From 6b38531ef2a829e3dab513ae8c679511a848421d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 14 Jun 2018 16:30:49 +0200 Subject: untested, but without dependency problems --- .../MOAeIDASSAMLEngineConfigurationImpl.java | 4 +- .../eidas/eIDASAuthenticationModulImpl.java | 6 +-- .../engine/MOAeIDASChainingMetadataProvider.java | 13 ++++-- .../eidas/tasks/CreateIdentityLinkTask.java | 23 +++++++---- .../eidas/tasks/GenerateAuthnRequestTask.java | 23 +++++------ .../eidas/tasks/ReceiveAuthnResponseTask.java | 27 +++++++------ .../auth/modules/eidas/utils/SAMLEngineUtils.java | 2 +- .../eidas/utils/SimpleEidasAttributeGenerator.java | 4 +- .../modules/eidas/utils/eIDASAttributeBuilder.java | 23 ++++++----- .../moa/id/protocols/eidas/EIDASData.java | 11 +----- .../moa/id/protocols/eidas/EIDASProtocol.java | 26 ++++++------ .../id/protocols/eidas/EidasMetaDataRequest.java | 12 +++--- .../eidas/attributes/builder/IeIDASAttribute.java | 4 +- .../attributes/builder/eIDASAttrDateOfBirth.java | 4 +- .../attributes/builder/eIDASAttrFamilyName.java | 14 +++---- .../attributes/builder/eIDASAttrGivenName.java | 12 +++--- .../builder/eIDASAttrLegalPersonIdentifier.java | 39 +++++++++--------- .../eIDASAttrNaturalPersonalIdentifier.java | 14 +++---- ...DASAttrRepresentativeLegalPersonIdentifier.java | 46 ++++++++++++---------- ...ttrRepresentativeNaturalPersonalIdentifier.java | 14 +++---- .../eidas/eIDASAuthenticationRequest.java | 16 ++++---- .../eidas/validator/eIDASResponseValidator.java | 3 +- 22 files changed, 182 insertions(+), 158 deletions(-) (limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv') diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java index 78793d3fc..d743b57e3 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java @@ -131,7 +131,7 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends private Properties loadConfigurationFromExternalFile(String key) throws ConfigurationException { String configFile = - AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration(key); + AuthConfigurationProviderFactory.getInstance().getBasicConfiguration(key); if (MiscUtil.isEmpty(configFile)) { Logger.warn("No eIDAS SAML-engine configuration key: " + key + " found in MOA-ID properties configuration file."); @@ -150,7 +150,7 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends Properties inputProps = loadConfigurationFromExternalFile(configKey); String configFile = - AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration(configKey); + AuthConfigurationProviderFactory.getInstance().getBasicConfiguration(configKey); PropsParameter outputProps = new PropsParameter(); outputProps.setFileName(configFile); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java index 90dbb7342..ec042949a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java @@ -24,8 +24,8 @@ package at.gv.egovernment.moa.id.auth.modules.eidas; import org.apache.commons.lang3.StringUtils; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; /** * @author tlenz @@ -37,7 +37,7 @@ public class eIDASAuthenticationModulImpl implements AuthModule { @Override public int getPriority() { - return priority; + return priority; } /** diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java index a2ec47a45..94cd04ca7 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java @@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.auth.IDestroyableObject; import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing; import at.gv.egovernment.moa.id.auth.IPostStartupInitializable; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter; @@ -71,11 +72,17 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider */ @Override public void executeAfterStartup() { - initializeEidasMetadataFromFileSystem(); + try { + initializeEidasMetadataFromFileSystem(); + + } catch (ConfigurationException e) { + Logger.error("Post start-up initialization of eIDAS Metadata-Provider FAILED.", e); + + } } - protected void initializeEidasMetadataFromFileSystem() { + protected void initializeEidasMetadataFromFileSystem() throws ConfigurationException { Map metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX); if (!metadataToLoad.isEmpty()) { Logger.info("Load static configurated eIDAS metadata ... "); @@ -229,7 +236,7 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider //add Metadata filters MetadataFilterChain filter = new MetadataFilterChain(); filter.addFilter(new MOASPMetadataSignatureFilter( - authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE))); + authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE))); return createNewMoaMetadataProvider(metadataURL, filter, "eIDAS metadata-provider", diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java index 4045e1ad6..45033562f 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java @@ -24,27 +24,31 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; import java.io.InputStream; import java.text.SimpleDateFormat; +import java.util.Date; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.joda.time.DateTime; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.w3c.dom.Element; import