diff options
Diffstat (limited to 'id/server')
11 files changed, 104 insertions, 72 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 9f39e32cc..6a6359058 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -398,25 +398,13 @@ public boolean isOnlyMandateAllowed() { * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel() */ @Override -public Integer getQaaLevel() { - try { - Integer storkQAALevel = Integer.parseInt(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL)); - - if (storkQAALevel >= 1 && - storkQAALevel <= 4) - return storkQAALevel; - - else { - Logger.info("STORK minimal QAA level is not in a valid range. Use minimal QAA 4"); - return 4; +public String getQaaLevel() { + String eidasLoALevel = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL); + if (MiscUtil.isEmpty(eidasLoALevel)) + return MOAIDConstants.eIDAS_LOA_HIGH; + else + return eidasLoALevel; - } - - } catch (NumberFormatException e) { - Logger.warn("STORK minimal QAA level is not a number.", e); - return 4; - - } } /* (non-Javadoc) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java index 8d70b1444..9fd58b5c7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java @@ -201,7 +201,7 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel() */ @Override - public Integer getQaaLevel() { + public String getQaaLevel() { // TODO Auto-generated method stub return null; } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java index 27744273f..6d573efe8 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java @@ -63,10 +63,15 @@ public class MOAIDConstants { public static final List<String> ALLOWED_KEYBOXIDENTIFIER; public static final List<String> ALLOWED_REDIRECTTARGETNAMES; public static final List<String> ALLOWED_STORKATTRIBUTEPROVIDERS; + public static final List<String> ALLOWED_eIDAS_LOA; public static final List<String> JDBC_DRIVER_NEEDS_WORKAROUND; public static final String UNIQUESESSIONIDENTIFIER = "uniqueSessionIdentifier"; + public static final String eIDAS_LOA_LOW = "http://eidas.europa.eu/LoA/low"; + public static final String eIDAS_LOA_SUBSTANTIAL = "http://eidas.europa.eu/LoA/substantial"; + public static final String eIDAS_LOA_HIGH = "http://eidas.europa.eu/LoA/high"; + static { Hashtable<String, String> tmp = new Hashtable<String, String>(); tmp.put(IDENIFICATIONTYPE_FN, "Firmenbuchnummer"); @@ -90,6 +95,12 @@ public class MOAIDConstants { keyboxIDs.add(KEYBOXIDENTIFIER_CERTIFIED); ALLOWED_KEYBOXIDENTIFIER = Collections.unmodifiableList(keyboxIDs); + List<String> eIDASLOA = new ArrayList<String>(); + eIDASLOA.add(eIDAS_LOA_LOW); + eIDASLOA.add(eIDAS_LOA_SUBSTANTIAL); + eIDASLOA.add(eIDAS_LOA_HIGH); + ALLOWED_eIDAS_LOA = Collections.unmodifiableList(eIDASLOA); + List<String> redirectTargets = new ArrayList<String>(); redirectTargets.add(REDIRECTTARGET_BLANK); redirectTargets.add(REDIRECTTARGET_PARENT); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java index be6d34275..1aea8d7b6 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java @@ -152,7 +152,12 @@ public interface IOAAuthParameters { */ public boolean isShowStorkLogin(); - public Integer getQaaLevel(); + /** + * Return the eIDAS LoA which is minimum required + * + * @return eIDAS LoA as URL identifier + */ + public String getQaaLevel(); public boolean isRequireConsentForStorkAttributes(); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java index e865c4ed6..8472d7c06 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java @@ -32,6 +32,7 @@ import java.util.Iterator; import java.util.List; import java.util.Map; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; @@ -354,10 +355,11 @@ public class ConfigurationMigrationUtils { else result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED, Boolean.FALSE.toString()); - if (config.getQaa() != null) - result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, config.getQaa().toString()); + if (config.geteIDAS_LOA() != null) + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, config.geteIDAS_LOA()); else - result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, "4"); + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, + MOAIDConstants.eIDAS_LOA_HIGH); // fetch vidp config @@ -963,7 +965,7 @@ public class ConfigurationMigrationUtils { // transfer the incoming data to the database model stork.setStorkLogonEnabled(Boolean.parseBoolean(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED))); if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL))) - stork.setQaa(Integer.