aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
Diffstat (limited to 'id')
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java15
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java20
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java2
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java7
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java7
-rw-r--r--id/ConfigWebTool/src/main/resources/applicationResources_de.properties2
-rw-r--r--id/ConfigWebTool/src/main/resources/applicationResources_en.properties2
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp7
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp10
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java15
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java11
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java7
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java20
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java35
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java32
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java4
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java27
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java12
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java2
22 files changed, 163 insertions, 122 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
index e71bad299..b5c996c72 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
@@ -27,6 +27,7 @@ import java.util.List;
import org.apache.log4j.Logger;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.ForeignIdentities;
@@ -40,7 +41,7 @@ public class GeneralStorkConfig {
private List<CPEPS> cpepslist;
private List<StorkAttribute> attributes;
- private int qaa;
+ private String qaa;
private static final Logger log = Logger.getLogger(GeneralStorkConfig.class);
private MOAIDConfiguration dbconfig = null;
@@ -91,10 +92,10 @@ public class GeneralStorkConfig {
}
try {
- qaa = stork.getQualityAuthenticationAssuranceLevel();
+ qaa = stork.getGeneral_eIDAS_LOA();
} catch(NullPointerException e) {
- qaa = 4;
+ qaa = MOAIDConstants.eIDAS_LOA_HIGH;
}
}
@@ -114,6 +115,10 @@ public class GeneralStorkConfig {
attributes.add(new StorkAttribute());
}
+ public List<String> getAllowedLoALevels() {
+ return MOAIDConstants.ALLOWED_eIDAS_LOA;
+ }
+
public List<CPEPS> getRawCPEPSList() {
return cpepslist;
}
@@ -161,11 +166,11 @@ public class GeneralStorkConfig {
this.attributes = attributes;
}
- public int getDefaultQaa() {
+ public String getDefaultQaa() {
return qaa;
}
- public void setDefaultQaa(int qaa) {
+ public void setDefaultQaa(String qaa) {
this.qaa = qaa;
}
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
index c0e1eaaf7..fb096a2a0 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
@@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS;
@@ -49,7 +50,7 @@ public class OASTORKConfig implements IOnlineApplicationData{
private static final Logger log = Logger.getLogger(OASTORKConfig.class);
private boolean isStorkLogonEnabled = false;
- private int qaa;
+ private String qaa;
private List<AttributeHelper> attributes = null;
@@ -107,14 +108,14 @@ public class OASTORKConfig implements IOnlineApplicationData{
setStorkLogonEnabled(config.isStorkLogonEnabled());
try {
- setQaa(config.getQaa());
+ setQaa(config.geteIDAS_LOA());
} catch(NullPointerException e) {
// if there is no configuration available for the OA, get the default qaa level
try {
- setQaa(dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getQualityAuthenticationAssuranceLevel());
+ setQaa(dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getGeneral_eIDAS_LOA());
} catch (NullPointerException e1) {
- setQaa(4);
+ setQaa(MOAIDConstants.eIDAS_LOA_HIGH);
}
}
@@ -208,7 +209,7 @@ public class OASTORKConfig implements IOnlineApplicationData{
}
// transfer the incoming data to the database model
stork.setStorkLogonEnabled(isStorkLogonEnabled());
- stork.setQaa(getQaa());
+ stork.seteIDAS_LOA(getQaa());
stork.setOAAttributes(getAttributes());
stork.setVidpEnabled(isVidpEnabled());
stork.setRequireConsent(isRequireConsent());
@@ -227,11 +228,11 @@ public class OASTORKConfig implements IOnlineApplicationData{
