From ac531e30d13d6714e2ac61f7329e6adc130aa288 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 24 May 2019 12:23:41 +0200 Subject: untested switch to EAAF-components 1.0.7 --- .../id/auth/builder/AuthenticationDataBuilder.java | 22 +++++-- .../moa/id/auth/data/AuthenticationSession.java | 12 ++++ .../id/auth/data/VerifyXMLSignatureResponse.java | 1 - .../tasks/EvaluateSSOConsentsTaskImpl.java | 2 +- .../tasks/GenerateBKUSelectionFrameTask.java | 2 +- .../GenerateSSOConsentEvaluatorFrameTask.java | 2 +- .../parser/VerifyXMLSignatureResponseParser.java | 2 +- .../id/auth/servlet/GUILayoutBuilderServlet.java | 10 ++-- .../GeneralProcessEngineSignalController.java | 3 +- .../id/auth/servlet/IDPSingleLogOutServlet.java | 30 +++++----- .../moa/id/auth/servlet/RedirectServlet.java | 12 ++-- .../attributes/SimpleStringAttributeGenerator.java | 68 ---------------------- .../pvp2x/builder/SingleLogOutBuilder.java | 18 +++--- 13 files changed, 73 insertions(+), 111 deletions(-) delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index acf59cebf..25a508687 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -53,6 +53,7 @@ import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.EAAFParserException; import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egiz.eaaf.core.exceptions.XPathException; @@ -60,6 +61,7 @@ import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator; import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; @@ -84,7 +86,6 @@ import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.data.MOAAuthenticationData; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; @@ -134,7 +135,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } @Override - public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException { + protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EAAFException { try { return buildAuthenticationData(pendingReq, pendingReq.getSessionData(AuthenticationSessionWrapper.class), @@ -145,7 +146,6 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder throw new EAAFAuthenticationException("builder.11", new Object[]{e.getMessage()}, e); } - } private IAuthData buildAuthenticationData(IRequest pendingReq, @@ -216,7 +216,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException, EAAFBuilderException { try { //generate basic authentication data - generateBasicAuthData(authData, protocolRequest, session); + generateDeprecatedBasicAuthData(authData, protocolRequest, session); //set Austrian eID demo-mode flag authData.setIseIDNewDemoMode(Boolean.parseBoolean( @@ -926,4 +926,18 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } } } + + @Override + protected IAuthData getAuthDataInstance(IRequest pendingReq) throws EAAFException { + throw new RuntimeException("This method is NOT supported by MOA-ID"); + + } + + @Override + protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) + throws EAAFException { + throw new RuntimeException("This method is NOT supported by MOA-ID"); + + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index cadaec2a0..8b587c550 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -674,5 +674,17 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi result.put(GENERIC_PREFIX + el.getKey(), el.getValue()); return Collections.unmodifiableMap(result); + } + + @Override + public boolean isEIDProcess() { + return false; + + } + + @Override + public void setEIDProcess(boolean value) { + Logger.warn("set E-ID process will be ignored!!!"); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java index c054976ec..636871a09 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java @@ -261,7 +261,6 @@ public Date getSigningDateTime() { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setSigningDateTime(java.util.Date) */ -@Override public void setSigningDateTime(Date signingDateTime) { this.signingDateTime = signingDateTime; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java index 375b144d7..4fefaf17b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java @@ -112,7 +112,7 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { requestStoreage.storePendingRequest(pendingReq); //redirect to auth. protocol finalization - performRedirectToProtocolFinialization(pendingReq, response); + performRedirectToProtocolFinialization(executionContext, pendingReq, request, response); } catch (MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java index 98e632bd8..cc070f8fd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java @@ -73,7 +73,7 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask { SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_BKUSELECTION, GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION); - guiBuilder.build(response, config, "BKU-Selection form"); + guiBuilder.build(request, response, config, "BKU-Selection form"); } catch (GUIBuildException e) { Logger.warn("Can not build GUI:'BKU-Selection'. Msg:" + e.getMessage()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java index 3c364e924..64c3721df 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java @@ -71,7 +71,7 @@ public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTas SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_SENDASSERTION, GeneralProcessEngineSignalController.ENDPOINT_SENDASSERTION_EVALUATION); - guiBuilder.build(response, config, "SendAssertion-Evaluation"); + guiBuilder.build(request, response, config, "SendAssertion-Evaluation"); //Log consents evaluator event to revisionslog revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java index c66353846..32660a3db 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java @@ -176,7 +176,7 @@ public class VerifyXMLSignatureResponseParser { public IVerifiyXMLSignatureResponse parseData() throws ParseException { - IVerifiyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); + VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java index 18aa93cc9..6803264dd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java @@ -59,7 +59,7 @@ public class GUILayoutBuilderServlet extends AbstractController { @Autowired AuthConfiguration authConfig; @Autowired IRequestStorage requestStoreage; - @Autowired IGUIFormBuilder formBuilder; + @Autowired IGUIFormBuilder formBuilder; public GUILayoutBuilderServlet() { super(); @@ -93,7 +93,7 @@ public class GUILayoutBuilderServlet extends AbstractController { } //build GUI component - formBuilder.build(resp, config, MOAIDConstants.DEFAULT_CONTENT_TYPE_HTML_UTF8, "BKUDetection-Frame"); + formBuilder.build(req, resp, config, MOAIDConstants.DEFAULT_CONTENT_TYPE_HTML_UTF8, "BKUDetection-Frame"); } catch (Exception e) { @@ -124,7 +124,7 @@ public class GUILayoutBuilderServlet extends