From da0174d3b037468d243fad688ca1fd91c2049d24 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 16 Oct 2018 08:07:10 +0200 Subject: update third party libs to solve incompatibility with JDK11 --- .../at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java index 8d36e81bb..5149186f6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java @@ -36,7 +36,7 @@ import org.springframework.dao.DataAccessException; import org.springframework.data.redis.core.RedisOperations; import org.springframework.data.redis.core.RedisTemplate; import org.springframework.data.redis.core.SessionCallback; -import org.springframework.data.redis.serializer.JacksonJsonRedisSerializer; +import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer; import org.springframework.stereotype.Service; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; @@ -58,7 +58,7 @@ public class RedisTransactionStorage implements ITransactionStorage { protected AuthConfiguration authConfig; @Autowired - private JacksonJsonRedisSerializer assertionStoreSerializer; + private GenericJackson2JsonRedisSerializer assertionStoreSerializer; public RedisTemplate getTemplate(){ return this.redisTemplate; -- cgit v1.2.3 From f9cdab97942aac748915cd07c32669f37de57500 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 4 Feb 2019 07:56:51 +0100 Subject: update Spring Redis Backend --- id/server/idserverlib/pom.xml | 2 +- .../gv/egovernment/moa/id/storage/RedisTransactionStorage.java | 9 +++++---- .../idserverlib/src/main/resources/session.redis.beans.xml | 3 ++- pom.xml | 10 ++++++++-- 4 files changed, 16 insertions(+), 8 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index f819329f3..f15dea961 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -489,7 +489,7 @@ org.springframework.data spring-data-redis - 2.1.0.RELEASE + ${org.springframework.data.spring-data-redis} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java index 5149186f6..df43316ca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java @@ -36,7 +36,7 @@ import org.springframework.dao.DataAccessException; import org.springframework.data.redis.core.RedisOperations; import org.springframework.data.redis.core.RedisTemplate; import org.springframework.data.redis.core.SessionCallback; -import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer; +import org.springframework.data.redis.serializer.RedisSerializer; import org.springframework.stereotype.Service; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; @@ -58,7 +58,7 @@ public class RedisTransactionStorage implements ITransactionStorage { protected AuthConfiguration authConfig; @Autowired - private GenericJackson2JsonRedisSerializer assertionStoreSerializer; + private RedisSerializer assertionStoreSerializer; public RedisTemplate getTemplate(){ return this.redisTemplate; @@ -69,10 +69,11 @@ public class RedisTransactionStorage implements ITransactionStorage { } public boolean containsKey(String key) { + try { searchInDatabase(key); return true; - + } catch (MOADatabaseException e) { return false; } @@ -371,7 +372,7 @@ public void putRaw(String key, Object element) throws EAAFException { + " found. Process gets stopped."); } - redisTemplate.opsForValue().set(as.getArtifact(), new String(assertionStoreSerializer.serialize(element)),expTime,TimeUnit.MILLISECONDS); + redisTemplate.opsForValue().set(as.getArtifact(), new String(assertionStoreSerializer.serialize(as)),expTime,TimeUnit.MILLISECONDS); } diff --git a/id/server/idserverlib/src/main/resources/session.redis.beans.xml b/id/server/idserverlib/src/main/resources/session.redis.beans.xml index feda9b273..a352cf9ab 100644 --- a/id/server/idserverlib/src/main/resources/session.redis.beans.xml +++ b/id/server/idserverlib/src/main/resources/session.redis.beans.xml @@ -24,7 +24,8 @@ p:port="${redis.port}"/> - + + diff --git a/pom.xml b/pom.xml index 04fa9b53a..26e120adf 100644 --- a/pom.xml +++ b/pom.xml @@ -26,8 +26,9 @@ 1.0.5-Snapshot - 5.1.0.RELEASE - 2.1.0.RELEASE + 5.1.3.RELEASE + 2.1.3.RELEASE + 2.1.3.RELEASE 2.22.0 2.3.0 @@ -738,6 +739,11 @@ ${org.springframework.version} + + org.springframework.data + spring-data-redis + ${org.springframework.data.spring-data-redis} + -- cgit v1.2.3 From f24d03991c8ada1bfb9e402b04d68cf01906cbee Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 4 Feb 2019 07:58:24 +0100 Subject: move code for Cookie management into CookieUtils.java --- .../gv/egovernment/moa/id/moduls/SSOManager.java | 72 +++++++++++----------- .../at/gv/egovernment/moa/id/util/CookieUtils.java | 37 +++++++++++ 2 files changed, 73 insertions(+), 36 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index b5005d0c9..2b550f21e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -26,7 +26,6 @@ import java.util.Date; import java.util.Map; import java.util.Map.Entry; -import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -59,6 +58,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.CookieUtils; import at.gv.egovernment.moa.id.util.legacy.LegacyHelper; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -329,12 +329,12 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf } else { //check if IDP cookie is set - String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION); + String cookie = CookieUtils.getValueFromCookie(httpReq, SSOINTERFEDERATION); if (MiscUtil.isNotEmpty(cookie)) { Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie); moaReq.setRawDataToTransaction(DATAID_INTERFEDERATIOIDP_URL, cookie); - deleteCookie(httpReq, httpResp, SSOINTERFEDERATION); + CookieUtils.deleteCookie(httpReq, httpResp, SSOINTERFEDERATION); } } @@ -345,7 +345,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf } public void setInterfederationIDPCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String value) { - setCookie(httpReq, httpResp, SSOINTERFEDERATION, value, INTERFEDERATIONCOOKIEMAXAGE); + CookieUtils.setCookie(httpReq, httpResp, SSOINTERFEDERATION, value, INTERFEDERATIONCOOKIEMAXAGE); } @@ -443,7 +443,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf public String getSSOSessionID(HttpServletRequest httpReq) { - return getValueFromCookie(httpReq, SSOCOOKIE); + return CookieUtils.getValueFromCookie(httpReq, SSOCOOKIE); } @@ -510,43 +510,43 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf private void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) { - setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1); + CookieUtils.setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1); } private void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) { - deleteCookie(httpReq, httpResp, SSOCOOKIE); + CookieUtils.deleteCookie(httpReq, httpResp, SSOCOOKIE); } - private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) { - Cookie[] cookies = httpReq.getCookies(); - - if (cookies != null) { - for (Cookie cookie : cookies) { - if (cookie.getName().equals(cookieName)) { - return cookie.getValue(); - } - } - } - return null; - } - - private void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, - String cookieName, String cookieValue, int maxAge) { - - Cookie cookie = new Cookie(cookieName, cookieValue); - cookie.setMaxAge(maxAge); - cookie.setSecure(true); - cookie.setHttpOnly(true); - cookie.setPath(httpReq.getContextPath()); - - httpResp.addCookie(cookie); - } - - private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) { - setCookie(httpReq, httpResp, cookieName, "", 0); - - } +// private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) { +// Cookie[] cookies = httpReq.getCookies(); +// +// if (cookies != null) { +// for (Cookie cookie : cookies) { +// if (cookie.getName().equals(cookieName)) { +// return cookie.getValue(); +// } +// } +// } +// return null; +// } +// +// private void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, +// String cookieName, String cookieValue, int maxAge) { +// +// Cookie cookie = new Cookie(cookieName, cookieValue); +// cookie.setMaxAge(maxAge); +// cookie.setSecure(true); +// cookie.setHttpOnly(true); +// cookie.setPath(httpReq.getContextPath()); +// +// httpResp.addCookie(cookie); +// } +// +// private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) { +// setCookie(httpReq, httpResp, cookieName, "", 0); +// +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java new file mode 100644 index 000000000..21cbd574f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/CookieUtils.java @@ -0,0 +1,37 @@ +package at.gv.egovernment.moa.id.util; + +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +public class CookieUtils { + public static String getValueFromCookie(HttpServletRequest httpReq, String cookieName) { + Cookie[] cookies = httpReq.getCookies(); + + if (cookies != null) { + for (Cookie cookie : cookies) { + if (cookie.getName().equals(cookieName)) { + return cookie.getValue(); + } + } + } + return null; + } + + public static void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, + String cookieName, String cookieValue, int maxAge) { + + Cookie cookie = new Cookie(cookieName, cookieValue); + cookie.setMaxAge(maxAge); + cookie.setSecure(true); + cookie.setHttpOnly(true); + cookie.setPath(httpReq.getContextPath()); + + httpResp.addCookie(cookie); + } + + public static void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) { + setCookie(httpReq, httpResp, cookieName, "", 0); + + } +} -- cgit v1.2.3 From 9ddeacf32976d14c3f2f70ec446262998eb8a68e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 4 Feb 2019 08:00:14 +0100 Subject: add code for eID4U attribute collection --- .../tasks/GenericFrontChannelRedirectTask.java | 66 ++++++ .../main/resources/moaid.authentication.beans.xml | 4 + .../auth/modules/eidas/eID4UAPSignalServlet.java | 61 +++++ .../moa/id/auth/modules/eidas/eID4UConstants.java | 25 ++ .../modules/eidas/exceptions/eID4UAPException.java | 32 +++ .../tasks/CollectAddtionalAttributesTask.java | 124 +++++----- .../ReceiveConsentForAddtionalAttributesTask.java | 255 +++++++++++++++++++++ .../resources/eid4u.Authentication.process.xml | 15 +- .../src/main/resources/moaid_eidas_auth.beans.xml | 8 + .../moa/id/protocols/oauth20/OAuth20Constants.java | 3 +- .../oauth20/protocol/OAuth20Protocol.java | 12 +- 11 files changed, 530 insertions(+), 75 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenericFrontChannelRedirectTask.java create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenericFrontChannelRedirectTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenericFrontChannelRedirectTask.java new file mode 100644 index 000000000..e19d40773 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenericFrontChannelRedirectTask.java @@ -0,0 +1,66 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.internal.tasks; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Component("GenericFrontChannelRedirectTask") +public class GenericFrontChannelRedirectTask extends AbstractAuthServletTask { + + @Autowired IGUIFormBuilder guiBuilder; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + //perform redirect to itself to get out from BKU communication + Logger.trace("Perform generic 'http Redirect' to MOA-ID ... "); + performRedirectToItself(pendingReq, response, GeneralProcessEngineSignalController.ENDPOINT_GENERIC); + + } catch (Exception e) { + Logger.info("Generic redirect to MOA-ID: General Exception. Msg:" + e.getMessage()); + throw new TaskExecutionException(pendingReq, "MOA-ID-Auth: General Exception.", e); + + } + + } + +} diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml index 26fd1f986..02c683305 100644 --- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml +++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml @@ -106,6 +106,10 @@ class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask" scope="prototype"/> + + diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java new file mode 100644 index 000000000..c8c65ce76 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java @@ -0,0 +1,61 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; +import at.gv.egovernment.moa.id.util.CookieUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +@Controller +public class eID4UAPSignalServlet extends AbstractProcessEngineSignalController { + + public eID4UAPSignalServlet() { + Logger.debug("Registering servlet " + getClass().getName() + + " with mappings '"+ eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN + "'."); + + } + + @RequestMapping(value = {eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN }, + method = {RequestMethod.POST, RequestMethod.GET}) + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + signalProcessManagement(req, resp); + } + + @Override + /** + * Protocol specific implementation to get the pending-requestID + * from http request object + * + * @param request The http Servlet-Request object + * @return The Pending-request id + * + */ + public String getPendingRequestId(HttpServletRequest request) { + String pendigReqId = super.getPendingRequestId(request); + + if (MiscUtil.isEmpty(pendigReqId)) { + Logger.trace("No 'pendingReqID', seach for 'state' parameter in eID4U use-case ... "); + pendigReqId = request.getParameter(OAuth20Constants.PARAM_STATE); + if (MiscUtil.isEmpty(pendigReqId)) { + Logger.trace("No 'pendingReqID', seach HTTP-Cookie in eID4U use-case ... "); + pendigReqId = CookieUtils.getValueFromCookie(request, eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME); + if (MiscUtil.isEmpty(pendigReqId)) + Logger.info("NO eID4U cookie or 'state' parameter with pendingReqId."); + + } + } + + return pendigReqId; + + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java new file mode 100644 index 000000000..45eb161d3 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java @@ -0,0 +1,25 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas; + +public class eID4UConstants { + + //configuration parameter + public static final String CONFIG_PROPS_AP_CONSENT_ENTITYID = "moa.id.protocols.eIDAS.eID4U.AP.consent.entityID"; + public static final String CONFIG_PROPS_AP_CONSENT_URL = "moa.id.protocols.eIDAS.eID4U.AP.consent.url"; + public static final String CONFIG_PROPS_AP_SCOPES = "moa.id.protocols.eIDAS.eID4U.AP.scopes.full"; + public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_URL = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.url"; + public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_PARAM_GRANTTYPE = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.param.granttype"; + public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_USERNAME = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.username"; + public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_PASSWORD = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.password"; + public static final String CONFIG_PROPS_AP_DATASERVICE_URL = "moa.id.protocols.eIDAS.eID4U.AP.dataservice.url"; + + //session parameter + public static final String HTTP_TRANSACTION_COOKIE_NAME = "eID4APTransactionId"; + public static final String HTTP_ENDPOINT_AP_CONSENT_RETURN = "/eidas/eid4u/resume"; + + //process context + public static final String PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS = "collecteID4UAttr"; + public static final String PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER = "eID4UAttrProvbPK"; + + + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java new file mode 100644 index 000000000..b7a9fcba9 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java @@ -0,0 +1,32 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class eID4UAPException extends EIDASException { + + /** + * + */ + private static final long serialVersionUID = 1L; + + public eID4UAPException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + public eID4UAPException(String messageId, Object[] parameters, Throwable e) { + super(messageId, parameters, e); + } + + @Override + public String getStatusCodeFirstLevel() { + return StatusCode.RESPONDER_URI; + + } + + @Override + public String getStatusCodeSecondLevel() { + return StatusCode.AUTHN_FAILED_URI; + + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java index 7cd276043..9d9d44b34 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java @@ -11,23 +11,26 @@ import org.springframework.stereotype.Component; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; -import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egiz.eid4u.api.attributes.Definitions; -import at.gv.egiz.eid4u.api.attributes.natural.IdType; -import at.gv.egiz.eid4u.api.attributes.natural.MaritalState; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants; +import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SimpleEidasAttributeGenerator; import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthAction; import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20Protocol; +import at.gv.egovernment.moa.id.util.CookieUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.Builder; -import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; @Component("CollectAddtionalAttributesTask") public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { @@ -40,6 +43,8 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp) throws TaskExecutionException { try{ + context.put(eID4UConstants.PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS, false); + if (pendingReq instanceof EIDASData) { EIDASData eidasReq = (EIDASData) pendingReq; Logger.debug("Find eIDAS Auth. Req. Check if eID4U attributes are requested ..."); @@ -59,12 +64,26 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { ImmutableAttributeMap reqEid4uAttrList = reqEid4uAttrListBuilder.build(); if (reqEid4uAttrList != null && reqEid4uAttrList.size() > 0) { Logger.info("Starting eID4U attribute collection process ... "); - - //generate scope from attributes - - + + //mark execution context with eID4U AP flag + context.put(eID4UConstants.PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS, true); + //load connection parameters to TUG - String uniqueID = null; + String uniqueID = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_CONSENT_ENTITYID); + String redirectURI = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_CONSENT_URL); + String scopes = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_SCOPES); + + if (MiscUtil.isEmpty(scopes)) { + //generate scope from attributes + //TODO extract 'scopes' from requested attributes + Logger.warn("Dynamic 'scope' generation is currently NOT supported"); + + } + + Logger.debug("Load eID4U AP-Config:" + + " EntityID: " + uniqueID + + " RedirectURL:" + redirectURI + + " Scopes: " + scopes); /* @@ -72,10 +91,13 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { */ //generate fake OpenID_Connect request - OAuth20AuthRequest fakeOpenIDReq = new OAuth20AuthRequest(); + OAuth20AuthRequest fakeOpenIDReq = new OAuth20AuthRequest(); + fakeOpenIDReq.initialize(httpReq, authConfig); + fakeOpenIDReq.setSPEntityId(uniqueID); + fakeOpenIDReq.setModule(OAuth20Protocol.NAME); fakeOpenIDReq.setOnlineApplicationConfiguration(authConfig.getServiceProviderConfiguration(uniqueID)); fakeOpenIDReq.setScope("openId profile"); - + //populate with SessionData fakeOpenIDReq.setRawDataToTransaction( pendingReq.getSessionData(AuthenticationSessionWrapper.class) @@ -92,14 +114,33 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { Map idToken = openIDAuthAction.generateIDToken(o, fakeOpenIDReq, authData, accessToken); o.setAuthDataSession(idToken); transactionStorage.put(accessToken, o, -1); - - + //forward to TUG - - - //TODO: implement collection process - populateEid4uDummyAttributes(); + httpResp.setStatus(HttpServletResponse.SC_FOUND); + redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_OPENID_CODE, accessToken); + redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_SCOPE, scopes); + redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_STATE, + pendingReq.getPendingRequestId()); + redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_REDIRECT_URI, + pendingReq.getAuthURL() + eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN); + + final String finalUrl = redirectURI; + httpResp.addHeader("Location", finalUrl); + Logger.debug("REDIRECT TO: " + finalUrl.toString()); + //set session cookie, because eID4U AP from TUG maybe not support pendingReqIds on request level + CookieUtils.setCookie(httpReq, httpResp, + eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME, + pendingReq.getPendingRequestId(), -1); + + //set user's bPK into pendingRequst because TUG AttributeProvider needs it + pendingReq.setRawDataToTransaction( + eID4UConstants.PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER, + new BPKAttributeBuilder().build( + fakeOpenIDReq.getServiceProviderConfiguration(), + authData, + new SimpleEidasAttributeGenerator())); + requestStoreage.storePendingRequest(pendingReq); } else Logger.debug("No eID4U attributes found. Skip eID4U attribute collection"); @@ -108,54 +149,9 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { Logger.debug("No eIDAS Request found. Skip eID4U attribute collection"); } catch (Exception e) { - Logger.error("IdentityLink generation for foreign person