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL))); + stork.seteIDAS_LOA(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL)); if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES)) && oa.get(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES).equals(MOAIDConfigurationConstants.PREFIX_VIDP)) @@ -1468,11 +1470,11 @@ public class ConfigurationMigrationUtils { try { result.put(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, - String.valueOf(stork.getQualityAuthenticationAssuranceLevel())); + stork.getGeneral_eIDAS_LOA()); } catch(NullPointerException e) { result.put(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, - String.valueOf(4)); + MOAIDConstants.eIDAS_LOA_HIGH); } } @@ -1715,6 +1717,12 @@ public class ConfigurationMigrationUtils { } + //set eIDAS default LoA from general configuration + String eIDASDefaultLOA = moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA); + if (MiscUtil.isNotEmpty(eIDASDefaultLOA)) + stork.setGeneral_eIDAS_LOA(eIDASDefaultLOA); + + Map<String, StorkAttribute> attrMap = new HashMap<String, StorkAttribute>(); Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>(); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java index 397fd828b..0f76c4e63 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java @@ -11,29 +11,21 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; import java.io.Serializable; import java.util.ArrayList; import java.util.List; -import javax.persistence.Basic; + import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.JoinColumn; import javax.persistence.JoinTable; import javax.persistence.ManyToMany; import javax.persistence.OneToMany; -import javax.persistence.Table; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlTransient; import javax.xml.bind.annotation.XmlType; import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; -import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -43,6 +35,8 @@ import org.jvnet.jaxb2_commons.lang.JAXBHashCodeStrategy; import org.jvnet.jaxb2_commons.locator.ObjectLocator; import org.jvnet.jaxb2_commons.locator.util.LocatorUtils; +import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter; + /** * <p>Java class for anonymous complex type. @@ -110,6 +104,9 @@ public class OASTORK @XmlAttribute(name = "Hjid") protected Long hjid; + @XmlTransient + protected String eIDAS_LOA = null; + /** * Gets the value of the storkLogonEnabled property. * @@ -162,7 +159,23 @@ public class OASTORK this.qaa = value; } + + /** + * @return the eIDAS_LOA + */ + public String geteIDAS_LOA() { + return eIDAS_LOA; + } + + /** + * @param eIDAS_LOA the eIDAS_LOA to set + */ + public void seteIDAS_LOA(String eIDAS_LOA) { + this.eIDAS_LOA = eIDAS_LOA; + } + + /** * Gets the value of the oaAttributes property. * * <p> diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java index 59b300e95..bcd159702 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java @@ -11,25 +11,18 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; import java.io.Serializable; import java.util.ArrayList; import java.util.List; -import javax.persistence.Basic; + import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.JoinColumn; import javax.persistence.ManyToOne; import javax.persistence.OneToMany; -import javax.persistence.Table; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlTransient; import javax.xml.bind.annotation.XmlType; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -94,6 +87,9 @@ public class STORK @XmlAttribute(name = "Hjid") protected Long hjid; + @XmlTransient + protected String general_eIDAS_LOA = null; + /** * Gets the value of the cpeps property. * @@ -257,7 +253,21 @@ public class STORK this.hjid = value; } - public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) { + /** + * @return the general_eIDAS_LOA + */ + public String getGeneral_eIDAS_LOA() { + return general_eIDAS_LOA; + } + + /** + * @param general_eIDAS_LOA the general_eIDAS_LOA to set + */ + public void setGeneral_eIDAS_LOA(String general_eIDAS_LOA) { + this.general_eIDAS_LOA = general_eIDAS_LOA; + } + + public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) { if (!