org.w3c.dom.Node; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; @@ -58,18 +62,18 @@ import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; @Component("CreateIdentityLinkTask") public class CreateIdentityLinkTask extends AbstractAuthServletTask { + @Autowired private AuthConfiguration moaAuthConfig; + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ + */ @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - try{ - defaultTaskInitialization(request, executionContext); - + try{ //get eIDAS attributes from MOA-Session - ImmutableAttributeMap eIDASAttributes = moasession.getGenericDataFromSession( + ImmutableAttributeMap eIDASAttributes = pendingReq.getGenericData( AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, ImmutableAttributeMap.class); @@ -138,7 +142,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { //resign IDL IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); - Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), authConfig.getStorkFakeIdLResigningKey()); + Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), moaAuthConfig.getStorkFakeIdLResigningKey()); identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink(); } else { @@ -156,10 +160,13 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { throw new MOAIDException("stork.10", null); } - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED); + AuthenticationSession moasession = new AuthenticationSession("1234", new Date()); moasession.setForeigner(true); moasession.setIdentityLink(identityLink); moasession.setBkuURL("Not applicable (eIDASAuthentication)"); + pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); + //store MOA-session to database requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java index 4ad5194a9..a87d971d8 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java @@ -44,8 +44,8 @@ import org.springframework.util.StringUtils; import com.google.common.net.MediaType; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; @@ -56,10 +56,11 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetada import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.CPEPS; import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -87,14 +88,14 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try{ //get service-provider configuration - IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaConfig = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); // get target and validate citizen countryCode String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC); @@ -104,7 +105,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { throw new AuthenticationException("eIDAS.03", new Object[] { "" }); } - CPEPS cpeps = authConfig.getStorkConfig().getCPEPSWithFullName(citizenCountryCode); + CPEPS cpeps = ((AuthConfiguration)authConfig).getStorkConfig().getCPEPSWithFullName(citizenCountryCode); if(null == cpeps) { Logger.error("PEPS unknown for country: " + citizenCountryCode); throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode}); @@ -161,7 +162,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { } //TODO: switch to entityID - revisionsLogger.logEvent(oaConfig, pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED, metadataUrl); @@ -181,7 +182,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { } else { boolean globallyMandatory = false; - for (StorkAttribute currentGlobalAttribute : authConfig.getStorkConfig().getStorkAttributes()) + for (StorkAttribute currentGlobalAttribute : ((AuthConfiguration)authConfig).getStorkConfig().getStorkAttributes()) if (current.getName().equals(currentGlobalAttribute.getName())) { globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory()); break; @@ -195,7 +196,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { //request if (reqAttrList.isEmpty()) { - Logger.info("No attributes requested by OA:" + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() + Logger.info("No attributes requested by OA:" + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier() + " --> Request attr:" + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + " by default"); AttributeDefinition newAttribute = SAMLEngineUtils.getMapOfAllAvailableAttributes().get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); Builder attrBuilder = AttributeDefinition.builder(newAttribute).required(true); @@ -235,7 +236,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { //set service provider (eIDAS node) countryCode authnRequestBuilder.serviceProviderCountryCode( - authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT")); + authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT")); //set citizen country code for foreign uses authnRequestBuilder.citizenCountryCode(cpeps.getCountryCode()); @@ -302,7 +303,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { String actionType = "SAMLRequest"; context.put(actionType, SAMLRequest); - context.put("RelayState", pendingReq.getRequestID()); + context.put("RelayState", pendingReq.getPendingRequestId()); context.put("action", authnReqEndpoint.getLocation()); Logger.debug("Using