From ac531e30d13d6714e2ac61f7329e6adc130aa288 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 24 May 2019 12:23:41 +0200 Subject: untested switch to EAAF-components 1.0.7 --- ...tizenCardAuthProcessEngineSignalController.java | 3 ++- .../moa-id-module-AT_eIDAS_connector/pom.xml | 5 ++++- .../EidasCentralAuthMetadataController.java | 5 +++-- .../EidasCentralAuthSignalController.java | 3 ++- .../utils/EidasCentralAuthMetadataProvider.java | 2 +- id/server/modules/moa-id-module-eIDAS/pom.xml | 11 +++++++++ ...strianAuthWitheID4UAuthenticationModulImpl.java | 17 ++++++++++---- .../auth/modules/eidas/eID4UAPSignalServlet.java | 3 ++- .../id/auth/modules/eidas/eIDASSignalServlet.java | 3 ++- .../engine/MOAeIDASChainingMetadataProvider.java | 2 +- .../tasks/CollectAddtionalAttributesTask.java | 2 +- .../modules/eidas/utils/eIDASAttributeBuilder.java | 2 +- .../moa/id/protocols/eidas/EIDASProtocol.java | 6 ++--- .../moa-id-module-elga_mandate_service/pom.xml | 5 +++++ .../controller/ELGAMandateMetadataController.java | 5 +++-- .../controller/ELGAMandateSignalController.java | 3 ++- .../tasks/EvaluateMandateServiceTask.java | 2 +- .../tasks/SelectMandateServiceTask.java | 2 +- .../utils/ELGAMandateServiceMetadataProvider.java | 2 +- .../oauth20/protocol/OAuth20Protocol.java | 8 +++---- .../moa-id-module-sl20_authentication/pom.xml | 26 ++++++++++++++++++++++ .../auth/modules/sl20_auth/SL20SignalServlet.java | 3 ++- .../modules/sl20_auth/sl20/JsonSecurityUtils.java | 3 ++- .../sl20/verifier/QualifiedeIDVerifier.java | 3 ++- .../sl20_auth/dummydata/DummyAuthConfig.java | 11 --------- .../data/SSOTransferAuthenticationData.java | 12 ++++++++++ .../ssotransfer/servlet/SSOTransferServlet.java | 16 ++++++------- .../servlet/SSOTransferSignalServlet.java | 5 +++-- .../task/InitializeRestoreSSOSessionTask.java | 2 +- .../ssotransfer/task/RestoreSSOSessionTask.java | 2 +- .../auth/modules/ssotransfer/utils/GUIUtils.java | 17 +++++++------- .../FederatedAuthMetadataController.java | 5 +++-- .../controller/FederatedAuthSignalController.java | 3 ++- .../protocols/saml1/SAML1AuthenticationServer.java | 2 +- .../moa/id/protocols/saml1/SAML1Protocol.java | 6 ++--- 35 files changed, 138 insertions(+), 69 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java index 582af517c..b63501a6f 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java @@ -31,6 +31,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; /** @@ -47,7 +48,7 @@ public class CitizenCardAuthProcessEngineSignalController extends AbstractProces "/VerifyIdentityLink" }, method = {RequestMethod.POST, RequestMethod.GET}) - public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { signalProcessManagement(req, resp); } diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml index c340f90c9..481313035 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml @@ -43,7 +43,10 @@ MOA.id.server moa-id-lib - + + at.gv.egiz.components + egiz-spring-api + org.springframework diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java index 4898c8f1e..b80e995ed 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java @@ -37,6 +37,7 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; @@ -72,7 +73,7 @@ public class EidasCentralAuthMetadataController extends AbstractController { @RequestMapping(value = EidasCentralAuthConstants.ENDPOINT_METADATA, method = {RequestMethod.GET}) - public void getSPMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException { + public void getSPMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { //check PublicURL prefix try { String authURL = HTTPUtils.extractAuthURLFromRequest(req); @@ -101,7 +102,7 @@ public class EidasCentralAuthMetadataController extends AbstractController { } catch (Exception e) { Logger.warn("Build federated-authentication PVP metadata FAILED.", e); - handleErrorNoRedirect(e, req, resp, false); + protAuthService.handleErrorNoRedirect(e, req, resp, false); } diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthSignalController.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthSignalController.java index 1486ef841..60a98213e 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthSignalController.java +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthSignalController.java @@ -32,6 +32,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; import at.gv.egovernment.moa.logging.Logger; @@ -55,7 +56,7 @@ public class EidasCentralAuthSignalController extends AbstractProcessEngineSigna EidasCentralAuthConstants.ENDPOINT_REDIRECT }, method = {RequestMethod.POST, RequestMethod.GET}) - public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { signalProcessManagement(req, resp); } diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java index cd3f1f788..3a4bcdc48 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java @@ -44,7 +44,7 @@ import org.opensaml.xml.parse.BasicParserPool; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egiz.eaaf.core.api.IDestroyableObject; +import at.gv.egiz.components.spring.api.IDestroyableObject; import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain; import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider; import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index 5f4192645..6dabb938e 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -69,6 +69,12 @@ + + + com.google.code.gson + gson + 2.8.5 + eu.eidas.extension.eID4U @@ -76,6 +82,11 @@ ${eID4U.module.version} + + at.gv.egiz.components + egiz-spring-api + + com.google.code.findbugs jsr305 diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java index d3aa7b4a0..6efa55ac8 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java @@ -30,6 +30,7 @@ import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IRequestStorage; import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl; import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; import at.gv.egovernment.moa.logging.Logger; @@ -72,11 +73,19 @@ public class AustrianAuthWitheID4UAuthenticationModulImpl extends DefaultCitizen Logger.warn("Process execution context contains NO 'pendingReqId'. Looks very suspect!"); else { - IRequest pendingReq = requestStore.getPendingRequest(pendingReqId); - if (pendingReq != null && pendingReq instanceof EIDASData) { - return "eID4UAttributCollectionAuthentication"; - + IRequest pendingReq; + try { + pendingReq = requestStore.getPendingRequest(pendingReqId); + if (pendingReq != null && pendingReq instanceof EIDASData) { + return "eID4UAttributCollectionAuthentication"; + + } + + } catch (PendingReqIdValidationException e) { + Logger.warn("Validation of PendingRequestId FAILED. Reason: " + e.getMessage()); + } + } } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java index c8c65ce76..65b6d1725 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java @@ -9,6 +9,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.util.CookieUtils; @@ -26,7 +27,7 @@ public class eID4UAPSignalServlet extends AbstractProcessEngineSignalController @RequestMapping(value = {eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN }, method = {RequestMethod.POST, RequestMethod.GET}) - public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { signalProcessManagement(req, resp); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java index 49d98ed33..70c86dad8 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java @@ -32,6 +32,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.logging.Logger; @@ -54,7 +55,7 @@ public class eIDASSignalServlet extends AbstractProcessEngineSignalController { "/eidas/sp/redirect" }, method = {RequestMethod.POST, RequestMethod.GET}) - public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { signalProcessManagement(req, resp); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java index feeff6f84..2a401bb04 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java @@ -29,7 +29,7 @@ import org.opensaml.xml.XMLObject; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egiz.eaaf.core.api.IDestroyableObject; +import at.gv.egiz.components.spring.api.IDestroyableObject; import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing; import at.gv.egiz.eaaf.core.api.IPostStartupInitializable; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java index a58bc4f8d..d2ddc7ef8 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java @@ -16,6 +16,7 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egiz.eid4u.api.attributes.Definitions; @@ -23,7 +24,6 @@ import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants; import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper; -import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java index d2323d161..4a6f83e5f 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java @@ -36,9 +36,9 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator; import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.data.IMOAAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index 7c9e66ba0..3996ad59c 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -48,7 +48,7 @@ import at.gv.egiz.eaaf.core.api.idp.IModulInfo; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; -import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; @@ -82,7 +82,7 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException; * @author tlenz */ @Controller -public class EIDASProtocol extends AbstractAuthProtocolModulController implements IModulInfo { +public class EIDASProtocol extends AbstractController implements IModulInfo { public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE"; @@ -169,7 +169,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement pendingReq.setAction(eIDASAuthenticationRequest.class.getName()); //switch to session authentication - performAuthentication(req, resp, pendingReq); + protAuthService.performAuthentication(req, resp, pendingReq); } /* diff --git a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml index 3b5d1ba66..86cb4b1a7 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml +++ b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml @@ -33,6 +33,11 @@ moa-id-lib + + at.gv.egiz.components + egiz-spring-api + + MOA.id.server.modules moa-id-modul-citizencard_authentication diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java index d52cd750a..be7778abc 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java @@ -34,6 +34,7 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; @@ -67,7 +68,7 @@ public class ELGAMandateMetadataController extends AbstractController { @RequestMapping(value = "/sp/elga_mandate/metadata", method = {RequestMethod.GET}) - public void getSPMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException { + public void getSPMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { //check PublicURL prefix try { String authURL = HTTPUtils.extractAuthURLFromRequest(req); @@ -94,7 +95,7 @@ public class ELGAMandateMetadataController extends AbstractController { } catch (Exception e) { Logger.warn("Build federated-authentication PVP metadata FAILED.", e); - handleErrorNoRedirect(e, req, resp, false); + protAuthService.handleErrorNoRedirect(e, req, resp, false); } diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java index 503884edd..7effbc905 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java @@ -32,6 +32,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.logging.Logger; @@ -55,7 +56,7 @@ public class ELGAMandateSignalController extends AbstractProcessEngineSignalCont "/sp/elga_mandate/redirect" }, method = {RequestMethod.POST, RequestMethod.GET}) - public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { signalProcessManagement(req, resp); } diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java index 5c1f8e7bb..9980c4884 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java @@ -94,7 +94,7 @@ public class EvaluateMandateServiceTask extends AbstractAuthServletTask { requestStoreage.storePendingRequest(pendingReq); //redirect to protocol finalization - performRedirectToProtocolFinialization(pendingReq, response); + performRedirectToProtocolFinialization(executionContext, pendingReq, request, response); } diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java index 854f9d2bb..1cd697c4e 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java @@ -69,7 +69,7 @@ public class SelectMandateServiceTask extends AbstractAuthServletTask { GeneralProcessEngineSignalController.ENDPOINT_GENERIC, authConfig.getConfigurationRootDirectory().toURL().toString()); - guiBuilder.build(response, config, "Mandate-Service selection"); + guiBuilder.build(request, response, config, "Mandate-Service selection"); Logger.debug("GUI for mandate-service selection is generated. Wait for user interaction ... "); diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java index 7bb98c719..aa4dfbe60 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java @@ -44,7 +44,7 @@ import org.opensaml.xml.parse.BasicParserPool; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egiz.eaaf.core.api.IDestroyableObject; +import at.gv.egiz.components.spring.api.IDestroyableObject; import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain; import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider; import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 0952ba0a6..4f3c683ce 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -23,7 +23,7 @@ import at.gv.egiz.eaaf.core.api.idp.IModulInfo; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; -import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; @@ -37,7 +37,7 @@ import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @Controller -public class OAuth20Protocol extends AbstractAuthProtocolModulController implements IModulInfo { +public class OAuth20Protocol extends AbstractController implements IModulInfo { public static final String NAME = OAuth20Protocol.class.getName(); public static final String PATH = "id_oauth20"; @@ -101,7 +101,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme req.getRemoteAddr()); //process request - performAuthentication(req, resp, (RequestImpl)pendingReq); + protAuthService.performAuthentication(req, resp, (RequestImpl)pendingReq); } @@ -135,7 +135,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme req.getRemoteAddr()); //process request - performAuthentication(req, resp, (RequestImpl)pendingReq); + protAuthService.performAuthentication(req, resp, (RequestImpl)pendingReq); } diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml index 74aa6682b..6ad72adde 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml @@ -45,6 +45,10 @@ MOA.id.server moa-id-lib + + at.gv.egiz.eaaf + eaaf_module_auth_sl20 + com.google.code.gson @@ -65,6 +69,7 @@ + org.springframework spring-test @@ -75,6 +80,27 @@ junit test + + xerces + xercesImpl + test + + + xalan-bin-dist + xml-apis + test + + + xalan-bin-dist + xalan + test + + + xalan-bin-dist + serializer + test + + diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java index a8c4a941e..a5a472ed8 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java @@ -31,6 +31,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.logging.Logger; @@ -54,7 +55,7 @@ public class SL20SignalServlet extends AbstractProcessEngineSignalController { Constants.HTTP_ENDPOINT_RESUME }, method = {RequestMethod.POST, RequestMethod.GET}) - public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { Logger.trace("Receive req. on SL2.0 servlet with pendingReqId ... "); signalProcessManagement(req, resp); } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java index a02f86376..39364f062 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java @@ -32,6 +32,7 @@ import com.google.gson.JsonSyntaxException; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; +import at.gv.egiz.eaaf.core.impl.utils.X509Utils; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; @@ -40,11 +41,11 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoBuil import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.commons.utils.X509Utils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; + @Service public class JsonSecurityUtils implements IJOSETools{ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java index 599a67dfd..8a288b9b8 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java @@ -19,6 +19,7 @@ import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils; +import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20eIDDataValidationException; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; @@ -112,7 +113,7 @@ public class QualifiedeIDVerifier { // date and time validateSigningDateTime(sigVerifyResult, authBlockExtractor); - } catch ( Exception e) { + } catch ( ValidateException e) { Logger.warn("Validation of eID information FAILED. ", e); throw new SL20eIDDataValidationException(new Object[] { SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java index fe12e9b76..7b82eb253 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java @@ -400,11 +400,6 @@ public class DummyAuthConfig implements AuthConfiguration { return false; } - @Override - public URI getConfigurationFilePath() { - // TODO Auto-generated method stub - return null; - } @Override public URI getConfigurationRootDirectory() { @@ -412,12 +407,6 @@ public class DummyAuthConfig implements AuthConfiguration { return null; } - @Override - public Properties getFullConfigurationProperties() { - // TODO Auto-generated method stub - return null; - } - @Override public ISPConfiguration getServiceProviderConfiguration(String arg0) throws EAAFConfigurationException { // TODO Auto-generated method stub diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java index e7280f847..efbfd8472 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -393,5 +393,17 @@ public class SSOTransferAuthenticationData implements IMOAAuthData { return null; } + @Override + public String getEncryptedSourceId() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getEncryptedSourceIdType() { + // TODO Auto-generated method stub + return null; + } + } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java index dc2baab7d..3ab826bcd 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java @@ -158,7 +158,7 @@ public class SSOTransferServlet{ DefaultGUIFormBuilderConfiguration.VIEW_SSO_SESSION_TRANSFER, null); - internalCreateQRCodeForTransfer(resp, authURL, + internalCreateQRCodeForTransfer(req, resp, authURL, "123456", "/TestTransmitSSOSession", config); } catch (MOAIDException | MOADatabaseException e) { @@ -423,7 +423,7 @@ public class SSOTransferServlet{ String ssoSessionId = authenticationSessionStorage.getInternalSSOSessionWithSSOID(ssoid); if(ssoSessionId != null) { - internalCreateQRCodeForTransfer(resp, authURL, + internalCreateQRCodeForTransfer(req, resp, authURL, ssoSessionId, SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE, config); @@ -432,10 +432,10 @@ public class SSOTransferServlet{ } - config.putCustomParameter("errorMsg", + config.putCustomParameter(null, "errorMsg", "No active Single Sign-On session found! SSO Session transfer is not possible."); - guiBuilder.build(resp, config, "SSO-Transfer-Module"); + guiBuilder.build(req, resp, config, "SSO-Transfer-Module"); } catch (MOAIDException | MOADatabaseException e) { e.printStackTrace(); @@ -518,7 +518,7 @@ public class SSOTransferServlet{ } - private void internalCreateQRCodeForTransfer(HttpServletResponse resp, String authURL, + private void internalCreateQRCodeForTransfer(HttpServletRequest req, HttpServletResponse resp, String authURL, String moaSessionID, String servletEndPoint, DefaultGUIFormBuilderConfiguration config) throws Exception { SSOTransferContainer container = new SSOTransferContainer(); String token = Random.nextRandom(); @@ -572,12 +572,12 @@ public class SSOTransferServlet{ ByteArrayOutputStream qrStream = QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(350, 350).stream(); String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray()); - config.putCustomParameter("QRImage", base64EncodedImage); + config.putCustomParameter(null, "QRImage", base64EncodedImage); - config.putCustomParameterWithOutEscaption("successMsg", "Scan the QR-Code with your SSO-Transfer App to start the transfer operation."); + config.putCustomParameterWithOutEscaption(null, "successMsg", "Scan the QR-Code with your SSO-Transfer App to start the transfer operation."); - guiBuilder.build(resp, config, "SSO-Session Transfer-Module"); + guiBuilder.build(req, resp, config, "SSO-Session Transfer-Module"); } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java index bf215373d..169eb464b 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java @@ -33,6 +33,7 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; @@ -53,13 +54,13 @@ public class SSOTransferSignalServlet extends AbstractProcessEngineSignalControl @RequestMapping(value = { "/SSOTransferSignalEndpoint" }, method = {RequestMethod.POST, RequestMethod.GET}) - public void performSSOTransfer(HttpServletRequest req, HttpServletResponse resp) throws IOException { + public void performSSOTransfer(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { signalProcessManagement(req, resp); } @Override - protected void signalProcessManagement(HttpServletRequest req, HttpServletResponse resp) throws IOException { + protected void signalProcessManagement(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { String pendingRequestID = StringEscapeUtils.escapeHtml(getPendingRequestId(req)); IRequest pendingReq = null; try { diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java index 921e3844b..7132eb08e 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java @@ -85,7 +85,7 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { Pair dhKeyIDP = ssoTransferUtils.createSpecificKey(dhSpec.getP(), dhSpec.getG()); String nonce = Random.nextLongRandom(); - GUIUtils.buildSSOTransferGUI(guiBuilder, response, authURL, + GUIUtils.buildSSOTransferGUI(guiBuilder, request, response, authURL, pendingReq.getPendingRequestId(), nonce, dhKeyIDP.getF()); //store DH params and nonce to pending-request diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index 90b74ebd7..d89d0bd2b 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -267,7 +267,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } - GUIUtils.buildSSOTransferGUI(guiBuilder, response, + GUIUtils.buildSSOTransferGUI(guiBuilder, request, response, authURL, pendingReq.getPendingRequestId(), nonce, container.getDhParams().getF()); } catch (IOException | MOAIDException e) { diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java index 1a4a9b80b..2814874bd 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java @@ -26,6 +26,7 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; import javax.crypto.spec.DHPublicKeySpec; +import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.google.gson.JsonObject; @@ -50,9 +51,9 @@ public class GUIUtils { public static final int REFESH_TIMEOUT = 5 * 1000; //5 sec public static void buildSSOTransferGUI( - IGUIFormBuilder guiBuilder, HttpServletResponse httpResp, + IGUIFormBuilder guiBuilder, HttpServletRequest httpReq,HttpServletResponse httpResp, String authURL, String pendingReqID) throws ConfigurationException, IOException { - buildSSOTransferGUI(guiBuilder, httpResp, authURL, pendingReqID, null, null); + buildSSOTransferGUI(guiBuilder, httpReq, httpResp, authURL, pendingReqID, null, null); } @@ -66,7 +67,7 @@ public class GUIUtils { * @throws ConfigurationException * @throws IOException */ - public static void buildSSOTransferGUI(IGUIFormBuilder guiBuilder, HttpServletResponse response, String authURL, + public static void buildSSOTransferGUI(IGUIFormBuilder guiBuilder, HttpServletRequest request, HttpServletResponse response, String authURL, String requestID, String nonce, DHPublicKeySpec dhKeyIDP) throws ConfigurationException, IOException { try { String containerURL = authURL @@ -103,12 +104,12 @@ public class GUIUtils { DefaultGUIFormBuilderConfiguration.VIEW_SSO_SESSION_TRANSFER, null); - config.putCustomParameter("QRImage", base64EncodedImage); - config.putCustomParameterWithOutEscaption("successMsg", "Select the SSO Session in your SSO-Transfer App and scan the QR-Code to start the process."); - config.putCustomParameterWithOutEscaption("timeoutURL", containerURL); - config.putCustomParameter("timeout", String.valueOf(REFESH_TIMEOUT)); + config.putCustomParameter(null, "QRImage", base64EncodedImage); + config.putCustomParameterWithOutEscaption(null, "successMsg", "Select