AbstractController { null); //build GUI component - formBuilder.build(resp, config, "text/css; charset=UTF-8", "CSS-Form"); + formBuilder.build(req, resp, config, "text/css; charset=UTF-8", "CSS-Form"); } catch (Exception e) { Logger.warn("GUI ressource:'CSS' generation FAILED.", e); @@ -153,7 +153,7 @@ public class GUILayoutBuilderServlet extends AbstractController { GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION); //build GUI component - formBuilder.build(resp, config, "text/javascript; charset=UTF-8", "JavaScript"); + formBuilder.build(req, resp, config, "text/javascript; charset=UTF-8", "JavaScript"); } catch (Exception e) { Logger.warn("GUI ressource:'JavaScript' generation FAILED.", e); @@ -168,7 +168,7 @@ public class GUILayoutBuilderServlet extends AbstractController { req.getParameter(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID)); if (MiscUtil.isNotEmpty(pendingReqID)) { - IRequest pendingReq = requestStorage.getPendingRequest(pendingReqID); + IRequest pendingReq = requestStoreage.getPendingRequest(pendingReqID); if (pendingReq != null) { Logger.trace("GUI-Layout builder: Pending-request:" + pendingReqID + " found -> Build specific template"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java index 87325989a..09b18d9c6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java @@ -31,6 +31,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; /** @@ -50,7 +51,7 @@ public class GeneralProcessEngineSignalController extends AbstractProcessEngineS "/signalProcess" }, method = {RequestMethod.POST, RequestMethod.GET}) - public void performGenericAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException { + public void performGenericAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { signalProcessManagement(req, resp); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index c39d78d8b..b7970e4fd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -37,7 +37,9 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager; +import at.gv.egiz.eaaf.core.api.idp.auth.services.IProtocolAuthenticationService; import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; @@ -72,11 +74,13 @@ public class IDPSingleLogOutServlet extends AbstractController { @Autowired IAuthenticationManager authManager; @Autowired IAuthenticationSessionStoreage authenicationStorage; @Autowired SingleLogOutBuilder sloBuilder; + @Autowired IProtocolAuthenticationService protAuthService; + @Autowired(required=true) private IGUIFormBuilder guiBuilder; @RequestMapping(value = "/idpSingleLogout", method = {RequestMethod.GET}) public void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException, EAAFException { Logger.debug("Receive IDP-initiated SingleLogOut"); String authURL = HTTPUtils.extractAuthURLFromRequest(req); @@ -117,21 +121,21 @@ public class IDPSingleLogOutServlet extends AbstractController { null); if (MOAIDAuthConstants.SLOSTATUS_SUCCESS.equals(status)) - config.putCustomParameter("successMsg", + config.putCustomParameter(null, "successMsg", MOAIDMessageProvider.getInstance().getMessage("slo.00", null)); else - config.putCustomParameterWithOutEscaption("errorMsg", + config.putCustomParameterWithOutEscaption(null, "errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - guiBuilder.build(resp, config, "Single-LogOut GUI"); + guiBuilder.build(req, resp, config, "Single-LogOut GUI"); } catch (GUIBuildException e) { - handleErrorNoRedirect(e, req, resp, false); + protAuthService.handleErrorNoRedirect(e, req, resp, false); } catch (MOADatabaseException e) { - handleErrorNoRedirect(e, req, resp, false); + protAuthService.handleErrorNoRedirect(e, req, resp, false); } catch (EAAFException e) { - handleErrorNoRedirect(e, req, resp, false); + protAuthService.handleErrorNoRedirect(e, req, resp, false); } @@ -154,7 +158,7 @@ public class IDPSingleLogOutServlet extends AbstractController { } } catch (Exception e) { - handleErrorNoRedirect(e, req, resp, false); + protAuthService.handleErrorNoRedirect(e, req, resp, false); } @@ -166,7 +170,7 @@ public class IDPSingleLogOutServlet extends AbstractController { SLOInformationContainer sloContainer = transactionStorage.get(restartProcess, SLOInformationContainer.class); if (sloContainer == null) { Logger.info("No Single LogOut processing information with ID: " + restartProcess); - handleErrorNoRedirect(new MOAIDException("slo.03", null), req, resp, false); + protAuthService.handleErrorNoRedirect(new MOAIDException("slo.03", null), req, resp, false); return; } @@ -233,10 +237,10 @@ public class IDPSingleLogOutServlet extends AbstractController { DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, null); - config.putCustomParameterWithOutEscaption("errorMsg", + config.putCustomParameterWithOutEscaption(null, "errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - guiBuilder.build(resp, config, "Single-LogOut GUI"); + guiBuilder.build(req, resp, config, "Single-LogOut GUI"); } catch (GUIBuildException e) { e.printStackTrace(); @@ -251,10 +255,10 @@ public class IDPSingleLogOutServlet extends AbstractController { DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, null); - config.putCustomParameter("successMsg", + config.putCustomParameter(null, "successMsg", MOAIDMessageProvider.getInstance().getMessage("slo.02", null)); - guiBuilder.build(resp, config, "Single-LogOut GUI"); + guiBuilder.build(req, resp, config, "Single-LogOut GUI"); } catch (GUIBuildException e) { e.printStackTrace(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index 478462adb..abb19c6cf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -122,9 +122,9 @@ public class RedirectServlet { authURL, DefaultGUIFormBuilderConfiguration.VIEW_REDIRECT, null); - config.putCustomParameterWithOutEscaption(URL, StringEscapeUtils.escapeHtml(url)); - config.putCustomParameter(TARGET, redirectTarget); - guiBuilder.build(resp, config, "RedirectForm.html"); + config.putCustomParameterWithOutEscaption(null, URL, StringEscapeUtils.escapeHtml(url)); + config.putCustomParameter(null, TARGET, redirectTarget); + guiBuilder.build(req, resp, config, "RedirectForm.html"); } else if (MiscUtil.isNotEmpty(interIDP)) { //store IDP identifier and redirect to generate AuthRequst service @@ -153,10 +153,10 @@ public class RedirectServlet { authURL, DefaultGUIFormBuilderConfiguration.VIEW_REDIRECT, null); - config.putCustomParameterWithOutEscaption(URL, StringEscapeUtils.escapeHtml(url)); - config.putCustomParameter(TARGET, redirectTarget); + config.putCustomParameterWithOutEscaption(null, URL, StringEscapeUtils.escapeHtml(url)); + config.putCustomParameter(null, TARGET, redirectTarget); - guiBuilder.build(resp, config, "RedirectForm.html"); + guiBuilder.build(req, resp, config, "RedirectForm.html"); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java deleted file mode 100644 index 5daa71b1f..