResultToken.getEntity().getContent()));
+ Logger.trace("FullToken: " + fullToken.toString());
+ String accessToken = fullToken.getAsJsonObject().get(OAuth20Constants.RESPONSE_ACCESS_TOKEN).getAsString();
+
+
+ //call Attribute Provider to receice eID4U attributes from TUG
+ String attrProviderServiceURL = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_DATASERVICE_URL);
+ if (MiscUtil.isEmpty(attrProviderServiceURL)) {
+ Logger.info("NO Attr.Provider Service URL in configuration for eID4U AP. ");
+ throw new eID4UAPException("NO Attr.Provider URL in configuration for eID4U AP.", null);
+
+ }
+
+
+ URIBuilder uriBuilderAttrProv = new URIBuilder(attrProviderServiceURL);
+ HttpGet httpGetData = new HttpGet(uriBuilderAttrProv.build());
+
+ //encode and add token as header
+ String authHeader = "Bearer " + accessToken;
+ httpGetData.setHeader(HttpHeaders.AUTHORIZATION, authHeader);
+
+ //get and add bPK as header
+ httpGetData.setHeader(
+ "X-PVP-BPK",
+ pendingReq.getRawData(eID4UConstants.PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER, String.class));
+
+ if (Logger.isTraceEnabled()) {
+ for (Header el : httpGetData.getAllHeaders())
+ Logger.trace("Req. Headername:" + el.getName() + " Value:" + el.getValue());
+ }
+
+ //request Attribute Provider
+ HttpResponse httpResultData = httpClient.execute(httpGetData);
+
+ //parse response
+ Logger.trace("Receive http StatusCode: " + httpResultData.getStatusLine().getStatusCode()
+ + " from eID4U Attr.Provider Service");
+
+ if (Logger.isTraceEnabled()) {
+ for (Header el : httpResultData.getAllHeaders())
+ Logger.trace("Resp. Headername:" + el.getName() + " Value:" + el.getValue());
+ }
+
+ if (httpResultData.getStatusLine().getStatusCode() != 200) {
+ Logger.info("eID4U Attr.Provider Service anwser with StatusCode:" + httpResultData.getStatusLine().getStatusCode()
+ + " eID4U AP process stopping ... ");
+ if (httpResultData.getEntity().getContent() != null)
+ Logger.trace("StatusMessage: " + IOUtils.toString(httpResultData.getEntity().getContent(), "UTF-8"));
+
+ throw new eID4UAPException("eID4U Attr.Provider Service return statusCode: " + httpResultData.getStatusLine().getStatusCode(), null);
+
+ }
+
+
+ //parse eID4U attributes from Attr.Provider service response
+ JsonElement fullAttrSet = new JsonParser().parse(
+ new InputStreamReader(httpResultData.getEntity().getContent()));
+ Logger.trace("FullAttrSet: " + fullAttrSet.toString());
+
+ //populate eID4U attributes
+ populateEid4uAttributes(fullAttrSet.getAsJsonObject());
+
+ //store pendingRequest
+ requestStoreage.storePendingRequest(pendingReq);
+
+
+ } else
+ Logger.debug("No eIDAS Request found. Skip eID4U attribute collection");
+
+ } catch (Exception e) {
+ Logger.error("IdentityLink generation for foreign person FAILED.", e);
+ throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
+
+ }
+
+ }
+
+ private void populateEid4uAttributes(JsonObject jsonObject) throws EAAFStorageException {
+ try {
+ AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
+ Map<String, Object> eID4UAttributes = AttributeScopeMapper.getInstance().populateEid4uAttributesFromTugResponse(jsonObject);
+ for (Entry<String, Object> el : eID4UAttributes.entrySet())
+ session.setGenericDataToSession(el.getKey(), el.getValue());
+
+ } catch (EAAFStorageException e) {
+ Logger.warn("Can NOT inject authentication data into user object.", e);
+ throw e;
+ }
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java
index bb52d2ffe..44a313885 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java
@@ -69,12 +69,11 @@ import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
import org.opensaml.xml.signature.KeyInfo;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import com.google.common.collect.ImmutableSortedSet;
import com.google.common.collect.Ordering;
+import at.gv.egovernment.moa.logging.Logger;
import eu.eidas.auth.commons.EIDASUtil;
import eu.eidas.auth.commons.EidasStringUtil;
import eu.eidas.auth.commons.attribute.AttributeDefinition;
@@ -108,7 +107,6 @@ import eu.eidas.util.Preconditions;
*
*/
public class NewMoaEidasMetadata {
- private static final Logger LOGGER = LoggerFactory.getLogger(EidasMetadata.class.getName());
private final String metadata;
private final String entityId;
private static final Set<String> DEFAULT_BINDING = new HashSet() {
@@ -180,7 +178,7 @@ public class NewMoaEidasMetadata {
dm.setAlgorithm(digestMethod);
eidasExtensions.getUnknownXMLObjects().add(dm);
} else {
- NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding DigestMethod extension");
+ Logger.info("BUSINESS EXCEPTION error adding DigestMethod extension");
}
}
}
@@ -197,7 +195,7 @@ public class NewMoaEidasMetadata {
spTypeObj.setSPType(this.params.getSpType());
eidasExtensions.getUnknownXMLObjects().add(spTypeObj);
} else {
- NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding SPType extension");
+ Logger.info("BUSINESS EXCEPTION error adding SPType extension");
}
}
generateDigest(eidasExtensions);
@@ -212,7 +210,7 @@ public class NewMoaEidasMetadata {
sm.setAlgorithm(signMethod);
eidasExtensions.getUnknownXMLObjects().add(sm);
} else {
- NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding SigningMethod extension");
+ Logger.info("BUSINESS EXCEPTION error adding SigningMethod extension");
}
}
}
@@ -378,8 +376,12 @@ public class NewMoaEidasMetadata {
new ImmutableSortedSet.Builder<>(Ordering.<AttributeDefinition<?>>natural());
for (String attr : eIDASAttributeBuilder.getAllProvideableeIDASAttributes()) {
- AttributeDefinition<?> supAttr = params.getIdpEngine().getProtocolProcessor().getAttributeDefinitionNullable(attr);
- builder.add(supAttr);
+ Logger.trace("Build metadata-attr: " + attr);
+ AttributeDefinition<?> supAttr = params.getIdpEngine().getProtocolProcessor().getAttributeDefinitionNullable(attr);
+ if (supAttr == null)
+ Logger.warn("Suspect eIDAS attribute definition: " + attr);
+ else
+ builder.add(supAttr);
}
return builder.build();
@@ -444,11 +446,11 @@ public class NewMoaEidasMetadata {
url.setURL(new LocalizedString(this.params.getOrganization().getUrl(), "en"));
organization.getURLs().add(url);
} catch (IllegalAccessException iae) {
- NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", iae.getMessage());
- NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", iae);
+ Logger.info("ERROR : error generating the OrganizationData: " + iae.getMessage());
+ Logger.warn("ERROR : error generating the OrganizationData:", iae);
} catch (NoSuchFieldException nfe) {
- NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", nfe.getMessage());
- NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", nfe);
+ Logger.info("ERROR : error generating the OrganizationData: " + nfe.getMessage());
+ Logger.warn("ERROR : error generating the OrganizationData:", nfe);
}
}
return organization;
@@ -463,11 +465,11 @@ public class NewMoaEidasMetadata {
else if (contactType == ContactPersonTypeEnumeration.TECHNICAL)
currentContact = this.params.getTechnicalContact();
else {
- NewMoaEidasMetadata.LOGGER.error("ERROR: unsupported contact type");
+ Logger.error("ERROR: unsupported contact type");
}
contact = (ContactPerson) BuilderFactoryUtil.buildXmlObject(ContactPerson.class);
if (currentContact == null) {
- NewMoaEidasMetadata.LOGGER.error("ERROR: cannot retrieve contact from the configuration");
+ Logger.error("ERROR: cannot retrieve contact from the configuration");
return contact;
}
@@ -486,11 +488,11 @@ public class NewMoaEidasMetadata {
populateContact(contact, currentContact, emailAddressObj, company, givenName, surName, phoneNumber);
} catch (IllegalAccessException iae) {
- NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", iae.getMessage());
- NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", iae);
+ Logger.info("ERROR : error generating the OrganizationData: " + iae.getMessage());
+ Logger.warn("ERROR : error generating the OrganizationData: ", iae);
} catch (NoSuchFieldException nfe) {
- NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", nfe.getMessage());
- NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", nfe);
+ Logger.info("ERROR : error generating the OrganizationData: " + nfe.getMessage());
+ Logger.warn("ERROR : error generating the OrganizationData: ", nfe);
}
return contact;
}
@@ -546,8 +548,8 @@ public class NewMoaEidasMetadata {
}
return EidasStringUtil.toString(OpenSamlHelper.marshall(entityDescriptor, false));
} catch (Exception ex) {
- NewMoaEidasMetadata.LOGGER.info("ERROR : SAMLException ", ex.getMessage());
- NewMoaEidasMetadata.LOGGER.debug("ERROR : SAMLException ", ex);
+ Logger.info("ERROR : SAMLException: " + ex.getMessage());
+ Logger.warn("ERROR : SAMLException ", ex);
throw new IllegalStateException(ex);
}
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 6d20caa4b..b000c317e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -33,6 +33,7 @@ import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.XMLConfigurator;
import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAExtendedSWSigner;
import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
@@ -112,6 +113,16 @@ public class SAMLEngineUtils {
SAMLSchemaBuilder.addExtensionSchema(
at.gv.egovernment.moa.util.Constants.SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION);
+ //add eID4U schemes
+ SAMLSchemaBuilder.addExtensionSchema(
+ Definitions.SAML2_eID4U_CORE_EXTENSIONS_SCHEMA_LOCATION);
+ SAMLSchemaBuilder.addExtensionSchema(
+ Definitions.SAML2_eID4U_PERSON_EXTENSIONS_SCHEMA_LOCATION);
+ SAMLSchemaBuilder.addExtensionSchema(
+ Definitions.SAML2_eID4U_STUDIES_EXTENSIONS_SCHEMA_LOCATION);
+ SAMLSchemaBuilder.addExtensionSchema(
+ Definitions.SAML2_eID4U_EXT_EUROPASS3_EXTENSIONS_SCHEMA_LOCATION);
+
eIDASEngine = engine;
} catch (EIDASSAMLEngineException | ConfigurationException e) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java
deleted file mode 100644
index e3b58d259..000000000
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-
-/**
- * @author tlenz
- *
- */
-public class SimpleEidasAttributeGenerator implements IAttributeGenerator<String> {
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildStringAttribute(java.lang.String, java.lang.String, java.lang.String)
- */
- @Override
- public String buildStringAttribute(String friendlyName, String name, String value) {
- return value;
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildIntegerAttribute(java.lang.String, java.lang.String, int)
- */
- @Override
- public String buildIntegerAttribute(String friendlyName, String name, int value) {
- return String.valueOf(value);
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildLongAttribute(java.lang.String, java.lang.String, long)
- */
- @Override
- public String buildLongAttribute(String friendlyName, String name, long value) {
- return String.valueOf(value);
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildEmptyAttribute(java.lang.String, java.lang.String)
- */
- @Override
- public String buildEmptyAttribute(String friendlyName, String name) {
- return null;
- }
-
-}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
index 200215308..d2323d161 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
@@ -38,6 +38,7 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