SingleSignOnService url as action: " + authnReqEndpoint.getLocation()); @@ -323,7 +324,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { response.setContentLength(content.length); response.getOutputStream().write(content); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED, authnRequest.getRequest().getId()); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java index 5f6f01f01..55416e92b 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java @@ -7,6 +7,7 @@ import org.opensaml.saml2.core.StatusCode; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; @@ -16,9 +17,9 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetada import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASResponseNotSuccessException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; +import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.eidas.validator.eIDASResponseValidator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; @@ -36,7 +37,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - try{ + try{ //get SAML Response String base64SamlToken = request.getParameter("SAMLResponse"); if (MiscUtil.isEmpty(base64SamlToken)) { @@ -46,7 +47,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { } //get MOASession - defaultTaskInitialization(request, executionContext); + //defaultTaskInitialization(request, executionContext); //decode SAML response byte[] decSamlToken = EidasStringUtil.decodeBytesFromBase64(base64SamlToken); @@ -79,7 +80,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { // ********************************************************** // ******* MOA-ID specific response validation ********** // ********************************************************** - String spCountry = authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"); + String spCountry = authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"); eIDASResponseValidator.validateResponse(pendingReq, samlResp, spCountry); @@ -90,23 +91,23 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { //update MOA-Session data with received information Logger.debug("Store eIDAS response information into MOA-session."); - moasession.setQAALevel(samlResp.getLevelOfAssurance()); - - moasession.setGenericDataToSession( + pendingReq.setGenericDataToSession(AuthProzessDataConstants.VALUE_QAALEVEL, samlResp.getLevelOfAssurance()); + + pendingReq.setGenericDataToSession( AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, samlResp.getAttributes()); - moasession.setGenericDataToSession( + pendingReq.setGenericDataToSession( AuthenticationSessionStorageConstants.eIDAS_RESPONSE, decSamlToken); //set issuer nation as PVP attribute into MOASession - moasession.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry()); + pendingReq.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry()); //store MOA-session to database requestStoreage.storePendingRequest(pendingReq); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED, samlResp.getId()); @@ -116,20 +117,20 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { }catch (EIDASSAMLEngineException e) { Logger.warn("eIDAS Response validation FAILED.", e); Logger.debug("eIDAS response was: " + request.getParameter("SAMLResponse")); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", new EIDASEngineException("eIDAS.09", new Object[]{e.getMessage()}, e)); } catch (MOADatabaseException e) { - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", new MOAIDException("init.04", new Object[]{""}, e)); } catch (Exception e) { Logger.warn("eIDAS Response processing FAILED.", e); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); throw new TaskExecutionException(pendingReq, e.getMessage(), new MOAIDException("eIDAS.10", new Object[]{e.getMessage()}, e)); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java index 02a5df098..8e840e2c1 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java @@ -82,7 +82,7 @@ public class SAMLEngineUtils { //load additional eIDAS attribute definitions String additionalAttributeConfigFile = - AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration( + AuthConfigurationProviderFactory.getInstance().getBasicConfiguration( Constants.CONIG_PROPS_EIDAS_SAMLENGINE_ATTIONAL_ATTRIBUTE_DEFINITIONS); AttributeRegistry addAttrDefinitions = AttributeRegistries.empty(); if (MiscUtil.isNotEmpty(additionalAttributeConfigFile)) { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java index d43fa1622..e3b58d259 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java @@ -22,7 +22,7 @@ */ package at.gv.egovernment.moa.id.auth.modules.eidas.utils; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; /** * @author tlenz @@ -37,7 +37,7 @@ public class SimpleEidasAttributeGenerator implements IAttributeGenerator generator = new SimpleEidasAttributeGenerator(); - + private static List listOfSupportedeIDASAttributes; private static ServiceLoader eIDASAttributLoader = ServiceLoader.load(IeIDASAttribute.class); @@ -99,7 +100,7 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder { * @param authData Authentication data that contains user information for attribute generation * @return eIDAS attribute response {@link Pair} or null if the attribute generation FAILES */ - public static Pair,ImmutableSet>> buildAttribute(AttributeDefinition attr, IOAAuthParameters onlineApplicationConfiguration, + public static Pair,ImmutableSet>> buildAttribute(AttributeDefinition attr, ISPConfiguration onlineApplicationConfiguration, IAuthData authData) { String attrName = attr.getNameUri().toString(); @@ -110,11 +111,15 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder { if (attrBuilder != null) { try { String attrValue = attrBuilder.build(onlineApplicationConfiguration, authData, generator); + boolean isMandatesUsed = false; + if (authData instanceof IMOAAuthData) + isMandatesUsed = ((IMOAAuthData)authData).isUseMandate(); + if (MiscUtil.isNotEmpty(attrValue)) { //set uniqueIdentifier attribute, because eIDAS SAMLEngine use this flag to select the // Subject->NameID value from this attribute Builder eIDASAttrBuilder = AttributeDefinition.builder(attr); - eIDASAttrBuilder.uniqueIdentifier(evaluateUniqueID(attrName, authData.isUseMandate())); + eIDASAttrBuilder.uniqueIdentifier(evaluateUniqueID(attrName, isMandatesUsed)); AttributeDefinition returnAttr = eIDASAttrBuilder.build(); //unmarshal attribute value into eIDAS attribute @@ -135,7 +140,7 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder { } - } catch (AttributeException e) { + } catch (AttributeBuilderException e) { Logger.debug("Attribute can not generate requested attribute:" + attr.getNameUri().toString() + " Reason:" + e.getMessage()); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java index 7d25af05a..a9a3ef01f 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java @@ -1,8 +1,5 @@ package at.gv.egovernment.moa.id.protocols.eidas; -import java.util.Collection; - -import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; @@ -30,13 +27,7 @@ public class EIDASData extends RequestImpl { private String remoteIPAddress; private String remoteRelayState; - - @Override - public Collection getRequestedAttributes(MetadataProvider metadataProvider) { - // TODO Auto-generated method stub - return null; - } - + /** * Gets the eidas requested attributes. * diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index 8ed9e1f2e..ce5f4dc6b 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -45,8 +45,9 @@ import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IModulInfo; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; -import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; @@ -59,7 +60,6 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.MOAIDConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -81,9 +81,11 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException; * * @author tlenz */ -@Controller +@Controller public class EIDASProtocol extends AbstractAuthProtocolModulController implements IModulInfo { + public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE"; + public static final String NAME = EIDASProtocol.class.getName(); public static final String PATH = "eidas"; @@ -109,11 +111,11 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement //eIDAS metadata end-point @RequestMapping(value = "/eidas/metadata", method = {RequestMethod.GET}) - public void eIDASMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException { + public void eIDASMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException { //create pendingRequest object EIDASData pendingReq = applicationContext.getBean(EIDASData.class); - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(NAME); pendingReq.setNeedAuthentication(false); pendingReq.setAuthenticated(false); @@ -138,11 +140,11 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement //PVP2.x IDP POST-Binding end-point @RequestMapping(value = "/eidas/ColleagueRequest", method = {RequestMethod.POST}) - public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { + public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { //create pending-request object EIDASData pendingReq = applicationContext.getBean(EIDASData.class); - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(NAME); revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); @@ -192,7 +194,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider); String cititzenCountryCode = - authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, + authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, MOAIDAuthConstants.COUNTRYCODE_AUSTRIA); @@ -222,7 +224,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement } //check eIDAS node configuration - IOAAuthParameters oaConfig = authConfig.getOnlineApplicationParameter(samlReq.getIssuer()); + ISPConfiguration oaConfig = authConfig.getServiceProviderConfiguration(samlReq.getIssuer()); if (oaConfig == null) throw new EIDASAuthnRequestProcessingException("eIDAS.08", new Object[]{samlReq.getIssuer()}); @@ -347,7 +349,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement pendingReq.setRemoteRelayState(relayState); //store level of assurance - pendingReq.setGenericDataToSession(RequestImpl.eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE, + pendingReq.setGenericDataToSession(eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE, eIDASSamlReq.getEidasLevelOfAssurance().stringValue()); //set flag if transiend identifier is requested @@ -364,7 +366,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement pendingReq.setEidasRequest(eIDASSamlReq); // - memorize OA url - pendingReq.setOAURL(samlReq.getIssuer()); + pendingReq.setSPEntityId(samlReq.getIssuer()); // - memorize OA config pendingReq.setOnlineApplicationConfiguration(oaConfig); @@ -487,7 +489,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement private boolean iseIDASTargetAValidOrganisation(String reqCC, String bPKTargetArea) { if (MiscUtil.isNotEmpty(reqCC)) { List allowedOrganisations = KeyValueUtils.getListOfCSVValues( - authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROPS_EIDAS_BPK_TARGET_PREFIX + reqCC.toLowerCase())); + authConfig.getBasicConfiguration(Constants.CONFIG_PROPS_EIDAS_BPK_TARGET_PREFIX + reqCC.toLowerCase())); if (allowedOrganisations.contains(bPKTargetArea)) { Logger.debug(bPKTargetArea + " is a valid OrganisationIdentifier for request-country: "+ reqCC); return true; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java index 5df905d31..bbd132a3b 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java @@ -28,10 +28,10 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.stereotype.Service; -import at.gv.egiz.eaaf.core.api.IAction; import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; @@ -56,7 +56,7 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException; */ @Service("EidasMetaDataRequest") public class EidasMetaDataRequest implements IAction { - + @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider; @Autowired(required=true) AuthConfiguration authConfig; @@ -136,7 +136,7 @@ public class EidasMetaDataRequest implements IAction { metadataConfigBuilder.authnRequestsSigned(true); metadataConfigBuilder.wantAssertionsSigned(true); metadataConfigBuilder.assuranceLevel( - authConfig.getBasicMOAIDConfiguration( + authConfig.getBasicConfiguration( Constants.CONIG_PROPS_EIDAS_NODE_LoA, MOAIDAuthConstants.eIDAS_LOA_HIGH)); @@ -172,7 +172,7 @@ public class EidasMetaDataRequest implements IAction { if (pvpOrganisation != null) { eu.eidas.auth.engine.metadata.OrganizationData.Builder organizationConfig = OrganizationData.builder(); organizationConfig.url(pvpOrganisation.getURLs().get(0).getURL().getLocalString()); - organizationConfig.name(authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRY, "Austria")); + organizationConfig.name(authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRY, "Austria")); //TODO: add display name and maybe update name diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/IeIDASAttribute.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/IeIDASAttribute.java index 15060fb52..84b68f91a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/IeIDASAttribute.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/IeIDASAttribute.java @@ -22,12 +22,12 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; /** * @author tlenz * */ -public interface IeIDASAttribute extends IAttributeBuilder{ +public interface IeIDASAttribute extends IAttributeBuilder{ } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java index 64e5ae770..1f00af765 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java @@ -22,14 +22,14 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.BirthdateAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BirthdateAttributeBuilder; /** * @author tlenz * */ public class eIDASAttrDateOfBirth extends BirthdateAttributeBuilder implements IeIDASAttribute { - + @Override public String getName() { return eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.DATE_OF_BIRTH.getNameUri().toString(); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java index 6fde4696a..50b270765 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java @@ -22,10 +22,10 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; /** * @author tlenz @@ -36,7 +36,7 @@ public class eIDASAttrFamilyName implements IeIDASAttribute{ /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#getName() */ - @Override + @Override public String getName() { return eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_FAMILY_NAME.getNameUri().toString(); } @@ -45,8 +45,8 @@ public class eIDASAttrFamilyName implements IeIDASAttribute{ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator) */ @Override - public ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator g) - throws AttributeException { + public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) + throws AttributeBuilderException { return g.buildStringAttribute(null, getName(), authData.getFamilyName()); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java index 812e9f83a..3b83a9793 