From 16645606a6e2e6c1b00b2b20ef0373e2c81f7f4a Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 8 Feb 2017 14:44:26 +0100 Subject: update eIDAS node configuration to allow more then on configuration for the same country code. Country codes can be extended by a suffix like NL and NL-Test. Both generates a Authn. request for NL but there are two entries in citizen country selector and maybe two different service URLs --- .../validation/moaconfig/StorkConfigValidator.java | 2 +- id/ConfigWebTool/src/main/webapp/css/index.css | 5 +++ .../src/main/webapp/jsp/editMOAConfig.jsp | 4 +-- .../task/impl/GeneralSTORKConfigurationTask.java | 2 +- .../moa/id/config/stork/STORKConfig.java | 4 +-- .../egovernment/moa/id/commons/api/data/CPEPS.java | 12 +++++++ ...roviderSpecificGUIFormBuilderConfiguration.java | 8 ++--- .../eidas/tasks/GenerateAuthnRequestTask.java | 38 ---------------------- 8 files changed, 27 insertions(+), 48 deletions(-) diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java index ed2c2f903..8e8020d75 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java @@ -43,7 +43,7 @@ public class StorkConfigValidator { errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } - if(!check.toLowerCase().matches("^[a-z][a-z]$")) { + if(!check.toLowerCase().matches("(^[a-z][a-z]$)|(^[a-z][a-z]-[a-z]*)")) { log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + check); errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", new Object[] {check}, request )); diff --git a/id/ConfigWebTool/src/main/webapp/css/index.css b/id/ConfigWebTool/src/main/webapp/css/index.css index 80ccf93be..aa83e0c2b 100644 --- a/id/ConfigWebTool/src/main/webapp/css/index.css +++ b/id/ConfigWebTool/src/main/webapp/css/index.css @@ -375,6 +375,11 @@ div .wwgrp br { } +.textfield_PEPS_CC { + width: 70px; + +} + .textfield_middle { width: 100px; diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 6694a4273..6892535a1 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -296,7 +296,7 @@ - + @@ -307,7 +307,7 @@ - + " onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/> diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java index 6d1dafd6c..fb675ad43 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java @@ -125,7 +125,7 @@ public static final List KEYWHITELIST; LanguageHelper.getErrorString("validation.stork.cpeps.cc", new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}))); } - if(!cc.toLowerCase().matches("^[a-z][a-z]$")) { + if(!cc.toLowerCase().matches("(^[a-z][a-z]$)|(^[a-z][a-z]-[a-z]*)")) { log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + cc); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index 99e4b4cce..b85938bb7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -96,7 +96,7 @@ public class STORKConfig implements IStorkConfig { new CPEPS(storkCPEPSProps.get(listCounter + "." + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_COUNTRY), new URL(storkCPEPSProps.get(listCounter + "." + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_URL)), enableAssertionEncryption); - cpepsMap.put(moacpep.getCountryCode(), moacpep); + cpepsMap.put(moacpep.getFullCountryCode(), moacpep); } catch (MalformedURLException e) { Logger.warn("CPEPS URL " + @@ -167,7 +167,7 @@ public class STORKConfig implements IStorkConfig { if (StringUtils.isEmpty(ccc) || this.cpepsMap.isEmpty()) return false; - if (this.cpepsMap.containsKey(ccc.toUpperCase())) + if (this.cpepsMap.containsKey(ccc)) return true; else return false; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/CPEPS.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/CPEPS.java index a88aa2171..525a660b4 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/CPEPS.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/CPEPS.java @@ -62,11 +62,23 @@ public class CPEPS { this.isXMLSignatureSupported = isXMLSignatureSupported; } + + public String getFullCountryCode() { + return countryCode; + } + /** * Gets the country code of this C-PEPS * @return ISO country code */ public String getCountryCode() { + if (countryCode != null && + countryCode.contains("-")) { + //remove trailing information to country code + return countryCode.substring(0, countryCode.indexOf("-")); + + } + return countryCode; } diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java index 0a5cdaf3e..63df81b3c 100644 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java @@ -126,12 +126,12 @@ public class ServiceProviderSpecificGUIFormBuilderConfiguration extends Abstract try { for (CPEPS current : oaParam.getPepsList()) { String countryName = null; - if (MiscUtil.isNotEmpty(MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getCountryCode().toUpperCase()))) - countryName = MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getCountryCode().toUpperCase()); + if (MiscUtil.isNotEmpty(MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getFullCountryCode().toUpperCase()))) + countryName = MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getFullCountryCode().toUpperCase()); else - countryName = current.getCountryCode().toUpperCase(); + countryName = current.getFullCountryCode().toUpperCase(); - pepslist += "\n"; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java index 0eb067c5a..7f3c97dc6 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java @@ -22,13 +22,10 @@ */ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; -import java.io.ByteArrayOutputStream; import java.io.StringWriter; import java.util.ArrayList; import java.util.Collection; import java.util.List; -import java.util.zip.Deflater; -import java.util.zip.DeflaterOutputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -42,7 +39,6 @@ import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.saml2.metadata.provider.MetadataProviderException; -import org.opensaml.xml.util.Base64; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -274,40 +270,6 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { } } - - /** - * Encode the eIDAS request with Redirect binding - * - * @param pendingReq - * @param authnReqEndpoint - * @param token - * @param authnRequest - * @param response - * @throws MOAIDException - */ - private void buildRedirecttBindingRequest(IRequest pendingReq, SingleSignOnService authnReqEndpoint, - byte[] token, IRequestMessage authnRequest, HttpServletResponse response) - throws MOAIDException { - - //FIXME: implement correct deflat encoding accodring to SAML2 Redirect Binding specification - - try { - ByteArrayOutputStream bytesOut = new ByteArrayOutputStream(); - Deflater deflater = new Deflater(Deflater.DEFLATED, true); - DeflaterOutputStream deflaterStream = new DeflaterOutputStream(bytesOut, deflater); - deflaterStream.write(token); - deflaterStream.finish(); - String samlReqBase64 = Base64.encodeBytes(bytesOut.toByteArray(), Base64.DONT_BREAK_LINES); - - - - } catch (Exception e) { - Logger.error("eIDAS Redirect-Binding request encoding error: " + e.getMessage()); - throw new MOAIDException("eIDAS.02", new Object[]{e.getMessage()}, e); - - } - - } /** * Encode the eIDAS request with POST binding -- cgit v1.2.3