import at.gv.egovernment.moa.logging.Logger;
@@ -53,7 +54,7 @@ import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
*
*/
public class eIDASAttributeBuilder extends PVPAttributeBuilder {
- private static IAttributeGenerator<String> generator = new SimpleEidasAttributeGenerator();
+ private static IAttributeGenerator<String> generator = new SimpleStringAttributeGenerator();
private static List<String> listOfSupportedeIDASAttributes;
private static ServiceLoader<IeIDASAttribute> eIDASAttributLoader =
@@ -105,7 +106,7 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder {
* @param authData Authentication data that contains user information for attribute generation
* @return eIDAS attribute response {@link Pair} or null if the attribute generation FAILES
*/
- public static Pair<AttributeDefinition<?>,ImmutableSet<AttributeValue<?>>> buildAttribute(AttributeDefinition<?> attr, ISPConfiguration onlineApplicationConfiguration,
+ public static Pair<?, ImmutableSet<AttributeValue<?>>> buildAttribute(AttributeDefinition<?> attr, ISPConfiguration onlineApplicationConfiguration,
IAuthData authData) {
String attrName = attr.getNameUri().toString();
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index d268dd2f6..7c9e66ba0 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -203,7 +203,8 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
//***** validate eIDAS request *********
//****************************************
//validate SAML token
- IAuthenticationRequest samlReq = engine.unmarshallRequestAndValidate(decSamlToken, cititzenCountryCode );
+ //TODO: maybe add whitelist feature
+ IAuthenticationRequest samlReq = engine.unmarshallRequestAndValidate(decSamlToken, cititzenCountryCode, null, false);
//validate internal JAVA class type
if (!(samlReq instanceof IEidasAuthenticationRequest)) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java
index 1ac4560b0..d9232a2f3 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java
@@ -28,7 +28,8 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF
* @author tlenz
*
*/
-@Deprecated
+
+
@eIDASMetadata
public class eIDASAttrLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
index 66359e240..e10f42b37 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
@@ -35,7 +35,6 @@ import at.gv.egovernment.moa.util.MiscUtil;
* @author tlenz
*
*/
-@Deprecated
@eIDASMetadata
public class eIDASAttrLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java
index 638b01bb1..cea28662e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java
@@ -28,7 +28,10 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF
* @author tlenz
*
*/
-@eIDASMetadata
+
+/*
+ * Is not a valid eIDAS attribute at the moment, because representative has to be a natural person
+ */
public class eIDASAttrRepresentativeLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute {
@Override
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
index fd245c3eb..7c527ff67 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
@@ -35,7 +35,10 @@ import at.gv.egovernment.moa.util.MiscUtil;
* @author tlenz
*
*/
-@eIDASMetadata
+
+/*
+ * Is not a valid eIDAS attribute at the moment, because representative has to be a natural person
+ */
public class eIDASAttrRepresentativeLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute {
@Override
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
index f7e135bae..14ba239a1 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
@@ -61,7 +61,7 @@ public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNat
throws AttributeBuilderException {
try {
- Pair<String, String> calcResult = internalBPKGenerator(oaParam, authData);
+ Pair<String, String> calcResult = getBpkForSp(oaParam, authData);
if (calcResult != null) {
String personalID = calcResult.getFirst();
String type = calcResult.getSecond();
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java
index db072203d..9321182da 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java
@@ -1,5 +1,8 @@
package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder;
+import java.lang.annotation.Retention;
+
+@Retention(java.lang.annotation.RetentionPolicy.RUNTIME)
public @interface eIDASMetadata {
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java
new file mode 100644
index 000000000..2f066bc6b
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class CititzenshipAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.CITIZENSHIP_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.CITIZENSHIP_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.CITIZENSHIP_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java
new file mode 100644
index 000000000..8ef79b774
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class CountryOfBirthAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.COUNTRYOFBIRTH_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.COUNTRYOFBIRTH_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.COUNTRYOFBIRTH_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java
new file mode 100644
index 000000000..7b4c16a5a
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class CurrentDegreeAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.CURRENTDEGREE_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.CURRENTDEGREE_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.CURRENTDEGREE_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java
new file mode 100644
index 000000000..5210676c2
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class CurrentLevelOfStudyAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.CURRENTLEVELOFSTUDY_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.CURRENTLEVELOFSTUDY_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.CURRENTLEVELOFSTUDY_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java
new file mode 100644
index 000000000..4b8e6ec29
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java
@@ -0,0 +1,49 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.generic.Document;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class CurrentPhotoAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ Object docObj= authData.getGenericData(getName(), Object.class);
+
+ if (docObj instanceof Document) {
+ return g.buildStringAttribute(Definitions.CURRENTPHOTO_FRIENDLYNAME, getName(), ((Document)docObj).toString());
+
+
+ } else if (docObj instanceof String) {
+ if (StringUtils.isNotEmpty((String)docObj))
+ return g.buildStringAttribute(Definitions.CURRENTPHOTO_FRIENDLYNAME, getName(), (String)docObj);
+
+ }
+
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.CURRENTPHOTO_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.CURRENTPHOTO_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java
new file mode 100644
index 000000000..4f0a0d2fc
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class DegreeAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.DEGREE_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.DEGREE_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.DEGREE_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java
new file mode 100644
index 000000000..8b480914b
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class DegreeAwardingInstituteAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.DEGREEAWARDINGINSTITUTION_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.DEGREEAWARDINGINSTITUTION_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.DEGREEAWARDINGINSTITUTION_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java
new file mode 100644
index 000000000..b3b58c9da
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class DegreeCountryAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.DEGREECOUNTRY_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.DEGREECOUNTRY_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.DEGREECOUNTRY_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java
new file mode 100644
index 000000000..f37b8ea65
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class EHICIDAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.EHICID_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.EHICID_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.EHICID_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java
new file mode 100644
index 000000000..c1dba7eff
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class EMailAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.EMAIL_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.EMAIL_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.EMAIL_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java
new file mode 100644
index 000000000..ba486079e
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class FieldOfStudyAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.FIELDOFSTUDY_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.FIELDOFSTUDY_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.FIELDOFSTUDY_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java
new file mode 100644
index 000000000..cf1bc4b07
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class GraduationYearAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.GRADUATIONYEAR_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.GRADUATIONYEAR_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.GRADUATIONYEAR_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java
new file mode 100644
index 000000000..73ab6fdda
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java
@@ -0,0 +1,72 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import java.io.IOException;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
+import eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddressAttributeValue;
+
+@eIDASMetadata
+public class HomeInstituteAddressAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ Object obj= authData.getGenericData(getName(), Object.class);
+
+ if (obj instanceof PostalAddress) {
+ try {
+ return g.buildStringAttribute(Definitions.HOMEINSTITUTIONADDRESS_FRIENDLYNAME, getName(),
+ new CurrentAddressAttributeValueMarshaller().marshal(
+ new PostalAddressAttributeValue((PostalAddress) obj)));
+
+ } catch (AttributeValueMarshallingException e) {
+ Logger.warn("Can NOT build attribute: " + getName(), e);
+
+ }
+
+ } else if (obj instanceof String) {
+ if (StringUtils.isNotEmpty((String)obj)) {
+ try {
+ return g.buildStringAttribute(Definitions.HOMEINSTITUTIONADDRESS_FRIENDLYNAME, getName(),
+ Base64Utils.encode(((String) obj).getBytes()));
+
+ } catch (IOException e) {
+ Logger.warn("Can NOT build attribute: " + getName(), e);
+
+ }
+
+ }
+
+ }
+
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONADDRESS_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.HOMEINSTITUTIONADDRESS_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java
new file mode 100644
index 000000000..4b80b53ca
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class HomeInstituteCountryAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.HOMEINSTITUTIONCOUNTRY_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONCOUNTRY_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.HOMEINSTITUTIONCOUNTRY_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java
new file mode 100644
index 000000000..e8c7a9169
