From fd786b4402841508acef77e75bacd369efbbcf96 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 3 Oct 2018 12:54:53 +0200 Subject: add first raw code elements to collect eID4U attributes during a Austrian authentication process Node: auth. process selection and attribute collection is NOT implemented, yet --- .../tasks/CollectAddtionalAttributesTask.java | 31 ++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java (limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java') diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java new file mode 100644 index 000000000..d0619d7f7 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java @@ -0,0 +1,31 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.logging.Logger; + +@Component("CollectAddtionalAttributesTask") +public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { + + @Override + public void execute(ExecutionContext arg0, HttpServletRequest arg1, HttpServletResponse arg2) + throws TaskExecutionException { + try{ + Logger.debug("Starting eID4U attribute collection process ... "); + + + } catch (Exception e) { + Logger.error("IdentityLink generation for foreign person FAILED.", e); + throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + + } + + } + +} -- cgit v1.2.3 From abae1d0a880178568e742c09779bd2a47394f1e4 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 4 Oct 2018 11:16:24 +0200 Subject: add some more basic untested code for eID4U. - add auth.process selection - add eID4U attribute extraction --- .../tasks/CollectAddtionalAttributesTask.java | 34 ++++++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) (limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java') diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java index d0619d7f7..71b7b927e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java @@ -8,7 +8,11 @@ import org.springframework.stereotype.Component; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; import at.gv.egovernment.moa.logging.Logger; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.Builder; @Component("CollectAddtionalAttributesTask") public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { @@ -17,9 +21,35 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { public void execute(ExecutionContext arg0, HttpServletRequest arg1, HttpServletResponse arg2) throws TaskExecutionException { try{ - Logger.debug("Starting eID4U attribute collection process ... "); - + if (pendingReq instanceof EIDASData) { + EIDASData eidasReq = (EIDASData) pendingReq; + Logger.debug("Find eIDAS Auth. Req. Check if eID4U attributes are requested ..."); + //select all eID4U attributes from requested attributes + Builder reqEid4uAttrListBuilder = ImmutableAttributeMap.builder(); + ImmutableAttributeMap reqAttrList = eidasReq.getEidasRequestedAttributes(); + for (String el : Definitions.EID4UATTRIBUTEELIST) { + if(reqAttrList.getAttributeValuesByNameUri(el) == null) { + Logger.debug("Find eID4U attr: " + el); + reqEid4uAttrListBuilder.put(reqAttrList.getDefinitionByNameUri(el)); + + } + } + + //collect eID4U attributes, if some attributes are selected before + ImmutableAttributeMap reqEid4uAttrList = reqEid4uAttrListBuilder.build(); + if (reqEid4uAttrList != null && reqEid4uAttrList.size() > 0) { + Logger.info("Starting eID4U attribute collection process ... "); + //TODO: implement collection process + + + + } else + Logger.debug("No eID4U attributes found. Skip eID4U attribute collection"); + + } else + Logger.debug("No eIDAS Request found. Skip eID4U attribute collection"); + } catch (Exception e) { Logger.error("IdentityLink generation for foreign person FAILED.", e); throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); -- cgit v1.2.3 From f27dd94733a9c2cf3a6e4f5611fbeff9de199720 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 14 Dec 2018 13:18:23 +0100 Subject: some more updates and first code for TUG interaction --- .../tasks/CollectAddtionalAttributesTask.java | 108 ++++++++++++++++++++- 1 file changed, 105 insertions(+), 3 deletions(-) (limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java') diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java