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java @@ -22,10 +22,10 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; /** * @author tlenz @@ -45,8 +45,8 @@ public class eIDASAttrGivenName implements IeIDASAttribute{ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator) */ @Override - public ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator g) - throws AttributeException { + public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) + throws AttributeBuilderException { return g.buildStringAttribute(null, getName(), authData.getGivenName()); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java index 028be9096..7f18c21cb 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java @@ -22,11 +22,12 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -38,24 +39,26 @@ import at.gv.egovernment.moa.util.MiscUtil; public class eIDASAttrLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute { @Override - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { - if(authData.isUseMandate()) { + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + + if (authData instanceof IMOAAuthData) { + if(((IMOAAuthData)authData).isUseMandate()) { - //extract eIDAS unique Id prefix from naturalPerson bPK identifier - if (MiscUtil.isEmpty(authData.getBPKType()) + //extract eIDAS unique Id prefix from naturalPerson bPK identifier + if (MiscUtil.isEmpty(authData.getBPKType()) || !authData.getBPKType().startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { - Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); - throw new AttributeException("Suspect bPKType for eIDAS identifier generation"); + Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); + throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation"); - } - - //add eIDAS eID prefix to legal person identifier - String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1); - String legalPersonID = prefix.replaceAll("\\+", "/") + "/" + getLegalPersonIdentifierFromMandate(authData); - return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, - MANDATE_LEG_PER_SOURCE_PIN_NAME, legalPersonID); + } + //add eIDAS eID prefix to legal person identifier + String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1); + String legalPersonID = prefix.replaceAll("\\+", "/") + "/" + getLegalPersonIdentifierFromMandate(((IMOAAuthData)authData)); + return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_LEG_PER_SOURCE_PIN_NAME, legalPersonID); + } } return null; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java index f36f9298c..14b1d06b6 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java @@ -24,14 +24,14 @@ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; import java.security.MessageDigest; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils; import at.gv.egovernment.moa.id.data.Trible; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -54,8 +54,8 @@ public class eIDASAttrNaturalPersonalIdentifier implements IeIDASAttribute{ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator) */ @Override - public ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator g) - throws AttributeException { + public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) + throws AttributeBuilderException { String personalID = authData.getBPK(); //generate eIDAS conform 'PersonalIdentifier' attribute @@ -64,7 +64,7 @@ public class eIDASAttrNaturalPersonalIdentifier implements IeIDASAttribute{ if (MiscUtil.isEmpty(authData.getBPKType()) || !authData.getBPKType().startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); - throw new AttributeException("Suspect bPKType for eIDAS identifier generation"); + throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation"); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java index 692896842..6c65872e4 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java @@ -22,11 +22,12 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -37,24 +38,27 @@ import at.gv.egovernment.moa.util.MiscUtil; public class eIDASAttrRepresentativeLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute { @Override - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { - if(authData.isUseMandate()) { - - //extract eIDAS unique Id prefix from naturalPerson bPK identifier - if (MiscUtil.isEmpty(authData.getBPKType()) - || !authData.getBPKType().startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { - Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); - throw new AttributeException("Suspect bPKType for eIDAS identifier generation"); + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + + if (authData instanceof IMOAAuthData) { + if(((IMOAAuthData)authData).isUseMandate()) { + + //extract eIDAS unique Id prefix from naturalPerson bPK identifier + if (MiscUtil.isEmpty(authData.getBPKType()) + || !authData.getBPKType().startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { + Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); + throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation"); + + } + + //add eIDAS eID prefix to legal person