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class HomeInstituteIdentifierAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.HOMEINSTITUTIONIDENTIFIER_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONIDENTIFIER_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.HOMEINSTITUTIONIDENTIFIER_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java
new file mode 100644
index 000000000..1f72b9a37
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class HomeInstituteNameAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.HOMEINSTITUTIONNAME_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONNAME_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.HOMEINSTITUTIONNAME_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java
new file mode 100644
index 000000000..1983c10d1
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java
@@ -0,0 +1,49 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class IdExpireddateAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ Object dateObj= authData.getGenericData(getName(), Object.class);
+
+ if (dateObj instanceof Date) {
+ DateFormat pvpDateFormat = new SimpleDateFormat(Definitions.DATE_FORMAT_PATTERN);
+ String dateString = pvpDateFormat.format(dateObj);
+ return g.buildStringAttribute(Definitions.IDEXPIREDATE_FRIENDLYNAME, getName(), dateString);
+
+ } else if (dateObj instanceof String) {
+ return g.buildStringAttribute(Definitions.IDEXPIREDATE_FRIENDLYNAME, getName(), (String) dateObj);
+
+ } else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.IDEXPIREDATE_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.IDEXPIREDATE_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java
new file mode 100644
index 000000000..7b04069e2
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class IdIssuerAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.IDISSUER_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.IDISSUER_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.IDISSUER_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java
new file mode 100644
index 000000000..956caab68
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class IdNumberAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.IDNUMBER_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.IDNUMBER_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.IDNUMBER_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java
new file mode 100644
index 000000000..e2aff59e9
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java
@@ -0,0 +1,48 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egiz.eid4u.api.attributes.natural.IdType;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class IdTypeAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ Object idTypeObj= authData.getGenericData(getName(), Object.class);
+
+ if (idTypeObj instanceof IdType)
+ return g.buildStringAttribute(Definitions.IDTYPE_FRIENDLYNAME, getName(), ((IdType)idTypeObj).getValue());
+
+ else if (idTypeObj instanceof String) {
+ String idType = (String)idTypeObj;
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.IDTYPE_FRIENDLYNAME, getName(), idType);
+ }
+
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.IDTYPE_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.IDTYPE_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java
new file mode 100644
index 000000000..4c88a54c1
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java
@@ -0,0 +1,50 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.CertificatesType;
+import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.generic.Document;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class LanguageCertificatesAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ Object certObj= authData.getGenericData(getName(), Object.class);
+
+ if (certObj instanceof CertificatesType) {
+ return g.buildStringAttribute(Definitions.LANGUAGECERTIFICATES_FRIENDLYNAME, getName(), ((CertificatesType)certObj).toString());
+
+
+ } else if (certObj instanceof String) {
+ if (StringUtils.isNotEmpty((String)certObj))
+ return g.buildStringAttribute(Definitions.LANGUAGECERTIFICATES_FRIENDLYNAME, getName(), (String) certObj);
+
+ }
+
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.LANGUAGECERTIFICATES_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.LANGUAGECERTIFICATES_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java
new file mode 100644
index 000000000..b3c30a8a2
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java
@@ -0,0 +1,51 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.CertificatesType;
+import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.LanguageLevelType;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class LanguageProficiencyAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ Object certObj= authData.getGenericData(getName(), Object.class);
+
+ if (certObj instanceof LanguageLevelType) {
+ return g.buildStringAttribute(Definitions.LANGUAGEPROFICIENCY_FRIENDLYNAME, getName(), ((LanguageLevelType)certObj).toString());
+
+
+ } else if (certObj instanceof String) {
+ if (StringUtils.isNotEmpty((String)certObj))
+
+ return g.buildStringAttribute(Definitions.LANGUAGEPROFICIENCY_FRIENDLYNAME, getName(), (String) certObj);
+
+ }
+
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.LANGUAGEPROFICIENCY_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.LANGUAGEPROFICIENCY_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java
new file mode 100644
index 000000000..98410a606
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java
@@ -0,0 +1,49 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egiz.eid4u.api.attributes.natural.MaritalState;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class MaritalstateAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ Object valueObj = authData.getGenericData(getName(), Object.class);
+
+ if (valueObj instanceof MaritalState)
+ return g.buildStringAttribute(Definitions.MARITALSTATE_FRIENDLYNAME, getName(), ((MaritalState)valueObj).getValue());
+
+ else if (valueObj instanceof String) {
+ String value = (String)valueObj;
+ if (StringUtils.isNotEmpty(value));
+ return g.buildStringAttribute(Definitions.MARITALSTATE_FRIENDLYNAME, getName(), value);
+
+ }
+
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.MARITALSTATE_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.EHICID_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java
new file mode 100644
index 000000000..724b2494e
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class NationalityAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.NATIONALITY_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.NATIONALITY_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.NATIONALITY_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java
new file mode 100644
index 000000000..51e78bac2
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class PhoneAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.PHONE_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.PHONE_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.PHONE_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java
new file mode 100644
index 000000000..9888ce3c0
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class TaxIdentificationNumberAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.TAXIDENTIFICATIONNUMBER_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.TAXIDENTIFICATIONNUMBER_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.TAXIDENTIFICATIONNUMBER_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java
new file mode 100644
index 000000000..9a57750cf
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java
@@ -0,0 +1,70 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import java.io.IOException;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
+import eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddressAttributeValue;
+
+@eIDASMetadata
+public class TemporaryAddressAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ Object obj= authData.getGenericData(getName(), Object.class);
+
+ if (obj instanceof PostalAddress) {
+ try {
+ return g.buildStringAttribute(Definitions.TEMPORARYADDRESS_FRIENDLYNAME, getName(),
+ new CurrentAddressAttributeValueMarshaller().marshal(
+ new PostalAddressAttributeValue((PostalAddress) obj)));
+
+ } catch (AttributeValueMarshallingException e) {
+ Logger.warn("Can NOT build attribute: " + getName(), e);
+
+ }
+
+ } else if (obj instanceof String) {
+ if (StringUtils.isNotEmpty((String)obj))
+ try {
+ return g.buildStringAttribute(Definitions.TEMPORARYADDRESS_FRIENDLYNAME, getName(),
+ Base64Utils.encode(((String) obj).getBytes()));
+
+ } catch (IOException e) {
+ Logger.warn("Can NOT build attribute: " + getName(), e);
+
+ }
+
+ }
+
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.TEMPORARYADDRESS_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.TEMPORARYADDRESS_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index f6a67db9d..b42d3273f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -87,7 +87,9 @@ public class eIDASAuthenticationRequest implements IAction {
else
throw new MOAIDException("got wrong IRequest type. is: {}, should be: {}", new String[] {req.getClass().toString(), EIDASData.class.toString()});
-
+
+ ProtocolEngineI engine = at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
+
String subjectNameID = null;
//gather attributes
@@ -129,6 +131,21 @@ public class eIDASAuthenticationRequest implements IAction {
Logger.trace("eIDAS requsted attr. update process finished");
}
+
+
+
+ //TODO: eID4U testcode
+ //**************************************************************************
+// Builder reqAttrWitheID4U = ImmutableAttributeMap.builder(reqAttributeList);
+// AttributeDefinition<?> attrDef =
+// engine.getProtocolProcessor().getAttributeDefinitionNullable(
+// Definitions.IDTYPE_NAME);
+// reqAttrWitheID4U.put(AttributeDefinition.builder(attrDef).required(false).build());
+//
+// reqAttributeList = reqAttrWitheID4U.build();
+
+ //**************************************************************************
+
Logger.trace("Starting eIDAS response generation ....");
@@ -164,9 +181,7 @@ public class eIDASAuthenticationRequest implements IAction {
String token = null;
IResponseMessage eIDASRespMsg = null;
- try {
- ProtocolEngineI engine = at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
-
+ try {
// encryption is done by the SamlEngine, i.e. by the module we provide in the config
// but we need to set the appropriate request issuer
//engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer());
@@ -247,16 +262,18 @@ public class eIDASAuthenticationRequest implements IAction {
}
private void buildAndAddAttribute(ImmutableAttributeMap.Builder attrMapBuilder, AttributeDefinition<?> attr, IRequest req, IAuthData authData) throws MOAIDException {
- Pair<AttributeDefinition<?>, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute(
+ Pair<?, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute(
attr, req.getServiceProviderConfiguration(), authData);
if(eIDASAttr == null) {
if (attr.isRequired()) {
Logger.info("eIDAS Attr:" + attr.getNameUri() + " is marked as 'Required' but not available.");
- throw new MOAIDException("eIDAS.15", new Object[]{attr.getFriendlyName()});
+
+ //TODO!!!!!!!
