From ffb4fc9f4ff9e1779ae4da8017fc686881a3e8ae Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 18 Feb 2019 08:30:49 +0100 Subject: add 'Austrian eID' demo-mode to simulate attribute behavior from 2020 --- .../data/oa/OATargetConfiguration.java | 51 +- .../resources/applicationResources_de.properties | 8 +- .../resources/applicationResources_en.properties | 5 +- .../validation/task/impl/ServicesTargetTask.java | 7 + .../id/auth/builder/AuthenticationDataBuilder.java | 49 ++ .../id/config/auth/OAAuthParameterDecorator.java | 24 + .../config/auth/data/DynamicOAAuthParameters.java | 7 +- .../gv/egovernment/moa/id/data/IMOAAuthData.java | 6 + .../moa/id/data/MOAAuthenticationData.java | 658 +-------------------- .../attributes/BPKListAttributeBuilder.java | 52 ++ .../protocols/builder/attributes/EIDAuthBlock.java | 8 + .../MandateFullMandateAttributeBuilder.java | 10 +- .../attributes/SimpleStringAttributeGenerator.java | 68 +++ .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder | 1 + .../moa/id/config/auth/data/DummyOAConfig.java | 6 + .../moa/id/commons/api/IOAAuthParameters.java | 12 +- .../config/ConfigurationMigrationUtils.java | 25 +- .../config/MOAIDConfigurationConstants.java | 2 + .../dao/config/deprecated/OnlineApplication.java | 26 +- .../eidas/utils/SimpleEidasAttributeGenerator.java | 68 --- .../modules/eidas/utils/eIDASAttributeBuilder.java | 3 +- .../attributes/OAuth20AttributeBuilder.java | 10 +- .../auth/modules/sl20_auth/dummydata/DummyOA.java | 6 + .../data/SSOTransferAuthenticationData.java | 13 + .../data/SSOTransferOnlineApplication.java | 6 + .../protocols/saml1/SAML1AuthenticationServer.java | 38 +- 26 files changed, 444 insertions(+), 725 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java delete mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java (limited to 'id') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java index 381bf5cc7..b2671302c 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java @@ -59,6 +59,8 @@ public class OATargetConfiguration implements IOnlineApplicationData { private static List identificationTypeList = null; private String foreignbPKTargets = null; + private String additionalbPKTargets = null; + private boolean eidDemoActive = false; public OATargetConfiguration() { targetList = TargetValidator.getListOfTargets(); @@ -165,7 +167,26 @@ public class OATargetConfiguration implements IOnlineApplicationData { } } + + //parse additional bPK sector list + if (dbOA.getAdditionalbPKTargetList() != null) { + if (KeyValueUtils.isCSVValueString(dbOA.getAdditionalbPKTargetList())) + additionalbPKTargets = KeyValueUtils.normalizeCSVValueString(dbOA.getAdditionalbPKTargetList()); + else { + if (dbOA.getAdditionalbPKTargetList().contains(KeyValueUtils.CSV_DELIMITER)) { + //remove trailing comma if exist + additionalbPKTargets = dbOA.getAdditionalbPKTargetList().substring(0, + dbOA.getAdditionalbPKTargetList().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else + additionalbPKTargets = dbOA.getAdditionalbPKTargetList(); + + } + } + + //parse 'Austrian eID mode' flag + eidDemoActive = dbOA.getIseIDDemoModeActive(); return null; @@ -277,7 +298,9 @@ public class OATargetConfiguration implements IOnlineApplicationData { } } - dbOA.setForeignbPKTargetList(getForeignbPKTargets()); + dbOA.setForeignbPKTargetList(getForeignbPKTargets()); + dbOA.setAdditionalbPKTargetList(getAdditionalbPKTargets()); + dbOA.setIseIDDemoModeActive(isEidDemoActive()); return null; } @@ -441,6 +464,32 @@ public class OATargetConfiguration implements IOnlineApplicationData { else this.foreignbPKTargets = foreignbPKTargets; } + + + public String getAdditionalbPKTargets() { + return additionalbPKTargets; + } + + + public void setAdditionalbPKTargets(String additionalbPKTargets) { + if (MiscUtil.isNotEmpty(additionalbPKTargets)) + this.additionalbPKTargets = + KeyValueUtils.removeAllNewlineFromString(additionalbPKTargets); + else + this.additionalbPKTargets = additionalbPKTargets; + + } + + + public boolean isEidDemoActive() { + return eidDemoActive; + } + + + public void setEidDemoActive(boolean eidDemoActive) { + this.eidDemoActive = eidDemoActive; + } + diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties index 2a57620bb..fbd6fedcd 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties @@ -242,8 +242,7 @@ webpages.oaconfig.general.mandate.elgaservice.selected=ELGA Vollmachten Service webpages.oaconfig.general.friendlyname=Name der Online-Applikation webpages.oaconfig.general.isbusinessservice=Privatwirtschaftliche Applikation webpages.oaconfig.general.isstorkservice=Stork Applikation -webpages.oaconfig.general.public.header=Öffentlicher Bereich -webpages.oaconfig.general.foreignbpk.header=Fremd-bPK Konfiguration +webpages.oaconfig.general.public.header=Öffentlicher Bereich webpages.oaconfig.general.stork.header=STORK Bereich webpages.oaconfig.general.stork.countrycode=Landesvorwahl webpages.oaconfig.general.target.friendlyname=Bezeichnung des Bereichs (Frei w\u00E4hlbar) @@ -263,8 +262,11 @@ webpages.oaconfig.general.aditional.iframe=B\u00FCrgerkartenauswahl im IFrame webpages.oaconfig.general.aditional.useUTC=UTC Zeit verwenden webpages.oaconfig.general.aditional.calculateHPI="TODO!" webpages.oaconfig.general.isHideBPKAuthBlock=bPK/wbPK im AuthBlock ausblenden -webpages.oaconfig.general.foreign.sectors=Sektoren f\u00FCr Fremd-bPKs (CSV) +webpages.oaconfig.general.neweid.header=Demo-Modus zur Simulation der Austrian eID +webpages.oaconfig.general.neweid.activate=Demo-Modus aktivieren +webpages.oaconfig.general.foreign.sectors=Sektoren f\u00FCr Fremd-bPKs (CSV) +webpages.oaconfig.general.additionalbpks.sectors=Sektoren f\u00FCr weitere bPKs (CSV) webpages.oaconfig.general.szrgw.header=Zentraler nationaler eIDAS Connector webpages.oaconfig.general.szrgw.selected=URL zum zentralen eIDAS Connector diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties index 6b6fe9193..f49bbfdc8 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties @@ -249,7 +249,6 @@ webpages.oaconfig.general.friendlyname=Name of the Online-Application webpages.oaconfig.general.isbusinessservice=Private sector application webpages.oaconfig.general.isstorkservice=Stork application webpages.oaconfig.general.public.header=Public sector -webpages.oaconfig.general.foreignbpk.header=Foreign sectors configuration webpages.oaconfig.general.stork.header=STORK sector webpages.oaconfig.general.stork.countrycode=Country code webpages.oaconfig.general.target.friendlyname=Name of the sector (arbitrary defined) @@ -269,7 +268,11 @@ webpages.oaconfig.general.aditional.iframe=Selection of citizen card in IFrame webpages.oaconfig.general.aditional.useUTC=Use UTC time webpages.oaconfig.general.aditional.calculateHPI="TODO!" webpages.oaconfig.general.isHideBPKAuthBlock=Hide bPK/wbPK from AuthBlock + +webpages.oaconfig.general.neweid.header=Demo-mode to simulate new Austrian eID +webpages.oaconfig.general.neweid.activate=Activate demo-mode webpages.oaconfig.general.foreign.sectors=Sectors for foreign pseudonyms (CSV) +webpages.oaconfig.general.additionalbpks.sectors=Sectors for additional pseudonyms (CSV) webpages.oaconfig.general.szrgw.header=Central national eIDAS Connector webpages.oaconfig.general.szrgw.selected=URL to central eIDAS Connector diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java index 27b45fa78..950d97908 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java @@ -215,6 +215,13 @@ public class ServicesTargetTask extends AbstractTaskValidator implements ITaskVa } + //validate foreign bPK targets + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS); + if (MiscUtil.isNotEmpty(check)) { + log.debug("Find additional bPK targets, but no validation is required"); + + } + if (!errors.isEmpty()) throw new ConfigurationTaskValidationException(errors); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 3e6308bf6..c58f19333 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -75,6 +75,7 @@ import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; @@ -212,6 +213,18 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder try { //generate basic authentication data generateBasicAuthData(authData, protocolRequest, session); + + //set Austrian eID demo-mode flag + authData.setIseIDNewDemoMode(Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, + String.valueOf(false)))); + + if (authData.isIseIDNewDemoMode()) { + Logger.info("Demo-mode