the SSO Session in your SSO-Transfer App and scan the QR-Code to start the process."); + config.putCustomParameterWithOutEscaption(null, "timeoutURL", containerURL); + config.putCustomParameter(null, "timeout", String.valueOf(REFESH_TIMEOUT)); - guiBuilder.build(response, config, "SSO-Transfer-Module"); + guiBuilder.build(request, response, config, "SSO-Transfer-Module"); } catch (GUIBuildException e) { Logger.warn("Can not build GUI:'BKU-Selection'. Msg:" + e.getMessage(), e); diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java index 6a733adb8..8eb6e7b92 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java @@ -34,6 +34,7 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; @@ -67,7 +68,7 @@ public class FederatedAuthMetadataController extends AbstractController { @RequestMapping(value = "/sp/federated/metadata", method = {RequestMethod.GET}) - public void getSPMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException { + public void getSPMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { //check PublicURL prefix try { String authURL = HTTPUtils.extractAuthURLFromRequest(req); @@ -94,7 +95,7 @@ public class FederatedAuthMetadataController extends AbstractController { } catch (Exception e) { Logger.warn("Build federated-authentication PVP metadata FAILED.", e); - handleErrorNoRedirect(e, req, resp, false); + protAuthService.handleErrorNoRedirect(e, req, resp, false); } diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java index 5edd36248..ae68261ee 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java @@ -32,6 +32,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.logging.Logger; @@ -55,7 +56,7 @@ public class FederatedAuthSignalController extends AbstractProcessEngineSignalCo "/sp/federated/redirect" }, method = {RequestMethod.POST, RequestMethod.GET}) - public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { signalProcessManagement(req, resp); } diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 7a9557baf..10ae63e17 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -53,6 +53,7 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator; import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.AuthenticationServer; @@ -78,7 +79,6 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBui import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 20c66d7a2..bb1f3c155 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -42,7 +42,7 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; -import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; @@ -66,7 +66,7 @@ import at.gv.egovernment.moa.util.URLEncoder; */ @Controller -public class SAML1Protocol extends AbstractAuthProtocolModulController implements IModulInfo { +public class SAML1Protocol extends AbstractController implements IModulInfo { @Autowired private SAML1AuthenticationServer saml1AuthServer; @@ -127,7 +127,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement //preProcess SAML1 Request preProcess(req, resp, pendingReq); - performAuthentication(req, resp, pendingReq); + protAuthService.performAuthentication(req, resp, pendingReq); return; } -- cgit v1.2.3 From 66859cd53d4181350525e91c4d35071932675ca7 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 29 May 2019 14:04:44 +0200 Subject: refactoring from MOA-ID 3.4.x to MOA E-ID Proxy 4.0.x --- .../id/util/client/mis/simple/MISSimpleClient.java | 2 +- .../EidasCentralAuthMetadataController.java | 2 +- .../utils/EidasCentralAuthMetadataProvider.java | 4 +- .../modules/moa-id-module-E-ID_connector/pom.xml | 70 ++++ .../eidproxyauth/EIDProxyAuthConstants.java | 118 +++++++ .../eidproxyauth/EIDProxyAuthModuleImpl.java | 71 +++++ .../EIDProxyAuthSpringResourceProvider.java | 63 ++++ .../config/EIDAuthMetadataConfiguration.java | 355 +++++++++++++++++++++ .../config/EIDAuthRequestBuilderConfiguration.java | 271 ++++++++++++++++ .../controller/EIDAuthMetadataController.java | 133 ++++++++ .../controller/EIDAuthSignalController.java | 68 ++++ .../eidproxyauth/tasks/CreateAuthnRequestTask.java | 146 +++++++++ .../tasks/ReceiveAuthnResponseTask.java | 286 +++++++++++++++++ .../utils/EIDAuthCredentialProvider.java | 124 +++++++ .../utils/EIDAuthMetadataProvider.java | 347 ++++++++++++++++++++ .../id/auth/modules/eidproxyauth/utils/Utils.java | 45 +++ .../main/resources/EID_connector_auth.process.xml | 17 + ...iz.components.spring.api.SpringResourceProvider | 1 + .../main/resources/moaid_EID_connector.beans.xml | 43 +++ .../engine/MOAeIDASChainingMetadataProvider.java | 6 +- .../ReceiveConsentForAddtionalAttributesTask.java | 2 +- .../utils/ELGAMandateServiceMetadataProvider.java | 4 +- .../sl20_auth/tasks/CreateQualeIDRequestTask.java | 6 +- .../sl20_auth/tasks/ReceiveQualeIDTask.java | 6 +- .../sl20_auth/tasks/VerifyQualifiedeIDTask.java | 2 +- .../sl20_auth/dummydata/DummyAuthConfig.java | 21 +- .../data/SSOTransferAuthenticationData.java | 13 + .../protocols/saml1/SAML1AuthenticationServer.java | 40 +++ id/server/modules/module-monitoring/pom.xml | 6 +- id/server/modules/pom.xml | 3 +- 30 files changed, 2248 insertions(+), 27 deletions(-) create mode 100644 id/server/modules/moa-id-module-E-ID_connector/pom.xml create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthConstants.java create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthSpringResourceProvider.java create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/config/EIDAuthMetadataConfiguration.java create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/config/EIDAuthRequestBuilderConfiguration.java create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthMetadataController.java create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthSignalController.java create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/CreateAuthnRequestTask.java create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthCredentialProvider.java create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthMetadataProvider.java create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/Utils.java create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/resources/EID_connector_auth.process.xml create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/resources/moaid_EID_connector.beans.xml (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java index fe0e659c7..596b28576 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -305,7 +305,7 @@ public class MISSimpleClient { try { httpclient = HttpClientWithProxySupport.getHttpClient( sSLSocketFactory, - authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); + authConfig.getBasicConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); // set http POST Request HttpPost post = new HttpPost(webServiceURL); diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java index b80e995ed..a6a7084f5 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java @@ -109,7 +109,7 @@ public class EidasCentralAuthMetadataController extends AbstractController { } private List> getAdditonalRequiredAttributes() { - Map addReqAttributes = authConfig.getBasicMOAIDConfigurationWithPrefix(EidasCentralAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST); + Map addReqAttributes = authConfig.getBasicConfigurationWithPrefix(EidasCentralAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST); if (addReqAttributes != null) { List> result = new ArrayList>(); for (String el : addReqAttributes.values()) { diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java index 3a4bcdc48..5c3bf0d27 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java @@ -323,14 +323,14 @@ public class EidasCentralAuthMetadataProvider extends SimpleMetadataProvider //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( PVPConstants.SSLSOCKETFACTORYNAME, - moaAuthConfig.getBasicMOAIDConfigurationBoolean( + moaAuthConfig.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), moaAuthConfig.getTrustedCACertificates(), null, AuthConfiguration.DEFAULT_X509_CHAININGMODE, moaAuthConfig.isTrustmanagerrevoationchecking(), moaAuthConfig.getRevocationMethodOrder(), - moaAuthConfig.getBasicMOAIDConfigurationBoolean( + moaAuthConfig.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); diff --git a/id/server/modules/moa-id-module-E-ID_connector/pom.xml b/id/server/modules/moa-id-module-E-ID_connector/pom.xml new file mode 100644 index 000000000..f945fa1d3 --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/pom.xml @@ -0,0 +1,70 @@ + + + 4.0.0 + + MOA.id.server.modules + moa-id-modules + ${moa-id-version} + + moa-id-module-EID_connector + moa-id-module-E-ID_connector + http://maven.apache.org + + UTF-8 + ${basedir}/../../../../repository + + + + + default + + true + + + + local + local + file:${basedir}/../../../../repository + + + egiz-commons + https://demo.egiz.gv.at/int-repo/ + + true + + + + + + + + + MOA.id.server + moa-id-lib + + + at.gv.egiz.components + egiz-spring-api + + + at.gv.egiz.eaaf + eaaf_module_pvp2_core + + + at.gv.egiz.eaaf + eaaf_module_pvp2_sp + + + + org.springframework + spring-test + test + + + junit + junit + test + + + diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthConstants.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthConstants.java new file mode 100644 index 000000000..c6b5ed821 --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthConstants.java @@ -0,0 +1,118 @@ +/* + * Copyright 2019 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidproxyauth; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; + +/** + * @author tlenz + * + */ +public class EIDProxyAuthConstants { + + public static final String MODULE_NAME_FOR_LOGGING = "E-ID proxy authentication"; + + public static final int METADATA_VALIDUNTIL_IN_HOURS = 24; + + public static final String HTTP_PARAM_EIDPROXY_AUTH_SELECTION = "forwardToEID"; + + public static final String ENDPOINT_POST = "/sp/eid/post"; + public static final String ENDPOINT_REDIRECT = "/sp/eid/redirect"; + public static final String ENDPOINT_METADATA = "/sp/eid/metadata"; + + public static final String CONFIG_PROPS_PREFIX = "modules.eidproxyauth."; + public static final String CONFIG_PROPS_KEYSTORE = CONFIG_PROPS_PREFIX + "keystore.path"; + public static final String CONFIG_PROPS_KEYSTOREPASSWORD = CONFIG_PROPS_PREFIX + "keystore.password"; + public static final String CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.password"; + public static final String CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.alias"; + public static final String CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.password"; + public static final String CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.alias"; + public static final String CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.password"; + public static final String CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.alias"; + public static final String CONFIG_PROPS_NODE_ENTITYID = CONFIG_PROPS_PREFIX + "EID.entityId"; + public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "EID.metadataUrl"; + public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "EID.trustprofileID"; + public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX + "required.additional.attributes"; + + + public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EAAFConstants.EIDAS_LOA_HIGH; + public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES = + Collections.unmodifiableList(new ArrayList>() { + private static final long serialVersionUID = 1L; + { + //add PVP Version attribute + add(Trible.newInstance(PVPConstants.PVP_VERSION_NAME, PVPConstants.PVP_VERSION_FRIENDLY_NAME, false)); + + //request entity information + add(Trible.newInstance(PVPConstants.GIVEN_NAME_NAME, PVPConstants.GIVEN_NAME_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.PRINCIPAL_NAME_NAME, PVPConstants.PRINCIPAL_NAME_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.BIRTHDATE_NAME, PVPConstants.BIRTHDATE_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.BPK_NAME, PVPConstants.BPK_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.BPK_LIST_NAME, PVPConstants.BPK_LIST_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.ENC_BPK_LIST_NAME, PVPConstants.ENC_BPK_LIST_FRIENDLY_NAME, false)); + + //E-ID metadata attributes + add(Trible.newInstance(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, PVPConstants.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, PVPConstants.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.EID_IDENTITY_STATUS_LEVEL_NAME, PVPConstants.EID_IDENTITY_STATUS_LEVEL_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.EID_ISSUING_NATION_NAME, PVPConstants.EID_ISSUING_NATION_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.EID_SIGNER_CERTIFICATE_NAME, PVPConstants.EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.EID_CCS_URL_NAME, PVPConstants.EID_CCS_URL_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.EID_E_ID_TOKEN_NAME, PVPConstants.EID_E_ID_TOKEN_FRIENDLY_NAME, false)); + + //mandate attributes + add(Trible.newInstance(PVPConstants.MANDATE_TYPE_NAME, PVPConstants.MANDATE_TYPE_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_TYPE_OID_NAME, PVPConstants.MANDATE_TYPE_OID_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME, PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_NAT_PER_BPK_NAME, PVPConstants.MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_NAT_PER_BPK_LIST_NAME, PVPConstants.MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_NAT_PER_ENC_BPK_LIST_NAME, PVPConstants.MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME, PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME, PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME, PVPConstants.MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME, PVPConstants.MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_PROF_REP_OID_NAME, PVPConstants.MANDATE_PROF_REP_OID_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_PROF_REP_DESC_NAME, PVPConstants.MANDATE_PROF_REP_DESC_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_REFERENCE_VALUE_NAME, PVPConstants.MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false)); + + } + }); + + public static final List DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES = + Collections.unmodifiableList(new ArrayList() { + private static final long serialVersionUID = 1L; + { + for (Trible el : DEFAULT_REQUIRED_PVP_ATTRIBUTES) + add(el.getFirst()); + } + }); +} + + diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java new file mode 100644 index 000000000..16bcdb421 --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java @@ -0,0 +1,71 @@ +/* + * Copyright 2019 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidproxyauth; + +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class EIDProxyAuthModuleImpl implements AuthModule { + + private int priority = 0; + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() + */ + @Override + public int getPriority() { + return priority; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) + */ + @Override + public String selectProcess(ExecutionContext context) { + Logger.trace("Select E-ID authentication process ... "); + return "EIDAuthentication"; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:EID_connector_auth.process.xml" }; + } + + /** + * @param priority the priority to set + */ + public void setPriority(int priority) { + this.priority = priority; + + } +} diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthSpringResourceProvider.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthSpringResourceProvider.java new file mode 100644 index 000000000..a38b84122 --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthSpringResourceProvider.java @@ -0,0 +1,63 @@ +/* + * Copyright 2019 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidproxyauth; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +/** + * @author tlenz + * + */ +public class EIDProxyAuthSpringResourceProvider implements SpringResourceProvider { + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad() + */ + @Override + public Resource[] getResourcesToLoad() { + ClassPathResource federationAuthConfig = new ClassPathResource("/moaid_EID_connector.beans.xml", EIDProxyAuthSpringResourceProvider.class); + + return new Resource[] {federationAuthConfig}; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan() + */ + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName() + */ + @Override + public String getName() { + return "MOA-ID Auth-module 'E-ID Authentication'"; + } + +} diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/config/EIDAuthMetadataConfiguration.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/config/EIDAuthMetadataConfiguration.java new file mode 100644 index 000000000..bd1157142 --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/config/EIDAuthMetadataConfiguration.java @@ -0,0 +1,355 @@ +/* + * Copyright 2019 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.config; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.NameIDType; +import org.opensaml.saml2.metadata.ContactPerson; +import org.opensaml.saml2.metadata.Organization; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.xml.security.credential.Credential; + +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.EIDAuthCredentialProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class EIDAuthMetadataConfiguration implements IPVPMetadataBuilderConfiguration { + + private Collection additionalAttributes = null; + + + private String authURL; + private EIDAuthCredentialProvider credentialProvider; + private IPVP2BasicConfiguration pvpConfiguration; + + public EIDAuthMetadataConfiguration(String authURL, + EIDAuthCredentialProvider credentialProvider, + IPVP2BasicConfiguration pvpConfiguration) { + this.authURL = authURL; + this.credentialProvider = credentialProvider; + this.pvpConfiguration = pvpConfiguration; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataValidUntil() + */ + @Override + public int getMetadataValidUntil() { + return EIDProxyAuthConstants.METADATA_VALIDUNTIL_IN_HOURS; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildEntitiesDescriptorAsRootElement() + */ + @Override + public boolean buildEntitiesDescriptorAsRootElement() { + return false; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildIDPSSODescriptor() + */ + @Override + public boolean buildIDPSSODescriptor() { + return false; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildSPSSODescriptor() + */ + @Override + public boolean buildSPSSODescriptor() { + return true; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityIDPostfix() + */ + @Override + public String getEntityID() { + return authURL + EIDProxyAuthConstants.ENDPOINT_METADATA; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityFriendlyName() + */ + @Override + public String getEntityFriendlyName() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getContactPersonInformation() + */ + @Override + public List getContactPersonInformation() { + try { + return pvpConfiguration.getIDPContacts(); + + } catch (EAAFException e) { + Logger.warn("Can not load Metadata entry: Contect Person", e); + return null; + + } + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getOrgansiationInformation() + */ + @Override + public Organization getOrgansiationInformation() { + try { + return pvpConfiguration.getIDPOrganisation(); + + } catch (EAAFException e) { + Logger.warn("Can not load Metadata entry: Organisation", e); + return null; + + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataSigningCredentials() + */ + @Override + public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getIDPMetaDataSigningCredential(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getRequestorResponseSigningCredentials() + */ + @Override + public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getIDPAssertionSigningCredential(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEncryptionCredentials() + */ + @Override + public Credential getEncryptionCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getIDPAssertionEncryptionCredential(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSOPostBindingURL() + */ + @Override + public String getIDPWebSSOPostBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSORedirectBindingURL() + */ + @Override + public String getIDPWebSSORedirectBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLOPostBindingURL() + */ + @Override + public String getIDPSLOPostBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLORedirectBindingURL() + */ + @Override + public String getIDPSLORedirectBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServicePostBindingURL() + */ + @Override + public String getSPAssertionConsumerServicePostBindingURL() { + return authURL + EIDProxyAuthConstants.ENDPOINT_POST; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServiceRedirectBindingURL() + */ + @Override + public String getSPAssertionConsumerServiceRedirectBindingURL() { + return authURL + EIDProxyAuthConstants.ENDPOINT_REDIRECT; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOPostBindingURL() + */ + @Override + public String getSPSLOPostBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLORedirectBindingURL() + */ + @Override + public String getSPSLORedirectBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOSOAPBindingURL() + */ + @Override + public String getSPSLOSOAPBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleAttributes() + */ + @Override + public List getIDPPossibleAttributes() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleNameITTypes() + */ + @Override + public List getIDPPossibleNameITTypes() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPRequiredAttributes() + */ + @Override + public Collection getSPRequiredAttributes() { + Map requestedAttributes = new HashMap(); + for (Trible el : EIDProxyAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES) + requestedAttributes.put(el.getFirst(), PVPAttributeBuilder.buildReqAttribute(el.getFirst(), el.getSecond(), el.getThird())); + + if (additionalAttributes != null) { + Logger.trace("Add additional PVP attributes into metadata ... "); + for (RequestedAttribute el : additionalAttributes) { + if (requestedAttributes.containsKey(el.getName())) + Logger.debug("Attribute " + el.getName() + " is already added by default configuration. Overwrite it by user configuration"); + + requestedAttributes.put(el.getName(), el); + + } + } + + return requestedAttributes.values(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAllowedNameITTypes() + */ + @Override + public List getSPAllowedNameITTypes() { + return Arrays.asList(NameIDType.PERSISTENT); + + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#getSPNameForLogging() + */ + @Override + public String getSPNameForLogging() { + return EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAssertionSigned() + */ + @Override + public boolean wantAssertionSigned() { + return false; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAuthnRequestSigned() + */ + @Override + public boolean wantAuthnRequestSigned() { + return true; + } + + /** + * Add additonal PVP attributes that are required by this deployment + * + * @param additionalAttr List of PVP attribute name and isRequired flag + */ + public void setAdditionalRequiredAttributes(List> additionalAttr) { + if (additionalAttr != null) { + additionalAttributes = new ArrayList(); + for (Pair el : additionalAttr) { + Attribute attributBuilder = PVPAttributeBuilder.buildEmptyAttribute(el.getFirst()); + if (attributBuilder != null) { + additionalAttributes.add( + PVPAttributeBuilder.buildReqAttribute( + attributBuilder.getName(), + attributBuilder.getFriendlyName(), + el.getSecond())); + + } else + Logger.info("NO PVP attribute with name: " + el.getFirst()); + + } + } + } + +} diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/config/EIDAuthRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/config/EIDAuthRequestBuilderConfiguration.java new file mode 100644 index 000000000..5ed41c397 --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/config/EIDAuthRequestBuilderConfiguration.java @@ -0,0 +1,271 @@ +/* + * Copyright 2019 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.config; + +import