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; - -/** - * @author tlenz - * - */ -public class SimpleStringAttributeGenerator implements IAttributeGenerator { - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildStringAttribute(java.lang.String, java.lang.String, java.lang.String) - */ - @Override - public String buildStringAttribute(String friendlyName, String name, String value) { - return value; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildIntegerAttribute(java.lang.String, java.lang.String, int) - */ - @Override - public String buildIntegerAttribute(String friendlyName, String name, int value) { - return String.valueOf(value); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildLongAttribute(java.lang.String, java.lang.String, long) - */ - @Override - public String buildLongAttribute(String friendlyName, String name, long value) { - return String.valueOf(value); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildEmptyAttribute(java.lang.String, java.lang.String) - */ - @Override - public String buildEmptyAttribute(String friendlyName, String name) { - return null; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java index 8229fb405..19b79d165 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java @@ -223,11 +223,11 @@ public class SingleLogOutBuilder { DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, null); - config.putCustomParameterWithOutEscaption("redirectURLs", sloReqList); - config.putCustomParameterWithOutEscaption("timeoutURL", timeOutURL); - config.putCustomParameter("timeout", String.valueOf(SLOTIMEOUT)); + config.putCustomParameterWithOutEscaption(null, "redirectURLs", sloReqList); + config.putCustomParameterWithOutEscaption(null, "timeoutURL", timeOutURL); + config.putCustomParameter(null, "timeout", String.valueOf(SLOTIMEOUT)); - guiBuilder.build(httpResp, config, "Single-LogOut GUI"); + guiBuilder.build(httpReq, httpResp, config, "Single-LogOut GUI"); } else { @@ -249,16 +249,16 @@ public class SingleLogOutBuilder { if (sloContainer.getSloFailedOAs() == null || sloContainer.getSloFailedOAs().size() == 0) { revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID); - config.putCustomParameter("successMsg", + config.putCustomParameter(null, "successMsg", MOAIDMessageProvider.getInstance().getMessage("slo.00", null)); } else { revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); - config.putCustomParameterWithOutEscaption("errorMsg", + config.putCustomParameterWithOutEscaption(null, "errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); } - guiBuilder.build(httpResp, config, "Single-LogOut GUI"); + guiBuilder.build(httpReq, httpResp, config, "Single-LogOut GUI"); } @@ -285,11 +285,11 @@ public class SingleLogOutBuilder { null); revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); - config.putCustomParameterWithOutEscaption("errorMsg", + config.putCustomParameterWithOutEscaption(null, "errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); try { - guiBuilder.build(httpResp, config, "Single-LogOut GUI"); + guiBuilder.build(httpReq, httpResp, config, "Single-LogOut GUI"); } catch (GUIBuildException e1) { Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage()); -- cgit v1.2.3 From 66859cd53d4181350525e91c4d35071932675ca7 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 29 May 2019 14:04:44 +0200 Subject: refactoring from MOA-ID 3.4.x to MOA E-ID Proxy 4.0.x --- .../moa/id/advancedlogging/MOAIDEventConstants.java | 6 ++++++ .../moa/id/auth/MOAIDAuthInitializer.java | 2 +- .../id/auth/builder/AuthenticationDataBuilder.java | 2 +- .../moa/id/auth/modules/BKUSelectionModuleImpl.java | 9 ++++++++- .../moa/id/auth/servlet/IDPSingleLogOutServlet.java | 21 ++++++++++++++------- .../PropertyBasedAuthConfigurationProvider.java | 7 +++++-- .../at/gv/egovernment/moa/id/data/IMOAAuthData.java | 5 ++--- .../moa/id/data/MOAAuthenticationData.java | 20 ++------------------ .../moa/id/moduls/AuthenticationManager.java | 16 +++++++++++++--- .../pvp2x/metadata/MOAMetadataProvider.java | 6 +++--- .../pvp2x/signer/IDPCredentialProvider.java | 3 ++- .../id/protocols/pvp2x/utils/MOASAMLSOAPClient.java | 4 ++-- .../at/gv/egovernment/moa/id/util/SSLUtils.java | 4 ++-- 13 files changed, 61 insertions(+), 44 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java index d654eb359..f6d116198 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java @@ -97,6 +97,12 @@ public interface MOAIDEventConstants extends EventConstants { public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED = 6202; public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR = 6203; public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID = 6204; + + public static final int AUTHPROCESS_EID_SERVICE_SELECTED = 6300; + public static final int AUTHPROCESS_EID_SERVICE_REQUESTED = 6301; + public static final int AUTHPROCESS_EID_SERVICE_RECEIVED = 6302; + public static final int AUTHPROCESS_EID_SERVICE_RECEIVED_ERROR = 6303; + public static final int AUTHPROCESS_EID_SERVICE_ATTRIBUTES_VALID = 6304; //person information public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK = 5000; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index a35b45af2..b0f452861 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -158,7 +158,7 @@ public class MOAIDAuthInitializer { fixJava8_141ProblemWithSSLAlgorithms(); - if (!authConf.getBasicMOAIDConfigurationBoolean(ConfigurationProviderImpl.VALIDATION_AUTHBLOCK_TARGETFRIENDLYNAME, true)) + if (!authConf.getBasicConfigurationBoolean(ConfigurationProviderImpl.VALIDATION_AUTHBLOCK_TARGETFRIENDLYNAME, true)) Logger.info("AuthBlock 'TargetFriendlyName' validation deactivated"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 25a508687..09d517f5a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -117,7 +117,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder @PostConstruct private void initialize() { - Map pubKeyMap = authConfig.getBasicMOAIDConfigurationWithPrefix(CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS); + Map pubKeyMap = authConfig.getBasicConfigurationWithPrefix(CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS); for (Entry el : pubKeyMap.entrySet()) { try { encKeyMap.put(el.getKey(), new X509Certificate(Base64Utils.decode(el.getValue(), false))); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java index 48d652671..bd183d906 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java @@ -22,9 +22,13 @@ */ package