From 18e5a374e82b7243a50d371d1a77032db37897d1 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 16 Dec 2015 08:08:49 +0100
Subject: add basic authentication modul implementation and eIDAS protocol
 endpoints

---
 .../eidas/eIDASAuthenticationModulImpl.java        | 60 ++++++++++++++++++++
 .../id/auth/modules/eidas/eIDASSignalServlet.java  | 66 ++++++++++++++++++++++
 2 files changed, 126 insertions(+)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
new file mode 100644
index 000000000..5ad13970e
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+import at.gv.egovernment.moa.id.auth.modules.AuthModule;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASAuthenticationModulImpl implements AuthModule {
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
+	 */
+	@Override
+	public int getPriority() {
+		// TODO Auto-generated method stub
+		return 0;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
+	 */
+	@Override
+	public String selectProcess(ExecutionContext context) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
+	 */
+	@Override
+	public String[] getProcessDefinitions() {
+		return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthentication.process.xml" };
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
new file mode 100644
index 000000000..0c31a87a4
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@WebServlet(urlPatterns = { "/eidas/post",  "/eidas/redirect"}, loadOnStartup = 1)
+public class eIDASSignalServlet extends ProcessEngineSignalServlet {
+
+	private static final long serialVersionUID = 8215688005533754459L;
+
+	public eIDASSignalServlet() {
+		super();
+		Logger.debug("Registering servlet " + getClass().getName() + 
+				" with mappings '/eidas/post' and '/eidas/redirect'.");
+		
+	}
+	
+	
+	@Override
+	/**
+	 * Protocol specific implementation to get the sessionID 
+	 * from http request object
+	 * 
+	 * @param request The http Servlet-Request object
+	 * @return The SessionId 
+	 * 
+	 */
+	public String getMoaSessionId(HttpServletRequest request) {
+		//TODO: implement eIDAs specific session synchronization
+		
+		return StringEscapeUtils.escapeHtml(request.getParameter(MOAIDAuthConstants.PARAM_SESSIONID));
+	}
+	
+}
-- 
cgit v1.2.3


From 3314af0442eba4bce469b21585a75c1a327f53b5 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 18 Dec 2015 13:00:30 +0100
Subject: add first untested parts for eIDAS SAML-engine configuration

---
 .../moa/id/auth/modules/eidas/Constants.java       |  56 +++++
 .../MOAIDCertificateManagerConfigurationImpl.java  | 118 +++++++++
 .../MOAeIDASSAMLEngineConfigurationImpl.java       | 265 +++++++++++++++++++++
 .../MOAeIDASSAMLInstanceConfigurationImpl.java     |  60 +++++
 .../eidas/eIDASAuthenticationModulImpl.java        |  28 ++-
 .../EIDASEngineConfigurationException.java         |  60 +++++
 .../eidas/exceptions/EIDASEngineException.java     |  45 ++++
 .../eidas/tasks/GenerateAuthnRequestTask.java      |  98 ++++++++
 .../auth/modules/eidas/utils/SAMLEngineUtils.java  |  78 ++++++
 9 files changed, 800 insertions(+), 8 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
new file mode 100644
index 000000000..14fde95a0
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+/**
+ * @author tlenz
+ *
+ */
+public class Constants {
+
+	public static final String eIDAS_SAML_ENGINE_NAME = "MOA_eIDASEninge";
+		
+	//default keys for eIDAS SAML-engine configuration
+	public static final String eIDAS_SAML_ENGINE_NAME_ID_BASICCONFIG = "SamlEngineConf";
+	public static final String eIDAS_SAML_ENGINE_NAME_ID_SIGNATURECONFIG = "SignatureConf";
+	public static final String eIDAS_SAML_ENGINE_NAME_ID_ENCRYPTIONCONFIG = "EncryptionConf";
+	public static final String eIDAS_SAML_ENGINE_NAME_ID_CLASS = "class";
+	
+	//default implementations for eIDAS SAML-engine functionality
+	public static final String SAML_SIGNING_IMPLENTATION = "eu.eidas.auth.engine.core.impl.SignSW";
+	public static final String SAML_ENCRYPTION_IMPLENTATION = "eu.eidas.auth.engine.core.impl.EncryptionSW";
+	
+	//configuration property keys
+	public static final String CONIG_PROPS_EIDAS_PREFIX="moa.id.protocols.eIDAS";
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE="samlengine";
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX=CONIG_PROPS_EIDAS_PREFIX + "." + CONIG_PROPS_EIDAS_SAMLENGINE;
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_BASIC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + ".config.file";
+	
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_SIGN="sign";
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT="enc";
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_SIGN_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + "." 
+			+ CONIG_PROPS_EIDAS_SAMLENGINE_SIGN + ".config.file";
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_ENC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + "." 
+			+ CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT + ".config.file";
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java
new file mode 100644
index 000000000..9b634ff4d
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java
@@ -0,0 +1,118 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.config;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+import eu.eidas.config.ConfigurationException;
+import eu.eidas.samlengineconfig.AbstractCertificateConfigurationManager;
+import eu.eidas.samlengineconfig.EngineInstance;
+import eu.eidas.samlengineconfig.SamlEngineConfiguration;
+import eu.eidas.samlengineconfig.impl.SamlEngineConfigurationImpl;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAIDCertificateManagerConfigurationImpl extends
+		AbstractCertificateConfigurationManager {
+
+    private SamlEngineConfiguration samlEngineConfiguration =null;
+	
+    @Override
+	public boolean isActive() {
+		return true;
+	}
+    
+    /**
+	 * 
+	 */
+	public MOAIDCertificateManagerConfigurationImpl() {
+		try {
+			initalizeConfiguration();
+			
+		} catch (at.gv.egovernment.moa.id.config.ConfigurationException e) {
+			Logger.error("eIDAS SAML-engine initialization FAILED", e);
+			
+		}
+	}
+    
+	
+	/* (non-Javadoc)
+	 * @see eu.eidas.samlengineconfig.CertificateConfigurationManager#addConfiguration(java.lang.String, java.lang.String, java.util.Map, boolean)
+	 */
+	@Override
+	public void addConfiguration(String paramString1, String paramString2,
+			Map<String, String> paramMap, boolean paramBoolean) {
+		throw new ConfigurationException("","not yet implemented");
+
+	}
+
+	/* (non-Javadoc)
+	 * @see eu.eidas.samlengineconfig.CertificateConfigurationManager#getInstance(java.lang.String)
+	 */
+	@Override
+	public EngineInstance getInstance(String paramString) {
+		return getConfiguration().get(paramString);
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see eu.eidas.samlengineconfig.CertificateConfigurationManager#getConfiguration()
+	 */
+	@Override
+	public Map<String, EngineInstance> getConfiguration() {
+		if(samlEngineConfiguration == null){
+			try {
+				initalizeConfiguration();
+				
+			} catch (at.gv.egovernment.moa.id.config.ConfigurationException e) {
+				Logger.error("eIDAS SAML-engine initialization FAILED", e);
+				
+			}
+			
+		}
+		
+		return samlEngineConfiguration==null?new HashMap<String, EngineInstance>():((MOAeIDASSAMLEngineConfigurationImpl) samlEngineConfiguration).getInstanceMap();
+		
+	}
+	
+	
+	/**
+	 * Initialize eIDAS SAML-engine from MOA-ID configuration
+	 * @throws at.gv.egovernment.moa.id.config.ConfigurationException 
+	 * 
+	 */
+	private void initalizeConfiguration() throws at.gv.egovernment.moa.id.config.ConfigurationException {
+		//initialize configuration
+		MOAeIDASSAMLEngineConfigurationImpl tmp = new MOAeIDASSAMLEngineConfigurationImpl();
+		tmp.initialize();
+				
+		//set initialized configuration
+		samlEngineConfiguration = tmp;
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
new file mode 100644
index 000000000..28bd2fc04
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
@@ -0,0 +1,265 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.config;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URISyntaxException;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+import eu.eidas.samlengineconfig.BinaryParameter;
+import eu.eidas.samlengineconfig.ConfigurationParameter;
+import eu.eidas.samlengineconfig.EngineInstance;
+import eu.eidas.samlengineconfig.InstanceConfiguration;
+import eu.eidas.samlengineconfig.PropsParameter;
+import eu.eidas.samlengineconfig.SamlEngineConfiguration;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAeIDASSAMLEngineConfigurationImpl extends
+		SamlEngineConfiguration {
+	
+    private static final String KEYSTORE_PATH="keystorePath";
+    private static final String METADATA_KEYSTORE_PATH="metadata.keystorePath";
+    private static final String ENCRYPTION_ACTIVATION="encryptionActivation";
+    private static final String[] BINARY_PARAMETERS={KEYSTORE_PATH, ENCRYPTION_ACTIVATION,METADATA_KEYSTORE_PATH};
+		
+    public List<EngineInstance> getInstances(){
+        return super.getInstances();
+    }
+	
+    @Override
+    public void setInstances(List<EngineInstance> engineInstances) {
+        super.setInstances(engineInstances);
+        
+    }
+    
+    public Map<String, EngineInstance> getInstanceMap() {
+        Map<String, EngineInstance> result = new HashMap<String, EngineInstance>();
+        for(EngineInstance instance:getInstances()) {
+        	
+            result.put(instance.getName(), instance);
+        }
+        
+        return result;
+    }
+    
+    //initialize
+    public void initialize() throws ConfigurationException { 
+    	//create an eIDAS SAML-engine instance
+    	EngineInstance engineInst = new EngineInstance();
+    	engineInst.setName(Constants.eIDAS_SAML_ENGINE_NAME);    	    	
+    	List<InstanceConfiguration> engineConfigs = new ArrayList<InstanceConfiguration>();
+		engineInst.setConfigurations(engineConfigs);
+    	
+		//add configurations
+		
+		//add basic eIDAS SAML-engine configuration
+		MOAeIDASSAMLInstanceConfigurationImpl samlBaseConfig = new MOAeIDASSAMLInstanceConfigurationImpl();
+		samlBaseConfig.setName(Constants.eIDAS_SAML_ENGINE_NAME_ID_BASICCONFIG);				
+		samlBaseConfig.addParameter(loadConfigurationFromExternalFile(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_BASIC_CONFIGFILE));
+		engineConfigs.add(samlBaseConfig);
+				
+		//add signing eIDAS SAML-engine configuration
+		MOAeIDASSAMLInstanceConfigurationImpl samlSignConfig = new MOAeIDASSAMLInstanceConfigurationImpl();
+		samlSignConfig.setName(Constants.eIDAS_SAML_ENGINE_NAME_ID_SIGNATURECONFIG);		
+		samlSignConfig.addParameter(Constants.eIDAS_SAML_ENGINE_NAME_ID_CLASS, 
+				Constants.SAML_SIGNING_IMPLENTATION);
+		
+		//TODO: load signing keys directly from MOA-ID configuration in finale version
+		samlBaseConfig.addParameter(loadConfigurationFromExternalFile(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_SIGN_CONFIGFILE));
+		engineConfigs.add(samlSignConfig);
+		
+		//add encryption eIDAS SAML-engine configuration
+		MOAeIDASSAMLInstanceConfigurationImpl samlEncConfig = new MOAeIDASSAMLInstanceConfigurationImpl();
+		samlEncConfig.setName(Constants.eIDAS_SAML_ENGINE_NAME_ID_ENCRYPTIONCONFIG);		
+
+		//TODO: load encryption keys directly from MOA-ID configuration in finale version
+		samlBaseConfig.addParameter(loadConfigurationFromExternalFile(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_ENC_CONFIGFILE));
+		engineConfigs.add(samlEncConfig);
+		
+		super.addInstance(engineInst);
+		
+    }
+    
+    /**
+     *	Load an external eIDAS SAML-engine configuration file, which is referenced from MOA-ID configuration
+     * 
+     * @param key Configuration key, which is used in property based MOA-ID configuration file
+     * @return eIDAS SAML-engine configuration object
+     * @throws ConfigurationException
+     */
+        
+    private ConfigurationParameter loadConfigurationFromExternalFile(String key) throws ConfigurationException {
+		String configFile = 
+				AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration(key);
+		if (MiscUtil.isEmpty(configFile)) {
+			Logger.warn("No eIDAS SAML-engine configuration key: " 
+					+ key + " found in MOA-ID properties configuration file.");
+			//throw new EIDASEngineConfigurationException("No eIDAS SAML-engine configuration property.", null);
+			return null;
+		}
+		
+		Properties inputProps = loadPropsFromXml(configFile);    	
+		return buildPropsParameter(inputProps, configFile);
+    	
+    }
+    
+    
+    private PropsParameter buildPropsParameter(Properties inputProps, String fileName) throws EIDASEngineConfigurationException {
+    	PropsParameter outputProps = new PropsParameter();
+    	outputProps.setFileName(fileName);
+    	
+    	//original eIDAS SAML-engine use this identifier
+    	outputProps.setName("fileConfiguration");
+    	
+    	outputProps.setValue(inputProps);
+
+    	//post-process special parameters
+    	for(String key:BINARY_PARAMETERS) {
+            Object keystorePath = inputProps.get(key);
+            if (keystorePath != null) {
+            	if (keystorePath instanceof String && 
+            			isBinaryParameter((String)keystorePath) ) {
+            		BinaryParameter bp = new BinaryParameter();
+            		bp.setValue(loadBinaryFile(keystorePath.toString()));
+            		bp.setName(key);
+            		bp.setUrl(keystorePath.toString());
+            		inputProps.put(key, bp);
+                
+            	} else {
+            		Logger.warn("eIDAS SAML-engine keyStore parameter has an unsuspected type. +" +
+            				"(Type: " + keystorePath.toString() + ")");
+            	
+            	}
+            }
+        }
+    	
+    	return outputProps;
+    }
+    
+    private boolean isBinaryParameter(String parameter) {
+    	if (MiscUtil.isNotEmpty(parameter)) {
+    		String absoluteConfigFile;
+			try {
+				absoluteConfigFile = FileUtils.makeAbsoluteURL(
+						parameter,
+						AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir());
+				File file = new File(new URL(absoluteConfigFile).toURI());
+	    		return file.exists();
+	    		
+			} catch (ConfigurationException | MalformedURLException | URISyntaxException e) {
+				Logger.warn("Binary eIDAS SAML-engine configuration parameter: " 
+						+ parameter + " is not loadable.");
+				
+			}
+     		
+    	}
+    	
+    	return false;
+        
+    }
+    
+    private byte[] loadBinaryFile(String fileName) throws EIDASEngineConfigurationException{
+    	InputStream is = null;
+    	byte data[]=null;
+    	try {
+    		String absoluteConfigFile = FileUtils.makeAbsoluteURL(
+    				fileName,
+    				AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir());
+    		
+    		File file = new File(new URL(absoluteConfigFile).toURI());
+    		is = new FileInputStream(file);
+    		data=new byte[is.available()];
+            is.read(data);
+    		
+    	} catch (ConfigurationException | URISyntaxException | IOException e) {
+    		throw new EIDASEngineConfigurationException("eIDAS SAML-engine configuration FAILED", null, e);
+    				
+    	} finally {
+    		if (is != null)
+				try {
+					is.close();
+					
+				} catch (IOException e) {
+					Logger.warn("eIDAS SAML-engine configuration is not closeable.", e);
+					
+				}
+    		
+    	}
+    	
+    	return data;
+        
+    }
+    
+    private Properties loadPropsFromXml(String configFile) throws EIDASEngineConfigurationException {
+    	Properties props = new Properties();
+    	InputStream is = null;
+    	try {
+    		String absoluteConfigFile = FileUtils.makeAbsoluteURL(
+    				configFile,
+    				AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir());
+    		
+    		File file = new File(new URL(absoluteConfigFile).toURI());
+    		is = new FileInputStream(file);
+    		props.loadFromXML(is);
+    		
+    	} catch (ConfigurationException | URISyntaxException | IOException e) {
+    		throw new EIDASEngineConfigurationException("eIDAS SAML-engine configuration FAILED", null, e);
+    				
+    	} finally {
+    		if (is != null)
+				try {
+					is.close();
+					
+				} catch (IOException e) {
+					Logger.warn("eIDAS SAML-engine configuration is not closeable.", e);
+					
+				}
+    		
+    	}
+    	
+    	return props;
+    	    	
+    }
+    
+    
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
new file mode 100644
index 000000000..dccd39905
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.config;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import eu.eidas.samlengineconfig.ConfigurationParameter;
+import eu.eidas.samlengineconfig.InstanceConfiguration;
+import eu.eidas.samlengineconfig.StringParameter;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAeIDASSAMLInstanceConfigurationImpl extends
+		InstanceConfiguration {
+
+	public void addParameter(ConfigurationParameter param) {
+		if (param != null) {
+			List<ConfigurationParameter> paramList = super.getParameters();
+			if (paramList == null) {
+				paramList = new ArrayList<ConfigurationParameter>();
+				super.setParameters(paramList);
+			
+			}
+		
+			paramList.add(param);
+		}		
+	}
+	
+	public void addParameter(String key, String value) {
+		StringParameter param = new StringParameter();
+		param.setName(key);
+		param.setValue(value);		
+		addParameter(param);
+		
+	}
+		
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
index 5ad13970e..7b044522c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
@@ -22,6 +22,8 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas;
 
+import org.apache.commons.lang3.StringUtils;
+
 import at.gv.egovernment.moa.id.auth.modules.AuthModule;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 
@@ -31,13 +33,19 @@ import at.gv.egovernment.moa.id.process.api.ExecutionContext;
  */
 public class eIDASAuthenticationModulImpl implements AuthModule {
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
-	 */
+	private int priority = 1;
+
 	@Override
 	public int getPriority() {
-		// TODO Auto-generated method stub
-		return 0;
+		return priority;
+	}
+
+	/**
+	 * Sets the priority of this module. Default value is {@code 0}.
+	 * @param priority The priority.
+	 */
+	public void setPriority(int priority) {
+		this.priority = priority;
 	}
 
 	/* (non-Javadoc)
@@ -45,8 +53,12 @@ public class eIDASAuthenticationModulImpl implements AuthModule {
 	 */
 	@Override
 	public String selectProcess(ExecutionContext context) {
-		// TODO Auto-generated method stub
-		return null;
+		if (StringUtils.isNotBlank((String) context.get("ccc")) || 
+				StringUtils.isNotBlank((String) context.get("CCC"))) 
+			return "eIDASAuthentication";
+		else
+			return null;
+		
 	}
 
 	/* (non-Javadoc)
@@ -54,7 +66,7 @@ public class eIDASAuthenticationModulImpl implements AuthModule {
 	 */
 	@Override
 	public String[] getProcessDefinitions() {
-		return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthentication.process.xml" };
+		return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml" };
 	}
 
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java
new file mode 100644
index 000000000..98bc559d2
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EIDASEngineConfigurationException extends ConfigurationException {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1L;
+	
+	/**
+	 * @param messageId
+	 * @param parameters
+	 * @param wrapped
+	 */
+	public EIDASEngineConfigurationException(String messageId,
+			Object[] parameters, Throwable wrapped) {
+		super(messageId, parameters, wrapped);
+	}
+
+	/**
+	 * @param string
+	 * @param object
+	 */
+	public EIDASEngineConfigurationException(String string, Object[] object) {
+		super(string, object);
+	}
+
+
+
+	
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
new file mode 100644
index 000000000..95690bbeb
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+
+/**
+ * @author tlenz
+ *
+ */
+public class EIDASEngineException extends Exception {
+
+	/**
+	 * @param string
+	 * @param e
+	 */
+	public EIDASEngineException(String string, Throwable e) {
+		super(string, e);
+	}
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1559812927427153879L;
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
new file mode 100644
index 000000000..0d9816f65
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import eu.eidas.auth.commons.EIDASAuthnRequest;
+import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.commons.IPersonalAttributeList;
+import eu.eidas.auth.commons.PersonalAttribute;
+import eu.eidas.auth.commons.PersonalAttributeList;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
+
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext,
+			HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+		
+		
+		
+		IPersonalAttributeList pAttList = new PersonalAttributeList();
+		
+		//create template requested attribute
+		//TODO: load required attributes from OA configuration
+		PersonalAttribute attr = new PersonalAttribute();
+		
+		pAttList.add(attr);
+		
+		
+		
+		
+		//build eIDAS AuthnRequest
+		EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
+		
+		
+		try{
+			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+            engine.initRequestedAttributes(pAttList);
+			authnRequest = engine.generateEIDASAuthnRequest(authnRequest);
+			
+		}catch (EIDASSAMLEngineException e){
+			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
+			throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", 
+					new EIDASEngineException("Could not generate token for Saml Request", e));
+			
+		} catch (EIDASEngineException e) {
+			throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", e);
+			
+		}	
+
+		//encode AuthnRequest
+		byte[] token = authnRequest.getTokenSaml();		
+		String SAMLRequest = EIDASUtil.encodeSAMLToken(token);
+		
+		
+		//send
+
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
new file mode 100644
index 000000000..0d6a49a47
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
+import eu.eidas.samlengineconfig.CertificateConfigurationManager;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SAMLEngineUtils {
+
+	public static EIDASSAMLEngine createSAMLEngine() throws EIDASEngineException{
+		
+		try {
+			//get eIDAS SAMLengine configuration from MOA-ID configuration
+			CertificateConfigurationManager configManager = new MOAIDCertificateManagerConfigurationImpl();
+			
+			//initial eIDAS SAMLengine
+			EIDASSAMLEngine engine = EIDASSAMLEngine.createSAMLEngine(Constants.eIDAS_SAML_ENGINE_NAME,
+						configManager);
+
+			//set Metadata managment to eIDAS SAMLengine
+			//TODO: implement Metadata processor
+			engine.setMetadataProcessor(null);
+			
+			return engine;
+			
+		} catch (EIDASSAMLEngineException e) {
+			Logger.error("eIDAS SAMLengine initialization FAILED!", e);
+			throw new EIDASEngineException("eIDAS SAMLengine initialization FAILED!", e);
+			
+		}
+								
+	}
+	
+	public static void main(String[] args) {
+		try {
+			EIDASSAMLEngine test = createSAMLEngine();
+			
+			
+		} catch (EIDASEngineException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+			
+		}
+		
+		System.out.println("Success");
+		
+	}
+	
+}
-- 
cgit v1.2.3


From 5df604a0ae5f1433c37759d4f7ebaa7d4f8af8d6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Sun, 20 Dec 2015 21:19:57 +0100
Subject: Fix problems with MOA-ID eIDAS SAML-engine configuration

---
 .../gv/egovernment/moa/id/auth/modules/eidas/Constants.java   |  3 ++-
 .../eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java     | 11 +++++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 14fde95a0..3f94ca5e5 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -28,7 +28,8 @@ package at.gv.egovernment.moa.id.auth.modules.eidas;
  */
 public class Constants {
 
-	public static final String eIDAS_SAML_ENGINE_NAME = "MOA_eIDASEninge";
+	//public static final String eIDAS_SAML_ENGINE_NAME = "MOA_eIDASEninge";
+	public static final String eIDAS_SAML_ENGINE_NAME = "default";
 		
 	//default keys for eIDAS SAML-engine configuration
 	public static final String eIDAS_SAML_ENGINE_NAME_ID_BASICCONFIG = "SamlEngineConf";
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
index 28bd2fc04..584910ea5 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
@@ -88,7 +88,7 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends
     	EngineInstance engineInst = new EngineInstance();
     	engineInst.setName(Constants.eIDAS_SAML_ENGINE_NAME);    	    	
     	List<InstanceConfiguration> engineConfigs = new ArrayList<InstanceConfiguration>();
-		engineInst.setConfigurations(engineConfigs);
+		
     	
 		//add configurations
 		
@@ -105,17 +105,20 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends
 				Constants.SAML_SIGNING_IMPLENTATION);
 		
 		//TODO: load signing keys directly from MOA-ID configuration in finale version
-		samlBaseConfig.addParameter(loadConfigurationFromExternalFile(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_SIGN_CONFIGFILE));
+		samlSignConfig.addParameter(loadConfigurationFromExternalFile(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_SIGN_CONFIGFILE));
 		engineConfigs.add(samlSignConfig);
 		
 		//add encryption eIDAS SAML-engine configuration
 		MOAeIDASSAMLInstanceConfigurationImpl samlEncConfig = new MOAeIDASSAMLInstanceConfigurationImpl();
-		samlEncConfig.setName(Constants.eIDAS_SAML_ENGINE_NAME_ID_ENCRYPTIONCONFIG);		
+		samlEncConfig.setName(Constants.eIDAS_SAML_ENGINE_NAME_ID_ENCRYPTIONCONFIG);
+		samlEncConfig.addParameter(Constants.eIDAS_SAML_ENGINE_NAME_ID_CLASS, 
+				Constants.SAML_ENCRYPTION_IMPLENTATION);
 
 		//TODO: load encryption keys directly from MOA-ID configuration in finale version
-		samlBaseConfig.addParameter(loadConfigurationFromExternalFile(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_ENC_CONFIGFILE));
+		samlEncConfig.addParameter(loadConfigurationFromExternalFile(Constants.CONIG_PROPS_EIDAS_SAMLENGINE_ENC_CONFIGFILE));
 		engineConfigs.add(samlEncConfig);
 		
+		engineInst.setConfigurations(engineConfigs);  
 		super.addInstance(engineInst);
 		
     }
-- 
cgit v1.2.3


From bd13b36516fc5a57409348fba2d266c8fa8d8f99 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Sun, 20 Dec 2015 22:06:37 +0100
Subject: add very simple metadata processor without signature validation

---
 .../engine/MOAeIDASSimpleMetadataProvider.java     | 50 ++++++++++++++++++++++
 .../auth/modules/eidas/utils/SAMLEngineUtils.java  | 20 ++-------
 2 files changed, 53 insertions(+), 17 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java
new file mode 100644
index 000000000..2aec81db5
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java
@@ -0,0 +1,50 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
+
+import java.security.KeyStore;
+
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+
+import at.gv.egovernment.moa.logging.Logger;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.metadata.SimpleMetadataProcessor;
+import eu.eidas.engine.exceptions.SAMLEngineException;
+
+public class MOAeIDASSimpleMetadataProvider extends SimpleMetadataProcessor {
+
+	@Override
+	public EntityDescriptor getEntityDescriptor(String url) {
+        EntityDescriptor entityDescriptor=getEntityDescriptorHelper(url);
+        
+        if(Logger.isDebugEnabled()){
+            Logger.debug("got entityDescriptor: " + entityDescriptor);
+        }
+        return entityDescriptor;
+	}
+
+	@Override
+	public SPSSODescriptor getSPSSODescriptor(String url) throws SAMLEngineException {
+		return getFirstRoleDescriptor(getEntityDescriptor(url), SPSSODescriptor.class);
+		
+	}
+
+	@Override
+	public IDPSSODescriptor getIDPSSODescriptor(String url) throws SAMLEngineException {
+		return getFirstRoleDescriptor(getEntityDescriptor(url), IDPSSODescriptor.class);
+		
+	}
+
+    @Override
+    public void checkValidMetadataSignature(String url, EIDASSAMLEngine engine) throws SAMLEngineException {
+        //TODO: implement Metadata signature validation
+        Logger.warn("MetadataProcessor in demo SP does not actually check the signature of metadata");
+   
+    }
+    @Override
+    public void checkValidMetadataSignature(String url, KeyStore store) throws SAMLEngineException {
+        //not implemented
+    	
+    }
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 0d6a49a47..2c2435ff6 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
 
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASSimpleMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
@@ -47,8 +48,8 @@ public class SAMLEngineUtils {
 						configManager);
 
 			//set Metadata managment to eIDAS SAMLengine
-			//TODO: implement Metadata processor
-			engine.setMetadataProcessor(null);
+			//TODO: implement final Metadata processor (this is only a first solution!!!)
+			engine.setMetadataProcessor(new MOAeIDASSimpleMetadataProvider());
 			
 			return engine;
 			
@@ -60,19 +61,4 @@ public class SAMLEngineUtils {
 								
 	}
 	
-	public static void main(String[] args) {
-		try {
-			EIDASSAMLEngine test = createSAMLEngine();
-			
-			
-		} catch (EIDASEngineException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-			
-		}
-		
-		System.out.println("Success");
-		
-	}
-	
 }
-- 
cgit v1.2.3


From 8438e00eb12f34b2b5da0b8c07f39eaa49e96e37 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Sun, 20 Dec 2015 22:07:54 +0100
Subject: load service-provider configuration and moa-session object in eIDAS
 create-AuthnRequest task

---
 .../eidas/tasks/GenerateAuthnRequestTask.java      | 69 ++++++++++++++--------
 1 file changed, 44 insertions(+), 25 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 0d9816f65..6483656ec 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -32,12 +32,19 @@ import eu.eidas.auth.commons.PersonalAttribute;
 import eu.eidas.auth.commons.PersonalAttributeList;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
 import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
-
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -54,45 +61,57 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			HttpServletRequest request, HttpServletResponse response)
 			throws TaskExecutionException {
 		
+		try{
+			String moasessionid = (String) executionContext.get(MOAIDAuthConstants.PARAM_SESSIONID);	    	
+			String pendingRequestID = (String) executionContext.get("pendingRequestID");
+
+			//load pending request
+			IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);				
+			if (pendingReq == null) {
+				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
+				throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
+			
+			}
+    	
+			//load MOASession object and OA-configuration
+			AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+			IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
+			
+			
+			//build eIDAS AuthnRequest
+			EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
+			IPersonalAttributeList pAttList = new PersonalAttributeList();
+			
+			//create template requested attribute
+			//TODO: load required attributes from OA configuration
+			PersonalAttribute attr = new PersonalAttribute();
 		
+			pAttList.add(attr);
+			
 		
-		IPersonalAttributeList pAttList = new PersonalAttributeList();
-		
-		//create template requested attribute
-		//TODO: load required attributes from OA configuration
-		PersonalAttribute attr = new PersonalAttribute();
-		
-		pAttList.add(attr);
-		
-		
-		
-		
-		//build eIDAS AuthnRequest
-		EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
-		
-		
-		try{
+			
 			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
             engine.initRequestedAttributes(pAttList);
 			authnRequest = engine.generateEIDASAuthnRequest(authnRequest);
 			
+			//encode AuthnRequest
+			byte[] token = authnRequest.getTokenSaml();		
+			String SAMLRequest = EIDASUtil.encodeSAMLToken(token);
+			
+			
+			//send
+			
+			
 		}catch (EIDASSAMLEngineException e){
 			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
 			throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", 
 					new EIDASEngineException("Could not generate token for Saml Request", e));
 			
-		} catch (EIDASEngineException e) {
+		} catch (EIDASEngineException | MOAIDException | MOADatabaseException e) {
 			throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", e);
 			
 		}	
 
-		//encode AuthnRequest
-		byte[] token = authnRequest.getTokenSaml();		
-		String SAMLRequest = EIDASUtil.encodeSAMLToken(token);
-		
-		
-		//send
-
 	}
 
 }
-- 
cgit v1.2.3


From 819cd7dddb38811ea869321d951e8a9ace36440b Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Mon, 4 Jan 2016 15:45:16 +0100
Subject: send a saml assertion to the demo node

---
 .../eidas/tasks/GenerateAuthnRequestTask.java      | 70 ++++++++++++++++++----
 .../eidas/tasks/ReceiveAuthnResponseTask.java      | 18 ++++++
 2 files changed, 76 insertions(+), 12 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 6483656ec..159728e92 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -22,9 +22,17 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
+import java.io.IOException;
+import java.io.StringWriter;
+import java.security.Security;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+
 import eu.eidas.auth.commons.EIDASAuthnRequest;
 import eu.eidas.auth.commons.EIDASUtil;
 import eu.eidas.auth.commons.IPersonalAttributeList;
@@ -45,6 +53,7 @@ import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.RequestStorage;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -76,22 +85,29 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			//load MOASession object and OA-configuration
 			AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid);
 			IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
-			
-			
-			//build eIDAS AuthnRequest
-			EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
+
+			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+
 			IPersonalAttributeList pAttList = new PersonalAttributeList();
 			
 			//create template requested attribute
 			//TODO: load required attributes from OA configuration
 			PersonalAttribute attr = new PersonalAttribute();
-		
+			attr.setName("eidas/attributes/CurrentFamilyName");
+
 			pAttList.add(attr);
-			
-		
-			
-			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
-            engine.initRequestedAttributes(pAttList);
+
+			//build eIDAS AuthnRequest
+			EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
+			String assertionConsumerURL="https://demo.a-sit.at/EidasNode/ServiceProvider";
+			authnRequest.setAssertionConsumerServiceURL(assertionConsumerURL);
+			String providerName = "sp3fr-moa";
+			authnRequest.setProviderName(providerName);
+			int qaaLevel = 1;
+			authnRequest.setQaa(qaaLevel);
+			authnRequest.setPersonalAttributeList(pAttList);
+
+			engine.initRequestedAttributes(pAttList);
 			authnRequest = engine.generateEIDASAuthnRequest(authnRequest);
 			
 			//encode AuthnRequest
@@ -100,8 +116,38 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			
 			
 			//send
-			
-			
+	        try {
+	            VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+	            Template template = velocityEngine.getTemplate("/resources/templates/eidas_postbinding_template.vm");
+	            VelocityContext context = new VelocityContext();
+
+	            String actionType = "SAMLRequest";
+	            context.put(actionType, SAMLRequest);
+	            Logger.debug("Encoded " + actionType + " original: " + SAMLRequest);
+
+	            Logger.debug("Using assertion consumer url as action: " + assertionConsumerURL);
+	            context.put("action", assertionConsumerURL);
+
+	            Logger.debug("Starting template merge");
+	            StringWriter writer = new StringWriter();
+
+	            Logger.debug("Doing template merge");
+	            template.merge(context, writer);
+	            Logger.debug("Template merge done");
+
+	            Logger.debug("Sending html content: " + writer.getBuffer().toString());
+
+	            response.setContentType("text/html;charset=UTF-8");
+	            response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
+
+	        } catch (IOException e) {
+	            Logger.error("Velocity IO error: " + e.getMessage());
+	            throw new MOAIDException("stork.15", null); // TODO
+	        } catch (Exception e) {
+	            Logger.error("Velocity general error: " + e.getMessage());
+	            throw new MOAIDException("stork.15", null); // TODO
+	        }
+
 		}catch (EIDASSAMLEngineException e){
 			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
 			throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
new file mode 100644
index 000000000..8fdb40065
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -0,0 +1,18 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+
+public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException {
+
+			System.out.println(request.getContentLength());
+	}
+
+}
-- 
cgit v1.2.3


From 5371cce8ad520a49840c37cdf1d952c233f47320 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Tue, 5 Jan 2016 11:01:00 +0100
Subject: metadata delivery. draft but working.

