From e4fa532f93f10115e1f39c97cc96e5950a048884 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 11 Dec 2019 16:01:38 +0100
Subject: update to EAAF-Components 1.0.13.1 Enforce E-ID authentication based
 on Service-Provider configuration

---
 .../modules/federatedauth/FederatedAuthenticationModuleImpl.java    | 3 ++-
 .../id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java | 4 +++-
 .../auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java  | 6 ++++--
 3 files changed, 9 insertions(+), 4 deletions(-)

(limited to 'id/server/modules/moa-id-modules-federated_authentication/src/main')

diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java
index 4068d2d99..e50836712 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java
@@ -22,6 +22,7 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.federatedauth;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -45,7 +46,7 @@ public class FederatedAuthenticationModuleImpl implements AuthModule {
 	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
 	 */
 	@Override
-	public String selectProcess(ExecutionContext context) {
+	public String selectProcess(ExecutionContext context, IRequest pendingReq) {
 		//select interfederation authentication if PERFORM_INTERFEDERATION_AUTH flag is set
 		Object performfedAuthObj = context.get(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH);
 		if (performfedAuthObj != null && performfedAuthObj instanceof Boolean) {
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
index d0d97e9e8..a798679d7 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
@@ -36,6 +36,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
@@ -64,6 +65,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 	@Autowired FederatedAuthCredentialProvider credential;
 	@Autowired(required=true) MOAMetadataProvider metadataProvider;
 	@Autowired(required=true) ILoALevelMapper loaMapper; 
+	@Autowired(required=true) protected IConfigurationWithSP authConfigWithSp;
 	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
@@ -82,7 +84,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			}
 			
 			//load IDP configuration from MOA-ID Configuration
-			IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(idpEntityID, IOAAuthParameters.class);
+			IOAAuthParameters idpConfig = authConfigWithSp.getServiceProviderConfiguration(idpEntityID, IOAAuthParameters.class);
 			//validate IDP
 			if (!idpConfig.isInderfederationIDP() || !idpConfig.isInboundSSOInterfederationAllowed()) {
 				Logger.info("Requested interfederation IDP " + idpEntityID + " is not valid for interfederation.");
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
index 6b6d1a196..7dce22d81 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
@@ -42,6 +42,7 @@ import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
@@ -94,6 +95,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 	@Autowired private AuthenticationDataBuilder authDataBuilder;
 	@Autowired(required=true) MOAMetadataProvider metadataProvider;
 	@Autowired(required=true) protected IAuthenticationSessionStoreage authenticatedSessionStorage;
+	@Autowired(required=true) protected IConfigurationWithSP authConfigWithSp;
 	
 	
 	/* (non-Javadoc)
@@ -150,7 +152,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg);
 			
 			//load IDP and SP configuration
-			IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class);
+			IOAAuthParameters idpConfig = authConfigWithSp.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class);
 			IOAAuthParameters spConfig = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
 			
 			//check if response Entity is valid
@@ -224,7 +226,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			if (msg != null) {
 				IOAAuthParameters idpConfig = null;
 				try {					
-					idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class);
+					idpConfig = authConfigWithSp.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class);
 					//remove federated IDP from SSO session if exists
 					ssoManager.removeInterfederatedSSOIDP(msg.getEntityID(), request);
 					
-- 
cgit v1.2.3