at.gv.egovernment.moa.id.auth.modules; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.config.auth.PropertyBasedAuthConfigurationProvider; /** * @author tlenz @@ -32,6 +36,8 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; */ public class BKUSelectionModuleImpl implements AuthModule { + @Autowired(required=false) private IConfiguration configuration; + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() */ @@ -50,7 +56,8 @@ public class BKUSelectionModuleImpl implements AuthModule { if (performBKUSelectionObj != null && performBKUSelectionObj instanceof Boolean) performBKUSelection = (boolean) performBKUSelectionObj; - if (performBKUSelection) + if (performBKUSelection && configuration != null + && configuration.getBasicConfigurationBoolean(PropertyBasedAuthConfigurationProvider.PROP_MOAID_MODE, false)) return "BKUSelectionProcess"; else diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index b7970e4fd..496501760 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -43,6 +43,7 @@ import at.gv.egiz.eaaf.core.api.idp.auth.services.IProtocolAuthenticationService import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; +import at.gv.egiz.eaaf.core.exceptions.SLOException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; import at.gv.egiz.eaaf.core.impl.utils.Random; @@ -72,11 +73,10 @@ public class IDPSingleLogOutServlet extends AbstractController { @Autowired SSOManager ssoManager; @Autowired IAuthenticationManager authManager; - @Autowired IAuthenticationSessionStoreage authenicationStorage; - @Autowired SingleLogOutBuilder sloBuilder; - @Autowired IProtocolAuthenticationService protAuthService; + @Autowired IAuthenticationSessionStoreage authenicationStorage; + @Autowired IProtocolAuthenticationService protAuthService; @Autowired(required=true) private IGUIFormBuilder guiBuilder; - + @Autowired(required=false) SingleLogOutBuilder sloBuilder; @RequestMapping(value = "/idpSingleLogout", method = {RequestMethod.GET}) public void doGet(HttpServletRequest req, HttpServletResponse resp) @@ -150,8 +150,15 @@ public class IDPSingleLogOutServlet extends AbstractController { if(MiscUtil.isNotEmpty(internalSSOId)) { ISLOInformationContainer sloInfoContainer = authManager.performSingleLogOut(req, resp, null, internalSSOId); - Logger.debug("Starting technical SLO process ... "); - sloBuilder.toTechnicalLogout(sloInfoContainer, req, resp, authURL); + if (sloBuilder != null) { + Logger.debug("Starting technical SLO process ... "); + sloBuilder.toTechnicalLogout(sloInfoContainer, req, resp, authURL); + + } else { + Logger.warn("Can NOT perfom Single LogOut process! NO SLOBuilder in ClassPath"); + throw new SLOException("init.05", new Object[] {"Missing depentency or modul not active"}); + + } return; } @@ -180,7 +187,7 @@ public class IDPSingleLogOutServlet extends AbstractController { String redirectURL = null; IRequest sloReq = sloContainer.getSloRequest(); - if (sloReq != null && sloReq instanceof PVPSProfilePendingRequest) { + if (sloBuilder != null && sloReq != null && sloReq instanceof PVPSProfilePendingRequest) { //send SLO response to SLO request issuer SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPSProfilePendingRequest)sloContainer.getSloRequest()); LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPSProfilePendingRequest)sloContainer.getSloRequest(), sloContainer.getSloFailedOAs()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java index fff019ae7..eae7aae9d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java @@ -51,6 +51,8 @@ import iaik.pki.revocation.RevocationSourceTypes; public class PropertyBasedAuthConfigurationProvider extends ConfigurationProviderImpl implements AuthConfiguration { + public static final String PROP_MOAID_MODE = "general.moaidmode.active"; + private static final boolean TRUST_MANAGER_REVOCATION_CHECKING_DEFAULT = true; private MOAIDConfiguration configuration; @@ -231,7 +233,9 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide allowedProtcols.setSAML1Active( configuration.getBooleanValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_ENABLED, false)); allowedProtcols.setPVP21Active( - configuration.getBooleanValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_ENABLED, true)); + configuration.getBooleanValue( + MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_ENABLED, true) + && getBasicConfigurationBoolean(PROP_MOAID_MODE, false)); return allowedProtcols; @@ -1307,5 +1311,4 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide } } } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java index af4cf6fa7..1e42b1e1b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java @@ -4,11 +4,11 @@ import java.util.List; import org.w3c.dom.Element; -import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; -public interface IMOAAuthData extends IAuthData{ +public interface IMOAAuthData extends IEidAuthData{ @Deprecated /** @@ -34,7 +34,6 @@ public interface IMOAAuthData extends IAuthData{ */ List> getEncMandateNaturalPersonbPKList(); - byte[] getSignerCertificate(); String getAuthBlock(); boolean isPublicAuthority(); String getPublicAuthorityCode(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java index 897a06e62..9b6de0f29 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java @@ -30,7 +30,7 @@ import org.w3c.dom.Element; import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; +import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData; import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; @@ -45,14 +45,13 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ -public class MOAAuthenticationData extends AuthenticationData implements IMOAAuthData, Serializable { +public class MOAAuthenticationData extends EidAuthenticationData implements IMOAAuthData, Serializable { private static final long serialVersionUID = 1L; private boolean qualifiedCertificate; private boolean publicAuthority; private String publicAuthorityCode; private String bkuURL; - private byte[] signerCertificate = null; private String authBlock = null; private String QAALevel = null; @@ -116,21 +115,6 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut return this.encbPKList; } - - @Override - public byte[] getSignerCertificate() { - return signerCertificate; - } - - - /** - * @param signerCertificate the signerCertificate to set - */ - public void setSignerCertificate(byte[] signerCertificate) { - this.signerCertificate = signerCertificate; - } - - @Override public String getAuthBlock() { return authBlock; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 77abe07af..9beeb6cc2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -67,7 +67,7 @@ public class AuthenticationManager extends AbstractAuthenticationManager { public static final String