---
 .../eidas/tasks/GenerateAuthnRequestTask.java      |  2 +
 .../modules/eidas/utils/EidasMetaDataServlet.java  | 89 ++++++++++++++++++++++
 2 files changed, 91 insertions(+)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 159728e92..c4f7bdae0 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -106,6 +106,8 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			int qaaLevel = 1;
 			authnRequest.setQaa(qaaLevel);
 			authnRequest.setPersonalAttributeList(pAttList);
+			String issuer = "http://localhost:12344/moa-id-auth/eidas/metadata";
+			authnRequest.setIssuer(issuer);
 
 			engine.initRequestedAttributes(pAttList);
 			authnRequest = engine.generateEIDASAuthnRequest(authnRequest);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
new file mode 100644
index 000000000..dd7671765
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
@@ -0,0 +1,89 @@
+/*******************************************************************************
+ *  Copyright 2015 e-SENS project
+ *
+ *  Licensed under the EUPL, Version 1.1 or - as soon they will be
+ *  approved by the European Commission - subsequent versions of
+ *  the EUPL (the "Licence");
+ *  You may not use this work except in compliance with the Licence.
+ *  You may obtain a copy of the Licence at: http://ec.europa.eu/idabc/eupl
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the Licence is distributed on an "AS IS" basis,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ *  implied.
+ *  See the Licence for the specific language governing permissions and
+ *  limitations under the Licence.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+import iaik.security.ecc.provider.ECCProvider;
+import iaik.security.provider.IAIK;
+
+import java.io.IOException;
+import java.security.Security;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.slf4j.Logger;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.metadata.MetadataConfigParams;
+import eu.eidas.auth.engine.metadata.MetadataGenerator;
+import eu.eidas.engine.exceptions.SAMLEngineException;
+
+
+/**
+ * First version to provide some valid metadata to an asking eIDaS node
+ */
+@WebServlet("/eidas/metadata")
+public class EidasMetaDataServlet extends HttpServlet {
+    private static final long serialVersionUID = -2129228304760706063L;
+    private Logger logger = org.slf4j.LoggerFactory.getLogger(EidasMetaDataServlet.class); 
+    /**
+     * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
+     *      response)
+     */
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        try {
+            logger.info("EidasMetaDataServlet GET");
+            
+            String metadata_url = "metadataurl";
+            String sp_return_url = "sp_return_url";
+            String metaData = generateMetadata(metadata_url, sp_return_url);
+
+            response.setContentType("text/html");
+            response.getWriter().print(metaData);
+            response.flushBuffer();
+        } catch (Exception e) {
+            e.printStackTrace();
+        } 
+    }
+
+    public String generateMetadata(String metadata_url, String sp_return_url) throws SAMLEngineException, EIDASEngineException{
+        String metadata="invalid metadata";
+        
+		// FIXME workaround!?
+		Security.removeProvider("IAIK");
+		Security.removeProvider("IAIK_ECC");
+
+		EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+
+		IAIK.addAsProvider();
+		ECCProvider.addAsProvider(true);
+        
+        MetadataGenerator generator = new MetadataGenerator();
+        MetadataConfigParams mcp=new MetadataConfigParams();
+        generator.setConfigParams(mcp);
+        generator.initialize(engine);
+        mcp.setEntityID(metadata_url);
+        generator.addSPRole(); // TODO addIDPRole();
+        String returnUrl = sp_return_url;
+        mcp.setAssertionConsumerUrl(returnUrl);
+        metadata = generator.generateMetadata();
+        return metadata;
+    }
+}
-- 
cgit v1.2.3


From f2cb73708f9bf18f0d71a950662e7701e33e0ee5 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Mon, 11 Jan 2016 08:59:01 +0100
Subject: fixing request (in progress)

---
 .../auth/modules/eidas/tasks/GenerateAuthnRequestTask.java  | 13 ++++++++++---
 .../id/auth/modules/eidas/utils/EidasMetaDataServlet.java   | 10 +++++++---
 2 files changed, 17 insertions(+), 6 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index c4f7bdae0..8b1dae22e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -35,6 +35,8 @@ import org.apache.velocity.app.VelocityEngine;
 
 import eu.eidas.auth.commons.EIDASAuthnRequest;
 import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.commons.EidasLoaCompareType;
+import eu.eidas.auth.commons.EidasLoaLevels;
 import eu.eidas.auth.commons.IPersonalAttributeList;
 import eu.eidas.auth.commons.PersonalAttribute;
 import eu.eidas.auth.commons.PersonalAttributeList;
@@ -99,15 +101,20 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 
 			//build eIDAS AuthnRequest
 			EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
-			String assertionConsumerURL="https://demo.a-sit.at/EidasNode/ServiceProvider";
+			String assertionConsumerURL="https://demo.a-sit.at/EidasNode/ColleagueRequest";
 			authnRequest.setAssertionConsumerServiceURL(assertionConsumerURL);
 			String providerName = "sp3fr-moa";
 			authnRequest.setProviderName(providerName);
-			int qaaLevel = 1;
-			authnRequest.setQaa(qaaLevel);
+//			int qaaLevel = 1;
+//			authnRequest.setQaa(qaaLevel); // not needed anymore. furthermore this may make the node think the request at hand is a stork request and we do not want that.
 			authnRequest.setPersonalAttributeList(pAttList);
 			String issuer = "http://localhost:12344/moa-id-auth/eidas/metadata";
 			authnRequest.setIssuer(issuer);
+			authnRequest.setDestination(assertionConsumerURL);
+			authnRequest.setEidasNameidFormat(EIDASAuthnRequest.NAMEID_FORMAT_UNSPECIFIED);
+			authnRequest.setEidasLoA(EidasLoaLevels.LOW.stringValue());
+			authnRequest.setEidasLoACompareType(EidasLoaCompareType.MINIMUM.stringValue());
+			authnRequest.setAlias(providerName);
 
 			engine.initRequestedAttributes(pAttList);
 			authnRequest = engine.generateEIDASAuthnRequest(authnRequest);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
index dd7671765..c8df9ca97 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
@@ -51,10 +51,12 @@ public class EidasMetaDataServlet extends HttpServlet {
         try {
             logger.info("EidasMetaDataServlet GET");
             
-            String metadata_url = "metadataurl";
-            String sp_return_url = "sp_return_url";
+            String metadata_url = "http://localhost:12344/moa-id-auth/eidas/metadata";
+            String sp_return_url = "http://localhost:12344/moa-id-auth/eidas/metadata";
             String metaData = generateMetadata(metadata_url, sp_return_url);
 
+            logger.debug(metaData);
+
             response.setContentType("text/html");
             response.getWriter().print(metaData);
             response.flushBuffer();
@@ -80,7 +82,9 @@ public class EidasMetaDataServlet extends HttpServlet {
         generator.setConfigParams(mcp);
         generator.initialize(engine);
         mcp.setEntityID(metadata_url);
-        generator.addSPRole(); // TODO addIDPRole();
+        mcp.setAssertionConsumerUrl(metadata);
+        generator.addSPRole();
+        generator.addIDPRole();
         String returnUrl = sp_return_url;
         mcp.setAssertionConsumerUrl(returnUrl);
         metadata = generator.generateMetadata();
-- 
cgit v1.2.3


From 1df90d0efe126150b5e1cfa245a5ad9280068243 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 12 Jan 2016 09:46:57 +0100
Subject: update eIDAS inbound process managment implementation

---
 .../moa/id/auth/modules/eidas/Constants.java       |  1 +
 .../id/auth/modules/eidas/eIDASSignalServlet.java  | 44 ++++++++++++-
 .../eidas/tasks/GenerateAuthnRequestTask.java      | 21 +++++-
 .../eidas/tasks/ReceiveAuthnResponseTask.java      | 74 +++++++++++++++++++++-
 4 files changed, 134 insertions(+), 6 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 3f94ca5e5..8e38facbf 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -54,4 +54,5 @@ public class Constants {
 	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_ENC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + "." 
 			+ CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT + ".config.file";
 	
+	public static final long CONFIG_PROPS_SKEWTIME = 2 * 60 * 1000;  //2 minutes skew time for response validation
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
index 0c31a87a4..556947572 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
@@ -22,14 +22,24 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas;
 
+import java.io.ByteArrayInputStream;
+
 import javax.servlet.annotation.WebServlet;
 import javax.servlet.http.HttpServletRequest;
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathExpression;
+import javax.xml.xpath.XPathFactory;
 
 import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.util.xml.SimpleNamespaceContext;
+import org.w3c.dom.Document;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
 
 /**
  * @author tlenz
@@ -58,9 +68,39 @@ public class eIDASSignalServlet extends ProcessEngineSignalServlet {
 	 * 
 	 */
 	public String getMoaSessionId(HttpServletRequest request) {
-		//TODO: implement eIDAs specific session synchronization
+		String sessionId = super.getMoaSessionId(request);
 		
-		return StringEscapeUtils.escapeHtml(request.getParameter(MOAIDAuthConstants.PARAM_SESSIONID));
+		try {
+
+			// use SAML2 relayState
+			if (sessionId == null) {
+				sessionId = StringEscapeUtils.escapeHtml(request.getParameter("RelayState"));
+			}
+
+			// take from InResponseTo attribute of SAMLResponse
+			if (sessionId == null) {
+				String base64SamlToken = request.getParameter("SAMLResponse");
+				if (base64SamlToken != null && false) {
+//					byte[] samlToken = Base64Utils.decode(base64SamlToken, false);
+//					Document samlResponse = parseDocument(new ByteArrayInputStream(samlToken));
+//
+//					XPath xPath = XPathFactory.newInstance().newXPath();
+//					SimpleNamespaceContext nsContext = new SimpleNamespaceContext();
+//					nsContext.bindNamespaceUri("saml2p", "urn:oasis:names:tc:SAML:2.0:protocol");
+//					xPath.setNamespaceContext(nsContext);
+//					XPathExpression expression = xPath.compile("string(/saml2p:Response/@InResponseTo)");
+//					sessionId = (String) expression.evaluate(samlResponse, XPathConstants.STRING);
+//					sessionId = StringEscapeUtils.escapeHtml(StringUtils.trimToNull(sessionId));
+				} else {
+					Logger.warn("No parameter 'SAMLResponse'. Unable to retrieve MOA session id.");
+				}
+			}
+
+		} catch (Exception e) {
+			Logger.warn("Unable to retrieve moa session id.", e);
+		}
+
+		return sessionId;
 	}
 	
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 8b1dae22e..9ae61edd9 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -96,19 +96,30 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			//TODO: load required attributes from OA configuration
 			PersonalAttribute attr = new PersonalAttribute();
 			attr.setName("eidas/attributes/CurrentFamilyName");
-
 			pAttList.add(attr);
 
+			PersonalAttribute attr1 = new PersonalAttribute();
+			attr1.setName("eidas/attributes/CurrentGivenName");
+			pAttList.add(attr1);
+			
+			PersonalAttribute attr2 = new PersonalAttribute();
+			attr2.setName("eidas/attributes/DateOfBirth");
+			pAttList.add(attr2);
+			
+			PersonalAttribute attr3 = new PersonalAttribute();
+			attr3.setName("eidas/attributes/PersonIdentifier");
+			pAttList.add(attr3);
+			
 			//build eIDAS AuthnRequest
 			EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
 			String assertionConsumerURL="https://demo.a-sit.at/EidasNode/ColleagueRequest";
-			authnRequest.setAssertionConsumerServiceURL(assertionConsumerURL);
+//			authnRequest.setAssertionConsumerServiceURL(assertionConsumerURL);
 			String providerName = "sp3fr-moa";
 			authnRequest.setProviderName(providerName);
 //			int qaaLevel = 1;
 //			authnRequest.setQaa(qaaLevel); // not needed anymore. furthermore this may make the node think the request at hand is a stork request and we do not want that.
 			authnRequest.setPersonalAttributeList(pAttList);
-			String issuer = "http://localhost:12344/moa-id-auth/eidas/metadata";
+			String issuer = "http://localhost:12343/moa-id-auth/eidas/metadata";
 			authnRequest.setIssuer(issuer);
 			authnRequest.setDestination(assertionConsumerURL);
 			authnRequest.setEidasNameidFormat(EIDASAuthnRequest.NAMEID_FORMAT_UNSPECIFIED);
@@ -116,6 +127,8 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			authnRequest.setEidasLoACompareType(EidasLoaCompareType.MINIMUM.stringValue());
 			authnRequest.setAlias(providerName);
 
+			authnRequest.setSPType("public");
+			
 			engine.initRequestedAttributes(pAttList);
 			authnRequest = engine.generateEIDASAuthnRequest(authnRequest);
 			
@@ -134,6 +147,8 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 	            context.put(actionType, SAMLRequest);
 	            Logger.debug("Encoded " + actionType + " original: " + SAMLRequest);
 
+	            context.put("RelayState", moasessionid);
+	            
 	            Logger.debug("Using assertion consumer url as action: " + assertionConsumerURL);
 	            context.put("action", assertionConsumerURL);
 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 8fdb40065..e80d62535 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -3,16 +3,88 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import eu.eidas.auth.commons.EIDASAuthnResponse;
+import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException {
 
-			System.out.println(request.getContentLength());
+		try{
+			String moasessionid = (String) executionContext.get(MOAIDAuthConstants.PARAM_SESSIONID);	    	
+			String pendingRequestID = (String) executionContext.get("pendingRequestID");
+
+			//load pending request
+			IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);				
+			if (pendingReq == null) {
+				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
+				throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
+			
+			}
+    	
+			//load MOASession object and OA-configuration
+			AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+			IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
+			
+			//get SAML Response and decode it
+			String base64SamlToken = request.getParameter("SAMLResponse");
+			if (MiscUtil.isEmpty(base64SamlToken)) {
+				Logger.warn("No eIDAS SAMLReponse found in http request.");
+				throw new MOAIDException("HTTP request includes no eIDAS SAML-Response element.", null);
+				
+			}						
+			byte[] decSamlToken = EIDASUtil.decodeSAMLToken(base64SamlToken);		
+			
+			//get eIDAS SAML-engine
+			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+			
+			//validate SAML token
+			EIDASAuthnResponse samlResp = engine.validateEIDASAuthnResponse(decSamlToken, 
+					request.getRemoteHost(), Constants.CONFIG_PROPS_SKEWTIME);
+			
+			boolean encryptedResponse=engine.isEncryptedSamlResponse(decSamlToken);
+			if (encryptedResponse) {
+				Logger.info("Received encrypted eIDAS SAML-Response.");
+				//TODO: check if additional decryption operation is required
+				
+			}
+			
+			
+			
+			
+			System.out.println(new String(decSamlToken));
+			
+			
+		}catch (EIDASSAMLEngineException e) {
+			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
+			throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", 
+					new EIDASEngineException("Could not generate token for Saml Request", e));
+			
+		} catch (EIDASEngineException | MOAIDException | MOADatabaseException e) {
+			throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", e);
+			
+		}	
+		
 	}
 
 }
-- 
cgit v1.2.3


From 31d5edb552ba03ce474f050bf2e69316af1ee623 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Tue, 12 Jan 2016 15:34:46 +0100
Subject: use general config eidas (in progress)

---
 .../eidas/tasks/GenerateAuthnRequestTask.java      | 54 ++++++++++++++--------
 1 file changed, 34 insertions(+), 20 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 9ae61edd9..9b289a435 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -24,11 +24,11 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
 import java.io.IOException;
 import java.io.StringWriter;
-import java.security.Security;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang3.StringUtils;
 import org.apache.velocity.Template;
 import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
@@ -41,16 +41,21 @@ import eu.eidas.auth.commons.IPersonalAttributeList;
 import eu.eidas.auth.commons.PersonalAttribute;
 import eu.eidas.auth.commons.PersonalAttributeList;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.core.eidas.SPType;
 import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.stork.CPEPS;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.RequestStorage;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -79,19 +84,36 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			//load pending request
 			IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);				
 			if (pendingReq == null) {
-				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
+				Logger.info("No PendingRequest with Id: '{}' Maybe, a transaction timeout occure.", new Object[] {pendingRequestID});
 				throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
 			
 			}
-    	
-			//load MOASession object and OA-configuration
+
+			//load MOASession object, configuration and OA-configuration
 			AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid);
 			IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
+			AuthConfiguration moaconfig = AuthConfigurationProviderFactory.getInstance();
 
-			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+			// get target country
+			String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC);
+
+			if (StringUtils.isEmpty(citizenCountryCode)) {
+				// illegal state; task should not have been executed without a selected country
+				throw new AuthenticationException("stork.22", new Object[] { moasessionid });
+			}
+
+			CPEPS cpeps = moaconfig.getStorkConfig().getCPEPS(citizenCountryCode);
+			if(null == cpeps) {
+				Logger.error("PEPS unknown for country", new Object[] {citizenCountryCode});
+				throw new AuthenticationException("Unknown PEPS for citizen country '{}'", new Object[] {citizenCountryCode});
+			}
+			Logger.debug("Found C-PEPS configuration for citizen of country: " + citizenCountryCode);
+			String destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination
+			String metadataUrl = cpeps.getPepsURL().toString().split(";")[0].trim();
 
+			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
 			IPersonalAttributeList pAttList = new PersonalAttributeList();
-			
+
 			//create template requested attribute
 			//TODO: load required attributes from OA configuration
 			PersonalAttribute attr = new PersonalAttribute();
@@ -112,23 +134,15 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			
 			//build eIDAS AuthnRequest
 			EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
-			String assertionConsumerURL="https://demo.a-sit.at/EidasNode/ColleagueRequest";
-//			authnRequest.setAssertionConsumerServiceURL(assertionConsumerURL);
-			String providerName = "sp3fr-moa";
-			authnRequest.setProviderName(providerName);
-//			int qaaLevel = 1;
-//			authnRequest.setQaa(qaaLevel); // not needed anymore. furthermore this may make the node think the request at hand is a stork request and we do not want that.
+			authnRequest.setProviderName(moaconfig.getPublicURLPrefix());
 			authnRequest.setPersonalAttributeList(pAttList);
-			String issuer = "http://localhost:12343/moa-id-auth/eidas/metadata";
-			authnRequest.setIssuer(issuer);
-			authnRequest.setDestination(assertionConsumerURL);
+			authnRequest.setIssuer(moaconfig.getPublicURLPrefix() + "/eidas/metadata");
+			authnRequest.setDestination(destination); 
 			authnRequest.setEidasNameidFormat(EIDASAuthnRequest.NAMEID_FORMAT_UNSPECIFIED);
 			authnRequest.setEidasLoA(EidasLoaLevels.LOW.stringValue());
 			authnRequest.setEidasLoACompareType(EidasLoaCompareType.MINIMUM.stringValue());
-			authnRequest.setAlias(providerName);
+			authnRequest.setSPType(SPType.DEFAULT_VALUE);
 
-			authnRequest.setSPType("public");
-			
 			engine.initRequestedAttributes(pAttList);
 			authnRequest = engine.generateEIDASAuthnRequest(authnRequest);
 			
@@ -149,8 +163,8 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 
 	            context.put("RelayState", moasessionid);
 	            
-	            Logger.debug("Using assertion consumer url as action: " + assertionConsumerURL);
-	            context.put("action", assertionConsumerURL);
+	            Logger.debug("Using assertion consumer url as action: " + destination);
+	            context.put("action", destination);
 
 	            Logger.debug("Starting template merge");
 	            StringWriter writer = new StringWriter();
-- 
cgit v1.2.3


From 29f01a4975f637c26fbcd0b43a9c844d7d3d2e54 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Tue, 12 Jan 2016 15:57:30 +0100
Subject: fetch requested attributes from configuration

---
 .../eidas/tasks/GenerateAuthnRequestTask.java      | 42 ++++++++++++----------
 1 file changed, 24 insertions(+), 18 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 9b289a435..57588287d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -24,10 +24,12 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
 import java.io.IOException;
 import java.io.StringWriter;
+import java.util.Collection;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.velocity.Template;
 import org.apache.velocity.VelocityContext;
@@ -56,6 +58,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.stork.CPEPS;
+import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.RequestStorage;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -111,27 +114,30 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			String destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination
 			String metadataUrl = cpeps.getPepsURL().toString().split(";")[0].trim();
 
-			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+			// assemble requested attributes
+			Collection<StorkAttribute> attributesFromConfig = oaConfig.getRequestedSTORKAttributes();
+
+			// - prepare attribute list
 			IPersonalAttributeList pAttList = new PersonalAttributeList();
 
-			//create template requested attribute
-			//TODO: load required attributes from OA configuration
-			PersonalAttribute attr = new PersonalAttribute();
-			attr.setName("eidas/attributes/CurrentFamilyName");
-			pAttList.add(attr);
+			// - fill container
+			for (StorkAttribute current : attributesFromConfig) {
+				PersonalAttribute newAttribute = new PersonalAttribute();
+				newAttribute.setName(current.getName());
+
+				boolean globallyMandatory = false;
+				for (StorkAttribute currentGlobalAttribute : moaconfig.getStorkConfig().getStorkAttributes())
+					if (current.getName().equals(currentGlobalAttribute.getName())) {
+						globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory());
+						break;
+					}
+
+				newAttribute.setIsRequired(current.getMandatory() || globallyMandatory);
+				pAttList.add(newAttribute);
+			}
+
+			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
 
-			PersonalAttribute attr1 = new PersonalAttribute();
-			attr1.setName("eidas/attributes/CurrentGivenName");
-			pAttList.add(attr1);
-			
-			PersonalAttribute attr2 = new PersonalAttribute();
-			attr2.setName("eidas/attributes/DateOfBirth");
-			pAttList.add(attr2);
-			
-			PersonalAttribute attr3 = new PersonalAttribute();
-			attr3.setName("eidas/attributes/PersonIdentifier");
-			pAttList.add(attr3);
-			
 			//build eIDAS AuthnRequest
 			EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
 			authnRequest.setProviderName(moaconfig.getPublicURLPrefix());
-- 
cgit v1.2.3


From 22820de6b6fa074be1d9990766fa631a6f7f5818 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 13 Jan 2016 08:57:23 +0100
Subject: add test IDL generation

---
 .../moa/id/auth/modules/eidas/Constants.java       |   6 +
 .../eidas/exceptions/eIDASAttributeException.java  |  38 +++
 .../eidas/tasks/CreateIdentityLinkTask.java        | 185 +++++++++++
 .../eidas/tasks/ReceiveAuthnResponseTask.java      |  33 +-
 .../eidas/utils/MOAOrderedAttributeIterator.java   |  66 ++++
 .../eidas/utils/MOAPersonalAttributeList.java      | 343 +++++++++++++++++++++
 6 files changed, 664 insertions(+), 7 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAOrderedAttributeIterator.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAPersonalAttributeList.java

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 8e38facbf..9f347b4ee 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -55,4 +55,10 @@ public class Constants {
 			+ CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT + ".config.file";
 	
 	public static final long CONFIG_PROPS_SKEWTIME = 2 * 60 * 1000;  //2 minutes skew time for response validation
+	
+	public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier";
+	public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth";
+	public static final String eIDAS_ATTR_CURRENTGIVENNAME = "CurrentGivenName";
+	public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "CurrentFamilyName";
+	
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
new file mode 100644
index 000000000..7840ae2e6
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASAttributeException extends Exception {
+
+	private static final long serialVersionUID = 1L;
+	
+	public eIDASAttributeException(String message) {
+		super(message);
+		
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
new file mode 100644
index 000000000..f4d6c4ad4
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -0,0 +1,185 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.xml.sax.SAXException;
+
+import eu.eidas.auth.commons.IPersonalAttributeList;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * @author tlenz
+ *
+ */
+public class CreateIdentityLinkTask extends AbstractAuthServletTask {
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext,
+			HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+		try{
+			String moasessionid = (String) executionContext.get(MOAIDAuthConstants.PARAM_SESSIONID);	    	
+			String pendingRequestID = (String) executionContext.get("pendingRequestID");
+
+			//load pending request
+			IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);				
+			if (pendingReq == null) {
+				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
+				throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
+			
+			}
+    	
+			//load MOASession object and OA-configuration
+			AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+			IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
+			
+			//get eIDAS attributes from MOA-Session
+			IPersonalAttributeList eIDASAttributes = moasession.getGenericDataFromSession(
+					AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, 
+					IPersonalAttributeList.class);
+			
+			AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
+			IdentityLink identityLink = null;
+			
+			//connect SZR-Gateway
+			//TODO: implement SZR-Gateway communication!!!!
+			if(true) {
+								
+				// create fake IdL
+				// - fetch IdL template from resources
+				InputStream s = CreateIdentityLinkTask.class.getResourceAsStream("/resources/xmldata/fakeIdL_IdL_template.xml");
+				Element idlTemplate = DOMUtils.parseXmlValidating(s);
+
+			    identityLink = new IdentityLinkAssertionParser(idlTemplate).parseIdentityLink();
+
+			    // replace data
+	            Element idlassertion = identityLink.getSamlAssertion();
+	            
+	            // - set bpk/wpbk;
+		        Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);		        		        
+		        if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
+		        	throw new eIDASAttributeException("PersonalIdentifier is missing");
+		        String eIdentifier = eIDASAttributes.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).getValue().get(0);
+		        prIdentification.getFirstChild().setNodeValue(eIdentifier);
+
+		        // - set last name
+		        Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH);
+		        if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_CURRENTFAMILYNAME))
+		        	throw new eIDASAttributeException("currentFamilyName is missing");
+				String familyName = eIDASAttributes.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME).getValue().get(0);
+				prFamilyName.getFirstChild().setNodeValue(familyName);
+
+		        // - set first name
+		        Node prGivenName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH);
+		        if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_CURRENTGIVENNAME))
+		        	throw new eIDASAttributeException("currentGivenName is missing");
+				String givenName = eIDASAttributes.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME).getValue().get(0);
+				prGivenName.getFirstChild().setNodeValue(givenName);
+
+		        // - set date of birth
+		        Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH);
+		        if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_DATEOFBIRTH))
+		        	throw new eIDASAttributeException("dateOfBirth is missing");
+				String dateOfBirth = eIDASAttributes.get(Constants.eIDAS_ATTR_DATEOFBIRTH).getValue().get(0);
+				dateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(new SimpleDateFormat("yyyyMMdd").parse(dateOfBirth));
+				prDateOfBirth.getFirstChild().setNodeValue(dateOfBirth);
+
+	            identityLink = new IdentityLinkAssertionParser(idlassertion).parseIdentityLink();
+
+	            //resign IDL
+				IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
+				Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), config.getStorkFakeIdLResigningKey());
+				identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink();
+				
+			} else {
+				//contact SZR Gateway
+				Logger.debug("Starting connecting SZR Gateway");
+			
+				//TODO:!!!!!!
+				
+			}
+			
+			Logger.debug("SZR communication was successfull");
+
+			if (identityLink == null) {
+				Logger.error("SZR Gateway did not return an identity link.");
+				throw new MOAIDException("stork.10", null);
+			}
+			
+			MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED);			
+			moasession.setForeigner(true);
+			moasession.setIdentityLink(identityLink);
+			moasession.setBkuURL("Not applicable (eIDASAuthentication)");
+			
+			//store MOA-session to database
+			AuthenticationSessionStoreage.storeSession(moasession);
+			
+		} catch (ParseException | MOAIDException | MOADatabaseException | ParserConfigurationException | SAXException | IOException e) {
+			throw new TaskExecutionException("IdentityLink generation for foreign person FAILED.", e);
+			
+		} catch (eIDASAttributeException e) {
+			throw new TaskExecutionException("Minimum required eIDAS attributeset not found.", e);
+				
+		}	
+
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index e80d62535..693807d63 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -10,13 +10,16 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.RequestStorage;
@@ -68,20 +71,36 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 				//TODO: check if additional decryption operation is required
 				
 			}
+						
+			//MOA-ID specific response validation
+			//TODO: implement MOA-ID specific response validation
 			
+			//update MOA-Session data with received information			
+			Logger.debug("Store eIDAS response information into MOA-session.");
+			moasession.setQAALevel(samlResp.getAssuranceLevel());
+			moasession.setCcc(samlResp.getCountry());
+						
+			moasession.setGenericDataToSession(
+					AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, 
+					new MOAPersonalAttributeList(samlResp.getPersonalAttributeList()));
+						
+			moasession.setGenericDataToSession(
+					AuthenticationSessionStorageConstants.eIDAS_RESPONSE, 
+					decSamlToken);
+
+			//set general information to MOA-Session
+			moasession.setAuthURL(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/");
 			
-			
-			
-			System.out.println(new String(decSamlToken));
-			
+			//store MOA-session to database
+			AuthenticationSessionStoreage.storeSession(moasession);
 			
 		}catch (EIDASSAMLEngineException e) {
 			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
-			throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", 
-					new EIDASEngineException("Could not generate token for Saml Request", e));
+			throw new TaskExecutionException("eIDAS Response processing FAILED.", 
+					new EIDASEngineException("Could not validate eIDAS response", e));
 			
 		} catch (EIDASEngineException | MOAIDException | MOADatabaseException e) {
-			throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", e);
+			throw new TaskExecutionException("eIDAS Response processing FAILED.", e);
 			