this.isStorkLogonEnabled = enabled;
}
- public int getQaa() {
+ public String getQaa() {
return qaa;
}
- public void setQaa(int qaa) {
+ public void setQaa(String qaa) {
this.qaa = qaa;
}
@@ -282,6 +283,11 @@ public class OASTORKConfig implements IOnlineApplicationData{
return citizenCountries;
}
+
+ public List<String> getAllowedLoALevels() {
+ return MOAIDConstants.ALLOWED_eIDAS_LOA;
+ }
+
public List<String> getEnabledCitizenCountries() {
return enabledCitizenCountries;
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
index 40e9b1a90..5e348f91b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
@@ -553,7 +553,7 @@ public class EditGeneralConfigAction extends BasicAction {
try {
log.error("QAAAA " + storkconfig.getDefaultQaa());
- stork.setQualityAuthenticationAssuranceLevel(storkconfig.getDefaultQaa());
+ stork.setGeneral_eIDAS_LOA(storkconfig.getDefaultQaa());
if (storkconfig.getAttributes() != null) {
List<StorkAttribute> dbStorkAttr = new ArrayList<StorkAttribute>();
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
index 6b5c51e3f..ed2c2f903 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
@@ -7,6 +7,7 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.StorkAttribute;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
@@ -82,9 +83,9 @@ public class StorkConfigValidator {
}
// check qaa
- int qaa = form.getDefaultQaa();
- if(1 > qaa && 4 < qaa) {
- log.warn("QAA is out of range : " + qaa);
+ String qaa = form.getDefaultQaa();
+ if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) {
+ log.warn("eIDAS LoA is not allowed : " + qaa);
errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
new Object[] {qaa}, request ));
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java
index 5c451c06a..6a03bf194 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java
@@ -30,6 +30,7 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig;
@@ -45,9 +46,9 @@ public class OASTORKConfigValidation {
List<String> errors = new ArrayList<String>();
// check qaa
- int qaa = oageneral.getQaa();
- if(1 > qaa && 4 < qaa) {
- log.warn("QAA is out of range : " + qaa);
+ String qaa = oageneral.getQaa();
+ if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) {
+ log.warn("eIDAS LoA is not allowed : " + qaa);
errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
new Object[] {qaa}, request ));
}
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
index b77097e70..ae2678c8a 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
@@ -501,7 +501,7 @@ validation.stork.cpeps.empty=CPEPS Konfiguration ist unvollst\u00E4ndig
validation.stork.cpeps.url=CPEPS URL ist ung\u00FCltig
validation.stork.cpeps.duplicate=L\u00E4ndercodes sind nicht eindeutig
validation.stork.requestedattributes=STORK Attribute sind fehlerhaft. Bsp.: attr1, attr2
-validation.stork.qaa.outofrange=G\u00FCltige QAA Werte sind 1, 2, 3, und 4
+validation.stork.qaa.outofrange=Ung\u00FCltiger LoA Werte {0}
validation.stork.attributes.empty=Es muss mindestens ein Attribut definiert sein
validation.stork.ap.url.valid=Ung\u00FCltige AttributProvider Url
validation.stork.ap.name.empty=Ung\u00FCltiger AttributProvider Name
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
index d62ce3807..d09301dab 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
@@ -499,7 +499,7 @@ validation.stork.cpeps.empty=CPEPS configuration is incomplete
validation.stork.cpeps.url=CPEPS URL is invalid
validation.stork.cpeps.duplicate=Country codes are not unique
validation.stork.requestedattributes=STORK attributes are incorrect. Example: attr1, attr2
-validation.stork.qaa.outofrange=Valid QAA values are 1, 2, 3, and 4
+validation.stork.qaa.outofrange=Not valid LoA value {0}
validation.stork.attributes.empty=Only one attribute can be provided
validation.stork.ap.url.valid=Invalid URL of AttributeProvider
validation.stork.ap.name.empty=Invalid name of AttributeProvider
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
index 254418415..c54e386a2 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
@@ -277,11 +277,12 @@
<div class="oa_config_block">