for 'New Austrian eID' is active. Set 'BaseIDTransferRestrication' to true"); + authData.setBaseIDTransferRestrication(true); + + } // #### generate MOA-ID specific authentication data ###### @@ -521,6 +534,26 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder //build foreign bPKs generateForeignbPK(authData, oaParam.foreignbPKSectorsRequested()); + + if (Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, + String.valueOf(false)))) { + Logger.info("Demo-Mode for Austrian eID is active. Post-Processing authData according the new requirements ... "); + + //build additional bPKs + Logger.debug("Search for additional bPKs"); + generateAdditonalbPK(authData, oaParam.additionalbPKSectorsRequested()); + + Logger.debug("Clearing identitylink ... "); + authData.setIdentityLink(null); + + Logger.debug("Clearing authBlock ... "); + authData.setAuthBlock(null); + + Logger.info("Post-Processing for Austrian eID finished"); + } + //#################################################################### //copy all generic authentication information, which are not processed before to authData Iterator copyInterator = includedToGenericAuthData.iterator(); @@ -827,4 +860,20 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } + private void generateAdditonalbPK(MOAAuthenticationData authData, List additionalbPKSectorsRequested) throws EAAFBuilderException { + if (additionalbPKSectorsRequested != null && !additionalbPKSectorsRequested.isEmpty()) { + Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); + for (String sector : additionalbPKSectorsRequested) { + Logger.trace("Process sector: " + sector + " ... "); + Pair bpk = new BPKBuilder().generateAreaSpecificPersonIdentifier( + authData.getIdentificationValue(), + authData.getIdentificationType(), + sector); + + Logger.trace("Calculate additional bPK for sector: " + bpk.getSecond() + " with value: " + bpk.getFirst() ); + authData.addAdditionalbPKPair(bpk); + + } + } + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java index a2dfeba2f..ab2a07f7c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java @@ -263,6 +263,19 @@ public String getKeyBoxIdentifier() { returnValue.setProvideAllErrors( Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_RETURNERROR))); + if (Boolean.parseBoolean( + spConfiguration.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, + String.valueOf(false)))) { + Logger.info("Demo-mode for 'New Austrian eID' is active. Restrict SAML1 response ... "); + returnValue.setProvideBaseId(false); + returnValue.setProvideAuthBlock(false); + returnValue.setProvideIdl(false); + returnValue.setProvideMandate(false); + + } + + return returnValue; } @@ -920,6 +933,16 @@ public List foreignbPKSectorsRequested() { } +@Override +public List additionalbPKSectorsRequested() { + String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS); + if (MiscUtil.isNotEmpty(value)) + return KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(value)); + + else + return null; + +} @Override @@ -1002,4 +1025,5 @@ public boolean isConfigurationValue(String key, boolean defaultValue) { } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java index 390b77dab..1b2d203c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java @@ -540,6 +540,12 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{ return null; } + @Override + public List additionalbPKSectorsRequested() { + // TODO Auto-generated method stub + return null; + } + @Override public boolean containsConfigurationKey(String arg0) { // TODO Auto-generated method stub @@ -593,6 +599,5 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{ public String getLoAMatchingMode() { return EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM; } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java index ff4b96aab..415f4db18 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java @@ -35,4 +35,10 @@ public interface IMOAAuthData extends IAuthData{ String getPvpAttribute_OU(); List getAuthenticationRoles(); + /** + * Indicate Austrian eID demo-mode + * + * @return true if it is in demo-mode, otherwise false + */ + public boolean isIseIDNewDemoMode(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java index ca0ae0687..c1545f354 