+ //throw new MOAIDException("eIDAS.15", new Object[]{attr.getFriendlyName()});
} else
- Logger.info("eIDAS Attr:" + attr.getNameUri() + " is not available.");
+ Logger.debug("eIDAS Attr:" + attr.getNameUri() + " is not available.");
} else {
//add attribute to Map
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
index 3c11c725d..3a05c47ac 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -1,7 +1,8 @@
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrDateOfBirth
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrFamilyName
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrGivenName
-at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalName
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalPersonIdentifier
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeDateOfBirth
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeFamilyName
@@ -9,3 +10,30 @@ at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentat
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalName
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalPersonIdentifier
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdTypeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdNumberAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdIssuerAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdExpireddateAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EHICIDAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.NationalityAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CititzenshipAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.MaritalstateAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CountryOfBirthAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EMailAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.PhoneAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TemporaryAddressAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentPhotoAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TaxIdentificationNumberAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteNameAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteIdentifierAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteCountryAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteAddressAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentLevelOfStudyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.FieldOfStudyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentDegreeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAwardingInstituteAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.GraduationYearAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeCountryAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageProficiencyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageCertificatesAttrBuilder \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute
index ad87adb6a..2a147e18c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute
@@ -2,9 +2,38 @@ at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrDateOfBirth
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrFamilyName
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrGivenName
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalName
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalPersonIdentifier
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeDateOfBirth
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeFamilyName
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeGivenName
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalName
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalPersonIdentifier
-at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier \ No newline at end of file
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdTypeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdNumberAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdIssuerAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdExpireddateAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EHICIDAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.NationalityAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CititzenshipAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.MaritalstateAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CountryOfBirthAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EMailAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.PhoneAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TemporaryAddressAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentPhotoAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TaxIdentificationNumberAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteNameAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteIdentifierAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteCountryAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteAddressAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentLevelOfStudyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.FieldOfStudyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentDegreeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAwardingInstituteAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.GraduationYearAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeCountryAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageProficiencyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageCertificatesAttrBuilder
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml
new file mode 100644
index 000000000..4ab49641f
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="eID4UAttributCollectionAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
+
+<!--
+ - National authentication with Austrian Citizen Card and mobile signature with our without mandate.
+ - Legacy authentication for foreign citizens using MOCCA supported signature cards.
+-->
+ <pd:Task id="initializeBKUAuthentication" class="InitializeBKUAuthenticationTask" />
+ <pd:Task id="createIdentityLinkForm" class="CreateIdentityLinkFormTask" />
+ <pd:Task id="verifyIdentityLink" class="VerifyIdentityLinkTask" async="true" />
+ <pd:Task id="verifyAuthBlock" class="VerifyAuthenticationBlockTask" async="true" />
+ <pd:Task id="verifyCertificate" class="VerifyCertificateTask" async="true" />
+ <pd:Task id="getMISMandate" class="GetMISSessionIDTask" async="true" />
+ <pd:Task id="certificateReadRequest" class="CertificateReadRequestTask" />
+ <pd:Task id="prepareAuthBlockSignature" class="PrepareAuthBlockSignatureTask" />
+ <pd:Task id="prepareGetMISMandate" class="PrepareGetMISMandateTask" />
+ <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" />
+ <pd:Task id="getForeignID" class="GetForeignIDTask" async="true" />
+ <pd:Task id="userRestrictionTask" class="UserRestrictionTask" />
+ <pd:Task id="genericFrontChannelRedirectTask" class="GenericFrontChannelRedirectTask"/>
+
+ <!-- eID4U extensions -->
+ <pd:Task id="collectAddtionalAttributesTask" class="CollectAddtionalAttributesTask" async="true"/>
+ <pd:Task id="receiveConsentForAddtionalAttributesTask" class="ReceiveConsentForAddtionalAttributesTask" async="true"/>
+
+
+
+
+ <!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
+ <pd:StartEvent id="start" />
+
+ <pd:Transition from="start" to="initializeBKUAuthentication" />
+
+ <pd:Transition from="initializeBKUAuthentication" to="createIdentityLinkForm" />
+
+ <pd:Transition from="createIdentityLinkForm" to="verifyIdentityLink" />
+
+ <pd:Transition from="verifyIdentityLink" to="certificateReadRequest" conditionExpression="!ctx['identityLinkAvailable'] || ctx['useMandate']" />
+ <pd:Transition from="verifyIdentityLink" to="prepareAuthBlockSignature" />
+
+ <pd:Transition from="prepareAuthBlockSignature" to="verifyAuthBlock" />
+ <!-- Note: verifyAuthBlock still creates a MIS session and redirects the user to the MIS gui. This should be separated from the auth block verification. -->
+
+ <pd:Transition from="certificateReadRequest" to="verifyCertificate" />
+ <!-- Note: verifyCertificate still creates the auth block to be signed which should be separated from certificat verification. -->
+
+ <pd:Transition from="verifyCertificate" to="verifyAuthBlock" conditionExpression="ctx['useMandate']" />
+ <pd:Transition from="verifyCertificate" to="getForeignID" />
+
+ <pd:Transition from="verifyAuthBlock" to="prepareGetMISMandate" conditionExpression="ctx['useMandate']" />
+ <pd:Transition from="verifyAuthBlock" to="userRestrictionTask" />
+
+ <pd:Transition from="prepareGetMISMandate" to="getMISMandate" />
+
+ <pd:Transition from="getMISMandate" to="userRestrictionTask" />
+ <pd:Transition from="getForeignID" to="userRestrictionTask" />
+
+
+ <pd:Transition from="userRestrictionTask" to="genericFrontChannelRedirectTask" />
+
+ <!-- eID4U tasks for attribute collection -->
+ <pd:Transition from="genericFrontChannelRedirectTask" to="collectAddtionalAttributesTask" />
+
+ <pd:Transition from="collectAddtionalAttributesTask" to="receiveConsentForAddtionalAttributesTask" conditionExpression="ctx['collecteID4UAttr']" />