<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %></h3>
- <s:select list="#{1:'1', 2:'2', 3:'3', 4:'4'}"
- value="#{storkconfig.defaultQaa}"
+ <s:select list="storkconfig.allowedLoALevels"
+ value="%{storkconfig.defaultQaa}"
name="storkconfig.defaultQaa"
key="webpages.moaconfig.stork.qaa.default"
- labelposition="left" />
+ labelposition="left"
+ cssClass="textfield_long" />
<h4><%=LanguageHelper.getGUIString("webpages.moaconfig.stork.pepslist", request) %></h4>
<table id="stork_pepslist">
<tr><td>Country Shortcode</td><td style="text-align:center;">PEPS URL</td><td>Supports XMLEncryption</td></tr>
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp
index 78fdf8921..76c8d069b 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp
@@ -14,11 +14,15 @@
onclick="oaStork();"
id="OAuseSTORKLogon" />
<div id="stork_block">
- <s:select list="#{1:'1', 2:'2', 3:'3', 4:'4'}"
- value="#{storkOA.qaa}"
+
+ <s:select list="storkOA.allowedLoALevels"
+ value="%{storkOA.qaa}"
name="storkOA.qaa"
key="webpages.moaconfig.stork.qaa"
- labelposition="left" />
+ labelposition="left"
+ cssClass="textfield_long"/>
+
+
<h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.enabledcpeps", request) %></h4>
<s:checkboxlist name="storkOA.enabledCitizenCountries" list="storkOA.availableCitizenCountries" value="storkOA.enabledCitizenCountries" />
<h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.header", request) %></h4>
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
index 8a1a2925b..6d1dafd6c 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
@@ -37,6 +37,7 @@ import org.slf4j.LoggerFactory;
import at.gv.egiz.components.configuration.api.Configuration;
import at.gv.egiz.components.configuration.api.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
@@ -185,20 +186,20 @@ public static final List<String> KEYWHITELIST;
// check qaa
try {
- int qaa = Integer.valueOf(input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)));
- if(1 > qaa && 4 < qaa) {
- log.warn("QAA is out of range : " + qaa);
+ String eIDAS_LOA = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL));
+ if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(eIDAS_LOA)) {
+ log.warn("eIDAS LoA is not allowed : " + eIDAS_LOA);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA,
- "STORK - QAA Level",
+ "eIDAS - LoA Level",
LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
- new Object[] {qaa})));
+ new Object[] {eIDAS_LOA})));
}
} catch (Exception e) {
- log.warn("STORK QAA can not parsed : " + input.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA));
+ log.warn("eIDAS LoA can not parsed : " + input.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA));
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA,
- "STORK - QAA Level",
+ "eIDAS - LoA Level",
LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
new Object[] {input.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA)})));
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java
index 087334c4b..7f5e93ff9 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java
@@ -37,6 +37,7 @@ import org.slf4j.LoggerFactory;
import at.gv.egiz.components.configuration.api.Configuration;
import at.gv.egiz.components.configuration.api.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
@@ -253,26 +254,15 @@ public class ServicesAuthenticationSTORKTask extends AbstractTaskValidator imple
// check qaa
String qaaString = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL);
- if (MiscUtil.isNotEmpty(qaaString)) {
- try {
- int qaa = Integer.parseInt(qaaString);
- if(1 > qaa && 4 < qaa) {
- log.warn("QAA is out of range : " + qaa);
- errors.add(new ValidationObjectIdentifier(
- MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL,
- "STORK - minimal QAA level",
- LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
- new Object[] {qaa})));
- }
-
- } catch (NumberFormatException e) {
- log.warn("QAA level is not a number: " + qaaString);
+ if (MiscUtil.isNotEmpty(qaaString)) {
+ if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaaString)) {
+ log.warn("eIDAS-LoA is not allowed: " + qaaString);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL,