identifier + String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1); + String legalPersonID = prefix.replaceAll("\\+", "/") + "/" + getLegalPersonIdentifierFromMandate(((IMOAAuthData)authData)); + return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_LEG_PER_SOURCE_PIN_NAME, legalPersonID); - } - - //add eIDAS eID prefix to legal person identifier - String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1); - String legalPersonID = prefix.replaceAll("\\+", "/") + "/" + getLegalPersonIdentifierFromMandate(authData); - return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, - MANDATE_LEG_PER_SOURCE_PIN_NAME, legalPersonID); - + } } return null; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java index 98915a562..6c3bfc569 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java @@ -24,16 +24,16 @@ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; import java.security.MessageDigest; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils; import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.data.Trible; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -56,8 +56,8 @@ public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNat * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator) */ @Override - public ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator g) - throws AttributeException { + public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) + throws AttributeBuilderException { try { Pair calcResult = internalBPKGenerator(oaParam, authData); @@ -71,7 +71,7 @@ public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNat if (MiscUtil.isEmpty(type) || !type.startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); - throw new AttributeException("Suspect bPKType for eIDAS identifier generation"); + throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation"); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java index 509d4b71a..82d0facd4 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java @@ -36,10 +36,10 @@ import org.springframework.stereotype.Service; import com.google.common.collect.ImmutableSet; -import at.gv.egiz.eaaf.core.api.IAction; import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; @@ -47,6 +47,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetada import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeBuilder; import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.logging.Logger; @@ -71,7 +72,7 @@ import eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils; */ @Service("eIDASAuthenticationRequest") -public class eIDASAuthenticationRequest implements IAction { +public class eIDASAuthenticationRequest implements IAction { @Autowired protected IRevisionLogger revisionsLogger; @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider; @@ -93,7 +94,8 @@ public class eIDASAuthenticationRequest implements IAction { ImmutableAttributeMap reqAttributeList = (ImmutableAttributeMap) eidasRequest.getEidasRequestedAttributes(); //add mandate attr. to requested attributes of eMandates are used an no mandate attr. are requested - if (authData.isUseMandate()) { + if (authData instanceof IMOAAuthData + && ((IMOAAuthData)authData).isUseMandate()) { Logger.trace("eMandates are used. Starting eIDAS requsted attr. update process ...."); Builder reqAttrWithMandates = ImmutableAttributeMap.builder(reqAttributeList); @@ -154,7 +156,7 @@ public class eIDASAuthenticationRequest implements IAction { //add attributes responseBuilder.attributes(eIDASAttrbutMap); - //set success statuscode + //set success statuscode responseBuilder.statusCode(StatusCode.SUCCESS_URI); //build response @@ -246,7 +248,7 @@ public class eIDASAuthenticationRequest implements IAction { private void buildAndAddAttribute(ImmutableAttributeMap.Builder attrMapBuilder, AttributeDefinition attr, IRequest req, IAuthData authData) throws MOAIDException { Pair, ImmutableSet>> eIDASAttr = eIDASAttributeBuilder.buildAttribute( - attr, req.getOnlineApplicationConfiguration(), authData); + attr, req.getServiceProviderConfiguration(), authData); if(eIDASAttr == null) { if (attr.isRequired()) { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java index 48b438b09..24d24db2c 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java @@ -26,6 +26,7 @@ import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.data.Trible; import at.gv.egovernment.moa.logging.Logger; @@ -46,7 +47,7 @@ public class eIDASResponseValidator { * validate received LoA against minimum required LoA | *_____________________________________________________| */ - LevelOfAssurance reqLoA = LevelOfAssurance.fromString(pendingReq.getOnlineApplicationConfiguration().getQaaLevel()); + LevelOfAssurance reqLoA = LevelOfAssurance.fromString(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getQaaLevel()); LevelOfAssurance respLoA = LevelOfAssurance.fromString(samlResp.getLevelOfAssurance()); if (respLoA.numericValue() < reqLoA.numericValue()) { Logger.error("eIDAS Response LevelOfAssurance is lower than the required! " -- cgit v1.2.3