 		}	
 		
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAOrderedAttributeIterator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAOrderedAttributeIterator.java
new file mode 100644
index 000000000..573163af0
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAOrderedAttributeIterator.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+
+import java.util.Iterator;
+import java.util.NoSuchElementException;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+import eu.eidas.auth.commons.PersonalAttribute;
+import eu.eidas.auth.commons.PersonalAttributeList;
+
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAOrderedAttributeIterator  implements Iterator<PersonalAttribute> {
+	
+    private MOAPersonalAttributeList pal;
+    private Iterator<String> keyIterator;
+
+    public MOAOrderedAttributeIterator(MOAPersonalAttributeList palArg) {
+        this.pal = palArg;
+        keyIterator = palArg.getInsertOrder().iterator();
+    }
+
+    @Override
+    public boolean hasNext() {
+        return keyIterator.hasNext();
+    }
+
+    @Override
+    public PersonalAttribute next() {
+        if (!hasNext()) {
+            throw new NoSuchElementException();
+        }
+        return pal.get(keyIterator.next());
+    }
+
+    @Override
+    public void remove() {
+        Logger.error("Not implemented");
+    }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAPersonalAttributeList.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAPersonalAttributeList.java
new file mode 100644
index 000000000..5cc100b70
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAPersonalAttributeList.java
@@ -0,0 +1,343 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.StringTokenizer;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.apache.commons.lang.StringUtils;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+import eu.eidas.auth.commons.AttributeConstants;
+import eu.eidas.auth.commons.AttributeUtil;
+import eu.eidas.auth.commons.EIDASErrors;
+import eu.eidas.auth.commons.EIDASParameters;
+import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.commons.EIDASValues;
+import eu.eidas.auth.commons.IPersonalAttributeList;
+import eu.eidas.auth.commons.PersonalAttribute;
+import eu.eidas.auth.commons.exceptions.InternalErrorEIDASException;
+
+/**
+ * @author tlenz
+ *
+ */
+public final class MOAPersonalAttributeList extends
+	ConcurrentHashMap<String, PersonalAttribute> implements IPersonalAttributeList {
+	
+	 /**
+	 * 
+	 */
+	private static final long serialVersionUID = -4488124133022713089L;
+
+    public MOAPersonalAttributeList(IPersonalAttributeList eIDASAttributeList) {
+    	super();
+    	Iterator<PersonalAttribute> element = eIDASAttributeList.iterator();
+    	while(element.hasNext())
+    		add(element.next());    		
+    	
+    }
+	
+	/**
+     * Hash with the latest fetched attribute name alias.
+     */
+    private Map<String, Integer> latestAttrAlias =
+            new HashMap<String, Integer>();
+
+    /**
+     * Hash with mapping number of alias or the attribute name.
+     */
+    private Map<String, Integer> attrAliasNumber =
+            new HashMap<String, Integer>();
+    private List<String> insertOrder = new ArrayList<String>();
+
+    /**
+     * Obtain the insertOrder Collection
+     *
+     * @return defensive copy of the collection
+     */
+    List<String> getInsertOrder() {
+        return Collections.unmodifiableList(this.insertOrder);
+    }
+
+    /**
+     * Default constructor.
+     */
+    public MOAPersonalAttributeList() {
+        super();
+        
+    }
+    
+    /**
+     * Constructor with initial capacity for the PersonalAttributeList size.
+     *
+     * @param capacity The initial capacity for the PersonalAttributeList.
+     */
+    public MOAPersonalAttributeList(final int capacity) {
+        super(capacity);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public Iterator<PersonalAttribute> iterator() {
+        return new MOAOrderedAttributeIterator(this);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public PersonalAttribute get(final Object key) {
+        String attrName = (String) key;
+
+        if (this.latestAttrAlias == null)
+        	this.latestAttrAlias = new HashMap<String, Integer>();
+        
+        if (this.attrAliasNumber == null)
+        	this.attrAliasNumber = new HashMap<String, Integer>();
+        
+        if (this.latestAttrAlias.containsKey(key)) {
+            attrName = attrName + this.latestAttrAlias.get(key);
+        } else {
+            if (this.attrAliasNumber.containsKey(key)) {
+                this.latestAttrAlias.put(attrName, this.attrAliasNumber.get(key));
+            }
+        }
+        return super.get(attrName);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void add(final PersonalAttribute value) {
+        if (value != null) {
+            this.put(value.getName(), value);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public PersonalAttribute put(final String key, final PersonalAttribute val) {
+        if (StringUtils.isNotEmpty(key) && val != null) {
+            // Validate if attribute name already exists!
+            String attrAlias = key;
+            if (this.containsKey(attrAlias)) {
+            	if (this.attrAliasNumber == null)
+            		this.attrAliasNumber = new HashMap<String, Integer>();
+                if (!val.isEmptyValue() && StringUtils.isNumeric(val.getValue().get(0))) {
+                    final String attrValue = val.getValue().get(0);
+                    attrAlias = key + attrValue;
+                    this.attrAliasNumber.put(key, Integer.valueOf(attrValue));
+                } else {
+                    final PersonalAttribute attr = super.get(key);
+                    if (!attr.isEmptyValue()
+                            && StringUtils.isNumeric(attr.getValue().get(0))) {
+                        attrAlias = key + attr.getValue().get(0);
+                        super.put(key, (PersonalAttribute) attr);
+                        this.attrAliasNumber.put(key, null);
+                    }
+                }
+            } else {
+            	if (insertOrder == null)
+            		insertOrder = new ArrayList<String>();
+            	
+                insertOrder.add(key);
+            }
+            return super.put(attrAlias, val);
+        } else {
+            return null;
+        }
+    }
+
+    @Override
+    public PersonalAttribute remove(Object key) {
+        insertOrder.remove(key);
+        return super.remove(key);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void populate(final String attrList) {
+        final StringTokenizer strToken =
+                new StringTokenizer(attrList, EIDASValues.ATTRIBUTE_SEP.toString());
+
+        while (strToken.hasMoreTokens()) {
+            final PersonalAttribute persAttr = new PersonalAttribute();
+            String[] tuples =
+                    strToken.nextToken().split(EIDASValues.ATTRIBUTE_TUPLE_SEP.toString(),
+                            AttributeConstants.NUMBER_TUPLES.intValue());
+
+            // Convert to the new format if needed!
+            tuples = convertFormat(tuples);
+
+            if (AttributeUtil.hasValidTuples(tuples)) {
+                final int attrValueIndex =
+                        AttributeConstants.ATTR_VALUE_INDEX.intValue();
+                final String tmpAttrValue =
+                        tuples[attrValueIndex].substring(1,
+                                tuples[attrValueIndex].length() - 1);
+                final String[] vals =
+                        tmpAttrValue.split(EIDASValues.ATTRIBUTE_VALUE_SEP.toString());
+
+                persAttr.setName(tuples[AttributeConstants.ATTR_NAME_INDEX.intValue()]);
+                persAttr.setIsRequired(Boolean
+                        .valueOf(tuples[AttributeConstants.ATTR_TYPE_INDEX.intValue()]));
+                // check if it is a complex value
+                if (tuples[AttributeConstants.ATTR_NAME_INDEX.intValue()]
+                        .equals(EIDASParameters.COMPLEX_ADDRESS_VALUE.toString())) {
+                    persAttr.setComplexValue(createComplexValue(vals));
+                } else {
+                    persAttr.setValue(createValues(vals));
+                }
+
+                if (tuples.length == AttributeConstants.NUMBER_TUPLES.intValue()) {
+                    persAttr.setStatus(tuples[AttributeConstants.ATTR_STATUS_INDEX
+                            .intValue()]);
+                }
+                this.put(tuples[AttributeConstants.ATTR_NAME_INDEX.intValue()],
+                        persAttr);
+
+            } else {
+                Logger.info("BUSINESS EXCEPTION : Invalid personal attribute list tuples");
+            }
+
+        }
+    }
+
+  /**
+  * Returns a copy of this <tt>IPersonalAttributeList</tt> instance.
+  *
+  * @return The copy of this IPersonalAttributeList.
+  */
+  public Object clone() {
+      try {
+          MOAPersonalAttributeList theClone= (MOAPersonalAttributeList)super.clone();
+          theClone.insertOrder=new ArrayList<String>(insertOrder);
+          return theClone;
+          
+      } catch (CloneNotSupportedException e) {
+          throw new InternalErrorEIDASException(
+                  EIDASUtil.getConfig(EIDASErrors.INTERNAL_ERROR.errorCode()),
+                  EIDASUtil.getConfig(EIDASErrors.INTERNAL_ERROR.errorMessage()), e);
+      }
+  }
+
+  /**
+   * Creates a string in the following format.
+   *
+   * attrName:attrType:[attrValue1,attrValue2=attrComplexValue]:attrStatus;
+   *
+   * @return {@inheritDoc}
+   */
+  @Override
+  public String toString() {
+      final StringBuilder strBuilder = new StringBuilder();
+      final Iterator<String> iteratorInsertOrder = insertOrder.iterator();
+      while (iteratorInsertOrder.hasNext()) {
+          String key = iteratorInsertOrder.next();
+          final PersonalAttribute attr = get(key);
+          strBuilder.append(attr.toString());
+          if (isNumberAlias(key)) {
+              strBuilder.append(get(key).toString());
+          }
+      }
+      return strBuilder.toString();
+  }
+
+    /**
+     * Validates and creates the attribute's complex values.
+     *
+     * @param values The complex values.
+     * @return The {@link Map} with the complex values.
+     * @see Map
+     */
+    private Map<String, String> createComplexValue(final String[] values) {
+        final Map<String, String> complexValue = new HashMap<String, String>();
+        for (final String val : values) {
+            final String[] tVal = val.split("=");
+            if (StringUtils.isNotEmpty(val) && tVal.length == 2) {
+                complexValue.put(tVal[0], AttributeUtil.unescape(tVal[1]));
+            }
+        }
+        return complexValue;
+    }
+
+    /**
+     * Validates and creates the attribute values.
+     *
+     * @param vals The attribute values.
+     * @return The {@link List} with the attribute values.
+     * @see List
+     */
+    private List<String> createValues(final String[] vals) {
+        final List<String> values = new ArrayList<String>();
+        for (final String val : vals) {
+            if (StringUtils.isNotEmpty(val)) {
+                values.add(AttributeUtil.unescape(val));
+            }
+        }
+        return values;
+    }
+
+    //////////////////
+    /**
+     * Converts the attribute tuple (attrName:attrType...) to the new format.
+     *
+     * @param tuples The attribute tuples to convert.
+     * @return The attribute tuples in the new format.
+     */
+    private String[] convertFormat(final String[] tuples) {
+        final String[] newFormatTuples =
+                new String[AttributeConstants.NUMBER_TUPLES.intValue()];
+        if (tuples != null) {
+            System.arraycopy(tuples, 0, newFormatTuples, 0, tuples.length);
+
+            for (int i = tuples.length; i < newFormatTuples.length; i++) {
+                if (i == AttributeConstants.ATTR_VALUE_INDEX.intValue()) {
+                    newFormatTuples[i] = "[]";
+                } else {
+                    newFormatTuples[i] = "";
+                }
+            }
+        }
+        return newFormatTuples;
+    }
+
+    public boolean isNumberAlias(String key) {
+        return this.attrAliasNumber.containsKey(key);
+    }
+	
+	
+
+}
-- 
cgit v1.2.3


From 320485ae06e93da206049f4c3706db4e4fec554b Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 13 Jan 2016 14:03:03 +0100
Subject: refactor PVP Metadata provider functionality

---
 .../engine/MOAeIDASMetadataSignatureFilter.java    | 132 +++++++++++++++++++++
 1 file changed, 132 insertions(+)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataSignatureFilter.java

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataSignatureFilter.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataSignatureFilter.java
new file mode 100644
index 000000000..c9f3e5bcd
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataSignatureFilter.java
@@ -0,0 +1,132 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
+
+import java.io.IOException;
+import java.io.StringWriter;
+
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.provider.FilterException;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.xml.XMLObject;
+
+import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils;
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAeIDASMetadataSignatureFilter implements MetadataFilter {
+
+	private String trustProfileID = null;
+	
+	/**
+	 * 
+	 */
+	public MOAeIDASMetadataSignatureFilter(String trustProfileID) {
+		this.trustProfileID = trustProfileID;
+		
+	}
+	
+	
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
+	 */
+	@Override
+	public void doFilter(XMLObject metadata) throws FilterException {
+		if (metadata instanceof EntityDescriptor) {
+			if (((EntityDescriptor) metadata).isSigned()) {				
+				EntityDescriptor entityDes = (EntityDescriptor) metadata;
+				//check signature;
+				try {
+					Transformer transformer = TransformerFactory.newInstance()
+							.newTransformer();	
+					StringWriter sw = new StringWriter();
+					StreamResult sr = new StreamResult(sw);
+					DOMSource source = new DOMSource(metadata.getDOM());
+					transformer.transform(source, sr);
+					sw.close();
+					String metadataXML = sw.toString();
+					
+					SignatureVerificationUtils sigVerify = 
+							new SignatureVerificationUtils();
+					VerifyXMLSignatureResponse result = sigVerify.verify(
+							metadataXML.getBytes(), trustProfileID);
+					
+					//check signature-verification result
+					if (result.getSignatureCheckCode() != 0) {
+						Logger.warn("eIDAS Metadata signature-verification FAILED!"
+								+ " Metadata: " + entityDes.getEntityID()
+								+ " StatusCode:" + result.getSignatureCheckCode());
+						throw new FilterException("eIDAS Metadata signature-verification FAILED!"
+								+ " Metadata: " + entityDes.getEntityID()
+								+ " StatusCode:" + result.getSignatureCheckCode());
+						
+					}
+					
+					if (result.getCertificateCheckCode() != 0) {
+						Logger.warn("eIDAS Metadata certificate-verification FAILED!"
+								+ " Metadata: " + entityDes.getEntityID()
+								+ " StatusCode:" + result.getCertificateCheckCode());
+						throw new FilterException("eIDAS Metadata certificate-verification FAILED!"
+								+ " Metadata: " + entityDes.getEntityID()
+								+ " StatusCode:" + result.getCertificateCheckCode());
+						
+					}
+					
+				
+				} catch (MOAIDException | TransformerFactoryConfigurationError | TransformerException | IOException e) {
+					Logger.error("eIDAS Metadata verification has an interal error.", e);
+					throw new FilterException("eIDAS Metadata verification has an interal error."
+							+ " Message:" + e.getMessage());
+					
+				}
+				
+				
+			} else {
+				Logger.warn("eIDAS Metadata root-element MUST be signed.");
+				throw new FilterException("eIDAS Metadata root-element MUST be signed.'");
+				
+			}
+						
+		} else {
+			Logger.warn("eIDAS Metadata root-element is not of type 'EntityDescriptor'");
+			throw new FilterException("eIDAS Metadata root-element is not of type 'EntityDescriptor'");
+			
+		}
+		
+	}
+
+}
-- 
cgit v1.2.3


From 28884c5d5ee4685aaf88309b1b6b340b65ffbe86 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 13 Jan 2016 14:04:58 +0100
Subject: update eIDAS http(s) endpoints

---
 .../moa/id/auth/modules/eidas/Constants.java        | 18 ++++++++++++++----
 .../id/auth/modules/eidas/eIDASSignalServlet.java   | 15 ++-------------
 .../eidas/tasks/GenerateAuthnRequestTask.java       |  4 ++++
 .../modules/eidas/utils/EidasMetaDataServlet.java   | 21 ++++++++++++++++-----
 4 files changed, 36 insertions(+), 22 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 9f347b4ee..1c20a81bf 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -45,20 +45,30 @@ public class Constants {
 	public static final String CONIG_PROPS_EIDAS_PREFIX="moa.id.protocols.eIDAS";
 	public static final String CONIG_PROPS_EIDAS_SAMLENGINE="samlengine";
 	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX=CONIG_PROPS_EIDAS_PREFIX + "." + CONIG_PROPS_EIDAS_SAMLENGINE;
-	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_BASIC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + ".config.file";
-	
+	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_BASIC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + ".config.file";	
 	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_SIGN="sign";
 	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT="enc";
 	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_SIGN_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + "." 
 			+ CONIG_PROPS_EIDAS_SAMLENGINE_SIGN + ".config.file";
 	public static final String CONIG_PROPS_EIDAS_SAMLENGINE_ENC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + "." 
-			+ CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT + ".config.file";
+			+ CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT + ".config.file";	
+	public static final String CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE = CONIG_PROPS_EIDAS_PREFIX + ".metadata.validation.truststore";
 	
-	public static final long CONFIG_PROPS_SKEWTIME = 2 * 60 * 1000;  //2 minutes skew time for response validation
+	//timeouts and clock skews
+	public static final long CONFIG_PROPS_SKEWTIME = 2 * 60 * 1000;  			//2 minutes skew time for response validation
+	public static final int CONFIG_PROPS_METADATA_SOCKED_TIMEOUT = 20 * 1000;  	//20 seconds metadata socked timeout
 	
+	//eIDAS attribute names
 	public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier";
 	public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth";
 	public static final String eIDAS_ATTR_CURRENTGIVENNAME = "CurrentGivenName";
 	public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "CurrentFamilyName";
+		
+	//http endpoint descriptions
+	public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/sp/post";
+	public static final String eIDAS_HTTP_ENDPOINT_SP_REDIRECT = "/eidas/sp/redirect";
+	public static final String eIDAS_HTTP_ENDPOINT_IDP_POST = "/eidas/idp/post";
+	public static final String eIDAS_HTTP_ENDPOINT_IDP_REDIRECT = "/eidas/idp/redirect";
+	public static final String eIDAS_HTTP_ENDPOINT_METADATA = "/eidas/metadata";
 	
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
index 556947572..49f0451cb 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
@@ -22,30 +22,19 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas;
 
-import java.io.ByteArrayInputStream;
-
 import javax.servlet.annotation.WebServlet;
 import javax.servlet.http.HttpServletRequest;
-import javax.xml.xpath.XPath;
-import javax.xml.xpath.XPathConstants;
-import javax.xml.xpath.XPathExpression;
-import javax.xml.xpath.XPathFactory;
 
 import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.util.xml.SimpleNamespaceContext;
-import org.w3c.dom.Document;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
 
 /**
  * @author tlenz
  *
  */
-@WebServlet(urlPatterns = { "/eidas/post",  "/eidas/redirect"}, loadOnStartup = 1)
+@WebServlet(urlPatterns = { "/eidas/sp/post",  "/eidas/sp/redirect"}, loadOnStartup = 1)
 public class eIDASSignalServlet extends ProcessEngineSignalServlet {
 
 	private static final long serialVersionUID = 8215688005533754459L;
@@ -53,7 +42,7 @@ public class eIDASSignalServlet extends ProcessEngineSignalServlet {
 	public eIDASSignalServlet() {
 		super();
 		Logger.debug("Registering servlet " + getClass().getName() + 
-				" with mappings '/eidas/post' and '/eidas/redirect'.");
+				" with mappings '/eidas/sp/post' and '/eidas/sp/redirect'.");
 		
 	}
 	
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 57588287d..963fe70c1 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -142,7 +142,11 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
 			authnRequest.setProviderName(moaconfig.getPublicURLPrefix());
 			authnRequest.setPersonalAttributeList(pAttList);
+			
 			authnRequest.setIssuer(moaconfig.getPublicURLPrefix() + "/eidas/metadata");
+			//TODO: only for development and reverse proxy 
+			authnRequest.setIssuer("http://localhost:12343/moa-id-auth/eidas/metadata");
+			
 			authnRequest.setDestination(destination); 
 			authnRequest.setEidasNameidFormat(EIDASAuthnRequest.NAMEID_FORMAT_UNSPECIFIED);
 			authnRequest.setEidasLoA(EidasLoaLevels.LOW.stringValue());
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
index c8df9ca97..cd30f2bec 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
@@ -29,7 +29,10 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.slf4j.Logger;
 
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
 import eu.eidas.auth.engine.metadata.MetadataConfigParams;
 import eu.eidas.auth.engine.metadata.MetadataGenerator;
@@ -49,15 +52,23 @@ public class EidasMetaDataServlet extends HttpServlet {
      */
     protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
         try {
-            logger.info("EidasMetaDataServlet GET");
+            logger.debug("EidasMetaDataServlet GET");
             
-            String metadata_url = "http://localhost:12344/moa-id-auth/eidas/metadata";
-            String sp_return_url = "http://localhost:12344/moa-id-auth/eidas/metadata";
+            AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
+            String pubURLPrefix = config.getPublicURLPrefix();
+            
+            
+            String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
+            
+            //TODO: only for development and reverse proxy 
+            metadata_url = "http://localhost:12343/moa-id-auth/eidas/metadata";
+            
+            String sp_return_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_SP_POST;            
             String metaData = generateMetadata(metadata_url, sp_return_url);
 
-            logger.debug(metaData);
+            logger.trace(metaData);
 
-            response.setContentType("text/html");
+            response.setContentType("text/xml");
             response.getWriter().print(metaData);
             response.flushBuffer();
         } catch (Exception e) {
-- 
cgit v1.2.3


From 0247b654a6278acff55999e8b6318a6db4354510 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 13 Jan 2016 14:05:48 +0100
Subject: reimplement eIDAS metadata provider which use MOA-SP to verify
 metadata

---
 .../engine/MOAeIDASSimpleMetadataProvider.java     | 184 ++++++++++++++++++---
 1 file changed, 165 insertions(+), 19 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java
index 2aec81db5..a8099f42e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java
@@ -1,50 +1,196 @@
 package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
 
 import java.security.KeyStore;
+import java.util.Timer;
 
+import javax.net.ssl.SSLHandshakeException;
+
+import org.apache.commons.httpclient.MOAHttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
+import org.apache.commons.lang.StringUtils;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.saml2.metadata.RoleDescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.xml.parse.BasicParserPool;
 
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
+import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
-import eu.eidas.auth.engine.metadata.SimpleMetadataProcessor;
+import eu.eidas.auth.engine.metadata.MetadataProcessorI;
 import eu.eidas.engine.exceptions.SAMLEngineException;
 
-public class MOAeIDASSimpleMetadataProvider extends SimpleMetadataProcessor {
+public class MOAeIDASSimpleMetadataProvider implements MetadataProcessorI {
 
+	/* (non-Javadoc)
+	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getEntityDescriptor(java.lang.String)
+	 */
 	@Override
-	public EntityDescriptor getEntityDescriptor(String url) {
-        EntityDescriptor entityDescriptor=getEntityDescriptorHelper(url);
-        
-        if(Logger.isDebugEnabled()){
-            Logger.debug("got entityDescriptor: " + entityDescriptor);
+	public EntityDescriptor getEntityDescriptor(String url)
+			throws SAMLEngineException {
+		EntityDescriptor entityDescriptor=null;
+        try {
+        	if (StringUtils.isNotEmpty(url)) {        	
+        		HTTPMetadataProvider provider = createNewHTTPMetaDataProvider(url);            
+                entityDescriptor = provider.getEntityDescriptor(url);
+                
+            } else {
+                throw new MetadataProviderException("the metadata url parameter is null or empty");
+                
+            }
+        } catch (MetadataProviderException mpe) {
+            Logger.error("error getting a metadataprovider {}", mpe);
+            
         }
         return entityDescriptor;
+        
 	}
 
+	/* (non-Javadoc)
+	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getSPSSODescriptor(java.lang.String)
+	 */
 	@Override
-	public SPSSODescriptor getSPSSODescriptor(String url) throws SAMLEngineException {
+	public SPSSODescriptor getSPSSODescriptor(String url)
+			throws SAMLEngineException {
 		return getFirstRoleDescriptor(getEntityDescriptor(url), SPSSODescriptor.class);
 		
 	}
 
+	/* (non-Javadoc)
+	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getIDPSSODescriptor(java.lang.String)
+	 */
 	@Override
-	public IDPSSODescriptor getIDPSSODescriptor(String url) throws SAMLEngineException {
+	public IDPSSODescriptor getIDPSSODescriptor(String url)
+			throws SAMLEngineException {
 		return getFirstRoleDescriptor(getEntityDescriptor(url), IDPSSODescriptor.class);
 		
 	}
 
-    @Override
-    public void checkValidMetadataSignature(String url, EIDASSAMLEngine engine) throws SAMLEngineException {
-        //TODO: implement Metadata signature validation
-        Logger.warn("MetadataProcessor in demo SP does not actually check the signature of metadata");
-   
-    }
-    @Override
-    public void checkValidMetadataSignature(String url, KeyStore store) throws SAMLEngineException {
-        //not implemented
-    	
+	/* (non-Javadoc)
+	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#checkValidMetadataSignature(java.lang.String, eu.eidas.auth.engine.EIDASSAMLEngine)
+	 */
+	@Override
+	public void checkValidMetadataSignature(String url, EIDASSAMLEngine engine)
+			throws SAMLEngineException {
+		//Do nothing, because metadata signature is already validated during 
+		//metadata provider initialization 
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#checkValidMetadataSignature(java.lang.String, java.security.KeyStore)
+	 */
+	@Override
+	public void checkValidMetadataSignature(String url, KeyStore trustStore)
+			throws SAMLEngineException {
+		//Do nothing, because metadata signature is already validated during 
+		//metadata provider initialization 
+		
+	}
+
+    protected <T extends RoleDescriptor> T getFirstRoleDescriptor(EntityDescriptor entityDescriptor, final Class<T> clazz){
+        for(RoleDescriptor rd:entityDescriptor.getRoleDescriptors()){
+            if(clazz.isInstance(rd)){
+                return (T)rd;
+            }
+        }
+        return null;
     }
+    
+	private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL) {
+		HTTPMetadataProvider httpProvider = null;
+		Timer timer= null;
+		MOAHttpClient httpClient = null;
+		try {
+			AuthConfiguration authConfig = AuthConfigurationProviderFactory.getInstance();
+			
+			httpClient = new MOAHttpClient();
+			
+			HttpClientParams httpClientParams = new HttpClientParams();
+			httpClientParams.setSoTimeout(Constants.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
+			httpClient.setParams(httpClientParams);
+			
+			if (metadataURL.startsWith("https:")) {
+				try {
+					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+							PVPConstants.SSLSOCKETFACTORYNAME, 
+							authConfig.getCertstoreDirectory(), 
+							authConfig.getTrustedCACertificates(),
+							null,
+							AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
+							authConfig.isTrustmanagerrevoationchecking());
+					
+					httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+
+				} catch (MOAHttpProtocolSocketFactoryException e) {
+					Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
+					
+				}
+			}
+			
+			timer = new Timer();
+			httpProvider = new HTTPMetadataProvider(timer, httpClient, 
+					metadataURL);
+			httpProvider.setParserPool(new BasicParserPool());
+			httpProvider.setRequireValidMetadata(true);
+			httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
+			httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
+			//httpProvider.setRefreshDelayFactor(0.1F);
+			
+			//add Metadata filters
+			MetadataFilterChain filter = new MetadataFilterChain();
+			filter.addFilter(new MOAeIDASMetadataSignatureFilter(
+					authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE)));
+			httpProvider.setMetadataFilter(filter);
+			
+			httpProvider.initialize();
+			
+						
+			return httpProvider;
+						
+		} catch (Throwable e) {			
+			if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
+				Logger.warn("SSL-Server certificate for metadata " 
+						+ metadataURL + " not trusted.", e);
+				
+			} if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {				
+				Logger.warn("Signature verification for metadata" 
+						+ metadataURL + " FAILED.", e);
+			
+			} if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
+				Logger.warn("Schema validation for metadata " 
+						+ metadataURL + " FAILED.", e);								
+			}
+			
+			Logger.error(
+					"Failed to add Metadata file for "
+							+ metadataURL + "[ "
+							+ e.getMessage() + " ]", e);
+						
+			if (httpProvider != null) {
+				Logger.debug("Destroy failed Metadata provider");
+				httpProvider.destroy();
+			}
+			
+			if (timer != null) {
+				Logger.debug("Destroy Timer.");
+				timer.cancel();
+			}
+
+			
+		}
+		
+		return null;	
+	}
 	
 }
-- 
cgit v1.2.3


From 1d65e35ef38e8a7405ec25def325080b7da2ab4d Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Wed, 13 Jan 2016 16:47:05 +0100
Subject: moa learned how to receive eidas node requests

---
 .../modules/eidas/utils/EidasMetaDataServlet.java  |   9 +-
 .../id/protocols/eidas/AuthenticationRequest.java  |  62 ++++++++++
 .../moa/id/protocols/eidas/EIDASProtocol.java      | 135 +++++++++++++++++++++
 3 files changed, 203 insertions(+), 3 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
index c8df9ca97..6a573d0f2 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
@@ -57,7 +57,7 @@ public class EidasMetaDataServlet extends HttpServlet {
 
             logger.debug(metaData);
 
-            response.setContentType("text/html");
+            response.setContentType("text/xml");
             response.getWriter().print(metaData);
             response.flushBuffer();
         } catch (Exception e) {
@@ -82,11 +82,14 @@ public class EidasMetaDataServlet extends HttpServlet {
         generator.setConfigParams(mcp);
         generator.initialize(engine);
         mcp.setEntityID(metadata_url);
-        mcp.setAssertionConsumerUrl(metadata);
+
         generator.addSPRole();
-        generator.addIDPRole();
         String returnUrl = sp_return_url;
         mcp.setAssertionConsumerUrl(returnUrl);
+
+        generator.addIDPRole();
+        mcp.setAssuranceLevel("http://eidas.europa.eu/LoA/substantial");
+
         metadata = generator.generateMetadata();
         return metadata;
     }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
new file mode 100644
index 000000000..6a13cba60
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
@@ -0,0 +1,62 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.eidas;
+
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+
+/**
+ * Second request step - after authentication of the user is done and moasession obtained,
+ * process request and forward the user further to PEPS and/or other entities
+ *
+ * @author bsuzic
+ */
+
+public class AuthenticationRequest implements IAction {
+
+	@Override
+	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public String getDefaultActionName() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
new file mode 100644
index 000000000..01052c698
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -0,0 +1,135 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.eidas;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IModulInfo;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import eu.eidas.auth.commons.EIDASAuthnRequest;
+import eu.eidas.auth.commons.EIDASAuthnResponse;
+import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.stork.peps.auth.commons.*;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import java.util.HashMap;
+
+/**
+ * Stork 2 Protocol Support
+ *
+ * @author bsuzic
+ */
+public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
+
+    public static final String NAME = EIDASProtocol.class.getName();
+    public static final String PATH = "eidas";
+
+    public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest";
+
+    private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
+
+    static {
+        actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest());
+    }
+
+    public String getName() {
+        return NAME;
+    }
+
+    public String getPath() {
+        return PATH;
+    }
+
+    public IAction getAction(String action) {
+        return actions.get(action);
+    }
+
+    public EIDASProtocol() {
+        super();
+    }
+
+    /*
+        First request step - send it to BKU selection for user authentication. After the user credentials
+        and other info are obtained, in the second step the request will be processed and the user redirected
+         */
+    public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action,
+			String sessionId, String transactionId) throws MOAIDException {
+    	
+        Logger.info("received an eIDaS request");
+			
+		//get SAML Response and decode it
+		String base64SamlToken = request.getParameter("SAMLRequest");
+		if (MiscUtil.isEmpty(base64SamlToken)) {
+			Logger.warn("No eIDAS SAMLRequest found in http request.");
+			throw new MOAIDException("HTTP request includes no eIDAS SAML-Request element.", null);
+			
+		}						
+		byte[] decSamlToken = EIDASUtil.decodeSAMLToken(base64SamlToken);	
+        
+		try {
+		//get eIDAS SAML-engine
+		EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+		
+		//validate SAML token
+		EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken);
+
+		
+		} catch(Exception e) {
+			
+		}
+		
+		return null;
+    }
+
+    public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) {
+        return null;
+    }
+
+    public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable {
+        return false;
+    }
+
+    public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) {
+        return false;
+    }
+}
+
+
-- 
cgit v1.2.3


From 587d9f326ce905f9b60fda37af747df5dfcb33ec Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 13 Jan 2016 16:54:50 +0100
Subject: change MOA eIDAS metadata provider to a cached version as chaining
 metadata provider