+ <pd:Transition from="collectAddtionalAttributesTask" to="finalizeAuthentication" conditionExpression="!ctx['collecteID4UAttr']" />
+
+ <pd:Transition from="receiveConsentForAddtionalAttributesTask" to="finalizeAuthentication" />
+
+
+ <pd:Transition from="finalizeAuthentication" to="end" />
+
+ <pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
index 20395f210..da4a2a95b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
@@ -9,9 +9,17 @@
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+ <bean id="eID4UAuthProcessImpl"
+ class="at.gv.egovernment.moa.id.auth.modules.eidas.AustrianAuthWitheID4UAuthenticationModulImpl">
+ <property name="priority" value="1" />
+ </bean>
+
<bean id="eIDASSignalServlet"
class="at.gv.egovernment.moa.id.auth.modules.eidas.eIDASSignalServlet"/>
+ <bean id="eID4UAPSignalServlet"
+ class="at.gv.egovernment.moa.id.auth.modules.eidas.eID4UAPSignalServlet"/>
+
<bean id="EIDASProtocol"
class="at.gv.egovernment.moa.id.protocols.eidas.EIDASProtocol"/>
@@ -30,5 +38,14 @@
<bean id="CreateIdentityLinkTask"
class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.CreateIdentityLinkTask"
scope="prototype"/>
+
+ <bean id="CollectAddtionalAttributesTask"
+ class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.CollectAddtionalAttributesTask"
+ scope="prototype"/>
+
+ <bean id="ReceiveConsentForAddtionalAttributesTask"
+ class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.ReceiveConsentForAddtionalAttributesTask"
+ scope="prototype"/>
+
</beans> \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/eID4U_TUG_scopes.map b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/eID4U_TUG_scopes.map
new file mode 100644
index 000000000..6a8a28dd4
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/eID4U_TUG_scopes.map
@@ -0,0 +1,27 @@
+ANY@tugraz.idm.attr.Citizenship=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/Citizenship
+ANY@tugraz.idm.attr.CityOfBirth=http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth
+ANY@tugraz.idm.attr.CountryOfBirth=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/CountryOfBirth
+ANY@tugraz.idm.attr.CurrentDegreeName=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/CurrentDegree
+ANY@tugraz.idm.attr.CurrentFieldOfStudy=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/FieldOfStudy
+ANY@tugraz.idm.attr.CurrentLevelOfStudy=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/CurrentLevelOfStudy
+ANY@tugraz.idm.attr.EmailStud=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/Email
+ANY@tugraz.idm.attr.Gender=http://eidas.europa.eu/attributes/naturalperson/Gender
+ANY@tugraz.idm.attr.HomeInstitutionName=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Name
+ANY@tugraz.idm.attr.HomeInstitutionCountry=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Country
+
+
+ANY@tugraz.idm.attr.HomeInstitutionAddressCountryCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address
+ANY@tugraz.idm.attr.HomeInstitutionAddressPostalCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address
+ANY@tugraz.idm.attr.HomeInstitutionAddressStreet=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address
+ANY@tugraz.idm.attr.HomrInstitutionAddressCity=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address
+
+
+ANY@tugraz.idm.attr.PermanentAddressCity=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress
+ANY@tugraz.idm.attr.PermanentAddressCountryCode=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress
+ANY@tugraz.idm.attr.PermanentAddressPostalCode=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress
+ANY@tugraz.idm.attr.PermanentAddressStreet=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress
+
+ANY@tugraz.idm.attr.StudyAddressCity=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress
+ANY@tugraz.idm.attr.StudyAddressCountryCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress
+ANY@tugraz.idm.attr.StudyAddressPostalCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress
+ANY@tugraz.idm.attr.StudyAddressStreet=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java b/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java
new file mode 100644
index 000000000..0daa90b40
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java
@@ -0,0 +1,253 @@
+package test.at.gv.egovernment.moa.id.modules.eidas.eid4u;
+
+import java.io.UnsupportedEncodingException;
+import java.util.Base64;
+import java.util.Map;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import com.google.gson.JsonElement;
+import com.google.gson.JsonParseException;
+import com.google.gson.JsonParser;
+
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
+
+
+public class AttributeScopeMapperTest {
+
+ private static final String TUG_AP_RESPONSE_B64 = "ewogICAiQU5ZQHR1Z3Jhei5pZG0uYXR0ci5Db3VudHJ5T2ZCaXJ0aCI6IiIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkN1cnJlbnREZWdyZWVOYW1lIjoiRHIudGVjaG4uIiwKICAgIkFOWUB0dWdyYXouaWRtLmF0dHIuQ3VycmVudEZpZWxkT2ZTdHVkeSI6IjA2ODg7OTk5OSIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkN1cnJlbnRMZXZlbE9mU3R1ZHkiOiI4IiwKICAgIkFOWUB0dWdyYXouaWRtLmF0dHIuRW1haWxTdHVkIjoidC5rZXJuQHN0dWRlbnQudHVncmF6LmF0IiwKICAgIkFOWUB0dWdyYXouaWRtLmF0dHIuSG9tZUluc3RpdHV0aW9uQWRkcmVzc0NvdW50cnlDb2RlIjoiQVQiLAogICAiQU5ZQHR1Z3Jhei5pZG0uYXR0ci5Ib21lSW5zdGl0dXRpb25BZGRyZXNzUG9zdGFsQ29kZSI6IjgwMTAiLAogICAiQU5ZQHR1Z3Jhei5pZG0uYXR0ci5Ib21lSW5zdGl0dXRpb25BZGRyZXNzU3RyZWV0IjoiUmVjaGJhdWVyc3RyYcOfZSAxMiIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkhvbWVJbnN0aXR1dGlvbkNvdW50cnkiOiJBVCIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkhvbWVJbnN0aXR1dGlvbk5hbWUiOiJHcmF6IFVuaXZlcnNpdHkgT2YgVGVjaG5vbG9neSIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLkhvbWVJbnN0aXR1dGlvbkFkZHJlc3NDaXR5IjoiR3JheiIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLlN0dWR5QWRkcmVzc0NpdHkiOiJGcm9obmxlaXRlbiIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLlN0dWR5QWRkcmVzc1Bvc3RhbENvZGUiOiI4MTMwIiwKICAgIkFOWUB0dWdyYXouaWRtLmF0dHIuU3R1ZHlBZGRyZXNzQ291bnRyeUNvZGUiOiJBVCIsCiAgICJBTllAdHVncmF6LmlkbS5hdHRyLlN0dWR5QWRkcmVzc1N0cmVldCI6IkvDvGhhdSAyMiIKfQ==";
+
+ private AttributeScopeMapper mapper = null;
+
+ @Test
+ public void dummyTest() throws Exception {
+
+
+ }
+
+ @Test
+ public void checkTugApResponseMapping() throws JsonParseException, UnsupportedEncodingException {
+ JsonElement fullAttrSet = new JsonParser().parse(new String(
+ Base64.getDecoder().decode(TUG_AP_RESPONSE_B64.getBytes()), "UTF-8"));
+
+ Map<String, Object> result = getMapper().populateEid4uAttributesFromTugResponse(fullAttrSet.getAsJsonObject());
+
+ Assert.assertTrue("eID4u attribte-table is EMPTY after mapping", !result.isEmpty());
+
+ Assert.assertTrue(result.containsKey(Definitions.COUNTRYOFBIRTH_NAME));
+ Assert.assertEquals("", result.get(Definitions.COUNTRYOFBIRTH_NAME));
+
+ Assert.assertTrue(result.containsKey(Definitions.CURRENTDEGREE_NAME));
+ Assert.assertEquals("Dr.techn.", result.get(Definitions.CURRENTDEGREE_NAME));
+
+ Assert.assertTrue(result.containsKey(Definitions.FIELDOFSTUDY_NAME));
+ Assert.assertEquals("0688;9999", result.get(Definitions.FIELDOFSTUDY_NAME));
+
+ Assert.assertTrue(result.containsKey(Definitions.CURRENTLEVELOFSTUDY_NAME));
+ Assert.assertEquals("8", result.get(Definitions.CURRENTLEVELOFSTUDY_NAME));
+
+ Assert.assertTrue(result.containsKey(Definitions.EMAIL_NAME));
+ Assert.assertEquals("t.kern@student.tugraz.at", result.get(Definitions.EMAIL_NAME));
+
+ Assert.assertTrue(result.containsKey(Definitions.HOMEINSTITUTIONNAME_NAME));
+ Assert.assertEquals("Graz University Of Technology", result.get(Definitions.HOMEINSTITUTIONNAME_NAME));
+
+ Assert.assertTrue(result.containsKey(Definitions.HOMEINSTITUTIONCOUNTRY_NAME));
+ Assert.assertEquals("AT", result.get(Definitions.HOMEINSTITUTIONCOUNTRY_NAME));
+
+ Assert.assertTrue(result.containsKey(Definitions.HOMEINSTITUTIONADDRESS_NAME));
+ checkComplexeAddress(
+ result.get(Definitions.HOMEINSTITUTIONADDRESS_NAME),
+ "AT",
+ "8010",
+ "Rechbauerstraße 12",
+ "Graz");
+
+ Assert.assertTrue(result.containsKey(Definitions.TEMPORARYADDRESS_NAME));
+ checkComplexeAddress(
+ result.get(Definitions.TEMPORARYADDRESS_NAME),
+ "AT",
+ "8130",
+ "Kühau 22",
+ "Frohnleiten");
+
+ }
+
+ private void checkComplexeAddress(Object toCheck, String cc, String postalCode, String Street, String city) {
+ Assert.assertNotNull(toCheck);
+ Assert.assertTrue(toCheck instanceof PostalAddress);
+
+ PostalAddress addr = (PostalAddress)toCheck;
+ Assert.assertEquals(postalCode, addr.getPostCode());
+ Assert.assertEquals(Street, addr.getCvAddressArea());
+ Assert.assertEquals(Street, addr.getThoroughfare());
+ Assert.assertEquals(city, addr.getPostName());
+
+ }
+
+ @Test
+ public void checkCitizenship() throws Exception {
+ checkBasicMappingInitialization(Definitions.CITIZENSHIP_NAME, AttributeScopeMapper.Citizenship, false);
+
+ }
+
+ @Test
+ public void checkCityOfBirth() throws Exception {
+ checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PLACE_OF_BIRTH.getNameUri().toString(), AttributeScopeMapper.CityOfBirth, false);
+
+ }
+
+ @Test
+ public void checkCountryOfBirth() throws Exception {