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java @@ -69,6 +69,8 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut private LoALevelMapper loaMapper; + private boolean iseIDNewDemoMode = false; + public MOAAuthenticationData(ILoALevelMapper loaMapper) { if (loaMapper instanceof LoALevelMapper) this.loaMapper = (LoALevelMapper) loaMapper; @@ -321,648 +323,18 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut public void setQualifiedCertificate(boolean qualifiedCertificate) { this.qualifiedCertificate = qualifiedCertificate; } - - -// private static final long serialVersionUID = -1042697056735596866L; -// public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; -// -// /** -// * URL of the MOA-ID Auth component issueing this assertion -// */ -// private String issuer; -// /** -// * time instant of issue of this assertion -// */ -// private Date issueInstant; -// /** -// * user identification value (Stammzahl); null, -// * if the authentication module is configured not to return this data -// */ -// private String identificationValue; -// /** -// * user identification type -// */ -// private String identificationType; -// -// /** -// * user identityLink specialized to OAParamter -// */ -// private IIdentityLink identityLink; -// -// /** -// * application specific user identifier (bPK/wbPK) -// */ -// private String bPK; -// -// /** -// * application specific user identifier type -// */ -// private String bPKType; -// -// /** -// * given name of the user -// */ -// private String givenName; -// /** -// * family name of the user -// */ -// private String familyName; -// /** -// * date of birth of the user -// */ -// private Date dateOfBirth; -// /** -// * says whether the certificate is a qualified certificate or not -// */ -// -// /** -// * says whether the certificate is a public authority or not -// */ -// /** -// * public authority code (Behördenkennzeichen - BKZ) -// */ -// -// -// /** -// * URL of the BKU -// */ -// -// /** -// * the corresponding lt;saml:Assertion> -// */ -// -// private boolean isBaseIDTransferRestrication = true; -// -// -// /** -// * STORK attributes from response -// */ -// private String ccc = null; -// -// private Map genericDataStorate = new HashedMap(); -// -// -// -// private String authBlock = null; -// private List encbPKList = null; -// -// //ISA 1.18 attributes -// private List roles = null; -// private String pvpAttribute_OU = null; -// -// private boolean useMandate = false; -// private IMISMandate mandate = null; -// private String mandateReferenceValue = null; -// -// private boolean foreigner =false; -// private String QAALevel = null; -// -// private boolean ssoSession = false; -// private Date ssoSessionValidTo = null; -// -//// private boolean interfederatedSSOSession = false; -//// private String interfederatedIDP = null; -// -// private String sessionIndex = null; -// private String nameID = null; -// private String nameIDFormat = null; -// -// public AuthenticationData() { -// issueInstant = new Date(); -// } -// -// /** -// * Returns the publicAuthority. -// * @return boolean -// */ -// public boolean isPublicAuthority() { -// return publicAuthority; -// } -// -// /** -// * Returns the publicAuthorityCode. -// * @return String -// */ -// public String getPublicAuthorityCode() { -// return publicAuthorityCode; -// } -// -// /** -// * Returns the qualifiedCertificate. -// * @return boolean -// */ -// public boolean isQualifiedCertificate() { -// return qualifiedCertificate; -// } -// -// /** -// * Returns the bPK. -// * @return String -// */ -// public String getBPK() { -// return bPK; -// } -// -// /** -// * Sets the publicAuthority. -// * @param publicAuthority The publicAuthority to set -// */ -// public void setPublicAuthority(boolean publicAuthority) { -// this.publicAuthority = publicAuthority; -// } -// -// /** -// * Sets the publicAuthorityCode. -// * @param publicAuthorityIdentification The publicAuthorityCode to set -// */ -// public void setPublicAuthorityCode(String publicAuthorityIdentification) { -// this.publicAuthorityCode = publicAuthorityIdentification; -// } -// -// /** -// * Sets the qualifiedCertificate. -// * @param qualifiedCertificate The