---
 .../engine/MOAeIDASChainingMetadataProvider.java   | 290 +++++++++++++++++++++
 .../engine/MOAeIDASMetadataProviderDecorator.java  | 120 +++++++++
 .../engine/MOAeIDASSimpleMetadataProvider.java     | 196 --------------
 .../auth/modules/eidas/utils/SAMLEngineUtils.java  |   8 +-
 4 files changed, 415 insertions(+), 199 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
 delete mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
new file mode 100644
index 000000000..4d6cd62fa
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -0,0 +1,290 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Timer;
+
+import javax.net.ssl.SSLHandshakeException;
+import javax.xml.namespace.QName;
+
+import org.apache.commons.httpclient.MOAHttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
+import org.opensaml.xml.XMLObject;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
+import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import eu.eidas.auth.engine.AbstractSAMLEngine;
+
+public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvider {
+
+	private static MOAeIDASChainingMetadataProvider instance = null;
+	private static Object mutex = new Object();
+	
+	private MetadataProvider internalProvider;
+	
+	
+	public static MOAeIDASChainingMetadataProvider getInstance() {
+		if (instance == null) {
+			synchronized (mutex) {
+				if (instance == null) {
+					instance = new MOAeIDASChainingMetadataProvider();
+				}
+			}
+		}
+		return instance;
+	}
+	
+	
+	private MOAeIDASChainingMetadataProvider() {
+		internalProvider = new ChainingMetadataProvider();
+		
+	}
+	    
+	private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL) {
+		HTTPMetadataProvider httpProvider = null;
+		Timer timer= null;
+		MOAHttpClient httpClient = null;
+		try {
+			AuthConfiguration authConfig = AuthConfigurationProviderFactory.getInstance();
+			
+			httpClient = new MOAHttpClient();
+			
+			HttpClientParams httpClientParams = new HttpClientParams();
+			httpClientParams.setSoTimeout(Constants.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
+			httpClient.setParams(httpClientParams);
+			
+			if (metadataURL.startsWith("https:")) {
+				try {
+					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+							PVPConstants.SSLSOCKETFACTORYNAME, 
+							authConfig.getCertstoreDirectory(), 
+							authConfig.getTrustedCACertificates(),
+							null,
+							AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
+							authConfig.isTrustmanagerrevoationchecking());
+					
+					httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+
+				} catch (MOAHttpProtocolSocketFactoryException e) {
+					Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
+					
+				}
+			}
+			
+			timer = new Timer();
+			httpProvider = new HTTPMetadataProvider(timer, httpClient, 
+					metadataURL);
+			httpProvider.setParserPool(AbstractSAMLEngine.getNewBasicSecuredParserPool());
+			httpProvider.setRequireValidMetadata(true);
+			httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
+			httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
+			//httpProvider.setRefreshDelayFactor(0.1F);
+			
+			//add Metadata filters
+			MetadataFilterChain filter = new MetadataFilterChain();
+			filter.addFilter(new MOAeIDASMetadataSignatureFilter(
+					authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE)));
+			httpProvider.setMetadataFilter(filter);
+			
+			httpProvider.initialize();
+									
+			return httpProvider;
+						
+		} catch (Throwable e) {			
+			if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
+				Logger.warn("SSL-Server certificate for metadata " 
+						+ metadataURL + " not trusted.", e);
+				
+			} if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {				
+				Logger.warn("Signature verification for metadata" 
+						+ metadataURL + " FAILED.", e);
+			
+			} if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
+				Logger.warn("Schema validation for metadata " 
+						+ metadataURL + " FAILED.", e);								
+			}
+			
+			Logger.error(
+					"Failed to add Metadata file for "
+							+ metadataURL + "[ "
+							+ e.getMessage() + " ]", e);
+						
+			if (httpProvider != null) {
+				Logger.debug("Destroy failed Metadata provider");
+				httpProvider.destroy();
+			}
+			
+			if (timer != null) {
+				Logger.debug("Destroy Timer.");
+				timer.cancel();
+			}
+
+			
+		}
+		
+		return null;	
+	}
+
+	private Map<String, HTTPMetadataProvider> getAllActuallyLoadedProviders() {
+		Map<String, HTTPMetadataProvider> loadedproviders = new HashMap<String, HTTPMetadataProvider>();
+		ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+		
+		//make a Map of all actually loaded HTTPMetadataProvider
+		List<MetadataProvider> providers = chainProvider.getProviders();
+		for (MetadataProvider provider : providers) {
+			if (provider instanceof HTTPMetadataProvider) {
+				HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
+				loadedproviders.put(httpprovider.getMetadataURI(), httpprovider);
+
+			}
+		}
+		
+		return loadedproviders;		
+	}
+	
+	public boolean refreshMetadataProvider(String metadataURL) {
+		try {
+			if (MiscUtil.isNotEmpty(metadataURL)) {
+				Map<String, HTTPMetadataProvider> actuallyLoadedProviders = getAllActuallyLoadedProviders();
+
+				// check if MetadataProvider is actually loaded
+				if (actuallyLoadedProviders.containsKey(metadataURL)) {
+					actuallyLoadedProviders.get(metadataURL).refresh();						
+					Logger.info("eIDAS metadata for " 
+							+ metadataURL + " is refreshed.");
+					return true;
+					
+				} else {
+					//load new Metadata Provider				
+					ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;						
+					HTTPMetadataProvider newMetadataProvider = createNewHTTPMetaDataProvider(metadataURL);					
+					chainProvider.addMetadataProvider(newMetadataProvider);
+					
+					emitChangeEvent();
+					Logger.info("eIDAS metadata for " 
+							+ metadataURL + " is added.");
+					return true;
+										
+				}
+														
+			} else
+				Logger.debug("Can not refresh eIDAS metadata: NO eIDAS metadata URL.");
+																								
+		} catch (MetadataProviderException e) {
+			Logger.warn("Refresh eIDAS metadata for " 
+					+ metadataURL + " FAILED.", e);
+			
+		}
+		
+		return false;
+		
+	}
+	
+
+	public boolean requireValidMetadata() {
+		return internalProvider.requireValidMetadata();
+	}
+
+	public void setRequireValidMetadata(boolean requireValidMetadata) {
+		internalProvider.setRequireValidMetadata(requireValidMetadata);
+	}
+
+	public MetadataFilter getMetadataFilter() {
+		return internalProvider.getMetadataFilter();
+	}
+
+	public void setMetadataFilter(MetadataFilter newFilter)
+			throws MetadataProviderException {
+		internalProvider.setMetadataFilter(newFilter);
+	}
+
+	public XMLObject getMetadata() throws MetadataProviderException {
+		return internalProvider.getMetadata();
+	}
+
+	public EntitiesDescriptor getEntitiesDescriptor(String entitiesID)
+			throws MetadataProviderException {
+		Logger.warn("eIDAS metadata not support 'EntitiesDescriptor' elements!");		
+		return null;
+		
+	}
+
+	public EntityDescriptor getEntityDescriptor(String entityID)
+			throws MetadataProviderException {
+		EntityDescriptor entityDesc = null;
+		try {
+			entityDesc = internalProvider.getEntityDescriptor(entityID);
+			if (entityDesc == null) {
+				Logger.debug("Can not find eIDAS metadata for entityID: " + entityID 
+						+ " Start refreshing process ...");
+				if (refreshMetadataProvider(entityID))
+					return internalProvider.getEntityDescriptor(entityID);
+									
+			} else {
+				if (!entityDesc.isValid())
+					if (refreshMetadataProvider(entityID))
+						return internalProvider.getEntityDescriptor(entityID);
+									
+			}
+			
+			
+		} catch (MetadataProviderException e) {
+			Logger.debug("Can not find eIDAS metadata for entityID: " + entityID 
+					+ " Start refreshing process ...");
+			if (refreshMetadataProvider(entityID))
+				return internalProvider.getEntityDescriptor(entityID);
+			
+		}
+		
+		return entityDesc;
+	}
+
+	public List<RoleDescriptor> getRole(String entityID, QName roleName)
+			throws MetadataProviderException {
+		return internalProvider.getRole(entityID, roleName);
+	}
+
+	public RoleDescriptor getRole(String entityID, QName roleName,
+			String supportedProtocol) throws MetadataProviderException {
+		return internalProvider.getRole(entityID, roleName, supportedProtocol);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers()
+	 */
+	@Override
+	public List<Observer> getObservers() {
+		return ((ChainingMetadataProvider) internalProvider).getObservers();
+	}
+
+	protected void emitChangeEvent() {
+		if ((getObservers() == null) || (getObservers().size() == 0)) {
+			return;
+		}
+
+		List<Observer> tempObserverList = new ArrayList<Observer>(getObservers());
+		for (ObservableMetadataProvider.Observer observer : tempObserverList)
+			if (observer != null)
+				observer.onEvent(this);
+	}
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
new file mode 100644
index 000000000..e3ae5c046
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
@@ -0,0 +1,120 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
+
+import java.security.KeyStore;
+
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.metadata.MetadataProcessorI;
+import eu.eidas.engine.exceptions.SAMLEngineException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAeIDASMetadataProviderDecorator implements MetadataProcessorI {
+
+	private MetadataProvider metadataprovider = null;
+	
+	/**
+	 * 
+	 */
+	public MOAeIDASMetadataProviderDecorator(MetadataProvider metadataprovider) {
+		this.metadataprovider = metadataprovider;
+		
+	}
+	
+	/* (non-Javadoc)
+	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getEntityDescriptor(java.lang.String)
+	 */
+	@Override
+	public EntityDescriptor getEntityDescriptor(String url)
+			throws SAMLEngineException {		
+		try {
+			return this.metadataprovider.getEntityDescriptor(url);
+			
+		} catch (MetadataProviderException e) {
+			throw new SAMLEngineException("eIDAS Metadata processing FAILED.", e);
+			
+		}
+	}
+
+	/* (non-Javadoc)
+	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getSPSSODescriptor(java.lang.String)
+	 */
+	@Override
+	public SPSSODescriptor getSPSSODescriptor(String url)
+			throws SAMLEngineException {
+		return getFirstRoleDescriptor(getEntityDescriptor(url), SPSSODescriptor.class);
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getIDPSSODescriptor(java.lang.String)
+	 */
+	@Override
+	public IDPSSODescriptor getIDPSSODescriptor(String url)
+			throws SAMLEngineException {
+		return getFirstRoleDescriptor(getEntityDescriptor(url), IDPSSODescriptor.class);
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#checkValidMetadataSignature(java.lang.String, eu.eidas.auth.engine.EIDASSAMLEngine)
+	 */
+	@Override
+	public void checkValidMetadataSignature(String url, EIDASSAMLEngine engine)
+			throws SAMLEngineException {
+		//Do nothing, because metadata signature is already validated during 
+		//metadata provider initialization 
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#checkValidMetadataSignature(java.lang.String, java.security.KeyStore)
+	 */
+	@Override
+	public void checkValidMetadataSignature(String url, KeyStore trustStore)
+			throws SAMLEngineException {
+		//Do nothing, because metadata signature is already validated during 
+		//metadata provider initialization 
+		
+	}
+
+    protected <T extends RoleDescriptor> T getFirstRoleDescriptor(EntityDescriptor entityDescriptor, final Class<T> clazz){
+        for(RoleDescriptor rd:entityDescriptor.getRoleDescriptors()){
+            if(clazz.isInstance(rd)){
+                return (T)rd;
+            }
+        }
+        return null;
+    }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java
deleted file mode 100644
index a8099f42e..000000000
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASSimpleMetadataProvider.java
+++ /dev/null
@@ -1,196 +0,0 @@
-package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
-
-import java.security.KeyStore;
-import java.util.Timer;
-
-import javax.net.ssl.SSLHandshakeException;
-
-import org.apache.commons.httpclient.MOAHttpClient;
-import org.apache.commons.httpclient.params.HttpClientParams;
-import org.apache.commons.lang.StringUtils;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.RoleDescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import org.opensaml.xml.parse.BasicParserPool;
-
-import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
-import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
-import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
-import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
-import at.gv.egovernment.moa.logging.Logger;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
-import eu.eidas.auth.engine.metadata.MetadataProcessorI;
-import eu.eidas.engine.exceptions.SAMLEngineException;
-
-public class MOAeIDASSimpleMetadataProvider implements MetadataProcessorI {
-
-	/* (non-Javadoc)
-	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getEntityDescriptor(java.lang.String)
-	 */
-	@Override
-	public EntityDescriptor getEntityDescriptor(String url)
-			throws SAMLEngineException {
-		EntityDescriptor entityDescriptor=null;
-        try {
-        	if (StringUtils.isNotEmpty(url)) {        	
-        		HTTPMetadataProvider provider = createNewHTTPMetaDataProvider(url);            
-                entityDescriptor = provider.getEntityDescriptor(url);
-                
-            } else {
-                throw new MetadataProviderException("the metadata url parameter is null or empty");
-                
-            }
-        } catch (MetadataProviderException mpe) {
-            Logger.error("error getting a metadataprovider {}", mpe);
-            
-        }
-        return entityDescriptor;
-        
-	}
-
-	/* (non-Javadoc)
-	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getSPSSODescriptor(java.lang.String)
-	 */
-	@Override
-	public SPSSODescriptor getSPSSODescriptor(String url)
-			throws SAMLEngineException {
-		return getFirstRoleDescriptor(getEntityDescriptor(url), SPSSODescriptor.class);
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getIDPSSODescriptor(java.lang.String)
-	 */
-	@Override
-	public IDPSSODescriptor getIDPSSODescriptor(String url)
-			throws SAMLEngineException {
-		return getFirstRoleDescriptor(getEntityDescriptor(url), IDPSSODescriptor.class);
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#checkValidMetadataSignature(java.lang.String, eu.eidas.auth.engine.EIDASSAMLEngine)
-	 */
-	@Override
-	public void checkValidMetadataSignature(String url, EIDASSAMLEngine engine)
-			throws SAMLEngineException {
-		//Do nothing, because metadata signature is already validated during 
-		//metadata provider initialization 
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see eu.eidas.auth.engine.metadata.MetadataProcessorI#checkValidMetadataSignature(java.lang.String, java.security.KeyStore)
-	 */
-	@Override
-	public void checkValidMetadataSignature(String url, KeyStore trustStore)
-			throws SAMLEngineException {
-		//Do nothing, because metadata signature is already validated during 
-		//metadata provider initialization 
-		
-	}
-
-    protected <T extends RoleDescriptor> T getFirstRoleDescriptor(EntityDescriptor entityDescriptor, final Class<T> clazz){
-        for(RoleDescriptor rd:entityDescriptor.getRoleDescriptors()){
-            if(clazz.isInstance(rd)){
-                return (T)rd;
-            }
-        }
-        return null;
-    }
-    
-	private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL) {
-		HTTPMetadataProvider httpProvider = null;
-		Timer timer= null;
-		MOAHttpClient httpClient = null;
-		try {
-			AuthConfiguration authConfig = AuthConfigurationProviderFactory.getInstance();
-			
-			httpClient = new MOAHttpClient();
-			
-			HttpClientParams httpClientParams = new HttpClientParams();
-			httpClientParams.setSoTimeout(Constants.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
-			httpClient.setParams(httpClientParams);
-			
-			if (metadataURL.startsWith("https:")) {
-				try {
-					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
-							PVPConstants.SSLSOCKETFACTORYNAME, 
-							authConfig.getCertstoreDirectory(), 
-							authConfig.getTrustedCACertificates(),
-							null,
-							AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
-							authConfig.isTrustmanagerrevoationchecking());
-					
-					httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
-
-				} catch (MOAHttpProtocolSocketFactoryException e) {
-					Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
-					
-				}
-			}
-			
-			timer = new Timer();
-			httpProvider = new HTTPMetadataProvider(timer, httpClient, 
-					metadataURL);
-			httpProvider.setParserPool(new BasicParserPool());
-			httpProvider.setRequireValidMetadata(true);
-			httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
-			httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
-			//httpProvider.setRefreshDelayFactor(0.1F);
-			
-			//add Metadata filters
-			MetadataFilterChain filter = new MetadataFilterChain();
-			filter.addFilter(new MOAeIDASMetadataSignatureFilter(
-					authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE)));
-			httpProvider.setMetadataFilter(filter);
-			
-			httpProvider.initialize();
-			
-						
-			return httpProvider;
-						
-		} catch (Throwable e) {			
-			if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
-				Logger.warn("SSL-Server certificate for metadata " 
-						+ metadataURL + " not trusted.", e);
-				
-			} if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {				
-				Logger.warn("Signature verification for metadata" 
-						+ metadataURL + " FAILED.", e);
-			
-			} if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
-				Logger.warn("Schema validation for metadata " 
-						+ metadataURL + " FAILED.", e);								
-			}
-			
-			Logger.error(
-					"Failed to add Metadata file for "
-							+ metadataURL + "[ "
-							+ e.getMessage() + " ]", e);
-						
-			if (httpProvider != null) {
-				Logger.debug("Destroy failed Metadata provider");
-				httpProvider.destroy();
-			}
-			
-			if (timer != null) {
-				Logger.debug("Destroy Timer.");
-				timer.cancel();
-			}
-
-			
-		}
-		
-		return null;	
-	}
-	
-}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 2c2435ff6..548d05da6 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -24,7 +24,8 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
 
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
-import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASSimpleMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
@@ -48,8 +49,9 @@ public class SAMLEngineUtils {
 						configManager);
 
 			//set Metadata managment to eIDAS SAMLengine
-			//TODO: implement final Metadata processor (this is only a first solution!!!)
-			engine.setMetadataProcessor(new MOAeIDASSimpleMetadataProvider());
+			engine.setMetadataProcessor(
+					new MOAeIDASMetadataProviderDecorator(
+							MOAeIDASChainingMetadataProvider.getInstance()));
 			
 			return engine;
 			
-- 
cgit v1.2.3


From b8b01a93311156704c9c003e3128c544a5e2ba48 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Thu, 14 Jan 2016 17:26:07 +0100
Subject: moa learned how to trigger an authentication after receiving an eidas
 request

---
 .../id/protocols/eidas/AuthenticationRequest.java  |  3 +-
 .../moa/id/protocols/eidas/EIDASProtocol.java      | 48 +++++++++++-----------
 2 files changed, 26 insertions(+), 25 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
index 6a13cba60..3144d08e8 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
@@ -48,8 +48,7 @@ public class AuthenticationRequest implements IAction {
 
 	@Override
 	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
-		// TODO Auto-generated method stub
-		return false;
+		return true;
 	}
 
 	@Override
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 01052c698..3e2122315 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -23,29 +23,19 @@
 package at.gv.egovernment.moa.id.protocols.eidas;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IModulInfo;
 import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.EIDASAuthnRequest;
-import eu.eidas.auth.commons.EIDASAuthnResponse;
 import eu.eidas.auth.commons.EIDASUtil;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
-import eu.stork.peps.auth.commons.*;
-import eu.stork.peps.auth.engine.STORKSAMLEngine;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -92,31 +82,43 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
          */
     public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action,
 			String sessionId, String transactionId) throws MOAIDException {
-    	
+
         Logger.info("received an eIDaS request");
-			
+
 		//get SAML Response and decode it
 		String base64SamlToken = request.getParameter("SAMLRequest");
 		if (MiscUtil.isEmpty(base64SamlToken)) {
 			Logger.warn("No eIDAS SAMLRequest found in http request.");
 			throw new MOAIDException("HTTP request includes no eIDAS SAML-Request element.", null);
-			
 		}						
 		byte[] decSamlToken = EIDASUtil.decodeSAMLToken(base64SamlToken);	
-        
+
 		try {
-		//get eIDAS SAML-engine
-		EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
-		
-		//validate SAML token
-		EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken);
+			//get eIDAS SAML-engine
+			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+
+			//validate SAML token
+			EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken);
+
+			// memorize important stuff
+			EIDASRequest result = new EIDASRequest();
+			// - memorize requested attributes
+			// TODO memorize requested attributes
+
+			// - memorize OA url
+			result.setOAURL("https://demo.a-sit.at/EidasNode"); // TODO use metadata url?
+
+			// - memorize OA config
+			OAAuthParameter oaConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(result.getOAURL());
+			if (oaConfig == null)
+				throw new AuthenticationException("stork.12", new Object[]{result.getOAURL()});
+			result.setOnlineApplicationConfiguration(oaConfig);
 
-		
+			return result;
 		} catch(Exception e) {
-			
+			Logger.error("error in preprocessing step", e);
+			throw new MOAIDException("error in preprocessing step", null);
 		}
-		
-		return null;
     }
 
     public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) {
-- 
cgit v1.2.3


From bf0f1eaee2e5b79427ec979d9c68b6c321de20a2 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Thu, 14 Jan 2016 21:07:15 +0100
Subject: change eIDAS SAML-engine to singelton

---
 .../auth/modules/eidas/utils/SAMLEngineUtils.java  | 47 ++++++++++++----------
 1 file changed, 26 insertions(+), 21 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 548d05da6..8e46f0ef1 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -38,29 +38,34 @@ import eu.eidas.samlengineconfig.CertificateConfigurationManager;
  */
 public class SAMLEngineUtils {
 
-	public static EIDASSAMLEngine createSAMLEngine() throws EIDASEngineException{
+	private static EIDASSAMLEngine eIDASEngine = null;
+	
+	public static synchronized EIDASSAMLEngine createSAMLEngine() throws EIDASEngineException{
 		
-		try {
-			//get eIDAS SAMLengine configuration from MOA-ID configuration
-			CertificateConfigurationManager configManager = new MOAIDCertificateManagerConfigurationImpl();
-			
-			//initial eIDAS SAMLengine
-			EIDASSAMLEngine engine = EIDASSAMLEngine.createSAMLEngine(Constants.eIDAS_SAML_ENGINE_NAME,
-						configManager);
-
-			//set Metadata managment to eIDAS SAMLengine
-			engine.setMetadataProcessor(
-					new MOAeIDASMetadataProviderDecorator(
-							MOAeIDASChainingMetadataProvider.getInstance()));
-			
-			return engine;
-			
-		} catch (EIDASSAMLEngineException e) {
-			Logger.error("eIDAS SAMLengine initialization FAILED!", e);
-			throw new EIDASEngineException("eIDAS SAMLengine initialization FAILED!", e);
-			
+		if (eIDASEngine == null) {
+			try {
+				//get eIDAS SAMLengine configuration from MOA-ID configuration
+				CertificateConfigurationManager configManager = new MOAIDCertificateManagerConfigurationImpl();
+				
+				//initial eIDAS SAMLengine
+				EIDASSAMLEngine engine = EIDASSAMLEngine.createSAMLEngine(Constants.eIDAS_SAML_ENGINE_NAME,
+							configManager);
+	
+				//set Metadata managment to eIDAS SAMLengine
+				engine.setMetadataProcessor(
+						new MOAeIDASMetadataProviderDecorator(
+								MOAeIDASChainingMetadataProvider.getInstance()));
+				
+				eIDASEngine = engine;
+				
+			} catch (EIDASSAMLEngineException e) {
+				Logger.error("eIDAS SAMLengine initialization FAILED!", e);
+				throw new EIDASEngineException("eIDAS SAMLengine initialization FAILED!", e);
+				
+			}
 		}
-								
+		
+		return eIDASEngine;
 	}
 	
 }
-- 
cgit v1.2.3


From 58e0da935069fb68e456830414ccead10a36f4b0 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Thu, 14 Jan 2016 21:08:03 +0100
Subject: remove IAIK security-provider fix in eIDAS metadata generation

---
 .../moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java     | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
index cd30f2bec..130eb1026 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
@@ -80,13 +80,13 @@ public class EidasMetaDataServlet extends HttpServlet {
         String metadata="invalid metadata";
         
 		// FIXME workaround!?
-		Security.removeProvider("IAIK");
-		Security.removeProvider("IAIK_ECC");
+//		Security.removeProvider("IAIK");
+//		Security.removeProvider("IAIK_ECC");
 
 		EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
 
-		IAIK.addAsProvider();
-		ECCProvider.addAsProvider(true);
+//		IAIK.addAsProvider();
+//		ECCProvider.addAsProvider(true);
         
         MetadataGenerator generator = new MetadataGenerator();
         MetadataConfigParams mcp=new MetadataConfigParams();
-- 
cgit v1.2.3


From 2d8bef6716671c96575f4ab3e0ca97f094705c15 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 15 Jan 2016 08:24:18 +0100
Subject: fix problem with certificate validation

---
 .../java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java     | 2 +-
 .../id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 1c20a81bf..1d4556459 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -28,8 +28,8 @@ package at.gv.egovernment.moa.id.auth.modules.eidas;
  */
 public class Constants {
 
-	//public static final String eIDAS_SAML_ENGINE_NAME = "MOA_eIDASEninge";
 	public static final String eIDAS_SAML_ENGINE_NAME = "default";
+	public static final String SSLSOCKETFACTORYNAME = "eIDASMetadataSSLSocketFactory";
 		
 	//default keys for eIDAS SAML-engine configuration
 	public static final String eIDAS_SAML_ENGINE_NAME_ID_BASICCONFIG = "SamlEngineConf";
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index 4d6cd62fa..f1b14015b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -76,7 +76,7 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 			if (metadataURL.startsWith("https:")) {
 				try {
 					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
-							PVPConstants.SSLSOCKETFACTORYNAME, 
+							Constants.SSLSOCKETFACTORYNAME, 
 							authConfig.getCertstoreDirectory(), 
 							authConfig.getTrustedCACertificates(),
 							null,
-- 
cgit v1.2.3


From a91f760c83b1aebc782b28ddbf387f051d4e38e2 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Fri, 15 Jan 2016 11:31:42 +0100
Subject: added EIDAS Request class

---
 .../moa/id/protocols/eidas/EIDASRequest.java       | 23 ++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASRequest.java

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASRequest.java
new file mode 100644
index 000000000..6f9a04e28
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASRequest.java
@@ -0,0 +1,23 @@
+package at.gv.egovernment.moa.id.protocols.eidas;
+
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+
+public class EIDASRequest extends RequestImpl {
+
+	/** The Constant serialVersionUID. */
+	private static final long serialVersionUID = 8765755670214923910L;
+	
+	/** The attributes requested by the eIDaS. */
+	private MOAPersonalAttributeList attributes;
+
+	@Override
+	public List<Attribute> getRequestedAttributes() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+}
-- 
cgit v1.2.3


From 135583cbc0b9041648ab24456d6cf7081705b814 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 15 Jan 2016 13:48:58 +0100
Subject: add garbage collector to remove unsed SAML2 metadata provider
 (influence PVP and eIDAS metadata)

---
 .../moa/id/auth/modules/eidas/Constants.java       |  3 +-
 .../engine/MOAeIDASChainingMetadataProvider.java   | 94 ++++++++++++++++++++--
 2 files changed, 89 insertions(+), 8 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 1d4556459..5166f090d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -57,7 +57,8 @@ public class Constants {
 	//timeouts and clock skews
 	public static final long CONFIG_PROPS_SKEWTIME = 2 * 60 * 1000;  			//2 minutes skew time for response validation
 	public static final int CONFIG_PROPS_METADATA_SOCKED_TIMEOUT = 20 * 1000;  	//20 seconds metadata socked timeout
-	
+	public static final long CONFIG_PROPS_METADATA_GARBAGE_TIMEOUT = 7 * 24 * 60 * 60 * 1000;	//remove unused eIDAS metadata after 7 days
+		
 	//eIDAS attribute names
 	public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier";
 	public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth";
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index f1b14015b..965abcde1 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -1,9 +1,12 @@
 package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
 
 import java.util.ArrayList;
+import java.util.Date;
 import java.util.HashMap;
+import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Map.Entry;
 import java.util.Timer;
 
 import javax.net.ssl.SSLHandshakeException;
@@ -27,7 +30,8 @@ import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException
 import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
 import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing;
+import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
 import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
@@ -35,12 +39,13 @@ import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.engine.AbstractSAMLEngine;
 
-public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvider {
+public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvider, IGarbageCollectorProcessing {
 
 	private static MOAeIDASChainingMetadataProvider instance = null;
 	private static Object mutex = new Object();
 	
 	private MetadataProvider internalProvider;
+	private Map<String, Date> lastAccess = null;
 	
 	
 	public static MOAeIDASChainingMetadataProvider getInstance() {
@@ -48,6 +53,7 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 			synchronized (mutex) {
 				if (instance == null) {
 					instance = new MOAeIDASChainingMetadataProvider();
+					MOAGarbageCollector.addModulForGarbageCollection(instance);
 				}
 			}
 		}
@@ -57,9 +63,79 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 	
 	private MOAeIDASChainingMetadataProvider() {
 		internalProvider = new ChainingMetadataProvider();
+		lastAccess = new HashMap<String, Date>();
 		
 	}
-	    
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector()
+	 */
+	@Override
+	public void runGarbageCollector() {
+		if (!lastAccess.isEmpty()) {
+			Date now = new Date();
+			Date expioredate = new Date(now.getTime() - 
+					Constants.CONFIG_PROPS_METADATA_GARBAGE_TIMEOUT);
+			Logger.debug("Starting eIDAS Metadata garbag collection (Expioredate:" 
+					+ expioredate + ")");
+			
+			List<String> expiredEntities = new ArrayList<String>();
+			
+			Iterator<Entry<String, Date>> lastAccessInterator = lastAccess.entrySet().iterator();
+			while(lastAccessInterator.hasNext()) {
+				Entry<String, Date> element = lastAccessInterator.next();
+				if (element.getValue().before(expioredate)) {
+					Logger.debug("Remove unused eIDAS Metadate: " + element.getKey());
+					expiredEntities.add(element.getKey());
+					
+				}								
+			}
+		
+			if (!expiredEntities.isEmpty()) {			
+				ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+			
+				//get all actually loaded metadata providers
+				Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
+			
+				for (String expired : expiredEntities) {
+					if (loadedproviders.containsKey(expired)) {
+						HTTPMetadataProvider provider = loadedproviders.get(expired);
+					
+						//destroy metadata provider
+						provider.destroy();
+					
+						//remove from map
+						loadedproviders.remove(expired);
+					
+						/*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
+						 *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
+						//chainProvider.removeMetadataProvider(provider);					
+						Logger.info("Remove not used eIDAS MetadataProvider " + expired 
+								+ " after timeout.");
+										
+					} else
+						Logger.warn("eIDAS metadata for EntityID: " + expired 
+								+ " is marked as unsed, but no loaded metadata provider is found.");
+				
+				}
+			
+				try {
+					synchronized (chainProvider) {
+						chainProvider.setProviders(new ArrayList<MetadataProvider>(loadedproviders.values()));
+					
+						emitChangeEvent();	
+					}
+					
+				} catch (MetadataProviderException e) {
+					Logger.warn("ReInitalize eIDASA MetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy", e);
+				
+				}
+			}
+		}					
+	}
+	
+	
+	
 	private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL) {
 		HTTPMetadataProvider httpProvider = null;
 		Timer timer= null;
@@ -177,7 +253,7 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 				} else {
 					//load new Metadata Provider				
 					ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;						
-					HTTPMetadataProvider newMetadataProvider = createNewHTTPMetaDataProvider(metadataURL);					
+					HTTPMetadataProvider newMetadataProvider = createNewHTTPMetaDataProvider(metadataURL);										
 					chainProvider.addMetadataProvider(newMetadataProvider);
 					
 					emitChangeEvent();
@@ -238,12 +314,12 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 				Logger.debug("Can not find eIDAS metadata for entityID: " + entityID 
 						+ " Start refreshing process ...");
 				if (refreshMetadataProvider(entityID))
-					return internalProvider.getEntityDescriptor(entityID);
+					entityDesc =  internalProvider.getEntityDescriptor(entityID);
 									
 			} else {
 				if (!entityDesc.isValid())
 					if (refreshMetadataProvider(entityID))
-						return internalProvider.getEntityDescriptor(entityID);
+						entityDesc = internalProvider.getEntityDescriptor(entityID);
 									
 			}
 			
@@ -252,10 +328,13 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 			Logger.debug("Can not find eIDAS metadata for entityID: " + entityID 
 					+ " Start refreshing process ...");
 			if (refreshMetadataProvider(entityID))
-				return internalProvider.getEntityDescriptor(entityID);
+				entityDesc = internalProvider.getEntityDescriptor(entityID);
 			
 		}
 		
+		if (entityDesc != null)
+			lastAccess.put(entityID, new Date());
+		
 		return entityDesc;
 	}
 
@@ -287,4 +366,5 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 			if (observer != null)
 				observer.onEvent(this);
 	}
+
 }
-- 
cgit v1.2.3


From eecc9331869975937ec8c191a769b5939f8c01c1 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Fri, 15 Jan 2016 15:22:47 +0100
Subject: removed workaround for class loader issue

---
 .../modules/eidas/utils/EidasMetaDataServlet.java  |  7 -------
 .../moa/id/protocols/eidas/EIDASData.java          | 23 ++++++++++++++++++++++
 .../moa/id/protocols/eidas/EIDASRequest.java       | 23 ----------------------
 3 files changed, 23 insertions(+), 30 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
 delete mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASRequest.java

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
index d1bc02766..bedd0b6dc 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
@@ -78,15 +78,8 @@ public class EidasMetaDataServlet extends HttpServlet {
 
     public String generateMetadata(String metadata_url, String sp_return_url) throws SAMLEngineException, EIDASEngineException{
         String metadata="invalid metadata";
-        
-		// FIXME workaround!?
-//		Security.removeProvider("IAIK");
-//		Security.removeProvider("IAIK_ECC");
 
 		EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
-
-//		IAIK.addAsProvider();
-//		ECCProvider.addAsProvider(true);
         
         MetadataGenerator generator = new MetadataGenerator();
         MetadataConfigParams mcp=new MetadataConfigParams();
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
new file mode 100644
index 000000000..6f9a04e28
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
@@ -0,0 +1,23 @@
+package at.gv.egovernment.moa.id.protocols.eidas;
+
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+
+public class EIDASRequest extends RequestImpl {
+
+	/** The Constant serialVersionUID. */
+	private static final long serialVersionUID = 8765755670214923910L;
+	
+	/** The attributes requested by the eIDaS. */
+	private MOAPersonalAttributeList attributes;
+
+	@Override
+	public List<Attribute> getRequestedAttributes() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASRequest.java
deleted file mode 100644
index 6f9a04e28..000000000
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASRequest.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package at.gv.egovernment.moa.id.protocols.eidas;
-
-import java.util.List;
-
-import org.opensaml.saml2.core.Attribute;
-
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
-
-public class EIDASRequest extends RequestImpl {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 8765755670214923910L;
-	
-	/** The attributes requested by the eIDaS. */
-	private MOAPersonalAttributeList attributes;
-
-	@Override
-	public List<Attribute> getRequestedAttributes() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-}
-- 
cgit v1.2.3


From a8a923ddda874437efb87c9fdecfb65dd722fed0 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Fri, 15 Jan 2016 15:24:19 +0100
Subject: moa can do outbound eidas

---
 .../id/protocols/eidas/AuthenticationRequest.java  | 116 ++++++++++++++++++++-
 .../moa/id/protocols/eidas/EIDASData.java          |  63 ++++++++++-
 .../moa/id/protocols/eidas/EIDASProtocol.java      |  18 +++-
 3 files changed, 192 insertions(+), 5 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
index 3144d08e8..6adefdb86 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
@@ -22,14 +22,45 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.eidas;
 
+import java.io.StringWriter;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.Map.Entry;
+
+import iaik.pkcs.pkcs11.objects.Object;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.springframework.format.datetime.DateFormatter;
+
+import eu.eidas.auth.commons.EIDASAuthnResponse;
+import eu.eidas.auth.commons.EIDASStatusCode;
+import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.commons.PersonalAttribute;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.core.eidas.EidasAttributesTypes;
+import eu.eidas.auth.engine.core.eidas.EidasConstants;
+import eu.eidas.auth.engine.metadata.MetadataUtil;
+import eu.stork.peps.auth.commons.PEPSUtil;
+
 
 /**
  * Second request step - after authentication of the user is done and moasession obtained,
@@ -42,7 +73,90 @@ public class AuthenticationRequest implements IAction {
 
 	@Override
 	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
-		// TODO Auto-generated method stub
+		EIDASData eidasRequest;
+		if(req instanceof EIDASData)
+			eidasRequest = (EIDASData) req;
+		else
+			throw new MOAIDException("got wrong IRequest type. is: {}, should be: {}", new String[] {req.getClass().toString(), EIDASData.class.toString()});
+		
+		
+		// gather attributes
+		MOAPersonalAttributeList resultingAttributeList = (MOAPersonalAttributeList) eidasRequest.getEidasRequestedAttributes().clone();
+		
+		for(Entry<String, PersonalAttribute> current : resultingAttributeList.entrySet()) {
+			String newValue = "";
+			
+			switch(current.getKey()) {
+			case "DateOfBirth": newValue = new SimpleDateFormat("YYYY-MM-dd").format(authData.getDateOfBirth()); break;
+			case "CurrentFamilyName": newValue = authData.getFamilyName();break;
+			case "CurrentGivenName": newValue = authData.getGivenName();break;
+			case "PersonIdentifier": newValue = new BPKBuilder().buildStorkeIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(),
+                    eidasRequest.getTarget()); break;
+			}
+			
+			if("".equals(newValue))
+				current.getValue().setStatus(EIDASStatusCode.STATUS_NOT_AVAILABLE.toString());
+			else {
+				current.getValue().getValue().clear();
+				current.getValue().getValue().add(newValue);
+				current.getValue().setStatus(EIDASStatusCode.STATUS_AVAILABLE.toString());
+			}
+		}
+		
+		// construct eIDaS response
+		EIDASAuthnResponse response = new EIDASAuthnResponse();
+		response.setPersonalAttributeList(resultingAttributeList);
+		response.setIssuer("http://localhost:12344/moa-id-auth/eidas/metadata");
+		response.setAssuranceLevel(authData.getEIDASQAALevel());
+		
+		String token = null;
+		try {
+			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+			
+			// check if we have the destination available, supply it if not
+			if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) {
+				String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
+						new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()), 
+						engine, 
+						eidasRequest.getEidasRequest());
+				eidasRequest.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
+			}
+			
+			response = engine.generateEIDASAuthnResponse(eidasRequest.getEidasRequest(), response, eidasRequest.getRemoteAddress(), true);
+
+			
+			token = EIDASUtil.encodeSAMLToken(response.getTokenSaml());
+		} catch(Exception e) {
+			e.printStackTrace();
+		}
+		
+		// send the response
+        try {
+            VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+            Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+            VelocityContext context = new VelocityContext();
+            
+            context.put("SAMLResponse", token);
+            Logger.debug("SAMLResponse original: " + token);
+
+            Logger.debug("Putting assertion consumer url as action: " + eidasRequest.getEidasRequest().getAssertionConsumerServiceURL());
+            context.put("action", eidasRequest.getEidasRequest().getAssertionConsumerServiceURL());
+            Logger.trace("Starting template merge");
+            StringWriter writer = new StringWriter();
+
+            Logger.trace("Doing template merge");
+            template.merge(context, writer);
+            Logger.trace("Template merge done");
+
+            Logger.trace("Sending html content: " + writer.getBuffer().toString());
+            Logger.trace("Sending html content2  : " + new String(writer.getBuffer()));
+
+            httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
+
+        } catch (Exception e) {
+            Logger.error("Velocity error: " + e.getMessage());
+        }
+		
 		return null;
 	}
 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
index 6f9a04e28..0bedf0432 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
@@ -4,10 +4,11 @@ import java.util.List;
 
 import org.opensaml.saml2.core.Attribute;
 
+import eu.eidas.auth.commons.EIDASAuthnRequest;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.moduls.RequestImpl;
 
-public class EIDASRequest extends RequestImpl {
+public class EIDASData extends RequestImpl {
 
 	/** The Constant serialVersionUID. */
 	private static final long serialVersionUID = 8765755670214923910L;
@@ -15,9 +16,69 @@ public class EIDASRequest extends RequestImpl {
 	/** The attributes requested by the eIDaS. */
 	private MOAPersonalAttributeList attributes;
 
+	/** The incoming eIDaS SAML2 AuthnRequest. */
+	private EIDASAuthnRequest authnRequest;
+
+	/** The ip address of the requester. */
+	private String remoteIPAddress;
+
 	@Override
 	public List<Attribute> getRequestedAttributes() {
 		// TODO Auto-generated method stub
 		return null;
 	}
+	
+	/**
+	 * Gets the eidas requested attributes.
+	 *
+	 * @return the requested attributes
+	 */
+	public MOAPersonalAttributeList getEidasRequestedAttributes() {
+		return (MOAPersonalAttributeList) attributes.clone();
+	}
+
+	/**
+	 * Sets the eidas requested attributes.
+	 *
+	 * @param personalAttributeList the requested attributes
+	 */
+	public void setEidasRequestedAttributes(MOAPersonalAttributeList personalAttributeList) {
+		attributes = personalAttributeList;
+	}
+
+	/**
+	 * Gets the eidas request.
+	 *
+	 * @return the eidas request
+	 */
+	public EIDASAuthnRequest getEidasRequest() {
+		return authnRequest;
+	}
+	
+	/**
+	 * Sets the eidas request.
+	 *
+	 * @param request the new eidas request
+	 */
+	public void setEidasRequest(EIDASAuthnRequest request) {
+		authnRequest = request;  
+	}
+
+	/**
+	 * Gets the remote address.
+	 *
+	 * @return the remote address
+	 */
+	public String getRemoteAddress() {
+		return remoteIPAddress;
+	}
+	
+	/**
+	 * Sets the remote address.
+	 *
+	 * @param remoteIP the new remote address
+	 */
+	public void setRemoteAddress(String remoteIP) {
+		remoteIPAddress = remoteIP;
+	}
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 3e2122315..a94e136b4 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.eidas;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -101,12 +102,23 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
 			EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken);
 