MOA_AUTHENTICATED = "MoaAuthenticated"; @Autowired private IAuthenticationSessionStoreage authenticatedSessionStore; - @Autowired private SingleLogOutBuilder sloBuilder;; + @Autowired(required=false) private SingleLogOutBuilder sloBuilder;; @Override @@ -118,8 +118,18 @@ public class AuthenticationManager extends AbstractAuthenticationManager { sloContainer.setSessionID(uniqueSessionIdentifier); sloContainer.setSloRequest(pvpReq); - sloBuilder.parseActiveIDPs(sloContainer, dbIDPs, pvpSLOIssuer); - sloBuilder.parseActiveOAs(sloContainer, dbOAs, pvpSLOIssuer); + if (sloBuilder != null) { + Logger.trace("Parse active SPs into SLOContainer ... "); + sloBuilder.parseActiveIDPs(sloContainer, dbIDPs, pvpSLOIssuer); + sloBuilder.parseActiveOAs(sloContainer, dbOAs, pvpSLOIssuer); + + } else { + Logger.warn("NO SLOBuilder in ClassPath / Single LogOut NOT possible! Mark SLO as FAILED"); + sloContainer.putFailedOA(pvpReq.getAuthURL()); + + Logger.info("Only the IDP session will be closed soon ..."); + + } Logger.debug("Active SSO Service-Provider: " + " BackChannel:" + sloContainer.getActiveBackChannelOAs().size() diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index 4fc37d88f..ff5379498 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -146,14 +146,14 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider { //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( PVPConstants.SSLSOCKETFACTORYNAME, - moaAuthConfig.getBasicMOAIDConfigurationBoolean( + moaAuthConfig.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), moaAuthConfig.getTrustedCACertificates(), null, AuthConfiguration.DEFAULT_X509_CHAININGMODE, moaAuthConfig.isTrustmanagerrevoationchecking(), moaAuthConfig.getRevocationMethodOrder(), - moaAuthConfig.getBasicMOAIDConfigurationBoolean( + moaAuthConfig.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); @@ -173,7 +173,7 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider { filterChain.getFilters().add(new SchemaValidationFilter(moaAuthConfig.isPVPSchemaValidationActive())); filterChain.getFilters().add(new MetadataSignatureFilter(metadataURL, certificate)); filterChain.getFilters().add( - new PVPEntityCategoryFilter(authConfig.getBasicMOAIDConfigurationBoolean( + new PVPEntityCategoryFilter(authConfig.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER, false))); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java index 389d97b18..ad7328433 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.signer; import java.util.Properties; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; @@ -32,7 +33,7 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.util.MiscUtil; -//@Service("PVPIDPCredentialProvider") +@Service("PVPIDPCredentialProvider") public class IDPCredentialProvider extends AbstractCredentialProvider { public static final String IDP_JAVAKEYSTORE = "idp.ks.file"; public static final String IDP_KS_PASS = "idp.ks.kspassword"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java index bd908f894..534f6797b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java @@ -76,14 +76,14 @@ public class MOASAMLSOAPClient { SecureProtocolSocketFactory sslprotocolsocketfactory = new MOAHttpProtocolSocketFactory( PVPConstants.SSLSOCKETFACTORYNAME, - AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean( + AuthConfigurationProviderFactory.getInstance().getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(), null, AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(), AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(), AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder(), - AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean( + AuthConfigurationProviderFactory.getInstance().getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); clientBuilder.setHttpsProtocolSocketFactory(sslprotocolsocketfactory ); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index 6bf44a527..e84bca330 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -94,7 +94,7 @@ public class SSLUtils { ConfigurationProvider conf, String url ) throws IOException, GeneralSecurityException, ConfigurationException, PKIException { - boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean( + boolean useStandardJavaTrustStore = conf.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false); @@ -154,7 +154,7 @@ public class SSLUtils { ConnectionParameterInterface connParam) throws IOException, GeneralSecurityException, ConfigurationException, PKIException { - boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean( + boolean useStandardJavaTrustStore = conf.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false); -- cgit v1.2.3 From 4392bf1deba6ac8c6c28a48d896b0fb7a8757a34 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 5 Jun 2019 13:11:15 +0200 Subject: move useMandate into parent interface --- .../java/at/gv/egovernment/moa/id/data/IMOAAuthData.java | 1 - .../gv/egovernment/moa/id/data/MOAAuthenticationData.java | 13 ------------- 2 files changed, 14 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java index 1e42b1e1b..7a298220b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java @@ -41,7 +41,6 @@ public interface IMOAAuthData extends IEidAuthData{ String getBkuURL(); String getInterfederatedIDP(); boolean isInterfederatedSSOSession(); - boolean isUseMandate(); IMISMandate getMISMandate(); Element getMandate(); String getMandateReferenceValue(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java index 9b6de0f29..f79e80cd2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java @@ -62,7 +62,6 @@ public class MOAAuthenticationData extends EidAuthenticationData implements IMOA private List roles = null; private String pvpAttribute_OU = null; - private boolean useMandate = false; private IMISMandate mandate = null; private String mandateReferenceValue = null; @@ -160,18 +159,6 @@ public class MOAAuthenticationData extends EidAuthenticationData implements IMOA this.mandate = mandate; } - - @Override - public boolean isUseMandate() { - return useMandate; - } - - - public void setUseMandate(boolean useMandate) { - this.useMandate = useMandate; - } - - @Override public boolean isPublicAuthority() { return publicAuthority; -- cgit v1.2.3 From be9690f51d848930ef61c7eb4ecf05ea1dc7f2b7 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 7 Jun 2019 10:45:07 +0200 Subject: update AuthenticationDataBuilder to support Prof.Rep bPKs in E-ID Proxy mode --- .../id/auth/builder/AuthenticationDataBuilder.java | 54 ++++++++++++++-------- 1 file changed, 36 insertions(+), 18 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 09d517f5a..d26f7b396 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -428,6 +428,24 