qualifiedCertificate to set -// */ -// public void setQualifiedCertificate(boolean qualifiedCertificate) { -// this.qualifiedCertificate = qualifiedCertificate; -// } -// -// /** -// * Sets the bPK. -// * @param bPK The bPK to set -// */ -// public void setBPK(String bPK) { -// this.bPK = bPK; -// } -// -// /** -// * Returns the dateOfBirth. -// * @return String -// */ -// public Date getDateOfBirth() { -// return dateOfBirth; -// } -// -// public String getFormatedDateOfBirth() { -// DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); -// if (getDateOfBirth() != null) -// return pvpDateFormat.format(getDateOfBirth()); -// else -// return "2999-12-31"; -// } -// -// /** -// * Returns the familyName. -// * @return String -// */ -// public String getFamilyName() { -// return familyName; -// } -// -// /** -// * Returns the givenName. -// * @return String -// */ -// public String getGivenName() { -// return givenName; -// } -// -// /** -// * Holds the baseID of a citizen -// * -// * @return baseID -// */ -// public String getIdentificationValue() { -// return identificationValue; -// } -// -// /** -// * Holds the type of the baseID -// * -// * @return baseID-Type -// */ -// public String getIdentificationType() { -// return identificationType; -// } -// -// /** -// * Returns the issueInstant. -// * @return String -// */ -// public String getIssueInstantString() { -// return DateTimeUtils.buildDateTimeUTC(issueInstant); -// -// } -// -// /** -// * Returns the issueInstant. -// * @return String -// */ -// public Date getIssueInstant() { -// return issueInstant; -// -// } -// -// public void setIssueInstant(Date date) { -// this.issueInstant = date; -// } -// -// /** -// * Returns the issuer. -// * @return String -// */ -// public String getIssuer() { -// return issuer; -// } -// -// /** -// * Returns the BKU URL. -// * @return String -// */ -// public String getBkuURL() { -// return bkuURL; -// } -// -// /** -// * Sets the dateOfBirth. -// * @param dateOfBirth The dateOfBirth to set -// */ -// public void setDateOfBirth(Date dateOfBirth) { -// this.dateOfBirth = dateOfBirth; -// } -// -// public void setDateOfBirth(String dateOfBirth) { -// try { -// if (MiscUtil.isNotEmpty(dateOfBirth)) { -// DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); -// this.dateOfBirth = identityLinkFormat.parse(dateOfBirth); -// } -// -// } catch (ParseException e) { -// Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e); -// -// } -// } -// -// /** -// * Sets the familyName. -// * @param familyName The familyName to set -// */ -// public void setFamilyName(String familyName) { -// this.familyName = familyName; -// } -// -// /** -// * Sets the givenName. -// * @param givenName The givenName to set -// */ -// public void setGivenName(String givenName) { -// this.givenName = givenName; -// } -// -// /** -// * Sets the identificationValue. -// * @param identificationValue The identificationValue to set -// */ -// public void setIdentificationValue(String identificationValue) { -// this.identificationValue = identificationValue; -// } -// -// /** -// * Sets the identificationType. -// * @param identificationType The identificationType to set -// */ -// public void setIdentificationType(String identificationType) { -// this.identificationType = identificationType; -// } -// -// /** -// * Sets the issuer. -// * @param issuer The issuer to set -// */ -// public void setIssuer(String issuer) { -// this.issuer = issuer; -// } -// -// /** -// * Sets the bkuURL -// * @param url The BKU URL to set -// */ -// public void setBkuURL(String url) { -// this.bkuURL = url; -// } -// -// public String getBPKType() { -// return bPKType; -// } -// -// public void setBPKType(String bPKType) { -// this.bPKType = bPKType; -// } -// - -// -// - -// -// -// public String getEIDASQAALevel() { -// if (this.QAALevel != null && -// this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) { -// String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel); -// if (MiscUtil.isNotEmpty(mappedQAA)) -// return mappedQAA; -// -// else { -// Logger.error("STORK QAA-level:" + this.QAALevel -// + " can not be mapped to eIDAS QAA-level! Use " -// + PVPConstants.EIDAS_QAA_LOW + " as