 			// memorize important stuff
-			EIDASRequest result = new EIDASRequest();
+			EIDASData result = new EIDASData();
+
+			// - memorize remote ip
+			result.setRemoteAddress(request.getRemoteAddr());
+			
+			// - memorize country code of target country
+			result.setTarget(samlReq.getCountry());
+			
 			// - memorize requested attributes
-			// TODO memorize requested attributes
+			result.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList()));
 
+			// - memorize whole request
+			samlReq.setPersonalAttributeList(result.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list
+			result.setEidasRequest(samlReq);
+			
 			// - memorize OA url
-			result.setOAURL("https://demo.a-sit.at/EidasNode"); // TODO use metadata url?
+			result.setOAURL(samlReq.getIssuer());
 
 			// - memorize OA config
 			OAAuthParameter oaConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(result.getOAURL());
-- 
cgit v1.2.3


From 1672ef1dc32bf37c966660c33e422729addd5b41 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Fri, 15 Jan 2016 15:43:54 +0100
Subject: cleanup

---
 .../eidas/tasks/GenerateAuthnRequestTask.java      |  7 +++---
 .../modules/eidas/utils/EidasMetaDataServlet.java  |  6 +----
 .../id/protocols/eidas/AuthenticationRequest.java  | 29 +++++++++++-----------
 3 files changed, 19 insertions(+), 23 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 963fe70c1..18432fd1c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -51,6 +51,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -110,7 +111,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 				Logger.error("PEPS unknown for country", new Object[] {citizenCountryCode});
 				throw new AuthenticationException("Unknown PEPS for citizen country '{}'", new Object[] {citizenCountryCode});
 			}
-			Logger.debug("Found C-PEPS configuration for citizen of country: " + citizenCountryCode);
+			Logger.debug("Found eIDaS Node/C-PEPS configuration for citizen of country: " + citizenCountryCode);
 			String destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination
 			String metadataUrl = cpeps.getPepsURL().toString().split(";")[0].trim();
 
@@ -143,9 +144,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			authnRequest.setProviderName(moaconfig.getPublicURLPrefix());
 			authnRequest.setPersonalAttributeList(pAttList);
 			
-			authnRequest.setIssuer(moaconfig.getPublicURLPrefix() + "/eidas/metadata");
-			//TODO: only for development and reverse proxy 
-			authnRequest.setIssuer("http://localhost:12343/moa-id-auth/eidas/metadata");
+			authnRequest.setIssuer(moaconfig.getPublicURLPrefix() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
 			
 			authnRequest.setDestination(destination); 
 			authnRequest.setEidasNameidFormat(EIDASAuthnRequest.NAMEID_FORMAT_UNSPECIFIED);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
index bedd0b6dc..470e3b0fc 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
@@ -57,12 +57,8 @@ public class EidasMetaDataServlet extends HttpServlet {
             AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
             String pubURLPrefix = config.getPublicURLPrefix();
             
-            
             String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
             
-            //TODO: only for development and reverse proxy 
-            metadata_url = "http://localhost:12343/moa-id-auth/eidas/metadata";
-            
             String sp_return_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_SP_POST;            
             String metaData = generateMetadata(metadata_url, sp_return_url);
 
@@ -92,7 +88,7 @@ public class EidasMetaDataServlet extends HttpServlet {
         mcp.setAssertionConsumerUrl(returnUrl);
 
         generator.addIDPRole();
-        mcp.setAssuranceLevel("http://eidas.europa.eu/LoA/substantial");
+        mcp.setAssuranceLevel("http://eidas.europa.eu/LoA/substantial"); // TODO make configurable
 
         metadata = generator.generateMetadata();
         return metadata;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
index 6adefdb86..1012be1b7 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
@@ -24,22 +24,21 @@ package at.gv.egovernment.moa.id.protocols.eidas;
 
 import java.io.StringWriter;
 import java.text.SimpleDateFormat;
-import java.util.ArrayList;
-import java.util.Iterator;
 import java.util.Map.Entry;
 
-import iaik.pkcs.pkcs11.objects.Object;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -49,17 +48,12 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.velocity.Template;
 import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
-import org.springframework.format.datetime.DateFormatter;
-
 import eu.eidas.auth.commons.EIDASAuthnResponse;
 import eu.eidas.auth.commons.EIDASStatusCode;
 import eu.eidas.auth.commons.EIDASUtil;
 import eu.eidas.auth.commons.PersonalAttribute;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
-import eu.eidas.auth.engine.core.eidas.EidasAttributesTypes;
-import eu.eidas.auth.engine.core.eidas.EidasConstants;
 import eu.eidas.auth.engine.metadata.MetadataUtil;
-import eu.stork.peps.auth.commons.PEPSUtil;
 
 
 /**
@@ -86,11 +80,12 @@ public class AuthenticationRequest implements IAction {
 		for(Entry<String, PersonalAttribute> current : resultingAttributeList.entrySet()) {
 			String newValue = "";
 			
+			// TODO make use of proper builder
 			switch(current.getKey()) {
-			case "DateOfBirth": newValue = new SimpleDateFormat("YYYY-MM-dd").format(authData.getDateOfBirth()); break;
-			case "CurrentFamilyName": newValue = authData.getFamilyName();break;
-			case "CurrentGivenName": newValue = authData.getGivenName();break;
-			case "PersonIdentifier": newValue = new BPKBuilder().buildStorkeIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(),
+			case Constants.eIDAS_ATTR_DATEOFBIRTH: newValue = new SimpleDateFormat("YYYY-MM-dd").format(authData.getDateOfBirth()); break;
+			case Constants.eIDAS_ATTR_CURRENTFAMILYNAME: newValue = authData.getFamilyName();break;
+			case Constants.eIDAS_ATTR_CURRENTGIVENNAME: newValue = authData.getGivenName();break;
+			case Constants.eIDAS_ATTR_PERSONALIDENTIFIER: newValue = new BPKBuilder().buildStorkeIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(),
                     eidasRequest.getTarget()); break;
 			}
 			
@@ -106,7 +101,13 @@ public class AuthenticationRequest implements IAction {
 		// construct eIDaS response
 		EIDASAuthnResponse response = new EIDASAuthnResponse();
 		response.setPersonalAttributeList(resultingAttributeList);
-		response.setIssuer("http://localhost:12344/moa-id-auth/eidas/metadata");
+		
+		// - create metadata url
+        AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
+        String pubURLPrefix = config.getPublicURLPrefix();
+        String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
+		response.setIssuer(metadata_url);
+
 		response.setAssuranceLevel(authData.getEIDASQAALevel());
 		
 		String token = null;
-- 
cgit v1.2.3


From 0c6ca9a8fb5de402f128a449b80635a79292fce0 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 22 Jan 2016 14:11:11 +0100
Subject: refactor eIDAS-node metadata generation

---
 .../eidas/tasks/GenerateAuthnRequestTask.java      |  22 ++--
 .../modules/eidas/utils/EidasMetaDataServlet.java  |  96 -----------------
 .../id/protocols/eidas/AuthenticationRequest.java  |  16 +--
 .../moa/id/protocols/eidas/EIDASData.java          |  14 ++-
 .../moa/id/protocols/eidas/EIDASProtocol.java      |  17 +--
 .../id/protocols/eidas/EidasMetaDataRequest.java   | 117 +++++++++++++++++++++
 6 files changed, 159 insertions(+), 123 deletions(-)
 delete mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 18432fd1c..06643ec53 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -35,16 +35,6 @@ import org.apache.velocity.Template;
 import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
 
-import eu.eidas.auth.commons.EIDASAuthnRequest;
-import eu.eidas.auth.commons.EIDASUtil;
-import eu.eidas.auth.commons.EidasLoaCompareType;
-import eu.eidas.auth.commons.EidasLoaLevels;
-import eu.eidas.auth.commons.IPersonalAttributeList;
-import eu.eidas.auth.commons.PersonalAttribute;
-import eu.eidas.auth.commons.PersonalAttributeList;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
-import eu.eidas.auth.engine.core.eidas.SPType;
-import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -66,6 +56,16 @@ import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
+import eu.eidas.auth.commons.EIDASAuthnRequest;
+import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.commons.EidasLoaCompareType;
+import eu.eidas.auth.commons.EidasLoaLevels;
+import eu.eidas.auth.commons.IPersonalAttributeList;
+import eu.eidas.auth.commons.PersonalAttribute;
+import eu.eidas.auth.commons.PersonalAttributeList;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.core.eidas.SPType;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
 
 /**
  * @author tlenz
@@ -141,7 +141,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 
 			//build eIDAS AuthnRequest
 			EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
-			authnRequest.setProviderName(moaconfig.getPublicURLPrefix());
+			authnRequest.setProviderName(pendingReq.getAuthURL());
 			authnRequest.setPersonalAttributeList(pAttList);
 			
 			authnRequest.setIssuer(moaconfig.getPublicURLPrefix() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
deleted file mode 100644
index 470e3b0fc..000000000
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
+++ /dev/null
@@ -1,96 +0,0 @@
-/*******************************************************************************
- *  Copyright 2015 e-SENS project
- *
- *  Licensed under the EUPL, Version 1.1 or - as soon they will be
- *  approved by the European Commission - subsequent versions of
- *  the EUPL (the "Licence");
- *  You may not use this work except in compliance with the Licence.
- *  You may obtain a copy of the Licence at: http://ec.europa.eu/idabc/eupl
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the Licence is distributed on an "AS IS" basis,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- *  implied.
- *  See the Licence for the specific language governing permissions and
- *  limitations under the Licence.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
-import iaik.security.ecc.provider.ECCProvider;
-import iaik.security.provider.IAIK;
-
-import java.io.IOException;
-import java.security.Security;
-
-import javax.servlet.ServletException;
-import javax.servlet.annotation.WebServlet;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.slf4j.Logger;
-
-import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
-import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
-import eu.eidas.auth.engine.metadata.MetadataConfigParams;
-import eu.eidas.auth.engine.metadata.MetadataGenerator;
-import eu.eidas.engine.exceptions.SAMLEngineException;
-
-
-/**
- * First version to provide some valid metadata to an asking eIDaS node
- */
-@WebServlet("/eidas/metadata")
-public class EidasMetaDataServlet extends HttpServlet {
-    private static final long serialVersionUID = -2129228304760706063L;
-    private Logger logger = org.slf4j.LoggerFactory.getLogger(EidasMetaDataServlet.class); 
-    /**
-     * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
-     *      response)
-     */
-    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-        try {
-            logger.debug("EidasMetaDataServlet GET");
-            
-            AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
-            String pubURLPrefix = config.getPublicURLPrefix();
-            
-            String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
-            
-            String sp_return_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_SP_POST;            
-            String metaData = generateMetadata(metadata_url, sp_return_url);
-
-            logger.trace(metaData);
-
-            response.setContentType("text/xml");
-            response.getWriter().print(metaData);
-            response.flushBuffer();
-        } catch (Exception e) {
-            e.printStackTrace();
-        } 
-    }
-
-    public String generateMetadata(String metadata_url, String sp_return_url) throws SAMLEngineException, EIDASEngineException{
-        String metadata="invalid metadata";
-
-		EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
-        
-        MetadataGenerator generator = new MetadataGenerator();
-        MetadataConfigParams mcp=new MetadataConfigParams();
-        generator.setConfigParams(mcp);
-        generator.initialize(engine);
-        mcp.setEntityID(metadata_url);
-
-        generator.addSPRole();
-        String returnUrl = sp_return_url;
-        mcp.setAssertionConsumerUrl(returnUrl);
-
-        generator.addIDPRole();
-        mcp.setAssuranceLevel("http://eidas.europa.eu/LoA/substantial"); // TODO make configurable
-
-        metadata = generator.generateMetadata();
-        return metadata;
-    }
-}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
index 1012be1b7..c8f6bba9c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
@@ -26,6 +26,13 @@ import java.io.StringWriter;
 import java.text.SimpleDateFormat;
 import java.util.Map.Entry;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
@@ -41,13 +48,6 @@ import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.Template;
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
 import eu.eidas.auth.commons.EIDASAuthnResponse;
 import eu.eidas.auth.commons.EIDASStatusCode;
 import eu.eidas.auth.commons.EIDASUtil;
@@ -104,7 +104,7 @@ public class AuthenticationRequest implements IAction {
 		
 		// - create metadata url
         AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
-        String pubURLPrefix = config.getPublicURLPrefix();
+        String pubURLPrefix = req.getAuthURL();
         String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
 		response.setIssuer(metadata_url);
 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
index 0bedf0432..374c3df30 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
@@ -2,14 +2,26 @@ package at.gv.egovernment.moa.id.protocols.eidas;
 
 import java.util.List;
 
+import javax.servlet.http.HttpServletRequest;
+
 import org.opensaml.saml2.core.Attribute;
 
-import eu.eidas.auth.commons.EIDASAuthnRequest;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import eu.eidas.auth.commons.EIDASAuthnRequest;
 
 public class EIDASData extends RequestImpl {
 
+	/**
+	 * @param req
+	 * @throws ConfigurationException
+	 */
+	public EIDASData(HttpServletRequest req) throws ConfigurationException {
+		super(req);
+
+	}
+
 	/** The Constant serialVersionUID. */
 	private static final long serialVersionUID = 8765755670214923910L;
 	
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index a94e136b4..b652503f8 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -22,6 +22,11 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.eidas;
 
+import java.util.HashMap;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -38,11 +43,6 @@ import eu.eidas.auth.commons.EIDASAuthnRequest;
 import eu.eidas.auth.commons.EIDASUtil;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import java.util.HashMap;
-
 /**
  * Stork 2 Protocol Support
  *
@@ -54,11 +54,14 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
     public static final String PATH = "eidas";
 
     public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest";
-
+    public static final String METADATAREQUEST = "MetadataRequest";
+    
     private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
 
     static {
         actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest());
+        actions.put(METADATAREQUEST, new EidasMetaDataRequest());
+        
     }
 
     public String getName() {
@@ -102,7 +105,7 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
 			EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken);
 
 			// memorize important stuff
-			EIDASData result = new EIDASData();
+			EIDASData result = new EIDASData(request);
 
 			// - memorize remote ip
 			result.setRemoteAddress(request.getRemoteAddr());
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
new file mode 100644
index 000000000..0be291a06
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -0,0 +1,117 @@
+/*******************************************************************************
+ *  Copyright 2015 e-SENS project
+ *
+ *  Licensed under the EUPL, Version 1.1 or - as soon they will be
+ *  approved by the European Commission - subsequent versions of
+ *  the EUPL (the "Licence");
+ *  You may not use this work except in compliance with the Licence.
+ *  You may obtain a copy of the Licence at: http://ec.europa.eu/idabc/eupl
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the Licence is distributed on an "AS IS" basis,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ *  implied.
+ *  See the Licence for the specific language governing permissions and
+ *  limitations under the Licence.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.eidas;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.slf4j.Logger;
+
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.metadata.MetadataConfigParams;
+import eu.eidas.auth.engine.metadata.MetadataGenerator;
+import eu.eidas.engine.exceptions.SAMLEngineException;
+
+
+/**
+ * First version to provide some valid metadata to an asking eIDaS node
+ */
+//@WebServlet("/eidas/metadata")
+public class EidasMetaDataRequest implements IAction {
+    private static final long serialVersionUID = -2129228304760706063L;
+    private Logger logger = org.slf4j.LoggerFactory.getLogger(EidasMetaDataRequest.class); 
+    
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)
+	 */
+	@Override
+	public SLOInformationInterface processRequest(IRequest req,
+			HttpServletRequest httpReq, HttpServletResponse httpResp,
+			IAuthData authData) throws MOAIDException {
+       
+		try {
+            logger.debug("EidasMetaDataServlet GET");
+            
+            String pubURLPrefix = req.getAuthURL();
+            
+            String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
+            
+            String sp_return_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_SP_POST;            
+            String metaData = generateMetadata(metadata_url, sp_return_url);
+
+            logger.trace(metaData);
+
+            httpResp.setContentType("text/xml");
+            httpResp.getWriter().print(metaData);
+            httpResp.flushBuffer();
+            
+        } catch (Exception e) {
+            e.printStackTrace();
+        } 
+		
+		
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
+			HttpServletResponse httpResp) {
+		return false;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
+	 */
+	@Override
+	public String getDefaultActionName() {
+		return "eIDAS-Metadata Action";
+		
+	}
+    
+    public String generateMetadata(String metadata_url, String sp_return_url) throws SAMLEngineException, EIDASEngineException{
+        String metadata="invalid metadata";
+
+		EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+        
+        MetadataGenerator generator = new MetadataGenerator();
+        MetadataConfigParams mcp=new MetadataConfigParams();
+        generator.setConfigParams(mcp);
+        generator.initialize(engine);
+        mcp.setEntityID(metadata_url);
+
+        generator.addSPRole();
+        String returnUrl = sp_return_url;
+        mcp.setAssertionConsumerUrl(returnUrl);
+
+        generator.addIDPRole();
+        mcp.setAssuranceLevel("http://eidas.europa.eu/LoA/substantial"); // TODO make configurable
+
+        metadata = generator.generateMetadata();
+        return metadata;
+    }
+}
-- 
cgit v1.2.3


From 3ca240a596e3d2d22a7a6c68ce9c34dda9168e2c Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 27 Jan 2016 06:26:52 +0100
Subject: set ContentType parameter in HTTPServletResponse

---
 .../modules/eidas/utils/EidasMetaDataServlet.java  |  6 ++----
 .../id/protocols/eidas/AuthenticationRequest.java  | 24 +++++++++++-----------
 2 files changed, 14 insertions(+), 16 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
index 470e3b0fc..6ae532210 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
@@ -15,17 +15,15 @@
  *  limitations under the Licence.
  *******************************************************************************/
 package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
-import iaik.security.ecc.provider.ECCProvider;
-import iaik.security.provider.IAIK;
 
 import java.io.IOException;
-import java.security.Security;
 
 import javax.servlet.ServletException;
 import javax.servlet.annotation.WebServlet;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.MediaType;
 
 import org.slf4j.Logger;
 
@@ -64,7 +62,7 @@ public class EidasMetaDataServlet extends HttpServlet {
 
             logger.trace(metaData);
 
-            response.setContentType("text/xml");
+            response.setContentType(MediaType.TEXT_XML);
             response.getWriter().print(metaData);
             response.flushBuffer();
         } catch (Exception e) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
index 1012be1b7..ae9dd5a51 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
@@ -26,6 +26,14 @@ import java.io.StringWriter;
 import java.text.SimpleDateFormat;
 import java.util.Map.Entry;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.core.MediaType;
+
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
@@ -41,13 +49,6 @@ import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.Template;
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
 import eu.eidas.auth.commons.EIDASAuthnResponse;
 import eu.eidas.auth.commons.EIDASStatusCode;
 import eu.eidas.auth.commons.EIDASUtil;
@@ -149,10 +150,10 @@ public class AuthenticationRequest implements IAction {
             template.merge(context, writer);
             Logger.trace("Template merge done");
 
-            Logger.trace("Sending html content: " + writer.getBuffer().toString());
-            Logger.trace("Sending html content2  : " + new String(writer.getBuffer()));
+            Logger.trace("Sending html content  : " + new String(writer.getBuffer()));
 
             httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
+            httpResp.setContentType(MediaType.TEXT_HTML);
 
         } catch (Exception e) {
             Logger.error("Velocity error: " + e.getMessage());
@@ -167,9 +168,8 @@ public class AuthenticationRequest implements IAction {
 	}
 
 	@Override
-	public String getDefaultActionName() {
-		// TODO Auto-generated method stub
-		return null;
+	public String getDefaultActionName() {		
+		return "eIDAS_AuthnRequest";
 	}
 
 
-- 
cgit v1.2.3


From 8023301ce4686ef5d69233e4690ab2a6c2005dee Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 27 Jan 2016 14:37:31 +0100
Subject: fix unresolved dependency

---
 .../moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java         | 4 ++--
 .../gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
index 6ae532210..33b48c0a3 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
@@ -23,9 +23,9 @@ import javax.servlet.annotation.WebServlet;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import javax.ws.rs.core.MediaType;
 
 import org.slf4j.Logger;
+import org.springframework.http.MediaType;
 
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
@@ -62,7 +62,7 @@ public class EidasMetaDataServlet extends HttpServlet {
 
             logger.trace(metaData);
 
-            response.setContentType(MediaType.TEXT_XML);
+            response.setContentType(MediaType.TEXT_XML.getType());
             response.getWriter().print(metaData);
             response.flushBuffer();
         } catch (Exception e) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
index ae9dd5a51..238c823cf 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
@@ -28,11 +28,11 @@ import java.util.Map.Entry;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import javax.ws.rs.core.MediaType;
 
 import org.apache.velocity.Template;
 import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
+import org.springframework.http.MediaType;
 
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -153,7 +153,7 @@ public class AuthenticationRequest implements IAction {
             Logger.trace("Sending html content  : " + new String(writer.getBuffer()));
 
             httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
-            httpResp.setContentType(MediaType.TEXT_HTML);
+            httpResp.setContentType(MediaType.TEXT_HTML.getType());
 
         } catch (Exception e) {
             Logger.error("Velocity error: " + e.getMessage());
-- 
cgit v1.2.3


From 263393a2e96f6a76a3f82ef6602056bcc5881cca Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 28 Jan 2016 08:32:40 +0100
Subject: fix merge problem eIDAS Metadata servlet

---
 .../gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index 66179fae4..c8795302f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -62,9 +62,9 @@ public class EidasMetaDataRequest implements IAction {
 
             logger.trace(metaData);
 
-            response.setContentType(MediaType.TEXT_XML.getType());
-            response.getWriter().print(metaData);
-            response.flushBuffer();
+            httpResp.setContentType(MediaType.TEXT_XML.getType());
+            httpResp.getWriter().print(metaData);
+            httpResp.flushBuffer();
         } catch (Exception e) {
             e.printStackTrace();
         } 
-- 
cgit v1.2.3


From 15391f9c7c3afa19bb5f15e4f71561be71aafb49 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Tue, 16 Feb 2016 16:35:56 +0100
Subject: Refactore eIDAS module to new Spring based protocol engine

---
 .../moa/id/auth/modules/eidas/Constants.java       |   9 +
 .../eIDASAuthenticationSpringResourceProvider.java |  29 ++++
 .../id/auth/modules/eidas/eIDASSignalServlet.java  |  29 +++-
 .../eidas/tasks/CreateIdentityLinkTask.java        |  66 +++++---
 .../eidas/tasks/GenerateAuthnRequestTask.java      |  68 +++++---
 .../eidas/tasks/ReceiveAuthnResponseTask.java      |  53 +++++-
 .../id/protocols/eidas/AuthenticationRequest.java  | 173 --------------------
 .../moa/id/protocols/eidas/EIDASProtocol.java      | 128 ++++++++++-----
 .../id/protocols/eidas/EidasMetaDataRequest.java   |   2 +
 .../eidas/eIDASAuthenticationRequest.java          | 181 +++++++++++++++++++++
 10 files changed, 467 insertions(+), 271 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationSpringResourceProvider.java
 delete mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 5166f090d..d1de2e96b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -72,4 +72,13 @@ public class Constants {
 	public static final String eIDAS_HTTP_ENDPOINT_IDP_REDIRECT = "/eidas/idp/redirect";
 	public static final String eIDAS_HTTP_ENDPOINT_METADATA = "/eidas/metadata";
 	
+	//Event-Codes for Revisionslog
+	public static final int eIDAS_REVERSIONSLOG_METADATA = 3400;
+	public static final int eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST = 3401;
+	public static final int eIDAS_REVERSIONSLOG_IDP_AUTHRESPONSE = 3402;
+	public static final int eIDAS_REVERSIONSLOG_SP_AUTHREQUEST= 3403;
+	public static final int eIDAS_REVERSIONSLOG_SP_AUTHRESPONSE= 3404;
+	
+	public static final String eIDAS_GENERIC_REQ_DATA_COUNTRY = "country";
+	
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationSpringResourceProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationSpringResourceProvider.java
new file mode 100644
index 000000000..384516711
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationSpringResourceProvider.java
@@ -0,0 +1,29 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+
+import at.gv.egiz.components.spring.api.SpringResourceProvider;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthSpringResourceProvider;
+
+public class eIDASAuthenticationSpringResourceProvider implements SpringResourceProvider {
+
+	@Override
+	public String getName() {
+		return "MOA-ID eIDAS-Authentication SpringResourceProvider";
+	}
+
+	@Override
+	public String[] getPackagesToScan() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Resource[] getResourcesToLoad() {
+		ClassPathResource eIDASAuthConfig = new ClassPathResource("/moaid_eidas_auth.beans.xml", MOAIDAuthSpringResourceProvider.class);					
+		
+		return new Resource[] {eIDASAuthConfig};
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
index 49f0451cb..2c0f1cf8c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
@@ -22,22 +22,26 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas;
 
+import java.io.IOException;
+
 import javax.servlet.annotation.WebServlet;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
 
-import at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet;
+import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
  * @author tlenz
  *
  */
-@WebServlet(urlPatterns = { "/eidas/sp/post",  "/eidas/sp/redirect"}, loadOnStartup = 1)
-public class eIDASSignalServlet extends ProcessEngineSignalServlet {
-
-	private static final long serialVersionUID = 8215688005533754459L;
+@Controller
+public class eIDASSignalServlet extends AbstractProcessEngineSignalController {
 
 	public eIDASSignalServlet() {
 		super();
@@ -46,18 +50,25 @@ public class eIDASSignalServlet extends ProcessEngineSignalServlet {
 		
 	}
 	
+	@RequestMapping(value = {	"/eidas/sp/post", 
+			 					"/eidas/sp/redirect"
+							}, 
+					method = {RequestMethod.POST, RequestMethod.GET})
+	public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+		signalProcessManagement(req, resp);
+	}
 	
 	@Override
 	/**
-	 * Protocol specific implementation to get the sessionID 
+	 * Protocol specific implementation to get the pending-requestID 
 	 * from http request object
 	 * 
 	 * @param request The http Servlet-Request object
-	 * @return The SessionId 
+	 * @return The Pending-request id 
 	 * 
 	 */
-	public String getMoaSessionId(HttpServletRequest request) {
-		String sessionId = super.getMoaSessionId(request);
+	public String getPendingRequestId(HttpServletRequest request) {
+		String sessionId = super.getPendingRequestId(request);
 		
 		try {
 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
index f4d6c4ad4..22dcf0bf3 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -22,6 +22,8 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
+
 import java.io.IOException;
 import java.io.InputStream;
 import java.text.ParseException;
@@ -31,14 +33,14 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.xml.parsers.ParserConfigurationException;
 
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.ObjectUtils;
+import org.springframework.stereotype.Service;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.xml.sax.SAXException;
 
-import eu.eidas.auth.commons.IPersonalAttributeList;
-
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
@@ -50,22 +52,21 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.XPathUtils;
+import eu.eidas.auth.commons.IPersonalAttributeList;
 
 /**
  * @author tlenz
  *
  */
+@Service("CreateIdentityLinkTask")
 public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 
 	/* (non-Javadoc)
@@ -76,19 +77,47 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 			HttpServletRequest request, HttpServletResponse response)
 			throws TaskExecutionException {
 		try{
-			String moasessionid = (String) executionContext.get(MOAIDAuthConstants.PARAM_SESSIONID);	    	
-			String pendingRequestID = (String) executionContext.get("pendingRequestID");
-
-			//load pending request
-			IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);				
+			String pendingRequestID = StringEscapeUtils.escapeHtml(
+					ObjectUtils.defaultIfNull(
+							request.getParameter(PARAM_TARGET_PENDINGREQUESTID), 
+							(String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID)));
+			
+			if (MiscUtil.isEmpty(pendingRequestID)) {				
+				Logger.info("No PendingRequestID received");
+				throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
+			}
+			
+			IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID);	
+		
 			if (pendingReq == null) {
 				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
 				throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
+				
+			}
+						
+			//change pending-request ID
+			String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
+			executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
+									
+			AuthenticationSession moasession = null;;
+			try {			
+				moasession  = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
 			
+				if (moasession == null) {
+					Logger.warn("MOASessionID is empty.");
+					throw new MOAIDException("auth.18", new Object[] {});
+				}
+				
+			} catch (MOADatabaseException e) {
+				Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
+				throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
+
+			} catch (Throwable e) {
+				Logger.info("No HTTP Session found!");
+				throw new MOAIDException("auth.18", new Object[] {});
 			}
-    	
-			//load MOASession object and OA-configuration
-			AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+			
+			//load service-provider configuration
 			IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
 			
 			//get eIDAS attributes from MOA-Session
@@ -96,7 +125,6 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 					AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, 
 					IPersonalAttributeList.class);
 			
-			AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
 			IdentityLink identityLink = null;
 			
 			//connect SZR-Gateway
@@ -146,7 +174,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 
 	            //resign IDL
 				IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
-				Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), config.getStorkFakeIdLResigningKey());
+				Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), authConfig.getStorkFakeIdLResigningKey());
 				identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink();
 				
 			} else {
@@ -164,13 +192,13 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 				throw new MOAIDException("stork.10", null);
 			}
 			
-			MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED);			
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED);			
 			moasession.setForeigner(true);
 			moasession.setIdentityLink(identityLink);
 			moasession.setBkuURL("Not applicable (eIDASAuthentication)");
 			
 			//store MOA-session to database
-			AuthenticationSessionStoreage.storeSession(moasession);
+			authenticatedSessionStorage.storeSession(moasession);
 			
 		} catch (ParseException | MOAIDException | MOADatabaseException | ParserConfigurationException | SAXException | IOException e) {
 			throw new TaskExecutionException("IdentityLink generation for foreign person FAILED.", e);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 06643ec53..5af6a294b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -22,6 +22,8 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
+
 import java.io.IOException;
 import java.io.StringWriter;
 import java.util.Collection;
@@ -29,11 +31,14 @@ import java.util.Collection;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang3.BooleanUtils;
+import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.velocity.Template;
 import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
+import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -45,17 +50,14 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.stork.CPEPS;
 import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
 import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.EIDASAuthnRequest;
 import eu.eidas.auth.commons.EIDASUtil;
 import eu.eidas.auth.commons.EidasLoaCompareType;
@@ -71,6 +73,7 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
  * @author tlenz
  *
  */
+@Service("GenerateAuthnRequestTask")
 public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 
 	/* (non-Javadoc)
@@ -82,31 +85,58 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			throws TaskExecutionException {
 		
 		try{
-			String moasessionid = (String) executionContext.get(MOAIDAuthConstants.PARAM_SESSIONID);	    	
-			String pendingRequestID = (String) executionContext.get("pendingRequestID");
-
-			//load pending request
-			IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);				
+			String pendingRequestID = StringEscapeUtils.escapeHtml(
+					ObjectUtils.defaultIfNull(
+							request.getParameter(PARAM_TARGET_PENDINGREQUESTID), 
+							(String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID)));
+			
+			if (MiscUtil.isEmpty(pendingRequestID)) {				
+				Logger.info("No PendingRequestID received");
+				throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
+			}
+			
+			IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID);	
+		
 			if (pendingReq == null) {
-				Logger.info("No PendingRequest with Id: '{}' Maybe, a transaction timeout occure.", new Object[] {pendingRequestID});
+				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
 				throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
+				
+			}
+						
+			//change pending-request ID
+			String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
+			executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
+									
+			AuthenticationSession moasession = null;;
+			try {			
+				moasession  = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
 			
+				if (moasession == null) {
+					Logger.warn("MOASessionID is empty.");
+					throw new MOAIDException("auth.18", new Object[] {});
+				}
+				
+			} catch (MOADatabaseException e) {
+				Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
+				throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
+
+			} catch (Throwable e) {
+				Logger.info("No HTTP Session found!");
+				throw new MOAIDException("auth.18", new Object[] {});
 			}
 
-			//load MOASession object, configuration and OA-configuration
-			AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+			//get service-provider configuration
 			IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
-			AuthConfiguration moaconfig = AuthConfigurationProviderFactory.getInstance();
 
 			// get target country
 			String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC);
 
 			if (StringUtils.isEmpty(citizenCountryCode)) {
 				// illegal state; task should not have been executed without a selected country
-				throw new AuthenticationException("stork.22", new Object[] { moasessionid });
+				throw new AuthenticationException("stork.22", new Object[] { pendingRequestID });
 			}
 
-			CPEPS cpeps = moaconfig.getStorkConfig().getCPEPS(citizenCountryCode);
+			CPEPS cpeps = authConfig.getStorkConfig().getCPEPS(citizenCountryCode);
 			if(null == cpeps) {
 				Logger.error("PEPS unknown for country", new Object[] {citizenCountryCode});
 				throw new AuthenticationException("Unknown PEPS for citizen country '{}'", new Object[] {citizenCountryCode});
@@ -127,7 +157,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 				newAttribute.setName(current.getName());
 
 				boolean globallyMandatory = false;
-				for (StorkAttribute currentGlobalAttribute : moaconfig.getStorkConfig().getStorkAttributes())
+				for (StorkAttribute currentGlobalAttribute : authConfig.getStorkConfig().getStorkAttributes())
 					if (current.getName().equals(currentGlobalAttribute.getName())) {
 						globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory());
 						break;
@@ -144,7 +174,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			authnRequest.setProviderName(pendingReq.getAuthURL());
 			authnRequest.setPersonalAttributeList(pAttList);
 			
-			authnRequest.setIssuer(moaconfig.getPublicURLPrefix() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
+			authnRequest.setIssuer(pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
 			
 			authnRequest.setDestination(destination); 
 			authnRequest.setEidasNameidFormat(EIDASAuthnRequest.NAMEID_FORMAT_UNSPECIFIED);
@@ -170,7 +200,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 	            context.put(actionType, SAMLRequest);
 	            Logger.debug("Encoded " + actionType + " original: " + SAMLRequest);
 