FAILED.", e); - throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); - - } - - } - - private void populateEid4uDummyAttributes() { - try { - eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress.Builder dummyAddr = PostalAddress.builder(); - dummyAddr.postCode("8020"); - dummyAddr.postName("Graz"); - dummyAddr.addressId("25"); - dummyAddr.cvAddressArea("Mustergasse"); - dummyAddr.locatorDesignator("25"); - dummyAddr.thoroughfare("Mustergasse"); - - AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); - session.setGenericDataToSession(Definitions.IDTYPE_NAME, IdType.PASSPORT); - session.setGenericDataToSession(Definitions.IDNUMBER_NAME, "P0571414"); - session.setGenericDataToSession(Definitions.IDISSUER_NAME, "Magistrat Nirgendwo"); - session.setGenericDataToSession(Definitions.IDEXPIREDATE_NAME, "2020-01-01"); - session.setGenericDataToSession(Definitions.EHICID_NAME, "80010000012345678990"); - session.setGenericDataToSession(Definitions.NATIONALITY_NAME, "AT"); - session.setGenericDataToSession(Definitions.CITIZENSHIP_FRIENDLYNAME, "AT"); - session.setGenericDataToSession(Definitions.MARITALSTATE_NAME, MaritalState.SINGLE); - session.setGenericDataToSession(Definitions.COUNTRYOFBIRTH_NAME, "AT"); - session.setGenericDataToSession(Definitions.EMAIL_NAME, "max.mustermann@domain.at"); - session.setGenericDataToSession(Definitions.PHONE_NAME, "+43666111222444"); - session.setGenericDataToSession(Definitions.TEMPORARYADDRESS_NAME, dummyAddr.build()); - session.setGenericDataToSession(Definitions.TAXIDENTIFICATIONNUMBER_NAME, "AT/1213454654718"); - session.setGenericDataToSession(Definitions.HOMEINSTITUTIONNAME_NAME, "Graz Technical University"); - session.setGenericDataToSession(Definitions.HOMEINSTITUTIONIDENTIFIER_NAME, "A GRAZ02"); - session.setGenericDataToSession(Definitions.HOMEINSTITUTIONCOUNTRY_NAME, "AT"); - session.setGenericDataToSession(Definitions.HOMEINSTITUTIONADDRESS_NAME, dummyAddr.build()); - session.setGenericDataToSession(Definitions.CURRENTLEVELOFSTUDY_NAME, "7"); - session.setGenericDataToSession(Definitions.FIELDOFSTUDY_NAME, "52"); - session.setGenericDataToSession(Definitions.CURRENTDEGREE_NAME, "MsC"); - session.setGenericDataToSession(Definitions.DEGREE_NAME, "6"); - session.setGenericDataToSession(Definitions.DEGREEAWARDINGINSTITUTION_NAME, "Graz Technical University"); - session.setGenericDataToSession(Definitions.GRADUATIONYEAR_NAME, "2016"); - session.setGenericDataToSession(Definitions.DEGREECOUNTRY_NAME, "AT"); - - //TODO: not all attributes are populated with dummy values + Logger.error("eID4U AttributeProvider communication FAILED.", e); + throw new TaskExecutionException(pendingReq, "eID4U AttributeProvider communication FAILED", e); - } catch (EAAFStorageException e) { - // TODO Auto-generated catch block - e.printStackTrace(); } } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java new file mode 100644 index 000000000..3f1e999ca --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java @@ -0,0 +1,255 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; + +import java.io.InputStreamReader; +import java.nio.charset.StandardCharsets; +import java.util.Base64; + +import javax.net.ssl.SSLSocketFactory; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.http.Header; +import org.apache.http.HttpHeaders; +import org.apache.http.HttpResponse; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.protocol.HttpClientContext; +import org.apache.http.client.utils.URIBuilder; +import org.apache.http.impl.client.CloseableHttpClient; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egiz.eid4u.api.attributes.natural.IdType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants; +import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eID4UAPException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport; +import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; +import at.gv.egovernment.moa.id.util.CookieUtils; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; + +@Component("ReceiveConsentForAddtionalAttributesTask") +public class ReceiveConsentForAddtionalAttributesTask extends AbstractAuthServletTask { + + @Autowired private AuthConfiguration moaAuthConfig; + + @Override + public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp) + throws TaskExecutionException { + try{ + if (pendingReq instanceof EIDASData) { + EIDASData eidasReq = (EIDASData) pendingReq; + + //delete eID4U http Cookie with pendingRequestId + CookieUtils.deleteCookie(httpReq, httpResp, eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME); + + String authCode = httpReq.getParameter(OAuth20Constants.RESPONSE_CODE); + if (MiscUtil.isEmpty(authCode)) { + Logger.info("Find NO OAuth2 authCode as http parameter 'code'. eID4U AP process stopping ... "); + throw new eID4UAPException("NO OAuth2 'authCode' to access AP", null); + + } + Logger.trace("Find OAuth2 'code' with: " + authCode); + + /* + * access backend service with authCode + * + */ + String tokenServiceURL = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_URL); + String tokenServiceUsername = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_USERNAME); + String tokenServicePassword = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_PASSWORD); + + if (MiscUtil.isEmpty(tokenServiceURL)) { + Logger.info("NO TokenService URL in configuration for eID4U AP. "); + throw new eID4UAPException("NO TokenService URL in configuration for eID4U AP.", null); + + } + + //open http client + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( + moaAuthConfig, + tokenServiceURL); + CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient( + sslFactory, + authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); + + //build request URL + URIBuilder uriBuilderToken = new URIBuilder(tokenServiceURL); + uriBuilderToken.addParameter(OAuth20Constants.PARAM_GRANT_TYPE, + authConfig.getBasicConfiguration( + eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_PARAM_GRANTTYPE, + OAuth20Constants.PARAM_GRANT_TYPE_VALUE_AUTHORIZATION_CODE)); + uriBuilderToken.addParameter(OAuth20Constants.RESPONSE_CODE, authCode); + Logger.trace("Full eID4U Token-Service request URL: " + uriBuilderToken.build()); + + HttpGet httpGetToken = new HttpGet(uriBuilderToken.build()); + + HttpClientContext localContext = HttpClientContext.create(); + if (MiscUtil.isNotEmpty(tokenServiceUsername)) { + Logger.debug("Find AuthCredentials for eID4U AP. Injecting credentials ... "); + + //Raw work-around, because API solution does not work well + String auth = tokenServiceUsername.trim() + ":" + tokenServicePassword.trim(); + byte[] encodedAuth = Base64.getEncoder().encode(auth.getBytes(StandardCharsets.ISO_8859_1)); + String authHeader = "Basic " + new String(encodedAuth); + httpGetToken.setHeader(HttpHeaders.AUTHORIZATION, authHeader); + + //API solutuion +// HttpHost targetHost = new HttpHost(uriBuilderToken.build().toString()); +// AuthCache authCache = new BasicAuthCache(); +// authCache.put(targetHost, new BasicScheme()); +// +// CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); +// credentialsProvider.setCredentials(AuthScope.ANY, +// new UsernamePasswordCredentials(tokenServiceUsername.trim(), tokenServicePassword.trim())); +// localContext.setCredentialsProvider(credentialsProvider); +// localContext.setAuthCache(authCache); + + } + + //request tokenService + HttpResponse httpResultToken = httpClient.execute(httpGetToken, localContext); + + Logger.trace("Receive http StatusCode: " + httpResultToken.getStatusLine().getStatusCode() + + " from eID4U AP TokenService"); + + if (Logger.isTraceEnabled()) { + for (Header el : httpResultToken.getAllHeaders()) + Logger.trace("Headername:" + el.getName() + " Value:" + el.getValue()); + } + + if (httpResultToken.getStatusLine().getStatusCode() != 200) { + Logger.info("eID4U AP TokenService anwser with StatusCode:" + httpResultToken.getStatusLine().getStatusCode() + + " eID4U AP process stopping ... "); + throw new eID4UAPException("eID4U AP TokenService return statusCode: " + httpResultToken.getStatusLine().getStatusCode(), null); + + } + + //parse AccessToken from TokenService response + JsonElement fullToken = new JsonParser().parse( + new InputStreamReader(httpResultToken.getEntity().getContent())); + Logger.trace("FullToken: " + fullToken.toString()); + String accessToken = fullToken.getAsJsonObject().get(OAuth20Constants.RESPONSE_ACCESS_TOKEN).getAsString(); + + + //call Attribute Provider to receice eID4U attributes from TUG + String attrProviderServiceURL = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_DATASERVICE_URL); + if (MiscUtil.isEmpty(attrProviderServiceURL)) { + Logger.info("NO Attr.Provider Service URL in configuration for eID4U AP. "); + throw new eID4UAPException("NO Attr.Provider URL in configuration for eID4U AP.", null); + + } + + + URIBuilder uriBuilderAttrProv = new URIBuilder(attrProviderServiceURL); + HttpGet httpGetData = new HttpGet(uriBuilderAttrProv.build()); + + //encode and add token as header + String authHeader = "Bearer " + accessToken; + httpGetData.setHeader(HttpHeaders.AUTHORIZATION, authHeader); + + //get and add bPK as header + httpGetData.setHeader( + "X-PVP-BPK", + pendingReq.getRawData(eID4UConstants.PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER, String.class)); + + //request Attribute Provider + HttpResponse httpResultData = httpClient.execute(httpGetData); + + //parse response + Logger.trace("Receive http StatusCode: " + httpResultData.getStatusLine().getStatusCode() + + " from eID4U Attr.Provider Service"); + + if (Logger.isTraceEnabled()) { + for (Header el : httpResultData.getAllHeaders()) + Logger.trace("Headername:" + el.getName() + " Value:" + el.getValue()); + } + + if (httpResultData.getStatusLine().getStatusCode() != 200) { + Logger.info("eID4U Attr.Provider Service anwser with StatusCode:" + httpResultData.getStatusLine().getStatusCode() + + " eID4U AP process stopping ... "); + throw new eID4UAPException("eID4U Attr.Provider Service return statusCode: " + httpResultData.getStatusLine().getStatusCode(), null); + + } + + + //parse eID4U attributes from Attr.Provider service response + JsonElement fullAttrSet = new JsonParser().parse( + new InputStreamReader(httpResultData.getEntity().getContent())); + Logger.trace("FullAttrSet: " + fullAttrSet.toString()); + + + //TODO: implement collection process + populateEid4uDummyAttributes(fullAttrSet.getAsJsonObject()); + + + } else + Logger.debug("No eIDAS Request found. Skip eID4U attribute collection"); + + } catch (Exception e) { + Logger.error("IdentityLink generation for foreign person FAILED.", e); + throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + + } + + } + + private void populateEid4uDummyAttributes(JsonObject jsonObject) { + try { + eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress.Builder dummyAddr = PostalAddress.builder(); + dummyAddr.postCode("8020"); + dummyAddr.postName("Graz"); + dummyAddr.addressId("25"); + dummyAddr.cvAddressArea("Mustergasse"); + dummyAddr.locatorDesignator("25"); + dummyAddr.thoroughfare("Mustergasse"); + + AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + session.setGenericDataToSession(Definitions.IDTYPE_NAME, IdType.PASSPORT); + session.setGenericDataToSession(Definitions.IDNUMBER_NAME, "P0571414"); +// session.setGenericDataToSession(Definitions.IDISSUER_NAME, "Magistrat Nirgendwo"); +// session.setGenericDataToSession(Definitions.IDEXPIREDATE_NAME, "2020-01-01"); +// //session.setGenericDataToSession(Definitions.EHICID_NAME, "80010000012345678990"); +// session.setGenericDataToSession(Definitions.NATIONALITY_NAME, "AT"); +// session.setGenericDataToSession(Definitions.CITIZENSHIP_FRIENDLYNAME, "AT"); +// session.setGenericDataToSession(Definitions.MARITALSTATE_NAME, MaritalState.SINGLE); +// session.setGenericDataToSession(Definitions.COUNTRYOFBIRTH_NAME, "AT"); + session.setGenericDataToSession(Definitions.EMAIL_NAME, jsonObject.get("email").getAsString()); +// session.setGenericDataToSession(Definitions.PHONE_NAME, "+43666111222444"); +// session.setGenericDataToSession(Definitions.TEMPORARYADDRESS_NAME, dummyAddr.build()); + //session.setGenericDataToSession(Definitions.TAXIDENTIFICATIONNUMBER_NAME, "AT/1213454654718"); +// session.setGenericDataToSession(Definitions.HOMEINSTITUTIONNAME_NAME, "Graz Technical University"); +// session.setGenericDataToSession(Definitions.HOMEINSTITUTIONIDENTIFIER_NAME, "A GRAZ02"); +// session.setGenericDataToSession(Definitions.HOMEINSTITUTIONCOUNTRY_NAME, "AT"); +// session.setGenericDataToSession(Definitions.HOMEINSTITUTIONADDRESS_NAME, dummyAddr.build()); +// session.setGenericDataToSession(Definitions.CURRENTLEVELOFSTUDY_NAME, "7"); +// session.setGenericDataToSession(Definitions.FIELDOFSTUDY_NAME, "52"); + //session.setGenericDataToSession(Definitions.CURRENTDEGREE_NAME, "MsC"); +// session.setGenericDataToSession(Definitions.DEGREE_NAME, "6"); +// session.setGenericDataToSession(Definitions.DEGREEAWARDINGINSTITUTION_NAME, "Graz Technical University"); +// session.setGenericDataToSession(Definitions.GRADUATIONYEAR_NAME, "2016"); +// session.setGenericDataToSession(Definitions.DEGREECOUNTRY_NAME, "AT"); + + //TODO: not all attributes are populated with dummy values + + } catch (EAAFStorageException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml index 56af3955e..4ab49641f 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml @@ -17,9 +17,12 @@ + - + + + @@ -53,11 +56,15 @@ - + + + + - - + + + diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml index 836e6319b..da4a2a95b 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml @@ -17,6 +17,9 @@ + + @@ -39,5 +42,10 @@ + + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java index b0736ff2e..cc987bfe7 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java @@ -56,7 +56,8 @@ public final class OAuth20Constants { public static final String PARAM_SCOPE = "scope"; public static final String PARAM_MOA_MOD = "mod"; public static final String PARAM_MOA_ACTION = "action"; - + public static final String PARAM_OPENID_CODE = "openid_code"; + // reponse parameters public static final String RESPONSE_CODE = "code"; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index e83353059..0952ba0a6 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -107,12 +107,12 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme //openID Connect tokken request @RequestMapping(value = "/oauth2/token", method = {RequestMethod.POST, RequestMethod.GET}) - public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException { -// if (!authConfig.getAllowedProtocols().isOAUTHActive()) { -// Logger.info("OpenID-Connect is deaktivated!"); -// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); -// -// } + public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException, IOException, InvalidProtocolRequestException { + if (!moaAuthConfig.getAllowedProtocols().isOAUTHActive()) { + Logger.info("OpenID-Connect is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); + + } OAuth20TokenRequest pendingReq = applicationContext.getBean(OAuth20TokenRequest.class); try { -- cgit v1.2.3 From a917335ea69ab857f00bd17679e259fcc215cad9 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 4 Feb 2019 08:58:10 +0100 Subject: update SSLUtils to use default JVM trustStore for SSL connections as optional --- .../config/ConfigurationProvider.java | 1 + .../validation/oa/OAPVP2ConfigValidation.java | 3 +- .../task/impl/ServicesProtocolPVP2XTask.java | 3 +- .../pvp2x/metadata/MOAMetadataProvider.java | 4 +- .../protocols/pvp2x/utils/MOASAMLSOAPClient.java | 4 +- .../at/gv/egovernment/moa/id/util/SSLUtils.java | 11 ++++++ .../moa/id/commons/api/AuthConfiguration.java | 1 + .../utils/MOAHttpProtocolSocketFactory.java | 20 ++++++---- .../moa/id/commons/utils/ssl/SSLUtils.java | 44 +++++++++++++++++----- .../utils/EidasCentralAuthMetadataProvider.java | 4 +- .../engine/MOAeIDASChainingMetadataProvider.java | 4 +- .../utils/ELGAMandateServiceMetadataProvider.java | 4 +- 12 files changed, 79 insertions(+), 24 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index d249fa597..41a86cef2 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -633,6 +633,7 @@ public class ConfigurationProvider { try { MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( "MOAMetaDataProvider", + true, ConfigurationProvider.getInstance().getCertStoreDirectory(), ConfigurationProvider.getInstance().getTrustStoreDirectory(), null, diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index 8b41823e1..cbb7c88b2 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -129,6 +129,7 @@ public class OAPVP2ConfigValidation { try { MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( "MOAMetaDataProvider", + true, ConfigurationProvider.getInstance().getCertStoreDirectory(), ConfigurationProvider.getInstance().getTrustStoreDirectory(), null, @@ -145,7 +146,7 @@ public class OAPVP2ConfigValidation { log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); } catch (ConfigurationException e) { - log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e); + log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore."); } diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java index 2d6f7c9a9..1e5762f04 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java @@ -192,6 +192,7 @@ public class ServicesProtocolPVP2XTask extends AbstractTaskValidator implements try { MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( "MOAMetaDataProvider", + true, MOAIDWebGUIConfiguration.getInstance().getCertStoreDirectory(), MOAIDWebGUIConfiguration.getInstance().getTrustStoreDirectory(), null, @@ -208,7 +209,7 @@ public class ServicesProtocolPVP2XTask extends AbstractTaskValidator implements log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); } catch (at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException e) { - log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e); + log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore."); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index 1fa17c683..4fc37d88f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -145,7 +145,9 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider { try { //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( - PVPConstants.SSLSOCKETFACTORYNAME, + PVPConstants.SSLSOCKETFACTORYNAME, + moaAuthConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), moaAuthConfig.getTrustedCACertificates(), null, AuthConfiguration.DEFAULT_X509_CHAININGMODE, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java index d7ada1f36..bd908f894 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java @@ -75,7 +75,9 @@ public class MOASAMLSOAPClient { //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 SecureProtocolSocketFactory sslprotocolsocketfactory = new MOAHttpProtocolSocketFactory( - PVPConstants.SSLSOCKETFACTORYNAME, + PVPConstants.SSLSOCKETFACTORYNAME, + AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(), null, AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(), diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index 611dff3b1..6bf44a527 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -61,6 +61,7 @@ import javax.net.ssl.SSLSocketFactory; import org.apache.regexp.RE; import org.apache.regexp.RESyntaxException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider; import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; @@ -93,6 +94,10 @@ public class SSLUtils { ConfigurationProvider conf, String url ) throws IOException, GeneralSecurityException, ConfigurationException, PKIException { + boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, + false); + // else create new SSLSocketFactory String trustStoreURL = conf.getTrustedCACertificates(); @@ -107,6 +112,7 @@ public class SSLUtils { try { SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory( url, + useStandardJavaTrustStore, null, trustStoreURL, acceptedServerCertURL, @@ -148,6 +154,10 @@ public class SSLUtils { ConnectionParameterInterface connParam) throws IOException, GeneralSecurityException, ConfigurationException, PKIException { + boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, + false); + // else create new SSLSocketFactory String trustStoreURL = conf.getTrustedCACertificates(); @@ -162,6 +172,7 @@ public class SSLUtils { try { SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory( connParam.getUrl(), + useStandardJavaTrustStore, null, trustStoreURL, acceptedServerCertURL, diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java index a787cea00..4dd0a857f 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java @@ -11,6 +11,7 @@ import iaik.pki.revocation.RevocationSourceTypes; public interface AuthConfiguration extends ConfigurationProvider{ + public static final String PROP_KEY_SSL_USE_JVM_TRUSTSTORE = "configuration.ssl.useStandardJavaTrustStore"; public static final String PROP_KEY_SSL_HOSTNAME_VALIDATION = "configuration.ssl.validation.hostname"; public static final String PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION = "service.onlinemandates.ssl.validation.hostname"; public static