default value."); -// return PVPConstants.EIDAS_QAA_LOW; -// -// } -// -// -// } else -// return this.QAALevel; -// -// } -// -// -// /** -// * @return -// */ -// public boolean isForeigner() { -// return this.foreigner; -// } -// -// -// /** -// * @param foreigner the foreigner to set -// */ -// public void setForeigner(boolean foreigner) { -// this.foreigner = foreigner; -// } -// -// - -// -// /** -// * @return the ssoSession -// */ -// public boolean isSsoSession() { -// return ssoSession; -// } -// -// -// /** -// * @param ssoSession the ssoSession to set -// */ -// public void setSsoSession(boolean ssoSession) { -// this.ssoSession = ssoSession; -// } -// -// /** -// * @return the mandateReferenceValue -// */ -// public String getMandateReferenceValue() { -// return mandateReferenceValue; -// } -// -// /** -// * @param mandateReferenceValue the mandateReferenceValue to set -// */ -// public void setMandateReferenceValue(String mandateReferenceValue) { -// this.mandateReferenceValue = mandateReferenceValue; -// } -// -// /** -// * CountryCode of the citizen which is identified and authenticated -// * -// * @return the CountryCode 
like. AT, SI, ...
-// */ -// public String getCcc() { -// return ccc; -// } -// -// /** -// * @param ccc the ccc to set -// */ -// public void setCcc(String ccc) { -// this.ccc = ccc; -// } -// -// /** -// * @return the sessionIndex -// */ -// public String getSessionIndex() { -// return sessionIndex; -// } -// -// /** -// * @param sessionIndex the sessionIndex to set -// */ -// public void setSessionIndex(String sessionIndex) { -// this.sessionIndex = sessionIndex; -// } -// -// /* (non-Javadoc) -// * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID() -// */ -// @Override -// public String getNameID() { -// return this.nameID; -// } -// -// /** -// * @param nameID the nameID to set -// */ -// public void setNameID(String nameID) { -// this.nameID = nameID; -// } -// -// /** -// * @return the nameIDFormat -// */ -// public String getNameIDFormat() { -// return nameIDFormat; -// } -// -// /** -// * @param nameIDFormat the nameIDFormat to set -// */ -// public void setNameIDFormat(String nameIDFormat) { -// this.nameIDFormat = nameIDFormat; -// } -// -//// /** -//// * @return the interfederatedSSOSession -//// */ -//// public boolean isInterfederatedSSOSession() { -//// return interfederatedSSOSession; -//// } -//// -//// /** -//// * @param interfederatedSSOSession the interfederatedSSOSession to set -//// */ -//// public void setInterfederatedSSOSession(boolean interfederatedSSOSession) { -//// this.interfederatedSSOSession = interfederatedSSOSession; -//// } -//// -//// /** -//// * @return the interfederatedIDP -//// */ -//// public String getInterfederatedIDP() { -//// return interfederatedIDP; -//// } -//// -//// /** -//// * @param interfederatedIDP the interfederatedIDP to set -//// */ -//// public void setInterfederatedIDP(String interfederatedIDP) { -//// this.interfederatedIDP = interfederatedIDP; -//// } -// -// /** -// * @return the ssoSessionValidTo -// */ -// public Date getSsoSessionValidTo() { -// return ssoSessionValidTo; -// } -// -// /** -// * @param ssoSessionValidTo the ssoSessionValidTo to set -// */ -// public void setSsoSessionValidTo(Date ssoSessionValidTo) { -// this.ssoSessionValidTo = ssoSessionValidTo; -// } -// -// /** -// * @return the encbPKList -// */ -// public List getEncbPKList() { -// return encbPKList; -// } -// -// /** -// * @param encbPKList the encbPKList to set -// */ -// public void setEncbPKList(List encbPKList) { -// this.encbPKList = encbPKList; -// } -// -// /** -// * @return the roles -// */ -// public List getAuthenticationRoles() { -//// if (this.roles == null) { -//// this.roles = new ArrayList(); -//// this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole")); -//// this.roles.add(new AuthenticationRole("yypvprole", "yypvprole")); -//// } -// -// return roles; -// } -// -// //ISA 1.18 attributes -// /** -// * @param roles the roles to set -// */ -// public void addAuthenticationRole(AuthenticationRole role) { -// if (this.roles == null) -// this.roles = new ArrayList(); -// -// this.roles.add(role); -// } -// -// /** -// * @return the