diff options
Diffstat (limited to 'id/server')
33 files changed, 628 insertions, 131 deletions
diff --git a/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties b/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties index 512319d75..4520dcc14 100644 --- a/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties +++ b/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties @@ -18,8 +18,8 @@ general.moaconfig.key=ConfigurationEncryptionKey general.pvp.schemavalidation=true ##Hibnerate configuration for MOA-ID 2.0 configuration -hibernate.dialect=org.hibernate.dialect.MySQLDialect -hibernate.connection.url=jdbc:mysql://localhost/moa-id-config?charSet=utf-8&autoReconnect=true +hibernate.dialect=org.hibernate.dialect.MySQL5Dialect +hibernate.connection.url=jdbc:mysql://localhost/moa-id-config?charSet=utf-8&autoReconnect=true&serverTimezone=UTC hibernate.connection.charSet=utf-8 hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver hibernate.connection.username= diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/redirectForm.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/redirectForm.html index ac3242c89..7b064e22a 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/redirectForm.html +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/redirectForm.html @@ -7,7 +7,27 @@ <body onload="document.getElementById('link').click();"> - <a href="$URL" target="$TARGET" id="link">CLICK to perform a - redirect back to Online Application</a> + <div id="page"> + + <div id="page1" class="case selected-case" role="main"> + +<!-- <h2 class="OA_header">Anmeldung an: #OAName#</h2> --> + + <div id="main"> + <div id="leftcontent" class="hell"> + <div id="bku_header" class="dunkel"> + <h2 id="tabheader" class="dunkel" role="heading"> + >You get redirected ... + </h2> + </div> + + <div id="selectArea" class="hell" role="application"> + <a href="$URL" target="$TARGET" id="link">Click here if it does not resume</a> + + </div> + </div> + </div> + </div> + </div> </body> </html> diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties index 78572a96f..15084b387 100644 --- a/id/server/data/deploy/conf/moa-id/moa-id.properties +++ b/id/server/data/deploy/conf/moa-id/moa-id.properties @@ -68,7 +68,7 @@ protocols.oauth20.jwt.ks.key.password=password ##Database configuration## #Hibnerate configuration for MOA-ID 3.x session store -moasession.hibernate.dialect=org.hibernate.dialect.MySQLDialect +moasession.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect moasession.hibernate.connection.url=jdbc:mysql://localhost/moa-id-session?charSet=utf-8&serverTimezone=UTC moasession.hibernate.connection.charSet=utf-8 moasession.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver @@ -97,7 +97,7 @@ moasession.dbcp.validationQuery=select 1 #Hibnerate configuration for MOA-ID 3.x configuration -configuration.hibernate.dialect=org.hibernate.dialect.MySQLDialect +configuration.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect configuration.jpaVendorAdapter.generateDdl=true configuration.hibernate.show_sql=false @@ -120,7 +120,7 @@ configuration.dbcp.validationQuery=SELECT 1 # #Hibnerate configuration for MOA-ID 3.x advanced statistic logging -advancedlogging.hibernate.dialect=org.hibernate.dialect.MySQLDialect +advancedlogging.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect advancedlogging.hibernate.connection.url=jdbc:mysql://localhost/moa-id-statistic?charSet=utf-8&autoReconnect=true&serverTimezone=UTC advancedlogging.hibernate.connection.charSet=utf-8 advancedlogging.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index 1848fa6f7..be511d888 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -49,6 +49,8 @@ import at.gv.egovernment.moa.util.URLEncoder; @Controller public class RedirectServlet { + public static final String SERVICE_ENDPOINT = "/RedirectServlet"; + public static final String REDIRCT_PARAM_URL = "redirecturl"; private static final String DEFAULT_REDIRECTTARGET = "_parent"; @@ -74,6 +76,8 @@ public class RedirectServlet { //validate URL new java.net.URL(url); + //url = URLDecoder.decode(url, "UTF-8"); + oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(url); String authURL = HTTPUtils.extractAuthURLFromRequest(req); @@ -128,12 +132,24 @@ public class RedirectServlet { resp.addHeader("Location", url); } else { - Logger.debug("Redirect to " + url); + Logger.debug("Redirect to " + url); + + try { + String test = oa.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET); + if (MiscUtil.isNotEmpty(test)) + redirectTarget = test; + + } catch (Exception e) { + Logger.debug("Use default redirectTarget."); + } + DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( authURL, DefaultGUIFormBuilderConfiguration.VIEW_REDIRECT, null); config.putCustomParameter(URL, StringEscapeUtils.escapeHtml(url)); + config.putCustomParameter(TARGET, redirectTarget); + guiBuilder.build(resp, config, "RedirectForm.html"); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 3d04a142e..99b4154e0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -642,7 +642,7 @@ public Collection<CPEPS> getPepsList() { MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_ENABLED))) { - CPEPS availableCPEPS = availableSTORKConfig.getCPEPS( + CPEPS availableCPEPS = availableSTORKConfig.getCPEPSWithFullName( oaConfiguration.get( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + "." + index + "." diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index b85938bb7..a04236288 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -178,7 +178,7 @@ public class STORKConfig implements IStorkConfig { * @see at.gv.egovernment.moa.id.config.stork.IStorkConfig#getCPEPS(java.lang.String)