- "STORK - minimal QAA level",
+ "eIDAS - LoA is not allowed",
LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
new Object[] {qaaString})));
- }
+ }
}
if (!errors.isEmpty())
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 9f39e32cc..6a6359058 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -398,25 +398,13 @@ public boolean isOnlyMandateAllowed() {
* @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel()
*/
@Override
-public Integer getQaaLevel() {
- try {
- Integer storkQAALevel = Integer.parseInt(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL));
-
- if (storkQAALevel >= 1 &&
- storkQAALevel <= 4)
- return storkQAALevel;
-
- else {
- Logger.info("STORK minimal QAA level is not in a valid range. Use minimal QAA 4");
- return 4;
+public String getQaaLevel() {
+ String eidasLoALevel = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL);
+ if (MiscUtil.isEmpty(eidasLoALevel))
+ return MOAIDConstants.eIDAS_LOA_HIGH;
+ else
+ return eidasLoALevel;
- }
-
- } catch (NumberFormatException e) {
- Logger.warn("STORK minimal QAA level is not a number.", e);
- return 4;
-
- }
}
/* (non-Javadoc)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index 8d70b1444..9fd58b5c7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -201,7 +201,7 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
* @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel()
*/
@Override
- public Integer getQaaLevel() {
+ public String getQaaLevel() {
// TODO Auto-generated method stub
return null;
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
index 27744273f..6d573efe8 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
@@ -63,10 +63,15 @@ public class MOAIDConstants {
public static final List<String> ALLOWED_KEYBOXIDENTIFIER;
public static final List<String> ALLOWED_REDIRECTTARGETNAMES;
public static final List<String> ALLOWED_STORKATTRIBUTEPROVIDERS;
+ public static final List<String> ALLOWED_eIDAS_LOA;
public static final List<String> JDBC_DRIVER_NEEDS_WORKAROUND;
public static final String UNIQUESESSIONIDENTIFIER = "uniqueSessionIdentifier";
+ public static final String eIDAS_LOA_LOW = "http://eidas.europa.eu/LoA/low";
+ public static final String eIDAS_LOA_SUBSTANTIAL = "http://eidas.europa.eu/LoA/substantial";
+ public static final String eIDAS_LOA_HIGH = "http://eidas.europa.eu/LoA/high";
+
static {
Hashtable<String, String> tmp = new Hashtable<String, String>();
tmp.put(IDENIFICATIONTYPE_FN, "Firmenbuchnummer");
@@ -90,6 +95,12 @@ public class MOAIDConstants {
keyboxIDs.add(KEYBOXIDENTIFIER_CERTIFIED);
ALLOWED_KEYBOXIDENTIFIER = Collections.unmodifiableList(keyboxIDs);
+ List<String> eIDASLOA = new ArrayList<String>();
+ eIDASLOA.add(eIDAS_LOA_LOW);
+ eIDASLOA.add(eIDAS_LOA_SUBSTANTIAL);
+ eIDASLOA.add(eIDAS_LOA_HIGH);
+ ALLOWED_eIDAS_LOA = Collections.unmodifiableList(eIDASLOA);
+
List<String> redirectTargets = new ArrayList<String>();
redirectTargets.add(REDIRECTTARGET_BLANK);
redirectTargets.add(REDIRECTTARGET_PARENT);
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
index be6d34275..1aea8d7b6 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
@@ -152,7 +152,12 @@ public interface IOAAuthParameters {
*/
public boolean isShowStorkLogin();
- public Integer getQaaLevel();
+ /**
+ * Return the eIDAS LoA which is minimum required
+ *
+ * @return eIDAS LoA as URL identifier
+ */
+ public String getQaaLevel();
public boolean isRequireConsentForStorkAttributes();
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
index e865c4ed6..8472d7c06 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
@@ -32,6 +32,7 @@ import java.util.Iterator;
import java.util.List;
import java.util.Map;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA;
@@ -354,10 +355,11 @@ public class ConfigurationMigrationUtils {
else
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED, Boolean.FALSE.toString());
- if (config.getQaa() != null)
- result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, config.getQaa().toString());
+ if (config.geteIDAS_LOA() != null)
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, config.geteIDAS_LOA());