-	            context.put("RelayState", moasessionid);
+	            context.put("RelayState", pendingRequestID);
 	            
 	            Logger.debug("Using assertion consumer url as action: " + destination);
 	            context.put("action", destination);
@@ -200,7 +230,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", 
 					new EIDASEngineException("Could not generate token for Saml Request", e));
 			
-		} catch (EIDASEngineException | MOAIDException | MOADatabaseException e) {
+		} catch (EIDASEngineException | MOAIDException e) {
 			throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", e);
 			
 		}	
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 693807d63..84b20dc25 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -1,8 +1,14 @@
 package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.ObjectUtils;
+import org.springframework.stereotype.Service;
+
 import eu.eidas.auth.commons.EIDASAuthnResponse;
 import eu.eidas.auth.commons.EIDASUtil;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
@@ -28,25 +34,54 @@ import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
+@Service("ReceiveAuthnResponseTask")
 public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException {
 
 		try{
-			String moasessionid = (String) executionContext.get(MOAIDAuthConstants.PARAM_SESSIONID);	    	
-			String pendingRequestID = (String) executionContext.get("pendingRequestID");
-
-			//load pending request
-			IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);				
+			String pendingRequestID = StringEscapeUtils.escapeHtml(
+					ObjectUtils.defaultIfNull(
+							request.getParameter(PARAM_TARGET_PENDINGREQUESTID), 
+							(String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID)));
+			
+			if (MiscUtil.isEmpty(pendingRequestID)) {				
+				Logger.info("No PendingRequestID received");
+				throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
+			}
+			
+			IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID);	
+		
 			if (pendingReq == null) {
 				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
 				throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
+				
+			}
+						
+			//change pending-request ID
+			String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
+			executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
+									
+			AuthenticationSession moasession = null;;
+			try {			
+				moasession  = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
 			
+				if (moasession == null) {
+					Logger.warn("MOASessionID is empty.");
+					throw new MOAIDException("auth.18", new Object[] {});
+				}
+				
+			} catch (MOADatabaseException e) {
+				Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
+				throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
+
+			} catch (Throwable e) {
+				Logger.info("No HTTP Session found!");
+				throw new MOAIDException("auth.18", new Object[] {});
 			}
-    	
-			//load MOASession object and OA-configuration
-			AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+	
+			//load service-provider configuration
 			IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
 			
 			//get SAML Response and decode it
@@ -92,7 +127,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			moasession.setAuthURL(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/");
 			
 			//store MOA-session to database
-			AuthenticationSessionStoreage.storeSession(moasession);
+			authenticatedSessionStorage.storeSession(moasession);
 			
 		}catch (EIDASSAMLEngineException e) {
 			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
deleted file mode 100644
index 09287e6d4..000000000
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
+++ /dev/null
@@ -1,173 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.eidas;
-
-import java.io.StringWriter;
-import java.text.SimpleDateFormat;
-import java.util.Map.Entry;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.Template;
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
-import org.springframework.http.MediaType;
-
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
-import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
-import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import eu.eidas.auth.commons.EIDASAuthnResponse;
-import eu.eidas.auth.commons.EIDASStatusCode;
-import eu.eidas.auth.commons.EIDASUtil;
-import eu.eidas.auth.commons.PersonalAttribute;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
-import eu.eidas.auth.engine.metadata.MetadataUtil;
-
-
-/**
- * Second request step - after authentication of the user is done and moasession obtained,
- * process request and forward the user further to PEPS and/or other entities
- *
- * @author bsuzic
- */
-
-public class AuthenticationRequest implements IAction {
-
-	@Override
-	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
-		EIDASData eidasRequest;
-		if(req instanceof EIDASData)
-			eidasRequest = (EIDASData) req;
-		else
-			throw new MOAIDException("got wrong IRequest type. is: {}, should be: {}", new String[] {req.getClass().toString(), EIDASData.class.toString()});
-		
-		
-		// gather attributes
-		MOAPersonalAttributeList resultingAttributeList = (MOAPersonalAttributeList) eidasRequest.getEidasRequestedAttributes().clone();
-		
-		for(Entry<String, PersonalAttribute> current : resultingAttributeList.entrySet()) {
-			String newValue = "";
-			
-			// TODO make use of proper builder
-			switch(current.getKey()) {
-			case Constants.eIDAS_ATTR_DATEOFBIRTH: newValue = new SimpleDateFormat("YYYY-MM-dd").format(authData.getDateOfBirth()); break;
-			case Constants.eIDAS_ATTR_CURRENTFAMILYNAME: newValue = authData.getFamilyName();break;
-			case Constants.eIDAS_ATTR_CURRENTGIVENNAME: newValue = authData.getGivenName();break;
-			case Constants.eIDAS_ATTR_PERSONALIDENTIFIER: newValue = new BPKBuilder().buildStorkeIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(),
-                    eidasRequest.getTarget()); break;
-			}
-			
-			if("".equals(newValue))
-				current.getValue().setStatus(EIDASStatusCode.STATUS_NOT_AVAILABLE.toString());
-			else {
-				current.getValue().getValue().clear();
-				current.getValue().getValue().add(newValue);
-				current.getValue().setStatus(EIDASStatusCode.STATUS_AVAILABLE.toString());
-			}
-		}
-		
-		// construct eIDaS response
-		EIDASAuthnResponse response = new EIDASAuthnResponse();
-		response.setPersonalAttributeList(resultingAttributeList);
-		
-		// - create metadata url
-        String pubURLPrefix = req.getAuthURL();
-        String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
-		response.setIssuer(metadata_url);
-
-		response.setAssuranceLevel(authData.getEIDASQAALevel());
-		
-		String token = null;
-		try {
-			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
-			
-			// check if we have the destination available, supply it if not
-			if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) {
-				String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
-						new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()), 
-						engine, 
-						eidasRequest.getEidasRequest());
-				eidasRequest.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
-			}
-			
-			response = engine.generateEIDASAuthnResponse(eidasRequest.getEidasRequest(), response, eidasRequest.getRemoteAddress(), true);
-
-			
-			token = EIDASUtil.encodeSAMLToken(response.getTokenSaml());
-		} catch(Exception e) {
-			e.printStackTrace();
-		}
-		
-		// send the response
-        try {
-            VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
-            Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
-            VelocityContext context = new VelocityContext();
-            
-            context.put("SAMLResponse", token);
-            Logger.debug("SAMLResponse original: " + token);
-
-            Logger.debug("Putting assertion consumer url as action: " + eidasRequest.getEidasRequest().getAssertionConsumerServiceURL());
-            context.put("action", eidasRequest.getEidasRequest().getAssertionConsumerServiceURL());
-            Logger.trace("Starting template merge");
-            StringWriter writer = new StringWriter();
-
-            Logger.trace("Doing template merge");
-            template.merge(context, writer);
-            Logger.trace("Template merge done");
-
-            Logger.trace("Sending html content  : " + new String(writer.getBuffer()));
-
-            httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
-            httpResp.setContentType(MediaType.TEXT_HTML.getType());
-
-        } catch (Exception e) {
-            Logger.error("Velocity error: " + e.getMessage());
-        }
-		
-		return null;
-	}
-
-	@Override
-	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
-		return true;
-	}
-
-	@Override
-	public String getDefaultActionName() {		
-		return "eIDAS_AuthnRequest";
-	}
-
-
-}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index b652503f8..5c2ed4148 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -22,14 +22,21 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.eidas;
 
+import java.io.IOException;
 import java.util.HashMap;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -37,6 +44,10 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IModulInfo;
 import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController;
+import at.gv.egovernment.moa.id.protocols.pvp2x.AuthenticationAction;
+import at.gv.egovernment.moa.id.protocols.pvp2x.MetadataAction;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.EIDASAuthnRequest;
@@ -44,26 +55,15 @@ import eu.eidas.auth.commons.EIDASUtil;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
 
 /**
- * Stork 2 Protocol Support
+ * eIDAS Protocol Support for outbound authentication
  *
- * @author bsuzic
+ * @author tlenz
  */
-public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
+public class EIDASProtocol extends AbstractProtocolModulController {
 
     public static final String NAME = EIDASProtocol.class.getName();
     public static final String PATH = "eidas";
 
-    public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest";
-    public static final String METADATAREQUEST = "MetadataRequest";
-    
-    private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
-
-    static {
-        actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest());
-        actions.put(METADATAREQUEST, new EidasMetaDataRequest());
-        
-    }
-
     public String getName() {
         return NAME;
     }
@@ -72,20 +72,70 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
         return PATH;
     }
 
-    public IAction getAction(String action) {
-        return actions.get(action);
-    }
-
-    public EIDASProtocol() {
-        super();
-    }
-
+	//eIDAS metadata end-point
+	@RequestMapping(value = "/eidas/metadata", method = {RequestMethod.GET})
+	public void eIDASMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
+		
+		//create pendingRequest object
+		EIDASData pendingReq = new EIDASData(req);
+		pendingReq.setModule(NAME);
+		pendingReq.setNeedAuthentication(false);
+		pendingReq.setAuthenticated(false);
+		
+		revisionsLogger.logEvent(
+				pendingReq.getUniqueSessionIdentifier(), 
+				pendingReq.getUniqueTransactionIdentifier(), 
+				MOAIDEventConstants.TRANSACTION_IP, 
+				req.getRemoteAddr());
+		
+
+		EidasMetaDataRequest metadataAction = applicationContext.getBean(EidasMetaDataRequest.class);
+		metadataAction.processRequest(pendingReq, 
+				req, resp, null);
+		
+		revisionsLogger.logEvent(
+				pendingReq.getUniqueSessionIdentifier(), 
+				pendingReq.getUniqueTransactionIdentifier(), 
+				Constants.eIDAS_REVERSIONSLOG_METADATA);
+	}
+    
+	
+	//PVP2.x IDP POST-Binding end-point
+	@RequestMapping(value = "/eidas/ColleagueRequest", method = {RequestMethod.POST})
+	public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException {
+		
+		//create pending-request object
+		EIDASData pendingReq = new EIDASData(req);
+		pendingReq.setModule(NAME);
+		
+		revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
+		revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());						
+		revisionsLogger.logEvent(
+				pendingReq.getUniqueSessionIdentifier(), 
+				pendingReq.getUniqueTransactionIdentifier(), 
+				MOAIDEventConstants.TRANSACTION_IP, 
+				req.getRemoteAddr());
+		
+		//preProcess eIDAS request
+		preProcess(req, resp, pendingReq);
+		
+		revisionsLogger.logEvent(pendingReq, Constants.eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST);
+		
+		//AuthnRequest needs authentication
+		pendingReq.setNeedAuthentication(true);
+
+		//set protocol action, which should be executed after authentication
+		pendingReq.setAction(eIDASAuthenticationRequest.class.getName());
+		
+		//switch to session authentication
+		performAuthentication(req, resp, pendingReq);
+	}
+    
     /*
         First request step - send it to BKU selection for user authentication. After the user credentials
         and other info are obtained, in the second step the request will be processed and the user redirected
          */
-    public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action,
-			String sessionId, String transactionId) throws MOAIDException {
+    public void preProcess(HttpServletRequest request, HttpServletResponse response, EIDASData pendingReq) throws MOAIDException {
 
         Logger.info("received an eIDaS request");
 
@@ -104,42 +154,36 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
 			//validate SAML token
 			EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken);
 
-			// memorize important stuff
-			EIDASData result = new EIDASData(request);
-
 			// - memorize remote ip
-			result.setRemoteAddress(request.getRemoteAddr());
+			pendingReq.setRemoteAddress(request.getRemoteAddr());
 			
 			// - memorize country code of target country
-			result.setTarget(samlReq.getCountry());
+			pendingReq.setGenericDataToSession(
+					Constants.eIDAS_GENERIC_REQ_DATA_COUNTRY, samlReq.getCountry());
 			
 			// - memorize requested attributes
-			result.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList()));
+			pendingReq.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList()));
 
 			// - memorize whole request
-			samlReq.setPersonalAttributeList(result.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list
-			result.setEidasRequest(samlReq);
+			samlReq.setPersonalAttributeList(pendingReq.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list
+			pendingReq.setEidasRequest(samlReq);
 			
 			// - memorize OA url
-			result.setOAURL(samlReq.getIssuer());
-
+			pendingReq.setOAURL(samlReq.getIssuer());
+	
 			// - memorize OA config
-			OAAuthParameter oaConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(result.getOAURL());
+			OAAuthParameter oaConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(pendingReq.getOAURL());
 			if (oaConfig == null)
-				throw new AuthenticationException("stork.12", new Object[]{result.getOAURL()});
-			result.setOnlineApplicationConfiguration(oaConfig);
+				throw new AuthenticationException("stork.12", new Object[]{pendingReq.getOAURL()});
+			pendingReq.setOnlineApplicationConfiguration(oaConfig);
 
-			return result;
 		} catch(Exception e) {
 			Logger.error("error in preprocessing step", e);
 			throw new MOAIDException("error in preprocessing step", null);
+			
 		}
     }
 
-    public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) {
-        return null;
-    }
-
     public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable {
         return false;
     }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index c8795302f..4e34902e2 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -21,6 +21,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.slf4j.Logger;
 import org.springframework.http.MediaType;
+import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
@@ -39,6 +40,7 @@ import eu.eidas.engine.exceptions.SAMLEngineException;
 /**
  * First version to provide some valid metadata to an asking eIDaS node
  */
+@Service("EidasMetaDataRequest")
 public class EidasMetaDataRequest implements IAction {
     private Logger logger = org.slf4j.LoggerFactory.getLogger(EidasMetaDataRequest.class); 
     
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
new file mode 100644
index 000000000..0702c34d5
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -0,0 +1,181 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.eidas;
+
+import java.io.StringWriter;
+import java.text.SimpleDateFormat;
+import java.util.Map.Entry;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.MediaType;
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.eidas.auth.commons.EIDASAuthnResponse;
+import eu.eidas.auth.commons.EIDASStatusCode;
+import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.commons.PersonalAttribute;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.metadata.MetadataUtil;
+
+
+/**
+ * Second request step - after authentication of the user is done and moasession obtained,
+ * process request and forward the user further to PEPS and/or other entities
+ *
+ * @author tlenz
+ */
+
+@Service("eIDASAuthenticationRequest")
+public class eIDASAuthenticationRequest implements IAction {
+
+	@Autowired protected MOAReversionLogger revisionsLogger;
+	
+	@Override
+	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
+		EIDASData eidasRequest;
+		if(req instanceof EIDASData)
+			eidasRequest = (EIDASData) req;
+		else
+			throw new MOAIDException("got wrong IRequest type. is: {}, should be: {}", new String[] {req.getClass().toString(), EIDASData.class.toString()});
+		
+		
+		// gather attributes
+		MOAPersonalAttributeList resultingAttributeList = (MOAPersonalAttributeList) eidasRequest.getEidasRequestedAttributes().clone();
+		
+		for(Entry<String, PersonalAttribute> current : resultingAttributeList.entrySet()) {
+			String newValue = "";
+			
+			// TODO make use of proper builder
+			switch(current.getKey()) {
+			case Constants.eIDAS_ATTR_DATEOFBIRTH: newValue = new SimpleDateFormat("YYYY-MM-dd").format(authData.getDateOfBirth()); break;
+			case Constants.eIDAS_ATTR_CURRENTFAMILYNAME: newValue = authData.getFamilyName();break;
+			case Constants.eIDAS_ATTR_CURRENTGIVENNAME: newValue = authData.getGivenName();break;
+			case Constants.eIDAS_ATTR_PERSONALIDENTIFIER: newValue = new BPKBuilder().buildStorkeIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(),
+                    eidasRequest.getGenericData(Constants.eIDAS_GENERIC_REQ_DATA_COUNTRY, String.class)); break;
+			}
+			
+			if("".equals(newValue))
+				current.getValue().setStatus(EIDASStatusCode.STATUS_NOT_AVAILABLE.toString());
+			else {
+				current.getValue().getValue().clear();
+				current.getValue().getValue().add(newValue);
+				current.getValue().setStatus(EIDASStatusCode.STATUS_AVAILABLE.toString());
+			}
+		}
+		
+		// construct eIDaS response
+		EIDASAuthnResponse response = new EIDASAuthnResponse();
+		response.setPersonalAttributeList(resultingAttributeList);
+		
+		// - create metadata url
+        String pubURLPrefix = req.getAuthURL();
+        String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
+		response.setIssuer(metadata_url);
+
+		response.setAssuranceLevel(authData.getEIDASQAALevel());
+		
+		String token = null;
+		try {
+			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+			
+			// check if we have the destination available, supply it if not
+			if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) {
+				String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
+						new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()), 
+						engine, 
+						eidasRequest.getEidasRequest());
+				eidasRequest.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
+			}
+			
+			response = engine.generateEIDASAuthnResponse(eidasRequest.getEidasRequest(), response, eidasRequest.getRemoteAddress(), true);
+
+			
+			token = EIDASUtil.encodeSAMLToken(response.getTokenSaml());
+		} catch(Exception e) {
+			e.printStackTrace();
+		}
+		
+		revisionsLogger.logEvent(req, Constants.eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST);
+		
+		// send the response
+        try {
+            VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+            Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+            VelocityContext context = new VelocityContext();
+            
+            context.put("SAMLResponse", token);
+            Logger.debug("SAMLResponse original: " + token);
+
+            Logger.debug("Putting assertion consumer url as action: " + eidasRequest.getEidasRequest().getAssertionConsumerServiceURL());
+            context.put("action", eidasRequest.getEidasRequest().getAssertionConsumerServiceURL());
+            Logger.trace("Starting template merge");
+            StringWriter writer = new StringWriter();
+
+            Logger.trace("Doing template merge");
+            template.merge(context, writer);
+            Logger.trace("Template merge done");
+
+            Logger.trace("Sending html content  : " + new String(writer.getBuffer()));
+
+            httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
+            httpResp.setContentType(MediaType.TEXT_HTML.getType());
+
+        } catch (Exception e) {
+            Logger.error("Velocity error: " + e.getMessage());
+        }
+		
+		return null;
+	}
+
+	@Override
+	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
+		return true;
+	}
+
+	@Override
+	public String getDefaultActionName() {		
+		return "eIDAS_AuthnRequest";
+	}
+
+
+}
-- 
cgit v1.2.3


From 274a85e53fa8c06a869f2bb3a7bd24300ee9b3fd Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 17 Feb 2016 06:54:43 +0100
Subject: fix unresolved depentencies

---
 .../id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 84b20dc25..c8575c2da 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -9,11 +9,6 @@ import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang3.ObjectUtils;
 import org.springframework.stereotype.Service;
 
-import eu.eidas.auth.commons.EIDASAuthnResponse;
-import eu.eidas.auth.commons.EIDASUtil;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
-import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
-
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
@@ -28,11 +23,13 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
+import eu.eidas.auth.commons.EIDASAuthnResponse;
+import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
 
 @Service("ReceiveAuthnResponseTask")
 public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
-- 
cgit v1.2.3


From 3cec20ee2161cb1a8c8c4516e47a8402d950957e Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 18 Feb 2016 12:22:57 +0100
Subject: fix problem with pending-requests and protocol specific error
 messages

---
 .../auth/modules/eidas/tasks/CreateIdentityLinkTask.java   |  9 +++------
 .../auth/modules/eidas/tasks/GenerateAuthnRequestTask.java | 14 +++++---------
 .../auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java | 14 +++-----------
 .../egovernment/moa/id/protocols/eidas/EIDASProtocol.java  | 12 ++----------
 4 files changed, 13 insertions(+), 36 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
index 22dcf0bf3..ed2de77ad 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -42,7 +42,6 @@ import org.xml.sax.SAXException;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -53,7 +52,6 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeExce
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
 import at.gv.egovernment.moa.logging.Logger;
@@ -87,7 +85,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 				throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
 			}
 			
-			IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID);	
+			pendingReq = requestStoreage.getPendingRequest(pendingRequestID);	
 		
 			if (pendingReq == null) {
 				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
@@ -99,7 +97,6 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 			String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
 			executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
 									
-			AuthenticationSession moasession = null;;
 			try {			
 				moasession  = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
 			
@@ -201,10 +198,10 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 			authenticatedSessionStorage.storeSession(moasession);
 			
 		} catch (ParseException | MOAIDException | MOADatabaseException | ParserConfigurationException | SAXException | IOException e) {
-			throw new TaskExecutionException("IdentityLink generation for foreign person FAILED.", e);
+			throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
 			
 		} catch (eIDASAttributeException e) {
-			throw new TaskExecutionException("Minimum required eIDAS attributeset not found.", e);
+			throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e);
 				
 		}	
 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 5af6a294b..2f7e4eb28 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -41,7 +41,6 @@ import org.apache.velocity.app.VelocityEngine;
 import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
@@ -53,7 +52,6 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.stork.CPEPS;
 import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
@@ -95,7 +93,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 				throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
 			}
 			
-			IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID);	
+			pendingReq = requestStoreage.getPendingRequest(pendingRequestID);	
 		
 			if (pendingReq == null) {
 				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
@@ -107,7 +105,6 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
 			executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
 									
-			AuthenticationSession moasession = null;;
 			try {			
 				moasession  = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
 			
@@ -227,14 +224,13 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 
 		}catch (EIDASSAMLEngineException e){
 			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
-			throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", 
+			throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", 
 					new EIDASEngineException("Could not generate token for Saml Request", e));
 			
-		} catch (EIDASEngineException | MOAIDException e) {
-			throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", e);
+		} catch (EIDASEngineException | MOAIDException | MOADatabaseException e) {
+			throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", e);
 			
-		}	
-
+		} 
 	}
 
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index c8575c2da..5a7e77bc7 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -10,7 +10,6 @@ import org.apache.commons.lang3.ObjectUtils;
 import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
@@ -20,9 +19,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineExcepti
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -48,7 +45,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 				throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
 			}
 			
-			IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID);	
+			pendingReq = requestStoreage.getPendingRequest(pendingRequestID);	
 		
 			if (pendingReq == null) {
 				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
@@ -60,7 +57,6 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
 			executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
 									
-			AuthenticationSession moasession = null;;
 			try {			
 				moasession  = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
 			
@@ -110,7 +106,6 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			//update MOA-Session data with received information			
 			Logger.debug("Store eIDAS response information into MOA-session.");
 			moasession.setQAALevel(samlResp.getAssuranceLevel());
-			moasession.setCcc(samlResp.getCountry());
 						
 			moasession.setGenericDataToSession(
 					AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, 
@@ -119,20 +114,17 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			moasession.setGenericDataToSession(
 					AuthenticationSessionStorageConstants.eIDAS_RESPONSE, 
 					decSamlToken);
-
-			//set general information to MOA-Session
-			moasession.setAuthURL(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/");
 			
 			//store MOA-session to database
 			authenticatedSessionStorage.storeSession(moasession);
 			
 		}catch (EIDASSAMLEngineException e) {
 			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
-			throw new TaskExecutionException("eIDAS Response processing FAILED.", 
+			throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", 
 					new EIDASEngineException("Could not validate eIDAS response", e));
 			
 		} catch (EIDASEngineException | MOAIDException | MOADatabaseException e) {
-			throw new TaskExecutionException("eIDAS Response processing FAILED.", e);
+			throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e);
 			
 		}	
 		
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 5c2ed4148..cf3960815 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -23,7 +23,6 @@
 package at.gv.egovernment.moa.id.protocols.eidas;
 
 import java.io.IOException;
-import java.util.HashMap;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -32,22 +31,15 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IModulInfo;
 import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController;
-import at.gv.egovernment.moa.id.protocols.pvp2x.AuthenticationAction;
-import at.gv.egovernment.moa.id.protocols.pvp2x.MetadataAction;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
+import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.EIDASAuthnRequest;
@@ -59,7 +51,7 @@ import eu.eidas.auth.engine.EIDASSAMLEngine;
  *
  * @author tlenz
  */
-public class EIDASProtocol extends AbstractProtocolModulController {
+public class EIDASProtocol extends AbstractAuthProtocolModulController {
 
     public static final String NAME = EIDASProtocol.class.getName();
     public static final String PATH = "eidas";
-- 
cgit v1.2.3


From 99676a6020efe37d4df4ba8d33c1e1d6a1c5aa78 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 19 Feb 2016 12:32:27 +0100
Subject: refactor eIDAS tasks to new task-execution process-implementation

---
 .../eidas/tasks/CreateIdentityLinkTask.java        | 51 +------------------
 .../eidas/tasks/GenerateAuthnRequestTask.java      | 53 ++-----------------
 .../eidas/tasks/ReceiveAuthnResponseTask.java      | 59 +++-------------------
 3 files changed, 14 insertions(+), 149 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
index ed2de77ad..052d18b0f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -22,8 +22,6 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
-
 import java.io.IOException;
 import java.io.InputStream;
 import java.text.ParseException;
@@ -33,15 +31,12 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.xml.parsers.ParserConfigurationException;
 
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.ObjectUtils;
 import org.springframework.stereotype.Service;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.xml.sax.SAXException;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -51,12 +46,10 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.XPathUtils;
 import eu.eidas.auth.commons.IPersonalAttributeList;
 
@@ -75,48 +68,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 			HttpServletRequest request, HttpServletResponse response)
 			throws TaskExecutionException {
 		try{
-			String pendingRequestID = StringEscapeUtils.escapeHtml(
-					ObjectUtils.defaultIfNull(
-							request.getParameter(PARAM_TARGET_PENDINGREQUESTID), 
-							(String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID)));
-			
-			if (MiscUtil.isEmpty(pendingRequestID)) {				
-				Logger.info("No PendingRequestID received");
-				throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
-			}
-			
-			pendingReq = requestStoreage.getPendingRequest(pendingRequestID);	
-		
-			if (pendingReq == null) {
-				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
-				throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-				
-			}
-						
-			//change pending-request ID
-			String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
-			executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
-									
-			try {			
-				moasession  = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
-			
-				if (moasession == null) {
-					Logger.warn("MOASessionID is empty.");
-					throw new MOAIDException("auth.18", new Object[] {});
-				}
-				
-			} catch (MOADatabaseException e) {
-				Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
-				throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
-
-			} catch (Throwable e) {
-				Logger.info("No HTTP Session found!");
-				throw new MOAIDException("auth.18", new Object[] {});
-			}
-			
-			//load service-provider configuration
-			IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
-			
+			defaultTaskInitialization(request, executionContext);
+												
 			//get eIDAS attributes from MOA-Session
 			IPersonalAttributeList eIDASAttributes = moasession.getGenericDataFromSession(
 					AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 2f7e4eb28..6053c8aa2 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -22,8 +22,6 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
-
 import java.io.IOException;
 import java.io.StringWriter;
 import java.util.Collection;
@@ -31,9 +29,7 @@ import java.util.Collection;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang3.BooleanUtils;
-import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.velocity.Template;
 import org.apache.velocity.VelocityContext;
@@ -48,14 +44,12 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.stork.CPEPS;
 import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.EIDASAuthnRequest;
 import eu.eidas.auth.commons.EIDASUtil;
 import eu.eidas.auth.commons.EidasLoaCompareType;
@@ -82,46 +76,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			HttpServletRequest request, HttpServletResponse response)
 			throws TaskExecutionException {
 		
-		try{
-			String pendingRequestID = StringEscapeUtils.escapeHtml(
-					ObjectUtils.defaultIfNull(
-							request.getParameter(PARAM_TARGET_PENDINGREQUESTID), 
-							(String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID)));
-			
-			if (MiscUtil.isEmpty(pendingRequestID)) {				
-				Logger.info("No PendingRequestID received");
-				throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
-			}
-			
-			pendingReq = requestStoreage.getPendingRequest(pendingRequestID);	
-		
-			if (pendingReq == null) {
-				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
-				throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-				
-			}
-						
-			//change pending-request ID
-			String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
-			executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
-									
-			try {			
-				moasession  = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
-			
-				if (moasession == null) {
-					Logger.warn("MOASessionID is empty.");
-					throw new MOAIDException("auth.18", new Object[] {});
-				}
-				
-			} catch (MOADatabaseException e) {
-				Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
-				throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
-
-			} catch (Throwable e) {
-				Logger.info("No HTTP Session found!");
-				throw new MOAIDException("auth.18", new Object[] {});
-			}
-
+		try{						
 			//get service-provider configuration
 			IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
 
@@ -130,7 +85,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 
 			if (StringUtils.isEmpty(citizenCountryCode)) {
 				// illegal state; task should not have been executed without a selected country
-				throw new AuthenticationException("stork.22", new Object[] { pendingRequestID });
+				throw new AuthenticationException("stork.22", new Object[] { pendingReq.getRequestID() });
 			}
 
 			CPEPS cpeps = authConfig.getStorkConfig().getCPEPS(citizenCountryCode);
@@ -197,7 +152,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 	            context.put(actionType, SAMLRequest);
 	            Logger.debug("Encoded " + actionType + " original: " + SAMLRequest);
 
-	            context.put("RelayState", pendingRequestID);
+	            context.put("RelayState", pendingReq.getRequestID());
 	            
 	            Logger.debug("Using assertion consumer url as action: " + destination);
 	            context.put("action", destination);
@@ -227,7 +182,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", 
 					new EIDASEngineException("Could not generate token for Saml Request", e));
 			
-		} catch (EIDASEngineException | MOAIDException | MOADatabaseException e) {
+		} catch (EIDASEngineException | MOAIDException e) {
 			throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", e);
 			
 		} 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 5a7e77bc7..19666326a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -1,15 +1,10 @@
 package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.ObjectUtils;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
@@ -19,7 +14,6 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineExcepti
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -34,56 +28,19 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException {
 
-		try{
-			String pendingRequestID = StringEscapeUtils.escapeHtml(
-					ObjectUtils.defaultIfNull(
-							request.getParameter(PARAM_TARGET_PENDINGREQUESTID), 
-							(String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID)));
-			
-			if (MiscUtil.isEmpty(pendingRequestID)) {				
-				Logger.info("No PendingRequestID received");
-				throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
-			}
-			
-			pendingReq = requestStoreage.getPendingRequest(pendingRequestID);	
-		
-			if (pendingReq == null) {
-				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
-				throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-				
-			}
-						
-			//change pending-request ID
-			String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
-			executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
-									
-			try {			
-				moasession  = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
-			
-				if (moasession == null) {
-					Logger.warn("MOASessionID is empty.");
-					throw new MOAIDException("auth.18", new Object[] {});
-				}
-				
-			} catch (MOADatabaseException e) {
-				Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
-				throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
-
-			} catch (Throwable e) {
-				Logger.info("No HTTP Session found!");
-				throw new MOAIDException("auth.18", new Object[] {});
-			}
-	
-			//load service-provider configuration
-			IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
-			
-			//get SAML Response and decode it
+		try{			
+			//get SAML Response
 			String base64SamlToken = request.getParameter("SAMLResponse");
 			if (MiscUtil.isEmpty(base64SamlToken)) {
 				Logger.warn("No eIDAS SAMLReponse found in http request.");
 				throw new MOAIDException("HTTP request includes no eIDAS SAML-Response element.", null);
 				
-			}						
+			}
+			
+			//get MOASession
+			defaultTaskInitialization(request, executionContext);
+			
+			//decode SAML response
 			byte[] decSamlToken = EIDASUtil.decodeSAMLToken(base64SamlToken);		
 			
 			//get eIDAS SAML-engine
-- 
cgit v1.2.3


From ca8b83874c03a8719a56816408c8df44d49640f1 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 22 Feb 2016 11:32:11 +0100
Subject: change Spring types

---
 .../moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java       | 4 ++--
 .../moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java     | 4 ++--
 .../moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java     | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
index 052d18b0f..515ce2913 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -31,7 +31,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.xml.parsers.ParserConfigurationException;
 
-import org.springframework.stereotype.Service;
+import org.springframework.stereotype.Component;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.xml.sax.SAXException;
@@ -57,7 +57,7 @@ import eu.eidas.auth.commons.IPersonalAttributeList;
  * @author tlenz
  *
  */
-@Service("CreateIdentityLinkTask")
+@Component("CreateIdentityLinkTask")
 public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 
 	/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 6053c8aa2..2156720e8 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -34,7 +34,7 @@ import org.apache.commons.lang3.StringUtils;
 import org.apache.velocity.Template;
 import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
-import org.springframework.stereotype.Service;
+import org.springframework.stereotype.Component;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -65,7 +65,7 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
  * @author tlenz
  *
  */
-@Service("GenerateAuthnRequestTask")
+@Component("GenerateAuthnRequestTask")
 public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 
 	/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 19666326a..dea9e675e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -3,7 +3,7 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.springframework.stereotype.Service;
+import org.springframework.stereotype.Component;
 
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -22,7 +22,7 @@ import eu.eidas.auth.commons.EIDASUtil;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
 import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
 
-@Service("ReceiveAuthnResponseTask")
+@Component("ReceiveAuthnResponseTask")
 public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 
 	@Override
-- 
cgit v1.2.3


From b1235f66ee1e890f9868724f9faedd222541178b Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 22 Feb 2016 11:34:32 +0100
Subject: refactor PVP implementation to share code with PVP Service-Provider
 moduls

---
 .../egovernment/moa/id/protocols/eidas/EIDASData.java   | 17 +++++------------
 .../moa/id/protocols/eidas/EIDASProtocol.java           |  6 ++++--
 2 files changed, 9 insertions(+), 14 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
index 374c3df30..5c25c49c5 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
@@ -2,26 +2,19 @@ package at.gv.egovernment.moa.id.protocols.eidas;
 
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
-
 import org.opensaml.saml2.core.Attribute;
+import org.springframework.beans.factory.config.BeanDefinition;
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Component;
 
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import eu.eidas.auth.commons.EIDASAuthnRequest;
 
+@Component("EIDASData")
+@Scope(value = BeanDefinition.SCOPE_PROTOTYPE)
 public class EIDASData extends RequestImpl {
 
-	/**
-	 * @param req
-	 * @throws ConfigurationException
-	 */
-	public EIDASData(HttpServletRequest req) throws ConfigurationException {
-		super(req);
-
-	}
-
 	/** The Constant serialVersionUID. */
 	private static final long serialVersionUID = 8765755670214923910L;
 	