java.util.List; + +import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.xml.security.credential.Credential; +import org.w3c.dom.Element; + +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants; + +/** + * @author tlenz + * + */ +public class EIDAuthRequestBuilderConfiguration implements IPVPAuthnRequestBuilderConfiguruation { + + private boolean isPassive; + private String SPEntityID; + private String QAA_Level; + private EntityDescriptor idpEntity; + private Credential signCred; + private String scopeRequesterId; + private String providerName; + private List requestedAttributes; + private String reqId; + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#isPassivRequest() + */ + @Override + public Boolean isPassivRequest() { + return this.isPassive; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAssertionConsumerServiceId() + */ + @Override + public Integer getAssertionConsumerServiceId() { + return 0; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getEntityID() + */ + @Override + public String getSPEntityID() { + return this.SPEntityID; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy() + */ + @Override + public String getNameIDPolicyFormat() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy() + */ + @Override + public boolean getNameIDPolicyAllowCreation() { + return true; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnContextClassRef() + */ + @Override + public String getAuthnContextClassRef() { + return this.QAA_Level; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnContextComparison() + */ + @Override + public AuthnContextComparisonTypeEnumeration getAuthnContextComparison() { + return AuthnContextComparisonTypeEnumeration.MINIMUM; + } + + /** + * @param isPassive the isPassive to set + */ + public void setPassive(boolean isPassive) { + this.isPassive = isPassive; + } + + /** + * @param sPEntityID the sPEntityID to set + */ + public void setSPEntityID(String sPEntityID) { + SPEntityID = sPEntityID; + } + + /** + * @param qAA_Level the qAA_Level to set + */ + public void setQAA_Level(String qAA_Level) { + QAA_Level = qAA_Level; + } + + /** + * @param idpEntity the idpEntity to set + */ + public void setIdpEntity(EntityDescriptor idpEntity) { + this.idpEntity = idpEntity; + } + + /** + * @param signCred the signCred to set + */ + public void setSignCred(Credential signCred) { + this.signCred = signCred; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnRequestSigningCredential() + */ + @Override + public Credential getAuthnRequestSigningCredential() { + return this.signCred; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getIDPEntityDescriptor() + */ + @Override + public EntityDescriptor getIDPEntityDescriptor() { + return this.idpEntity; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameID() + */ + @Override + public String getSubjectNameID() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSPNameForLogging() + */ + @Override + public String getSPNameForLogging() { + return EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDFormat() + */ + @Override + public String getSubjectNameIDFormat() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getRequestID() + */ + @Override + public String getRequestID() { + return this.reqId; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDQualifier() + */ + @Override + public String getSubjectNameIDQualifier() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationMethode() + */ + @Override + public String getSubjectConformationMethode() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationDate() + */ + @Override + public Element getSubjectConformationDate() { + return null; + } + + @Override + public List getRequestedAttributes() { + return this.requestedAttributes; + + } + + @Override + public String getProviderName() { + return this.providerName; + } + + @Override + public String getScopeRequesterId() { + return this.scopeRequesterId; + } + + /** + * Set the entityId of the SP that requests the proxy for eIDAS authentication + * + * @param scopeRequesterId + */ + public void setScopeRequesterId(String scopeRequesterId) { + this.scopeRequesterId = scopeRequesterId; + } + + /** + * Set a friendlyName for the SP that requests the proxy for eIDAS authentication + * + * @param providerName + */ + public void setProviderName(String providerName) { + this.providerName = providerName; + } + + /** + * Set a Set of PVP attributes that a requested by using requested attributes + * + * @param requestedAttributes + */ + public void setRequestedAttributes(List requestedAttributes) { + this.requestedAttributes = requestedAttributes; + } + + /** + * Set a RequestId for this Authn. Request + * + * @param reqId + */ + public void setRequestId(String reqId) { + this.reqId = reqId; + } + + + + +} diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthMetadataController.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthMetadataController.java new file mode 100644 index 000000000..90ecb0942 --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthMetadataController.java @@ -0,0 +1,133 @@ +/* + * Copyright 2019 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.controller; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import com.google.common.net.MediaType; + +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.config.EIDAuthMetadataConfiguration; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.EIDAuthCredentialProvider; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@Controller +public class EIDAuthMetadataController extends AbstractController { + + @Autowired PVPMetadataBuilder metadatabuilder; + @Autowired AuthConfiguration authConfig; + @Autowired EIDAuthCredentialProvider credentialProvider; + @Autowired IPVP2BasicConfiguration pvpConfiguration; + + public EIDAuthMetadataController() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + + " with mappings '" + EIDProxyAuthConstants.ENDPOINT_METADATA + + "'."); + + } + + @RequestMapping(value = EIDProxyAuthConstants.ENDPOINT_METADATA, + method = {RequestMethod.GET}) + public void getSPMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { + //check PublicURL prefix + try { + String authURL = HTTPUtils.extractAuthURLFromRequest(req); + if (!authConfig.getPublicURLPrefix().contains(authURL)) { + resp.sendError(HttpServletResponse.SC_FORBIDDEN, "No valid request URL"); + return; + + } else { + //initialize metadata builder configuration + EIDAuthMetadataConfiguration metadataConfig = + new EIDAuthMetadataConfiguration(authURL, credentialProvider, pvpConfiguration); + metadataConfig.setAdditionalRequiredAttributes(getAdditonalRequiredAttributes()); + + //build metadata + String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig); + + //write response + byte[] content = xmlMetadata.getBytes("UTF-8"); + resp.setStatus(HttpServletResponse.SC_OK); + resp.setContentLength(content.length); + resp.setContentType(MediaType.XML_UTF_8.toString()); + resp.getOutputStream().write(content); + + } + + } catch (Exception e) { + Logger.warn("Build E-ID Proxy PVP metadata FAILED.", e); + protAuthService.handleErrorNoRedirect(e, req, resp, false); + + } + + } + + private List> getAdditonalRequiredAttributes() { + Map addReqAttributes = authConfig.getBasicConfigurationWithPrefix(EIDProxyAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST); + if (addReqAttributes != null) { + List> result = new ArrayList>(); + for (String el : addReqAttributes.values()) { + if (MiscUtil.isNotEmpty(el)) { + Logger.trace("Parse additional attr. definition: " + el); + List attr = KeyValueUtils.getListOfCSVValues(el.trim()); + if (attr.size() == 2) { + result.add(Pair.newInstance(attr.get(0), Boolean.parseBoolean(attr.get(1)))); + + } else + Logger.info("IGNORE additional attr. definition: " + el + + " Reason: Format not valid"); + } + } + + return result; + } + + return null; + } + +} diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthSignalController.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthSignalController.java new file mode 100644 index 000000000..16a6e5aab --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthSignalController.java @@ -0,0 +1,68 @@ +/* + * Copyright 2019 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.controller; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.text.StringEscapeUtils; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Controller +public class EIDAuthSignalController extends AbstractProcessEngineSignalController { + + public EIDAuthSignalController() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + + " with mappings '" + EIDProxyAuthConstants.ENDPOINT_POST + + "' and '" + EIDProxyAuthConstants.ENDPOINT_REDIRECT + "'."); + + } + + @RequestMapping(value = { EIDProxyAuthConstants.ENDPOINT_POST, + EIDProxyAuthConstants.ENDPOINT_REDIRECT + }, + method = {RequestMethod.POST, RequestMethod.GET}) + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { + signalProcessManagement(req, resp); + + } + + public String getPendingRequestId(HttpServletRequest request) { + return StringEscapeUtils.escapeHtml4(request.getParameter("RelayState")); + + } +} diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/CreateAuthnRequestTask.java new file mode 100644 index 000000000..38a7c4add --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/CreateAuthnRequestTask.java @@ -0,0 +1,146 @@ +/* + * Copyright 2019 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.tasks; + +import java.security.NoSuchAlgorithmException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.xml.security.SecurityException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.config.EIDAuthRequestBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.EIDAuthCredentialProvider; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.EIDAuthMetadataProvider; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.Utils; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@Component("CreateEIDSystemAuthnRequestTask") +public class CreateAuthnRequestTask extends AbstractAuthServletTask { + + @Autowired PVPAuthnRequestBuilder authnReqBuilder; + @Autowired EIDAuthCredentialProvider credential; + @Autowired EIDAuthMetadataProvider metadataService; + + //@Autowired(required=true) ILoALevelMapper loaMapper; + //@Autowired(required=true) MOAMetadataProvider metadataProvider; + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try{ + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_EID_SERVICE_SELECTED); + + // get entityID for central ms-specific eIDAS node + String msNodeEntityID = Utils.getEIDSystemEntityId(pendingReq.getServiceProviderConfiguration(), authConfig); + + + if (MiscUtil.isEmpty(msNodeEntityID)) { + Logger.info("E-ID authentication not possible -> NO EntityID for E-ID System FOUND!"); + throw new MOAIDException("NO EntityID for E-ID System FOUND", null); + + } + + //load metadata with metadataURL, as backup + String metadataURL = authConfig.getBasicConfiguration(EIDProxyAuthConstants.CONFIG_PROPS_NODE_METADATAURL); + if (MiscUtil.isNotEmpty(metadataURL)) { + Logger.warn("Use not recommended metadata-provider initialization!" + + " SAML2 'Well-Known-Location' is the preferred methode."); + Logger.info("Initialize 'E-ID System' metadata-provider with URL:" + metadataURL); + metadataService.addMetadataWithMetadataURL(metadataURL); + + } + + //load IDP SAML2 entitydescriptor + EntityDescriptor entityDesc = metadataService.getEntityDescriptor(msNodeEntityID); + if (entityDesc == null) { + Logger.error("Requested 'E-ID System' " + entityDesc + + " has no valid metadata or metadata is not found"); + throw new MOAIDException("Requested 'E-ID System' " + entityDesc + + " has no valid metadata or metadata is not found", null); + + } + + //setup AuthnRequestBuilder configuration + EIDAuthRequestBuilderConfiguration authnReqConfig = new EIDAuthRequestBuilderConfiguration(); + SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + authnReqConfig.setRequestId(gen.generateIdentifier()); + authnReqConfig.setIdpEntity(entityDesc); + authnReqConfig.setPassive(false); + authnReqConfig.setSignCred(credential.getIDPAssertionSigningCredential()); + authnReqConfig.setSPEntityID(pendingReq.getAuthURL() + EIDProxyAuthConstants.ENDPOINT_METADATA); + authnReqConfig.setScopeRequesterId(pendingReq.getServiceProviderConfiguration().getUniqueIdentifier()); + + //build and transmit AuthnRequest + authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response); + + revisionsLogger.logEvent(pendingReq, + MOAIDEventConstants.AUTHPROCESS_EID_SERVICE_REQUESTED, + authnReqConfig.getRequestID()); + + } catch (MOAIDException e) { + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } catch (MetadataProviderException e) { + + throw new TaskExecutionException(pendingReq, + "Build PVP2.1 AuthnRequest to connect 'E-ID System' FAILED.", + new AuthnRequestBuildException("sp.pvp2.02", new Object[] {"'E-ID System'"},e )); + + } catch (MessageEncodingException | NoSuchAlgorithmException | SecurityException e) { + Logger.error("Build PVP2.1 AuthnRequest to connect 'E-ID System' FAILED", e); + throw new TaskExecutionException(pendingReq, + e.getMessage(), + new AuthnRequestBuildException("sp.pvp2.13", new Object[] {"'E-ID System'"},e )); + + } catch (Exception e) { + Logger.error("Build PVP2.1 AuthnRequest to connect 'E-ID System' FAILED", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + } + +} diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java new file mode 100644 index 000000000..6d8d85f34 --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java @@ -0,0 +1,286 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.tasks; + +import java.io.IOException; +import java.util.List; +import java.util.Set; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.transform.TransformerException; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.ws.message.decoder.MessageDecodingException; +import org.opensaml.xml.io.MarshallingException; +import org.opensaml.xml.security.SecurityException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.PVPConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.EIDAuthCredentialProvider; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.EIDAuthMetadataProvider; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.Utils; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@Component("ReceiveEIDSystemAuthnResponseTask") +public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { + + @Autowired private SAMLVerificationEngineSP samlVerificationEngine; + @Autowired private EIDAuthCredentialProvider credentialProvider; + @Autowired(required=true) EIDAuthMetadataProvider metadataProvider; + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + InboundMessage msg = null; + + try { + + IDecoder decoder = null; + EAAFURICompare comperator = null; + //select Response Binding + if (request.getMethod().equalsIgnoreCase("POST")) { + decoder = new PostBinding(); + comperator = new EAAFURICompare(pendingReq.getAuthURL() + EIDProxyAuthConstants.ENDPOINT_POST); + Logger.trace("Receive PVP Response from 'E-ID System', by using POST-Binding."); + + } else if (request.getMethod().equalsIgnoreCase("GET")) { + decoder = new RedirectBinding(); + comperator = new EAAFURICompare(pendingReq.getAuthURL() + EIDProxyAuthConstants.ENDPOINT_REDIRECT); + Logger.trace("Receive PVP Response from 'E-ID System', by using Redirect-Binding."); + + } else { + Logger.warn("Receive PVP Response, but Binding (" + + request.getMethod() + ") is not supported."); + throw new AuthnResponseValidationException("sp.pvp2.03", new Object[] {EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING}); + + } + + //decode PVP response object + msg = (InboundMessage) decoder.decode( + request, response, metadataProvider, true, + comperator); + + if (MiscUtil.isEmpty(msg.getEntityID())) { + throw new InvalidProtocolRequestException("sp.pvp2.04", + new Object[] {EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING}); + + } + + //validate response signature + if(!msg.isVerified()) { + samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); + msg.setVerified(true); + + } + + //validate assertion + PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg); + + //validate entityId of response + String msNodeEntityID = Utils.getEIDSystemEntityId(pendingReq.getServiceProviderConfiguration(), authConfig); + String respEntityId = msg.getEntityID(); + if (!msNodeEntityID.equals(respEntityId)) { + Logger.warn("Response Issuer is not a 'E-ID System'. Stopping authentication via E-ID Proxy ..."); + throw new AuthnResponseValidationException("sp.pvp2.08", + new Object[] {EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING, + msg.getEntityID()}); + + } + + //initialize Attribute extractor + AssertionAttributeExtractor extractor = + new AssertionAttributeExtractor((Response) processedMsg.getResponse()); + + getAuthDataFromInterfederation(extractor, pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class)); + + //store pending-request + requestStoreage.storePendingRequest(pendingReq); + + //write log entries + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_EID_SERVICE_ATTRIBUTES_VALID); + Logger.info("Receive a valid assertion from E-ID System " + msg.getEntityID()); + + } catch (MessageDecodingException | SecurityException e) { + String samlRequest = request.getParameter("SAMLRequest"); + Logger.warn("Receive INVALID PVP Response from 'E-ID System': " + samlRequest, e); + throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from federated IDP", + new AuthnResponseValidationException("sp.pvp2.11", new Object[] {"'E-ID System'"}, e)); + + } catch (IOException | MarshallingException | TransformerException e) { + Logger.warn("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e); + throw new TaskExecutionException(pendingReq, "Processing PVP response from 'E-ID System' FAILED.", + new AuthnResponseValidationException("sp.pvp2.12", new Object[] {"'E-ID System'", e.getMessage()}, e)); + + } catch (CredentialsNotAvailableException e) { + Logger.error("PVP response decrytion FAILED. No credential found.", e); + throw new TaskExecutionException(pendingReq, "PVP response decrytion FAILED. No credential found.", + new AuthnResponseValidationException("sp.pvp2.10", new Object[] {"'E-ID System'"}, e)); + + } catch (AssertionValidationExeption | AuthnResponseValidationException e) { + Logger.info("PVP response validation FAILED. Msg:" + e.getMessage()); + throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", + new AuthnResponseValidationException("sp.pvp2.10", new Object[] {"'E-ID System'"}, e)); + + } catch (Exception e) { + Logger.warn("PVP response validation FAILED. Msg:" + e.getMessage(), e); + throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", + new AuthnResponseValidationException("sp.pvp2.12", new Object[] {"'E-ID System'", e.getMessage()}, e)); + + } + + } + + private void getAuthDataFromInterfederation(AssertionAttributeExtractor extractor, IOAAuthParameters spConfig) throws BuildException, ConfigurationException{ + try { + //check if all attributes are include +// if (!extractor.containsAllRequiredAttributes() +// && !extractor.containsAllRequiredAttributes(EIDProxyAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES)) { +// Logger.warn("PVP Response from 'E-ID System' contains not all requested attributes."); +// throw new AssertionValidationExeption("sp.pvp2.06", new Object[]{EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING}); +// +// } + + //copy attributes into MOASession + AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + Set includedAttrNames = extractor.getAllIncludeAttributeNames(); + for (String el : includedAttrNames) { + String value = extractor.getSingleAttributeValue(el); + session.setGenericDataToSession(el, value); + Logger.debug("Add PVP-attribute " + el + " into MOASession"); + + } + + //set foreigner flag + List eidIssuer = extractor.getAttributeValues(PVPConstants.EID_ISSUING_NATION_NAME); + if (eidIssuer != null && !eidIssuer.isEmpty() && MiscUtil.isNotEmpty(eidIssuer.get(0))) { + String cc = eidIssuer.get(0); + Logger.debug("Find Attr: '" + PVPConstants.EID_ISSUING_NATION_FRIENDLY_NAME + "' with value: " + cc); + if (EAAFConstants.COUNTRYCODE_AUSTRIA.equals(cc)) + session.setForeigner(false); + else + session.setForeigner(true); + + } + + //set BKU URL + List ccsUrl = extractor.getAttributeValues(PVPConstants.EID_CCS_URL_NAME); + if (ccsUrl != null && !ccsUrl.isEmpty() && MiscUtil.isNotEmpty(ccsUrl.get(0))) + session.setBkuURL(ccsUrl.get(0)); + else if (extractor.getFullAssertion().getIssuer() != null && + StringUtils.isNotEmpty(extractor.getFullAssertion().getIssuer().getValue())) + session.setBkuURL(extractor.getFullAssertion().getIssuer().getValue()); + else + session.setBkuURL("E-ID_Authentication"); + + +// } catch (AssertionValidationExeption e) { +// throw new BuildException("builder.06", null, e); + + } catch (EAAFStorageException e) { + throw new BuildException("builder.06", null, e); + + } + } + + /** + * PreProcess AuthResponse and Assertion + * @param msg + * @throws TransformerException + * @throws MarshallingException + * @throws IOException + * @throws CredentialsNotAvailableException + * @throws AssertionValidationExeption + * @throws AuthnResponseValidationException + */ + private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException { + Logger.debug("Start PVP21 assertion processing... "); + Response samlResp = (Response) msg.getResponse(); + + // check SAML2 response status-code + if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + //validate PVP 2.1 assertion + samlVerificationEngine.validateAssertion(samlResp, true, + credentialProvider.getIDPAssertionEncryptionCredential(), + pendingReq.getAuthURL() + EIDProxyAuthConstants.ENDPOINT_METADATA, + EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING); + + msg.setSAMLMessage(SAML2Utils.asDOMDocument(samlResp).getDocumentElement()); + revisionsLogger.logEvent(pendingReq, + MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED, + samlResp.getID()); + return msg; + + } else { + Logger.info("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue() + + " from 'E-ID System'."); + revisionsLogger.logEvent(pendingReq, + MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR); + throw new AuthnResponseValidationException("sp.pvp2.05", + new Object[]{EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING, + samlResp.getIssuer().getValue(), + samlResp.getStatus().getStatusCode().getValue(), + samlResp.getStatus().getStatusMessage().getMessage()}); + + } + + } + +} diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthCredentialProvider.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthCredentialProvider.java new file mode 100644 index 000000000..a9b886a85 --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthCredentialProvider.java @@ -0,0 +1,124 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; + +/** + * @author tlenz + * + */ +@Service("EIDAuthCredentialProvider") +public class EIDAuthCredentialProvider extends AbstractCredentialProvider { + + @Autowired AuthConfiguration authConfig; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath() + */ + @Override + public String getKeyStoreFilePath() throws ConfigurationException { + return FileUtils.makeAbsoluteURL( + authConfig.getBasicConfiguration(EIDProxyAuthConstants.CONFIG_PROPS_KEYSTORE), + authConfig.getRootConfigFileDir()); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStorePassword() + */ + @Override + public String getKeyStorePassword() { + return authConfig.getBasicConfiguration(EIDProxyAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getMetadataKeyAlias() + */ + @Override + public String getMetadataKeyAlias() { + return authConfig.getBasicConfiguration( + EIDProxyAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getMetadataKeyPassword() + */ + @Override + public String getMetadataKeyPassword() { + return authConfig.getBasicConfiguration( + EIDProxyAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getSignatureKeyAlias() + */ + @Override + public String getSignatureKeyAlias() { + return authConfig.getBasicConfiguration( + EIDProxyAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getSignatureKeyPassword() + */ + @Override + public String getSignatureKeyPassword() { + return authConfig.getBasicConfiguration( + EIDProxyAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getEncryptionKeyAlias() + */ + @Override + public String getEncryptionKeyAlias() { + return authConfig.getBasicConfiguration( + EIDProxyAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getEncryptionKeyPassword() + */ + @Override + public String getEncryptionKeyPassword() { + return authConfig.getBasicConfiguration( + EIDProxyAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getCredentialName() + */ + @Override + public String getFriendlyName() { + return "E-ID Proxy authentication"; + } + +} diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthMetadataProvider.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthMetadataProvider.java new file mode 100644 index 000000000..649cfa691 --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthMetadataProvider.java @@ -0,0 +1,347 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils; + +import java.net.MalformedURLException; +import java.util.List; +import java.util.Timer; + +import javax.xml.namespace.QName; + +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.MOAHttpClient; +import org.apache.commons.httpclient.params.HttpClientParams; +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.RoleDescriptor; +import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.saml2.metadata.provider.MetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.parse.BasicParserPool; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egiz.components.spring.api.IDestroyableObject; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ + +@Service("EIDAuthMetadataProvider") +public class EIDAuthMetadataProvider extends SimpleMetadataProvider + implements IDestroyableObject { + @Autowired(required=true) AuthConfiguration moaAuthConfig; + + private ChainingMetadataProvider metadataProvider = new ChainingMetadataProvider(); + private Timer timer = null; + + + public EIDAuthMetadataProvider() { + metadataProvider.setRequireValidMetadata(true); + + } + + public void addMetadataWithMetadataURL(String metadataURL) throws MetadataProviderException { + internalInitialize(metadataURL); + + } + + public void destroy() { + fullyDestroy(); + + } + + + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#requireValidMetadata() + */ + @Override + public boolean requireValidMetadata() { + return metadataProvider.requireValidMetadata(); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#setRequireValidMetadata(boolean) + */ + @Override + public void setRequireValidMetadata(boolean requireValidMetadata) { + metadataProvider.setRequireValidMetadata(requireValidMetadata); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadataFilter() + */ + @Override + public MetadataFilter getMetadataFilter() { + return metadataProvider.getMetadataFilter(); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#setMetadataFilter(org.opensaml.saml2.metadata.provider.MetadataFilter) + */ + @Override + public void setMetadataFilter(MetadataFilter newFilter) throws MetadataProviderException { + Logger.fatal("Set Metadata Filter is not implemented her!"); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadata() + */ + @Override + public XMLObject getMetadata() throws MetadataProviderException { + return metadataProvider.getMetadata(); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getEntitiesDescriptor(java.lang.String) + */ + @Override + public EntitiesDescriptor getEntitiesDescriptor(String name) throws MetadataProviderException { + return metadataProvider.getEntitiesDescriptor(name); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getEntityDescriptor(java.lang.String) + */ + @Override + public EntityDescriptor getEntityDescriptor(String entityID) throws MetadataProviderException { + try { + //search if metadata is already loaded + EntityDescriptor entityDesc = metadataProvider.getEntityDescriptor(entityID); + + if (entityDesc != null) + return entityDesc; + else + Logger.info("No metadata from centrial E-ID system " + entityID + " Starting refresh process ..."); + + } catch (MetadataProviderException e) { + Logger.info("Access metadata from centrial E-ID system: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ..."); + + } + + //(re)initialize ms-specific eIDAS node + internalInitialize(entityID); + + //search again after reload (re)initialization + try { + EntityDescriptor entityDesc = metadataProvider.getEntityDescriptor(entityID); + if (entityDesc == null) { + Logger.error("E-ID Proxy Client ERROR: No EntityID with "+ entityID); + throw new MetadataProviderException("No EntityID with "+ entityID); + } + + return entityDesc; + + } catch (MetadataProviderException e) { + Logger.error("E-ID Proxy Client ERROR: Metadata extraction FAILED.", e); + throw new MetadataProviderException("Metadata extraction FAILED", e); + + } + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName) + */ + @Override + public List getRole(String entityID, QName roleName) throws MetadataProviderException { + try { + //search if metadata is already loaded + List role = metadataProvider.getRole(entityID, roleName); + + if (role != null) + return role; + else + Logger.info("No metadata from centrial E-ID system: " + entityID + " Starting refresh process ..."); + + } catch (MetadataProviderException e) { + Logger.info("Access metadata from centrial E-ID system: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ..."); + + } + + //(re)initialize ms-specific eIDAS node + internalInitialize(entityID); + + //search again after reload (re)initialization + return metadataProvider.getRole(entityID, roleName); + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName, java.lang.String) + */ + @Override + public RoleDescriptor getRole(String entityID, QName roleName, String supportedProtocol) + throws MetadataProviderException { + try { + //search if metadata is already loaded + RoleDescriptor role = metadataProvider.getRole(entityID, roleName, supportedProtocol); + + if (role != null) + return role; + else + Logger.info("No metadata from centrial E-ID system: " + entityID + " Starting refresh process ..."); + + } catch (MetadataProviderException e) { + Logger.info("Access metadata from centrial E-ID system: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ..."); + + } + + //(re)initialize ms-specific eIDAS node + internalInitialize(entityID); + + //search again after reload (re)initialization + return metadataProvider.getRole(entityID, roleName, supportedProtocol); + } + + private synchronized void internalInitialize(String metdataURL) throws MetadataProviderException { + + //check if metadata with EntityID already exists in chaining metadata provider + boolean addNewMetadata = true; + try { + addNewMetadata = (metadataProvider.getEntityDescriptor(metdataURL) == null); + + } catch (MetadataProviderException e) {} + + //switch between metadata refresh and add new metadata + if (addNewMetadata) { + //Metadata provider seems not loaded --> Add new metadata provider + Logger.info("Initialize PVP MetadataProvider:" + metdataURL + " to connect centrial E-ID system"); + + String trustProfileID = authConfig.getBasicConfiguration(EIDProxyAuthConstants.CONFIG_PROPS_NODE_TRUSTPROFILEID); + if (MiscUtil.isEmpty(trustProfileID)) { + Logger.error("Create E-ID proxy client FAILED: No trustProfileID to verify PVP metadata." ); + throw new MetadataProviderException("No trustProfileID to verify PVP metadata."); + } + + //initialize Timer if it is null + if (timer == null) + timer = new Timer(true); + + //create metadata validation filter chain + MetadataFilterChain filter = new MetadataFilterChain(); + filter.addFilter(new SchemaValidationFilter(true)); + filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID)); + + MetadataProvider idpMetadataProvider = createNewSimpleMetadataProvider(metdataURL, + filter, + EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING, + timer, + new BasicParserPool(), + createHttpClient(metdataURL)); + + if (idpMetadataProvider == null) { + Logger.error("Create E-ID Proxy client FAILED."); + throw new MetadataProviderException("Can not initialize 'E-ID Proxy client' metadata provider."); + + } + + idpMetadataProvider.setRequireValidMetadata(true); + metadataProvider.addMetadataProvider(idpMetadataProvider); + + } else { + //Metadata provider seems already loaded --> start refresh process + List loadedProvider = metadataProvider.getProviders(); + for (MetadataProvider el : loadedProvider) { + if (el instanceof HTTPMetadataProvider) { + HTTPMetadataProvider prov = (HTTPMetadataProvider)el; + if (prov.getMetadataURI().equals(metdataURL)) + prov.refresh(); + + } else + Logger.warn("'E-ID Proxy client' Metadata provider is not of Type 'HTTPMetadataProvider'! Something is suspect!!!!"); + + } + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.IDestroyableObject#fullyDestroy() + */ + @Override + public void fullyDestroy() { + Logger.info("Destroy 'E-ID Proxy client' PVP metadata pool ... "); + + if (metadataProvider != null) { + metadataProvider.destroy(); + + } + + if (timer != null) + timer.cancel(); + + } + + private HttpClient createHttpClient(String metadataURL) { + MOAHttpClient httpClient = new MOAHttpClient(); + HttpClientParams httpClientParams = new HttpClientParams(); + httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT); + httpClient.setParams(httpClientParams); + + if (metadataURL.startsWith("https:")) { + try { + //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + PVPConstants.SSLSOCKETFACTORYNAME, + moaAuthConfig.getBasicConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), + moaAuthConfig.getTrustedCACertificates(), + null, + AuthConfiguration.DEFAULT_X509_CHAININGMODE, + moaAuthConfig.isTrustmanagerrevoationchecking(), + moaAuthConfig.getRevocationMethodOrder(), + moaAuthConfig.getBasicConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); + + httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); + + } catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) { + Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); + + } + } + + return httpClient; + + } +} diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/Utils.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/Utils.java new file mode 100644 index 000000000..cd578d373 --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/Utils.java @@ -0,0 +1,45 @@ +package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils; + +import java.util.List; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.logging.Logger; + +public class Utils { + + public static String getEIDSystemEntityId(ISPConfiguration spConfiguration, IConfiguration authConfig) { + //load from service-provider configuration + String msNodeEntityID = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_EID_SYSTEM_SERVICE_URL); + + if (StringUtils.isEmpty(msNodeEntityID)) { + Logger.debug("No SP-specific E-ID system URL. Switch to general configuration ... "); + if (authConfig instanceof AuthConfiguration) { + AuthConfiguration moaAuthConfig = (AuthConfiguration)authConfig; + List configuratedEntityIDs = KeyValueUtils.getListOfCSVValues( + moaAuthConfig.getConfigurationWithKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_EID_SYSTEM_SERVICE_URL)); + + if (configuratedEntityIDs.size() > 0) + msNodeEntityID = configuratedEntityIDs.get(0); + else + Logger.info("No E-ID system URL in IDP configuration. Switch to backup configuration ... "); + + } else + Logger.info("Basic configuration is NOT of type '" + AuthConfiguration.class.getName() + + "' Switch to generic Type ... "); + + + if (StringUtils.isEmpty(msNodeEntityID)) + msNodeEntityID = authConfig.getBasicConfiguration(EIDProxyAuthConstants.CONFIG_PROPS_NODE_ENTITYID); + + } + + return msNodeEntityID; + } +} diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/EID_connector_auth.process.xml b/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/EID_connector_auth.process.xml new file mode 100644 index 000000000..aee4ab403 --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/EID_connector_auth.process.xml @@ -0,0 +1,17 @@ + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 000000000..7e511c22f --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthSpringResourceProvider \ No newline at end of file diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/moaid_EID_connector.beans.xml b/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/moaid_EID_connector.beans.xml new file mode 100644 index 000000000..93c70213d --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/moaid_EID_connector.beans.xml @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java index 2a401bb04..a1d6bb225 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java @@ -82,7 +82,7 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider imp protected void initializeEidasMetadataFromFileSystem() throws ConfigurationException { try { - Map metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX); + Map metadataToLoad = authConfig.getBasicConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX); if (!metadataToLoad.isEmpty()) { Logger.info("Load static configurated eIDAS metadata ... "); for (String metaatalocation : metadataToLoad.values()) { @@ -441,14 +441,14 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider imp //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( PVPConstants.SSLSOCKETFACTORYNAME, - basicConfig.getBasicMOAIDConfigurationBoolean( + basicConfig.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), moaAuthConfig.getTrustedCACertificates(), null, AuthConfiguration.DEFAULT_X509_CHAININGMODE, moaAuthConfig.isTrustmanagerrevoationchecking(), moaAuthConfig.getRevocationMethodOrder(), - moaAuthConfig.getBasicMOAIDConfigurationBoolean( + moaAuthConfig.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java index e878f8ab1..3e7dcbdfc 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java @@ -86,7 +86,7 @@ public class ReceiveConsentForAddtionalAttributesTask extends AbstractAuthServle tokenServiceURL); CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient( sslFactory, - authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); + authConfig.getBasicConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); //build request URL URIBuilder uriBuilderToken = new URIBuilder(tokenServiceURL); diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java index aa4dfbe60..f97267b3d 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java @@ -323,14 +323,14 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMetadataProvider //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( PVPConstants.SSLSOCKETFACTORYNAME, - moaAuthConfig.getBasicMOAIDConfigurationBoolean( + moaAuthConfig.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), moaAuthConfig.getTrustedCACertificates(), null, AuthConfiguration.DEFAULT_X509_CHAININGMODE, moaAuthConfig.isTrustmanagerrevoationchecking(), moaAuthConfig.getRevocationMethodOrder(), - moaAuthConfig.getBasicMOAIDConfigurationBoolean( + moaAuthConfig.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java index 3408cf538..a0b759ced 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java @@ -97,7 +97,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { X509Certificate encCert = null; - if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_ENABLE_EID_ENCRYPTION, true)) + if (authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_ENABLE_EID_ENCRYPTION, true)) encCert = joseTools.getEncryptionCertificate(); else Logger.info("eID data encryption is disabled by configuration"); @@ -120,7 +120,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { vdaQualeIDUrl); CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient( sslFactory, - moaAuthConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); + moaAuthConfig.getBasicConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); //build http POST request HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualeIDUrl).build()); @@ -211,7 +211,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { private String extractVDAURLForSpecificOA(ISPConfiguration oaConfig, ExecutionContext executionContext) { String spSpecificVDAEndpoints = oaConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS); - Map endPointMap = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST); + Map endPointMap = authConfig.getBasicConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST); if (MiscUtil.isNotEmpty(spSpecificVDAEndpoints)) { endPointMap.putAll(KeyValueUtils.convertListToMap( KeyValueUtils.getListOfCSVValues( diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java index fc386b796..1826f824d 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -103,10 +103,10 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { //validate signature VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad( sl20ReqObj, joseTools, - authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)); + authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)); if ( (payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned())) { - if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) { + if (authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) { Logger.info("SL20 result from VDA was not valid signed"); throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."}); @@ -133,7 +133,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { JsonElement qualeIDResult = SL20JSONExtractorUtils.extractSL20Result( payLoad, joseTools, - authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_ENCRYPTION, true)); + authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_ENCRYPTION, true)); //extract attributes from result Map eIDData = SL20JSONExtractorUtils.getMapOfStringElements(qualeIDResult); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java index 0c97641c7..468a91293 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java @@ -94,7 +94,7 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask { //TODO: add LoA verification } catch (MOAIDException e) { - if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_DISABLE_EID_VALIDATION, false)) { + if (authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_DISABLE_EID_VALIDATION, false)) { Logger.warn("SL20 eID data validation IS DISABLED!!"); Logger.warn("SL20 eID data IS NOT VALID!!! Reason: " + e.getMessage(), e); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java index 7b82eb253..b43eb22f8 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java @@ -127,7 +127,7 @@ public class DummyAuthConfig implements AuthConfiguration { } @Override - public Map getBasicMOAIDConfigurationWithPrefix(String prefix) { + public Map getBasicConfigurationWithPrefix(String prefix) { // TODO Auto-generated method stub return null; } @@ -394,13 +394,6 @@ public class DummyAuthConfig implements AuthConfiguration { return null; } - @Override - public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) { - // TODO Auto-generated method stub - return false; - } - - @Override public URI getConfigurationRootDirectory() { // TODO Auto-generated method stub @@ -425,4 +418,16 @@ public class DummyAuthConfig implements AuthConfiguration { return null; } + @Override + public Boolean getBasicConfigurationBoolean(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean getBasicConfigurationBoolean(String key, boolean defaultValue) { + // TODO Auto-generated method stub + return false; + } + } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java index efbfd8472..912ad5859 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -28,6 +28,7 @@ import java.util.List; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_VALUES; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; @@ -405,5 +406,17 @@ public class SSOTransferAuthenticationData implements IMOAAuthData { return null; } + @Override + public byte[] getEIDToken() { + // TODO Auto-generated method stub + return null; + } + + @Override + public EID_IDENTITY_STATUS_LEVEL_VALUES getEIDStatus() { + // TODO Auto-generated method stub + return null; + } + } diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 10ae63e17..fc8fb5955 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -54,6 +54,8 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDEIDTokenBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidIdentityStatusLevelAttributeBuiler; import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.AuthenticationServer; @@ -393,6 +395,42 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } + try { + String onlineIDL = new EIDEIDTokenBuilder().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + if (MiscUtil.isNotEmpty(onlineIDL)) { + Logger.trace("Adding Online-IDL: " + onlineIDL + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.EID_E_ID_TOKEN_FRIENDLY_NAME, onlineIDL, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + } catch (AttributeBuilderException e) { + Logger.info("Can NOT build additional 'Online-IDL' attribute. Reason: " + e.getMessage()); + + } + + try { + String eidStatusLevel = new EidIdentityStatusLevelAttributeBuiler().