*/
@Override
- public CPEPS getCPEPS(String ccc) {
+ public CPEPS getCPEPSWithFullName(String ccc) {
if (isSTORKAuthentication(ccc))
return this.cpepsMap.get(ccc);
else
@@ -186,6 +186,23 @@ public class STORKConfig implements IStorkConfig { }
/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.stork.IStorkConfig#getCPEPS(java.lang.String)
+ */
+ @Override
+ public CPEPS getCPEPSWithCC(String ccc) {
+ if (isSTORKAuthentication(ccc)) {
+ for (CPEPS el :this.cpepsMap.values()) {
+ if (el.getCountryCode().equals(ccc))
+ return el;
+
+ }
+ }
+
+ return null;
+ }
+
+
+ /* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.stork.IStorkConfig#getStorkAttributes()
*/
@Override
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java index 15eed3d44..6ac517e19 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java @@ -48,13 +48,60 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui } public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - if (authData.isUseMandate()) { + IAttributeGenerator<ATT> g) throws AttributeException { + try { + Pair<String, String> calcResult = internalBPKGenerator(oaParam, authData); + if (calcResult != null) { + String bpk = calcResult.getFirst(); + String type = calcResult.getSecond(); + + if (MiscUtil.isEmpty(bpk)) + throw new UnavailableAttributeException(BPK_NAME); + + if (type.startsWith(Constants.URN_PREFIX_WBPK)) + type = type.substring((Constants.URN_PREFIX_WBPK + "+").length()); + + else if (type.startsWith(Constants.URN_PREFIX_CDID)) + type = type.substring((Constants.URN_PREFIX_CDID + "+").length()); + + else if (type.startsWith(Constants.URN_PREFIX_EIDAS)) + type = type.substring((Constants.URN_PREFIX_EIDAS + "+").length()); + + if (bpk.length() > BPK_MAX_LENGTH) { + bpk = bpk.substring(0, BPK_MAX_LENGTH); + } + + Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type); + + if (type != null) + return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, type + ":" + bpk); + else + return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, bpk); - //get PVP attribute directly, if exists - String bpk = authData.getGenericData(MANDATE_NAT_PER_BPK_NAME, String.class); - String type = null; + } + + } + catch (BuildException | ConfigurationException e) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAttributeException(); + } + + return null; + + } + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME); + } + + protected Pair<String, String> internalBPKGenerator(IOAAuthParameters oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException { + //get PVP attribute directly, if exists + Pair<String, String> calcResult = null; + + if (authData.isUseMandate()) { + String bpk = authData.getGenericData(MANDATE_NAT_PER_BPK_NAME, String.class); + if (MiscUtil.isEmpty(bpk)) { //read bPK from mandate if it is not directly included Element mandate = authData.getMandate(); @@ -67,7 +114,7 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui } PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); if (physicalPerson == null) { - Logger.info("No physicalPerson mandate"); + Logger.debug("No physicalPerson mandate"); throw new NoMandateDataAttributeException(); } IdentificationType id = null; @@ -76,51 +123,22 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui Logger.info("Failed to generate IdentificationType"); throw new NoMandateDataAttributeException(); } + + + if (id.getType().equals(Constants.URN_PREFIX_BASEID)) + calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(), + oaParam.getAreaSpecificTargetIdentifier()); + else + calcResult = Pair.newInstance(id.getValue().getValue(), id.getType()); + + + } else { + Logger.info("Find '" + MANDATE_NAT_PER_BPK_NAME + "' in AuthData. Use it what is is."); + calcResult = Pair.newInstance(bpk, null); - try { - if (id.getType().equals(Constants.URN_PREFIX_BASEID)) { - Pair<String, String> calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(), - oaParam.getAreaSpecificTargetIdentifier()); - bpk = calcResult.getFirst(); - type = calcResult.getSecond(); - - } else - bpk = id.getValue().getValue(); - - if (MiscUtil.isEmpty(bpk)) - throw new UnavailableAttributeException(BPK_NAME); - - if (type.startsWith(Constants.URN_PREFIX_WBPK)) - type = type.substring((Constants.URN_PREFIX_WBPK + "+").length()); - - else if (type.startsWith(Constants.URN_PREFIX_CDID)) - type = type.substring((Constants.URN_PREFIX_CDID + "+").length()); - - else if (type.startsWith(Constants.URN_PREFIX_EIDAS)) - type = type.substring((Constants.URN_PREFIX_EIDAS + "+").length()); - - if (bpk.length() > BPK_MAX_LENGTH) { - bpk = bpk.substring(0, BPK_MAX_LENGTH); - } - - - } - catch (BuildException | ConfigurationException e) { - Logger.error("Failed to generate IdentificationType"); - throw new NoMandateDataAttributeException(); - - } } - - Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type); - return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, type + ":" + bpk); } - return null; + return calcResult; } - - public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { - return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME); - } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java index b9ac891a9..ebba376f8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java @@ -48,6 +48,21 @@ public class MandateNaturalPersonBirthDateAttributeBuilder implements IPVPAttrib public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { + + String attrValue = internalAttributGeneration(oaParam, authData); + if (attrValue != null) + return g.buildStringAttribute(MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, MANDATE_NAT_PER_BIRTHDATE_NAME, attrValue); + else + return null; + + } + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, MANDATE_NAT_PER_BIRTHDATE_NAME); + } + + + protected String internalAttributGeneration(IOAAuthParameters oaParam, IAuthData authData) throws InvalidDateFormatAttributeException, NoMandateDataAttributeException { if (authData.isUseMandate()) { //get PVP attribute directly, if exists @@ -98,14 +113,12 @@ public class MandateNaturalPersonBirthDateAttributeBuilder implements IPVPAttrib } - return g.buildStringAttribute(MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, MANDATE_NAT_PER_BIRTHDATE_NAME, birthDayString); + return birthDayString; + } - return null; + return null; } - public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { - return g.buildEmptyAttribute(MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, MANDATE_NAT_PER_BIRTHDATE_NAME); - } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java index d29df66e8..07e5c9d09 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java @@ -62,7 +62,7 @@ public class MandateNaturalPersonFamilyNameAttributeBuilder implements IPVPAttr } PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); if(physicalPerson == null) { - Logger.info("No physicalPerson mandate"); + Logger.debug("No physicalPerson mandate"); throw new NoMandateDataAttributeException(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java index 32efe061e..51a3d2e74 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java @@ -59,7 +59,7 @@ public class MandateNaturalPersonGivenNameAttributeBuilder implements IPVPAttrib } PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); if (physicalPerson == null) { - Logger.info("No physicalPerson mandate"); + Logger.debug("No physicalPerson mandate"); throw new NoMandateDataAttributeException(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java index 6f0a49ce0..8be85415e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java @@ -55,7 +55,7 @@ public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttri PhysicalPersonType physicalPerson = mandateObject.getMandator() .getPhysicalPerson(); if (physicalPerson == null) { - Logger.info("No physicalPerson mandate"); + Logger.debug("No physicalPerson mandate"); throw new NoMandateDataAttributeException(); } IdentificationType id = null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java index f7d1af33f..d89ae0225 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java @@ -54,13 +54,13 @@ public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAt PhysicalPersonType physicalPerson = mandateObject.getMandator() .getPhysicalPerson(); if (physicalPerson == null) { - Logger.info("No physicalPerson mandate"); + Logger.debug("No physicalPerson mandate"); throw new NoMandateDataAttributeException(); } IdentificationType id = null; id = physicalPerson.getIdentification().get(0); if(id == null) { - Logger.error("Failed to generate IdentificationType"); + Logger.info("Failed to generate IdentificationType"); throw new NoMandateDataAttributeException(); } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IStorkConfig.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IStorkConfig.java index b2d90aed4..bc4cd72af 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IStorkConfig.