+ checkBasicMappingInitialization(Definitions.COUNTRYOFBIRTH_NAME, AttributeScopeMapper.CountryOfBirth, false);
+
+ }
+
+ @Test
+ public void checkCurrentDegreeName() throws Exception {
+ checkBasicMappingInitialization(Definitions.CURRENTDEGREE_NAME, AttributeScopeMapper.CurrentDegreeName, false);
+
+ }
+
+ @Test
+ public void checkCurrentFieldOfStudy() throws Exception {
+ checkBasicMappingInitialization(Definitions.FIELDOFSTUDY_NAME, AttributeScopeMapper.CurrentFieldOfStudy, false);
+ }
+
+ @Test
+ public void checkCurrentLevelOfStudy() throws Exception {
+ checkBasicMappingInitialization(Definitions.CURRENTLEVELOFSTUDY_NAME, AttributeScopeMapper.CurrentLevelOfStudy, false);
+
+ }
+
+ @Test
+ public void checkEmailStud() throws Exception {
+ checkBasicMappingInitialization(Definitions.EMAIL_NAME, AttributeScopeMapper.EmailStud, false);
+
+ }
+
+ @Test
+ public void checkGender() throws Exception {
+ checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.GENDER.getNameUri().toString(), AttributeScopeMapper.Gender, false);
+
+ }
+
+ @Test
+ public void checkHomeInstitutionName() throws Exception {
+ checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONNAME_NAME, AttributeScopeMapper.HomeInstitutionName, false);
+
+ }
+
+ @Test
+ public void checkHomeInstitutionCountry() throws Exception {
+ checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONCOUNTRY_NAME, AttributeScopeMapper.HomeInstitutionCountry, false);
+
+ }
+
+ @Test
+ public void checkHomeInstitutionAddressCountryCode() throws Exception {
+ checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONADDRESS_NAME, AttributeScopeMapper.HomeInstitutionAddressCountryCode, true);
+
+ }
+
+ @Test
+ public void checkHomeInstitutionAddressPostalCode() throws Exception {
+ checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONADDRESS_NAME, AttributeScopeMapper.HomeInstitutionAddressPostalCode, true);
+
+ }
+
+ @Test
+ public void checkHomeInstitutionAddressStreet() throws Exception {
+ checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONADDRESS_NAME, AttributeScopeMapper.HomeInstitutionAddressStreet, true);
+
+ }
+
+ @Test
+ public void checkHomeInstitutionAddressCity() throws Exception {
+ checkBasicMappingInitialization(Definitions.HOMEINSTITUTIONADDRESS_NAME, AttributeScopeMapper.HomeInstitutionAddressCity, true);
+
+ }
+
+ @Test
+ public void checkPermanentAddressCity() throws Exception {
+ checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), AttributeScopeMapper.PermanentAddressCity, true);
+
+ }
+
+ @Test
+ public void checkPermanentAddressCountryCode() throws Exception {
+ checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), AttributeScopeMapper.PermanentAddressCountryCode, true);
+
+ }
+
+ @Test
+ public void checkPermanentAddressPostalCode() throws Exception {
+ checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), AttributeScopeMapper.PermanentAddressPostalCode, true);
+
+ }
+
+ @Test
+ public void checkPermanentAddressStreet() throws Exception {
+ checkBasicMappingInitialization(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), AttributeScopeMapper.PermanentAddressStreet, true);
+
+ }
+
+ @Test
+ public void checkStudyAddressCity() throws Exception {
+ checkBasicMappingInitialization(Definitions.TEMPORARYADDRESS_NAME, AttributeScopeMapper.StudyAddressCity, true);
+
+ }
+
+ @Test
+ public void checkStudyAddressCountryCode() throws Exception {
+ checkBasicMappingInitialization(Definitions.TEMPORARYADDRESS_NAME, AttributeScopeMapper.StudyAddressCountryCode, true);
+
+ }
+
+ @Test
+ public void checkStudyAddressPostalCode() throws Exception {
+ checkBasicMappingInitialization(Definitions.TEMPORARYADDRESS_NAME, AttributeScopeMapper.StudyAddressPostalCode, true);
+
+ }
+
+ @Test
+ public void checkStudyAddressStreet() throws Exception {
+ checkBasicMappingInitialization(Definitions.TEMPORARYADDRESS_NAME, AttributeScopeMapper.StudyAddressStreet, true);
+
+ }
+
+ private void checkBasicMappingInitialization(String eid4Uattr, String scope, boolean isComplexe) {
+ Assert.assertTrue((getMapper().isComplexeScope(scope) == isComplexe));
+
+ String eid4UattrRes = getMapper().geteIDASAttrFromScope(scope);
+ Assert.assertEquals(eid4Uattr, eid4UattrRes);
+
+ String scopeRes = getMapper().getTUGScopesForAttribute(eid4Uattr);
+ if (isComplexe) {
+ Assert.assertNotNull(scopeRes);
+ Assert.assertTrue(scopeRes.contains(scope));
+
+ } else
+ Assert.assertEquals(scope, scopeRes);
+
+ }
+
+ private void checkAddress() {
+
+
+ }
+
+ private AttributeScopeMapper getMapper() {
+ if (mapper == null)
+ mapper = AttributeScopeMapper.getInstance();
+
+ return mapper;
+ }
+
+
+
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/test/resources/SpringTest-context.xml b/id/server/modules/moa-id-module-eIDAS/src/test/resources/SpringTest-context.xml
new file mode 100644
index 000000000..7af79d60c
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/test/resources/SpringTest-context.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+</beans>
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
index e8cfae10a..7bb98c719 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
@@ -322,7 +322,9 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMetadataProvider
try {
//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
- PVPConstants.SSLSOCKETFACTORYNAME,
+ PVPConstants.SSLSOCKETFACTORYNAME,
+ moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
moaAuthConfig.getTrustedCACertificates(),
null,
AuthConfiguration.DEFAULT_X509_CHAININGMODE,
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
index b0736ff2e..cc987bfe7 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
@@ -56,7 +56,8 @@ public final class OAuth20Constants {
public static final String PARAM_SCOPE = "scope";
public static final String PARAM_MOA_MOD = "mod";
public static final String PARAM_MOA_ACTION = "action";
-
+ public static final String PARAM_OPENID_CODE = "openid_code";
+
// reponse parameters
public static final String RESPONSE_CODE = "code";
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index 19fdb3fee..9779b0cf4 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -44,16 +44,20 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN;
import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType;
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBirthDateAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonFamilyNameAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonGivenNameAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder;
@@ -95,8 +99,9 @@ public final class OAuth20AttributeBuilder {
private static final List<IAttributeBuilder> buildersProfile = new ArrayList<IAttributeBuilder>();
private static final List<IAttributeBuilder> buildersEID = new ArrayList<IAttributeBuilder>();
private static final List<IAttributeBuilder> buildersEIDGov = new ArrayList<IAttributeBuilder>();
- private static final List<IAttributeBuilder> buildersMandate = new ArrayList<IAttributeBuilder>();
- private static final List<IAttributeBuilder> buildersSTORK = new ArrayList<IAttributeBuilder>();
+ private static final List<IAttributeBuilder> buildersMandate = new ArrayList<IAttributeBuilder>();
+ @Deprecated private static final List<IAttributeBuilder> buildersSTORK = new ArrayList<IAttributeBuilder>();
+
static {
// openId
buildersOpenId.add(new OpenIdIssuerAttribute());
@@ -120,11 +125,14 @@ public final class OAuth20AttributeBuilder {
buildersEID.add(new EIDAuthBlock());
buildersEID.add(new EIDSignerCertificate());
buildersEID.add(new BPKAttributeBuilder());
+ buildersEID.add(new BPKListAttributeBuilder());
+ buildersEID.add(new EncryptedBPKAttributeBuilder());
// eID_gov
buildersEIDGov.add(new EIDSourcePIN());
buildersEIDGov.add(new EIDSourcePINType());
buildersEIDGov.add(new EIDIdentityLinkBuilder());
+ buildersEIDGov.add(new BPKListAttributeBuilder());
// mandate
buildersMandate.add(new MandateTypeAttributeBuilder());
@@ -133,6 +141,8 @@ public final class OAuth20AttributeBuilder {
buildersMandate.add(new MandateNaturalPersonSourcePinAttributeBuilder());
buildersMandate.add(new MandateNaturalPersonSourcePinTypeAttributeBuilder());
buildersMandate.add(new MandateNaturalPersonBPKAttributeBuilder());
+ buildersMandate.add(new MandateNaturalPersonBPKListAttributeBuilder());
+ buildersMandate.add(new MandateNaturalPersonEncBPKListAttributeBuilder());
buildersMandate.add(new MandateNaturalPersonFamilyNameAttributeBuilder());
buildersMandate.add(new MandateNaturalPersonGivenNameAttributeBuilder());
buildersMandate.add(new MandateNaturalPersonBirthDateAttributeBuilder());
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index b00675e7c..3b300c824 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -58,7 +58,7 @@ import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner;
import at.gv.egovernment.moa.logging.Logger;
@Service("OAuth20AuthAction")
-class OAuth20AuthAction implements IAction {
+public class OAuth20AuthAction implements IAction {
@Autowired protected IRevisionLogger revisionsLogger;