index 71b7b927e..7cd276043 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java @@ -1,24 +1,43 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; +import java.util.Map; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egiz.eid4u.api.attributes.natural.IdType; +import at.gv.egiz.eid4u.api.attributes.natural.MaritalState; +import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthAction; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; import at.gv.egovernment.moa.logging.Logger; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.Builder; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; @Component("CollectAddtionalAttributesTask") public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { + @Autowired private OAuth20AuthAction openIDAuthAction; + @Autowired private ITransactionStorage transactionStorage; + @Autowired private AuthenticationDataBuilder authDataBuilder; + @Override - public void execute(ExecutionContext arg0, HttpServletRequest arg1, HttpServletResponse arg2) + public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp) throws TaskExecutionException { try{ if (pendingReq instanceof EIDASData) { @@ -29,7 +48,7 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { Builder reqEid4uAttrListBuilder = ImmutableAttributeMap.builder(); ImmutableAttributeMap reqAttrList = eidasReq.getEidasRequestedAttributes(); for (String el : Definitions.EID4UATTRIBUTEELIST) { - if(reqAttrList.getAttributeValuesByNameUri(el) == null) { + if(reqAttrList.getAttributeValuesByNameUri(el) != null) { Logger.debug("Find eID4U attr: " + el); reqEid4uAttrListBuilder.put(reqAttrList.getDefinitionByNameUri(el)); @@ -40,8 +59,46 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { ImmutableAttributeMap reqEid4uAttrList = reqEid4uAttrListBuilder.build(); if (reqEid4uAttrList != null && reqEid4uAttrList.size() > 0) { Logger.info("Starting eID4U attribute collection process ... "); - //TODO: implement collection process + + //generate scope from attributes + + + //load connection parameters to TUG + String uniqueID = null; + + + /* + *build openID and set connect token + */ + + //generate fake OpenID_Connect request + OAuth20AuthRequest fakeOpenIDReq = new OAuth20AuthRequest(); + fakeOpenIDReq.setOnlineApplicationConfiguration(authConfig.getServiceProviderConfiguration(uniqueID)); + fakeOpenIDReq.setScope("openId profile"); + + //populate with SessionData + fakeOpenIDReq.setRawDataToTransaction( + pendingReq.getSessionData(AuthenticationSessionWrapper.class) + .getKeyValueRepresentationFromAuthSession()); + + //generate authData + IAuthData authData = authDataBuilder.buildAuthenticationData(fakeOpenIDReq); + + //generate OpenIDConenct token + String accessToken = Random.nextHexRandom32(); + OAuth20SessionObject o = new OAuth20SessionObject(); + o.setScope(fakeOpenIDReq.getScope()); + o.setCode(accessToken); + Map idToken = openIDAuthAction.generateIDToken(o, fakeOpenIDReq, authData, accessToken); + o.setAuthDataSession(idToken); + transactionStorage.put(accessToken, o, -1); + + //forward to TUG + + + //TODO: implement collection process + populateEid4uDummyAttributes(); } else @@ -58,4 +115,49 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { } + private void populateEid4uDummyAttributes() { + try { + eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress.Builder dummyAddr = PostalAddress.builder(); + dummyAddr.postCode("8020"); + dummyAddr.postName("Graz"); + dummyAddr.addressId("25"); + dummyAddr.cvAddressArea("Mustergasse"); + dummyAddr.locatorDesignator("25"); + dummyAddr.thoroughfare("Mustergasse"); + + AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + session.setGenericDataToSession(Definitions.IDTYPE_NAME, IdType.PASSPORT); + session.setGenericDataToSession(Definitions.IDNUMBER_NAME, "P0571414"); + session.setGenericDataToSession(Definitions.IDISSUER_NAME, "Magistrat