final String PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER = "protocols.pvp2.metadata.entitycategories.active"; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java index bdadf681d..6c8c092ed 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java @@ -34,7 +34,6 @@ import java.util.Arrays; import java.util.List; import javax.net.ssl.SSLException; -import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; @@ -51,7 +50,6 @@ import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moaspss.logging.Logger; import iaik.pki.PKIException; -import sun.security.ssl.ProtocolVersion; /** * @author tlenz @@ -77,14 +75,15 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory * @throws MOAHttpProtocolSocketFactoryException */ public MOAHttpProtocolSocketFactory ( - String url, + String url, + boolean useStandardJavaTrustStore, String trustStoreURL, String acceptedServerCertURL, String chainingMode, boolean checkRevocation, String[] revocationMethodOrder, boolean verifyHostName) throws MOAHttpProtocolSocketFactoryException { - internalInitialize(url, null, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder); + internalInitialize(url, useStandardJavaTrustStore, null, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder); this.verifyHostName = verifyHostName; @@ -103,26 +102,31 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory * @param verifyHostName Enables / Disables hostName verfication * @throws MOAHttpProtocolSocketFactoryException */ - public MOAHttpProtocolSocketFactory(String url, String certStoreDirectory, String trustStoreURL, + public MOAHttpProtocolSocketFactory(String url, boolean useStandardJavaTrustStore, + String certStoreDirectory, + String trustStoreURL, String acceptedServerCertURL, String chainingMode, boolean checkRevocation, String[] revocationMethodOrder, boolean verifyHostName) throws MOAHttpProtocolSocketFactoryException { - internalInitialize(url, certStoreDirectory, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder); + internalInitialize(url, useStandardJavaTrustStore, certStoreDirectory, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder); this.verifyHostName = verifyHostName; } - private void internalInitialize(String url, String certStoreDirectory, String trustStoreURL, + private void internalInitialize(String url, boolean useStandardJavaTrustStore, + String certStoreDirectory, + String trustStoreURL, String acceptedServerCertURL, String chainingMode, boolean checkRevocation, String[] revocationMethodOrder) throws MOAHttpProtocolSocketFactoryException { try { this.sslfactory = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory( - url, + url, + useStandardJavaTrustStore, certStoreDirectory, trustStoreURL, acceptedServerCertURL, diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java index e6efca4ea..a96daead3 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java @@ -108,8 +108,29 @@ public class SSLUtils { } } + /** + * Get SSLSocketFactory with TrustStore and KeyStore implementations + * + * @param url URL of the Service that should be connected + * @param useStandardJavaTrustStore Flag to use standard JVM truststore + * @param certStoreRootDirParam Path to certStore, if own truststore is used + * @param trustStoreURL Path to truststore, if own truststore is used + * @param acceptedServerCertURL Path to whitelist with EE-Server certificats, if own truststore is used + * @param chainingMode PKIX-Mode or Onion-Model for certificate validation, if own truststore is used + * @param checkRevocation Flag to activate or deactivate revocation checks, if own truststore is used + * @param revocationMethodOrder Revocation check order (CLR, OCSP), if own truststore is used + * @param clientKeyStoreURL Path to KeyStore for SSL Client-Authentication, or null + * @param clientKeyStorePassword KeyStore password + * @param clientKeyStoreType KeyStore type + * @return + * @throws IOException + * @throws GeneralSecurityException + * @throws SSLConfigurationException + * @throws PKIException + */ public static SSLSocketFactory getSSLSocketFactory( - String url, + String url, + boolean useStandardJavaTrustStore, String certStoreRootDirParam, String trustStoreURL, String acceptedServerCertURL, @@ -130,14 +151,19 @@ public class SSLUtils { return ssf; } - - TrustManager[] tms = getTrustManagers( - certStoreRootDirParam, - chainingMode, - trustStoreURL, - acceptedServerCertURL, - checkRevocation, - revocationMethodOrder); + + //initialize own trust-store implementation + TrustManager[] tms = null; + if (useStandardJavaTrustStore) { + tms = getTrustManagers( + certStoreRootDirParam, + chainingMode, + trustStoreURL, + acceptedServerCertURL, + checkRevocation, + revocationMethodOrder); + + } KeyManager[] kms = getKeyManagers( clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java index 5cee90658..cd3f1f788 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java @@ -322,7 +322,9 @@ public class EidasCentralAuthMetadataProvider extends SimpleMetadataProvider try { //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( - PVPConstants.SSLSOCKETFACTORYNAME, + PVPConstants.SSLSOCKETFACTORYNAME, + moaAuthConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), moaAuthConfig.getTrustedCACertificates(), null, AuthConfiguration.DEFAULT_X509_CHAININGMODE, diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java index aca818532..feeff6f84 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java @@ -440,7 +440,9 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider imp AuthConfiguration moaAuthConfig = (AuthConfiguration) basicConfig; //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( - PVPConstants.SSLSOCKETFACTORYNAME, + PVPConstants.SSLSOCKETFACTORYNAME, + basicConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), moaAuthConfig.getTrustedCACertificates(), null, AuthConfiguration.DEFAULT_X509_CHAININGMODE, diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java index e8cfae10a..7bb98c719 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java @@ -322,7 +322,9 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMetadataProvider try { //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( - PVPConstants.SSLSOCKETFACTORYNAME, + PVPConstants.SSLSOCKETFACTORYNAME, + moaAuthConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), moaAuthConfig.getTrustedCACertificates(), null, AuthConfiguration.DEFAULT_X509_CHAININGMODE, -- cgit v1.2.3 From f00f82ec9f0f1e4210d17b857cab44e49357daca Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 12 Feb 2019 12:32:20 +0100 Subject: add Log messages --- .../main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java | 1 + .../java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index 0285dd75b..14a2b583b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -105,6 +105,7 @@ public class LogOutServlet { } catch (Exception e) { resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed."); + Logger.warn("Requested URL is not in PublicPrefix Configuration"); return; } finally { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index e5a8bb739..478462adb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -86,7 +86,8 @@ public class RedirectServlet { List allowedPublicUrlPrefixes = authConfig.getPublicURLPrefix(); if ((oa == null && !checkRedirectToItself(url, allowedPublicUrlPrefixes)) - || !authConfig.getPublicURLPrefix().contains(authURL)) { + || !authConfig.getPublicURLPrefix().contains(authURL)) { + Logger.warn("Requested URL " + authURL + " is not in PublicPrefix Configuration"); resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid"); return; -- cgit v1.2.3 From ffb4fc9f4ff9e1779ae4da8017fc686881a3e8ae Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 18 Feb 2019 08:30:49 +0100 Subject: add 'Austrian eID' demo-mode to simulate attribute behavior from 2020 --- .../data/oa/OATargetConfiguration.java | 51 +- .../resources/applicationResources_de.properties | 8 +- .../resources/applicationResources_en.properties | 5 +- .../validation/task/impl/ServicesTargetTask.java | 7 + .../id/auth/builder/AuthenticationDataBuilder.java | 49 ++ .../id/config/auth/OAAuthParameterDecorator.java | 24 + .../config/auth/data/DynamicOAAuthParameters.java | 7 +- .../gv/egovernment/moa/id/data/IMOAAuthData.java | 6 + .../moa/id/data/MOAAuthenticationData.java | 658 +-------------------- .../attributes/BPKListAttributeBuilder.java | 52 ++ .../protocols/builder/attributes/EIDAuthBlock.java | 8 + .../MandateFullMandateAttributeBuilder.java | 10 +- .../attributes/SimpleStringAttributeGenerator.java | 68 +++ .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder | 1 + .../moa/id/config/auth/data/DummyOAConfig.java | 6 + .../moa/id/commons/api/IOAAuthParameters.java | 12 +- .../config/ConfigurationMigrationUtils.java | 25 +- .../config/MOAIDConfigurationConstants.java | 2 + .../dao/config/deprecated/OnlineApplication.java | 26 +- .../eidas/utils/SimpleEidasAttributeGenerator.java | 68 --- .../modules/eidas/utils/eIDASAttributeBuilder.java | 3 +- .../attributes/OAuth20AttributeBuilder.java | 10 +- .../auth/modules/sl20_auth/dummydata/DummyOA.java | 6 + .../data/SSOTransferAuthenticationData.java | 13 + .../data/SSOTransferOnlineApplication.java | 6 + .../protocols/saml1/SAML1AuthenticationServer.java | 38 +- pom.xml | 14 +- 27 files changed, 451 insertions(+), 732 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java delete mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java index 381bf5cc7..b2671302c 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java @@ -59,6 +59,8 @@ public class OATargetConfiguration implements IOnlineApplicationData { private static List identificationTypeList = null; private String foreignbPKTargets = null; + private String additionalbPKTargets = null; + private boolean eidDemoActive = false; public OATargetConfiguration() { targetList = TargetValidator.getListOfTargets(); @@ -165,7 +167,26 @@ public class OATargetConfiguration implements IOnlineApplicationData { } } + + //parse additional bPK sector list + if (dbOA.getAdditionalbPKTargetList() != null) { + if (KeyValueUtils.isCSVValueString(dbOA.getAdditionalbPKTargetList())) + additionalbPKTargets = KeyValueUtils.normalizeCSVValueString(dbOA.getAdditionalbPKTargetList()); + else { + if (dbOA.getAdditionalbPKTargetList().contains(KeyValueUtils.CSV_DELIMITER)) { + //remove trailing comma if exist + additionalbPKTargets = dbOA.getAdditionalbPKTargetList().substring(0, + dbOA.getAdditionalbPKTargetList().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else + additionalbPKTargets = dbOA.getAdditionalbPKTargetList(); + + } + } + + //parse 'Austrian eID mode' flag + eidDemoActive = dbOA.getIseIDDemoModeActive(); return null; @@ -277,7 +298,9 @@ public class OATargetConfiguration implements IOnlineApplicationData { } } - dbOA.setForeignbPKTargetList(getForeignbPKTargets()); + dbOA.setForeignbPKTargetList(getForeignbPKTargets()); + dbOA.setAdditionalbPKTargetList(getAdditionalbPKTargets()); + dbOA.setIseIDDemoModeActive(isEidDemoActive()); return null; } @@ -441,6 +464,32 @@ public class OATargetConfiguration implements IOnlineApplicationData { else this.foreignbPKTargets = foreignbPKTargets; } + + + public String getAdditionalbPKTargets() { + return additionalbPKTargets; + } + + + public void setAdditionalbPKTargets(String additionalbPKTargets) { + if (MiscUtil.isNotEmpty(additionalbPKTargets)) + this.additionalbPKTargets = + KeyValueUtils.removeAllNewlineFromString(additionalbPKTargets); + else + this.additionalbPKTargets = additionalbPKTargets; + + } + + + public boolean isEidDemoActive() { + return eidDemoActive; + } + + + public void setEidDemoActive(boolean eidDemoActive) { + this.eidDemoActive = eidDemoActive; + } + diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties index 2a57620bb..fbd6fedcd 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties @@ -242,8 +242,7 @@ webpages.oaconfig.general.mandate.elgaservice.selected=ELGA Vollmachten Service webpages.oaconfig.general.friendlyname=Name der Online-Applikation webpages.oaconfig.general.isbusinessservice=Privatwirtschaftliche Applikation webpages.oaconfig.general.isstorkservice=Stork Applikation -webpages.oaconfig.general.public.header=Öffentlicher Bereich -webpages.oaconfig.general.foreignbpk.header=Fremd-bPK Konfiguration +webpages.oaconfig.general.public.header=Öffentlicher Bereich webpages.oaconfig.general.stork.header=STORK Bereich webpages.oaconfig.general.stork.countrycode=Landesvorwahl webpages.oaconfig.general.target.friendlyname=Bezeichnung des Bereichs (Frei w\u00E4hlbar) @@ -263,8 +262,11 @@ webpages.oaconfig.general.aditional.iframe=B\u00FCrgerkartenauswahl im IFrame webpages.oaconfig.general.aditional.useUTC=UTC Zeit verwenden webpages.oaconfig.general.aditional.calculateHPI="TODO!" webpages.oaconfig.general.isHideBPKAuthBlock=bPK/wbPK im AuthBlock ausblenden -webpages.oaconfig.general.foreign.sectors=Sektoren f\u00FCr Fremd-bPKs (CSV) +webpages.oaconfig.general.neweid.header=Demo-Modus zur Simulation der Austrian eID +webpages.oaconfig.general.neweid.activate=Demo-Modus aktivieren +webpages.oaconfig.general.foreign.sectors=Sektoren f\u00FCr Fremd-bPKs (CSV) +webpages.oaconfig.general.additionalbpks.sectors=Sektoren f\u00FCr weitere bPKs (CSV) webpages.oaconfig.general.szrgw.header=Zentraler nationaler eIDAS Connector webpages.oaconfig.general.szrgw.selected=URL zum zentralen eIDAS Connector diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties index 6b6fe9193..f49bbfdc8 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties @@ -249,7 +249,6 @@ webpages.oaconfig.general.friendlyname=Name of the Online-Application webpages.oaconfig.general.isbusinessservice=Private sector application webpages.oaconfig.general.isstorkservice=Stork application webpages.oaconfig.general.public.header=Public sector -webpages.oaconfig.general.foreignbpk.header=Foreign sectors configuration webpages.oaconfig.general.stork.header=STORK sector webpages.oaconfig.general.stork.countrycode=Country code webpages.oaconfig.general.target.friendlyname=Name of the sector (arbitrary defined) @@ -269,7 +268,11 @@ webpages.oaconfig.general.aditional.iframe=Selection of citizen card in IFrame webpages.oaconfig.general.aditional.useUTC=Use UTC time webpages.oaconfig.general.aditional.calculateHPI="TODO!" webpages.oaconfig.general.isHideBPKAuthBlock=Hide bPK/wbPK from AuthBlock + +webpages.oaconfig.general.neweid.header=Demo-mode to simulate new Austrian eID +webpages.oaconfig.general.neweid.activate=Activate demo-mode webpages.oaconfig.general.foreign.sectors=Sectors for foreign pseudonyms (CSV) +webpages.oaconfig.general.additionalbpks.sectors=Sectors for additional pseudonyms (CSV) webpages.oaconfig.general.szrgw.header=Central national eIDAS Connector webpages.oaconfig.general.szrgw.selected=URL to central eIDAS Connector diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java index 27b45fa78..950d97908 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java @@ -215,6 +215,13 @@ public class ServicesTargetTask extends AbstractTaskValidator implements ITaskVa } + //validate foreign bPK targets + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS); + if (MiscUtil.isNotEmpty(check)) { + log.debug("Find additional bPK targets, but no validation is required"); + + } + if (!errors.isEmpty()) throw new ConfigurationTaskValidationException(errors); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 3e6308bf6..c58f19333 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -75,6 +75,7 @@ import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; @@ -212,6 +213,18 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder try { //generate basic authentication data generateBasicAuthData(authData, protocolRequest, session); + + //set Austrian eID demo-mode flag + authData.setIseIDNewDemoMode(Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, + String.valueOf(false)))); + + if (authData.isIseIDNewDemoMode()) { + Logger.info("Demo-mode for 'New Austrian eID' is active. Set 'BaseIDTransferRestrication' to true"); + authData.setBaseIDTransferRestrication(true); + + } // #### generate MOA-ID specific authentication data ###### @@ -521,6 +534,26 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder //build foreign bPKs generateForeignbPK(authData, oaParam.foreignbPKSectorsRequested()); + + if (Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, + String.valueOf(false)))) { + Logger.info("Demo-Mode for Austrian eID is active. Post-Processing authData according the new requirements ... "); + + //build additional bPKs + Logger.debug("Search for additional bPKs"); + generateAdditonalbPK(authData, oaParam.additionalbPKSectorsRequested()); + + Logger.debug("Clearing identitylink ... "); + authData.setIdentityLink(null); + + Logger.debug("Clearing authBlock ... "); + authData.setAuthBlock(null); + + Logger.info("Post-Processing for Austrian eID finished"); + } + //#################################################################### //copy all generic authentication information, which are not processed before to authData Iterator copyInterator = includedToGenericAuthData.iterator(); @@ -827,4 +860,20 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } + private void generateAdditonalbPK(MOAAuthenticationData authData, List additionalbPKSectorsRequested) throws EAAFBuilderException { + if (additionalbPKSectorsRequested != null && !additionalbPKSectorsRequested.isEmpty()) { + Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); + for (String sector : additionalbPKSectorsRequested) { + Logger.trace("Process sector: " + sector + " ... "); + Pair bpk = new BPKBuilder().generateAreaSpecificPersonIdentifier( + authData.getIdentificationValue(), + authData.getIdentificationType(), + sector); + + Logger.trace("Calculate additional bPK for sector: " + bpk.getSecond() + " with value: " + bpk.getFirst() ); + authData.addAdditionalbPKPair(bpk); + + } + } + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java index a2dfeba2f..ab2a07f7c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java @@ -263,6 +263,19 @@ public String getKeyBoxIdentifier() { returnValue.setProvideAllErrors( Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_RETURNERROR))); + if (Boolean.parseBoolean( + spConfiguration.