(object instanceof STORK)) { return false; } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java index eb32d1d12..7664eec86 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java @@ -78,7 +78,9 @@ public class Constants { public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier"; public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth"; public static final String eIDAS_ATTR_CURRENTGIVENNAME = "FirstName"; - public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "FamilyName"; + public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "FamilyName"; + public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier"; + public static final String eIDAS_ATTR_LEGALNAME = "LegalName"; //http endpoint descriptions public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/sp/post"; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java index ee71e8e6b..a3fd51c4c 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java @@ -94,23 +94,25 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { //get service-provider configuration IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration(); - // get target country + // get target and validate citizen countryCode String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC); if (StringUtils.isEmpty(citizenCountryCode)) { // illegal state; task should not have been executed without a selected country throw new AuthenticationException("eIDAS.03", new Object[] { "" }); + } - CPEPS cpeps = authConfig.getStorkConfig().getCPEPS(citizenCountryCode); if(null == cpeps) { Logger.error("PEPS unknown for country", new Object[] {citizenCountryCode}); throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode}); } Logger.debug("Found eIDaS Node/C-PEPS configuration for citizen of country: " + citizenCountryCode); + + + // select SingleSignOnService Endpoint from eIDAS-node metadata String destination = null; String metadataUrl = cpeps.getPepsURL().toString().split(";")[0].trim(); - try { EntityDescriptor eIDASNodeMetadata = eIDASMetadataProvider.getEntityDescriptor(metadataUrl); if (eIDASNodeMetadata != null) { @@ -129,10 +131,11 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { Logger.warn("Load eIDAS metadata from node:" + metadataUrl + " FAILED with an error.", e); } - - + + // load SingleSignOnService Endpoint from configuration, if Metadata contains no information + // FIXME convenience function for not standard conform metadata if (MiscUtil.isEmpty(destination)) { - destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination + destination = cpeps.getPepsURL().toString().split(";")[1].trim(); if (MiscUtil.isNotEmpty(destination)) Logger.debug("Use eIDAS node destination URL:" + destination + " from configuration"); @@ -189,11 +192,12 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { String issur = pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA; authnRequestBuilder.issuer(issur); authnRequestBuilder.destination(destination); + + authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT); + //set minimum required eIDAS LoA from OA config + authnRequestBuilder.levelOfAssurance(LevelOfAssurance.fromString(oaConfig.getQaaLevel())); authnRequestBuilder.levelOfAssuranceComparison(LevelOfAssuranceComparison.MINIMUM); - authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT); - //TODO: load from OA-Configuration - authnRequestBuilder.levelOfAssurance(LevelOfAssurance.LOW); //set correct SPType for this online application if (oaConfig.getBusinessService()) @@ -202,8 +206,9 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { authnRequestBuilder.spType(SpType.PUBLIC); - //TODO: make it loadable from config - authnRequestBuilder.serviceProviderCountryCode("AT"); + //set service provider (eIDAS node) countryCode + authnRequestBuilder.serviceProviderCountryCode( + authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT")); //set citizen country code for foreign uses authnRequestBuilder.citizenCountryCode(cpeps.getCountryCode()); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index cb91d5fa3..9fab58f94 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -350,17 +350,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { eIDASRespBuilder.statusMessage(e.getMessage()); } - - if(null == eidasReq.getEidasRequest().getAssertionConsumerServiceURL()) { - String assertionConsumerUrl = MetadataUtil.getAssertionConsumerUrlFromMetadata( - SAMLEngineUtils.getMetadataFetcher(), - SAMLEngineUtils.getMetadataSigner(), - eidasReq.getEidasRequest()); - - //TODO: set AssertionConsumerService is required? - - } - + eIDASRespBuilder.id(eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils.generateNCName()); eIDASRespBuilder.inResponseTo(eidasReq.getEidasRequest().getId()); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java index af180ff10..3affa17b3 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java @@ -265,7 +265,7 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters { * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel() */ @Override - public Integer getQaaLevel() { + public String getQaaLevel() { // TODO Auto-generated method stub return null; } |