@Autowired protected ITransactionStorage transactionStorage;
@@ -131,7 +131,7 @@ class OAuth20AuthAction implements IAction {
}
- private Map<String, Object> generateIDToken(OAuth20SessionObject auth20SessionObject,
+ public Map<String, Object> generateIDToken(OAuth20SessionObject auth20SessionObject,
OAuth20AuthRequest oAuthRequest, IAuthData authData, String accessToken) throws SignatureException, MOAIDException {
// create response
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index 0350a113c..4dc99262e 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -24,19 +24,20 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
import javax.servlet.http.HttpServletRequest;
+import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
import at.gv.egovernment.moa.logging.Logger;
@@ -160,7 +161,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
}
@Override
- protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception {
+ protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig, ISPConfiguration oAuthConfig) throws OAuth20Exception {
this.setResponseType(this.getParam(request, OAuth20Constants.PARAM_RESPONSE_TYPE, true));
this.setState(this.getParam(request, OAuth20Constants.PARAM_STATE, true));
this.setRedirectUri(this.getParam(request, OAuth20Constants.PARAM_REDIRECT_URI, true));
@@ -178,25 +179,23 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_STATE);
}
- // check if client id and redirect uri are ok
- try {
- // OAOAUTH20 cannot be null at this point. check was done in base request
- ISPConfiguration oAuthConfig = authConfig.getServiceProviderConfiguration(this.getSPEntityId());
-
-
- if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
- || !this.getRedirectUri().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) {
- throw new OAuth20AccessDeniedException();
- }
-
- this.setOnlineApplicationConfiguration(oAuthConfig);
- Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID);
+ // OAOAUTH20 cannot be null at this point. check was done in base request
+ if (StringUtils.isEmpty(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))
+ || StringUtils.isEmpty(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
+ || StringUtils.isEmpty(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) {
+ throw new OAuth20OANotSupportedException();
+ }
+
+ if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
+ || !this.getRedirectUri().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) {
+ throw new OAuth20AccessDeniedException();
- } catch (EAAFConfigurationException e) {
- throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
}
+ this.setOnlineApplicationConfiguration(oAuthConfig);
+ Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID);
+
}
// /* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
index 118de861c..9cceea7d5 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -35,10 +35,8 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
-import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
@@ -77,21 +75,17 @@ abstract class OAuth20BaseRequest extends RequestImpl {
throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
}
- if (StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))
- || StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
- || StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) {
- throw new OAuth20OANotSupportedException();
- }
+ // oAuth
+ this.populateSpecialParameters(request, authConfig, oaParam);
+
+ // cleanup parameters
+ this.checkAllowedParameters(request);
+
}
catch (EAAFConfigurationException e) {
throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
}
-
- // oAuth
- this.populateSpecialParameters(request, authConfig);
-
- // cleanup parameters
- this.checkAllowedParameters(request);
+
}
private void checkAllowedParameters(final HttpServletRequest request) throws OAuth20WrongParameterException {
@@ -112,6 +106,6 @@ abstract class OAuth20BaseRequest extends RequestImpl {
}
- protected abstract void populateSpecialParameters(final HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception;
+ protected abstract void populateSpecialParameters(final HttpServletRequest request, IConfiguration authConfig, ISPConfiguration oaParam) throws OAuth20Exception;
}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 9f4174bf0..0952ba0a6 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -11,6 +11,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@@ -21,10 +22,12 @@ import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
@@ -47,7 +50,9 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME,
PVPConstants.BPK_NAME
});
-
+
+ @Autowired(required=true) AuthConfiguration moaAuthConfig;
+
public String getName() {
return NAME;
}
@@ -68,12 +73,12 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
//OpenID Connect auth request
@RequestMapping(value = "/oauth2/auth", method = {RequestMethod.POST, RequestMethod.GET})
- public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException {
-// if (!authConfig.getAllowedProtocols().isOAUTHActive()) {
-// Logger.info("OpenID-Connect is deaktivated!");
-// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-//
-// }
+ public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException, IOException {
+ if (!moaAuthConfig.getAllowedProtocols().isOAUTHActive()) {
+ Logger.info("OpenID-Connect is deaktivated!");
+ throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
+
+ }
OAuth20AuthRequest pendingReq = applicationContext.getBean(OAuth20AuthRequest.class);
try {
@@ -102,12 +107,12 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
//openID Connect tokken request
@RequestMapping(value = "/oauth2/token", method = {RequestMethod.POST, RequestMethod.GET})
- public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException {
-// if (!authConfig.getAllowedProtocols().isOAUTHActive()) {
-// Logger.info("OpenID-Connect is deaktivated!");
-// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-//
-// }
+ public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException, IOException, InvalidProtocolRequestException {
+ if (!moaAuthConfig.getAllowedProtocols().isOAUTHActive()) {
+ Logger.info("OpenID-Connect is deaktivated!");
+ throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
+
+ }
OAuth20TokenRequest pendingReq = applicationContext.getBean(OAuth20TokenRequest.class);
try {
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
index 89e4252b1..9a3613ea1 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -24,20 +24,20 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
import javax.servlet.http.HttpServletRequest;
+import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidGrantException;
-import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException;
import at.gv.egovernment.moa.logging.Logger;
@Component("OAuth20TokenRequest")
@@ -125,7 +125,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
}
@Override
- protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception {
+ protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig, ISPConfiguration oaParam) throws OAuth20Exception {
this.setCode(this.getParam(request, OAuth20Constants.RESPONSE_CODE, true));
this.setGrantType(this.getParam(request, OAuth20Constants.PARAM_GRANT_TYPE, true));
this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true));
@@ -136,26 +136,21 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
throw new OAuth20InvalidGrantException();
}
- // check if client id and secret are ok
- try {
- // OAOAUTH20 cannot be null at this point. check was done in base request
- ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(this.getSPEntityId());
-
- if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) {
- throw new OAuth20AccessDeniedException();
- }
-
- if (!this.getClientSecret().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))) {
- throw new OAuth20AccessDeniedException();
- }
-
- this.setOnlineApplicationConfiguration(oaParam);
-
+ // OAOAUTH20 cannot be null at this point. check was done in base request
+ if (StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))
+ || StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)))
+ throw new OAuth20OANotSupportedException();
+
+ if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) {
+ throw new OAuth20AccessDeniedException();
}
- catch (EAAFConfigurationException e) {
- throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
+
+ if (!this.getClientSecret().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))) {
+ throw new OAuth20AccessDeniedException();
}
+ this.setOnlineApplicationConfiguration(oaParam);
+
Logger.info("Dispatch OpenIDConnect TokenRequest: ClientID=" + this.clientID);
//add valid parameters
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
index 87e9e933d..a8c4a941e 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
@@ -55,6 +55,7 @@ public class SL20SignalServlet extends AbstractProcessEngineSignalController {
},
method = {RequestMethod.POST, RequestMethod.GET})
public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ Logger.trace("Receive req. on SL2.0 servlet with pendingReqId ... ");