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, + String.valueOf(false)))) { + Logger.info("Demo-mode for 'New Austrian eID' is active. Restrict SAML1 response ... "); + returnValue.setProvideBaseId(false); + returnValue.setProvideAuthBlock(false); + returnValue.setProvideIdl(false); + returnValue.setProvideMandate(false); + + } + + return returnValue; } @@ -920,6 +933,16 @@ public List foreignbPKSectorsRequested() { } +@Override +public List additionalbPKSectorsRequested() { + String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS); + if (MiscUtil.isNotEmpty(value)) + return KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(value)); + + else + return null; + +} @Override @@ -1002,4 +1025,5 @@ public boolean isConfigurationValue(String key, boolean defaultValue) { } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java index 390b77dab..1b2d203c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java @@ -540,6 +540,12 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{ return null; } + @Override + public List additionalbPKSectorsRequested() { + // TODO Auto-generated method stub + return null; + } + @Override public boolean containsConfigurationKey(String arg0) { // TODO Auto-generated method stub @@ -593,6 +599,5 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{ public String getLoAMatchingMode() { return EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM; } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java index ff4b96aab..415f4db18 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java @@ -35,4 +35,10 @@ public interface IMOAAuthData extends IAuthData{ String getPvpAttribute_OU(); List getAuthenticationRoles(); + /** + * Indicate Austrian eID demo-mode + * + * @return true if it is in demo-mode, otherwise false + */ + public boolean isIseIDNewDemoMode(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java index ca0ae0687..c1545f354 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java @@ -69,6 +69,8 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut private LoALevelMapper loaMapper; + private boolean iseIDNewDemoMode = false; + public MOAAuthenticationData(ILoALevelMapper loaMapper) { if (loaMapper instanceof LoALevelMapper) this.loaMapper = (LoALevelMapper) loaMapper; @@ -321,648 +323,18 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut public void setQualifiedCertificate(boolean qualifiedCertificate) { this.qualifiedCertificate = qualifiedCertificate; } - - -// private static final long serialVersionUID = -1042697056735596866L; -// public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; -// -// /** -// * URL of the MOA-ID Auth component issueing this assertion -// */ -// private String issuer; -// /** -// * time instant of issue of this assertion -// */ -// private Date issueInstant; -// /** -// * user identification value (Stammzahl); null, -// * if the authentication module is configured not to return this data -// */ -// private String identificationValue; -// /** -// * user identification type -// */ -// private String identificationType; -// -// /** -// * user identityLink specialized to OAParamter -// */ -// private IIdentityLink identityLink; -// -// /** -// * application specific user identifier (bPK/wbPK) -// */ -// private String bPK; -// -// /** -// * application specific user identifier type -// */ -// private String bPKType; -// -// /** -// * given name of the user -// */ -// private String givenName; -// /** -// * family name of the user -// */ -// private String familyName; -// /** -// * date of birth of the user -// */ -// private Date dateOfBirth; -// /** -// * says whether the certificate is a qualified certificate or not -// */ -// -// /** -// * says whether the certificate is a public authority or not -// */ -// /** -// * public authority code (Behördenkennzeichen - BKZ) -// */ -// -// -// /** -// * URL of the BKU -// */ -// -// /** -// * the corresponding lt;saml:Assertion> -// */ -// -// private boolean isBaseIDTransferRestrication = true; -// -// -// /** -// * STORK attributes from response -// */ -// private String ccc = null; -// -// private Map genericDataStorate = new HashedMap(); -// -// -// -// private String authBlock = null; -// private List encbPKList = null; -// -// //ISA 1.18 attributes -// private List roles = null; -// private String pvpAttribute_OU = null; -// -// private boolean useMandate = false; -// private IMISMandate mandate = null; -// private String mandateReferenceValue = null; -// -// private boolean foreigner =false; -// private String QAALevel = null; -// -// private boolean ssoSession = false; -// private Date ssoSessionValidTo = null; -// -//// private boolean interfederatedSSOSession = false; -//// private String interfederatedIDP = null; -// -// private String sessionIndex = null; -// private String nameID = null; -// private String nameIDFormat = null; -// -// public AuthenticationData() { -// issueInstant = new Date(); -// } -// -// /** -// * Returns the publicAuthority. -// * @return boolean -// */ -// public boolean isPublicAuthority() { -// return publicAuthority; -// } -// -// /** -// * Returns the publicAuthorityCode. -// * @return String -// */ -// public String getPublicAuthorityCode() { -// return publicAuthorityCode; -// } -// -// /** -// * Returns the qualifiedCertificate. -// * @return boolean -// */ -// public boolean isQualifiedCertificate() { -// return qualifiedCertificate; -// } -// -// /** -// * Returns the bPK. -// * @return String -// */ -// public String getBPK() { -// return bPK; -// } -// -// /** -// * Sets the publicAuthority. -// * @param publicAuthority The publicAuthority to set -// */ -// public void setPublicAuthority(boolean publicAuthority) { -// this.publicAuthority = publicAuthority; -// } -// -// /** -// * Sets the publicAuthorityCode. -// * @param publicAuthorityIdentification The publicAuthorityCode to set -// */ -// public void setPublicAuthorityCode(String publicAuthorityIdentification) { -// this.publicAuthorityCode = publicAuthorityIdentification; -// } -// -// /** -// * Sets the qualifiedCertificate. -// * @param qualifiedCertificate The qualifiedCertificate to set -// */ -// public void setQualifiedCertificate(boolean qualifiedCertificate) { -// this.qualifiedCertificate = qualifiedCertificate; -// } -// -// /** -// * Sets the bPK. -// * @param bPK The bPK to set -// */ -// public void setBPK(String bPK) { -// this.bPK = bPK; -// } -// -// /** -// * Returns the dateOfBirth. -// * @return String -// */ -// public Date getDateOfBirth() { -// return dateOfBirth; -// } -// -// public String getFormatedDateOfBirth() { -// DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); -// if (getDateOfBirth() != null) -// return pvpDateFormat.format(getDateOfBirth()); -// else -// return "2999-12-31"; -// } -// -// /** -// * Returns the familyName. -// * @return String -// */ -// public String getFamilyName() { -// return familyName; -// } -// -// /** -// * Returns the givenName. -// * @return String -// */ -// public String getGivenName() { -// return givenName; -// } -// -// /** -// * Holds the baseID of a citizen -// * -// * @return baseID -// */ -// public String getIdentificationValue() { -// return identificationValue; -// } -// -// /** -// * Holds the type of the baseID -// * -// * @return baseID-Type -// */ -// public String getIdentificationType() { -// return identificationType; -// } -// -// /** -// * Returns the issueInstant. -// * @return String -// */ -// public String getIssueInstantString() { -// return DateTimeUtils.buildDateTimeUTC(issueInstant); -// -// } -// -// /** -// * Returns the issueInstant. -// * @return String -// */ -// public Date getIssueInstant() { -// return issueInstant; -// -// } -// -// public void setIssueInstant(Date date) { -// this.issueInstant = date; -// } -// -// /** -// * Returns the issuer. -// * @return String -// */ -// public String getIssuer() { -// return issuer; -// } -// -// /** -// * Returns the BKU URL. -// * @return String -// */ -// public String getBkuURL() { -// return bkuURL; -// } -// -// /** -// * Sets the dateOfBirth. -// * @param dateOfBirth The dateOfBirth to set -// */ -// public void setDateOfBirth(Date dateOfBirth) { -// this.dateOfBirth = dateOfBirth; -// } -// -// public void setDateOfBirth(String dateOfBirth) { -// try { -// if (MiscUtil.isNotEmpty(dateOfBirth)) { -// DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); -// this.dateOfBirth = identityLinkFormat.parse(dateOfBirth); -// } -// -// } catch (ParseException e) { -// Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e); -// -// } -// } -// -// /** -// * Sets the familyName. -// * @param familyName The familyName to set -// */ -// public void setFamilyName(String familyName) { -// this.familyName = familyName; -// } -// -// /** -// * Sets the givenName. -// * @param givenName The givenName to set -// */ -// public void setGivenName(String givenName) { -// this.givenName = givenName; -// } -// -// /** -// * Sets the identificationValue. -// * @param identificationValue The identificationValue to set -// */ -// public void setIdentificationValue(String identificationValue) { -// this.identificationValue = identificationValue; -// } -// -// /** -// * Sets the identificationType. -// * @param identificationType The identificationType to set -// */ -// public void setIdentificationType(String identificationType) { -// this.identificationType = identificationType; -// } -// -// /** -// * Sets the issuer. -// * @param issuer The issuer to set -// */ -// public void setIssuer(String issuer) { -// this.issuer = issuer; -// } -// -// /** -// * Sets the bkuURL -// * @param url The BKU URL to set -// */ -// public void setBkuURL(String url) { -// this.bkuURL = url; -// } -// -// public String getBPKType() { -// return bPKType; -// } -// -// public void setBPKType(String bPKType) { -// this.bPKType = bPKType; -// } -// - -// -// - -// -// -// public String getEIDASQAALevel() { -// if (this.QAALevel != null && -// this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) { -// String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel); -// if (MiscUtil.isNotEmpty(mappedQAA)) -// return mappedQAA; -// -// else { -// Logger.error("STORK QAA-level:" + this.QAALevel -// + " can not be mapped to eIDAS QAA-level! Use " -// + PVPConstants.EIDAS_QAA_LOW + " as default value."); -// return PVPConstants.EIDAS_QAA_LOW; -// -// } -// -// -// } else -// return this.QAALevel; -// -// } -// -// -// /** -// * @return -// */ -// public boolean isForeigner() { -// return this.foreigner; -// } -// -// -// /** -// * @param foreigner the foreigner to set -// */ -// public void setForeigner(boolean foreigner) { -// this.foreigner = foreigner; -// } -// -// - -// -// /** -// * @return the ssoSession -// */ -// public boolean isSsoSession() { -// return ssoSession; -// } -// -// -// /** -// * @param ssoSession the ssoSession to set -// */ -// public void setSsoSession(boolean ssoSession) { -// this.ssoSession = ssoSession; -// } -// -// /** -// * @return the mandateReferenceValue -// */ -// public String getMandateReferenceValue() { -// return mandateReferenceValue; -// } -// -// /** -// * @param mandateReferenceValue the mandateReferenceValue to set -// */ -// public void setMandateReferenceValue(String mandateReferenceValue) { -// this.mandateReferenceValue = mandateReferenceValue; -// } -// -// /** -// * CountryCode of the citizen which is identified and authenticated -// * -// * @return the CountryCode 
like. AT, SI, ...
-// */ -// public String getCcc() { -// return ccc; -// } -// -// /** -// * @param ccc the ccc to set -// */ -// public void setCcc(String ccc) { -// this.ccc = ccc; -// } -// -// /** -// * @return the sessionIndex -// */ -// public String getSessionIndex() { -// return sessionIndex; -// } -// -// /** -// * @param sessionIndex the sessionIndex to set -// */ -// public void setSessionIndex(String sessionIndex) { -// this.sessionIndex = sessionIndex; -// } -// -// /* (non-Javadoc) -// * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID() -// */ -// @Override -// public String getNameID() { -// return this.nameID; -// } -// -// /** -// * @param nameID the nameID to set -// */ -// public void setNameID(String nameID) { -// this.nameID = nameID; -// } -// -// /** -// * @return the nameIDFormat -// */ -// public String getNameIDFormat() { -// return nameIDFormat; -// } -// -// /** -// * @param nameIDFormat the nameIDFormat to set -// */ -// public void setNameIDFormat(String nameIDFormat) { -// this.nameIDFormat = nameIDFormat; -// } -// -//// /** -//// * @return the interfederatedSSOSession -//// */ -//// public boolean isInterfederatedSSOSession() { -//// return interfederatedSSOSession; -//// } -//// -//// /** -//// * @param interfederatedSSOSession the interfederatedSSOSession to set -//// */ -//// public void setInterfederatedSSOSession(boolean interfederatedSSOSession) { -//// this.interfederatedSSOSession = interfederatedSSOSession; -//// } -//// -//// /** -//// * @return the interfederatedIDP -//// */ -//// public String getInterfederatedIDP() { -//// return interfederatedIDP; -//// } -//// -//// /** -//// * @param interfederatedIDP the interfederatedIDP to set -//// */ -//// public void setInterfederatedIDP(String interfederatedIDP) { -//// this.interfederatedIDP = interfederatedIDP; -//// } -// -// /** -// * @return the ssoSessionValidTo -// */ -// public Date getSsoSessionValidTo() { -// return ssoSessionValidTo; -// } -// -// /** -// * @param ssoSessionValidTo the ssoSessionValidTo to set -// */ -// public void setSsoSessionValidTo(Date ssoSessionValidTo) { -// this.ssoSessionValidTo = ssoSessionValidTo; -// } -// -// /** -// * @return the encbPKList -// */ -// public List getEncbPKList() { -// return encbPKList; -// } -// -// /** -// * @param encbPKList the encbPKList to set -// */ -// public void setEncbPKList(List encbPKList) { -// this.encbPKList = encbPKList; -// } -// -// /** -// * @return the roles -// */ -// public List getAuthenticationRoles() { -//// if (this.roles == null) { -//// this.roles = new ArrayList(); -//// this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole")); -//// this.roles.add(new AuthenticationRole("yypvprole", "yypvprole")); -//// } -// -// return roles; -// } -// -// //ISA 1.18 attributes -// /** -// * @param roles the roles to set -// */ -// public void addAuthenticationRole(AuthenticationRole role) { -// if (this.roles == null) -// this.roles = new ArrayList(); -// -// this.roles.add(role); -// } -// -// /** -// * @return the pvpAttribute_OU -// */ -// public String getPvpAttribute_OU() { -// return pvpAttribute_OU; -// } -// -// /** -// * @param pvpAttribute_OU the pvpAttribute_OU to set -// */ -// public void setPvpAttribute_OU(String pvpAttribute_OU) { -// this.pvpAttribute_OU = pvpAttribute_OU; -// } -// -// /* (non-Javadoc) -// * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService() -// */ -// @Override -// public boolean isBaseIDTransferRestrication() { -// return isBaseIDTransferRestrication; -// } -// -// /** -// * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set -// */ -// public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) { -// this.isBaseIDTransferRestrication = isBaseIDTransferRestrication; -// } -// -// /** -// * Returns a generic data-object with is stored with a specific identifier -// * -// * @param key The specific identifier of the data object -// * @param clazz The class type which is stored with this key -// * @return The data object or null if no data is found with this key -// */ -// public T getGenericData(String key, final Class clazz) { -// if (MiscUtil.isNotEmpty(key)) { -// Object data = genericDataStorate.get(key); -// -// if (data == null) -// return null; -// -// try { -// @SuppressWarnings("unchecked") -// T test = (T) data; -// return test; -// -// } catch (Exception e) { -// Logger.warn("Generic authentication-data object can not be casted to requsted type", e); -// return null; -// -// } -// -// } -// -// Logger.warn("Can not load generic session-data with key='null'"); -// return null; -// -// } -// -// /** -// * Store a generic data-object to session with a specific identifier -// * -// * @param key Identifier for this data-object -// * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface -// * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage -// */ -// public void setGenericData(String key, Object object) throws SessionDataStorageException { -// if (MiscUtil.isEmpty(key)) { -// Logger.warn("Generic session-data can not be stored with a 'null' key"); -// throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null); -// -// } -// -// if (object != null) { -// if (!Serializable.class.isInstance(object)) { -// Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface"); -// throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null); -// -// } -// } -// -// if (genericDataStorate.containsKey(key)) -// Logger.debug("Overwrite generic data with key:" + key); -// else -// Logger.trace("Add generic data with key:" + key + " to session."); -// -// genericDataStorate.put(key, object); -// } + + + public boolean isIseIDNewDemoMode() { + return iseIDNewDemoMode; + } + + /** + * Set eID demo-mode into AuthData + * @param iseIDNewDemoMode true if it is in demo-mode, otherwise false + */ + public void setIseIDNewDemoMode(boolean iseIDNewDemoMode) { + this.iseIDNewDemoMode = iseIDNewDemoMode; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java new file mode 100644 index 000000000..ec8c7629f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java @@ -0,0 +1,52 @@ + +package at.gv.egovernment.moa.id.protocols.builder.attributes; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; + +@PVPMETADATA +public class BPKListAttributeBuilder extends BPKAttributeBuilder implements IPVPAttributeBuilder { + + private static final Logger log = LoggerFactory.getLogger(BPKListAttributeBuilder.class); + + protected static final String DELIMITER_BPK_LIST = ";"; + + public String getName() { + return BPK_LIST_NAME; + } + + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + String result = getBpkForSP(authData); + + //add additional bPKs if someone are available + if (authData.getAdditionalbPKs() != null && !authData.getAdditionalbPKs().isEmpty()) { + log.info("Adding additional bPKs into bPK attribute"); + for (Pair el : authData.getAdditionalbPKs()) { + result += DELIMITER_BPK_LIST + + removeBpkTypePrefix(el.getSecond()) + + DELIMITER_BPKTYPE_BPK + + attrMaxSize(el.getFirst()); + + } + log.trace("Authenticate user with bPK-List: " + result); + } + + log.trace("Authenticate user with bPK/wbPK: " + result); + return g.buildStringAttribute(BPK_LIST_FRIENDLY_NAME, BPK_LIST_NAME, result); + } + + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(BPK_LIST_FRIENDLY_NAME, BPK_LIST_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java index 139bb15cc..a1a5825b3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java @@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@Deprecated @PVPMETADATA public class EIDAuthBlock implements IPVPAttributeBuilder { @@ -49,6 +50,13 @@ public class EIDAuthBlock implements IPVPAttributeBuilder { try { if (authData instanceof IMOAAuthData) { + + if (((IMOAAuthData)authData).isIseIDNewDemoMode()) { + Logger.info(EID_AUTH_BLOCK_FRIENDLY_NAME + " is NOT available in Austrian eID demo-mode"); + throw new UnavailableAttributeException(EID_AUTH_BLOCK_NAME); + + } + String authblock = ((IMOAAuthData)authData).getAuthBlock(); if (MiscUtil.isNotEmpty(authblock)) { return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java index a40c0fefb..fb101467a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java @@ -48,8 +48,16 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) throws AttributeBuilderException { - if (authData instanceof IMOAAuthData) { + if (authData instanceof IMOAAuthData) { if (((IMOAAuthData)authData).isUseMandate()) { + + if (((IMOAAuthData)authData).isIseIDNewDemoMode()) { + Logger.info(MANDATE_FULL_MANDATE_FRIENDLY_NAME + " is NOT available in Austrian eID demo-mode"); + return null; + + } + + //only provide full mandate if it is included. //In case of federation only a short mandate could be include if (((IMOAAuthData)authData).getMandate() != null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java new file mode 100644 index 000000000..5daa71b1f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java @@ -0,0 +1,68 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.builder.attributes; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; + +/** + * @author tlenz + * + */ +public class SimpleStringAttributeGenerator implements IAttributeGenerator { + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildStringAttribute(java.lang.String, java.lang.String, java.lang.String) + */ + @Override + public String buildStringAttribute(String friendlyName, String name, String value) { + return value; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildIntegerAttribute(java.lang.String, java.lang.String, int) + */ + @Override + public String buildIntegerAttribute(String friendlyName, String name, int value) { + return String.valueOf(value); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildLongAttribute(java.lang.String, java.lang.String, long) + */ + @Override + public String buildLongAttribute(String friendlyName, String name, long value) { + return String.valueOf(value); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildEmptyAttribute(java.lang.String, java.lang.String) + */ + @Override + public String buildEmptyAttribute(String friendlyName, String name) { + return null; + } + +} diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index 14d4d9fb6..b4e62a344 100644 --- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder +++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -20,3 +20,4 @@ at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttri at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeOIDAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.HolderOfKey +at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java index 61e765f55..bcbabae5b 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java @@ -346,5 +346,11 @@ public class DummyOAConfig implements IOAAuthParameters { public void setHasBaseIdTransferRestriction(boolean hasBaseIdTransferRestriction) { this.hasBaseIdTransferRestriction = hasBaseIdTransferRestriction; } + + @Override + public List additionalbPKSectorsRequested() { + // TODO Auto-generated method stub + return null; + } } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java index 5df4a4163..00b39daec 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java @@ -22,7 +22,6 @@ */ package at.gv.egovernment.moa.id.commons.api; -import java.io.Serializable; import java.security.PrivateKey; import java.util.Collection; import java.util.List; @@ -235,4 +234,15 @@ public interface IOAAuthParameters extends ISPConfiguration{ */ public List foreignbPKSectorsRequested(); + + /** + * Get a List of sectors for that this service provider requires additional unencrypted bPKs + * + * @return list of sectors, or null if no sectors are defined + */ + public List additionalbPKSectorsRequested(); + + + + } \ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java index 4555f61d2..4adff7f19 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java @@ -176,12 +176,25 @@ public class ConfigurationMigrationUtils { } } + //Austrian eID demo-mode + if (oa.getIseIDDemoModeActive() != null) + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, oa.getIseIDDemoModeActive().toString()); + else + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, Boolean.FALSE.toString()); + if (MiscUtil.isNotEmpty(oa.getForeignbPKTargetList())) result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, oa.getForeignbPKTargetList()); else result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, StringUtils.EMPTY); - + if (MiscUtil.isNotEmpty(oa.getAdditionalbPKTargetList())) + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS, oa.getAdditionalbPKTargetList()); + else + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS, StringUtils.EMPTY); + + + + //convert selected SZR-GW service if (MiscUtil.isNotEmpty(oa.getSelectedSZRGWServiceURL())) result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL, oa.getSelectedSZRGWServiceURL()); @@ -857,9 +870,19 @@ public class ConfigurationMigrationUtils { } } + //Austrian eID demo-mode + if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE))) + dbOA.setIseIDDemoModeActive(Boolean.