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + if (MiscUtil.isNotEmpty(eidStatusLevel)) { + Logger.trace("Adding IdentityStatusLevel: " + eidStatusLevel + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_FRIENDLY_NAME, eidStatusLevel, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + } catch (AttributeBuilderException e) { + Logger.info("Can NOT build additional 'IdentityStatusLevel' attribute. Reason: " + e.getMessage()); + + } + //for mandates try { String additionalMandatorBpks = new MandateNaturalPersonBPKListAttributeBuilder().build( @@ -429,6 +467,8 @@ public class SAML1AuthenticationServer extends AuthenticationServer { Logger.info("Can NOT build foreign Mandator bPKs. Reason: " + e.getMessage()); } + + } diff --git a/id/server/modules/module-monitoring/pom.xml b/id/server/modules/module-monitoring/pom.xml index 0718f9017..252d20000 100644 --- a/id/server/modules/module-monitoring/pom.xml +++ b/id/server/modules/module-monitoring/pom.xml @@ -18,9 +18,13 @@ - + + + MOA.id.server + moa-id-lib diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index a86090178..85dc122dd 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -35,8 +35,9 @@ moa-id-module-ssoTransfer moa-id-module-bkaMobilaAuthSAML2Test - moa-id-module-sl20_authentication + moa-id-module-sl20_authentication moa-id-module-AT_eIDAS_connector + moa-id-module-E-ID_connector -- cgit v1.2.3 From 0fbbb4ab83e8fae8038c14ac8de385540bc38cd2 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 5 Jun 2019 13:10:46 +0200 Subject: flag session as setUseMandate if mandate attributes are received from E-ID --- .../tasks/ReceiveAuthnResponseTask.java | 20 +++++++ .../protocols/saml1/SAML1AuthenticationServer.java | 65 ++++++++++++++++++++++ 2 files changed, 85 insertions(+) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java index 6d8d85f34..9914927c5 100644 --- a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java @@ -230,6 +230,26 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { else session.setBkuURL("E-ID_Authentication"); + //check if mandates are included + if (extractor.containsAttribute(PVPConstants.MANDATE_TYPE_NAME) + || extractor.containsAttribute(PVPConstants.MANDATE_TYPE_OID_NAME) + || extractor.containsAttribute(PVPConstants.MANDATE_REFERENCE_VALUE_NAME) ) { + + Logger.debug("Find Mandate-Attributes in E-ID response. Switch to mandate-mode ... "); + session.setUseMandates(true); + + //check if mandate was used by ... + if (extractor.containsAttribute(PVPConstants.MANDATE_PROF_REP_OID_NAME) || + extractor.containsAttribute(PVPConstants.MANDATE_PROF_REP_DESC_NAME) ) { + Logger.debug("Find PROF_REP information in mandate. Switch to 'Organwalter' mode ..."); + session.setOW(true); + + } + + } + + + // } catch (AssertionValidationExeption e) { // throw new BuildException("builder.06", null, e); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index fc8fb5955..af8211dee 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -70,6 +70,7 @@ import at.gv.egovernment.moa.id.auth.exception.ServiceException; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; @@ -475,6 +476,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { String samlAssertion = null; //add mandate info's if (authData.isUseMandate()) { + //only provide full mandate if it is included. if (saml1parameter.isProvideFullMandatorData() && authData.getMISMandate() != null) { @@ -546,8 +548,12 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } } + //build mandateDate Attribute String mandateDate = generateMandateDate(oaParam, authData); + //build RepresentationType and + generateRepresentationTypeAndOWInfos(oaAttributes, oaParam, authData); + samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate( authData, prPerson, @@ -593,6 +599,65 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } + private void generateRepresentationTypeAndOWInfos(List oaAttributes, + IOAAuthParameters oaParam, SAML1AuthenticationData authData) { + boolean isRepresentationTypeSet = false; + boolean isOWOIDSet = false; + boolean isOWFriendlyNameSet = false; + + for (ExtendedSAMLAttribute el : oaAttributes) { + if (EXT_SAML_MANDATE_REPRESENTATIONTYPE.equals(el.getName())) + isRepresentationTypeSet = true; + + if (EXT_SAML_MANDATE_OID.equals(el.getName())) + isOWOIDSet = true; + + if (EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION.equals(el.getName())) + isOWFriendlyNameSet = true; + } + + + if (!isRepresentationTypeSet) + oaAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_REPRESENTATIONTYPE, + EXT_SAML_MANDATE_REPRESENTATIONTEXT, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + + String oid = null; + String oidDescription = null; + + if (authData.getMISMandate() != null) { + oid = authData.getMISMandate().getProfRep(); + oidDescription = authData.getMISMandate().getTextualDescriptionOfOID(); + + } else { + oid = authData.getGenericData(PVPConstants.MANDATE_PROF_REP_OID_NAME, String.class); + oidDescription = authData.getGenericData(PVPConstants.MANDATE_PROF_REP_DESC_NAME, String.class); + + } + + + + + if (!isOWOIDSet && oid != null) + oaAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_OID, oid, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + if (!isOWFriendlyNameSet && oidDescription != null) + oaAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, + oidDescription, SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + + + } + + private String generateMandateDate(IOAAuthParameters oaParam, MOAAuthenticationData authData ) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, -- cgit v1.2.3 From be9690f51d848930ef61c7eb4ecf05ea1dc7f2b7 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 7 Jun 2019 10:45:07 +0200 Subject: update AuthenticationDataBuilder to support Prof.Rep bPKs in E-ID Proxy mode --- .../modules/ssotransfer/data/SSOTransferAuthenticationData.java | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java index 912ad5859..b22dfa3a7 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -418,5 +418,11 @@ public class SSOTransferAuthenticationData implements IMOAAuthData { return null; } + @Override + public String getVdaEndPointUrl() { + // TODO Auto-generated method stub + return null; + } + } -- cgit v1.2.3 From 6b167ecc1d748c7eaf5538ac036259a874733d4d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 7 Jun 2019 10:45:52 +0200 Subject: update E-ID Proxy auth.module to support requested selection for education version --- .../eidproxyauth/EIDProxyAuthConstants.java | 4 ++- .../eidproxyauth/EIDProxyAuthModuleImpl.java | 40 ++++++++++++++++++++-- 2 files changed, 41 insertions(+), 3 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthConstants.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthConstants.java index c6b5ed821..b057ecaf8 100644 --- a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthConstants.java +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthConstants.java @@ -59,7 +59,7 @@ public class EIDProxyAuthConstants { public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "EID.metadataUrl"; public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "EID.trustprofileID"; public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX + "required.additional.attributes"; - + public static final String CONFIG_PROPS_DISABLE_PROCESS_ENFORCEMENT = CONFIG_PROPS_PREFIX + "enforce.process.disabled"; public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EAAFConstants.EIDAS_LOA_HIGH; public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES = @@ -113,6 +113,8 @@ public class EIDProxyAuthConstants { add(el.getFirst()); } }); + + } diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java index 16bcdb421..f4c27e047 100644 --- a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java @@ -22,8 +22,17 @@ */ package at.gv.egovernment.moa.id.auth.modules.eidproxyauth; +import java.io.Serializable; + +import javax.annotation.PostConstruct; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.logging.Logger; /** @@ -32,8 +41,18 @@ import at.gv.egovernment.moa.logging.Logger; */ public class EIDProxyAuthModuleImpl implements AuthModule { + @Autowired(required=true) private IConfiguration authConfig; + @Autowired(required=true) private AuthenticationManager authManager; + private int priority = 0; + private final String AUTH_PROCESS_NAME = "EIDAuthentication"; + + @PostConstruct + protected void initalizeEIDProxyAuthentication() { + //parameter to whiteList + authManager.addParameterNameToWhiteList(EIDProxyAuthConstants.HTTP_PARAM_EIDPROXY_AUTH_SELECTION); + } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() @@ -48,8 +67,25 @@ public class EIDProxyAuthModuleImpl implements AuthModule { */ @Override public String selectProcess(ExecutionContext context) { - Logger.trace("Select E-ID authentication process ... "); - return "EIDAuthentication"; + + if (authConfig.getBasicConfigurationBoolean(EIDProxyAuthConstants.CONFIG_PROPS_DISABLE_PROCESS_ENFORCEMENT, false)) { + Serializable paramObj = context.get(EIDProxyAuthConstants.HTTP_PARAM_EIDPROXY_AUTH_SELECTION); + if (paramObj != null ) { + if (paramObj instanceof String) { + String param = (String)paramObj; + if (StringUtils.isNotEmpty(param) && Boolean.parseBoolean(param)) { + Logger.debug("Manually selected E-ID authentication process "); + return AUTH_PROCESS_NAME; + } + } + } + + return null; + + } + + Logger.trace("Select E-ID authentication process ... "); + return AUTH_PROCESS_NAME; } -- cgit v1.2.3 From 7cf01af48e03c8e84d9459a788512c5c6f505b57 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 27 Jun 2019 08:31:14 +0200 Subject: change spring-bean id's --- .../at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule | 1 + .../src/main/resources/moaid_EID_connector.beans.xml | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule new file mode 100644 index 000000000..b0bb67f32 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthModuleImpl \ No newline at end of file diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/moaid_EID_connector.beans.xml b/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/moaid_EID_connector.beans.xml index 93c70213d..d5d255680 100644 --- a/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/moaid_EID_connector.beans.xml +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/moaid_EID_connector.beans.xml @@ -11,21 +11,21 @@ - - - - - Date: Thu, 27 Jun 2019 08:32:35 +0200 Subject: add log messages --- .../modules/eidas/config/ModifiedEncryptionSW.java | 19 +++++++++++++++---- .../eidas/eid4u/utils/AttributeScopeMapper.java | 10 +++++++++- 2 files changed, 24 insertions(+), 5 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java index 8779436e0..1b0f258ab 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java @@ -99,10 +99,21 @@ public class ModifiedEncryptionSW extends KeyStoreSamlEngineEncryption { return useEncryption; } catch(NullPointerException | ConfigurationException e) { - Logger.warn("failed to gather information about encryption for countryCode " + countryCode + " - thus, enabling encryption"); - if(Logger.isDebugEnabled()) - e.printStackTrace(); - return true; + try { + return !Boolean.valueOf( + AuthConfigurationProviderFactory.getInstance().getBasicConfiguration( + "moa.id.protocols.eIDAS.encryption.disabled", + "false" + )); + + } catch (ConfigurationException e1) { + Logger.warn("failed to gather information about encryption for countryCode " + countryCode + " - thus, enabling encryption"); + if(Logger.isDebugEnabled()) + e.printStackTrace(); + + return true; + + } } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java index 69cc131ff..48e64da62 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java @@ -180,7 +180,12 @@ public class AttributeScopeMapper { if (StringUtils.isNotEmpty(eIDASAttr)) { if (!AttributeScopeMapper.getInstance().isComplexeScope(key)) { Logger.debug("Map simple TUG scope: " + key + " to eIDAS attribute: " + eIDASAttr); - result.put(eIDASAttr, el.getValue().getAsString()); + if (StringUtils.isNotEmpty(el.getValue().getAsString())) { + Logger.trace("eIDAS attribute: " + eIDASAttr + " has value: " + el.getValue().getAsString()); + result.put(eIDASAttr, el.getValue().getAsString()); + + } else + Logger.info("Ignore empty attr: "+ eIDASAttr); } else { Logger.trace("Find complex TUG scope: " + key); @@ -205,6 +210,7 @@ public class AttributeScopeMapper { address.cvAddressArea(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressStreet).getAsString()); address.thoroughfare(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressStreet).getAsString()); result.put(attr, address.build()); + Logger.debug("Add eIDAS attr: " + Definitions.HOMEINSTITUTIONADDRESS_NAME); } else if (Definitions.TEMPORARYADDRESS_NAME.equals(attr)) { address.postCode(jsonObject.get(AttributeScopeMapper.StudyAddressPostalCode).getAsString()); @@ -212,6 +218,7 @@ public class AttributeScopeMapper { address.cvAddressArea(jsonObject.get(AttributeScopeMapper.StudyAddressStreet).getAsString()); address.thoroughfare(jsonObject.get(AttributeScopeMapper.StudyAddressStreet).getAsString()); result.put(attr, address.build()); + Logger.debug("Add eIDAS attr: " + Definitions.TEMPORARYADDRESS_NAME); } else if (eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString().equals(attr)) { address.postCode(jsonObject.get(AttributeScopeMapper.PermanentAddressPostalCode).getAsString()); @@ -219,6 +226,7 @@ public class AttributeScopeMapper { address.cvAddressArea(jsonObject.get(AttributeScopeMapper.PermanentAddressStreet).getAsString()); address.thoroughfare(jsonObject.get(AttributeScopeMapper.PermanentAddressStreet).getAsString()); result.put(attr, address.build()); + Logger.debug("Add eIDAS attr: " + eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS); } else { Logger.warn("Complexe eID4U attribute: " + attr + " is NOT SUPPORTED yet!"); -- cgit v1.2.3 From 67ca77e89aef7e75d43eb29f7be24ad68d2d5c8a Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 5 Aug 2019 14:39:22 +0200 Subject: fix eID4U attribute processing with multi-value results --- .../moa/id/protocols/eidas/EIDASProtocol.java | 4 +++ .../eid4u/CurrentLevelOfStudyAttrBuilder.java | 29 ++++++++++++++++++++-- .../builder/eid4u/FieldOfStudyAttrBuilder.java | 23 +++++++++++++++-- .../eidas/eid4u/AttributeScopeMapperTest.java | 4 +-- 4 files changed, 54 insertions(+), 6 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index 3996ad59c..3ba7664a8 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -170,6 +170,7 @@ public class EIDASProtocol extends AbstractController implements IModulInfo { //switch to session authentication protAuthService.performAuthentication(req, resp, pendingReq); + } /* @@ -375,6 +376,7 @@ public class EIDASProtocol extends AbstractController implements IModulInfo { } catch (MOAIDException e) { Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage()); + Logger.debug("eIDAS AuthnReq: " + base64SamlToken); //write revision log entries if (pendingReq != null) @@ -384,6 +386,7 @@ public class EIDASProtocol extends AbstractController implements IModulInfo { } catch (EIDASSAMLEngineException e) { Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage()); + Logger.debug("eIDAS AuthnReq: " + base64SamlToken); //write revision log entries if (pendingReq != null) @@ -393,6 +396,7 @@ public class EIDASProtocol extends AbstractController implements IModulInfo { } catch(Exception e) { Logger.warn("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage(), e); + Logger.debug("eIDAS AuthnReq: " + base64SamlToken); //write revision log entries if (pendingReq != null) diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java index 5210676c2..a0a7ff95e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java @@ -9,19 +9,44 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eid4u.api.attributes.Definitions; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; +import at.gv.egovernment.moa.logging.Logger; @eIDASMetadata public class CurrentLevelOfStudyAttrBuilder implements IeIDASAttribute { + private static final String DELIMITER = ";"; + @Override public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) throws AttributeBuilderException { String idType= authData.getGenericData(getName(), String.class); - if (StringUtils.isNotEmpty(idType)) + if (StringUtils.isNotEmpty(idType)) { + String[] split = idType.split(DELIMITER); + if (split.length > 1) { + //select the highest level + int currentValue = -1; + for (String el : split) { + int elInt; + try { + elInt = Integer.valueOf(el); + if (currentValue < elInt) + currentValue = elInt; + + } catch (NumberFormatException e) { + Logger.warn("Can NOT convert CurrentLevelOfStudy: " + el, e); + + } + + } + + idType = String.valueOf(currentValue); + + } + return g.buildStringAttribute(Definitions.CURRENTLEVELOFSTUDY_FRIENDLYNAME, getName(), idType); - else + } else throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java index ba486079e..28023a219 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java @@ -13,15 +13,34 @@ import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata @eIDASMetadata public class FieldOfStudyAttrBuilder implements IeIDASAttribute { + private static final String DELIMITER = ";"; + private static final String UNDEFINED_CODE = "9999"; + @Override public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) throws AttributeBuilderException { String idType= authData.getGenericData(getName(), String.class); - if (StringUtils.isNotEmpty(idType)) + if (StringUtils.isNotEmpty(idType)) { + String[] split = idType.split(DELIMITER); + if (split.length > 1) { + String currentSelected = UNDEFINED_CODE; + for (String el : split) { + if (!el.equals(currentSelected)) { + //select first that is not undefined code + currentSelected = el; + break; + } + + } + + idType = currentSelected; + } + + return g.buildStringAttribute(Definitions.FIELDOFSTUDY_FRIENDLYNAME, getName(), idType); - else + } else throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java b/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java index 0daa90b40..1df15cf24 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/test/java/test/at/gv/egovernment/moa/id/modules/eidas/eid4u/AttributeScopeMapperTest.java @@ -37,8 +37,8 @@ public class AttributeScopeMapperTest { Assert.assertTrue("eID4u attribte-table is EMPTY after mapping", !result.isEmpty()); - Assert.assertTrue(result.containsKey(Definitions.COUNTRYOFBIRTH_NAME)); - Assert.assertEquals("", result.get(Definitions.COUNTRYOFBIRTH_NAME)); + Assert.assertFalse(result.containsKey(Definitions.COUNTRYOFBIRTH_NAME)); + //Assert.assertEquals("", result.get(Definitions.COUNTRYOFBIRTH_NAME)); Assert.assertTrue(result.containsKey(Definitions.CURRENTDEGREE_NAME)); Assert.assertEquals("Dr.techn.", result.get(Definitions.CURRENTDEGREE_NAME)); -- cgit v1.2.3 From b0a0f1baf5a17df00c61d151c03ba3e6f6a99685 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 5 Aug 2019 14:40:23 +0200 Subject: change version structure of project --- id/server/modules/moa-id-modul-citizencard_authentication/pom.xml | 2 +- id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml | 2 +- id/server/modules/moa-id-module-E-ID_connector/pom.xml | 2 +- id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml | 2 +- id/server/modules/moa-id-module-eIDAS-v2/pom.xml | 2 +- id/server/modules/moa-id-module-eIDAS/pom.xml | 2 +- id/server/modules/moa-id-module-elga_mandate_service/pom.xml | 2 +- id/server/modules/moa-id-module-openID/pom.xml | 2 +- id/server/modules/moa-id-module-pvp2/pom.xml | 2 +- id/server/modules/moa-id-module-sl20_authentication/pom.xml | 2 +- id/server/modules/moa-id-module-ssoTransfer/pom.xml | 2 +- id/server/modules/moa-id-modules-federated_authentication/pom.xml | 2 +- id/server/modules/moa-id-modules-saml1/pom.xml | 2 +- id/server/modules/module-monitoring/pom.xml | 2 +- id/server/modules/pom.xml | 3 +-- 15 files changed, 15 insertions(+), 16 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml index e5b38f9b6..74e7a963c 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml +++ b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - ${moa-id-version} + 4.0.1-snapshot moa-id-modul-citizencard_authentication diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml index 481313035..2345d3bff 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - ${moa-id-version} + 4.0.1-snapshot moa-id-module-AT_eIDAS_connector moa-id-module-AT_eIDAS_connector diff --git a/id/server/modules/moa-id-module-E-ID_connector/pom.xml b/id/server/modules/moa-id-module-E-ID_connector/pom.xml index f945fa1d3..48723c8be 100644 --- a/id/server/modules/moa-id-module-E-ID_connector/pom.xml +++ b/id/server/modules/moa-id-module-E-ID_connector/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - ${moa-id-version} + 4.0.1-snapshot moa-id-module-EID_connector moa-id-module-E-ID_connector diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml index 0207eb6c9..882a2ad78 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - ${moa-id-version} + 4.0.1-snapshot moa-id-module-bkaMobilaAuthSAML2Test BKA MobileAuth Test for SAML2 applications diff --git a/id/server/modules/moa-id-module-eIDAS-v2/pom.xml b/id/server/modules/moa-id-module-eIDAS-v2/pom.xml index 2ad14a24f..e4e05a860 100644 --- a/id/server/modules/moa-id-module-eIDAS-v2/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS-v2/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - ${moa-id-version} + 4.0.1-snapshot moa-id-module-eIDAS-v2 MOA-ID eIDAS module v2 diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index 6dabb938e..199c6edb9 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - ${moa-id-version} + 4.0.1-snapshot moa-id-module-eIDAS MOA-ID eIDAS Module diff --git a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml index 86cb4b1a7..6068c8d3d 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml +++ b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - ${moa-id-version} + 4.0.1-snapshot moa-id-module-elga_mandate_service ${moa-id-module-elga_mandate_client} diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml index 9a8dbb236..a501f555a 100644 --- a/id/server/modules/moa-id-module-openID/pom.xml +++ b/id/server/modules/moa-id-module-openID/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - ${moa-id-version} + 4.0.1-snapshot moa-id-module-openID diff --git a/id/server/modules/moa-id-module-pvp2/pom.xml b/id/server/modules/moa-id-module-pvp2/pom.xml index 0a71e27ce..28de0c2a4 100644 --- a/id/server/modules/moa-id-module-pvp2/pom.xml +++ b/id/server/modules/moa-id-module-pvp2/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - ${moa-id-version} + 4.0.1-snapshot moa-id-module-pvp2 PVP2 Module diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml index 6ad72adde..9a1151f25 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - ${moa-id-version} + 4.0.1-snapshot moa-id-module-sl20_authentication moa-id-module-sl20_authentication diff --git a/id/server/modules/moa-id-module-ssoTransfer/pom.xml b/id/server/modules/moa-id-module-ssoTransfer/pom.xml index b15d7dc85..bd945b0c9 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/pom.xml +++ b/id/server/modules/moa-id-module-ssoTransfer/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - ${moa-id-version} + 4.0.1-snapshot moa-id-module-ssoTransfer MOA-ID_SSO_Transfer_modul diff --git a/id/server/modules/moa-id-modules-federated_authentication/pom.xml b/id/server/modules/moa-id-modules-federated_authentication/pom.xml index 7e8ac86af..c3d8a970f 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/pom.xml +++ b/id/server/modules/moa-id-modules-federated_authentication/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - ${moa-id-version} + 4.0.1-snapshot moa-id-modules-federated_authentication PVP2 ServiceProvider implementation for federated authentication diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml index 3a401d80e..66fe46900 100644 --- a/id/server/modules/moa-id-modules-saml1/pom.xml +++ b/id/server/modules/moa-id-modules-saml1/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - ${moa-id-version} + 4.0.1-snapshot moa-id-module-saml1 diff --git a/id/server/modules/module-monitoring/pom.xml b/id/server/modules/module-monitoring/pom.xml index 252d20000..99b5b091d 100644 --- a/id/server/modules/module-monitoring/pom.xml +++ b/id/server/modules/module-monitoring/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - ${moa-id-version} + 4.0.1-snapshot moa-id-module-monitoring diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index 85dc122dd..80451c89a 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -5,12 +5,11 @@ MOA.id moa-id - 3.x + 4.0.1-snapshot MOA.id.server.modules moa-id-modules - ${moa-id-version} pom MOA ID-Modules -- cgit v1.2.3 From 513195d7a67845c2f13c63372dacd936de460de3 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 6 Aug 2019 07:26:42 +0200 Subject: add egiz mirror of shibboleth repo into eIDAS-proxy module --- id/server/modules/moa-id-module-eIDAS/pom.xml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index 199c6edb9..246179a44 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -30,13 +30,20 @@ - local + moaid_local local file:${basedir}/../../../../repository egiz-commons - https://demo.egiz.gv.at/int-repo/ + https://apps.egiz.gv.at/maven/ + + true + + + + egiz-commons + https://apps.egiz.gv.at/shibboleth_nexus/ true -- cgit v1.2.3 From dfd9841f52be288bb4b4609591fcff0cb6b361e8 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 6 Aug 2019 08:24:00 +0200 Subject: fix duplicated repo name --- id/server/modules/moa-id-module-eIDAS/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index 246179a44..a2dff9a9f 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -42,7 +42,7 @@ - egiz-commons + egiz-shibboleth-mirror https://apps.egiz.gv.at/shibboleth_nexus/ true -- cgit v1.2.3 From 86d637b64f5e5e57575ce10de4881c6c9a7f946f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 6 Aug 2019 09:08:40 +0200 Subject: change order of repos --- id/server/modules/moa-id-module-eIDAS/pom.xml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index a2dff9a9f..578116cf2 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -29,6 +29,13 @@ true + + egiz-shibboleth-mirror + https://apps.egiz.gv.at/shibboleth_nexus/ + + true + + moaid_local local @@ -41,13 +48,7 @@ true - - egiz-shibboleth-mirror - https://apps.egiz.gv.at/shibboleth_nexus/ - - true - - + -- cgit v1.2.3 From cdcf96f74ecb1834cb045aac983b023d957d8b74 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 6 Aug 2019 09:44:39 +0200 Subject: one more --- id/server/modules/moa-id-module-eIDAS/pom.xml | 48 +++++++++++---------------- 1 file changed, 19 insertions(+), 29 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index 578116cf2..07679a5a7 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -22,36 +22,26 @@ - - - default - - true - - - - egiz-shibboleth-mirror - https://apps.egiz.gv.at/shibboleth_nexus/ - - true - - - - moaid_local - local - file:${basedir}/../../../../repository - - - egiz-commons - https://apps.egiz.gv.at/maven/ - - true - - - - - + + + egiz-shibboleth-mirror + egiz-shibboleth-mirror + https://apps.egiz.gv.at/shibboleth_nexus/ + + + moaid_local + local + file:${basedir}/../../../../repository + + + egiz-commons + https://apps.egiz.gv.at/maven/ + + true + + + -- cgit v1.2.3 From 08c8055371a1b72e66126ad118622e4288da2494 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 6 Aug 2019 10:16:56 +0200 Subject: add opensaml as dependency --- id/server/modules/moa-id-module-eIDAS/pom.xml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index 07679a5a7..ed7cbdb41 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -27,7 +27,7 @@ egiz-shibboleth-mirror egiz-shibboleth-mirror - https://apps.egiz.gv.at/shibboleth_nexus/ + https://apps.egiz.gv.at/shibboleth_nexus/ moaid_local @@ -102,6 +102,19 @@ test + + org.opensaml + opensaml + + + org.opensaml + xmltooling + + + org.opensaml + openws + + eu.eidas -- cgit v1.2.3 From 435b147177223e6cf8513b35c0a33acbe4b63c93 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 6 Aug 2019 10:27:27 +0200 Subject: exclude log4j-over-slf4j to prohibit cycling dependencies --- id/server/modules/moa-id-module-eIDAS/pom.xml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index ed7cbdb41..2087ae8f6 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -105,14 +105,32 @@ org.opensaml opensaml + + + org.slf4j + log4j-over-slf4j + + org.opensaml xmltooling + + + org.slf4j + log4j-over-slf4j + + org.opensaml openws + + + org.slf4j + log4j-over-slf4j + + -- cgit v1.2.3 From e0bce6a84299b41cd601f89478182623042613b9 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 8 Aug 2019 07:40:20 +0200 Subject: re-add configuration parameter to disable 'targetFriendlyName' validation in signed AuthBlock --- .../moa/id/auth/AuthenticationServer.java | 8 ++++++-- .../tasks/VerifyAuthenticationBlockTask.java | 7 ++++++- .../CreateXMLSignatureResponseValidator.java | 20 +++++++++++++++----- 3 files changed, 27 insertions(+), 8 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index a500a7c93..348c204bf 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -20,6 +20,7 @@ import org.apache.xpath.XPathAPI; import org.opensaml.xml.util.Base64; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import org.springframework.util.Base64Utils; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NodeList; @@ -69,6 +70,7 @@ import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.config.ConfigurationProviderImpl; import at.gv.egovernment.moa.id.logging.SpecificTraceLogger; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; @@ -448,7 +450,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { .build(authBlock, oaParam.getKeyBoxIdentifier(), transformsInfos); - SpecificTraceLogger.trace("Req. Authblock: " + createXMLSignatureRequest); + SpecificTraceLogger.trace("Req. Authblock: " + Base64Utils.encodeToString(createXMLSignatureRequest.getBytes())); SpecificTraceLogger.trace("OA config: " + pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).toString()); SpecificTraceLogger.trace("saml1RequestedTarget: " + pendingReq.getRawData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class)); SpecificTraceLogger.trace("saml1RequestedFriendlyName: " + pendingReq.getRawData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class)); @@ -965,7 +967,9 @@ public class AuthenticationServer extends BaseAuthenticationServer { new CreateXMLSignatureResponseValidator().validateSSO(csresp, session, pendingReq); else - new CreateXMLSignatureResponseValidator().validate(csresp, session, pendingReq); + new CreateXMLSignatureResponseValidator().validate(csresp, session, pendingReq, + authConfig.getBasicConfigurationBoolean( + ConfigurationProviderImpl.VALIDATION_AUTHBLOCK_TARGETFRIENDLYNAME, true)); // builds a for a MOA-SPSS call List vtids = authConfig.getMoaSpAuthBlockVerifyTransformsInfoIDs(); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java index c8b562282..9b9b76ffc 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java @@ -12,6 +12,7 @@ import org.apache.commons.fileupload.FileUploadException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import org.springframework.util.Base64Utils; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; @@ -21,6 +22,7 @@ import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.logging.SpecificTraceLogger; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -80,7 +82,10 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { } String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); - + if (createXMLSignatureResponse != null) + SpecificTraceLogger.trace("Raw signed AuthBlock: " + Base64Utils.encodeToString(createXMLSignatureResponse.getBytes())); + + try { //check if authblock is received if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse)) diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 78d999971..49b2d2032 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -54,6 +54,7 @@ import java.util.List; import javax.xml.bind.DatatypeConverter; import org.jaxen.SimpleNamespaceContext; +import org.springframework.util.Base64Utils; import org.w3c.dom.Element; import at.gv.egiz.eaaf.core.api.IRequest; @@ -131,12 +132,13 @@ public class CreateXMLSignatureResponseValidator { * The Method validate is used for validating an explicit {@link CreateXMLSignatureResponse} * @param createXMLSignatureResponse * @param session - * @param pendingReq + * @param pendingReq + * @param validateTargetFriendlyName * @throws ValidateException * @throws BuildException * @throws ConfigurationException */ - public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, IAuthenticationSession session, IRequest pendingReq) + public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, IAuthenticationSession session, IRequest pendingReq, boolean validateTargetFriendlyName) throws ValidateException, BuildException, ConfigurationException, EAAFBuilderException { // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); @@ -273,8 +275,16 @@ public class CreateXMLSignatureResponseValidator { } String refValueSector = userSectorId.getSecond().substring(MOAIDAuthConstants.PREFIX_CDID.length()) + " (" + sectorName + ")"; - if (!refValueSector.equals((String)samlAttribute.getValue())) - throw new ValidateException("validator.13", new Object[] {(String)samlAttribute.getValue(), refValueSector}); + if (!refValueSector.equals((String)samlAttribute.getValue())) { + if (validateTargetFriendlyName) + throw new ValidateException("validator.13", new Object[] {(String)samlAttribute.getValue(), refValueSector}); + + else { + Logger.warn("AuthBlock 'TargetFriendlyName' " + samlAttribute.getValue() + " does not match to " + refValueSector); + + } + + } } else throw new ValidateException("validator.12", null); @@ -430,7 +440,7 @@ public class CreateXMLSignatureResponseValidator { } catch (Exception e) { SpecificTraceLogger.trace("Validate AuthBlock without SSO"); - SpecificTraceLogger.trace("Signed AuthBlock: " + session.getAuthBlock()); + SpecificTraceLogger.trace("Signed AuthBlock: " + Base64Utils.encodeToString(session.getAuthBlock().getBytes())); SpecificTraceLogger.trace("OA config: " + oaParam.toString()); SpecificTraceLogger.trace("saml1RequestedTarget: " + saml1RequestedTarget); SpecificTraceLogger.trace("saml1RequestedFriendlyName: " + saml1RequestedFriendlyName); -- cgit v1.2.3 From b968a1e700e963f49e5820e1f11cacc19ef17a8f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 8 Aug 2019 07:42:55 +0200 Subject: set one flag in pom --- id/server/modules/moa-id-module-eIDAS/pom.xml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index 2087ae8f6..6f09fa4fb 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -27,7 +27,10 @@ egiz-shibboleth-mirror egiz-shibboleth-mirror - https://apps.egiz.gv.at/shibboleth_nexus/ + https://apps.egiz.gv.at/shibboleth_nexus/ + + true + moaid_local -- cgit v1.2.3 From 394e5228bac26ecf02b5aca4f0db27d05ea0a0cd Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 3 Sep 2019 11:23:46 +0200 Subject: add additional log message for debugging --- .../auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java index a02032e74..1ca214761 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java @@ -6,6 +6,7 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import org.springframework.util.Base64Utils; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; @@ -13,6 +14,7 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.logging.SpecificTraceLogger; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; import at.gv.egovernment.moa.logging.Logger; @@ -59,6 +61,9 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask { //store pending request with new MOASession data information requestStoreage.storePendingRequest(pendingReq); + //log AuthBlock into specialLogger + SpecificTraceLogger.trace("Raw AuthBlock: " + Base64Utils.encodeToString(createXMLSignatureRequest.getBytes("UTF-8"))); + //write response CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, -- cgit v1.2.3 From 84b0604fa11e7f73e3e78b981d628f768a880f35 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 4 Nov 2019 09:18:18 +0100 Subject: add some eID4U modifications --- .../eidas/tasks/CollectAddtionalAttributesTask.java | 6 ++++++ .../builder/eid4u/CurrentDegreeAttrBuilder.java | 18 ++++++++++++++++-- 2 files changed, 22 insertions(+), 2 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java index d2ddc7ef8..ab4179981 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java @@ -84,6 +84,12 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { } + if (MiscUtil.isEmpty(scopes)) { + scopes = "ANY@tugraz.idm.attr.EmailStud"; + Logger.info("Add dummy-scope: '" + scopes + "' because its emtpy!!"); + + } + Logger.debug("Load eID4U AP-Config:" + " EntityID: " + uniqueID + " RedirectURL:" + redirectURI diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java index 7b4c16a5a..cc4026253 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java @@ -9,17 +9,31 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eid4u.api.attributes.Definitions; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; +import at.gv.egovernment.moa.logging.Logger; @eIDASMetadata public class CurrentDegreeAttrBuilder implements IeIDASAttribute { + private static final String DELIMITER = ";"; + @Override public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) throws AttributeBuilderException { String idType= authData.getGenericData(getName(), String.class); - if (StringUtils.isNotEmpty(idType)) - return g.buildStringAttribute(Definitions.CURRENTDEGREE_FRIENDLYNAME, getName(), idType); + if (StringUtils.isNotEmpty(idType)) { + String[] split = idType.split(DELIMITER); + if (split.length > 1) { + Logger.debug("Find more than one attribute values: " + idType + " Using first one ... "); + return g.buildStringAttribute(Definitions.CURRENTDEGREE_FRIENDLYNAME, getName(), split[0]); + + } else { + return g.buildStringAttribute(Definitions.CURRENTDEGREE_FRIENDLYNAME, getName(), idType); + + } + + + } else throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); -- cgit v1.2.3 From e4fa532f93f10115e1f39c97cc96e5950a048884 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 11 Dec 2019 16:01:38 +0100 Subject: update to EAAF-Components 1.0.13.1 Enforce E-ID authentication based on Service-Provider configuration --- .../internal/DefaultCitizenCardAuthModuleImpl.java | 3 +- .../EidasCentralAuthModuleImpl.java | 3 +- .../eidproxyauth/EIDProxyAuthModuleImpl.java | 52 +++++++++++++--------- .../bkamobileauthtests/BKAMobileAuthModule.java | 3 +- ...strianAuthWitheID4UAuthenticationModulImpl.java | 29 +++--------- .../eidas/eIDASAuthenticationModulImpl.java | 3 +- .../engine/MOAeIDASChainingMetadataProvider.java | 6 +-- .../tasks/CollectAddtionalAttributesTask.java | 6 ++- .../elgamandates/ELGAMandatesAuthModuleImpl.java | 5 ++- .../oauth20/protocol/OAuth20BaseRequest.java | 3 +- .../sl20_auth/SL20AuthenticationModulImpl.java | 9 ++-- .../sl20_auth/tasks/CreateQualeIDRequestTask.java | 3 +- .../ssotransfer/SSOTransferAuthModuleImpl.java | 3 +- .../FederatedAuthenticationModuleImpl.java | 3 +- .../tasks/CreateAuthnRequestTask.java | 4 +- .../tasks/ReceiveAuthnResponseTask.java | 6 ++- 16 files changed, 73 insertions(+), 68 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java index 1962d6c82..82fb42c32 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java @@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.auth.modules.internal; import org.apache.commons.lang3.StringUtils; +import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; @@ -18,7 +19,7 @@ public class DefaultCitizenCardAuthModuleImpl implements AuthModule { } @Override - public String selectProcess(ExecutionContext context) { + public String selectProcess(ExecutionContext context, IRequest pendingReq) { //select process if BKU is selected and it is no STORK authentication boolean performBKUSelection = false; diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java index 821a200c7..53b3f3e1a 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java @@ -29,6 +29,7 @@ import javax.annotation.PostConstruct; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; +import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; @@ -64,7 +65,7 @@ public class EidasCentralAuthModuleImpl implements AuthModule { * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) */ @Override - public String selectProcess(ExecutionContext context) { + public String selectProcess(ExecutionContext context, IRequest pendingReq) { Serializable paramObj = context.get(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION); if (paramObj != null ) { if (paramObj instanceof String) { diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java index f4c27e047..85d9d0f76 100644 --- a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java @@ -29,9 +29,11 @@ import javax.annotation.PostConstruct; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; +import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.logging.Logger; @@ -66,27 +68,37 @@ public class EIDProxyAuthModuleImpl implements AuthModule { * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) */ @Override - public String selectProcess(ExecutionContext context) { - - if (authConfig.getBasicConfigurationBoolean(EIDProxyAuthConstants.CONFIG_PROPS_DISABLE_PROCESS_ENFORCEMENT, false)) { - Serializable paramObj = context.get(EIDProxyAuthConstants.HTTP_PARAM_EIDPROXY_AUTH_SELECTION); - if (paramObj != null ) { - if (paramObj instanceof String) { - String param = (String)paramObj; - if (StringUtils.isNotEmpty(param) && Boolean.parseBoolean(param)) { - Logger.debug("Manually selected E-ID authentication process "); - return AUTH_PROCESS_NAME; - } - } - } - - return null; - - } - - Logger.trace("Select E-ID authentication process ... "); - return AUTH_PROCESS_NAME; + public String selectProcess(ExecutionContext context, IRequest pendingReq) { + if (Boolean.parseBoolean( + pendingReq.getServiceProviderConfiguration().getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, + String.valueOf(false)))) { + Logger.debug("SP: " + pendingReq.getSPEntityId() + " activates E-ID mode."); + return AUTH_PROCESS_NAME; + + } else { + if (authConfig.getBasicConfigurationBoolean(EIDProxyAuthConstants.CONFIG_PROPS_DISABLE_PROCESS_ENFORCEMENT, true)) { + Logger.trace("Disable E-ID enforcment is 'true' "); + Serializable paramObj = context.get(EIDProxyAuthConstants.HTTP_PARAM_EIDPROXY_AUTH_SELECTION); + if (paramObj != null ) { + if (paramObj instanceof String) { + String param = (String)paramObj; + if (StringUtils.isNotEmpty(param) && Boolean.parseBoolean(param)) { + Logger.debug("Manually selected E-ID authentication process "); + return AUTH_PROCESS_NAME; + } + } + } + + return null; + + } else { + Logger.trace("Select E-ID authentication process ... "); + return AUTH_PROCESS_NAME; + + } + } } /* (non-Javadoc) diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java index b17f0c121..50f675c6e 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java @@ -29,6 +29,7 @@ import javax.annotation.PostConstruct; import org.springframework.beans.factory.annotation.Autowired; +import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; @@ -95,7 +96,7 @@ public class BKAMobileAuthModule implements AuthModule { * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) */ @Override - public String selectProcess(ExecutionContext context) { + public String selectProcess(ExecutionContext context, IRequest pendingReq) { String spEntityID = (String) context.get(EAAFConstants.PROCESS_ENGINE_SERVICE_PROVIDER_ENTITYID); String sl20ClientTypeHeader = (String) context.get("SL2ClientType".toLowerCase()); String sl20VDATypeHeader = (String) context.get("X-MOA-VDA".toLowerCase()); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java index 6efa55ac8..daaf6a0f5 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java @@ -23,17 +23,13 @@ package at.gv.egovernment.moa.id.auth.modules.eidas; -import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IRequestStorage; -import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl; import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; /** @@ -64,29 +60,14 @@ public class AustrianAuthWitheID4UAuthenticationModulImpl extends DefaultCitizen * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) */ @Override - public String selectProcess(ExecutionContext context) { - String selectedProcessID = super.selectProcess(context); + public String selectProcess(ExecutionContext context, IRequest pendingReq) { + String selectedProcessID = super.selectProcess(context, pendingReq); if (MiscUtil.isNotEmpty(selectedProcessID)) { - String pendingReqId = (String)context.get(EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID); - - if (StringUtils.isEmpty(pendingReqId)) - Logger.warn("Process execution context contains NO 'pendingReqId'. Looks very suspect!"); - - else { - IRequest pendingReq; - try { - pendingReq = requestStore.getPendingRequest(pendingReqId); - if (pendingReq != null && pendingReq instanceof EIDASData) { - return "eID4UAttributCollectionAuthentication"; + if (pendingReq != null && pendingReq instanceof EIDASData) { + return "eID4UAttributCollectionAuthentication"; - } - - } catch (PendingReqIdValidationException e) { - Logger.warn("Validation of PendingRequestId FAILED. Reason: " + e.getMessage()); - - } - } + } return selectedProcessID; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java index ec042949a..cf9a5cc60 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.auth.modules.eidas; import org.apache.commons.lang3.StringUtils; +import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; @@ -52,7 +53,7 @@ public class eIDASAuthenticationModulImpl implements AuthModule { * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) */ @Override - public String selectProcess(ExecutionContext context) { + public String selectProcess(ExecutionContext context, IRequest pendingReq) { if (StringUtils.isNotBlank((String) context.get("ccc")) || StringUtils.isNotBlank((String) context.get("CCC"))) return "eIDASAuthentication"; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java index a1d6bb225..e879fd95b 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java @@ -32,7 +32,7 @@ import org.springframework.stereotype.Service; import at.gv.egiz.components.spring.api.IDestroyableObject; import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing; import at.gv.egiz.eaaf.core.api.IPostStartupInitializable; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain; @@ -52,7 +52,7 @@ import eu.eidas.auth.engine.AbstractProtocolEngine; public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider implements ObservableMetadataProvider, IGarbageCollectorProcessing, IDestroyableObject, IRefreshableMetadataProvider, IPostStartupInitializable{ - @Autowired(required=true) IConfiguration basicConfig; + @Autowired(required=true) IConfigurationWithSP basicConfig; private Timer timer = null; @@ -82,7 +82,7 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider imp protected void initializeEidasMetadataFromFileSystem() throws ConfigurationException { try { - Map metadataToLoad = authConfig.getBasicConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX); + Map metadataToLoad = basicConfig.getBasicConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX); if (!metadataToLoad.isEmpty()) { Logger.info("Load static configurated eIDAS metadata ... "); for (String metaatalocation : metadataToLoad.values()) { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java index ab4179981..3b976b99e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java @@ -12,6 +12,7 @@ import org.springframework.stereotype.Component; import com.google.common.collect.UnmodifiableIterator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; @@ -43,6 +44,7 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { @Autowired private OAuth20AuthAction openIDAuthAction; @Autowired private ITransactionStorage transactionStorage; @Autowired private AuthenticationDataBuilder authDataBuilder; + @Autowired(required=true) protected IConfigurationWithSP authConfigWithSp; @Override public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp) @@ -102,10 +104,10 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { //generate fake OpenID_Connect request OAuth20AuthRequest fakeOpenIDReq = new OAuth20AuthRequest(); - fakeOpenIDReq.initialize(httpReq, authConfig); + fakeOpenIDReq.initialize(httpReq, authConfigWithSp); fakeOpenIDReq.setSPEntityId(uniqueID); fakeOpenIDReq.setModule(OAuth20Protocol.NAME); - fakeOpenIDReq.setOnlineApplicationConfiguration(authConfig.getServiceProviderConfiguration(uniqueID)); + fakeOpenIDReq.setOnlineApplicationConfiguration(authConfigWithSp.getServiceProviderConfiguration(uniqueID)); fakeOpenIDReq.setScope("openId profile"); //populate with SessionData diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java index 0d460f293..a0aa45794 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates; import org.springframework.beans.factory.annotation.Autowired; +import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; @@ -52,8 +53,8 @@ public class ELGAMandatesAuthModuleImpl extends DefaultCitizenCardAuthModuleImpl } @Override - public String selectProcess(ExecutionContext context) { - String selectedProcessID = super.selectProcess(context); + public String selectProcess(ExecutionContext context, IRequest pendingReq) { + String selectedProcessID = super.selectProcess(context, pendingReq); //check if BKU authentication is selected and ELGA-MandateService is configurated if (MiscUtil.isNotEmpty(selectedProcessID)) { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java index 9cceea7d5..8ef33381f 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java @@ -32,6 +32,7 @@ import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang.StringUtils; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; @@ -60,7 +61,7 @@ abstract class OAuth20BaseRequest extends RequestImpl { return param; } - protected void populateParameters(final HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception { + protected void populateParameters(final HttpServletRequest request, IConfigurationWithSP authConfig) throws OAuth20Exception { // moa id - load oa with client id! try { diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java index 9c2d47ca7..9142210c8 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java @@ -29,7 +29,7 @@ import javax.annotation.PostConstruct; import org.springframework.beans.factory.annotation.Autowired; -import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; @@ -77,11 +77,8 @@ public class SL20AuthenticationModulImpl implements AuthModule { * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) */ @Override - public String selectProcess(ExecutionContext context) { - ISPConfiguration spConfig = (ISPConfiguration) context.get(EAAFConstants.PROCESSCONTEXT_SP_CONFIG); -// if (spConfigObj != null && spConfigObj instanceof IOAAuthParameters) -// spConfig = (IOAAuthParameters)spConfigObj; - + public String selectProcess(ExecutionContext context, IRequest pendingReq) { + ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); String sl20ClientTypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase()); String sl20VDATypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase()); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java index a0b759ced..9c74a3cdb 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java @@ -55,6 +55,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { @Autowired(required=true) private IJOSETools joseTools; @Autowired private AuthConfiguration moaAuthConfig; + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { @@ -211,7 +212,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { private String extractVDAURLForSpecificOA(ISPConfiguration oaConfig, ExecutionContext executionContext) { String spSpecificVDAEndpoints = oaConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS); - Map