pvpAttribute_OU -// */ -// public String getPvpAttribute_OU() { -// return pvpAttribute_OU; -// } -// -// /** -// * @param pvpAttribute_OU the pvpAttribute_OU to set -// */ -// public void setPvpAttribute_OU(String pvpAttribute_OU) { -// this.pvpAttribute_OU = pvpAttribute_OU; -// } -// -// /* (non-Javadoc) -// * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService() -// */ -// @Override -// public boolean isBaseIDTransferRestrication() { -// return isBaseIDTransferRestrication; -// } -// -// /** -// * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set -// */ -// public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) { -// this.isBaseIDTransferRestrication = isBaseIDTransferRestrication; -// } -// -// /** -// * Returns a generic data-object with is stored with a specific identifier -// * -// * @param key The specific identifier of the data object -// * @param clazz The class type which is stored with this key -// * @return The data object or null if no data is found with this key -// */ -// public T getGenericData(String key, final Class clazz) { -// if (MiscUtil.isNotEmpty(key)) { -// Object data = genericDataStorate.get(key); -// -// if (data == null) -// return null; -// -// try { -// @SuppressWarnings("unchecked") -// T test = (T) data; -// return test; -// -// } catch (Exception e) { -// Logger.warn("Generic authentication-data object can not be casted to requsted type", e); -// return null; -// -// } -// -// } -// -// Logger.warn("Can not load generic session-data with key='null'"); -// return null; -// -// } -// -// /** -// * Store a generic data-object to session with a specific identifier -// * -// * @param key Identifier for this data-object -// * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface -// * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage -// */ -// public void setGenericData(String key, Object object) throws SessionDataStorageException { -// if (MiscUtil.isEmpty(key)) { -// Logger.warn("Generic session-data can not be stored with a 'null' key"); -// throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null); -// -// } -// -// if (object != null) { -// if (!Serializable.class.isInstance(object)) { -// Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface"); -// throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null); -// -// } -// } -// -// if (genericDataStorate.containsKey(key)) -// Logger.debug("Overwrite generic data with key:" + key); -// else -// Logger.trace("Add generic data with key:" + key + " to session."); -// -// genericDataStorate.put(key, object); -// } + + + public boolean isIseIDNewDemoMode() { + return iseIDNewDemoMode; + } + + /** + * Set eID demo-mode into AuthData + * @param iseIDNewDemoMode true if it is in demo-mode, otherwise false + */ + public void setIseIDNewDemoMode(boolean iseIDNewDemoMode) { + this.iseIDNewDemoMode = iseIDNewDemoMode; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java new file mode 100644 index 000000000..ec8c7629f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java @@ -0,0 +1,52 @@ + +package at.gv.egovernment.moa.id.protocols.builder.attributes; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; + +@PVPMETADATA +public class BPKListAttributeBuilder extends BPKAttributeBuilder implements IPVPAttributeBuilder { + + private static final Logger log = LoggerFactory.getLogger(BPKListAttributeBuilder.class); + + protected static final String DELIMITER_BPK_LIST = ";"; + + public String getName() { + return BPK_LIST_NAME; + } + + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + String result = getBpkForSP(authData); + + //add additional bPKs if someone are available + if (authData.getAdditionalbPKs() != null && !authData.getAdditionalbPKs().isEmpty()) { + log.info("Adding additional bPKs into bPK attribute"); + for (Pair el : authData.getAdditionalbPKs()) { + result += DELIMITER_BPK_LIST + + removeBpkTypePrefix(el.getSecond()) + + DELIMITER_BPKTYPE_BPK + + attrMaxSize(el.getFirst()); + + } + log.trace("Authenticate user with bPK-List: " + result); + } + + log.trace("Authenticate user with bPK/wbPK: " + result); + return