else
- result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, "4");
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL,
+ MOAIDConstants.eIDAS_LOA_HIGH);
// fetch vidp config
@@ -963,7 +965,7 @@ public class ConfigurationMigrationUtils {
// transfer the incoming data to the database model
stork.setStorkLogonEnabled(Boolean.parseBoolean(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED)));
if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL)))
- stork.setQaa(Integer.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL)));
+ stork.seteIDAS_LOA(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL));
if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES))
&& oa.get(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES).equals(MOAIDConfigurationConstants.PREFIX_VIDP))
@@ -1468,11 +1470,11 @@ public class ConfigurationMigrationUtils {
try {
result.put(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA,
- String.valueOf(stork.getQualityAuthenticationAssuranceLevel()));
+ stork.getGeneral_eIDAS_LOA());
} catch(NullPointerException e) {
result.put(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA,
- String.valueOf(4));
+ MOAIDConstants.eIDAS_LOA_HIGH);
}
}
@@ -1715,6 +1717,12 @@ public class ConfigurationMigrationUtils {
}
+ //set eIDAS default LoA from general configuration
+ String eIDASDefaultLOA = moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA);
+ if (MiscUtil.isNotEmpty(eIDASDefaultLOA))
+ stork.setGeneral_eIDAS_LOA(eIDASDefaultLOA);
+
+
Map<String, StorkAttribute> attrMap = new HashMap<String, StorkAttribute>();
Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>();
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java
index 397fd828b..0f76c4e63 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OASTORK.java
@@ -11,29 +11,21 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
-import javax.persistence.Basic;
+
import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.JoinColumn;
import javax.persistence.JoinTable;
import javax.persistence.ManyToMany;
import javax.persistence.OneToMany;
-import javax.persistence.Table;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlTransient;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
-import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter;
+
import org.jvnet.jaxb2_commons.lang.Equals;
import org.jvnet.jaxb2_commons.lang.EqualsStrategy;
import org.jvnet.jaxb2_commons.lang.HashCode;
@@ -43,6 +35,8 @@ import org.jvnet.jaxb2_commons.lang.JAXBHashCodeStrategy;
import org.jvnet.jaxb2_commons.locator.ObjectLocator;
import org.jvnet.jaxb2_commons.locator.util.LocatorUtils;
+import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter;
+
/**
* <p>Java class for anonymous complex type.
@@ -110,6 +104,9 @@ public class OASTORK
@XmlAttribute(name = "Hjid")
protected Long hjid;
+ @XmlTransient
+ protected String eIDAS_LOA = null;
+
/**
* Gets the value of the storkLogonEnabled property.
*
@@ -162,7 +159,23 @@ public class OASTORK
this.qaa = value;
}
+
+
/**
+ * @return the eIDAS_LOA
+ */
+ public String geteIDAS_LOA() {
+ return eIDAS_LOA;
+ }
+
+ /**
+ * @param eIDAS_LOA the eIDAS_LOA to set
+ */
+ public void seteIDAS_LOA(String eIDAS_LOA) {
+ this.eIDAS_LOA = eIDAS_LOA;
+ }
+
+ /**
* Gets the value of the oaAttributes property.
*
* <p>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java
index 59b300e95..bcd159702 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/STORK.java
@@ -11,25 +11,18 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
-import javax.persistence.Basic;
+
import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.OneToMany;
-import javax.persistence.Table;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlTransient;
import javax.xml.bind.annotation.XmlType;
+
import org.jvnet.jaxb2_commons.lang.Equals;
import org.jvnet.jaxb2_commons.lang.EqualsStrategy;
import org.jvnet.jaxb2_commons.lang.HashCode;
@@ -94,6 +87,9 @@ public class STORK
@XmlAttribute(name = "Hjid")
protected Long hjid;
+ @XmlTransient
+ protected String general_eIDAS_LOA = null;
+
/**
* Gets the value of the cpeps property.