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder authData.setMISMandate(misMandate); authData.setUseMandate(true); + //#################################################### + // set bPK and IdentityLink for Organwalter --> + // Organwalter has a special bPK is received from MIS + if (authData.isUseMandate() && session.isOW() && misMandate != null + && MiscUtil.isNotEmpty(misMandate.getOWbPK())) { + //TODO: if full-mandate is removed in OPB --> OWbPK functionality needs an update!!! + authData.setBPK(misMandate.getOWbPK()); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); + Logger.trace("Authenticated User is OW: " + misMandate.getOWbPK()); + + //set bPK and IdenityLink for all other + Logger.debug("User is an OW. Set original IDL into authdata ... "); + authData.setIdentityLink(session.getIdentityLink()); + + + + } + } catch (IOException e) { Logger.error("Base64 decoding of PVP-Attr:"+ PVPConstants.MANDATE_FULL_MANDATE_FRIENDLY_NAME + " FAILED.", e); @@ -471,24 +489,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } } - //#################################################### - // set bPK and IdentityLink for Organwalter --> - // Organwalter has a special bPK is received from MIS - if (authData.isUseMandate() && session.isOW() && misMandate != null - && MiscUtil.isNotEmpty(misMandate.getOWbPK())) { - //TODO: if full-mandate is removed in OPB --> OWbPK functionality needs an update!!! - authData.setBPK(misMandate.getOWbPK()); - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); - Logger.trace("Authenticated User is OW: " + misMandate.getOWbPK()); - - //set bPK and IdenityLink for all other - Logger.debug("User is an OW. Set original IDL into authdata ... "); - authData.setIdentityLink(session.getIdentityLink()); - - - - } - + //################################################################### //set PVP role attribute (implemented for ISA 1.18 action) includedToGenericAuthData.remove(PVPConstants.ROLES_NAME); @@ -926,7 +927,24 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } } } + @Override + protected boolean matchsReceivedbPKToOnlineApplication(ISPConfiguration oaParam, String bPKType) { + boolean bPKTypeMatch = oaParam.getAreaSpecificTargetIdentifier().equals(bPKType); + if (!bPKTypeMatch) { + Logger.trace("bPKType does not match to Online-Application. Checking if it is Prof.Rep. bPK ... "); + if (EAAFConstants.URN_PREFIX_OW_BPK.equals(bPKType)) { + Logger.debug("Find Prof.Rep. bPKType. This matchs on every SP-Target"); + bPKTypeMatch = true; + + } else + Logger.trace("bPKType is not of type: " + EAAFConstants.URN_PREFIX_OW_BPK + " Matching failed."); + + } + + return bPKTypeMatch; + } + @Override protected IAuthData getAuthDataInstance(IRequest pendingReq) throws EAAFException { throw new RuntimeException("This method is NOT supported by MOA-ID"); -- cgit v1.2.3 From e4fa532f93f10115e1f39c97cc96e5950a048884 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 11 Dec 2019 16:01:38 +0100 Subject: update to EAAF-Components 1.0.13.1 Enforce E-ID authentication based on Service-Provider configuration --- .../gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java | 3 ++- .../moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java | 3 ++- .../moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java | 6 +++--- 3 files changed, 7 insertions(+), 5 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java index bd183d906..6426e0e0c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.auth.modules; import org.springframework.beans.factory.annotation.Autowired; +import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; @@ -50,7 +51,7 @@ public class BKUSelectionModuleImpl implements AuthModule { * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) */ @Override - public String selectProcess(ExecutionContext context) { + public String selectProcess(ExecutionContext context, IRequest pendingReq) { boolean performBKUSelection = false; Object performBKUSelectionObj = context.get(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION); if (performBKUSelectionObj != null && performBKUSelectionObj instanceof Boolean) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java index b624e13ef..e8ce0f9c1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java @@ -22,6 +22,7 @@ */ package at.gv.egovernment.moa.id.auth.modules; +import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; @@ -46,7 +47,7 @@ public class SingleSignOnConsentsModuleImpl implements AuthModule { * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) */ @Override - public String selectProcess(ExecutionContext context) { + public String selectProcess(ExecutionContext context, IRequest pendingReq) { Object evaluationObj = context.get(PARAM_SSO_CONSENTS_EVALUATION); if (evaluationObj != null && evaluationObj instanceof Boolean) { boolean evaluateSSOConsents = (boolean) evaluationObj; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index ff5379498..0be49a23e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -64,7 +64,7 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider { @Override protected String getMetadataURL(String entityId) throws EAAFConfigurationException { - ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityId); + ISPConfiguration oaParam = moaAuthConfig.getServiceProviderConfiguration(entityId); if (oaParam != null) return oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); @@ -78,7 +78,7 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider { @Override protected MetadataProvider createNewMetadataProvider(String entityId) throws EAAFConfigurationException, IOException, CertificateException { - ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityId); + ISPConfiguration oaParam = moaAuthConfig.getServiceProviderConfiguration(entityId); if (oaParam != null) { String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); @@ -117,7 +117,7 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider { while (oaInterator.hasNext()) { Entry oaKeyPair = oaInterator.next(); - ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue()); + ISPConfiguration oaParam = moaAuthConfig.getServiceProviderConfiguration(oaKeyPair.getValue()); if (oaParam != null) { String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); if (MiscUtil.isNotEmpty(metadataurl)) -- cgit v1.2.3 From 38f60c2385cd47c320942fdc7c9eb158f0e320e0 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 13 Dec 2019 08:54:02 +0100 Subject: add code for SEMPER eIDAS extensions --- .../moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java index 19f865325..5ed237948 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java @@ -13,7 +13,7 @@ import