signalProcessManagement(req, resp);
}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
index 6811d1016..0c97641c7 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
@@ -77,15 +77,20 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
//validate eID data
QualifiedeIDVerifier.verifyIdentityLink(idl,
pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class),
- (AuthConfiguration) authConfig);
+ (AuthConfiguration) authConfig);
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED);
+
+ //validate AuthBlock
authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock(
authBlockB64,
pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class),
(AuthConfiguration) authConfig);
-
+
QualifiedeIDVerifier.checkConsistencyOfeIDData(sl20ReqId, idl, authBlockExtractor, authBlockVerificationResult);
-
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED);
+
+
//TODO: add LoA verification
} catch (MOAIDException e) {
@@ -97,24 +102,21 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
throw e;
}
-
- revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED);
- revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED);
-
-
-
+
//add into session
AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
moasession.setIdentityLink(idl);
moasession.setBkuURL(ccsURL);
- //TODO: from AuthBlock
- if (authBlockVerificationResult != null)
+ moasession.setQAALevel(LoA);
+
+ if (authBlockVerificationResult != null) {
moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(authBlockVerificationResult.getSigningDateTime()));
- else
+ moasession.setSignerCertificate(authBlockVerificationResult.getX509certificate());
+
+ } else
moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()));
- moasession.setQAALevel(LoA);
-
+
//store pending request
requestStoreage.storePendingRequest(pendingReq);
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java
index 69e3e7995..0d6086118 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java
@@ -323,4 +323,10 @@ public class DummyOA implements IOAAuthParameters {
return false;
}
+ @Override
+ public List<String> additionalbPKSectorsRequested() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
index 044366eb6..e7280f847 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
@@ -29,6 +29,7 @@ import java.util.List;
import org.w3c.dom.Element;
import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
@@ -197,7 +198,7 @@ public class SSOTransferAuthenticationData implements IMOAAuthData {
* @see at.gv.egovernment.moa.id.data.IAuthData#getEncbPKList()
*/
@Override
- public List<String> getEncbPKList() {
+ public List<Pair<String, String>> getEncbPKList() {
// TODO Auto-generated method stub
return null;
}
@@ -374,5 +375,23 @@ public class SSOTransferAuthenticationData implements IMOAAuthData {
return false;
}
+ @Override
+ public List<Pair<String, String>> getAdditionalbPKs() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isIseIDNewDemoMode() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public List<Pair<String, String>> getEncMandateNaturalPersonbPKList() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
index c9bccb708..9e7a4fe8c 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
@@ -482,4 +482,10 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters {
return null;
}
+ @Override
+ public List<String> additionalbPKSectorsRequested() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
}
diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml
index 8b232cf29..3a401d80e 100644
--- a/id/server/modules/moa-id-modules-saml1/pom.xml
+++ b/id/server/modules/moa-id-modules-saml1/pom.xml
@@ -38,10 +38,10 @@
<!-- Only for development to use SAML1 protocol
SAML1 is removed from official OPB release -->
- <dependency>
+<!-- <dependency>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-module-eIDAS</artifactId>
- </dependency>
+ </dependency> -->
<!-- <dependency>
<groupId>MOA</groupId>
@@ -62,10 +62,10 @@
<artifactId>moa-id-modul-citizencard_authentication</artifactId>
</dependency>
- <dependency>
+<!-- <dependency>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-module-eIDAS</artifactId>
- </dependency>
+ </dependency> -->
<dependency>
<groupId>junit</groupId>
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index c8f01f67d..64a4bae63 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -48,6 +48,7 @@ import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
@@ -71,7 +72,13 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -338,7 +345,92 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
}
-
+
+ //add additional bPKs and foreign bPKs in case of Austrian eID demo-mode
+ if (Boolean.parseBoolean(
+ oaParam.getConfigurationValue(
+ MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE,
+ String.valueOf(false)))) {
+ Logger.info("Demo-mode for 'New Austrian eID' is active. Add additonal attributes ... ");
+
+ if (oaAttributes == null)
+ oaAttributes = new ArrayList<ExtendedSAMLAttribute>();
+
+ try {
+ String additionalBpks = new BPKListAttributeBuilder().build(
+ oaParam,
+ authData,
+ new SimpleStringAttributeGenerator());
+ if (MiscUtil.isNotEmpty(additionalBpks)) {
+ Logger.trace("Adding additional bPKs: " + additionalBpks + " as attribute into SAML1 assertion ... ");
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ PVPAttributeDefinitions.BPK_LIST_FRIENDLY_NAME, additionalBpks,
+ Constants.MOA_NS_URI,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ }
+ } catch (AttributeBuilderException e) {
+ Logger.info("Can NOT build additional bPKs. Reason: " + e.getMessage());
+
+ }
+
+ try {
+ String encryptedBpks = new EncryptedBPKAttributeBuilder().build(
+ oaParam,
+ authData,
+ new SimpleStringAttributeGenerator());
+ if (MiscUtil.isNotEmpty(encryptedBpks)) {
+ Logger.trace("Adding foreign bPKs: " + encryptedBpks + " as attribute into SAML1 assertion ... ");
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME, encryptedBpks,
+ Constants.MOA_NS_URI,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ }
+ } catch (AttributeBuilderException e) {
+ Logger.info("Can NOT build additional foreign bPKs. Reason: " + e.getMessage());
+
+ }
+
+ //for mandates
+ try {
+ String additionalMandatorBpks = new MandateNaturalPersonBPKListAttributeBuilder().build(
+ oaParam,
+ authData,
+ new SimpleStringAttributeGenerator());
+ if (MiscUtil.isNotEmpty(additionalMandatorBpks)) {
+ Logger.trace("Adding additional Mandator bPKs: " + additionalMandatorBpks + " as attribute into SAML1 assertion ... ");
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ PVPAttributeDefinitions.MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, additionalMandatorBpks,
+ Constants.MOA_NS_URI,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ }
+ } catch (AttributeBuilderException e) {
+ Logger.info("Can NOT build additional Mandator bPKs. Reason: " + e.getMessage());
+
+ }
+
+ try {
+ String encryptedMandatorBpks = new MandateNaturalPersonEncBPKListAttributeBuilder().build(
+ oaParam,
+ authData,
+ new SimpleStringAttributeGenerator());
+ if (MiscUtil.isNotEmpty(encryptedMandatorBpks)) {
+ Logger.trace("Adding foreign Mandator bPKs: " + encryptedMandatorBpks + " as attribute into SAML1 assertion ... ");
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ PVPAttributeDefinitions.MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, encryptedMandatorBpks,
+ Constants.MOA_NS_URI,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ }
+ } catch (AttributeBuilderException e) {
+ Logger.info("Can NOT build foreign Mandator bPKs. Reason: " + e.getMessage());
+
+ }
+
+ }
+
String samlAssertion = null;
//add mandate info's
if (authData.isUseMandate()) {
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 30d740a2a..20c66d7a2 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -41,11 +41,13 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -90,6 +92,8 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
PVPConstants.EID_SOURCE_PIN_TYPE_NAME
});
+ @Autowired(required=true) AuthConfiguration moaAuthConfig;
+
public String getName() {
return NAME;
}
@@ -102,11 +106,11 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
@RequestMapping(value = "/StartAuthentication", method = {RequestMethod.POST, RequestMethod.GET})
public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException {
-// if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) {
-// Logger.info("SAML1 is deaktivated!");
-// throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" });
-//
-// }
+ if (!moaAuthConfig.getAllowedProtocols().isSAML1Active()) {
+ Logger.info("SAML1 is deaktivated!");
+ throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" });
+
+ }
SAML1RequestImpl pendingReq = applicationContext.getBean(SAML1RequestImpl.class);
pendingReq.initialize(req, authConfig);
diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml
index 06c9a341a..a86090178 100644
--- a/id/server/modules/pom.xml
+++ b/id/server/modules/pom.xml
@@ -65,4 +65,4 @@
</dependency>
</dependencies>
-</project> \ No newline at end of file
+</project>