endPointMap = authConfig.getBasicConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST); + Map endPointMap = moaAuthConfig.getBasicConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST); if (MiscUtil.isNotEmpty(spSpecificVDAEndpoints)) { endPointMap.putAll(KeyValueUtils.convertListToMap( KeyValueUtils.getListOfCSVValues( diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java index b9d08a20f..2d7e209ca 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java @@ -22,6 +22,7 @@ */ package at.gv.egovernment.moa.id.auth.modules.ssotransfer; +import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; @@ -53,7 +54,7 @@ public class SSOTransferAuthModuleImpl implements AuthModule{ * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) */ @Override - public String selectProcess(ExecutionContext context) { + public String selectProcess(ExecutionContext context, IRequest pendingReq) { Object restoreSSOSessionObj = context.get("restoreSSOSession"); if (restoreSSOSessionObj != null && restoreSSOSessionObj instanceof String) { boolean restoreSSOSession = (boolean) Boolean.parseBoolean((String)restoreSSOSessionObj); diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java index 4068d2d99..e50836712 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java @@ -22,6 +22,7 @@ */ package at.gv.egovernment.moa.id.auth.modules.federatedauth; +import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; @@ -45,7 +46,7 @@ public class FederatedAuthenticationModuleImpl implements AuthModule { * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) */ @Override - public String selectProcess(ExecutionContext context) { + public String selectProcess(ExecutionContext context, IRequest pendingReq) { //select interfederation authentication if PERFORM_INTERFEDERATION_AUTH flag is set Object performfedAuthObj = context.get(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH); if (performfedAuthObj != null && performfedAuthObj instanceof Boolean) { diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java index d0d97e9e8..a798679d7 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java @@ -36,6 +36,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; @@ -64,6 +65,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { @Autowired FederatedAuthCredentialProvider credential; @Autowired(required=true) MOAMetadataProvider metadataProvider; @Autowired(required=true) ILoALevelMapper loaMapper; + @Autowired(required=true) protected IConfigurationWithSP authConfigWithSp; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) @@ -82,7 +84,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { } //load IDP configuration from MOA-ID Configuration - IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(idpEntityID, IOAAuthParameters.class); + IOAAuthParameters idpConfig = authConfigWithSp.getServiceProviderConfiguration(idpEntityID, IOAAuthParameters.class); //validate IDP if (!idpConfig.isInderfederationIDP() || !idpConfig.isInboundSSOInterfederationAllowed()) { Logger.info("Requested interfederation IDP " + idpEntityID + " is not valid for interfederation."); diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java index 6b6d1a196..7dce22d81 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java @@ -42,6 +42,7 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; @@ -94,6 +95,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { @Autowired private AuthenticationDataBuilder authDataBuilder; @Autowired(required=true) MOAMetadataProvider metadataProvider; @Autowired(required=true) protected IAuthenticationSessionStoreage authenticatedSessionStorage; + @Autowired(required=true) protected IConfigurationWithSP authConfigWithSp; /* (non-Javadoc) @@ -150,7 +152,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg); //load IDP and SP configuration - IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class); + IOAAuthParameters idpConfig = authConfigWithSp.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class); IOAAuthParameters spConfig = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); //check if response Entity is valid @@ -224,7 +226,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { if (msg != null) { IOAAuthParameters idpConfig = null; try { - idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class); + idpConfig = authConfigWithSp.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class); //remove federated IDP from SSO session if exists ssoManager.removeInterfederatedSSOIDP(msg.getEntityID(), request); -- cgit v1.2.3 From 31e23d3cedeecf980e39b9637237cb8f3d01ad9f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 11 Dec 2019 16:08:19 +0100 Subject: change version to 4.1.0 --- id/server/modules/moa-id-modul-citizencard_authentication/pom.xml | 2 +- id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml | 2 +- id/server/modules/moa-id-module-E-ID_connector/pom.xml | 2 +- id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml | 2 +- id/server/modules/moa-id-module-eIDAS/pom.xml | 2 +- id/server/modules/moa-id-module-elga_mandate_service/pom.xml | 2 +- id/server/modules/moa-id-module-openID/pom.xml | 2 +- id/server/modules/moa-id-module-sl20_authentication/pom.xml | 2 +- id/server/modules/moa-id-module-ssoTransfer/pom.xml | 2 +- id/server/modules/moa-id-modules-federated_authentication/pom.xml | 2 +- id/server/modules/moa-id-modules-saml1/pom.xml | 2 +- id/server/modules/module-monitoring/pom.xml | 2 +- id/server/modules/pom.xml | 2 +- 13 files changed, 13 insertions(+), 13 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml index 74e7a963c..6596312f3 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml +++ b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.0.1-snapshot + 4.1.0 moa-id-modul-citizencard_authentication diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml index 2345d3bff..748b6a247 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.0.1-snapshot + 4.1.0 moa-id-module-AT_eIDAS_connector moa-id-module-AT_eIDAS_connector diff --git a/id/server/modules/moa-id-module-E-ID_connector/pom.xml b/id/server/modules/moa-id-module-E-ID_connector/pom.xml index 48723c8be..d21654fd1 100644 --- a/id/server/modules/moa-id-module-E-ID_connector/pom.xml +++ b/id/server/modules/moa-id-module-E-ID_connector/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.0.1-snapshot + 4.1.0 moa-id-module-EID_connector moa-id-module-E-ID_connector diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml index 882a2ad78..12c5e1319 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.0.1-snapshot + 4.1.0 moa-id-module-bkaMobilaAuthSAML2Test BKA MobileAuth Test for SAML2 applications diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index 6f09fa4fb..4562f3239 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.0.1-snapshot + 4.1.0 moa-id-module-eIDAS MOA-ID eIDAS Module diff --git a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml index 6068c8d3d..bdc83f686 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml +++ b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.0.1-snapshot + 4.1.0 moa-id-module-elga_mandate_service ${moa-id-module-elga_mandate_client} diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml index a501f555a..f74177cd4 100644 --- a/id/server/modules/moa-id-module-openID/pom.xml +++ b/id/server/modules/moa-id-module-openID/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.0.1-snapshot + 4.1.0 moa-id-module-openID diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml index 9a1151f25..d41e221af 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.0.1-snapshot + 4.1.0 moa-id-module-sl20_authentication moa-id-module-sl20_authentication diff --git a/id/server/modules/moa-id-module-ssoTransfer/pom.xml b/id/server/modules/moa-id-module-ssoTransfer/pom.xml index bd945b0c9..68e984ef5 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/pom.xml +++ b/id/server/modules/moa-id-module-ssoTransfer/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.0.1-snapshot + 4.1.0 moa-id-module-ssoTransfer MOA-ID_SSO_Transfer_modul diff --git a/id/server/modules/moa-id-modules-federated_authentication/pom.xml b/id/server/modules/moa-id-modules-federated_authentication/pom.xml index c3d8a970f..044eb5732 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/pom.xml +++ b/id/server/modules/moa-id-modules-federated_authentication/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.0.1-snapshot + 4.1.0 moa-id-modules-federated_authentication PVP2 ServiceProvider implementation for federated authentication diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml index 66fe46900..9c27134d0 100644 --- a/id/server/modules/moa-id-modules-saml1/pom.xml +++ b/id/server/modules/moa-id-modules-saml1/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.0.1-snapshot + 4.1.0 moa-id-module-saml1 diff --git a/id/server/modules/module-monitoring/pom.xml b/id/server/modules/module-monitoring/pom.xml index 99b5b091d..1be1574a5 100644 --- a/id/server/modules/module-monitoring/pom.xml +++ b/id/server/modules/module-monitoring/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.0.1-snapshot + 4.1.0 moa-id-module-monitoring diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index 80451c89a..72f568a8a 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -5,7 +5,7 @@ MOA.id moa-id - 4.0.1-snapshot + 4.1.0 MOA.id.server.modules -- cgit v1.2.3 From 38f60c2385cd47c320942fdc7c9eb158f0e320e0 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 13 Dec 2019 08:54:02 +0100 Subject: add code for SEMPER eIDAS extensions --- .../moa-id-module-AT_eIDAS_connector/pom.xml | 18 ++ .../EidasCentralAuthConstants.java | 19 ++ .../EidasCentralAuthMetadataConfiguration.java | 2 +- .../EidasCentralAuthMetadataController.java | 22 +- .../semper/AuthnRequestSemperProcessor.java | 151 +++++++++ .../tasks/ReceiveAuthnResponseTask.java | 24 +- .../moaid_eIDAS_central_node_auth.beans.xml | 4 + .../semper/AuthnRequestSemperProcessorTest.java | 348 +++++++++++++++++++++ .../semper/DummyAuthConfigMap.java | 136 ++++++++ .../resources/SpringTest-context_basic_test.xml | 20 ++ .../src/test/resources/data/pvp2_authn_1.xml | 43 +++ .../src/test/resources/data/pvp2_authn_10.xml | 33 ++ .../src/test/resources/data/pvp2_authn_2.xml | 43 +++ .../src/test/resources/data/pvp2_authn_3.xml | 40 +++ .../src/test/resources/data/pvp2_authn_4.xml | 43 +++ .../src/test/resources/data/pvp2_authn_5.xml | 44 +++ .../src/test/resources/data/pvp2_authn_6.xml | 40 +++ .../src/test/resources/data/pvp2_authn_7.xml | 44 +++ .../src/test/resources/data/pvp2_authn_8.xml | 42 +++ .../src/test/resources/data/pvp2_authn_9.xml | 35 +++ 20 files changed, 1142 insertions(+), 9 deletions(-) create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/AuthnRequestSemperProcessor.java create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/AuthnRequestSemperProcessorTest.java create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/DummyAuthConfigMap.java create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/SpringTest-context_basic_test.xml create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_1.xml create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_10.xml create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_2.xml create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_3.xml create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_4.xml create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_5.xml create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_6.xml create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_7.xml create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_8.xml create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_9.xml (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml index 748b6a247..2ba496dd7 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml @@ -58,5 +58,23 @@ junit test + + at.gv.egiz.eaaf + eaaf_core_utils + test + test-jar + + + at.gv.egiz.eaaf + eaaf-core + test + test-jar + + + org.hamcrest + hamcrest-library + 1.3 + test + diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java index 19950a078..96c78abb4 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java @@ -27,6 +27,7 @@ import java.util.Collections; import java.util.List; import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.data.Trible; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; @@ -60,6 +61,8 @@ public class EidasCentralAuthConstants { public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "node.metadataUrl"; public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "node.trustprofileID"; + public static final String CONFIG_PROPS_SEMPER_MANDATES_ACTIVE = CONFIG_PROPS_PREFIX + "semper.mandates.active"; + public static final String CONFIG_PROPS_SEMPER_MANDATES_MS_PROXY_LIST = CONFIG_PROPS_PREFIX + "semper.msproxy.list"; public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EAAFConstants.EIDAS_LOA_HIGH; public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES = @@ -81,6 +84,22 @@ public class EidasCentralAuthConstants { } }); + public static final List> DEFAULT_SEMPER_MANDATE_PVP_ATTRIBUTES = + Collections.unmodifiableList(new ArrayList>() { + private static final long serialVersionUID = 1L; + { + //request entity information + add(Pair.newInstance(PVPConstants.MANDATE_TYPE_NAME, false)); + add(Pair.newInstance(PVPConstants.MANDATE_TYPE_OID_NAME, false)); + + add(Pair.newInstance(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME, false)); + add(Pair.newInstance(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, false)); + add(Pair.newInstance(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME, false)); + + + } + }); + public static final List DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES = Collections.unmodifiableList(new ArrayList() { private static final long serialVersionUID = 1L; diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthMetadataConfiguration.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthMetadataConfiguration.java index aad1244f1..2bb384c74 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthMetadataConfiguration.java +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthMetadataConfiguration.java @@ -334,7 +334,7 @@ public class EidasCentralAuthMetadataConfiguration implements IPVPMetadataBuilde * @param additionalAttr List of PVP attribute name and isRequired flag */ public void setAdditionalRequiredAttributes(List> additionalAttr) { - if (additionalAttr != null) { + if (additionalAttr != null && !additionalAttr.isEmpty()) { additionalAttributes = new ArrayList(); for (Pair el : additionalAttr) { Attribute attributBuilder = PVPAttributeBuilder.buildEmptyAttribute(el.getFirst()); diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java index a6a7084f5..a0c1fa30b 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java @@ -109,9 +109,17 @@ public class EidasCentralAuthMetadataController extends AbstractController { } private List> getAdditonalRequiredAttributes() { - Map addReqAttributes = authConfig.getBasicConfigurationWithPrefix(EidasCentralAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST); - if (addReqAttributes != null) { - List> result = new ArrayList>(); + List> result = new ArrayList>(); + + //load SEMPER attributes if required + if (authConfig.getBasicConfigurationBoolean(EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) { + result.addAll(EidasCentralAuthConstants.DEFAULT_SEMPER_MANDATE_PVP_ATTRIBUTES); + + } + + //load attributes from configuration + Map addReqAttributes = authConfig.getBasicConfigurationWithPrefix(EidasCentralAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST); + if (addReqAttributes != null) { for (String el : addReqAttributes.values()) { if (MiscUtil.isNotEmpty(el)) { Logger.trace("Parse additional attr. definition: " + el); @@ -123,12 +131,12 @@ public class EidasCentralAuthMetadataController extends AbstractController { Logger.info("IGNORE additional attr. definition: " + el + " Reason: Format not valid"); } - } - - return result; + } } - return null; + return result; + + } } diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/AuthnRequestSemperProcessor.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/AuthnRequestSemperProcessor.java new file mode 100644 index 000000000..222ba812c --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/AuthnRequestSemperProcessor.java @@ -0,0 +1,151 @@ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.semper; + +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml2.core.AuthnRequest; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.xml.XMLObject; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttributes; +import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.logging.Logger; + +public class AuthnRequestSemperProcessor implements IAuthnRequestPostProcessor { + + @Autowired IConfiguration authConfig; + + @Override + public void process(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authReq, + SPSSODescriptor spSsoDescriptor) throws AuthnRequestValidatorException { + if (authConfig.getBasicConfigurationBoolean( + EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false) + && isSpAllowed(authReq)) { + + Logger.debug("SEMPER mode detected. Starting SP-Info extraction from requested attributes ..."); + extractRequestedAttributeInformation(authReq, pendingReq); + + } else { + Logger.trace("Skip: " + AuthnRequestSemperProcessor.class.getSimpleName() + " because is's not active or not allowed"); + + } + + } + + private boolean isSpAllowed(AuthnRequest authReq) { + String csvOfAllowedProxies = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_MS_PROXY_LIST); + List allowedProxies = KeyValueUtils.getListOfCSVValues(csvOfAllowedProxies); + Logger.trace("Validate SP-EntityId: " + authReq.getIssuer().getValue() + + " with allowed MS-Proxies: [" + StringUtils.join(allowedProxies, ", ") + "]"); + return allowedProxies.contains(authReq.getIssuer().getValue()); + + } + + + private void extractRequestedAttributeInformation(AuthnRequest authnReq, IRequest pendingReq) throws AuthnRequestValidatorException { + // validate and process requested attributes + boolean hasValidBpkTarget = false; + if (authnReq.getExtensions() != null) { + final List requestedAttributes = authnReq.getExtensions().getUnknownXMLObjects(); + for (final XMLObject reqAttrObj : requestedAttributes) { + if (reqAttrObj instanceof EAAFRequestedAttributes) { + final EAAFRequestedAttributes reqAttr = (EAAFRequestedAttributes) reqAttrObj; + if (reqAttr.getAttributes() != null && reqAttr.getAttributes().size() != 0) { + for (final EAAFRequestedAttribute el : reqAttr.getAttributes()) { + Logger.trace("Processing req. attribute '" + el.getName() + "' ... "); + if (el.getName().equals(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) { + hasValidBpkTarget = extractBpkTarget(el, pendingReq); + + } else if (el.getName().equals(ExtendedPVPAttributeDefinitions.SP_USESMANDATES_NAME )) { + extractMandateProfiles(el, pendingReq); + + } else { + Logger.debug("Ignore req. attribute: " + el.getName()); + } + + } + + } else { + Logger.debug("No requested Attributes in Authn. Request"); + } + + } else { + Logger.info("Ignore unknown requested attribute: " + reqAttrObj.getElementQName().toString()); + } + + } + } + + if (!hasValidBpkTarget) { + Logger.info("Authn.Req validation FAILED. Reason: Contains NO or NO VALID target-sector information."); + throw new AuthnRequestValidatorException("pvp2.22", new Object[] { + "NO or NO VALID target-sector information" }); + + } + + } + + private void extractMandateProfiles(EAAFRequestedAttribute el, IRequest pendingReq) { + if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) { + final String profiles = el.getAttributeValues().get(0).getDOM().getTextContent(); + Map configProps = pendingReq.getServiceProviderConfiguration().getFullConfiguration(); + Logger.debug("Set MandateProfiles to: " + profiles); + configProps.put( + MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_USE, + String.valueOf(true)); + configProps.put( + MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_PROFILES, + profiles); + + } else { + Logger.info("Req. attribute '" + el.getName() + + "' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute"); + } + + } + + + private boolean extractBpkTarget(final EAAFRequestedAttribute el, IRequest pendingReq) { + if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) { + final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent(); + Map configProps = pendingReq.getServiceProviderConfiguration().getFullConfiguration(); + if (sectorId.startsWith(EAAFConstants.URN_PREFIX_EIDAS)) { + Logger.debug("Set eIDAS target to: " + sectorId); + configProps.put( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, + MOAIDConstants.IDENIFICATIONTYPE_EIDAS); + configProps.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, + sectorId.substring(EAAFConstants.URN_PREFIX_EIDAS.length())); + return true; + + } else { + Logger.info("Requested sector: " + sectorId + " DOES NOT match to allowed sectors for SP: " + + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier()); + + } + + } else { + Logger.info("Req. attribute '" + el.getName() + + "' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute"); + } + + return false; + + } + +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java index f3eaff11a..7f44c4deb 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.tasks; import java.io.IOException; +import java.util.Arrays; import java.util.Set; import javax.servlet.http.HttpServletRequest; @@ -64,6 +65,7 @@ import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentral import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.Utils; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -194,7 +196,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { throw new AssertionValidationExeption("sp.pvp2.06", new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING}); } - + //copy attributes into MOASession AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); Set includedAttrNames = extractor.getAllIncludeAttributeNames(); @@ -207,12 +209,32 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { //set foreigner flag session.setForeigner(true); + + //set CCE URL if (extractor.getFullAssertion().getIssuer() != null && StringUtils.isNotEmpty(extractor.getFullAssertion().getIssuer().getValue())) session.setBkuURL(extractor.getFullAssertion().getIssuer().getValue()); else session.setBkuURL("eIDAS_Authentication"); + if (authConfig.getBasicConfigurationBoolean(EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) { + if (extractor.containsAttribute(PVPConstants.MANDATE_TYPE_NAME)) { + Logger.trace("Check attributes in SEMPER eIDAS mode."); + if (!extractor.containsAllRequiredAttributes(Arrays.asList( + PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME, + PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, + PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME))) { + Logger.warn("PVP Response from 'ms-specific eIDAS node' contains not all required attributes for eIDAS SEMPER process."); + throw new AssertionValidationExeption("sp.pvp2.06", new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING}); + + } + + Logger.info("SEMPER mode is active and mandates are found. Activing mandates for eIDAS login ... "); + session.setUseMandates(true); + + } + } + } catch (AssertionValidationExeption e) { throw new BuildException("builder.06", null, e); diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml index f57d4a94b..baf7e84b5 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml @@ -31,6 +31,10 @@ + + + spConfig = new HashMap<>(); + spConfig.