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE))); + else + dbOA.setIseIDDemoModeActive(false); + if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN))) dbOA.setForeignbPKTargetList(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN)); + if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS))) + dbOA.setAdditionalbPKTargetList(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS)); + + //store BKU-URLs BKUURLS bkuruls = new BKUURLS(); authoa.setBKUURLS(bkuruls); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java index a6315fe2c..1be97c49d 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java @@ -64,6 +64,8 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { public static final String SERVICE_AUTH_TARGET_BUSINESS_TYPE = SERVICE_AUTH_TARGET_BUSINESS + ".type"; public static final String SERVICE_AUTH_TARGET_BUSINESS_VALUE = SERVICE_AUTH_TARGET_BUSINESS + ".value"; public static final String SERVICE_AUTH_TARGET_FOREIGN = SERVICE_AUTH_TARGET + ".foreign"; + public static final String SERVICE_AUTH_TARGET_ADDITIONAL_BPKS = SERVICE_AUTH_TARGET + ".additionalbPKs"; + public static final String SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE = AUTH + ".austrianeIDdemomode"; public static final String SERVICE_AUTH_TARGET_PUBLIC_TARGET = SERVICE_AUTH_TARGET_PUBLIC + ".target"; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java index e37873a72..510fd0581 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java @@ -115,10 +115,15 @@ public class OnlineApplication @XmlTransient protected String mandateServiceSelectionTemplateURL = null; - @XmlTransient + @XmlTransient protected String foreignbPKTargetList = null; + @XmlTransient + protected String additionalbPKTargetList = null; + @XmlTransient + protected Boolean iseIDDemoModeActive = false; + public String getForeignbPKTargetList() { return foreignbPKTargetList; @@ -128,6 +133,25 @@ public class OnlineApplication this.foreignbPKTargetList = foreignbPKTargetList; } + + + + public String getAdditionalbPKTargetList() { + return additionalbPKTargetList; + } + + public void setAdditionalbPKTargetList(String additionalbPKTargetList) { + this.additionalbPKTargetList = additionalbPKTargetList; + } + + public Boolean getIseIDDemoModeActive() { + return iseIDDemoModeActive; + } + + public void setIseIDDemoModeActive(Boolean iseIDDemoModeActive) { + this.iseIDDemoModeActive = iseIDDemoModeActive; + } + /** * @return the saml2PostBindingTemplateURL */ diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java deleted file mode 100644 index e3b58d259..000000000 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth.modules.eidas.utils; - -import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; - -/** - * @author tlenz - * - */ -public class SimpleEidasAttributeGenerator implements IAttributeGenerator { - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildStringAttribute(java.lang.String, java.lang.String, java.lang.String) - */ - @Override - public String buildStringAttribute(String friendlyName, String name, String value) { - return value; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildIntegerAttribute(java.lang.String, java.lang.String, int) - */ - @Override - public String buildIntegerAttribute(String friendlyName, String name, int value) { - return String.valueOf(value); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildLongAttribute(java.lang.String, java.lang.String, long) - */ - @Override - public String buildLongAttribute(String friendlyName, String name, long value) { - return String.valueOf(value); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildEmptyAttribute(java.lang.String, java.lang.String) - */ - @Override - public String buildEmptyAttribute(String friendlyName, String name) { - return null; - } - -} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java index bf0e09c62..d2323d161 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java @@ -38,6 +38,7 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.data.IMOAAuthData; +import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; import at.gv.egovernment.moa.logging.Logger; @@ -53,7 +54,7 @@ import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException; * */ public class eIDASAttributeBuilder extends PVPAttributeBuilder { - private static IAttributeGenerator generator = new SimpleEidasAttributeGenerator(); + private static IAttributeGenerator generator = new SimpleStringAttributeGenerator(); private static List listOfSupportedeIDASAttributes; private static ServiceLoader eIDASAttributLoader = diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java index 19fdb3fee..8e9d1e4f5 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java @@ -44,11 +44,13 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType; import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; +import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate; +import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder; @@ -95,8 +97,9 @@ public final class OAuth20AttributeBuilder { private static final List buildersProfile = new ArrayList(); private static final List buildersEID = new ArrayList(); private static final List buildersEIDGov = new ArrayList(); - private static final List buildersMandate = new ArrayList(); - private static final List buildersSTORK = new ArrayList(); + private static final List buildersMandate = new ArrayList(); + @Deprecated private static final List buildersSTORK = new ArrayList(); + static { // openId buildersOpenId.add(new OpenIdIssuerAttribute()); @@ -120,11 +123,14 @@ public final class OAuth20AttributeBuilder { buildersEID.add(new EIDAuthBlock()); buildersEID.add(new EIDSignerCertificate()); buildersEID.add(new BPKAttributeBuilder()); + buildersEID.add(new BPKListAttributeBuilder()); + buildersEID.add(new EncryptedBPKAttributeBuilder()); // eID_gov buildersEIDGov.add(new EIDSourcePIN()); buildersEIDGov.add(new EIDSourcePINType()); buildersEIDGov.add(new EIDIdentityLinkBuilder()); + buildersEIDGov.add(new BPKListAttributeBuilder()); // mandate buildersMandate.add(new MandateTypeAttributeBuilder()); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java index 69e3e7995..0d6086118 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java @@ -323,4 +323,10 @@ public class DummyOA implements IOAAuthParameters { return false; } + @Override + public List additionalbPKSectorsRequested() { + // TODO Auto-generated method stub + return null; + } + } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java index 044366eb6..02577c110 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -29,6 +29,7 @@ import java.util.List; import org.w3c.dom.Element; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; @@ -374,5 +375,17 @@ public class SSOTransferAuthenticationData implements IMOAAuthData { return false; } + @Override + public List> getAdditionalbPKs() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isIseIDNewDemoMode() { + // TODO Auto-generated method stub + return false; + } + } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java index c9bccb708..9e7a4fe8c 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java @@ -482,4 +482,10 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters { return null; } + @Override + public List additionalbPKSectorsRequested() { + // TODO Auto-generated method stub + return null; + } + } diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index c8f01f67d..23d214d3e 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -71,7 +71,11 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.data.MOAAuthenticationData; +import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -338,7 +342,39 @@ public class SAML1AuthenticationServer extends AuthenticationServer { ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); } - + + //add additional bPKs and foreign bPKs in case of Austrian eID demo-mode + if (Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, + String.valueOf(false)))) { + Logger.info("Demo-mode for 'New Austrian eID' is active. Add additonal attributes ... "); + + if (oaAttributes == null) + oaAttributes = new ArrayList(); + + String additionalBpks = new BPKListAttributeBuilder().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + Logger.trace("Adding additional bPKs: " + additionalBpks + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.BPK_LIST_FRIENDLY_NAME, additionalBpks, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + String encryptedBpks = new EncryptedBPKAttributeBuilder().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + Logger.trace("Adding foreign bPKs: " + encryptedBpks + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME, encryptedBpks, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + String samlAssertion = null; //add mandate info's if (authData.isUseMandate()) { diff --git a/pom.xml b/pom.xml index da99d4911..9b76a0624 100644 --- a/pom.xml +++ b/pom.xml @@ -14,21 +14,21 @@ 3.4.2-Snapshot - 3.4.2-Snapshot - 3.4.2-Snapshot + 3.4.2-RC1 + 3.4.2-RC1 2.0.1 - 2.5.2-Snapshot + 2.5.2-RC1 2.0.6 1.3.2 - 1.0.5-Snapshot - 5.1.3.RELEASE - 2.1.3.RELEASE - 2.1.3.RELEASE + 1.0.5 + 5.1.5.RELEASE + 2.1.5.RELEASE + 2.1.5.RELEASE 2.22.0 2.3.0 -- cgit v1.2.3 From 19613c89cb1e4680af4dde6c623c42cd00c65f8a Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 18 Feb 2019 08:31:36 +0100 Subject: set UTF-8 encoding as default add additional trace logging --- .../moa/id/configuration/config/ConfigurationProvider.java | 3 +++ .../at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java | 12 +++--------- .../interceptor/UniqueSessionIdentifierInterceptor.java | 7 ++++++- .../moa/id/auth/modules/sl20_auth/SL20SignalServlet.java | 1 + 4 files changed, 13 insertions(+), 10 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index 41a86cef2..39cd0980b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -111,6 +111,9 @@ public class ConfigurationProvider { private void inizialize() throws ConfigurationException { + log.info("Set SystemProperty for UTF-8 file.encoding as default"); + System.setProperty("file.encoding", "UTF-8"); + configFileName = System.getProperty(SYSTEM_PROP_CONFIG); if (configFileName == null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index 66093b851..a35b45af2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -63,10 +63,8 @@ public class MOAIDAuthInitializer { */ public static void initialize(GenericWebApplicationContext rootContext) throws ConfigurationException, PKIException, IOException, GeneralSecurityException { - Logger.setHierarchy("moa.id.auth"); - Logger.info("Default java file.encoding: " - + System.getProperty("file.encoding")); - + Logger.info("Set SystemProperty for UTF-8 file.encoding as default"); + System.setProperty("file.encoding", "UTF-8"); //JDK bug workaround according to: // http://jce.iaik.tugraz.at/products/03_cms/faq/index.php#JarVerifier @@ -149,11 +147,7 @@ public class MOAIDAuthInitializer { throw new ConfigurationException("config.10", new Object[] { e .toString() }, e); } - - - //IAIK.addAsProvider(); - //ECCProvider.addAsProvider(); - + Security.insertProviderAt(IAIK.getInstance(), 0); ECCelerate eccProvider = ECCelerate.getInstance(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java index 5aa3a691f..791aa51b7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java @@ -38,6 +38,7 @@ import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moaspss.logging.Logger; /** * @author tlenz @@ -58,6 +59,8 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor { String uniqueSessionIdentifier = null; + Logger.trace("PreProcess req. in " + UniqueSessionIdentifierInterceptor.class.getName()); + //if SSOManager is available, search SessionIdentifier in SSO session if (ssomanager != null) { String ssoId = ssomanager.getSSOSessionID(request); @@ -78,8 +81,10 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor { } //if NO SSOSession and no PendingRequest create new SessionIdentifier - if (StringUtils.isEmpty(uniqueSessionIdentifier)) + if (StringUtils.isEmpty(uniqueSessionIdentifier)) { uniqueSessionIdentifier = Random.nextHexRandom16(); + Logger.debug("Set new UniqueSessionIdentifier: " + uniqueSessionIdentifier); + } TransactionIDUtils.setSessionId(uniqueSessionIdentifier); request.setAttribute(EAAFConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java index 87e9e933d..a8c4a941e 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java @@ -55,6 +55,7 @@ public class SL20SignalServlet extends AbstractProcessEngineSignalController { }, method = {RequestMethod.POST, RequestMethod.GET}) public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + Logger.trace("Receive req. on SL2.0 servlet with pendingReqId ... "); signalProcessManagement(req, resp); } -- cgit v1.2.3 From 1a392b6e0ba5c89e065cc6ad09d494e948a0daea Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 18 Feb 2019 08:32:51 +0100 Subject: remove unused class --- .../id/config/auth/AuthConfigurationProvider.java | 1221 -------------------- 1 file changed, 1221 deletions(-) delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java deleted file mode 100644 index c25751aa4..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ /dev/null @@ -1,1221 +0,0 @@ -///******************************************************************************* -// * Copyright 2014 Federal Chancellery Austria -// * MOA-ID has been developed in a cooperation between BRZ, the Federal -// * Chancellery Austria - ICT staff unit, and Graz University of Technology. -// * -// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by -// * the European Commission - subsequent versions of the EUPL (the "Licence"); -// * You may not use this work except in compliance with the Licence. -// * You may obtain a copy of the Licence at: -// * http://www.osor.eu/eupl/ -// * -// * Unless required by applicable law or agreed to in writing, software -// * distributed under the Licence is distributed on an "AS IS" basis, -// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// * See the Licence for the specific language governing permissions and -// * limitations under the Licence. -// * -// * This product combines work with different licenses. See the "NOTICE" text -// * file for details on the various modules and licenses. -// * The "NOTICE" text file is part of the distribution. Any derivative works -// * that you distribute must include a readable copy of the "NOTICE" text file. -// ******************************************************************************/ -///* -// * Copyright 2003 Federal Chancellery Austria -// * MOA-ID has been developed in a cooperation between BRZ, the Federal -// * Chancellery Austria - ICT staff unit, and Graz University of Technology. -// * -// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by -// * the European Commission - subsequent versions of the EUPL (the "Licence"); -// * You may not use this work except in compliance with the Licence. -// * You may obtain a copy of the Licence at: -// * http://www.osor.eu/eupl/ -// * -// * Unless required by applicable law or agreed to in writing, software -// * distributed under the Licence is distributed on an "AS IS" basis, -// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// * See the Licence for the specific language governing permissions and -// * limitations under the Licence. -// * -// * This product combines work with different licenses. See the "NOTICE" text -// * file for details on the various modules and licenses. -// * The "NOTICE" text file is part of the distribution. Any derivative works -// * that you distribute must include a readable copy of the "NOTICE" text file. -// */ -// -// -//package at.gv.egovernment.moa.id.config.auth; -// -//import java.io.File; -//import java.io.FileInputStream; -//import java.io.FileNotFoundException; -//import java.io.IOException; -//import java.math.BigInteger; -//import java.net.MalformedURLException; -//import java.util.ArrayList; -//import java.util.Arrays; -//import java.util.Date; -//import java.util.HashMap; -//import java.util.List; -//import java.util.Map; -//import java.util.Properties; -// -//import javax.xml.bind.JAXBContext; -//import javax.xml.bind.Unmarshaller; -// -//import org.hibernate.cfg.Configuration; -// -//import at.gv.egovernment.moa.id.auth.AuthenticationServer; -//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -//import at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetMISSessionIDTask; -//import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -//import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; -// -//import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; -//import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils; -//import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; -//import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes; -//import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; -//import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; -//import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; -//import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; -//import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; -//import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; -//import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; -//import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; -//import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; -//import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; -//import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; -//import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; -//import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; -//import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; -//import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; -//import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; -//import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; -//import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor; -//import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; -//import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; -//import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; -//import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; -//import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore; -//import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; -//import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; -//import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; -//import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; -//import at.gv.egovernment.moa.id.config.ConfigurationException; -//import at.gv.egovernment.moa.id.config.ConfigurationProvider; -//import at.gv.egovernment.moa.id.config.ConfigurationProviderImpl; -//import at.gv.egovernment.moa.id.config.ConfigurationUtils; -//import at.gv.egovernment.moa.id.config.ConnectionParameter; -//import at.gv.egovernment.moa.id.config.ConnectionParameterForeign; -//import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP; -//import at.gv.egovernment.moa.id.config.ConnectionParameterMandate; -//import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed; -//import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig; -//import at.gv.egovernment.moa.id.config.stork.STORKConfig; -//import at.gv.egovernment.moa.id.data.IssuerAndSerial; -//import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStore; -//import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; -//import at.gv.egovernment.moa.logging.Logger; -//import at.gv.egovernment.moa.util.MiscUtil; -//import at.gv.util.config.EgovUtilPropertiesConfiguration; -// -//import com.fasterxml.jackson.annotation.JsonIgnore; -//import com.fasterxml.jackson.annotation.JsonProperty; -// -///** -// * A class providing access to the Auth Part of the MOA-ID configuration data. -// * -// *

Configuration data is read from an XML file, whose location is given by -// * the moa.id.configuration system property.

-// *

This class implements the Singleton pattern. The reload() -// * method can be used to update the configuration data. Therefore, it is not -// * guaranteed that consecutive calls to getInstance() will return -// * the same AuthConfigurationProvider all the time. During the -// * processing of a web service request, the current -// * TransactionContext should be used to obtain the -// * AuthConfigurationProvider local to that request.