org.springframework.stereotype.Service; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; -import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator; +import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor; import at.gv.egiz.eaaf.modules.pvp2.exception.NameIDFormatNotSupportedException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException; @@ -26,9 +26,9 @@ import at.gv.egovernment.moa.logging.Logger; * */ @Service("MOAAuthnRequestValidator") -public class AuthnRequestValidator implements IAuthnRequestValidator { +public class AuthnRequestValidator implements IAuthnRequestPostProcessor { - public void validate(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authnReq, SPSSODescriptor spSSODescriptor) throws AuthnRequestValidatorException{ + public void process(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authnReq, SPSSODescriptor spSSODescriptor) throws AuthnRequestValidatorException{ //validate NameIDPolicy NameIDPolicy nameIDPolicy = authnReq.getNameIDPolicy(); -- cgit v1.2.3 From bea0d19650b5fbbb48fcda0f39ef3a93d6cf6f1f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 13 Dec 2019 10:03:41 +0100 Subject: add missing 'needConsent' --> 'false' flag --- .../moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java | 1 + 1 file changed, 1 insertion(+) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java index 4fefaf17b..2c099abf6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java @@ -98,6 +98,7 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { pendingReq.setRawDataToTransaction(ssoMOSSession.getKeyValueRepresentationFromAuthSession());; //authenticate pending-request + pendingReq.setNeedUserConsent(false); pendingReq.setAuthenticated(true); pendingReq.setAbortedByUser(false); -- cgit v1.2.3 From d34f9161257e803e13618749a7b78df333b0f937 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 9 Jan 2020 10:23:46 +0100 Subject: reactivate foreign-bPKs and additional bPKs in MOA-ID mode --- .../moa/id/auth/builder/AuthenticationDataBuilder.java | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index d26f7b396..085874e77 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -538,7 +538,9 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder //build foreign bPKs generateForeignbPK(oaParam, authData); - + + Logger.debug("Search for additional bPKs"); + generateAdditonalbPK(authData, oaParam.additionalbPKSectorsRequested()); if (Boolean.parseBoolean( oaParam.getConfigurationValue( @@ -546,10 +548,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder String.valueOf(false)))) { Logger.info("Demo-Mode for Austrian eID is active. Post-Processing authData according the new requirements ... "); - //build additional bPKs - Logger.debug("Search for additional bPKs"); - generateAdditonalbPK(authData, oaParam.additionalbPKSectorsRequested()); - + //build additional bPKs Logger.debug("Clearing identitylink ... "); authData.setIdentityLink(null); -- cgit v1.2.3 From 70262ef097d022fa2c8cb8f7f95362b52e394b8c Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 15 Jan 2020 14:20:13 +0100 Subject: fix possible error in E-ID Proxy mode --- .../id/auth/builder/AuthenticationDataBuilder.java | 36 ++++++++++++++-------- 1 file changed, 24 insertions(+), 12 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 085874e77..6a01bd1fb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -912,18 +912,30 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder private void generateAdditonalbPK(MOAAuthenticationData authData, List additionalbPKSectorsRequested) throws EAAFBuilderException { if (additionalbPKSectorsRequested != null && !additionalbPKSectorsRequested.isEmpty()) { - Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); - for (String sector : additionalbPKSectorsRequested) { - Logger.trace("Process sector: " + sector + " ... "); - Pair bpk = new BPKBuilder().generateAreaSpecificPersonIdentifier( - authData.getIdentificationValue(), - authData.getIdentificationType(), - sector); - - Logger.trace("Calculate additional bPK for sector: " + bpk.getSecond() + " with value: " + bpk.getFirst() ); - authData.addAdditionalbPKPair(bpk); - - } + Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); + + try { + for (String sector : additionalbPKSectorsRequested) { + Logger.trace("Process sector: " + sector + " ... "); + Pair bpk = new BPKBuilder().generateAreaSpecificPersonIdentifier( + authData.getIdentificationValue(), + authData.getIdentificationType(), + sector); + + Logger.trace("Calculate additional bPK for sector: " + bpk.getSecond() + " with value: " + bpk.getFirst() ); + authData.addAdditionalbPKPair(bpk); + + } + + } catch (Exception e) { + Logger.warn("Can NOT generate additional bPKs. Reason: " + e.getMessage()); + + if (Logger.isDebugEnabled()) { + Logger.warn("StackTrace: ", e); + + } + + } } } @Override -- cgit v1.2.3 From be1c69d66fdf98658a3183e346401be9ad4d4cc3 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 20 Jan 2020 14:58:29 +0100 Subject: update maven repository --- .../id/auth/builder/AuthenticationDataBuilder.java | 41 ++++++++++++++++++++-- 1 file changed, 38 insertions(+), 3 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 6a01bd1fb..cdb0dae98 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -558,6 +558,10 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder Logger.info("Post-Processing for Austrian eID finished"); } + + injectNewEidAttributes(authData, session); + + //#################################################################### //copy all generic authentication information, which are not processed before to authData Iterator copyInterator = includedToGenericAuthData.iterator(); @@ -582,7 +586,33 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } - /** + private void injectNewEidAttributes(MOAAuthenticationData authData, IAuthenticationSession session) { + try { + String onlineIdl = session.getGenericDataFromSession(PVPConstants.EID_E_ID_TOKEN_NAME, String.class); + if (StringUtils.isNoneEmpty(onlineIdl)) { + authData.seteIDToken(Base64Utils.decode(onlineIdl, true)); + } + + } catch (IOException e) { + Logger.warn("Attribute: " + PVPConstants.EID_E_ID_TOKEN_NAME + " found, but injection failed: " + e.getMessage()); + + } + +// try { +// String eidStatusLevel = session.getGenericDataFromSession(PVPConstants.EID_IDENTITY_STATUS_LEVEL_NAME, String.class); +// if (StringUtils.isNotEmpty(eidStatusLevel)) { +// authData.setEidStatus(PVPConstants.EID_IDENTITY_STATUS_LEVEL_VALUES.); +// } +// } catch (Exception e) { +// Logger.warn("Attribute: " + PVPConstants.EID_IDENTITY_STATUS_LEVEL_NAME + " found, but injection failed: " + e.getMessage()); +// +// } + + } + + + + /** * @param