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, + "https://demo.egiz.gv.at/ms_connector/sp/metadata"); + + pendingReq = new TestRequestImpl(); + pendingReq.setAuthURL("https://localhost/ms_connector"); + pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setSpConfig(new OAAuthParameterDecorator(new SPConfigurationImpl(spConfig, configMap))); + + } + + @Test + public void semperModeNotSet() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException, AuthnRequestValidatorException { + configMap.removeConfigValue(EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE); + + AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_1.xml"); + + processor.process(httpReq, pendingReq, authReq , null); + + ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); + Assert.assertNotNull("SP config is null", spConfig); + org.springframework.util.Assert.isInstanceOf(OAAuthParameterDecorator.class, + spConfig, "SP config is NOT of type MOA-ID SP Config"); + + Assert.assertNull("SP target is null", spConfig.getAreaSpecificTargetIdentifier()); + Assert.assertFalse("UseMandates flag", ((OAAuthParameterDecorator)spConfig).isShowMandateCheckBox()); + Assert.assertNull("Mandate profiles", ((OAAuthParameterDecorator)spConfig).getMandateProfiles()); + + } + + @Test + public void semperModeInactive() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException, AuthnRequestValidatorException { + configMap.putConfigValue(EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, "false"); + + AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_1.xml"); + + processor.process(httpReq, pendingReq, authReq , null); + + ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); + Assert.assertNotNull("SP config is null", spConfig); + org.springframework.util.Assert.isInstanceOf(OAAuthParameterDecorator.class, + spConfig, "SP config is NOT of type MOA-ID SP Config"); + + Assert.assertNull("SP target is null", spConfig.getAreaSpecificTargetIdentifier()); + Assert.assertFalse("UseMandates flag", ((OAAuthParameterDecorator)spConfig).isShowMandateCheckBox()); + Assert.assertNull("Mandate profiles", ((OAAuthParameterDecorator)spConfig).getMandateProfiles()); + + } + + @Test + public void allowedSPsNotSet() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException, AuthnRequestValidatorException { + configMap.removeConfigValue(EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_MS_PROXY_LIST); + + AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_1.xml"); + + processor.process(httpReq, pendingReq, authReq , null); + + ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); + Assert.assertNotNull("SP config is null", spConfig); + org.springframework.util.Assert.isInstanceOf(OAAuthParameterDecorator.class, + spConfig, "SP config is NOT of type MOA-ID SP Config"); + + Assert.assertNull("SP target is null", spConfig.getAreaSpecificTargetIdentifier()); + Assert.assertFalse("UseMandates flag", ((OAAuthParameterDecorator)spConfig).isShowMandateCheckBox()); + Assert.assertNull("Mandate profiles", ((OAAuthParameterDecorator)spConfig).getMandateProfiles()); + + } + + @Test + public void nonValidSpEntityId() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException, AuthnRequestValidatorException { + + + pendingReq.getServiceProviderConfiguration().getFullConfiguration().put( + EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, + "https://apps.egiz.gv.at/ms_connector/sp/metadata"); + AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_2.xml"); + + processor.process(httpReq, pendingReq, authReq , null); + + ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); + Assert.assertNotNull("SP config is null", spConfig); + org.springframework.util.Assert.isInstanceOf(OAAuthParameterDecorator.class, + spConfig, "SP config is NOT of type MOA-ID SP Config"); + + Assert.assertNull("SP target is null", spConfig.getAreaSpecificTargetIdentifier()); + Assert.assertFalse("UseMandates flag", ((OAAuthParameterDecorator)spConfig).isShowMandateCheckBox()); + Assert.assertNull("Mandate profiles", ((OAAuthParameterDecorator)spConfig).getMandateProfiles()); + + } + + @Test + public void bPKTargetIsMissing_1() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException { + + AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_3.xml"); + + try { + processor.process(httpReq, pendingReq, authReq , null); + Assert.fail("No bPK target not detected"); + + } catch (AuthnRequestValidatorException e) { + Assert.assertEquals("ErrorMessage", "pvp2.22", e.getErrorId()); + + } + } + + @Test + public void bPKTargetIsMissing_2() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException { + + AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_4.xml"); + + try { + processor.process(httpReq, pendingReq, authReq , null); + Assert.fail("No bPK target not detected"); + + } catch (AuthnRequestValidatorException e) { + Assert.assertEquals("ErrorMessage", "pvp2.22", e.getErrorId()); + + } + } + + @Test + public void bPKTargetIsMissing_3() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException { + + AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_5.xml"); + + try { + processor.process(httpReq, pendingReq, authReq , null); + Assert.fail("No bPK target not detected"); + + } catch (AuthnRequestValidatorException e) { + Assert.assertEquals("ErrorMessage", "pvp2.22", e.getErrorId()); + + } + } + + @Test + public void noRequestedAttributes() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException { + + AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_9.xml"); + + try { + processor.process(httpReq, pendingReq, authReq , null); + Assert.fail("No bPK target not detected"); + + } catch (AuthnRequestValidatorException e) { + Assert.assertEquals("ErrorMessage", "pvp2.22", e.getErrorId()); + + } + } + + @Test + public void noSAML2ExtentsionElement() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException { + + AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_10.xml"); + + try { + processor.process(httpReq, pendingReq, authReq , null); + Assert.fail("No bPK target not detected"); + + } catch (AuthnRequestValidatorException e) { + Assert.assertEquals("ErrorMessage", "pvp2.22", e.getErrorId()); + + } + } + + @Test + public void validSpEntityIdNoMandateProfiles() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException, AuthnRequestValidatorException { + + AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_6.xml"); + + processor.process(httpReq, pendingReq, authReq , null); + + ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); + Assert.assertNotNull("SP config is null", spConfig); + org.springframework.util.Assert.isInstanceOf(OAAuthParameterDecorator.class, + spConfig, "SP config is NOT of type MOA-ID SP Config"); + + Assert.assertNotNull("SP target is null", spConfig.getAreaSpecificTargetIdentifier()); + Assert.assertEquals("SP target not match", "urn:publicid:gv.at:eidasid+AT+EE", spConfig.getAreaSpecificTargetIdentifier()); + + + Assert.assertFalse("UseMandates flag", ((OAAuthParameterDecorator)spConfig).isShowMandateCheckBox()); + Assert.assertNull("Mandate profiles", ((OAAuthParameterDecorator)spConfig).getMandateProfiles()); + + } + + @Test + public void validSpEntityIdNotValidMandateProfiles_1() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException, AuthnRequestValidatorException { + + AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_7.xml"); + + processor.process(httpReq, pendingReq, authReq , null); + + ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); + Assert.assertNotNull("SP config is null", spConfig); + org.springframework.util.Assert.isInstanceOf(OAAuthParameterDecorator.class, + spConfig, "SP config is NOT of type MOA-ID SP Config"); + + Assert.assertNotNull("SP target is null", spConfig.getAreaSpecificTargetIdentifier()); + Assert.assertEquals("SP target not match", "urn:publicid:gv.at:eidasid+AT+EE", spConfig.getAreaSpecificTargetIdentifier()); + + + Assert.assertFalse("UseMandates flag", ((OAAuthParameterDecorator)spConfig).isShowMandateCheckBox()); + Assert.assertNull("Mandate profiles", ((OAAuthParameterDecorator)spConfig).getMandateProfiles()); + + } + + @Test + public void validSpEntityIdNotValidMandateProfiles_2() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException, AuthnRequestValidatorException { + + AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_8.xml"); + + processor.process(httpReq, pendingReq, authReq , null); + + ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); + Assert.assertNotNull("SP config is null", spConfig); + org.springframework.util.Assert.isInstanceOf(OAAuthParameterDecorator.class, + spConfig, "SP config is NOT of type MOA-ID SP Config"); + + Assert.assertNotNull("SP target is null", spConfig.getAreaSpecificTargetIdentifier()); + Assert.assertEquals("SP target not match", "urn:publicid:gv.at:eidasid+AT+EE", spConfig.getAreaSpecificTargetIdentifier()); + + + Assert.assertFalse("UseMandates flag", ((OAAuthParameterDecorator)spConfig).isShowMandateCheckBox()); + Assert.assertNull("Mandate profiles", ((OAAuthParameterDecorator)spConfig).getMandateProfiles()); + + } + + @Test + public void validSpEntityIdWithMandateProfiles() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException, AuthnRequestValidatorException { + + AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_1.xml"); + + processor.process(httpReq, pendingReq, authReq , null); + + ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); + Assert.assertNotNull("SP config is null", spConfig); + org.springframework.util.Assert.isInstanceOf(OAAuthParameterDecorator.class, + spConfig, "SP config is NOT of type MOA-ID SP Config"); + + Assert.assertNotNull("SP target is null", spConfig.getAreaSpecificTargetIdentifier()); + Assert.assertEquals("SP target not match", "urn:publicid:gv.at:eidasid+AT+EE", spConfig.getAreaSpecificTargetIdentifier()); + + + Assert.assertTrue("UseMandates flag", ((OAAuthParameterDecorator)spConfig).isShowMandateCheckBox()); + + Assert.assertNotNull("Mandate profiles are null", ((OAAuthParameterDecorator)spConfig).getMandateProfiles()); + Assert.assertEquals("Number of mandate profiles not match", 3, ((OAAuthParameterDecorator)spConfig).getMandateProfiles().size()); + assertThat("Mandate profiles not match", ((OAAuthParameterDecorator)spConfig).getMandateProfiles(), + contains("Einzelvertretungsbefugnis", "1.2.40.0.10.1.7.3.1.1", "ERsB")); + + } + + private AuthnRequest getAuthRequest(String resource) throws + ParserConfigurationException, SAXException, IOException, UnmarshallingException { + final Element authBlockDom = + DOMUtils.parseXmlValidating(AuthnRequestSemperProcessor.class.getResourceAsStream(resource)); + + final UnmarshallerFactory unmarshallerFactory = + org.opensaml.xml.Configuration.getUnmarshallerFactory(); + final Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(authBlockDom); + return (AuthnRequest) unmarshaller.unmarshall(authBlockDom); + +} +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/DummyAuthConfigMap.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/DummyAuthConfigMap.java new file mode 100644 index 000000000..1cc51f2e0 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/DummyAuthConfigMap.java @@ -0,0 +1,136 @@ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.semper; + +import java.io.IOException; +import java.io.InputStream; +import java.net.URI; +import java.net.URL; +import java.util.HashMap; +import java.util.Map; +import java.util.Properties; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; + +/** + * Dummy Application-configuration implementation for jUnit tests. + * + * @author tlenz + * + */ +public class DummyAuthConfigMap implements IConfigurationWithSP { + + private Map config = new HashMap<>(); + + public DummyAuthConfigMap() { + + } + + /** + * Dummy Application-configuration. + * + * @param configIs Property based configuration + * @throws IOException In case of an configuration read error + */ + public DummyAuthConfigMap(final InputStream configIs) throws IOException { + + final Properties props = new Properties(); + props.load(configIs); + + config = KeyValueUtils.convertPropertiesToMap(props); + + } + + /** + * Dummy Application-configuration. + * + * @param path Path to property based configuration + * @throws IOException In case of an configuration read error + */ + public DummyAuthConfigMap(final String path) throws IOException { + + final Properties props = new Properties(); + props.load(this.getClass().getResourceAsStream(path)); + + config = KeyValueUtils.convertPropertiesToMap(props); + + } + + + @Override + public String getBasicConfiguration(final String key) { + return config.get(key); + + } + + @Override + public String getBasicConfiguration(final String key, final String defaultValue) { + final String value = getBasicConfiguration(key); + if (StringUtils.isEmpty(value)) { + return defaultValue; + } else { + return value; + } + + } + + @Override + public Boolean getBasicConfigurationBoolean(final String key) { + final String value = getBasicConfiguration(key); + if (StringUtils.isEmpty(value)) { + return false; + } else { + return Boolean.valueOf(value); + } + } + + @Override + public boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue) { + return Boolean.parseBoolean(getBasicConfiguration(key, String.valueOf(defaultValue))); + + } + + @Override + public Map getBasicConfigurationWithPrefix(final String prefix) { + return KeyValueUtils.getSubSetWithPrefix(config, prefix); + + } + + @Override + public ISPConfiguration getServiceProviderConfiguration(final String uniqueID) + throws EAAFConfigurationException { + return null; + } + + @Override + public T getServiceProviderConfiguration(final String spIdentifier, final Class decorator) + throws EAAFConfigurationException { + return null; + } + + @Override + public URI getConfigurationRootDirectory() { + return new java.io.File(".").toURI(); + + } + + @Override + public String validateIDPURL(final URL authReqUrl) throws EAAFException { + return null; + } + + public void putConfigValue(final String key, final String value) { + config.put(key, value); + } + + public void removeConfigValue(final String key) { + config.remove(key); + + } + + +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/SpringTest-context_basic_test.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/SpringTest-context_basic_test.xml new file mode 100644 index 000000000..18900c27d --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/SpringTest-context_basic_test.xml @@ -0,0 +1,20 @@ + + + + + + + + + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_1.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_1.xml new file mode 100644 index 000000000..f6c6b26ee --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_1.xml @@ -0,0 +1,43 @@ + + + https://demo.egiz.gv.at/ms_connector/sp/metadata + + + + + + + + + + + + + mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko= + + + ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A== + + + MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc= + + + + + + + urn:publicid:gv.at:eidasid+AT+EE + + + Einzelvertretungsbefugnis,1.2.40.0.10.1.7.3.1.1,ERsB + + + + + + http://eidas.europa.eu/LoA/low + + + https://demo.egiz.gv.at/demoportal-openID_demo + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_10.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_10.xml new file mode 100644 index 000000000..1d52986fc --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_10.xml @@ -0,0 +1,33 @@ + + + https://demo.egiz.gv.at/ms_connector/sp/metadata + + + + + + + + + + + + + mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko= + + + ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A== + + + MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc= + + + + + + http://eidas.europa.eu/LoA/low + + + https://demo.egiz.gv.at/demoportal-openID_demo + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_2.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_2.xml new file mode 100644 index 000000000..c5b634539 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_2.xml @@ -0,0 +1,43 @@ + + + https://apps.egiz.gv.at/ms_connector/sp/metadata + + + + + + + + + + + + + mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko= + + + ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A== + + + MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc= + + + + + + + urn:publicid:gv.at:eidasid+AT+EE + + + Einzelvertretungsbefugnis,1.2.40.0.10.1.7.3.1.1,ERsB + + + + + + http://eidas.europa.eu/LoA/low + + + https://demo.egiz.gv.at/demoportal-openID_demo + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_3.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_3.xml new file mode 100644 index 000000000..d79caa0fe --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_3.xml @@ -0,0 +1,40 @@ + + + https://demo.egiz.gv.at/ms_connector/sp/metadata + + + + + + + + + + + + + mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko= + + + ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A== + + + MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc= + + + + + + + Einzelvertretungsbefugnis,1.2.40.0.10.1.7.3.1.1,ERsB + + + + + + http://eidas.europa.eu/LoA/low + + + https://demo.egiz.gv.at/demoportal-openID_demo + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_4.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_4.xml new file mode 100644 index 000000000..c04a97a7f --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_4.xml @@ -0,0 +1,43 @@ + + + https://demo.egiz.gv.at/ms_connector/sp/metadata + + + + + + + + + + + + + mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko= + + + ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A== + + + MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc= + + + + + + + + + + Einzelvertretungsbefugnis,1.2.40.0.10.1.7.3.1.1,ERsB + + + + + + http://eidas.europa.eu/LoA/low + + + https://demo.egiz.gv.at/demoportal-openID_demo + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_5.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_5.xml new file mode 100644 index 000000000..339514323 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_5.xml @@ -0,0 +1,44 @@ + + + https://demo.egiz.gv.at/ms_connector/sp/metadata + + + + + + + + + + + + + mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko= + + + ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A== + + + MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc= + + + + + + + urn:publicid:gv.at:eidasid+AT+EE + urn:publicid:gv.at:eidasid+AT+XX + + + Einzelvertretungsbefugnis,1.2.40.0.10.1.7.3.1.1,ERsB + + + + + + http://eidas.europa.eu/LoA/low + + + https://demo.egiz.gv.at/demoportal-openID_demo + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_6.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_6.xml new file mode 100644 index 000000000..8a046363c --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_6.xml @@ -0,0 +1,40 @@ + + + https://demo.egiz.gv.at/ms_connector/sp/metadata + + + + + + + + + + + + + mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko= + + + ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A== + + + MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc= + + + + + + + urn:publicid:gv.at:eidasid+AT+EE + + + + + + http://eidas.europa.eu/LoA/low + + + https://demo.egiz.gv.at/demoportal-openID_demo + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_7.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_7.xml new file mode 100644 index 000000000..502619e94 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_7.xml @@ -0,0 +1,44 @@ + + + https://demo.egiz.gv.at/ms_connector/sp/metadata + + + + + + + + + + + + + mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko= + + + ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A== + + + MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc= + + + + + + + urn:publicid:gv.at:eidasid+AT+EE + + + Einzelvertretungsbefugnis,1.2.40.0.10.1.7.3.1.1,ERsB + Einzelvertretungsbefugnis,1.2.40.0.10.1.7.3.1.1,ERsB + + + + + + http://eidas.europa.eu/LoA/low + + + https://demo.egiz.gv.at/demoportal-openID_demo + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_8.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_8.xml new file mode 100644 index 000000000..ff667168a --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_8.xml @@ -0,0 +1,42 @@ + + + https://demo.egiz.gv.at/ms_connector/sp/metadata + + + + + + + + + + + + + mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko= + + + ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A== + + + MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc= + + + + + + + urn:publicid:gv.at:eidasid+AT+EE + + + + + + + + http://eidas.europa.eu/LoA/low + + + https://demo.egiz.gv.at/demoportal-openID_demo + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_9.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_9.xml new file mode 100644 index 000000000..5506b2f31 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_9.xml @@ -0,0 +1,35 @@ + + + https://demo.egiz.gv.at/ms_connector/sp/metadata + + + + + + + + + + + + + mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko= + + + ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A== + + + MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc= + + + + + + + + http://eidas.europa.eu/LoA/low + + + https://demo.egiz.gv.at/demoportal-openID_demo + + \ No newline at end of file -- cgit v1.2.3 From 1292f854aa98b167a849dc0f202a1957a5ce2514 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 13 Dec 2019 09:56:15 +0100 Subject: set NeedConsentFlag to 'false' if authentication was done without SSO --- .../id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java | 3 +++ .../auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java | 3 +++ .../id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java | 3 +++ .../moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java | 2 ++ .../moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java | 3 +++ .../id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java | 3 +++ 6 files changed, 17 insertions(+) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java index 9b9b76ffc..4102a15b0 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java @@ -99,6 +99,9 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { //verify authBlock authServer.verifyAuthenticationBlock(pendingReq, moasession, createXMLSignatureResponse); + //set NeedConsent to false, because user gives consont during authentication + pendingReq.setNeedUserConsent(false); + //store pending request with new MOASession data information requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java index 7f44c4deb..eeef68c3e 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java @@ -150,6 +150,9 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { getAuthDataFromInterfederation(extractor, pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class)); + //set NeedConsent to false, because user gives consont during authentication + pendingReq.setNeedUserConsent(false); + //store pending-request requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java index 9914927c5..6da4ba047 100644 --- a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java @@ -151,6 +151,9 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { getAuthDataFromInterfederation(extractor, pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class)); + //set NeedConsent to false, because user gives consont during authentication + pendingReq.setNeedUserConsent(false); + //store pending-request requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java index 468a91293..fa48b9c64 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java @@ -116,6 +116,8 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask { } else moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar.getInstance())); + //set NeedConsent to false, because user gives consont during authentication + pendingReq.setNeedUserConsent(false); //store pending request requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index d89d0bd2b..8839d5a94 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -189,6 +189,9 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moaSession, attributeExtractor); + //set NeedConsent to false, because user gives consont during authentication + pendingReq.setNeedUserConsent(false); + // store MOASession into database requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java index 7dce22d81..ad79d5b3b 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java @@ -201,6 +201,9 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { pendingReq.setRawDataToTransaction(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg); pendingReq.setRawDataToTransaction(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID()); + //set NeedConsent to false, because user gives consont during authentication + pendingReq.setNeedUserConsent(false); + //store pending-request requestStoreage.storePendingRequest(pendingReq); -- cgit v1.2.3