-// * -// * @author Patrick Peck -// * @author Stefan Knirsch -// * -// * @version $Id$ -// * -// *@deprecated Use {@link AuthConfigProviderFactory} instead -// */ -//public class AuthConfigurationProvider extends ConfigurationProviderImpl implements AuthConfiguration { -// -//// /** DEFAULT_ENCODING is "UTF-8" */ -//// private static final String DEFAULT_ENCODING="UTF-8"; -// /** -// * The name of the generic configuration property giving the authentication session time out. -// */ -// public static final String AUTH_SESSION_TIMEOUT_PROPERTY = -// "AuthenticationSession.TimeOut"; -// /** -// * The name of the generic configuration property giving the authentication data time out. -// */ -// public static final String AUTH_DATA_TIMEOUT_PROPERTY = -// "AuthenticationData.TimeOut"; -// -// /** -// * BKUSelectionType HTMLComplete, according to schema type BKUSelectionType -// */ -// public static final String BKU_SELECTION_TYPE_HTMLCOMPLETE = -// "HTMLComplete"; -// -// /** -// * BKUSelectionType HTMLSelect, according to schema type BKUSelectionType -// */ -// public static final String BKU_SELECTION_TYPE_HTMLSELECT = -// "HTMLSelect"; -// -// /** -// * The name of the generic configuration property allowing https connection to -// * the user frontend servlets ("StartAuthentication" and "SelectBKU" servlets) -// */ -// public static final String FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY = -// "FrontendServlets.EnableHTTPConnection"; -// -// /** -// * The name of the generic configuration property allowing to set a individual -// * DATA URL used to communicate with the BKU (SecurityLayer) -// */ -// public static final String INDIVIDUAL_DATA_URL_PREFIX = -// "FrontendServlets.DataURLPrefix"; -// -// /** Singleton instance. null, if none has been created. */ -// private static AuthConfigurationProvider instance; -// -// // -// // configuration data -// // -// private static MOAIDConfiguration moaidconfig = null; -// -// private static Properties props = null; -// -// private static STORKConfig storkconfig = null; -// -// private static TimeOuts timeouts = null; -// -// private static PVP2 pvp2general = null; -// -// private static String alternativesourceid = null; -// -// private static List legacyallowedprotocols = new ArrayList(); -// private static ProtocolAllowed allowedProtcols = null; -// -// private static VerifyAuthBlock verifyidl = null; -// -// private static ConnectionParameter MoaSpConnectionParameter = null; -// private static ConnectionParameter ForeignIDConnectionParameter = null; -// private static ConnectionParameter OnlineMandatesConnectionParameter = null; -// -// private static String MoaSpIdentityLinkTrustProfileID = null; -// -// private static List TransformsInfos = null; -// private static List IdentityLinkX509SubjectNames = new ArrayList(); -// -// private static Map SLRequestTemplates = new HashMap(); -// private static Map DefaultBKUURLs = new HashMap(); -// -// private static SSO ssoconfig = null; -// -// private EgovUtilPropertiesConfiguration eGovUtilsConfig = null; -// -// private static Date date = null; -// -// private String publicURLPreFix = null; -// -// /** -// * Return the single instance of configuration data. -// * -// * @return AuthConfigurationProvider The current configuration data. -// * @throws ConfigurationException -// */ -// public static synchronized AuthConfigurationProvider getInstance() -// throws ConfigurationException { -// -// if (instance == null) { -// reload(); -// } -// return instance; -// } -// -// public static Date getTimeStamp() { -// return date; -// } -// -// /** -// * Reload the configuration data and set it if successful. -// * -// * @return AuthConfigurationProvider The loaded configuration data. -// * @throws ConfigurationException Failure to load the configuration data. -// */ -// public static synchronized AuthConfigurationProvider reload() -// throws ConfigurationException { -// String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); -// if (fileName == null) { -// throw new ConfigurationException("config.01", null); -// } -// Logger.info("Loading MOA-ID-AUTH configuration " + fileName); -// -// instance = new AuthConfigurationProvider(fileName); -// return instance; -// } -// -// -// /** -// * Constructor for AuthConfigurationProvider. -// * @param fileName -// * @throws ConfigurationException -// */ -// public AuthConfigurationProvider(String fileName) -// throws ConfigurationException { -// -// load(fileName); -// } -// -// /** -// * Protected constructor. Used by unit tests. -// */ -// protected AuthConfigurationProvider() { -// } -// -// /** -// * Load the configuration data from XML file with the given name and build -// * the internal data structures representing the MOA ID configuration. -// * -// * @param fileName The name of the XML file to load. -// * @throws ConfigurationException The MOA configuration could not be -// * read/built. -// */ -// private void load(String fileName) throws ConfigurationException { -// -// try { -// //Initial Hibernate Framework -// Logger.trace("Initializing Hibernate framework."); -// -// //Load MOAID-2.0 properties file -// File propertiesFile = new File(fileName); -// FileInputStream fis = null; -// props = new Properties(); -// -// // determine the directory of the root config file -// rootConfigFileDir = new File(fileName).getParent(); -// -// try { -// rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); -// -// } catch (MalformedURLException t) { -// throw new ConfigurationException("config.03", null, t); -// } -// -// try { -// fis = new FileInputStream(propertiesFile); -// props.load(fis); -// -// // read MOAID Session Hibernate properties -// Properties moaSessionProp = new Properties(); -// for (Object key : props.keySet()) { -// String propPrefix = "moasession."; -// if (key.toString().startsWith(propPrefix+"hibernate")) { -// String propertyName = key.toString().substring(propPrefix.length()); -// moaSessionProp.put(propertyName, props.get(key.toString())); -// } -// } -// -// // read Config Hibernate properties -// Properties configProp = new Properties(); -// for (Object key : props.keySet()) { -// String propPrefix = "configuration."; -// if (key.toString().startsWith(propPrefix+"hibernate")) { -// String propertyName = key.toString().substring(propPrefix.length()); -// configProp.put(propertyName, props.get(key.toString())); -// } -// } -// -// // read advanced logging properties -// Properties statisticProps = new Properties(); -// for (Object key : props.keySet()) { -// String propPrefix = "advancedlogging."; -// if (key.toString().startsWith(propPrefix+"hibernate")) { -// String propertyName = key.toString().substring(propPrefix.length()); -// statisticProps.put(propertyName, props.get(key.toString())); -// } -// } -// -// // initialize hibernate -// synchronized (AuthConfigurationProvider.class) { -// -// //Initial config Database -// // ConfigurationDBUtils.initHibernate(configProp); -// -// //initial MOAID Session Database -// Configuration config = new Configuration(); -// config.addAnnotatedClass(AssertionStore.class); -// config.addAnnotatedClass(AuthenticatedSessionStore.class); -// config.addAnnotatedClass(OASessionStore.class); -// config.addAnnotatedClass(OldSSOSessionIDStore.class); -// config.addAnnotatedClass(ExceptionStore.class); -// config.addAnnotatedClass(InterfederationSessionStore.class); -// config.addAnnotatedClass(ProcessInstanceStore.class); -// config.addProperties(moaSessionProp); -// MOASessionDBUtils.initHibernate(config, moaSessionProp); -// -// //initial advanced logging -// if (isAdvancedLoggingActive()) { -// Logger.info("Advanced statistic log is activated, starting initialization process ..."); -// Configuration statisticconfig = new Configuration(); -// statisticconfig.addAnnotatedClass(StatisticLog.class); -// statisticconfig.addProperties(statisticProps); -// StatisticLogDBUtils.initHibernate(statisticconfig, statisticProps); -// Logger.info("Advanced statistic log is initialized."); -// } -// -// } -// Logger.trace("Hibernate initialization finished."); -// -// } catch (FileNotFoundException e) { -// throw new ConfigurationException("config.03", null, e); -// -// } catch (IOException e) { -// throw new ConfigurationException("config.03", null, e); -// -// } catch (ExceptionInInitializerError e) { -// throw new ConfigurationException("config.17", null, e); -// -// } finally { -// if (fis != null) -// fis.close(); -// -// } -// -// -// //Initialize OpenSAML for STORK -// Logger.info("Starting initialization of OpenSAML..."); -// MOADefaultBootstrap.bootstrap(); -// //DefaultBootstrap.bootstrap(); -// Logger.debug("OpenSAML successfully initialized"); -// -// -// String legacyconfig = props.getProperty("configuration.xml.legacy"); -// String xmlconfig = props.getProperty("configuration.xml"); -//// String xmlconfigout = props.getProperty("configuration.xml.out"); -// -// -// //configure eGovUtils client implementations -// -// //read eGovUtils client configuration -// Properties eGovUtilsConfigProp = new Properties(); -// for (Object key : props.keySet()) { -// String propPrefix = "service."; -// if (key.toString().startsWith(propPrefix+"egovutil")) { -// String propertyName = key.toString().substring(propPrefix.length()); -// eGovUtilsConfigProp.put(propertyName, props.get(key.toString())); -// } -// } -// if (!eGovUtilsConfigProp.isEmpty()) { -// Logger.info("Start eGovUtils client implementation configuration ..."); -// eGovUtilsConfig = -// new EgovUtilPropertiesConfiguration(eGovUtilsConfigProp, rootConfigFileDir); -// } -// -// -// //TODO: removed in MOA-ID 3.x -//// //check if XML config should be used -//// if (MiscUtil.isNotEmpty(legacyconfig) || MiscUtil.isNotEmpty(xmlconfig)) { -//// Logger.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); -//// //moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); -//// moaidconfig = NewConfigurationDBRead.getMOAIDConfiguration(); -//// if (moaidconfig.getAuthComponentGeneral()!= null || moaidconfig.getChainingModes() != null || moaidconfig.getTrustedCACertificates() != null || moaidconfig.getDefaultBKUs() != null -//// || moaidconfig.getSLRequestTemplates() != null || moaidconfig.getTimestampItem() != null || moaidconfig.getPvp2RefreshItem() != null) { -//// -//// // ConfigurationDBUtils.delete(moaidconfig); -//// for(String key : MOAIDConfigurationConstants.getMOAIDConfigurationKeys()){ -//// NewConfigurationDBWrite.delete(key); -//// } -//// } -//// -//// -//// //List oas = ConfigurationDBRead.getAllOnlineApplications(); -//// List oas = NewConfigurationDBRead.getAllOnlineApplications(); -//// if (oas != null && oas.size() > 0) { -//// // for (OnlineApplication oa : oas) -//// // ConfigurationDBUtils.delete(oa); -//// NewConfigurationDBWrite.delete(MOAIDConfigurationConstants.ONLINE_APPLICATIONS_KEY); -//// } -//// } -//// -//// //load legacy config if it is configured -//// if (MiscUtil.isNotEmpty(legacyconfig)) { -//// Logger.warn("WARNING! MOA-ID 2.0 is started with legacy configuration. This setup is not recommended!"); -//// -//// MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(new File(legacyconfig), rootConfigFileDir, null); -//// -//// List oas = moaconfig.getOnlineApplication(); -//// // for (OnlineApplication oa : oas) -//// // ConfigurationDBUtils.save(oa); -//// NewConfigurationDBWrite.saveOnlineApplications(oas); -//// -//// moaconfig.setOnlineApplication(null); -//// // ConfigurationDBUtils.save(moaconfig); -//// NewConfigurationDBWrite.save(moaconfig); -//// -//// Logger.info("Legacy Configuration load is completed."); -//// -//// -//// } -//// -//// //load MOA-ID 2.x config from XML -//// if (MiscUtil.isNotEmpty(xmlconfig)) { -//// Logger.warn("Load configuration from MOA-ID 2.x XML configuration"); -//// -//// try { -//// JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); -//// Unmarshaller m = jc.createUnmarshaller(); -//// File file = new File(xmlconfig); -//// MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(file); -//// //ConfigurationDBUtils.save(moaconfig); -//// -//// List importoas = moaconfig.getOnlineApplication(); -//// // for (OnlineApplication importoa : importoas) { -//// // ConfigurationDBUtils.saveOrUpdate(importoa); -//// // } -//// -//// NewConfigurationDBWrite.saveOnlineApplications(importoas); -//// -//// moaconfig.setOnlineApplication(null); -//// //ConfigurationDBUtils.saveOrUpdate(moaconfig); -//// NewConfigurationDBWrite.save(moaconfig); -//// -//// } catch (Exception e) { -//// Logger.warn("MOA-ID XML configuration can not be loaded from File.", e); -//// throw new ConfigurationException("config.02", null); -//// } -//// Logger.info("XML Configuration load is completed."); -//// } -// -// reloadDataBaseConfig(); -// -// -// } catch (Throwable t) { -// throw new ConfigurationException("config.02", null, t); -// } -// } -// -// protected MOAIDConfiguration loadDataBaseConfig() { -// return ConfigurationDBRead.getMOAIDConfiguration(); -// } -// -// public synchronized void reloadDataBaseConfig() throws ConfigurationException { -// -// Logger.info("Read MOA-ID 2.0 configuration from database."); -// moaidconfig = loadDataBaseConfig(); -// Logger.info("MOA-ID 2.0 is loaded."); -// -// if (moaidconfig == null) { -// Logger.warn("NO MOA-ID configuration found."); -// throw new ConfigurationException("config.18", null); -// } -// -// //build STORK Config -// AuthComponentGeneral auth = getAuthComponentGeneral(); -// ForeignIdentities foreign = auth.getForeignIdentities(); -// if (foreign == null ) { -// Logger.warn("Error in MOA-ID Configuration. No STORK configuration found."); -// } else -// storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir); -// -// //load Chaining modes -// ChainingModes cm = moaidconfig.getChainingModes(); -// if (cm != null) { -// defaultChainingMode = cm.getSystemDefaultMode().value(); -// -// List tas = cm.getTrustAnchor(); -// -// chainingModes = new HashMap(); -// for (TrustAnchor ta : tas) { -// IssuerAndSerial is = new IssuerAndSerial(ta.getX509IssuerName(), ta.getX509SerialNumber()); -// chainingModes.put(is, ta.getMode().value()); -// } -// } else { -// Logger.warn("Error in MOA-ID Configuration. No ChainingMode configuration found."); -// throw new ConfigurationException("config.02", null); -// } -// -// //set Trusted CA certs directory -// trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates(); -// -// //set CertStoreDirectory -// setCertStoreDirectory(); -// -// //set TrustManagerRevocationChecking -// setTrustManagerRevocationChecking(); -// -// //set default timeouts -// timeouts = new TimeOuts(); -// timeouts.setAssertion(new BigInteger("300")); -// timeouts.setMOASessionCreated(new BigInteger("2700")); -// timeouts.setMOASessionUpdated(new BigInteger("1200")); -// -// //search timeouts in config -// if (auth.getGeneralConfiguration() != null) { -// if (auth.getGeneralConfiguration().getTimeOuts() != null) { -// if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() != null) -// timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion()); -// -// if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() != null) -// timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated()); -// -// if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() != null) -// timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated()); -// -// } else { -// Logger.info("No TimeOuts defined. Use default values"); -// } -// } -// -// // sets the authentication session and authentication data time outs -// AuthenticationServer.getInstance() -// .setSecondsSessionTimeOutCreated(timeouts.getMOASessionCreated().longValue()); -// -// AuthenticationServer.getInstance() -// .setSecondsSessionTimeOutUpdated(timeouts.getMOASessionUpdated().longValue()); -// -// AuthenticationServer.getInstance() -// .setSecondsAuthDataTimeOut(timeouts.getAssertion().longValue()); -// -// -// -// //set PVP2 general config -// Protocols protocols = auth.getProtocols(); -// if (protocols != null) { -// -// allowedProtcols = new ProtocolAllowed(); -// -// if (protocols.getSAML1() != null) { -// allowedProtcols.setSAML1Active(protocols.getSAML1().isIsActive()); -// -// //load alternative sourceID -// if (MiscUtil.isNotEmpty(protocols.getSAML1().getSourceID())) -// alternativesourceid = protocols.getSAML1().getSourceID(); -// -// } -// -// if (protocols.getOAuth() != null) { -// allowedProtcols.setOAUTHActive(protocols.getOAuth().isIsActive()); -// } -// -// if (protocols.getPVP2() != null) { -// PVP2 el = protocols.getPVP2(); -// -// allowedProtcols.setPVP21Active(el.isIsActive()); -// -// pvp2general = new PVP2(); -// pvp2general.setIssuerName(el.getIssuerName()); -// pvp2general.setPublicURLPrefix(el.getPublicURLPrefix()); -// -// if (el.getOrganization() != null) { -// Organization org = new Organization(); -// pvp2general.setOrganization(org); -// org.setDisplayName(el.getOrganization().getDisplayName()); -// org.setName(el.getOrganization().getName()); -// org.setURL(el.getOrganization().getURL()); -// } -// -// if (el.getContact() != null) { -// List cont = new ArrayList(); -// pvp2general.setContact(cont); -// for (Contact e : el.getContact()) { -// Contact c = new Contact(); -// c.setCompany(e.getCompany()); -// c.setGivenName(e.getGivenName()); -// c.getMail().addAll(e.getMail()); -// c.getPhone().addAll(e.getPhone()); -// c.setSurName(e.getSurName()); -// c.setType(e.getType()); -// cont.add(c); -// } -// } -// } -// } else { -// Logger.warn("Error in MOA-ID Configuration. No general Protcol configuration found."); -// } -// -// //set alternativeSourceID -// if (auth.getGeneralConfiguration() != null) { -// -// //TODO: can be removed in a further version, because it is moved to SAML1 config -// if (MiscUtil.isEmpty(alternativesourceid)) -// alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID(); -// -// if (MiscUtil.isNotEmpty(auth.getGeneralConfiguration().getPublicURLPreFix())) -// publicURLPreFix = auth.getGeneralConfiguration().getPublicURLPreFix(); -// -// else { -// Logger.error("No Public URL Prefix configured."); -// throw new ConfigurationException("config.05", new Object[]{"Public URL Prefix"}); -// } -// -// } else { -// Logger.warn("Error in MOA-ID Configuration. No GeneralConfig defined."); -// throw new ConfigurationException("config.02", null); -// } -// -// //set LegacyAllowedProtocols -// try { -// if (auth.getProtocols() != null) { -// Protocols procols = auth.getProtocols(); -// if (procols.getLegacyAllowed() != null) { -// LegacyAllowed legacy = procols.getLegacyAllowed(); -// legacyallowedprotocols = new ArrayList(legacy.getProtocolName()); -// } -// } -// } catch (Exception e) { -// Logger.info("No protocols found with legacy allowed flag!"); -// } -// -// //set VerifyAuthBlockConfig -// MOASP moasp = getMOASPConfig(auth); -// -// VerifyAuthBlock el = moasp.getVerifyAuthBlock(); -// if (el != null) { -// verifyidl = new VerifyAuthBlock(); -// verifyidl.setTrustProfileID(el.getTrustProfileID()); -// verifyidl.setVerifyTransformsInfoProfileID(new ArrayList(el.getVerifyTransformsInfoProfileID())); -// } -// else { -// Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation."); -// throw new ConfigurationException("config.02", null); -// } -// -// //set MOASP connection parameters -// if (moasp.getConnectionParameter() != null) -// MoaSpConnectionParameter = new ConnectionParameterMOASP(moasp.getConnectionParameter(), props, this.rootConfigFileDir); -// else -// MoaSpConnectionParameter = null; -// -// //set ForeignIDConnectionParameters -// if (foreign != null) { -// ForeignIDConnectionParameter = new ConnectionParameterForeign(foreign.getConnectionParameter(), props, this.rootConfigFileDir); -// } else { -// Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to SZRGW Service found"); -// } -// -// //set OnlineMandateConnectionParameters -// OnlineMandates ovs = auth.getOnlineMandates(); -// if (ovs != null) { -// OnlineMandatesConnectionParameter = new ConnectionParameterMandate(ovs.getConnectionParameter(), props, this.rootConfigFileDir); -// -// } else { -// Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to OVS Service found"); -// } -// -// //set MOASP IdentityLink Trust-ProfileID -// VerifyIdentityLink verifyidl = moasp.getVerifyIdentityLink(); -// if (verifyidl != null) -// MoaSpIdentityLinkTrustProfileID = verifyidl.getTrustProfileID(); -// else { -// Logger.warn("Error in MOA-ID Configuration. No Trustprofile for IdentityLink validation."); -// throw new ConfigurationException("config.02", null); -// } -// -// //set SL transformation infos -// SecurityLayer seclayer = auth.getSecurityLayer(); -// if (seclayer == null) { -// Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration->SecurityLayer found"); -// throw new ConfigurationException("config.02", null); -// } else { -// TransformsInfos = ConfigurationUtils.getTransformInfos(seclayer.getTransformsInfo()); -// -// if (TransformsInfos == null || TransformsInfos.size() == 0) { -// Logger.error("No Security-Layer Transformation found."); -// throw new ConfigurationException("config.05", new Object[]{"Security-Layer Transformation"}); -// } -// -// } -// -// //set IdentityLinkSignerSubjectNames -// IdentityLinkX509SubjectNames = new ArrayList(); -// IdentityLinkSigners idlsigners = auth.getIdentityLinkSigners(); -// if (idlsigners != null) { -// Logger.debug("Load own IdentityLinkX509SubjectNames"); -// IdentityLinkX509SubjectNames.addAll(new ArrayList(idlsigners.getX509SubjectName())); -// } -// -// // now add the default identity link signers -// String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID; -// for (int i=0; i getLegacyAllowedProtocols() { -// return legacyallowedprotocols; -// } -// -// -// /** -// * Provides configuration information regarding the online application behind -// * the given URL, relevant to the MOA-ID Auth component. -// * -// * @param oaURL URL requested for an online application -// * @return an OAAuthParameter, or null -// * if none is applicable -// */ -// public OAAuthParameter getOnlineApplicationParameter(String oaURL) { -// -// OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(oaURL); -// -// if (oa == null) { -// Logger.warn("Online application with identifier " + oaURL + " is not found."); -// return null; -// } -// -// return new OAAuthParameter(oa); -// } -// -// -// /** -// * Return a string with a url-reference to the VerifyAuthBlock trust -// * profile id within the moa-sp part of the authentication component -// * -// * @return String with a url-reference to the VerifyAuthBlock trust profile ID -// * @throws ConfigurationException -// */ -// public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException { -// return verifyidl.getTrustProfileID(); -// } -// -// /** -// * Return a string array with references to all verify transform info -// * IDs within the moa-sp part of the authentication component -// * @return A string array containing all urls to the -// * verify transform info IDs -// * @throws ConfigurationException -// */ -// public List getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException { -// return verifyidl.getVerifyTransformsInfoProfileID(); -// } -// -// /** -// * Return a ConnectionParameter bean containing all information -// * of the authentication component moa-sp element -// * @return ConnectionParameter of the authentication component moa-sp element -// * @throws ConfigurationException -// */ -// public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException { -// return MoaSpConnectionParameter; -// } -// -// /** -// * Return a ConnectionParameter bean containing all information -// * of the authentication component foreigid element -// * @return ConnectionParameter of the authentication component foreignid element -// * @throws ConfigurationException -// */ -// public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException { -// return ForeignIDConnectionParameter; -// } -// -// /** -// * Return a ConnectionParameter bean containing all information -// * of the authentication component OnlineMandates element -// * @return ConnectionParameter of the authentication component OnlineMandates element -// * @throws ConfigurationException -// */ -// public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException { -// return OnlineMandatesConnectionParameter; -// } -// -// /** -// * Return a string with a url-reference to the VerifyIdentityLink trust -// * profile id within the moa-sp part of the authentication component -// * @return String with a url-reference to the VerifyIdentityLink trust profile ID -// * @throws ConfigurationException -// */ -// public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException { -// return MoaSpIdentityLinkTrustProfileID; -// } -// -// /** -// * Returns the transformsInfos. -// * @return String[] -// * @throws ConfigurationException -// */ -// public List getTransformsInfos() throws ConfigurationException { -// return TransformsInfos; -// } -// -// /** -// * Returns the identityLinkX509SubjectNames. -// * @return List -// * @throws ConfigurationException -// */ -// public List getIdentityLinkX509SubjectNames() throws ConfigurationException { -// return IdentityLinkX509SubjectNames; -// } -// -// public List getSLRequestTemplates() throws ConfigurationException { -// return new ArrayList(SLRequestTemplates.values()); -// } -// -// public String getSLRequestTemplates(String type) throws ConfigurationException { -// String el = SLRequestTemplates.get(type); -// if (MiscUtil.isNotEmpty(el)) -// return el; -// else { -// Logger.warn("getSLRequestTemplates: BKU Type does not match: " -// + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU); -// return null; -// } -// } -// -// public List getDefaultBKUURLs() throws ConfigurationException { -// return new ArrayList(DefaultBKUURLs.values()); -// } -// -// public String getDefaultBKUURL(String type) throws ConfigurationException { -// String el = DefaultBKUURLs.get(type); -// if (MiscUtil.isNotEmpty(el)) -// return el; -// else { -// Logger.warn("getSLRequestTemplates: BKU Type does not match: " -// + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU); -// return null; -// } -// } -// -//// public boolean isSSOBusinessService() throws ConfigurationException { -//// -//// if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null) -//// return true; -//// else -//// return false; -//// } -// -// public String getSSOTagetIdentifier() throws ConfigurationException { -// if (ssoconfig != null) -// return ssoconfig.getTarget(); -// else -// return null; -// } -// -//// public String getSSOTarget() throws ConfigurationException { -//// if (ssoconfig!= null) -//// return ssoconfig.getTarget(); -//// -//// return null; -//// } -// -// public String getSSOFriendlyName() { -// if (ssoconfig!= null) { -// if (MiscUtil.isNotEmpty(ssoconfig.getFriendlyName())) -// return ssoconfig.getFriendlyName(); -// } -// -// return "Default MOA-ID friendly name for SSO"; -// } -// -// public String getSSOSpecialText() { -// if (ssoconfig!= null) { -// String text = ssoconfig.getSpecialText(); -// if (MiscUtil.isEmpty(text)) -// text = new String(); -// -// return text; -// } -// return new String(); -// } -// -// public String getMOASessionEncryptionKey() { -// -// String prop = props.getProperty("configuration.moasession.key"); -// if (MiscUtil.isEmpty(prop)) -// return null; -// else -// return prop; -// } -// -// /** -// * @return -// */ -// public String getMOAConfigurationEncryptionKey() { -// String prop = props.getProperty("configuration.moaconfig.key"); -// if (MiscUtil.isEmpty(prop)) -// return null; -// else -// return prop; -// } -// -// public boolean isIdentityLinkResigning() { -// String prop = props.getProperty("configuration.resignidentitylink.active", "false"); -// return Boolean.valueOf(prop); -// } -// -// public String getIdentityLinkResigningKey() { -// String prop = props.getProperty("configuration.resignidentitylink.keygroup"); -// if (MiscUtil.isNotEmpty(prop)) -// return prop; -// else -// return null; -// } -// -// /** -// * Checks if is fakeIdL is activated. -// * -// * @return true, if fake IdLs are available for stork -// */ -// public boolean isStorkFakeIdLActive() { -// String prop = props.getProperty("stork.fakeIdL.active", "false"); -// return Boolean.valueOf(prop); -// } -// -// /** -// * Gets the countries which will receive a fake IdL -// * -// * @return the countries -// */ -// public List getStorkFakeIdLCountries() { -// String prop = props.getProperty("stork.fakeIdL.countries", ""); -// return Arrays.asList(prop.replaceAll(" ", "").split(",")); -// } -// -// /** -// * Gets the resigning key (group) for the stork fake IdL. -// * -// * @return the resigning key -// */ -// public String getStorkFakeIdLResigningKey() { -// String prop = props.getProperty("stork.fakeIdL.keygroup"); -// if (MiscUtil.isNotEmpty(prop)) -// return prop; -// else -// return null; -// } -// -// /** -// * Gets the countries for which it is configured to require no signature -// * -// * @return the stork no signature countries -// */ -// public List getStorkNoSignatureCountries() { -// String prop = props.getProperty("stork.fakeIdL.noSignatureCountries", ""); -// return Arrays.asList(prop.replaceAll(" ", "").split(",")); -// } -// -// @JsonProperty("isMonitoringActive") -// public boolean isMonitoringActive() { -// String prop = props.getProperty("configuration.monitoring.active", "false"); -// return Boolean.valueOf(prop); -// } -// -// public String getMonitoringTestIdentityLinkURL() { -// String prop = props.getProperty("configuration.monitoring.test.identitylink.url"); -// if (MiscUtil.isNotEmpty(prop)) -// return prop; -// else -// return null; -// } -// -// public String getMonitoringMessageSuccess() { -// String prop = props.getProperty("configuration.monitoring.message.success"); -// if (MiscUtil.isNotEmpty(prop)) -// return prop; -// else -// return null; -// } -// -// public boolean isAdvancedLoggingActive() { -// String prop = props.getProperty("configuration.advancedlogging.active", "false"); -// return Boolean.valueOf(prop); -// } -// -// public String getPublicURLPrefix() { -// return publicURLPreFix; -// } -// -// public boolean isPVP2AssertionEncryptionActive() { -// String prop = props.getProperty("protocols.pvp2.assertion.encryption.active", "true"); -// return Boolean.valueOf(prop); -// } -// -// public boolean isCertifiacteQCActive() { -// String prop = props.getProperty("configuration.validation.certificate.QC.ignore", "false"); -// return !Boolean.valueOf(prop); -// } -// -// -// //Load document service url from moa properties -// public String getDocumentServiceUrl() { -// String prop = props.getProperty("stork.documentservice.url", "false"); -// return prop; -// } -// -// -// public boolean isPVPSchemaValidationActive() { -// String prop = props.getProperty("protocols.pvp2.schemavalidation", "true"); -// return Boolean.valueOf(prop); -// } -// -// /** -// * Returns the STORK Configuration -// * @return STORK Configuration -// * @throws ConfigurationException -// */ -// public STORKConfig getStorkConfig() throws ConfigurationException { -// -// return storkconfig; -// } -// -// /** -// * @return the eGovUtilsConfig -// */ -//@JsonIgnore -//public EgovUtilPropertiesConfiguration geteGovUtilsConfig() { -// return eGovUtilsConfig; -//} -// -//private void setCertStoreDirectory() throws ConfigurationException { -// AuthComponentGeneral auth = getAuthComponentGeneral(); -// -// if (auth.getGeneralConfiguration() != null) -// certstoreDirectory = rootConfigFileDir + auth.getGeneralConfiguration().getCertStoreDirectory(); -// else { -// Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined."); -// throw new ConfigurationException("config.02", null); -// } -// } -// -// private void setTrustManagerRevocationChecking() throws ConfigurationException { -// AuthComponentGeneral auth = getAuthComponentGeneral(); -// -// if (auth.getGeneralConfiguration() != null && -// auth.getGeneralConfiguration().isTrustManagerRevocationChecking() != null) -// trustmanagerrevoationchecking = auth.getGeneralConfiguration().isTrustManagerRevocationChecking(); -// else { -// Logger.warn("No TrustMangerRevoationChecking defined. Use default value = TRUE"); -// throw new ConfigurationException("config.02", null); -// } -// } -// -// private static AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException { -// AuthComponentGeneral authgeneral = moaidconfig.getAuthComponentGeneral(); -// if (authgeneral == null) { -// Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found"); -// throw new ConfigurationException("config.02", null); -// } -// return authgeneral; -// } -// -// private static MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException { -// MOASP moasp = authgeneral.getMOASP(); -// -// if (moasp == null) { -// Logger.warn("Error in MOA-ID Configuration. No MOASP configuration found"); -// throw new ConfigurationException("config.02", null); -// } -// return moasp; -// } -// -///* (non-Javadoc) -// * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getConfigurationWithPrefix(java.lang.String) -// */ -//@Override -//public Properties getConfigurationWithPrefix(String Prefix) { -// // TODO Auto-generated method stub -// return null; -//} -// -///* (non-Javadoc) -// * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getConfigurationWithKey(java.lang.String) -// */ -//@Override -//public String getConfigurationWithKey(String key) { -// // TODO Auto-generated method stub -// return null; -//} -// -//} -- cgit v1.2.3 From c7cd9327bbc4d7e180bab9b6bff2a17028c166dc Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 19 Feb 2019 11:28:24 +0100 Subject: add some more attribute functionality for 'Austrian eID' demo-mode --- .../id/auth/builder/AuthenticationDataBuilder.java | 58 +++++++- .../gv/egovernment/moa/id/data/IMOAAuthData.java | 18 ++- .../moa/id/data/MOAAuthenticationData.java | 44 +++++- .../attributes/BPKListAttributeBuilder.java | 14 +- .../attributes/EncryptedBPKAttributeBuilder.java | 31 +++-- .../MandateNaturalPersonBPKAttributeBuilder.java | 154 +++++++++++++++------ ...andateNaturalPersonBPKListAttributeBuilder.java | 83 +++++++++++ ...ateNaturalPersonEncBPKListAttributeBuilder.java | 62 +++++++++ ...dateNaturalPersonSourcePinAttributeBuilder.java | 1 + ...NaturalPersonSourcePinTypeAttributeBuilder.java | 1 + .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder | 2 + .../auth/data/AuthenticationDataBuilderTest.java | 5 +- .../attributes/OAuth20AttributeBuilder.java | 4 + .../data/SSOTransferAuthenticationData.java | 8 +- .../protocols/saml1/SAML1AuthenticationServer.java | 94 ++++++++++--- 15 files changed, 482 insertions(+), 97 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index c58f19333..acf59cebf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -36,6 +36,7 @@ import java.util.Map.Entry; import javax.annotation.PostConstruct; +import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.w3c.dom.DOMException; @@ -81,6 +82,9 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.data.MOAAuthenticationData; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; @@ -532,7 +536,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } //build foreign bPKs - generateForeignbPK(authData, oaParam.foreignbPKSectorsRequested()); + generateForeignbPK(oaParam, authData); if (Boolean.parseBoolean( @@ -806,9 +810,41 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } - private void generateForeignbPK(MOAAuthenticationData authData, List foreignSectors) { + private void generateForeignbPK(IOAAuthParameters oaParam, MOAAuthenticationData authData) { + List foreignSectors = oaParam.foreignbPKSectorsRequested(); + if (foreignSectors != null && !foreignSectors.isEmpty()) { - Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); + Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); + + + String mandatorBaseId = null; + String mandatorBaseIdType = null; + boolean isMandatorBaseIdAvailable = false; + if (authData.isUseMandate()) { + try { + Logger.trace("Mandates are used. Extracting mandators sourceID from mandate to calculate foreign encrypted bPKs... "); + + //TODO: remove this workaround in a further version!!! + boolean flagBak = authData.isBaseIDTransferRestrication(); + authData.setBaseIDTransferRestrication(false); + mandatorBaseId = new MandateNaturalPersonSourcePinAttributeBuilder().build( + oaParam, authData, new SimpleStringAttributeGenerator()); + mandatorBaseIdType = new MandateNaturalPersonSourcePinTypeAttributeBuilder().build( + oaParam, authData, new SimpleStringAttributeGenerator()); + authData.setBaseIDTransferRestrication(flagBak); + + isMandatorBaseIdAvailable = StringUtils.isNotEmpty(mandatorBaseId) && StringUtils.isNotEmpty(mandatorBaseIdType); + if (!isMandatorBaseIdAvailable) + Logger.debug("Can NOT extract mandators sourceId for natural persons from mandate."); + + } catch (Exception e) { + Logger.debug("Can NOT extract mandators sourceId for natural persons from mandate. Reason: " + e.getMessage()); + if (Logger.isTraceEnabled()) + Logger.warn("Detail: ", e); + + } + } + for (String foreignSector : foreignSectors) { Logger.trace("Process sector: " + foreignSector + " ... "); if (encKeyMap.containsKey(foreignSector)) { @@ -838,9 +874,23 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder authData.getIdentificationType(), sector); String foreignbPK = BPKBuilder.encryptBPK(bpk.getFirst(), bpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey()); - authData.getEncbPKList().add("(" + foreignSector + "|" + foreignbPK + ")"); + + authData.getEncbPKList().add(Pair.newInstance(foreignbPK, foreignSector)); Logger.debug("Foreign bPK for sector: " + foreignSector + " created."); + + //calculate foreign bPKs for natural-person mandates + if (isMandatorBaseIdAvailable) { + Pair mandatorbpk = new BPKBuilder().generateAreaSpecificPersonIdentifier( + mandatorBaseId, + mandatorBaseIdType, + sector); + String foreignMandatorbPK = BPKBuilder.encryptBPK(mandatorbpk.getFirst(), mandatorbpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey()); + + authData.getEncMandateNaturalPersonbPKList().add(Pair.newInstance(foreignMandatorbPK, foreignSector)); + Logger.debug("Foreign mandator bPK for sector: " + foreignSector + " created."); + + } } } catch (Exception e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java index 415f4db18..af4cf6fa7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java @@ -5,6 +5,7 @@ import java.util.List; import org.w3c.dom.Element; import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; public interface IMOAAuthData extends IAuthData{ @@ -17,7 +18,22 @@ public interface IMOAAuthData extends IAuthData{ */ String getQAALevel(); - List getEncbPKList(); + /** + * Get a List of Pair, where the bPKTarget is formated according + * to Section 3.2.7 ENC-BPK-LIST in PVP Attribute-Profile 2.1.3 + * + * @return + */ + List> getEncbPKList(); + + /** + * Get a List of Pair for natural-person mandates, where + * the bPKTarget is formated according to Section 3.2.7 ENC-BPK-LIST in PVP Attribute-Profile 2.1.3 + * + * @return + */ + List> getEncMandateNaturalPersonbPKList(); + byte[] getSignerCertificate(); String getAuthBlock(); boolean isPublicAuthority(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java index c1545f354..897a06e62 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java @@ -29,6 +29,7 @@ import java.util.List; import org.w3c.dom.Element; import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; @@ -54,8 +55,10 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut private byte[] signerCertificate = null; private String authBlock = null; private String QAALevel = null; - private List encbPKList; - + + private List> encbPKList; + private List> encMandateNaturalPersonbPKList; + //ISA 1.18 attributes private List roles = null; private String pvpAttribute_OU = null; @@ -106,9 +109,9 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut } @Override - public List getEncbPKList() { + public List> getEncbPKList() { if (this.encbPKList == null) - this.encbPKList = new ArrayList(); + this.encbPKList = new ArrayList>(); return this.encbPKList; } @@ -293,10 +296,27 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut } /** + * Set a List of encrypted bPKs where each List element is formated according + * to Section 3.2.7 ENC-BPK-LIST in PVP Attribte-Profile 2.1.3 + * * @param encbPKList the encbPKList to set */ public void setEncbPKList(List encbPKList) { - this.encbPKList = encbPKList; + if (encbPKList != null) { + for (String el : encbPKList) { + Logger.trace("Processing foreign bPK string: " + el ); + int index = el.indexOf("|"); + if (index >= 0) { + String encbPK = el.substring(index+1); + String second = el.substring(0, index); + getEncbPKList().add(Pair.newInstance(encbPK, second)); + + } else + Logger.info("Foreign bPK: " + el + " is misformatted. Ignore it"); + + } + + } } @@ -336,5 +356,19 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut public void setIseIDNewDemoMode(boolean iseIDNewDemoMode) { this.iseIDNewDemoMode = iseIDNewDemoMode; } + + public List> getEncMandateNaturalPersonbPKList() { + if (this.encMandateNaturalPersonbPKList == null) + this.encMandateNaturalPersonbPKList = new ArrayList>(); + + return this.encMandateNaturalPersonbPKList; + + } + + public void setEncMandateNaturalPersonbPKList(List> encMandateNaturalPersonbPKList) { + this.encMandateNaturalPersonbPKList = encMandateNaturalPersonbPKList; + } + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java index ec8c7629f..c5a8d88b7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java @@ -18,7 +18,9 @@ public class BPKListAttributeBuilder extends BPKAttributeBuilder implements IPVP private static final Logger log = LoggerFactory.getLogger(BPKListAttributeBuilder.class); - protected static final String DELIMITER_BPK_LIST = ";"; + public static final String DELIMITER_BPK_LIST = ";"; + public static final String LIST_ELEMENT_START = "("; + public static final String LIST_ELEMENT_END = ")"; public String getName() { return BPK_LIST_NAME; @@ -26,16 +28,18 @@ public class BPKListAttributeBuilder extends BPKAttributeBuilder implements IPVP public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) throws AttributeBuilderException { - String result = getBpkForSP(authData); + String result = LIST_ELEMENT_START + getBpkForSP(authData) + LIST_ELEMENT_END; //add additional bPKs if someone are available if (authData.getAdditionalbPKs() != null && !authData.getAdditionalbPKs().isEmpty()) { log.info("Adding additional bPKs into bPK attribute"); for (Pair el : authData.getAdditionalbPKs()) { result += DELIMITER_BPK_LIST - + removeBpkTypePrefix(el.getSecond()) - + DELIMITER_BPKTYPE_BPK - + attrMaxSize(el.getFirst()); + + LIST_ELEMENT_START + + removeBpkTypePrefix(el.getSecond()) + + DELIMITER_BPKTYPE_BPK + + attrMaxSize(el.getFirst()) + + LIST_ELEMENT_END; } log.trace("Authenticate user with bPK-List: " + result); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java index 44043ec40..bf7187e51 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java @@ -28,6 +28,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.logging.Logger; @@ -35,6 +36,8 @@ import at.gv.egovernment.moa.logging.Logger; @PVPMETADATA public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder { + public static final String DELIMITER_ENCBPK_TARGET = "|"; + public String getName() { return ENC_BPK_LIST_NAME; } @@ -45,12 +48,22 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder { if (authData instanceof IMOAAuthData) { if (((IMOAAuthData)authData).getEncbPKList() != null && ((IMOAAuthData)authData).getEncbPKList().size() > 0) { - String value = ((IMOAAuthData)authData).getEncbPKList().get(0); - for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++) - value += ";"+((IMOAAuthData)authData).getEncbPKList().get(i); + Pair value = ((IMOAAuthData)authData).getEncbPKList().get(0); + String result = BPKListAttributeBuilder.LIST_ELEMENT_START + + value.getSecond() + DELIMITER_ENCBPK_TARGET + value.getFirst() + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++) { + Pair el = ((IMOAAuthData)authData).getEncbPKList().get(i); + result += BPKListAttributeBuilder.DELIMITER_BPK_LIST + + BPKListAttributeBuilder.LIST_ELEMENT_START + + el.getSecond() + DELIMITER_ENCBPK_TARGET + el.getFirst() + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + } return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, - value); + result); } @@ -59,16 +72,6 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder { throw new UnavailableAttributeException(ENC_BPK_LIST_NAME); -// String encbpk = "XXX01234567890XXX"; -// String type = "Bereich"; -// String vkz = "Verfahrenskennzeichen"; -// -// //TODO: implement encrypted bPK support -// -// Logger.trace("Authenticate user with encrypted bPK " + vkz + "+" + type + "|" + encbpk); -// -// return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, -// vkz + "+" + type + "|" + encbpk); } public ATT buildEmpty(IAttributeGenerator g) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java index f67f79dcf..4d41cc19b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java @@ -22,11 +22,13 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; +import org.apache.commons.lang3.StringUtils; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; @@ -36,9 +38,9 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; @@ -57,42 +59,10 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) throws AttributeBuilderException { try { - Pair calcResult = internalBPKGenerator((IOAAuthParameters)oaParam, authData); - if (calcResult != null) { - String bpk = calcResult.getFirst(); - String type = calcResult.getSecond(); - - if (MiscUtil.isEmpty(bpk)) - throw new UnavailableAttributeException(BPK_NAME); - - if (type != null) { - if (type.startsWith(Constants.URN_PREFIX_WBPK)) - type = type.substring((Constants.URN_PREFIX_WBPK + "+").length()); - - else if (type.startsWith(Constants.URN_PREFIX_CDID)) - type = type.substring((Constants.URN_PREFIX_CDID + "+").length()); - - else if (type.startsWith(Constants.URN_PREFIX_EIDAS)) - type = type.substring((Constants.URN_PREFIX_EIDAS + "+").length()); - - } else { - Logger.debug("bPK type is 'null' --> use it as it is"); - - } - - if (bpk.length() > BPK_MAX_LENGTH) { - bpk = bpk.substring(0, BPK_MAX_LENGTH); - } - - Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type); - - if (type != null) - return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, type + ":" + bpk); - else - return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, bpk); - - } - + String bPKResult = getBpkAttributeStringForSP(oaParam, authData); + if (StringUtils.isNoneEmpty(bPKResult)) + return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, bPKResult); + } catch (BuildException | ConfigurationException | EAAFBuilderException e) { Logger.error("Failed to generate IdentificationType"); @@ -103,12 +73,109 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui return null; } - + public ATT buildEmpty(IAttributeGenerator g) { return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME); } - protected Pair internalBPKGenerator(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException { + protected Pair getBpkForSp(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException { + Pair baseId = getBaseIdFromMandate(oaParam, authData); + Pair bPKResult = null; + + if (baseId != null) { + if (baseId.getSecond() != null && baseId.getSecond().equals(Constants.URN_PREFIX_BASEID)) + bPKResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(baseId.getFirst(), + oaParam.getAreaSpecificTargetIdentifier()); + else { + Logger.debug("No BaseId target in mandate. Use it as it is ... "); + bPKResult = Pair.newInstance(baseId.getFirst(), null); + + } + } + + return bPKResult; + + } + + + /** + * Generate the bPK String for this specific SP + * + * @param oaParam + * @param authData + * @return + * @throws UnavailableAttributeException + * @throws EAAFBuilderException + * @throws ConfigurationException + * @throws BuildException + * @throws NoMandateDataAttributeException + */ + protected String getBpkAttributeStringForSP(ISPConfiguration oaParam, IAuthData authData) throws UnavailableAttributeException, EAAFBuilderException, NoMandateDataAttributeException, BuildException, ConfigurationException { + Pair bPKResult = getBpkForSp(oaParam, authData); + if (bPKResult != null) { + String bpk = bPKResult.getFirst(); + String type = bPKResult.getSecond(); + + if (MiscUtil.isEmpty(bpk)) + throw new UnavailableAttributeException(BPK_NAME); + + if (type != null) + type = removeBpkTypePrefix(type); + else + Logger.debug("bPK type is 'null' --> use it as it is"); + + bpk = attrMaxSize(bpk); + + Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type); + + if (type != null) + return type + BPKAttributeBuilder.DELIMITER_BPKTYPE_BPK + bpk; + else + return bpk; + + } + + return null; + + } + + + /** + * Limit the attribute value to maximum size + * + * @param attr + * @return + */ + protected String attrMaxSize(String attr) { + if (attr != null && attr.length() > BPK_MAX_LENGTH) { + attr = attr.substring(0, BPK_MAX_LENGTH); + } + return attr; + + } + + /** + * Remove bPKType prefix if available + * + * @param type + * @return + */ + protected String removeBpkTypePrefix(String type) { + if (type.startsWith(EAAFConstants.URN_PREFIX_WBPK)) + return type.substring((EAAFConstants.URN_PREFIX_WBPK).length()); + + else if (type.startsWith(EAAFConstants.URN_PREFIX_CDID)) + return type.substring((EAAFConstants.URN_PREFIX_CDID).length()); + + else if (type.startsWith(EAAFConstants.URN_PREFIX_EIDAS)) + return type.substring((EAAFConstants.URN_PREFIX_EIDAS).length()); + + else + return type; + + } + + protected Pair getBaseIdFromMandate(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException { //get PVP attribute directly, if exists Pair calcResult = null; if (authData instanceof IMOAAuthData) { @@ -136,13 +203,8 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui Logger.info("Failed to generate IdentificationType"); throw new NoMandateDataAttributeException(); } - - - if (id.getType().equals(Constants.URN_PREFIX_BASEID)) - calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(), - oaParam.getAreaSpecificTargetIdentifier()); - else - calcResult = Pair.newInstance(id.getValue().getValue(), id.getType()); + + calcResult = Pair.newInstance(id.getValue().getValue(), id.getType()); } else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java new file mode 100644 index 000000000..fd00e2f61 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java @@ -0,0 +1,83 @@ + +package at.gv.egovernment.moa.id.protocols.builder.attributes; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; + +@PVPMETADATA +public class MandateNaturalPersonBPKListAttributeBuilder extends MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_BPK_LIST_NAME; + } + + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + + try { + String result = getBpkAttributeStringForSP(oaParam, authData); + + if (result != null) { + result = BPKListAttributeBuilder.LIST_ELEMENT_START + result + BPKListAttributeBuilder.LIST_ELEMENT_END; + + //add additional bPKs if someone are available + if (authData.getAdditionalbPKs() != null && !authData.getAdditionalbPKs().isEmpty()) { + Logger.info("Additional bPKs available. Calculate additional bPKs for mandate ... "); + Pair baseId = getBaseIdFromMandate(oaParam, authData); + if (baseId != null && StringUtils.isNotEmpty(baseId.getSecond()) + && baseId.getSecond().equals(Constants.URN_PREFIX_BASEID)) { + for (Pair el : authData.getAdditionalbPKs()) { + + Pair addBpk = + new BPKBuilder().generateAreaSpecificPersonIdentifier( + baseId.getFirst(), + el.getSecond()); + + Logger.trace("Calculate bPK with " + addBpk.toString()); + + result += BPKListAttributeBuilder.DELIMITER_BPK_LIST + + BPKListAttributeBuilder.LIST_ELEMENT_START + + removeBpkTypePrefix(addBpk.getSecond()) + + BPKAttributeBuilder.DELIMITER_BPKTYPE_BPK + + attrMaxSize(addBpk.getFirst()) + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + } + } + } + + Logger.trace("Authenticate user with List of bPK/wbPK: " + result + " for mandate"); + return g.buildStringAttribute(MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_LIST_NAME, result); + + } + + return null; + + } catch (BuildException | ConfigurationException | EAAFBuilderException e) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAttributeException(); + + } + + } + + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_LIST_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java new file mode 100644 index 000000000..220ccd94e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java @@ -0,0 +1,62 @@ + +package at.gv.egovernment.moa.id.protocols.builder.attributes; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.data.IMOAAuthData; +import at.gv.egovernment.moa.logging.Logger; + +@PVPMETADATA +public class MandateNaturalPersonEncBPKListAttributeBuilder implements IPVPAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_ENC_BPK_LIST_NAME; + } + + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData) authData).isUseMandate()) { + if (((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList() != null && + ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().size() > 0) { + Pair value = ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().get(0); + String result = BPKListAttributeBuilder.LIST_ELEMENT_START + + value.getSecond() + EncryptedBPKAttributeBuilder.DELIMITER_ENCBPK_TARGET + value.getFirst() + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + for (int i=1; i<((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().size(); i++) { + Pair el = ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().get(i); + result += BPKListAttributeBuilder.DELIMITER_BPK_LIST + + BPKListAttributeBuilder.LIST_ELEMENT_START + + el.getSecond() + EncryptedBPKAttributeBuilder.DELIMITER_ENCBPK_TARGET + el.getFirst() + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + } + + return g.buildStringAttribute(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_ENC_BPK_LIST_NAME, + result); + + } + + } else + Logger.trace(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME + " is only availabe if mandates are used"); + + } else + Logger.info(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME + " is only available in MOA-ID context"); + + throw new UnavailableAttributeException(MANDATE_NAT_PER_ENC_BPK_LIST_NAME); + + } + + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_ENC_BPK_LIST_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java index 32b45a595..88648b56e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java @@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.No import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; +@Deprecated @PVPMETADATA public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttributeBuilder { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java index 90a0d61c9..223994e6e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java @@ -38,6 +38,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.No import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; +@Deprecated @PVPMETADATA public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAttributeBuilder { diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index b4e62a344..a10b9b3e0 100644 --- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder +++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -21,3 +21,5 @@ at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilde at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeOIDAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.HolderOfKey at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder +at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder +at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java index 1ea057186..c3420d833 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java @@ -10,6 +10,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; @@ -72,14 +73,14 @@ public class AuthenticationDataBuilderTest { throw new Exception("bPKType wrong"); - List foreignbPKs = authData.getEncbPKList(); + List> foreignbPKs = authData.getEncbPKList(); if (foreignbPKs.isEmpty()) throw new Exception("NO foreign bPK list is null"); if (foreignbPKs.size() != 1) throw new Exception("NO or MORE THAN ONE foreign bPK"); - if (!foreignbPKs.get(0).startsWith("(wbpk+FN+195738a|") && !(foreignbPKs.get(0).endsWith(")"))) + if (!foreignbPKs.get(0).getSecond().equals("wbpk+FN+195738a") && !(foreignbPKs.get(0).getFirst().isEmpty())) throw new Exception("foreign bPK has wrong prefix"); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java index 8e9d1e4f5..9779b0cf4 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java @@ -55,7 +55,9 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBirthDateAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonFamilyNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonGivenNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder; @@ -139,6 +141,8 @@ public final class OAuth20AttributeBuilder { buildersMandate.add(new MandateNaturalPersonSourcePinAttributeBuilder()); buildersMandate.add(new MandateNaturalPersonSourcePinTypeAttributeBuilder()); buildersMandate.add(new MandateNaturalPersonBPKAttributeBuilder()); + buildersMandate.add(new MandateNaturalPersonBPKListAttributeBuilder()); + buildersMandate.add(new MandateNaturalPersonEncBPKListAttributeBuilder()); buildersMandate.add(new MandateNaturalPersonFamilyNameAttributeBuilder()); buildersMandate.add(new MandateNaturalPersonGivenNameAttributeBuilder()); buildersMandate.add(new MandateNaturalPersonBirthDateAttributeBuilder()); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java index 02577c110..e7280f847 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -198,7 +198,7 @@ public class SSOTransferAuthenticationData implements IMOAAuthData { * @see at.gv.egovernment.moa.id.data.IAuthData#getEncbPKList() */ @Override - public List getEncbPKList() { + public List> getEncbPKList() { // TODO Auto-generated method stub return null; } @@ -387,5 +387,11 @@ public class SSOTransferAuthenticationData implements IMOAAuthData { return false; } + @Override + public List> getEncMandateNaturalPersonbPKList() { + // TODO Auto-generated method stub + return null; + } + } diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 23d214d3e..64a4bae63 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -48,6 +48,7 @@ import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.data.Pair; @@ -75,6 +76,8 @@ import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.data.MOAAuthenticationData; import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; @@ -352,26 +355,79 @@ public class SAML1AuthenticationServer extends AuthenticationServer { if (oaAttributes == null) oaAttributes = new ArrayList(); - - String additionalBpks = new BPKListAttributeBuilder().build( - oaParam, - authData, - new SimpleStringAttributeGenerator()); - Logger.trace("Adding additional bPKs: " + additionalBpks + " as attribute into SAML1 assertion ... "); - oaAttributes.add(new ExtendedSAMLAttributeImpl( - PVPAttributeDefinitions.BPK_LIST_FRIENDLY_NAME, additionalBpks, - Constants.MOA_NS_URI, - ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + try { + String additionalBpks = new BPKListAttributeBuilder().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + if (MiscUtil.isNotEmpty(additionalBpks)) { + Logger.trace("Adding additional bPKs: " + additionalBpks + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.BPK_LIST_FRIENDLY_NAME, additionalBpks, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + } catch (AttributeBuilderException e) { + Logger.info("Can NOT build additional bPKs. Reason: " + e.getMessage()); + + } - String encryptedBpks = new EncryptedBPKAttributeBuilder().build( - oaParam, - authData, - new SimpleStringAttributeGenerator()); - Logger.trace("Adding foreign bPKs: " + encryptedBpks + " as attribute into SAML1 assertion ... "); - oaAttributes.add(new ExtendedSAMLAttributeImpl( - PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME, encryptedBpks, - Constants.MOA_NS_URI, - ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + try { + String encryptedBpks = new EncryptedBPKAttributeBuilder().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + if (MiscUtil.isNotEmpty(encryptedBpks)) { + Logger.trace("Adding foreign bPKs: " + encryptedBpks + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME, encryptedBpks, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + } catch (AttributeBuilderException e) { + Logger.info("Can NOT build additional foreign bPKs. Reason: " + e.getMessage()); + + } + + //for mandates + try { + String additionalMandatorBpks = new MandateNaturalPersonBPKListAttributeBuilder().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + if (MiscUtil.isNotEmpty(additionalMandatorBpks)) { + Logger.trace("Adding additional Mandator bPKs: " + additionalMandatorBpks + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, additionalMandatorBpks, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + } catch (AttributeBuilderException e) { + Logger.info("Can NOT build additional Mandator bPKs. Reason: " + e.getMessage()); + + } + + try { + String encryptedMandatorBpks = new MandateNaturalPersonEncBPKListAttributeBuilder().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + if (MiscUtil.isNotEmpty(encryptedMandatorBpks)) { + Logger.trace("Adding foreign Mandator bPKs: " + encryptedMandatorBpks + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, encryptedMandatorBpks, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + } catch (AttributeBuilderException e) { + Logger.info("Can NOT build foreign Mandator bPKs. Reason: " + e.getMessage()); + + } } -- cgit v1.2.3