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IStorkConfig.java @@ -44,7 +44,8 @@ public interface IStorkConfig { boolean isSTORKAuthentication(String ccc); - CPEPS getCPEPS(String ccc); + CPEPS getCPEPSWithFullName(String ccc); + CPEPS getCPEPSWithCC(String ccc); List<StorkAttribute> getStorkAttributes(); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java index d5cbb2cfd..8779436e0 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java @@ -93,7 +93,7 @@ public class ModifiedEncryptionSW extends KeyStoreSamlEngineEncryption { //encryption is enabled by default in MOA-ID configuration object try { AuthConfiguration moaconfig = AuthConfigurationProviderFactory.getInstance(); - Boolean useEncryption = moaconfig.getStorkConfig().getCPEPS(countryCode).isXMLSignatureSupported(); + Boolean useEncryption = moaconfig.getStorkConfig().getCPEPSWithCC(countryCode).isXMLSignatureSupported(); String logResult = useEncryption ? " using encryption" : " do not use encrpytion"; Logger.debug("eIDAS respone for country " + countryCode + logResult); return useEncryption; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/validation/MoaEidasConditionsValidator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/validation/MoaEidasConditionsValidator.java index 9895ca79f..5a2253cc8 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/validation/MoaEidasConditionsValidator.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/validation/MoaEidasConditionsValidator.java @@ -74,10 +74,10 @@ public class MoaEidasConditionsValidator extends ConditionsSpecValidator { throw new ValidationException("AudienceRestriction is required."); } - if (conditions.getOneTimeUse() == null) { - - throw new ValidationException("OneTimeUse is required."); - } +// if (conditions.getOneTimeUse() == null) { +// +// throw new ValidationException("OneTimeUse is required."); +// } } } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java index 154006ed8..7242795d4 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java @@ -104,7 +104,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { throw new AuthenticationException("eIDAS.03", new Object[] { "" }); } - CPEPS cpeps = authConfig.getStorkConfig().getCPEPS(citizenCountryCode); + CPEPS cpeps = authConfig.getStorkConfig().getCPEPSWithFullName(citizenCountryCode); if(null == cpeps) { Logger.error("PEPS unknown for country", new Object[] {citizenCountryCode}); throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode}); @@ -302,21 +302,20 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { String actionType = "SAMLRequest"; context.put(actionType, SAMLRequest); - Logger.debug("Encoded " + actionType + " original: " + SAMLRequest); - context.put("RelayState", pendingReq.getRequestID()); + context.put("action", authnReqEndpoint.getLocation()); Logger.debug("Using SingleSignOnService url as action: " + authnReqEndpoint.getLocation()); - context.put("action", authnReqEndpoint.getLocation()); + Logger.debug("Encoded " + actionType + " original: " + SAMLRequest); - Logger.debug("Starting template merge"); + Logger.trace("Starting template merge"); StringWriter writer = new StringWriter(); - Logger.debug("Doing template merge"); + Logger.trace("Doing template merge"); template.merge(context, writer); - Logger.debug("Template merge done"); - - Logger.debug("Sending html content: " + writer.getBuffer().toString()); + + Logger.trace("Template merge done"); + Logger.trace("Sending html content: " + writer.getBuffer().toString()); byte[] content = writer.getBuffer().toString().getBytes("UTF-8"); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java index 17e112c4c..5e83f0a3f 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java @@ -114,7 +114,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e); }catch (EIDASSAMLEngineException e) { - Logger.error("eIDAS AuthnRequest generation FAILED.", e); + Logger.warn("eIDAS Response validation FAILED.", e); + Logger.debug("eIDAS response was: " + request.getParameter("SAMLResponse")); revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", @@ -127,7 +128,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { new MOAIDException("init.04", new Object[]{""}, e)); } catch (Exception e) { - Logger.error("eIDAS Response processing FAILED.", e); + Logger.warn("eIDAS Response processing FAILED.", e); revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); throw new TaskExecutionException(pendingReq, e.getMessage(), diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java index 22b94178e..f148421bd 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java @@ -155,17 +155,22 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder { * @return true if eIDAS attribute holds the unique ID, otherwise false */ private static boolean evaluateUniqueID(String attrName, boolean useMandate) { - //if no mandate is used the natural person identifier is the unique ID - if (!useMandate && - attrName.equals(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PERSON_IDENTIFIER.getNameUri().toString())) - return true; - - //if mandates are used the the legal person identifier or the natural person identifier of the mandator is the unique ID - else if (useMandate && - attrName.equals(eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_PERSON_IDENTIFIER.getNameUri().toString())) + + //from eIDAS spec 1.2 there exists single attr. for representation + if (attrName.equals(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PERSON_IDENTIFIER.getNameUri().toString())) return true; - //TODO: implement flag selector for mandates and natural persons + //if no mandate is used the natural person identifier is the unique ID +// if (!useMandate && +// attrName.equals(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PERSON_IDENTIFIER.getNameUri().toString())) +// return true; +// +// //if mandates are used the the legal person identifier or the natural person identifier of the mandator is the unique ID +// else if (useMandate && +// attrName.equals(eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_PERSON_IDENTIFIER.getNameUri().toString())) +// return true; +// +// //TODO: implement flag selector for mandates and natural persons return false; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java index 51a2bd69b..63a4e89d5 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java @@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF * @author tlenz * */ +@Deprecated public class eIDASAttrLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute { @Override diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java index ea5a002e0..4d89aec3d 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java @@ -34,6 +34,7 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ +@Deprecated public class eIDASAttrLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute { @Override diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeDateOfBirth.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeDateOfBirth.java new file mode 100644 index 000000000..43d2f96c2 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeDateOfBirth.java @@ -0,0 +1,40 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; + +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBirthDateAttributeBuilder; + +/** + * @author tlenz + * + */ +public class eIDASAttrRepresentativeDateOfBirth extends MandateNaturalPersonBirthDateAttributeBuilder implements IeIDASAttribute { + + @Override + public String getName() { + return eu.eidas.auth.engine.core.eidas.spec.RepresentativeNaturalPersonSpec.Definitions.DATE_OF_BIRTH.getNameUri().toString(); + + } + + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeFamilyName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeFamilyName.java new file mode 100644 index 000000000..924a275b1 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeFamilyName.java @@ -0,0 +1,41 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; + +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonFamilyNameAttributeBuilder; + +/** + * @author tlenz + * + */ +public class eIDASAttrRepresentativeFamilyName extends MandateNaturalPersonFamilyNameAttributeBuilder implements IeIDASAttribute{ + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#getName() + */ + @Override + public String getName() { + return eu.eidas.auth.engine.core.eidas.spec.RepresentativeNaturalPersonSpec.Definitions.CURRENT_FAMILY_NAME.getNameUri().toString(); + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeGivenName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeGivenName.java new file mode 100644 index 000000000..2de585918 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeGivenName.java @@ -0,0 +1,42 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; + +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonGivenNameAttributeBuilder; + +/** + * @author tlenz + * + */ +public class eIDASAttrRepresentativeGivenName extends MandateNaturalPersonGivenNameAttributeBuilder implements IeIDASAttribute{ + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#getName() + */ + @Override + public String getName() { + return eu.eidas.auth.engine.core.eidas.spec.RepresentativeNaturalPersonSpec.Definitions.CURRENT_GIVEN_NAME.getNameUri().toString(); + } + + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java new file mode 100644 index 000000000..92456d202 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java @@ -0,0 +1,37 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; + +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder; + +/** + * @author tlenz + * + */ +public class eIDASAttrRepresentativeLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute { + + @Override + public String getName() { + return eu.eidas.auth.engine.core.eidas.spec.RepresentativeLegalPersonSpec.Definitions.LEGAL_NAME.getNameUri().toString(); + } +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java new file mode 100644 index 000000000..47cc71e01 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java @@ -0,0 +1,68 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; + +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class eIDASAttrRepresentativeLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + if(authData.isUseMandate()) { + + //extract eIDAS unique Id prefix from naturalPerson bPK identifier + if (MiscUtil.isEmpty(authData.getBPKType()) + || !authData.getBPKType().startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { + Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); + throw new AttributeException("Suspect bPKType for eIDAS identifier generation"); + + } + + //add eIDAS eID prefix to legal person identifier + String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1); + String legalPersonID = prefix.replaceAll("\\+", "/") + "/" + getLegalPersonIdentifierFromMandate(authData); + return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_LEG_PER_SOURCE_PIN_NAME, legalPersonID); + + } + + return null; + + } + + @Override + public String getName() { + return eu.eidas.auth.engine.core.eidas.spec.RepresentativeLegalPersonSpec.Definitions.LEGAL_PERSON_IDENTIFIER.getNameUri().toString(); + } +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java new file mode 100644 index 000000000..52396ae90 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java @@ -0,0 +1,133 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; + +import java.security.MessageDigest; + +import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.Pair; +import at.gv.egovernment.moa.id.data.Trible; +import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNaturalPersonBPKAttributeBuilder implements IeIDASAttribute{ + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#getName() + */ + @Override + public String getName() { + return eu.eidas.auth.engine.core.eidas.spec.RepresentativeNaturalPersonSpec.Definitions.PERSON_IDENTIFIER.getNameUri().toString(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator) + */ + @Override + public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeException { + + try { + Pair<String, String> calcResult = internalBPKGenerator(oaParam, authData); + if (calcResult != null) { + String personalID = calcResult.getFirst(); + String type = calcResult.getSecond(); + + //generate eIDAS conform 'PersonalIdentifier' attribute + if (!eIDASAttributeProcessingUtils.validateEidasPersonalIdentifier(personalID)) { + Logger.debug("preCalculated PersonalIdentifier does not include eIDAS conform prefixes ... add prefix now"); + if (MiscUtil.isEmpty(type) + || !type.startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { + Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); + throw new AttributeException("Suspect bPKType for eIDAS identifier generation"); + + } + + String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1); + personalID = prefix.replaceAll("\\+", "/") + "/" + personalID; + + } + + //generate a transient unique identifier if it is requested + Boolean isTransiendIDRequested = + authData.getGenericData(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, Boolean.class); + if (isTransiendIDRequested != null && isTransiendIDRequested) + personalID = generateTransientNameID(personalID); + + return g.buildStringAttribute(null, getName(), personalID); + + } + + } catch (Exception e) { + Logger.info("Can not generate eIDAS attr: " + getName() + ". Reason:" + e.getMessage()); + + } + + return null; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#buildEmpty(at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator) + */ + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return null; + } + + private String generateTransientNameID(String nameID) { + //extract source-country and destination country from persistent identifier + Trible<String, String, String> split = eIDASAttributeProcessingUtils.parseEidasPersonalIdentifier(nameID); + if (split == null) { + Logger.error("eIDAS 'PersonalIdentifier' has a wrong format. There had to be a ERROR in implementation!!!!"); + throw new IllegalStateException("eIDAS 'PersonalIdentifier' has a wrong format. There had to be a ERROR in implementation!!!!"); + + } + + //build correct formated transient identifier + String random = Random.nextLongRandom(); + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] hash = md.digest((split.getThird() + random).getBytes("ISO-8859-1")); + return split.getFirst() + "/" + split.getSecond() + "/" + Base64Utils.encode(hash); + + } catch (Exception e) { + Logger.error("Can not generate transient personal identifier!", e); + return null; + + } + + } +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java index b91bbde9e..ee0f72f34 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java @@ -40,7 +40,6 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; -import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SimpleEidasAttributeGenerator; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeBuilder; import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.api.IRequest; @@ -50,15 +49,17 @@ import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.logging.Logger; import eu.eidas.auth.commons.EidasStringUtil; import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.AttributeValue; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.Builder; import eu.eidas.auth.commons.protocol.IResponseMessage; import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse; import eu.eidas.auth.engine.ProtocolEngineI; +import