*
@@ -257,7 +253,21 @@ public class STORK
this.hjid = value;
}
- public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) {
+ /**
+ * @return the general_eIDAS_LOA
+ */
+ public String getGeneral_eIDAS_LOA() {
+ return general_eIDAS_LOA;
+ }
+
+ /**
+ * @param general_eIDAS_LOA the general_eIDAS_LOA to set
+ */
+ public void setGeneral_eIDAS_LOA(String general_eIDAS_LOA) {
+ this.general_eIDAS_LOA = general_eIDAS_LOA;
+ }
+
+ public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) {
if (!(object instanceof STORK)) {
return false;
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index eb32d1d12..7664eec86 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -78,7 +78,9 @@ public class Constants {
public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier";
public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth";
public static final String eIDAS_ATTR_CURRENTGIVENNAME = "FirstName";
- public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "FamilyName";
+ public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "FamilyName";
+ public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier";
+ public static final String eIDAS_ATTR_LEGALNAME = "LegalName";
//http endpoint descriptions
public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/sp/post";
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index ee71e8e6b..a3fd51c4c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -94,23 +94,25 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
//get service-provider configuration
IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
- // get target country
+ // get target and validate citizen countryCode
String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC);
if (StringUtils.isEmpty(citizenCountryCode)) {
// illegal state; task should not have been executed without a selected country
throw new AuthenticationException("eIDAS.03", new Object[] { "" });
+
}
-
CPEPS cpeps = authConfig.getStorkConfig().getCPEPS(citizenCountryCode);
if(null == cpeps) {
Logger.error("PEPS unknown for country", new Object[] {citizenCountryCode});
throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode});
}
Logger.debug("Found eIDaS Node/C-PEPS configuration for citizen of country: " + citizenCountryCode);
+
+
+ // select SingleSignOnService Endpoint from eIDAS-node metadata
String destination = null;
String metadataUrl = cpeps.getPepsURL().toString().split(";")[0].trim();
-
try {
EntityDescriptor eIDASNodeMetadata = eIDASMetadataProvider.getEntityDescriptor(metadataUrl);
if (eIDASNodeMetadata != null) {
@@ -129,10 +131,11 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
Logger.warn("Load eIDAS metadata from node:" + metadataUrl + " FAILED with an error.", e);
}
-
-
+
+ // load SingleSignOnService Endpoint from configuration, if Metadata contains no information
+ // FIXME convenience function for not standard conform metadata
if (MiscUtil.isEmpty(destination)) {
- destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination
+ destination = cpeps.getPepsURL().toString().split(";")[1].trim();
if (MiscUtil.isNotEmpty(destination))
Logger.debug("Use eIDAS node destination URL:" + destination + " from configuration");
@@ -189,11 +192,12 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
String issur = pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
authnRequestBuilder.issuer(issur);
authnRequestBuilder.destination(destination);
+
+ authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT);
+ //set minimum required eIDAS LoA from OA config
+ authnRequestBuilder.levelOfAssurance(LevelOfAssurance.fromString(oaConfig.getQaaLevel()));
authnRequestBuilder.levelOfAssuranceComparison(LevelOfAssuranceComparison.MINIMUM);
- authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT);
- //TODO: load from OA-Configuration
- authnRequestBuilder.levelOfAssurance(LevelOfAssurance.LOW);
//set correct SPType for this online application
if (oaConfig.getBusinessService())
@@ -202,8 +206,9 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
authnRequestBuilder.spType(SpType.PUBLIC);
- //TODO: make it loadable from config
- authnRequestBuilder.serviceProviderCountryCode("AT");
+ //set service provider (eIDAS node) countryCode
+ authnRequestBuilder.serviceProviderCountryCode(
+ authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"));
//set citizen country code for foreign uses
authnRequestBuilder.citizenCountryCode(cpeps.getCountryCode());
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index cb91d5fa3..9fab58f94 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -350,17 +350,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
eIDASRespBuilder.statusMessage(e.getMessage());
}
-
- if(null == eidasReq.getEidasRequest().getAssertionConsumerServiceURL()) {
- String assertionConsumerUrl = MetadataUtil.getAssertionConsumerUrlFromMetadata(
- SAMLEngineUtils.getMetadataFetcher(),
- SAMLEngineUtils.getMetadataSigner(),
- eidasReq.getEidasRequest());
-
- //TODO: set AssertionConsumerService is required?
-
- }
-
+
eIDASRespBuilder.id(eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils.generateNCName());
eIDASRespBuilder.inResponseTo(eidasReq.getEidasRequest().getId());
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
index af180ff10..3affa17b3 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
@@ -265,7 +265,7 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters {
* @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel()
*/
@Override
- public Integer getQaaLevel() {
+ public String getQaaLevel() {
// TODO Auto-generated method stub
return null;
}