Nirgendwo"); + session.setGenericDataToSession(Definitions.IDEXPIREDATE_NAME, "2020-01-01"); + session.setGenericDataToSession(Definitions.EHICID_NAME, "80010000012345678990"); + session.setGenericDataToSession(Definitions.NATIONALITY_NAME, "AT"); + session.setGenericDataToSession(Definitions.CITIZENSHIP_FRIENDLYNAME, "AT"); + session.setGenericDataToSession(Definitions.MARITALSTATE_NAME, MaritalState.SINGLE); + session.setGenericDataToSession(Definitions.COUNTRYOFBIRTH_NAME, "AT"); + session.setGenericDataToSession(Definitions.EMAIL_NAME, "max.mustermann@domain.at"); + session.setGenericDataToSession(Definitions.PHONE_NAME, "+43666111222444"); + session.setGenericDataToSession(Definitions.TEMPORARYADDRESS_NAME, dummyAddr.build()); + session.setGenericDataToSession(Definitions.TAXIDENTIFICATIONNUMBER_NAME, "AT/1213454654718"); + session.setGenericDataToSession(Definitions.HOMEINSTITUTIONNAME_NAME, "Graz Technical University"); + session.setGenericDataToSession(Definitions.HOMEINSTITUTIONIDENTIFIER_NAME, "A GRAZ02"); + session.setGenericDataToSession(Definitions.HOMEINSTITUTIONCOUNTRY_NAME, "AT"); + session.setGenericDataToSession(Definitions.HOMEINSTITUTIONADDRESS_NAME, dummyAddr.build()); + session.setGenericDataToSession(Definitions.CURRENTLEVELOFSTUDY_NAME, "7"); + session.setGenericDataToSession(Definitions.FIELDOFSTUDY_NAME, "52"); + session.setGenericDataToSession(Definitions.CURRENTDEGREE_NAME, "MsC"); + session.setGenericDataToSession(Definitions.DEGREE_NAME, "6"); + session.setGenericDataToSession(Definitions.DEGREEAWARDINGINSTITUTION_NAME, "Graz Technical University"); + session.setGenericDataToSession(Definitions.GRADUATIONYEAR_NAME, "2016"); + session.setGenericDataToSession(Definitions.DEGREECOUNTRY_NAME, "AT"); + + //TODO: not all attributes are populated with dummy values + + } catch (EAAFStorageException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + } + } -- cgit v1.2.3 From 9ddeacf32976d14c3f2f70ec446262998eb8a68e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 4 Feb 2019 08:00:14 +0100 Subject: add code for eID4U attribute collection --- .../tasks/CollectAddtionalAttributesTask.java | 124 ++++++++++----------- 1 file changed, 60 insertions(+), 64 deletions(-) (limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java') diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java index 7cd276043..9d9d44b34 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java @@ -11,23 +11,26 @@ import org.springframework.stereotype.Component; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; -import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egiz.eid4u.api.attributes.Definitions; -import at.gv.egiz.eid4u.api.attributes.natural.IdType; -import at.gv.egiz.eid4u.api.attributes.natural.MaritalState; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants; +import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SimpleEidasAttributeGenerator; import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthAction; import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20Protocol; +import at.gv.egovernment.moa.id.util.CookieUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.Builder; -import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; @Component("CollectAddtionalAttributesTask") public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { @@ -40,6 +43,8 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp) throws TaskExecutionException { try{ + context.put(eID4UConstants.PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS, false); + if (pendingReq instanceof EIDASData) { EIDASData eidasReq = (EIDASData) pendingReq; Logger.debug("Find eIDAS Auth. Req. Check if eID4U attributes are requested ..."); @@ -59,12 +64,26 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { ImmutableAttributeMap reqEid4uAttrList = reqEid4uAttrListBuilder.build(); if (reqEid4uAttrList != null && reqEid4uAttrList.size() > 0) { Logger.info("Starting eID4U attribute collection process ... "); - - //generate scope from attributes - - + + //mark execution context with eID4U AP flag + context.put(eID4UConstants.PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS, true); + //load connection parameters to TUG - String uniqueID = null; + String uniqueID = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_CONSENT_ENTITYID); + String redirectURI = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_CONSENT_URL); + String scopes = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_SCOPES); + + if (MiscUtil.isEmpty(scopes)) { + //generate scope from attributes + //TODO extract 'scopes' from requested attributes + Logger.warn("Dynamic 'scope' generation is currently NOT supported"); + + } + + Logger.debug("Load eID4U AP-Config:" + + " EntityID: " + uniqueID + + " RedirectURL:" + redirectURI + + " Scopes: " + scopes); /* @@ -72,10 +91,13 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { */ //generate fake OpenID_Connect request - OAuth20AuthRequest fakeOpenIDReq = new OAuth20AuthRequest(); + OAuth20AuthRequest fakeOpenIDReq = new OAuth20AuthRequest(); + fakeOpenIDReq.initialize(httpReq, authConfig); + fakeOpenIDReq.setSPEntityId(uniqueID); + fakeOpenIDReq.setModule(OAuth20Protocol.NAME); fakeOpenIDReq.setOnlineApplicationConfiguration(authConfig.getServiceProviderConfiguration(uniqueID)); fakeOpenIDReq.setScope("openId profile"); - + //populate with SessionData fakeOpenIDReq.setRawDataToTransaction( pendingReq.getSessionData(AuthenticationSessionWrapper.class) @@ -92,14 +114,33 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { Map idToken = openIDAuthAction.generateIDToken(o, fakeOpenIDReq, authData, accessToken); o.setAuthDataSession(idToken); transactionStorage.put(accessToken, o, -1); - - + //forward to TUG - - - //TODO: implement collection process - populateEid4uDummyAttributes(); + httpResp.setStatus(HttpServletResponse.SC_FOUND); + redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_OPENID_CODE, accessToken); + redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_SCOPE, scopes); + redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_STATE, + pendingReq.getPendingRequestId()); + redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_REDIRECT_URI, + pendingReq.getAuthURL() + eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN); + + final String finalUrl = redirectURI; + httpResp.addHeader("Location", finalUrl); + Logger.debug("REDIRECT TO: " + finalUrl.toString()); + //set session cookie, because eID4U AP from TUG maybe not support pendingReqIds on request level + CookieUtils.setCookie(httpReq, httpResp, + eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME, + pendingReq.getPendingRequestId(), -1); + + //set user's bPK into pendingRequst because TUG AttributeProvider needs it + pendingReq.setRawDataToTransaction( + eID4UConstants.PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER, + new BPKAttributeBuilder().build( + fakeOpenIDReq.getServiceProviderConfiguration(), + authData, + new SimpleEidasAttributeGenerator())); + requestStoreage.storePendingRequest(pendingReq); } else Logger.debug("No eID4U attributes found. Skip eID4U attribute collection"); @@ -108,54 +149,9 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { Logger.debug("No eIDAS Request found. Skip eID4U attribute collection"); } catch (Exception e) { - Logger.error("IdentityLink generation for foreign person FAILED.", e); - throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); - - } - - } - - private void populateEid4uDummyAttributes() { - try { - eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress.Builder dummyAddr = PostalAddress.builder(); - dummyAddr.postCode("8020"); - dummyAddr.postName("Graz"); - dummyAddr.addressId("25"); - dummyAddr.cvAddressArea("Mustergasse"); - dummyAddr.locatorDesignator("25"); - dummyAddr.thoroughfare("Mustergasse"); - - AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); - session.setGenericDataToSession(Definitions.IDTYPE_NAME, IdType.PASSPORT); - session.setGenericDataToSession(Definitions.IDNUMBER_NAME, "P0571414"); - session.setGenericDataToSession(Definitions.IDISSUER_NAME, "Magistrat Nirgendwo"); - session.setGenericDataToSession(Definitions.IDEXPIREDATE_NAME, "2020-01-01"); - session.setGenericDataToSession(Definitions.EHICID_NAME, "80010000012345678990"); - session.setGenericDataToSession(Definitions.NATIONALITY_NAME, "AT"); - session.setGenericDataToSession(Definitions.CITIZENSHIP_FRIENDLYNAME, "AT"); - session.setGenericDataToSession(Definitions.MARITALSTATE_NAME, MaritalState.SINGLE); - session.setGenericDataToSession(Definitions.COUNTRYOFBIRTH_NAME, "AT"); - session.setGenericDataToSession(Definitions.EMAIL_NAME, "max.mustermann@domain.at"); - session.setGenericDataToSession(Definitions.PHONE_NAME, "+43666111222444"); - session.setGenericDataToSession(Definitions.TEMPORARYADDRESS_NAME, dummyAddr.build()); - session.setGenericDataToSession(Definitions.TAXIDENTIFICATIONNUMBER_NAME, "AT/1213454654718"); - session.setGenericDataToSession(Definitions.HOMEINSTITUTIONNAME_NAME, "Graz