authData * @param notValidbPK * @param notValidbPKType @@ -894,7 +924,12 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } } catch (Exception e) { - Logger.warn("Foreign bPK generation FAILED for sector: " + foreignSector, e); + Logger.info("Foreign bPK generation FAILED for sector: " + foreignSector); + if (Logger.isDebugEnabled()) { + Logger.warn("Details: ", e); + + } + } @@ -928,7 +963,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } } catch (Exception e) { - Logger.warn("Can NOT generate additional bPKs. Reason: " + e.getMessage()); + Logger.info("Can NOT generate additional bPKs. Reason: " + e.getMessage()); if (Logger.isDebugEnabled()) { Logger.warn("StackTrace: ", e); -- cgit v1.2.3 From 9ec3da77a6ed558e23fc5b476b672e66e8a3248b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 28 Jan 2020 10:36:46 +0100 Subject: fix wrong default configuration parameter that skips BKU selection --- .../at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java | 2 +- .../moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java index 6426e0e0c..8fba069cb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java @@ -58,7 +58,7 @@ public class BKUSelectionModuleImpl implements AuthModule { performBKUSelection = (boolean) performBKUSelectionObj; if (performBKUSelection && configuration != null - && configuration.getBasicConfigurationBoolean(PropertyBasedAuthConfigurationProvider.PROP_MOAID_MODE, false)) + && configuration.getBasicConfigurationBoolean(PropertyBasedAuthConfigurationProvider.PROP_MOAID_MODE, true)) return "BKUSelectionProcess"; else diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java index eae7aae9d..f299e0e94 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java @@ -235,7 +235,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide allowedProtcols.setPVP21Active( configuration.getBooleanValue( MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_ENABLED, true) - && getBasicConfigurationBoolean(PROP_MOAID_MODE, false)); + && getBasicConfigurationBoolean(PROP_MOAID_MODE, true)); return allowedProtcols; -- cgit v1.2.3 From 7c361d450a97b9d79a1da90961fd727d2808f9c8 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 19 Feb 2020 13:22:40 +0100 Subject: inject mandate-profiles into eIDAS MS-Connector request in case of SEMPER mode --- .../EidSpMandateProfilesAttributeBuilder.java | 50 ++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java new file mode 100644 index 000000000..c6eb74dd6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java @@ -0,0 +1,50 @@ +package at.gv.egovernment.moa.id.protocols.builder.attributes; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; + +public class EidSpMandateProfilesAttributeBuilder implements IAttributeBuilder { + private static final Logger log = LoggerFactory.getLogger(EidSpMandateProfilesAttributeBuilder.class); + + @Override + public T build(final ISPConfiguration oaParam, final IAuthData authData, final IAttributeGenerator g) + throws AttributeBuilderException { + if (oaParam instanceof IOAAuthParameters && ((IOAAuthParameters) oaParam).isShowMandateCheckBox()) { + return g.buildStringAttribute(getFriendlyName(), getName(), + StringUtils.join( + ((IOAAuthParameters) oaParam).getMandateProfiles(), ",")); + + } else { + log.info("{} is only available in AuthHandler context", getFriendlyName()); + + } + throw new UnavailableAttributeException(getName()); + + } + + @Override + public T buildEmpty(final IAttributeGenerator g) { + return g.buildEmptyAttribute(getFriendlyName(), getName()); + + } + + @Override + public String getName() { + return ExtendedPVPAttributeDefinitions.SP_USESMANDATES_NAME; + } + + private String getFriendlyName() { + return ExtendedPVPAttributeDefinitions.SP_USESMANDATES_FRIENDLY_NAME; + } + +} -- cgit v1.2.3 From 830e1912e44e666c6853c9fedefcb032637bd0d9 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 19 Feb 2020 13:46:10 +0100 Subject: separate between E-ID Proxy-Mode and Demo-Mode --- .../moa/id/auth/builder/AuthenticationDataBuilder.java | 12 ++++++++++-- .../moa/id/config/auth/OAAuthParameterDecorator.java | 6 +++++- 2 files changed, 15 insertions(+), 3 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index cdb0dae98..3a826ed13 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -222,7 +222,11 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder authData.setIseIDNewDemoMode(Boolean.parseBoolean( oaParam.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, - String.valueOf(false)))); + String.valueOf(false))) || + Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, + String.valueOf(false)))); if (authData.isIseIDNewDemoMode()) { Logger.info("Demo-mode for 'New Austrian eID' is active. Set 'BaseIDTransferRestrication' to true"); @@ -545,7 +549,11 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder if (Boolean.parseBoolean( oaParam.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, - String.valueOf(false)))) { + String.valueOf(false))) || + Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, + String.valueOf(false)))) { Logger.info("Demo-Mode for Austrian eID is active. Post-Processing authData according the new requirements ... "); //build additional bPKs diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java index ab2a07f7c..e76acfad5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java @@ -266,7 +266,11 @@ public String getKeyBoxIdentifier() { if (Boolean.parseBoolean( spConfiguration.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, - String.valueOf(false)))) { + String.valueOf(false))) || + Boolean.parseBoolean( + spConfiguration.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, + String.valueOf(false)))) { Logger.info("Demo-mode for 'New Austrian eID' is active. Restrict SAML1 response ... "); returnValue.setProvideBaseId(false); returnValue.setProvideAuthBlock(false); -- cgit v1.2.3 From bc13b94896adb39f8e9a4a7c5d838630fca1f73b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 6 Apr 2020 10:00:54 +0200 Subject: add mandate-profile attribute builder for SEMPER project --- .../builder/attributes/EidSpMandateProfilesAttributeBuilder.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java index c6eb74dd6..31563b267 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java @@ -5,15 +5,15 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions; -import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -public class EidSpMandateProfilesAttributeBuilder implements IAttributeBuilder { +public class EidSpMandateProfilesAttributeBuilder implements IPVPAttributeBuilder { private static final Logger log = LoggerFactory.getLogger(EidSpMandateProfilesAttributeBuilder.class); @Override -- cgit v1.2.3