From 16645606a6e2e6c1b00b2b20ef0373e2c81f7f4a Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 8 Feb 2017 14:44:26 +0100 Subject: update eIDAS node configuration to allow more then on configuration for the same country code. Country codes can be extended by a suffix like NL and NL-Test. Both generates a Authn. request for NL but there are two entries in citizen country selector and maybe two different service URLs --- .../main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index 99e4b4cce..b85938bb7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -96,7 +96,7 @@ public class STORKConfig implements IStorkConfig { new CPEPS(storkCPEPSProps.get(listCounter + "." + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_COUNTRY), new URL(storkCPEPSProps.get(listCounter + "." + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_URL)), enableAssertionEncryption); - cpepsMap.put(moacpep.getCountryCode(), moacpep); + cpepsMap.put(moacpep.getFullCountryCode(), moacpep); } catch (MalformedURLException e) { Logger.warn("CPEPS URL " + @@ -167,7 +167,7 @@ public class STORKConfig implements IStorkConfig { if (StringUtils.isEmpty(ccc) || this.cpepsMap.isEmpty()) return false; - if (this.cpepsMap.containsKey(ccc.toUpperCase())) + if (this.cpepsMap.containsKey(ccc)) return true; else return false; -- cgit v1.2.3 From be8d392611fe2ed733869a4a9701904313a207fd Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 8 Feb 2017 15:59:45 +0100 Subject: update eIDAS assertion generation to generate an error message if attribute that is marked as required is not available --- .../src/main/resources/resources/properties/id_messages_de.properties | 1 + .../resources/properties/protocol_response_statuscodes_de.properties | 1 + 2 files changed, 2 insertions(+) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index b88df0b9d..79dc11f34 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -271,6 +271,7 @@ eIDAS.11=Received eIDAS Error-Response. Reason:{0} eIDAS.12=Received eIDAS AuthnRequest is not valid. Reason:{0} eIDAS.13=Generation of eIDAS Response FAILED. Reason:{0} eIDAS.14=eIDAS Response validation FAILED: LevelOfAssurance {0} is to low. +eIDAS.15=Generation of eIDAS Response FAILED. Required attribute: {0} is NOT available. pvp2.01=Fehler beim kodieren der PVP2 Antwort pvp2.02=Ungueltiges Datumsformat diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index e72a28046..8d6c77831 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -228,6 +228,7 @@ eIDAS.11=1302 eIDAS.12=1305 eIDAS.13=1307 eIDAS.14=1301 +eIDAS.15=1307 pvp2.01=6100 pvp2.06=6100 -- cgit v1.2.3 From dd88bbb1a644575395a03dcd757c0e3174914724 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 9 Feb 2017 15:34:02 +0100 Subject: fix bug in bPK builder for eIDAS targets --- .../src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index 9e4e36fec..32ac8ad68 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -238,7 +238,7 @@ public class BPKBuilder { Logger.debug("Building eIDAS identification from: " + sourceCountry+"/"+destinationCountry+"/" + "[identValue]"); String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bPK; - return Pair.newInstance(eIdentifier, baseIDType); + return Pair.newInstance(eIdentifier, bPKType); } private String calculatebPKwbPK(String basisbegriff) throws BuildException { -- cgit v1.2.3 From 3d6692ef16835b4ceeae3d3e85ea3bce053ab1a4 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 9 Feb 2017 15:35:15 +0100 Subject: add additional validation steps in eIDAS message processing --- .../id/auth/builder/AuthenticationDataBuilder.java | 25 ++++++++++++---------- .../gv/egovernment/moa/id/moduls/RequestImpl.java | 2 +- .../resources/properties/id_messages_de.properties | 1 + .../protocol_response_statuscodes_de.properties | 1 + 4 files changed, 17 insertions(+), 12 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 3264fc3bd..cad3354f5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -71,7 +71,6 @@ import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; @@ -1105,16 +1104,20 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { String baseID = authData.getIdentificationValue(); String baseIDType = authData.getIdentificationType(); - - String eIDASOutboundCountry = pendingReq.getGenericData(RequestImpl.eIDAS_GENERIC_REQ_DATA_COUNTRY, String.class); - - //TODO: maybe find a better solution - String cititzenCountryCode = - authConfig.getBasicMOAIDConfiguration("moa.id.protocols.eIDAS.node.countrycode", - MOAIDAuthConstants.COUNTRYCODE_AUSTRIA); - - if (Constants.URN_PREFIX_BASEID.equals(baseIDType)) { - if (MiscUtil.isNotEmpty(eIDASOutboundCountry) && !cititzenCountryCode.equals(eIDASOutboundCountry)) { + + if (Constants.URN_PREFIX_BASEID.equals(baseIDType)) { + //Calculate eIDAS identifier + if (oaParam.getBusinessService() && + oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_EIDAS)) { + String[] splittedTarget = oaParam.getIdentityLinkDomainIdentifier().split("\\+"); + String cititzenCountryCode = splittedTarget[1]; + String eIDASOutboundCountry = splittedTarget[2]; + + if (cititzenCountryCode.equalsIgnoreCase(eIDASOutboundCountry)) { + Logger.warn("Suspect configuration FOUND!!! CitizenCountry equals DestinationCountry"); + + } + Pair eIDASID = new BPKBuilder().buildeIDASIdentifer(baseIDType, baseID, cititzenCountryCode, eIDASOutboundCountry); Logger.debug("Authenticate user with bPK:" + eIDASID.getFirst() + " Type:" + eIDASID.getSecond()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java index b612352c6..b87574d52 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java @@ -61,7 +61,7 @@ public abstract class RequestImpl implements IRequest, Serializable{ public static final String DATAID_REQUESTER_IP_ADDRESS = "requesterIP"; - public static final String eIDAS_GENERIC_REQ_DATA_COUNTRY = "country"; +// public static final String eIDAS_GENERIC_REQ_DATA_COUNTRY = "country"; public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_LoA"; diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 79dc11f34..1a2f0d1d3 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -272,6 +272,7 @@ eIDAS.12=Received eIDAS AuthnRequest is not valid. Reason:{0} eIDAS.13=Generation of eIDAS Response FAILED. Reason:{0} eIDAS.14=eIDAS Response validation FAILED: LevelOfAssurance {0} is to low. eIDAS.15=Generation of eIDAS Response FAILED. Required attribute: {0} is NOT available. +eIDAS.16=eIDAS Response attribute-validation FAILED. Attribute:{0} Reason: {1}. pvp2.01=Fehler beim kodieren der PVP2 Antwort pvp2.02=Ungueltiges Datumsformat diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index 8d6c77831..c6d0844ce 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -229,6 +229,7 @@ eIDAS.12=1305 eIDAS.13=1307 eIDAS.14=1301 eIDAS.15=1307 +eIDAS.16=1301 pvp2.01=6100 pvp2.06=6100 -- cgit v1.2.3