Technical University"); - session.setGenericDataToSession(Definitions.HOMEINSTITUTIONIDENTIFIER_NAME, "A GRAZ02"); - session.setGenericDataToSession(Definitions.HOMEINSTITUTIONCOUNTRY_NAME, "AT"); - session.setGenericDataToSession(Definitions.HOMEINSTITUTIONADDRESS_NAME, dummyAddr.build()); - session.setGenericDataToSession(Definitions.CURRENTLEVELOFSTUDY_NAME, "7"); - session.setGenericDataToSession(Definitions.FIELDOFSTUDY_NAME, "52"); - session.setGenericDataToSession(Definitions.CURRENTDEGREE_NAME, "MsC"); - session.setGenericDataToSession(Definitions.DEGREE_NAME, "6"); - session.setGenericDataToSession(Definitions.DEGREEAWARDINGINSTITUTION_NAME, "Graz Technical University"); - session.setGenericDataToSession(Definitions.GRADUATIONYEAR_NAME, "2016"); - session.setGenericDataToSession(Definitions.DEGREECOUNTRY_NAME, "AT"); - - //TODO: not all attributes are populated with dummy values + Logger.error("eID4U AttributeProvider communication FAILED.", e); + throw new TaskExecutionException(pendingReq, "eID4U AttributeProvider communication FAILED", e); - } catch (EAAFStorageException e) { - // TODO Auto-generated catch block - e.printStackTrace(); } } -- cgit v1.2.3 From 3e1aba668f76677ecd3923b039e52b5bb5348d96 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 19 Feb 2019 11:30:59 +0100 Subject: update eID4u attribute collection and add a jUnit test for TUG->eID4u attribute mapping --- .../tasks/CollectAddtionalAttributesTask.java | 30 +++++++++++++++++++--- 1 file changed, 26 insertions(+), 4 deletions(-) (limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java') diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java index 9d9d44b34..a58bc4f8d 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java @@ -5,9 +5,12 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import com.google.common.collect.UnmodifiableIterator; + import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; @@ -19,7 +22,8 @@ import at.gv.egiz.eid4u.api.attributes.Definitions; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants; -import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SimpleEidasAttributeGenerator; +import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper; +import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; @@ -31,6 +35,7 @@ import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.Builder; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.ImmutableAttributeEntry; @Component("CollectAddtionalAttributesTask") public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { @@ -75,8 +80,7 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { if (MiscUtil.isEmpty(scopes)) { //generate scope from attributes - //TODO extract 'scopes' from requested attributes - Logger.warn("Dynamic 'scope' generation is currently NOT supported"); + scopes = mapReqAttributesIntoScopes(reqEid4uAttrList); } @@ -139,7 +143,7 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { new BPKAttributeBuilder().build( fakeOpenIDReq.getServiceProviderConfiguration(), authData, - new SimpleEidasAttributeGenerator())); + new SimpleStringAttributeGenerator())); requestStoreage.storePendingRequest(pendingReq); } else @@ -156,4 +160,22 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { } + private String mapReqAttributesIntoScopes(ImmutableAttributeMap reqEid4uAttrList) { + String result = StringUtils.EMPTY; + UnmodifiableIterator> it = reqEid4uAttrList.entrySet().iterator(); + while (it.hasNext()) { + ImmutableAttributeEntry el = it.next(); + String scope = AttributeScopeMapper.getInstance().getTUGScopesForAttribute( + el.getKey().getNameUri().toString()); + + if (result.isEmpty()) + result = scope; + else + result += " " + scope; + + } + + return result; + } + } -- cgit v1.2.3