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index cf3960815..4caa6700a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -69,7 +69,8 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
 	public void eIDASMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
 		
 		//create pendingRequest object
-		EIDASData pendingReq = new EIDASData(req);
+		EIDASData pendingReq = applicationContext.getBean(EIDASData.class);
+		pendingReq.initialize(req);
 		pendingReq.setModule(NAME);
 		pendingReq.setNeedAuthentication(false);
 		pendingReq.setAuthenticated(false);
@@ -97,7 +98,8 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
 	public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException {
 		
 		//create pending-request object
-		EIDASData pendingReq = new EIDASData(req);
+		EIDASData pendingReq = applicationContext.getBean(EIDASData.class);
+		pendingReq.initialize(req);
 		pendingReq.setModule(NAME);
 		
 		revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
-- 
cgit v1.2.3


From f81e455bfc1bdd23ce89bfcc0b626210417d0cbb Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 22 Feb 2016 12:27:38 +0100
Subject: fix some refactoring problems

---
 .../java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java     | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
index 5c25c49c5..3c33b8d58 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
@@ -1,8 +1,7 @@
 package at.gv.egovernment.moa.id.protocols.eidas;
 
-import java.util.List;
+import java.util.Collection;
 
-import org.opensaml.saml2.core.Attribute;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
@@ -28,7 +27,7 @@ public class EIDASData extends RequestImpl {
 	private String remoteIPAddress;
 
 	@Override
-	public List<Attribute> getRequestedAttributes() {
+	public Collection<String> getRequestedAttributes() {
 		// TODO Auto-generated method stub
 		return null;
 	}
-- 
cgit v1.2.3


From beb1b84572d38646d9b55a7014484e5d1cd38eab Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Mon, 22 Feb 2016 17:06:00 +0100
Subject: added outbound encryption

---
 .../moa/id/auth/modules/eidas/Constants.java       |  2 +-
 .../modules/eidas/config/ModifiedEncryptionSW.java | 29 ++++++++++++++++++++++
 .../id/protocols/eidas/AuthenticationRequest.java  |  4 +++
 3 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 5166f090d..d6cacf4fe 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -39,7 +39,7 @@ public class Constants {
 	
 	//default implementations for eIDAS SAML-engine functionality
 	public static final String SAML_SIGNING_IMPLENTATION = "eu.eidas.auth.engine.core.impl.SignSW";
-	public static final String SAML_ENCRYPTION_IMPLENTATION = "eu.eidas.auth.engine.core.impl.EncryptionSW";
+	public static final String SAML_ENCRYPTION_IMPLENTATION = "at.gv.egovernment.moa.id.auth.modules.eidas.config.ModifiedEncryptionSW";
 	
 	//configuration property keys
 	public static final String CONIG_PROPS_EIDAS_PREFIX="moa.id.protocols.eIDAS";
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
new file mode 100644
index 000000000..bdd8c8e72
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
@@ -0,0 +1,29 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.config;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.eidas.auth.engine.core.impl.EncryptionSW;
+
+/**
+ * This encryption module asks the moa configuration on whether to encrypt the response or not. In doubt, encryption is enforced.
+ */
+public class ModifiedEncryptionSW extends EncryptionSW {
+
+	@Override
+	public boolean isEncryptionEnable(String countryCode) {
+		// - encrypt if so configured
+		try {
+			AuthConfiguration moaconfig = AuthConfigurationProviderFactory.getInstance();
+			Boolean useEncryption = moaconfig.getStorkConfig().getCPEPS(countryCode).isXMLSignatureSupported();
+			Logger.info(useEncryption ? "using encryption" : "do not use encrpytion");
+			return useEncryption;
+		} catch(NullPointerException | ConfigurationException e) {
+			Logger.warn("failed to gather information about encryption for countryCode " + countryCode + " - thus, enabling encryption");
+			if(Logger.isDebugEnabled())
+				e.printStackTrace();
+			return true;
+		}
+	}
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
index 238c823cf..68ff0425a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
@@ -115,6 +115,10 @@ public class AuthenticationRequest implements IAction {
 		try {
 			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
 			
+			// encryption is done by the SamlEngine, i.e. by the module we provide in the config
+			// but we need to set the appropriate request issuer
+			engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer());
+
 			// check if we have the destination available, supply it if not
 			if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) {
 				String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
-- 
cgit v1.2.3


From 48fd33725c53136fe505067b93390b39e19c41b7 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 2 Mar 2016 11:20:36 +0100
Subject: temporarily commit to save state

---
 .../engine/MOAeIDASChainingMetadataProvider.java   |   3 +-
 .../engine/MOAeIDASMetadataSignatureFilter.java    | 132 ---------------------
 2 files changed, 2 insertions(+), 133 deletions(-)
 delete mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataSignatureFilter.java

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index 965abcde1..55504dcb0 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -34,6 +34,7 @@ import at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing;
 import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
 import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -178,7 +179,7 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 			
 			//add Metadata filters
 			MetadataFilterChain filter = new MetadataFilterChain();
-			filter.addFilter(new MOAeIDASMetadataSignatureFilter(
+			filter.addFilter(new MOASPMetadataSignatureFilter(
 					authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE)));
 			httpProvider.setMetadataFilter(filter);
 			
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataSignatureFilter.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataSignatureFilter.java
deleted file mode 100644
index c9f3e5bcd..000000000
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataSignatureFilter.java
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
-
-import java.io.IOException;
-import java.io.StringWriter;
-
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerConfigurationException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.TransformerFactoryConfigurationError;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.provider.FilterException;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.xml.XMLObject;
-
-import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils;
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class MOAeIDASMetadataSignatureFilter implements MetadataFilter {
-
-	private String trustProfileID = null;
-	
-	/**
-	 * 
-	 */
-	public MOAeIDASMetadataSignatureFilter(String trustProfileID) {
-		this.trustProfileID = trustProfileID;
-		
-	}
-	
-	
-	/* (non-Javadoc)
-	 * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
-	 */
-	@Override
-	public void doFilter(XMLObject metadata) throws FilterException {
-		if (metadata instanceof EntityDescriptor) {
-			if (((EntityDescriptor) metadata).isSigned()) {				
-				EntityDescriptor entityDes = (EntityDescriptor) metadata;
-				//check signature;
-				try {
-					Transformer transformer = TransformerFactory.newInstance()
-							.newTransformer();	
-					StringWriter sw = new StringWriter();
-					StreamResult sr = new StreamResult(sw);
-					DOMSource source = new DOMSource(metadata.getDOM());
-					transformer.transform(source, sr);
-					sw.close();
-					String metadataXML = sw.toString();
-					
-					SignatureVerificationUtils sigVerify = 
-							new SignatureVerificationUtils();
-					VerifyXMLSignatureResponse result = sigVerify.verify(
-							metadataXML.getBytes(), trustProfileID);
-					
-					//check signature-verification result
-					if (result.getSignatureCheckCode() != 0) {
-						Logger.warn("eIDAS Metadata signature-verification FAILED!"
-								+ " Metadata: " + entityDes.getEntityID()
-								+ " StatusCode:" + result.getSignatureCheckCode());
-						throw new FilterException("eIDAS Metadata signature-verification FAILED!"
-								+ " Metadata: " + entityDes.getEntityID()
-								+ " StatusCode:" + result.getSignatureCheckCode());
-						
-					}
-					
-					if (result.getCertificateCheckCode() != 0) {
-						Logger.warn("eIDAS Metadata certificate-verification FAILED!"
-								+ " Metadata: " + entityDes.getEntityID()
-								+ " StatusCode:" + result.getCertificateCheckCode());
-						throw new FilterException("eIDAS Metadata certificate-verification FAILED!"
-								+ " Metadata: " + entityDes.getEntityID()
-								+ " StatusCode:" + result.getCertificateCheckCode());
-						
-					}
-					
-				
-				} catch (MOAIDException | TransformerFactoryConfigurationError | TransformerException | IOException e) {
-					Logger.error("eIDAS Metadata verification has an interal error.", e);
-					throw new FilterException("eIDAS Metadata verification has an interal error."
-							+ " Message:" + e.getMessage());
-					
-				}
-				
-				
-			} else {
-				Logger.warn("eIDAS Metadata root-element MUST be signed.");
-				throw new FilterException("eIDAS Metadata root-element MUST be signed.'");
-				
-			}
-						
-		} else {
-			Logger.warn("eIDAS Metadata root-element is not of type 'EntityDescriptor'");
-			throw new FilterException("eIDAS Metadata root-element is not of type 'EntityDescriptor'");
-			
-		}
-		
-	}
-
-}
-- 
cgit v1.2.3


From e2d27757411fdcba586cc162f362c72ca3ae689c Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 8 Mar 2016 11:09:04 +0100
Subject: move SpingWebContextInitialisation into an appropriate jar to use
 moa-id-lib in other Spring based web applications

---
 .../auth/modules/eidas/eIDASAuthenticationSpringResourceProvider.java  | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationSpringResourceProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationSpringResourceProvider.java
index 384516711..70bd7b3d7 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationSpringResourceProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationSpringResourceProvider.java
@@ -4,7 +4,6 @@ import org.springframework.core.io.ClassPathResource;
 import org.springframework.core.io.Resource;
 
 import at.gv.egiz.components.spring.api.SpringResourceProvider;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthSpringResourceProvider;
 
 public class eIDASAuthenticationSpringResourceProvider implements SpringResourceProvider {
 
@@ -21,7 +20,7 @@ public class eIDASAuthenticationSpringResourceProvider implements SpringResource
 
 	@Override
 	public Resource[] getResourcesToLoad() {
-		ClassPathResource eIDASAuthConfig = new ClassPathResource("/moaid_eidas_auth.beans.xml", MOAIDAuthSpringResourceProvider.class);					
+		ClassPathResource eIDASAuthConfig = new ClassPathResource("/moaid_eidas_auth.beans.xml", eIDASAuthenticationSpringResourceProvider.class);					
 		
 		return new Resource[] {eIDASAuthConfig};
 	}
-- 
cgit v1.2.3


From b9937af42fdab6b85aa1121148bda474c70f5e75 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 8 Mar 2016 11:10:19 +0100
Subject: finish first beta-version of ELGA mandate-service client-module

---
 .../java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java | 2 --
 .../moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java   | 4 ++++
 .../at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java     | 3 ++-
 .../moa/id/protocols/eidas/eIDASAuthenticationRequest.java          | 6 +++---
 4 files changed, 9 insertions(+), 6 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 909b29fab..8471439e2 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -79,6 +79,4 @@ public class Constants {
 	public static final int eIDAS_REVERSIONSLOG_SP_AUTHREQUEST= 3403;
 	public static final int eIDAS_REVERSIONSLOG_SP_AUTHRESPONSE= 3404;
 	
-	public static final String eIDAS_GENERIC_REQ_DATA_COUNTRY = "country";
-	
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index dea9e675e..9858d6004 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -15,6 +15,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeLis
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.EIDASAuthnResponse;
@@ -72,6 +73,9 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 					AuthenticationSessionStorageConstants.eIDAS_RESPONSE, 
 					decSamlToken);
 			
+			//set issuer nation as PVP attribute into MOASession
+			moasession.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry());
+						
 			//store MOA-session to database
 			authenticatedSessionStorage.storeSession(moasession);
 			
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 4caa6700a..1e3b0f507 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -153,7 +154,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
 			
 			// - memorize country code of target country
 			pendingReq.setGenericDataToSession(
-					Constants.eIDAS_GENERIC_REQ_DATA_COUNTRY, samlReq.getCountry());
+					RequestImpl.eIDAS_GENERIC_REQ_DATA_COUNTRY, samlReq.getCountry());
 			
 			// - memorize requested attributes
 			pendingReq.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList()));
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index d75d4b1b9..5f3f89aee 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -37,7 +37,6 @@ import org.springframework.http.MediaType;
 import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
@@ -90,8 +89,9 @@ public class eIDASAuthenticationRequest implements IAction {
 			case Constants.eIDAS_ATTR_DATEOFBIRTH: newValue = new SimpleDateFormat("YYYY-MM-dd").format(authData.getDateOfBirth()); break;
 			case Constants.eIDAS_ATTR_CURRENTFAMILYNAME: newValue = authData.getFamilyName();break;
 			case Constants.eIDAS_ATTR_CURRENTGIVENNAME: newValue = authData.getGivenName();break;
-			case Constants.eIDAS_ATTR_PERSONALIDENTIFIER: newValue = new BPKBuilder().buildStorkeIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(),
-                    eidasRequest.getGenericData(Constants.eIDAS_GENERIC_REQ_DATA_COUNTRY, String.class)); break;
+			
+			//TODO: change bPK builder !!!!!!
+			case Constants.eIDAS_ATTR_PERSONALIDENTIFIER: newValue = authData.getBPK(); break;
 			}
 			
 			if("".equals(newValue))
-- 
cgit v1.2.3


From f67427831d1f8c49ce6c474691b880d90a42b584 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 14 Mar 2016 09:17:57 +0100
Subject: refactor the GUI generation for user interaction

---
 .../config/MOAIDCertificateManagerConfigurationImpl.java     |  8 ++++----
 .../eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java    |  2 +-
 .../id/auth/modules/eidas/config/ModifiedEncryptionSW.java   |  4 ++--
 .../eidas/engine/MOAeIDASChainingMetadataProvider.java       |  2 +-
 .../eidas/exceptions/EIDASEngineConfigurationException.java  |  2 +-
 .../id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java  |  2 +-
 .../auth/modules/eidas/tasks/GenerateAuthnRequestTask.java   | 12 ++++++------
 .../auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java   |  2 +-
 .../gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java |  9 ++++-----
 .../moa/id/protocols/eidas/EidasMetaDataRequest.java         |  4 ++--
 .../moa/id/protocols/eidas/eIDASAuthenticationRequest.java   |  6 +++---
 11 files changed, 26 insertions(+), 27 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java
index 9b634ff4d..1759a7281 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java
@@ -54,7 +54,7 @@ public class MOAIDCertificateManagerConfigurationImpl extends
 		try {
 			initalizeConfiguration();
 			
-		} catch (at.gv.egovernment.moa.id.config.ConfigurationException e) {
+		} catch (at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException e) {
 			Logger.error("eIDAS SAML-engine initialization FAILED", e);
 			
 		}
@@ -89,7 +89,7 @@ public class MOAIDCertificateManagerConfigurationImpl extends
 			try {
 				initalizeConfiguration();
 				
-			} catch (at.gv.egovernment.moa.id.config.ConfigurationException e) {
+			} catch (at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException e) {
 				Logger.error("eIDAS SAML-engine initialization FAILED", e);
 				
 			}
@@ -103,10 +103,10 @@ public class MOAIDCertificateManagerConfigurationImpl extends
 	
 	/**
 	 * Initialize eIDAS SAML-engine from MOA-ID configuration
-	 * @throws at.gv.egovernment.moa.id.config.ConfigurationException 
+	 * @throws at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException 
 	 * 
 	 */
-	private void initalizeConfiguration() throws at.gv.egovernment.moa.id.config.ConfigurationException {
+	private void initalizeConfiguration() throws at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException {
 		//initialize configuration
 		MOAeIDASSAMLEngineConfigurationImpl tmp = new MOAeIDASSAMLEngineConfigurationImpl();
 		tmp.initialize();
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
index 584910ea5..5d1874157 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
@@ -37,7 +37,7 @@ import java.util.Properties;
 
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.FileUtils;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
index bdd8c8e72..1ba344fd1 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
@@ -1,7 +1,7 @@
 package at.gv.egovernment.moa.id.auth.modules.eidas.config;
 
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.engine.core.impl.EncryptionSW;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index 55504dcb0..d0454688a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -26,9 +26,9 @@ import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
 import org.opensaml.xml.XMLObject;
 
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
 import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing;
 import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java
index 98bc559d2..20f18b772 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java
@@ -22,7 +22,7 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
 
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 
 /**
  * @author tlenz
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
index 515ce2913..7a696cd2f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -39,12 +39,12 @@ import org.xml.sax.SAXException;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 2156720e8..6de446e01 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -36,19 +36,19 @@ import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.stork.CPEPS;
-import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.commons.EIDASAuthnRequest;
 import eu.eidas.auth.commons.EIDASUtil;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 9858d6004..082fdbbbf 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -6,13 +6,13 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.stereotype.Component;
 
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 1e3b0f507..83fadb04e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -32,13 +32,12 @@ import org.springframework.web.bind.annotation.RequestMethod;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
 import at.gv.egovernment.moa.logging.Logger;
@@ -167,7 +166,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
 			pendingReq.setOAURL(samlReq.getIssuer());
 	
 			// - memorize OA config
-			OAAuthParameter oaConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(pendingReq.getOAURL());
+			IOAAuthParameters oaConfig = authConfig.getOnlineApplicationParameter(pendingReq.getOAURL());
 			if (oaConfig == null)
 				throw new AuthenticationException("stork.12", new Object[]{pendingReq.getOAURL()});
 			pendingReq.setOnlineApplicationConfiguration(oaConfig);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index 4e34902e2..55f4f44d4 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -23,14 +23,14 @@ import org.slf4j.Logger;
 import org.springframework.http.MediaType;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
 import eu.eidas.auth.engine.metadata.MetadataConfigParams;
 import eu.eidas.auth.engine.metadata.MetadataGenerator;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index 5f3f89aee..4ab587159 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -37,17 +37,17 @@ import org.springframework.http.MediaType;
 import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.commons.EIDASAuthnResponse;
 import eu.eidas.auth.commons.EIDASStatusCode;
-- 
cgit v1.2.3


From cf90af7e819c8844169a142d6f0f9641d6b3dbae Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Fri, 18 Mar 2016 15:15:53 +0100
Subject: add SPType to metadata

---
 .../moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java           | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
index 33b48c0a3..5075e3fe7 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
@@ -32,6 +32,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineExcepti
 import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.core.eidas.SPType;
 import eu.eidas.auth.engine.metadata.MetadataConfigParams;
 import eu.eidas.auth.engine.metadata.MetadataGenerator;
 import eu.eidas.engine.exceptions.SAMLEngineException;
@@ -80,6 +81,7 @@ public class EidasMetaDataServlet extends HttpServlet {
         generator.setConfigParams(mcp);
         generator.initialize(engine);
         mcp.setEntityID(metadata_url);
+        mcp.setSpType(SPType.DEFAULT_VALUE);
 
         generator.addSPRole();
         String returnUrl = sp_return_url;
-- 
cgit v1.2.3


From b29150526d95af2f1c30f4543c88d35c2965dfe6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 22 Mar 2016 14:43:22 +0100
Subject: add revisionslog info's to eIDAS and SLO methods

---
 .../id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java | 11 +++++++++++
 .../id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java |  9 +++++++++
 2 files changed, 20 insertions(+)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 6de446e01..7f3c4bddc 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -36,6 +36,7 @@ import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
 import org.springframework.stereotype.Component;
 
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
@@ -97,6 +98,12 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			String destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination
 			String metadataUrl = cpeps.getPepsURL().toString().split(";")[0].trim();
 
+			
+			//TODO: switch to entityID
+			revisionsLogger.logEvent(oaConfig, pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED,
+					metadataUrl);
+			
 			// assemble requested attributes
 			Collection<StorkAttribute> attributesFromConfig = oaConfig.getRequestedSTORKAttributes();
 
@@ -169,6 +176,10 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 	            response.setContentType("text/html;charset=UTF-8");
 	            response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
 
+	            revisionsLogger.logEvent(oaConfig, pendingReq, 
+						MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED,
+						authnRequest.getSamlId());
+	            
 	        } catch (IOException e) {
 	            Logger.error("Velocity IO error: " + e.getMessage());
 	            throw new MOAIDException("stork.15", null); // TODO
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 082fdbbbf..5d1b7fb6f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -5,6 +5,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.stereotype.Component;
 
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
@@ -79,12 +80,20 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			//store MOA-session to database
 			authenticatedSessionStorage.storeSession(moasession);
 			
+			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED,
+					samlResp.getSamlId());
+			
 		}catch (EIDASSAMLEngineException e) {
 			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
+			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
 			throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", 
 					new EIDASEngineException("Could not validate eIDAS response", e));
 			
 		} catch (EIDASEngineException | MOAIDException | MOADatabaseException e) {
+			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
 			throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e);
 			
 		}	
-- 
cgit v1.2.3


From ab82ea5362dbc6f93e755451e69bd4709017209c Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Tue, 22 Mar 2016 15:31:14 +0100
Subject: fixed missing relay state forwarding

---
 .../id/protocols/eidas/AuthenticationRequest.java    |  4 +++-
 .../moa/id/protocols/eidas/EIDASData.java            | 20 ++++++++++++++++++++
 .../moa/id/protocols/eidas/EIDASProtocol.java        |  4 ++++
 3 files changed, 27 insertions(+), 1 deletion(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
index 68ff0425a..967231110 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
@@ -141,7 +141,9 @@ public class AuthenticationRequest implements IAction {
             VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
             Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
             VelocityContext context = new VelocityContext();
-            
+
+            context.put("RelayState", eidasRequest.getRemoteRelayState());
+
             context.put("SAMLResponse", token);
             Logger.debug("SAMLResponse original: " + token);
 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
index 0bedf0432..38a4d8757 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
@@ -22,6 +22,8 @@ public class EIDASData extends RequestImpl {
 	/** The ip address of the requester. */
 	private String remoteIPAddress;
 
+	private String remoteRelayState;
+
 	@Override
 	public List<Attribute> getRequestedAttributes() {
 		// TODO Auto-generated method stub
@@ -81,4 +83,22 @@ public class EIDASData extends RequestImpl {
 	public void setRemoteAddress(String remoteIP) {
 		remoteIPAddress = remoteIP;
 	}
+
+	/**
+	 * Gets the remote relay state.
+	 *
+	 * @return the remote relay state
+	 */
+	public String getRemoteRelayState() {
+		return remoteRelayState;
+	}
+
+	/**
+	 * Sets the remote relay state.
+	 *
+	 * @param relayState the new remote relay state
+	 */
+	public void setRemoteRelayState(String relayState) {
+		remoteRelayState = relayState;
+	}
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index a94e136b4..072f1661a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -107,6 +107,10 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
 			// - memorize remote ip
 			result.setRemoteAddress(request.getRemoteAddr());
 			
+			// - memorize relaystate
+			String relayState = request.getParameter("RelayState");
+			result.setRemoteRelayState(relayState);
+
 			// - memorize country code of target country
 			result.setTarget(samlReq.getCountry());
 			
-- 
cgit v1.2.3


From a6b1b3ba3bcc9edbfc3fe073e119335ea868c74a Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Tue, 22 Mar 2016 15:33:25 +0100
Subject: removed misleading warn statement

---
 .../moa/id/auth/modules/eidas/eIDASSignalServlet.java   | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
index 49f0451cb..6a0cf6dfa 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
@@ -64,12 +64,13 @@ public class eIDASSignalServlet extends ProcessEngineSignalServlet {
 			// use SAML2 relayState
 			if (sessionId == null) {
 				sessionId = StringEscapeUtils.escapeHtml(request.getParameter("RelayState"));
-			}
+			} else
+				Logger.warn("No parameter 'SAMLResponse'. Unable to retrieve MOA session id.");
 
 			// take from InResponseTo attribute of SAMLResponse
-			if (sessionId == null) {
-				String base64SamlToken = request.getParameter("SAMLResponse");
-				if (base64SamlToken != null && false) {
+//			if (sessionId == null) {
+//				String base64SamlToken = request.getParameter("SAMLResponse");
+//				if (base64SamlToken != null && false) {
 //					byte[] samlToken = Base64Utils.decode(base64SamlToken, false);
 //					Document samlResponse = parseDocument(new ByteArrayInputStream(samlToken));
 //
@@ -80,10 +81,10 @@ public class eIDASSignalServlet extends ProcessEngineSignalServlet {
 //					XPathExpression expression = xPath.compile("string(/saml2p:Response/@InResponseTo)");
 //					sessionId = (String) expression.evaluate(samlResponse, XPathConstants.STRING);
 //					sessionId = StringEscapeUtils.escapeHtml(StringUtils.trimToNull(sessionId));
-				} else {
-					Logger.warn("No parameter 'SAMLResponse'. Unable to retrieve MOA session id.");
-				}
-			}
+//				} else {
+//					Logger.warn("No parameter 'SAMLResponse'. Unable to retrieve MOA session id.");
+//				}
+//			}
 
 		} catch (Exception e) {
 			Logger.warn("Unable to retrieve moa session id.", e);
-- 
cgit v1.2.3


From db813d7524890a60bbd13f60c9c448dc1ef6cfd6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 23 Mar 2016 15:16:19 +0100
Subject: add additional parameters to ELGA mandate-service client
 implementation

---
 .../egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index 55f4f44d4..557b83487 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -104,13 +104,14 @@ public class EidasMetaDataRequest implements IAction {
         generator.setConfigParams(mcp);
         generator.initialize(engine);
         mcp.setEntityID(metadata_url);
-
-        generator.addSPRole();
+        
         String returnUrl = sp_return_url;
         mcp.setAssertionConsumerUrl(returnUrl);
-
-        generator.addIDPRole();
         mcp.setAssuranceLevel("http://eidas.europa.eu/LoA/substantial"); // TODO make configurable
+        
+        generator.addSPRole();
+        generator.addIDPRole();
+        
 
         metadata = generator.generateMetadata();
         return metadata;
-- 
cgit v1.2.3


From 98bc3e020f01a00d8a686c9c6005a71133cbd2a4 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Thu, 24 Mar 2016 15:43:47 +0100
Subject: changed metadata contenttype from text/xml to app/xml

---
 .../moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
index 5075e3fe7..a625de74e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
@@ -63,7 +63,7 @@ public class EidasMetaDataServlet extends HttpServlet {
 
             logger.trace(metaData);
 
-            response.setContentType(MediaType.TEXT_XML.getType());
+            response.setContentType(MediaType.APPLICATION_XML.getType());
             response.getWriter().print(metaData);
             response.flushBuffer();
         } catch (Exception e) {
-- 
cgit v1.2.3


From 8ca28920c78f58c1e1bd48bd5805a9f939f40c65 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 30 Mar 2016 13:19:37 +0200
Subject: fix possible eIDAS attributes in IDP metadata

---
 .../moa/id/auth/modules/eidas/Constants.java       | 54 +++++++++++++++++++---
 .../eidas/engine/MOAeIDAsExtensionProcessor.java   | 48 +++++++++++++++++++
 .../auth/modules/eidas/utils/SAMLEngineUtils.java  |  8 +++-
 3 files changed, 103 insertions(+), 7 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDAsExtensionProcessor.java

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 8471439e2..d93d739b1 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -22,6 +22,16 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas;
 
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.opensaml.xml.encryption.EncryptionConstants;
+import org.opensaml.xml.signature.SignatureConstants;
+
+import eu.eidas.auth.engine.core.eidas.EidasAttributesTypes;
+import eu.eidas.auth.engine.core.validator.eidas.EIDASAttributes;
+
 /**
  * @author tlenz
  *
@@ -60,23 +70,55 @@ public class Constants {
 	public static final long CONFIG_PROPS_METADATA_GARBAGE_TIMEOUT = 7 * 24 * 60 * 60 * 1000;	//remove unused eIDAS metadata after 7 days
 		
 	//eIDAS attribute names
-	public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier";
-	public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth";
-	public static final String eIDAS_ATTR_CURRENTGIVENNAME = "CurrentGivenName";
-	public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "CurrentFamilyName";
+	public static final String eIDAS_ATTR_PERSONALIDENTIFIER = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_PERSONIDENTIFIER;
+	public static final String eIDAS_ATTR_DATEOFBIRTH = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_DATEOFBIRTH;
+	public static final String eIDAS_ATTR_CURRENTGIVENNAME = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_FIRSTNAME;
+	public static final String eIDAS_ATTR_CURRENTFAMILYNAME = EIDASAttributes.ATTRIBUTE_NAME_SUFFIX_GIVENNAME;
 		
 	//http endpoint descriptions
 	public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/sp/post";
 	public static final String eIDAS_HTTP_ENDPOINT_SP_REDIRECT = "/eidas/sp/redirect";
-	public static final String eIDAS_HTTP_ENDPOINT_IDP_POST = "/eidas/idp/post";
+	public static final String eIDAS_HTTP_ENDPOINT_IDP_POST = "/eidas/idp/post";	
+	public static final String eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST = "/eidas/ColleagueRequest";
 	public static final String eIDAS_HTTP_ENDPOINT_IDP_REDIRECT = "/eidas/idp/redirect";
 	public static final String eIDAS_HTTP_ENDPOINT_METADATA = "/eidas/metadata";
 	
+	
 	//Event-Codes for Revisionslog
 	public static final int eIDAS_REVERSIONSLOG_METADATA = 3400;
 	public static final int eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST = 3401;
 	public static final int eIDAS_REVERSIONSLOG_IDP_AUTHRESPONSE = 3402;
 	public static final int eIDAS_REVERSIONSLOG_SP_AUTHREQUEST= 3403;
 	public static final int eIDAS_REVERSIONSLOG_SP_AUTHRESPONSE= 3404;
-	
+		
+	//metadata constants
+    public final static Map<String, EidasAttributesTypes> METADATA_POSSIBLE_ATTRIBUTES = Collections.unmodifiableMap(
+            new HashMap<String, EidasAttributesTypes>(){
+				private static final long serialVersionUID = 1L;
+				{
+                    put(EIDASAttributes.ATTRIBUTE_GIVENNAME, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+                    put(EIDASAttributes.ATTRIBUTE_FIRSTNAME, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+                    put(EIDASAttributes.ATTRIBUTE_DATEOFBIRTH, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+                    put(EIDASAttributes.ATTRIBUTE_PERSONIDENTIFIER, EidasAttributesTypes.NATURAL_PERSON_MANDATORY);
+
+                    //TODO: add additional attributes for eIDAS with mandates
+                    //put(EIDASAttributes.ATTRIBUTE_LEGALIDENTIFIER, EidasAttributesTypes.LEGAL_PERSON_MANDATORY);
+                    //put(EIDASAttributes.ATTRIBUTE_LEGALNAME, EidasAttributesTypes.LEGAL_PERSON_MANDATORY);
+                }
+            }
+    );
+    
+    public static final String METADATA_ALLOWED_ALG_DIGIST = 
+    		SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256 + ";" + 
+    		SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512 ;
+    
+    public static final String METADATA_ALLOWED_ALG_SIGN = 
+    		SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256 + ";" + 
+    		SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512;
+    
+    public static final String METADATA_ALLOWED_ALG_ENCRYPT = 
+    		EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM + ";" + 
+    		EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192_GCM + ";" + 
+    		EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM;
+    
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDAsExtensionProcessor.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDAsExtensionProcessor.java
new file mode 100644
index 000000000..5837d7dbf
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDAsExtensionProcessor.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import eu.eidas.auth.engine.core.ExtensionProcessorI;
+import eu.eidas.auth.engine.core.eidas.EidasExtensionProcessor;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAeIDAsExtensionProcessor extends EidasExtensionProcessor implements ExtensionProcessorI {
+
+	/**
+	 * Add only eIDAS attributes which are supported by Austrian eIDAS node
+	 * 
+	 */
+    @Override
+    public Set<String> getSupportedAttributes(){
+        Set<String> supportedAttributes=new HashSet<String>( Constants.METADATA_POSSIBLE_ATTRIBUTES.keySet());
+       
+        return supportedAttributes;
+    }
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 8e46f0ef1..8fe44f4d6 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -26,9 +26,11 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDAsExtensionProcessor;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.core.ExtensionProcessorI;
 import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
 import eu.eidas.samlengineconfig.CertificateConfigurationManager;
 
@@ -51,10 +53,14 @@ public class SAMLEngineUtils {
 				EIDASSAMLEngine engine = EIDASSAMLEngine.createSAMLEngine(Constants.eIDAS_SAML_ENGINE_NAME,
 							configManager);
 	
-				//set Metadata managment to eIDAS SAMLengine
+				//set metadata management to eIDAS SAMLengine
 				engine.setMetadataProcessor(
 						new MOAeIDASMetadataProviderDecorator(
 								MOAeIDASChainingMetadataProvider.getInstance()));
+	
+				//set MOA specific extension processor 
+				ExtensionProcessorI extensionProcessor = new MOAeIDAsExtensionProcessor();
+				engine.setExtensionProcessor(extensionProcessor);
 				
 				eIDASEngine = engine;
 				
-- 
cgit v1.2.3


From d44d87570e2c70a16b0f2797d2180b71ba00bc39 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 30 Mar 2016 13:20:17 +0200
Subject: fix missing Spring bean definitions

---
 .../moa/id/auth/modules/eidas/eIDASSignalServlet.java       |  4 ++--
 .../egovernment/moa/id/protocols/eidas/EIDASProtocol.java   | 13 ++++++++++++-
 2 files changed, 14 insertions(+), 3 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
index 9adffe6fd..16d909331 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
@@ -24,7 +24,6 @@ package at.gv.egovernment.moa.id.auth.modules.eidas;
 
 import java.io.IOException;
 
-import javax.servlet.annotation.WebServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -46,7 +45,8 @@ public class eIDASSignalServlet extends AbstractProcessEngineSignalController {
 	public eIDASSignalServlet() {
 		super();
 		Logger.debug("Registering servlet " + getClass().getName() + 
-				" with mappings '/eidas/sp/post' and '/eidas/sp/redirect'.");
+				" with mappings '"+ Constants.eIDAS_HTTP_ENDPOINT_SP_POST + 
+				"' and '"+ Constants.eIDAS_HTTP_ENDPOINT_SP_REDIRECT + "'.");
 		
 	}
 	
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 1c0e60c63..1d1fc5ede 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -27,6 +27,7 @@ import java.io.IOException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
@@ -47,15 +48,25 @@ import eu.eidas.auth.commons.EIDASUtil;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
 
 /**
- * eIDAS Protocol Support for outbound authentication
+ * eIDAS Protocol Support for outbound authentication and metadata generation
  *
  * @author tlenz
  */
+@Controller
 public class EIDASProtocol extends AbstractAuthProtocolModulController {
 
     public static final String NAME = EIDASProtocol.class.getName();
     public static final String PATH = "eidas";
 