eu.eidas.auth.engine.core.eidas.spec.RepresentativeLegalPersonSpec; +import eu.eidas.auth.engine.core.eidas.spec.RepresentativeNaturalPersonSpec; import eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils; @@ -71,8 +72,6 @@ import eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils; @Service("eIDASAuthenticationRequest") public class eIDASAuthenticationRequest implements IAction { - - private static IAttributeGenerator<String> generator = new SimpleEidasAttributeGenerator(); @Autowired protected MOAReversionLogger revisionsLogger; @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider; @@ -91,31 +90,52 @@ public class eIDASAuthenticationRequest implements IAction { String subjectNameID = null; //gather attributes - ImmutableAttributeMap reqAttributeList = (ImmutableAttributeMap) eidasRequest.getEidasRequestedAttributes(); - ImmutableAttributeMap.Builder attrMapBuilder = ImmutableAttributeMap.builder(); - - //generate eIDAS attributes - for(AttributeDefinition<?> attr : reqAttributeList.getDefinitions()) - buildAndAddAttribute(attrMapBuilder, attr, eidasRequest, authData); - + ImmutableAttributeMap reqAttributeList = (ImmutableAttributeMap) eidasRequest.getEidasRequestedAttributes(); - //Check if Mandate attributes are requested if mandates was used - if (authData.isUseMandate()) { - if (reqAttributeList.getDefinitionByNameUri( - eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_PERSON_IDENTIFIER.getNameUri()) == null) { - Logger.info("Citzen perfom authentication with mandates but no mandate attribute are included. --> Add mandate attribute 'LEGAL_PERSON_IDENTIFIER'"); - buildAndAddAttribute(attrMapBuilder, eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_PERSON_IDENTIFIER, eidasRequest, authData); - - } + //add mandate attr. to requested attributes of eMandates are used an no mandate attr. are requested + if (authData.isUseMandate()) { + Logger.trace("eMandates are used. Starting eIDAS requsted attr. update process ...."); + Builder reqAttrWithMandates = ImmutableAttributeMap.builder(reqAttributeList); - if (reqAttributeList.getDefinitionByNameUri( - eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_NAME.getNameUri()) == null) { - Logger.info("Citzen perfom authentication with mandates but no mandate attribute are included. --> Add mandate attribute 'LEGAL_NAME'"); - buildAndAddAttribute(attrMapBuilder, eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_NAME, eidasRequest, authData); - + //check if the exists a local builder + for (AttributeDefinition<?> el : RepresentativeNaturalPersonSpec.REGISTRY.getAttributes()) { + if (eIDASAttributeBuilder.getAllProvideableeIDASAttributes().contains(el.getNameUri().toString())) { + if (reqAttributeList.getDefinitionByNameUri(el.getNameUri()) == null) { + Logger.debug("Add eIDAS attr: " + el.getNameUri().toString() + " to requested attributes"); + reqAttrWithMandates.put(AttributeDefinition.builder(el).required(false).build()); + + } + + } else + Logger.trace("eIDAS attribute: " + el.getNameUri().toString() + " is not providable by Austrian eIDAS node."); + } + for (AttributeDefinition<?> el : RepresentativeLegalPersonSpec.REGISTRY.getAttributes()) { + if (eIDASAttributeBuilder.getAllProvideableeIDASAttributes().contains(el.getNameUri().toString())) { + if (reqAttributeList.getDefinitionByNameUri(el.getNameUri()) == null) { + Logger.debug("Add eIDAS attr: " + el.getNameUri().toString() + " to requested attributes"); + reqAttrWithMandates.put(AttributeDefinition.builder(el).required(false).build()); + + } + + } else + Logger.trace("eIDAS attribute: " + el.getNameUri().toString() + " is not providable by Austrian eIDAS node."); + + } + + reqAttributeList = reqAttrWithMandates.build(); + Logger.trace("eIDAS requsted attr. update process finished"); + } + Logger.trace("Starting eIDAS response generation ...."); + + //generate eIDAS attributes + ImmutableAttributeMap.Builder attrMapBuilder = ImmutableAttributeMap.builder(); + for(AttributeDefinition<?> attr : reqAttributeList.getDefinitions()) + buildAndAddAttribute(attrMapBuilder, attr, eidasRequest, authData); + + //build final attibute set ImmutableAttributeMap eIDASAttrbutMap = attrMapBuilder.build(); @@ -183,8 +203,6 @@ public class eIDASAuthenticationRequest implements IAction { template.merge(context, writer); Logger.trace("Template merge done"); - Logger.trace("Sending html content : " + new String(writer.getBuffer())); - byte[] content = writer.getBuffer().toString().getBytes("UTF-8"); httpResp.setContentType(MOAIDConstants.DEFAULT_CONTENT_TYPE_HTML_UTF8); httpResp.setContentLength(content.length); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder index 62e7c20ab..3c11c725d 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder @@ -2,5 +2,10 @@ at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrDateOfBirth at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrFamilyName at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrGivenName at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier -at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalPersonIdentifier -at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalName +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeDateOfBirth +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeFamilyName +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeGivenName +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalName +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalPersonIdentifier +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute index 62e7c20ab..ad87adb6a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute @@ -2,5 +2,9 @@ at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrDateOfBirth at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrFamilyName at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrGivenName at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier -at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalPersonIdentifier -at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalName +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeDateOfBirth +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeFamilyName +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeGivenName +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalName +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalPersonIdentifier +at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index f0cf45293..b2522ea33 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -142,11 +142,14 @@ class OAuth20AuthAction implements IAction { // build id token and scope Pair<String, String> pair = buildIdToken(auth20SessionObject.getScope(), oAuthRequest, authData); - Logger.debug("RESPONSE ID_TOKEN: " + pair.getFirst()); + params.put(OAuth20Constants.RESPONSE_ID_TOKEN, pair.getFirst()); - Logger.debug("RESPONSE SCOPE: " + pair.getSecond()); params.put(OAuth20Constants.PARAM_SCOPE, pair.getSecond()); + Logger.debug("OpenID-Connect ID_TOKEN completed"); + Logger.trace("RESPONSE ID_TOKEN: " + pair.getFirst()); + Logger.trace("RESPONSE SCOPE: " + pair.getSecond()); + return params; } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 75ea41449..d72fe9686 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -20,6 +20,7 @@ import com.google.gson.JsonObject; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; +import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.moduls.RequestImpl; @@ -210,10 +211,13 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController { URLEncoder.encode(errorUri + "#" + moaError, "UTF-8")); + String redirectURL = protocolRequest.getAuthURL() + RedirectServlet.SERVICE_ENDPOINT; + redirectURL = addURLParameter(redirectURL, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(url.toString(), "UTF-8")); + response.setContentType("text/html"); response.setStatus(HttpServletResponse.SC_FOUND); - response.addHeader("Location", url.toString()); - Logger.debug("REDIRECT TO: " + url.toString()); + response.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); return true; } else { @@ -255,4 +259,13 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController { return true; } + protected static String addURLParameter(String url, String paramname, + String paramvalue) { + String param = paramname + "=" + paramvalue; + if (url.indexOf("?") < 0) + return url + "?" + param; + else + return url + "&" + param; + } + } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java index 985e1d1c5..2117e2ab8 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java @@ -77,14 +77,15 @@ class OAuth20TokenAction implements IAction { if (auth20SessionObject == null || !auth20SessionObject.getCode().equals(oAuthRequest.getCode())) { throw new OAuth20UnauthorizedClientException(); } else { - Logger.debug("Loaded of OAuth20SessionObject was successful"); + Logger.debug("Loaded of OAuth20SessionObject was successful. Build jSON response ..."); } // create response JsonObject jsonObject = new JsonObject(); OAuth20Util.addProperytiesToJsonObject(jsonObject, auth20SessionObject.getAuthDataSession()); byte[] jsonResponse = jsonObject.toString().getBytes("UTF-8"); - Logger.debug("JSON Response: " + new String(jsonResponse)); + Logger.debug("jSON response completed."); + Logger.trace("jSON response: " + new String(jsonResponse)); // write respone to http response httpResp.setContentType("application/json"); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index 9981e8156..99d5d9063 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -88,7 +88,7 @@ public class GetArtifactAction implements IAction { String oaTargetArea = req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class); if (authData.isSsoSession()) { - String url = req.getAuthURL() + "/RedirectServlet"; + String url = req.getAuthURL() + RedirectServlet.SERVICE_ENDPOINT; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8")); if (MiscUtil.isNotEmpty(oaTargetArea)) url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, |