+	public EIDASProtocol() {
+		super();
+		Logger.debug("Registering servlet " + getClass().getName() + 
+				" with mappings '" + Constants.eIDAS_HTTP_ENDPOINT_METADATA + 
+				"' and '" + Constants.eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST + 
+				"' and '" + Constants.eIDAS_HTTP_ENDPOINT_IDP_POST +"'.");
+	
+	}
+    
     public String getName() {
         return NAME;
     }
-- 
cgit v1.2.3


From 87083dc7e6914f1c7285b4e4af72e0d1b099b3ff Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 30 Mar 2016 13:20:55 +0200
Subject: add additional information to eIDAS metadata

---
 .../id/protocols/eidas/EidasMetaDataRequest.java   | 61 ++++++++++++++++++----
 1 file changed, 51 insertions(+), 10 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index 4e45d2f47..60ffb3673 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -16,10 +16,13 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.eidas;
 
+import java.util.List;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.slf4j.Logger;
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.Organization;
 import org.springframework.http.MediaType;
 import org.springframework.stereotype.Service;
 
@@ -27,12 +30,15 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
-import eu.eidas.auth.engine.core.eidas.SPType;
+import eu.eidas.auth.engine.metadata.Contact;
 import eu.eidas.auth.engine.metadata.MetadataConfigParams;
 import eu.eidas.auth.engine.metadata.MetadataGenerator;
 import eu.eidas.engine.exceptions.SAMLEngineException;
@@ -43,7 +49,6 @@ import eu.eidas.engine.exceptions.SAMLEngineException;
  */
 @Service("EidasMetaDataRequest")
 public class EidasMetaDataRequest implements IAction {
-    private Logger logger = org.slf4j.LoggerFactory.getLogger(EidasMetaDataRequest.class); 
     
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)
@@ -53,9 +58,7 @@ public class EidasMetaDataRequest implements IAction {
 			HttpServletRequest httpReq, HttpServletResponse httpResp,
 			IAuthData authData) throws MOAIDException {
        
-		try {
-            logger.debug("EidasMetaDataServlet GET");
-            
+		try {            
             String pubURLPrefix = req.getAuthURL();
             
             String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
@@ -63,7 +66,7 @@ public class EidasMetaDataRequest implements IAction {
             String sp_return_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_SP_POST;            
             String metaData = generateMetadata(metadata_url, sp_return_url);
 
-            logger.trace(metaData);
+            Logger.trace(metaData);
 
             httpResp.setContentType(MediaType.APPLICATION_XML.getType());
             httpResp.getWriter().print(metaData);
@@ -105,11 +108,49 @@ public class EidasMetaDataRequest implements IAction {
         generator.setConfigParams(mcp);
         generator.initialize(engine);
         
-        mcp.setEntityID(metadata_url);
-        mcp.setSpType(SPType.DEFAULT_VALUE);
+        mcp.setEntityID(metadata_url);        
         mcp.setAssertionConsumerUrl(sp_return_url);
-        mcp.setAssuranceLevel("http://eidas.europa.eu/LoA/substantial"); // TODO make configurable
         
+        
+        //TODO: make it configurable
+        mcp.setAuthnRequestsSigned(true);
+        mcp.setWantAssertionsSigned(true);
+        mcp.setAssuranceLevel("http://eidas.europa.eu/LoA/substantial");
+        
+        //must be set in request, because it could be different for every online-application
+        //mcp.setSpType(SPType.DEFAULT_VALUE);
+        
+        mcp.setDigestMethods(Constants.METADATA_ALLOWED_ALG_DIGIST);
+        mcp.setSigningMethods(Constants.METADATA_ALLOWED_ALG_SIGN);
+        mcp.setEncryptionAlgorithms(Constants.METADATA_ALLOWED_ALG_ENCRYPT);
+        
+        //add organisation information from PVP metadata information        
+        Organization pvpOrganisation = null;
+		try {
+			pvpOrganisation = PVPConfiguration.getInstance().getIDPOrganisation();			
+			Contact technicalContact = new Contact();
+			
+			List<ContactPerson> contacts = PVPConfiguration.getInstance().getIDPContacts();
+			if (contacts != null && contacts.size() >= 1) {								
+				technicalContact.setEmail(contacts.get(0).getEmailAddresses().get(0).getAddress());
+				technicalContact.setGivenName(contacts.get(0).getGivenName().getName());
+				technicalContact.setSurName(contacts.get(0).getSurName().getName());
+				technicalContact.setPhone(contacts.get(0).getTelephoneNumbers().get(0).getNumber());
+				mcp.setTechnicalContact(technicalContact );			
+				
+			}
+			
+			if (pvpOrganisation != null) {
+	        	mcp.setNodeUrl(pvpOrganisation.getURLs().get(0).getURL().getLocalString());
+	        	mcp.setCountryName("Austria");		        
+	        	technicalContact.setCompany(pvpOrganisation.getDisplayNames().get(0).getName().getLocalString());
+			}
+									
+		} catch (ConfigurationException | NullPointerException e) {
+			Logger.warn("Can not load Organisation or Contact from Configuration", e);
+			
+		}
+		        
         generator.addSPRole();
         generator.addIDPRole();
         
-- 
cgit v1.2.3


From 5c4a5f2877264aa354cf909ce598ff9d84139022 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 30 Mar 2016 13:21:18 +0200
Subject: set correct SPType in eIDAS authnRequest

---
 .../moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java  | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 7f3c4bddc..c953e40ef 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -139,7 +139,12 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			authnRequest.setEidasNameidFormat(EIDASAuthnRequest.NAMEID_FORMAT_UNSPECIFIED);
 			authnRequest.setEidasLoA(EidasLoaLevels.LOW.stringValue());
 			authnRequest.setEidasLoACompareType(EidasLoaCompareType.MINIMUM.stringValue());
-			authnRequest.setSPType(SPType.DEFAULT_VALUE);
+			
+			//set correct SPType for this online application
+			if (oaConfig.getBusinessService())
+				authnRequest.setSPType("private");
+			else
+				authnRequest.setSPType(SPType.DEFAULT_VALUE);
 
 			engine.initRequestedAttributes(pAttList);
 			authnRequest = engine.generateEIDASAuthnRequest(authnRequest);
-- 
cgit v1.2.3


From fb01851bc8fb7dfede70ddbe251f3e416bbd36b3 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 30 Mar 2016 13:21:59 +0200
Subject: add Metadata reload functionality to getRole(*) methods

---
 .../eidas/engine/MOAeIDASChainingMetadataProvider.java     | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index d0454688a..491139fb5 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -341,12 +341,22 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 
 	public List<RoleDescriptor> getRole(String entityID, QName roleName)
 			throws MetadataProviderException {
-		return internalProvider.getRole(entityID, roleName);
+		EntityDescriptor entityDesc = getEntityDescriptor(entityID);
+		if (entityDesc != null)
+			return entityDesc.getRoleDescriptors(roleName);
+		
+		else
+			return null;
 	}
 
 	public RoleDescriptor getRole(String entityID, QName roleName,
 			String supportedProtocol) throws MetadataProviderException {
-		return internalProvider.getRole(entityID, roleName, supportedProtocol);
+		EntityDescriptor entityDesc = getEntityDescriptor(entityID);
+		if (entityDesc != null)		
+			return internalProvider.getRole(entityID, roleName, supportedProtocol);
+		
+		else
+			return null;
 	}
 
 	/* (non-Javadoc)
-- 
cgit v1.2.3


From 88fe47db569a262a4631e002187f54979d1ab9a6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 30 Mar 2016 13:36:35 +0200
Subject: extract eIDAS SPType from inbound AuthnRequest

---
 .../at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java  | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 1d1fc5ede..1996c3d7c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -186,6 +186,15 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
 				throw new AuthenticationException("stork.12", new Object[]{pendingReq.getOAURL()});
 			pendingReq.setOnlineApplicationConfiguration(oaConfig);
 
+			String spType = samlReq.getSPType();
+			if (MiscUtil.isEmpty(spType)) {
+				Logger.info("Load SPType from metadata ... IS NOT IMPLEMENTED YET!!!");
+				//TODO: maybe implement this if required
+							
+			}
+
+			Logger.debug("eIDAS request has SPType:" + spType);
+			
 		} catch(Exception e) {
 			Logger.error("error in preprocessing step", e);
 			throw new MOAIDException("error in preprocessing step", null);
-- 
cgit v1.2.3


From 38a8abe06596847cda4e4fd9d5b4f5585c67fc52 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 30 Mar 2016 16:44:02 +0200
Subject: implement first parts of eIDAS module error handling and
 error-response messaging

---
 .../engine/MOAeIDASChainingMetadataProvider.java   |  54 ++++++--
 .../engine/MOAeIDASMetadataProviderDecorator.java  |   2 +
 .../eidas/exceptions/EIDASEngineException.java     |  25 +++-
 .../eidas/exceptions/eIDASAttributeException.java  |  18 ++-
 .../eIDASAuthnRequestProcessingException.java      |  80 ++++++++++++
 .../eIDASAuthnRequestValidationException.java      |  59 +++++++++
 .../modules/eidas/exceptions/eIDASException.java   |  59 +++++++++
 .../exceptions/eIDASResponseBuildException.java    |  62 +++++++++
 .../eidas/tasks/CreateIdentityLinkTask.java        |  29 +++--
 .../eidas/tasks/GenerateAuthnRequestTask.java      |  24 ++--
 .../eidas/tasks/ReceiveAuthnResponseTask.java      |  12 +-
 .../auth/modules/eidas/utils/SAMLEngineUtils.java  |   2 +-
 .../moa/id/protocols/eidas/EIDASProtocol.java      | 139 +++++++++++++++++++--
 .../id/protocols/eidas/EidasMetaDataRequest.java   |   6 +-
 .../eidas/eIDASAuthenticationRequest.java          |   4 +-
 15 files changed, 516 insertions(+), 59 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index 491139fb5..80a2734f2 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -18,6 +18,7 @@ import org.opensaml.saml2.metadata.EntitiesDescriptor;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.RoleDescriptor;
 import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
+import org.opensaml.saml2.metadata.provider.FilterException;
 import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataFilter;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
@@ -65,7 +66,7 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 	private MOAeIDASChainingMetadataProvider() {
 		internalProvider = new ChainingMetadataProvider();
 		lastAccess = new HashMap<String, Date>();
-		
+				
 	}
 	
 	/* (non-Javadoc)
@@ -92,12 +93,13 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 				}								
 			}
 		
-			if (!expiredEntities.isEmpty()) {			
-				ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
-			
-				//get all actually loaded metadata providers
-				Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
+			ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+			boolean isUpdateRequired = false;
 			
+			//get all actually loaded metadata providers
+			Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
+						
+			if (!expiredEntities.isEmpty()) {										
 				for (String expired : expiredEntities) {
 					if (loadedproviders.containsKey(expired)) {
 						HTTPMetadataProvider provider = loadedproviders.get(expired);
@@ -107,7 +109,8 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 					
 						//remove from map
 						loadedproviders.remove(expired);
-					
+						isUpdateRequired = true;
+						
 						/*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
 						 *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
 						//chainProvider.removeMetadataProvider(provider);					
@@ -118,18 +121,43 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 						Logger.warn("eIDAS metadata for EntityID: " + expired 
 								+ " is marked as unsed, but no loaded metadata provider is found.");
 				
-				}
+				}			
+			}
 			
+			//check signature of all metadata which are actually loaded
+			List<String> nonValidMetadataProvider = new ArrayList<String>();
+			for (HTTPMetadataProvider provider : loadedproviders.values()) {
+				try {
+					provider.getMetadataFilter().doFilter(provider.getMetadata());
+					
+				} catch (FilterException | MetadataProviderException e) {
+					Logger.info("eIDAS MetadataProvider: " + provider.getMetadataURI() 
+						+ " is not valid any more. Reason:" + e.getMessage());
+					if (Logger.isDebugEnabled())
+						Logger.warn("Reason", e);
+
+					nonValidMetadataProvider.add(provider.getMetadataURI());
+										
+				}										
+			}			
+			for (String el : nonValidMetadataProvider) {
+				loadedproviders.remove(el);
+				isUpdateRequired = true;
+				
+			}
+
+			//update chaining metadata-provider if it is required
+			if (isUpdateRequired) {
 				try {
 					synchronized (chainProvider) {
 						chainProvider.setProviders(new ArrayList<MetadataProvider>(loadedproviders.values()));
-					
+				
 						emitChangeEvent();	
 					}
-					
+				
 				} catch (MetadataProviderException e) {
 					Logger.warn("ReInitalize eIDASA MetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy", e);
-				
+			
 				}
 			}
 		}					
@@ -184,7 +212,7 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 			httpProvider.setMetadataFilter(filter);
 			
 			httpProvider.initialize();
-									
+			
 			return httpProvider;
 						
 		} catch (Throwable e) {			
@@ -277,7 +305,7 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 		
 	}
 	
-
+	
 	public boolean requireValidMetadata() {
 		return internalProvider.requireValidMetadata();
 	}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
index e3ae5c046..7537c4d84 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
@@ -94,6 +94,8 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataProcessorI {
 			throws SAMLEngineException {
 		//Do nothing, because metadata signature is already validated during 
 		//metadata provider initialization 
+
+		//TODO: maybe signature validation is needed on every request
 		
 	}
 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
index 95690bbeb..234c4e038 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
@@ -22,19 +22,21 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
 
+import org.opensaml.saml2.core.StatusCode;
 
 /**
  * @author tlenz
  *
  */
-public class EIDASEngineException extends Exception {
+public class EIDASEngineException extends eIDASException {
 
 	/**
+	 * @param objects 
 	 * @param string
 	 * @param e
 	 */
-	public EIDASEngineException(String string, Throwable e) {
-		super(string, e);
+	public EIDASEngineException(String msg, Object[] objects, Throwable e) {
+		super(msg, objects, e);
 	}
 
 	/**
@@ -42,4 +44,21 @@ public class EIDASEngineException extends Exception {
 	 */
 	private static final long serialVersionUID = 1559812927427153879L;
 
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeFirstLevel()
+	 */
+	@Override
+	public String getStatusCodeFirstLevel() {
+		return StatusCode.RESPONDER_URI;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeSecondLevel()
+	 */
+	@Override
+	public String getStatusCodeSecondLevel() {
+		return StatusCode.AUTHN_FAILED_URI;
+	}
+
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
index 7840ae2e6..b25895eca 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
@@ -22,17 +22,31 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
 
+import org.opensaml.saml2.core.StatusCode;
+
 /**
  * @author tlenz
  *
  */
-public class eIDASAttributeException extends Exception {
+public class eIDASAttributeException extends eIDASException {
 
 	private static final long serialVersionUID = 1L;
 	
 	public eIDASAttributeException(String message) {
-		super(message);
+		super("eIDAS.07", new Object[]{message});
 		
 	}
 
+	@Override
+	public String getStatusCodeFirstLevel() {
+		return StatusCode.RESPONDER_URI;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeSecondLevel()
+	 */
+	@Override
+	public String getStatusCodeSecondLevel() {
+		return StatusCode.AUTHN_FAILED_URI;
+	}
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java
new file mode 100644
index 000000000..c96af37ef
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASAuthnRequestProcessingException extends eIDASException {
+
+	private String subStatusCode = null;
+	
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1083563877689098041L;
+
+	/**
+	 * @param messageId
+	 * @param parameters
+	 */
+	public eIDASAuthnRequestProcessingException(String messageId, Object[] parameters) {
+		super(messageId, parameters);
+	}
+	
+	public eIDASAuthnRequestProcessingException(String subStatusCode, String messageId, Object[] parameters) {
+		super(messageId, parameters);
+		this.subStatusCode = subStatusCode;
+	}
+	
+	public eIDASAuthnRequestProcessingException(String messageId, Object[] parameters, Throwable e) {
+		super(messageId, parameters, e );
+	}
+	
+	public eIDASAuthnRequestProcessingException(String subStatusCode, String messageId, Object[] parameters, Throwable e) {
+		super(messageId, parameters, e );
+		this.subStatusCode = subStatusCode;
+	}
+
+	@Override
+	public String getStatusCodeFirstLevel() {
+		return StatusCode.REQUESTER_URI;
+		
+	}
+	
+	@Override
+	public String getStatusCodeSecondLevel() {
+		if (MiscUtil.isNotEmpty(subStatusCode))
+			return subStatusCode;
+		
+		else
+			return StatusCode.REQUEST_DENIED_URI;
+		
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java
new file mode 100644
index 000000000..2a15ee18a
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASAuthnRequestValidationException extends eIDASException {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 4353716509546972267L;
+
+	/**
+	 * @param messageId
+	 * @param parameters
+	 */
+	public eIDASAuthnRequestValidationException(String messageId, Object[] parameters) {
+		super(messageId, parameters);
+
+	}
+	
+	@Override
+	public String getStatusCodeFirstLevel() {
+		return StatusCode.REQUESTER_URI;
+		
+	}
+	
+	@Override
+	public String getStatusCodeSecondLevel() {
+		return StatusCode.RESOURCE_NOT_RECOGNIZED_URI;
+		
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java
new file mode 100644
index 000000000..f42004abc
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+
+/**
+ * @author tlenz
+ *
+ */
+public abstract class eIDASException extends MOAIDException {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1L;
+
+	
+	public abstract String getStatusCodeFirstLevel();	
+	public abstract String getStatusCodeSecondLevel();
+
+	
+	/**
+	 * @param messageId
+	 * @param parameters
+	 */
+	public eIDASException(String messageId, Object[] parameters) {
+		super(messageId, parameters);
+	}
+
+	/**
+	 * @param messageId
+	 * @param parameters
+	 */
+	public eIDASException(String messageId, Object[] parameters, Throwable e) {
+		super(messageId, parameters, e);
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java
new file mode 100644
index 000000000..0ffcf11ef
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASResponseBuildException extends eIDASException {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 4446851988854996919L;
+
+	/**
+	 * @param messageId
+	 * @param parameters
+	 */
+	public eIDASResponseBuildException(String messageId, Object[] parameters) {
+		super(messageId, parameters);
+	}
+	
+	public eIDASResponseBuildException(String messageId, Object[] parameters, Throwable e) {
+		super(messageId, parameters, e);
+	}
+	
+	@Override
+	public String getStatusCodeFirstLevel() {
+		return StatusCode.RESPONDER_URI;
+		
+	}
+	
+	@Override
+	public String getStatusCodeSecondLevel() {
+			return StatusCode.AUTHN_FAILED_URI;
+		
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
index 7a696cd2f..5d7430dd7 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -22,19 +22,15 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
-import java.io.IOException;
 import java.io.InputStream;
-import java.text.ParseException;
 import java.text.SimpleDateFormat;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import javax.xml.parsers.ParserConfigurationException;
 
 import org.springframework.stereotype.Component;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-import org.xml.sax.SAXException;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
@@ -94,28 +90,28 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 	            // - set bpk/wpbk;
 		        Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);		        		        
 		        if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
-		        	throw new eIDASAttributeException("PersonalIdentifier is missing");
+		        	throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
 		        String eIdentifier = eIDASAttributes.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).getValue().get(0);
 		        prIdentification.getFirstChild().setNodeValue(eIdentifier);
 
 		        // - set last name
 		        Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH);
 		        if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_CURRENTFAMILYNAME))
-		        	throw new eIDASAttributeException("currentFamilyName is missing");
+		        	throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME);
 				String familyName = eIDASAttributes.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME).getValue().get(0);
 				prFamilyName.getFirstChild().setNodeValue(familyName);
 
 		        // - set first name
 		        Node prGivenName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH);
 		        if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_CURRENTGIVENNAME))
-		        	throw new eIDASAttributeException("currentGivenName is missing");
+		        	throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME);
 				String givenName = eIDASAttributes.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME).getValue().get(0);
 				prGivenName.getFirstChild().setNodeValue(givenName);
 
 		        // - set date of birth
 		        Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH);
 		        if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_DATEOFBIRTH))
-		        	throw new eIDASAttributeException("dateOfBirth is missing");
+		        	throw new eIDASAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH);
 				String dateOfBirth = eIDASAttributes.get(Constants.eIDAS_ATTR_DATEOFBIRTH).getValue().get(0);
 				dateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(new SimpleDateFormat("yyyyMMdd").parse(dateOfBirth));
 				prDateOfBirth.getFirstChild().setNodeValue(dateOfBirth);
@@ -149,15 +145,18 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 			
 			//store MOA-session to database
 			authenticatedSessionStorage.storeSession(moasession);
-			
-		} catch (ParseException | MOAIDException | MOADatabaseException | ParserConfigurationException | SAXException | IOException e) {
-			throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
-			
+		
 		} catch (eIDASAttributeException e) {
 			throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e);
-				
-		}	
-
+						
+		} catch (MOAIDException | MOADatabaseException e) {
+			throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
+						
+		} catch (Exception e) {
+			Logger.error("IdentityLink generation for foreign person FAILED.", e);
+			throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
+			
+		}
 	}
 
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index c953e40ef..c82636a8f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -22,7 +22,6 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
-import java.io.IOException;
 import java.io.StringWriter;
 import java.util.Collection;
 
@@ -86,13 +85,13 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 
 			if (StringUtils.isEmpty(citizenCountryCode)) {
 				// illegal state; task should not have been executed without a selected country
-				throw new AuthenticationException("stork.22", new Object[] { pendingReq.getRequestID() });
+				throw new AuthenticationException("eIDAS.03", new Object[] { "" });
 			}
 
 			CPEPS cpeps = authConfig.getStorkConfig().getCPEPS(citizenCountryCode);
 			if(null == cpeps) {
 				Logger.error("PEPS unknown for country", new Object[] {citizenCountryCode});
-				throw new AuthenticationException("Unknown PEPS for citizen country '{}'", new Object[] {citizenCountryCode});
+				throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode});
 			}
 			Logger.debug("Found eIDaS Node/C-PEPS configuration for citizen of country: " + citizenCountryCode);
 			String destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination
@@ -184,24 +183,25 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 	            revisionsLogger.logEvent(oaConfig, pendingReq, 
 						MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED,
 						authnRequest.getSamlId());
-	            
-	        } catch (IOException e) {
-	            Logger.error("Velocity IO error: " + e.getMessage());
-	            throw new MOAIDException("stork.15", null); // TODO
+	            	        
 	        } catch (Exception e) {
 	            Logger.error("Velocity general error: " + e.getMessage());
-	            throw new MOAIDException("stork.15", null); // TODO
+	            throw new MOAIDException("eIDAS.02", new Object[]{e.getMessage()}, e);
+	            
 	        }
 
 		}catch (EIDASSAMLEngineException e){
-			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
 			throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", 
-					new EIDASEngineException("Could not generate token for Saml Request", e));
+					new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e));
 			
-		} catch (EIDASEngineException | MOAIDException e) {
+		} catch (MOAIDException  e) {
 			throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", e);
 			
-		} 
+		} catch (Exception e) {
+			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
+			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			
+		}
 	}
 
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 5d1b7fb6f..b73c2a873 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -88,14 +88,20 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
 			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
 					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
-			throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", 
-					new EIDASEngineException("Could not validate eIDAS response", e));
+			throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", 
+					new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e));
 			
-		} catch (EIDASEngineException | MOAIDException | MOADatabaseException e) {
+		} catch (MOAIDException | MOADatabaseException e) {
 			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
 					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
 			throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e);
 			
+		} catch (Exception e) {
+			Logger.error("eIDAS Response processing FAILED.", e);
+			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
+			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			
 		}	
 		
 	}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 8fe44f4d6..eeb8305cf 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -66,7 +66,7 @@ public class SAMLEngineUtils {
 				
 			} catch (EIDASSAMLEngineException e) {
 				Logger.error("eIDAS SAMLengine initialization FAILED!", e);
-				throw new EIDASEngineException("eIDAS SAMLengine initialization FAILED!", e);
+				throw new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e);
 				
 			}
 		}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 1996c3d7c..24134f1d9 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -23,17 +23,30 @@
 package at.gv.egovernment.moa.id.protocols.eidas;
 
 import java.io.IOException;
+import java.io.StringWriter;
+import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.springframework.http.MediaType;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAuthnRequestProcessingException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAuthnRequestValidationException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
@@ -44,8 +57,11 @@ import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.EIDASAuthnRequest;
+import eu.eidas.auth.commons.EIDASAuthnResponse;
 import eu.eidas.auth.commons.EIDASUtil;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.metadata.MetadataUtil;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
 
 /**
  * eIDAS Protocol Support for outbound authentication and metadata generation
@@ -140,7 +156,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
         First request step - send it to BKU selection for user authentication. After the user credentials
         and other info are obtained, in the second step the request will be processed and the user redirected
          */
-    public void preProcess(HttpServletRequest request, HttpServletResponse response, EIDASData pendingReq) throws MOAIDException {
+    private void preProcess(HttpServletRequest request, HttpServletResponse response, EIDASData pendingReq) throws MOAIDException {
 
         Logger.info("received an eIDaS request");
 
@@ -177,13 +193,36 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
 			samlReq.setPersonalAttributeList(pendingReq.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list
 			pendingReq.setEidasRequest(samlReq);
 			
+			//validate destination against metadata 
+			String reqDestination = samlReq.getDestination();
+			if (MiscUtil.isNotEmpty(reqDestination)) {
+				boolean isValid = false;
+				List<AssertionConsumerService> allowedAssertionConsumerUrl = new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance())
+						.getSPSSODescriptor(samlReq.getIssuer()).getAssertionConsumerServices();
+				
+				for (AssertionConsumerService el : allowedAssertionConsumerUrl) {
+					if (reqDestination.equals(el.getLocation()))
+						isValid = true;
+					
+				}
+				
+				if (!isValid) {
+					Logger.info("eIDAS AuthnRequest contains a not valid 'Destination' attribute");
+					throw new eIDASAuthnRequestValidationException("stork.01", 
+							new Object[]{"eIDAS AuthnRequest contains a not valid 'Destination' attribute"});
+				}
+				
+			}
+			
+			
 			// - memorize OA url
 			pendingReq.setOAURL(samlReq.getIssuer());
 	
 			// - memorize OA config
 			IOAAuthParameters oaConfig = authConfig.getOnlineApplicationParameter(pendingReq.getOAURL());
 			if (oaConfig == null)
-				throw new AuthenticationException("stork.12", new Object[]{pendingReq.getOAURL()});
+				throw new eIDASAuthnRequestProcessingException("eIDAS.08", new Object[]{pendingReq.getOAURL()});
+			
 			pendingReq.setOnlineApplicationConfiguration(oaConfig);
 
 			String spType = samlReq.getSPType();
@@ -194,16 +233,102 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
 			}
 
 			Logger.debug("eIDAS request has SPType:" + spType);
+					
+		} catch (MOAIDException e) {
+			Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage());
+			throw e;
+					
+		} catch (EIDASSAMLEngineException e) {
+			Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage());
+			throw new eIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
 			
 		} catch(Exception e) {
-			Logger.error("error in preprocessing step", e);
-			throw new MOAIDException("error in preprocessing step", null);
+			Logger.warn("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage(), e);
+			throw new eIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
 			
 		}
     }
 
-    public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable {
-        return false;
+    public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest pendingReq) throws Throwable {
+        if (pendingReq != null && pendingReq instanceof EIDASData) {
+        	EIDASData eidasReq = (EIDASData) pendingReq;
+        	if (eidasReq.getEidasRequest() == null) {
+        		Logger.info("Can not build eIDAS ErrorResponse. No eIDAS AuthnRequest found.");
+        		return false;
+        	}
+        	
+        	try {
+        		EIDASAuthnResponse eIDASResp = new EIDASAuthnResponse();
+        		eIDASResp.setIssuer(pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
+        	     		
+        		if (e instanceof eIDASException) {
+        			eIDASResp.setStatusCode(((eIDASException) e).getStatusCodeFirstLevel());
+        			eIDASResp.setSubStatusCode(((eIDASException) e).getStatusCodeSecondLevel());
+        			eIDASResp.setMessage(e.getMessage());
+     			
+        		} else if (e instanceof MOAIDException ) {
+        			eIDASResp.setStatusCode(StatusCode.RESPONDER_URI);
+        			eIDASResp.setSubStatusCode(StatusCode.AUTHN_FAILED_URI);
+        			eIDASResp.setMessage(e.getMessage());
+     			
+        		} else {
+        			eIDASResp.setStatusCode(StatusCode.RESPONDER_URI);
+        			eIDASResp.setSubStatusCode(StatusCode.AUTHN_FAILED_URI);
+        			eIDASResp.setMessage(e.getMessage());
+     			
+        		}
+     		
+        		
+        		EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+        		
+        		if(null == eidasReq.getEidasRequest().getAssertionConsumerServiceURL()) {
+    				String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
+    						new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()), 
+    						engine, 
+    						eidasReq.getEidasRequest());
+    				eidasReq.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
+    				
+    			}        		
+        		//get eIDAS SAML-engine
+        		
+        		eIDASResp = engine.generateEIDASAuthnResponseFail(eidasReq.getEidasRequest(), eIDASResp, 
+        				eidasReq.getRemoteAddress(), true);
+        		
+        		String token = EIDASUtil.encodeSAMLToken(eIDASResp.getTokenSaml());
+     		
+                VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+                Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+                VelocityContext context = new VelocityContext();
+
+                context.put("RelayState", eidasReq.getRemoteRelayState());
+
+                context.put("SAMLResponse", token);
+                Logger.debug("SAMLResponse original: " + token);
+
+                Logger.debug("Putting assertion consumer url as action: " + eidasReq.getEidasRequest().getAssertionConsumerServiceURL());
+                context.put("action", eidasReq.getEidasRequest().getAssertionConsumerServiceURL());
+                Logger.trace("Starting template merge");
+                StringWriter writer = new StringWriter();
+
+                Logger.trace("Doing template merge");
+                template.merge(context, writer);
+                Logger.trace("Template merge done");
+
+                Logger.trace("Sending html content  : " + new String(writer.getBuffer()));
+
+                response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
+                response.setContentType(MediaType.TEXT_HTML.getType());
+        		
+                return true;
+                
+        	} catch (Exception e1 ) { 
+        		Logger.error("Generate eIDAS Error-Response failed.", e);
+        		
+        	}
+     		     		
+        }
+    	
+    	return false;
     }
 
     public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index 60ffb3673..b4db5c83d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -71,8 +71,10 @@ public class EidasMetaDataRequest implements IAction {
             httpResp.setContentType(MediaType.APPLICATION_XML.getType());
             httpResp.getWriter().print(metaData);
             httpResp.flushBuffer();
-        } catch (Exception e) {
-            e.printStackTrace();
+        } catch (Exception e) {        	
+        	Logger.error("eIDAS Metadata generation FAILED.", e);
+        	throw new MOAIDException("eIDAS.05", new Object[]{e.getMessage()}, e);
+            
         } 
 		
 		
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index d9663092f..9943cc5fb 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -122,19 +122,21 @@ public class eIDASAuthenticationRequest implements IAction {
 			// but we need to set the appropriate request issuer
 			engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer());
 
-			// check if we have the destination available, supply it if not
+
 			if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) {
 				String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
 						new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()), 
 						engine, 
 						eidasRequest.getEidasRequest());
 				eidasRequest.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
+				
 			}
 			
 			response = engine.generateEIDASAuthnResponse(eidasRequest.getEidasRequest(), response, eidasRequest.getRemoteAddress(), true);
 
 			
 			token = EIDASUtil.encodeSAMLToken(response.getTokenSaml());
+			
 		} catch(Exception e) {
 			e.printStackTrace();
 		}
-- 
cgit v1.2.3


From a2c787edb81084a0f7a1f01d79607121ff5ec2a4 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 31 Mar 2016 14:37:09 +0200
Subject: add errorcodes to eIDAS module functionality

---
 .../eIDASResponseNotSuccessException.java          | 67 ++++++++++++++++++++++
 .../eidas/tasks/ReceiveAuthnResponseTask.java      | 24 ++++++--
 2 files changed, 85 insertions(+), 6 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java

(limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java
new file mode 100644
index 000000000..d10ca1c88
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASResponseNotSuccessException extends eIDASException {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 6145402939313568907L;
+
+	public eIDASResponseNotSuccessException(String messageId, Object[] parameters) {
+		super(messageId, parameters);
+	}
+	
+	/**
+	 * @param messageId
+	 * @param parameters
+	 * @param e
+	 */
+	public eIDASResponseNotSuccessException(String messageId, Object[] parameters, Throwable e) {
+		super(messageId, parameters, e);
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeFirstLevel()
+	 */
+	@Override
+	public String getStatusCodeFirstLevel() {
+		return StatusCode.RESPONDER_URI;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeSecondLevel()
+	 */
+	@Override
+	public String getStatusCodeSecondLevel() {
+		return StatusCode.AUTHN_FAILED_URI;
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index b73c2a873..fae06031a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.opensaml.saml2.core.StatusCode;
 import org.springframework.stereotype.Component;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
@@ -11,6 +12,7 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASResponseNotSuccessException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -58,7 +60,15 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 				//TODO: check if additional decryption operation is required
 				
 			}
-						
+
+			//check response StatusCode
+			if (!samlResp.getStatusCode().equals(StatusCode.SUCCESS_URI)) {
+				Logger.info("Receice eIDAS Response with StatusCode:" + samlResp.getStatusCode()
+				+ " Subcode:" + samlResp.getSubStatusCode() + " Msg:" + samlResp.getMessage());
+				throw new eIDASResponseNotSuccessException("eIDAS.11", new Object[]{samlResp.getMessage()});
+				
+			}
+			
 			//MOA-ID specific response validation
 			//TODO: implement MOA-ID specific response validation
 			
@@ -89,18 +99,20 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
 					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
 			throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", 
-					new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e));
-			
-		} catch (MOAIDException | MOADatabaseException e) {
+					new EIDASEngineException("eIDAS.09", new Object[]{e.getMessage()}, e));
+					
+		} catch (MOADatabaseException e) {
 			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
 					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
-			throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e);
+			throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", 
+					new MOAIDException("init.04", new Object[]{""}, e));
 			
 		} catch (Exception e) {
 			Logger.error("eIDAS Response processing FAILED.", e);
 			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
 					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
-			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			throw new TaskExecutionException(pendingReq, e.getMessage(), 
+					new MOAIDException("eIDAS.10", new Object[]{e.getMessage()}, e));
 			
 		}	
 		
-- 
cgit v1.2.3