g.buildStringAttribute(BPK_LIST_FRIENDLY_NAME, BPK_LIST_NAME, result); + } + + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(BPK_LIST_FRIENDLY_NAME, BPK_LIST_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java index 139bb15cc..a1a5825b3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java @@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@Deprecated @PVPMETADATA public class EIDAuthBlock implements IPVPAttributeBuilder { @@ -49,6 +50,13 @@ public class EIDAuthBlock implements IPVPAttributeBuilder { try { if (authData instanceof IMOAAuthData) { + + if (((IMOAAuthData)authData).isIseIDNewDemoMode()) { + Logger.info(EID_AUTH_BLOCK_FRIENDLY_NAME + " is NOT available in Austrian eID demo-mode"); + throw new UnavailableAttributeException(EID_AUTH_BLOCK_NAME); + + } + String authblock = ((IMOAAuthData)authData).getAuthBlock(); if (MiscUtil.isNotEmpty(authblock)) { return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java index a40c0fefb..fb101467a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java @@ -48,8 +48,16 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) throws AttributeBuilderException { - if (authData instanceof IMOAAuthData) { + if (authData instanceof IMOAAuthData) { if (((IMOAAuthData)authData).isUseMandate()) { + + if (((IMOAAuthData)authData).isIseIDNewDemoMode()) { + Logger.info(MANDATE_FULL_MANDATE_FRIENDLY_NAME + " is NOT available in Austrian eID demo-mode"); + return null; + + } + + //only provide full mandate if it is included. //In case of federation only a short mandate could be include if (((IMOAAuthData)authData).getMandate() != null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java new file mode 100644 index 000000000..5daa71b1f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java @@ -0,0 +1,68 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.builder.attributes; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; + +/** + * @author tlenz + * + */ +public class SimpleStringAttributeGenerator implements IAttributeGenerator { + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildStringAttribute(java.lang.String, java.lang.String, java.lang.String) + */ + @Override + public String buildStringAttribute(String friendlyName, String name, String value) { + return value; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildIntegerAttribute(java.lang.String, java.lang.String, int) + */ + @Override + public String buildIntegerAttribute(String friendlyName, String name, int value) { + return String.valueOf(value); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildLongAttribute(java.lang.String, java.lang.String, long) + */ + @Override + public String buildLongAttribute(String friendlyName, String name, long value) { + return String.valueOf(value); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildEmptyAttribute(java.lang.String, java.lang.String) + */ + @Override + public String buildEmptyAttribute(String friendlyName, String name) { + return null; + } + +} diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index 14d4d9fb6..b4e62a344 100644 --- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder +++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -20,3 +20,4 @@ at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttri at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeOIDAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.HolderOfKey +at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java index 61e765f55..bcbabae5b 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java @@ -346,5 +346,11 @@ public class DummyOAConfig implements IOAAuthParameters { public void setHasBaseIdTransferRestriction(boolean hasBaseIdTransferRestriction) { this.hasBaseIdTransferRestriction = hasBaseIdTransferRestriction; } + + @Override + public List additionalbPKSectorsRequested() { + // TODO Auto-generated method stub + return null; + } } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java index 5df4a4163..00b39daec 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java @@ -22,7 +22,6 @@ */ package at.gv.egovernment.moa.id.commons.api; -import java.io.Serializable; import java.security.PrivateKey; import java.util.Collection; import java.util.List; @@ -235,4 +234,15 @@ public interface IOAAuthParameters extends ISPConfiguration{ */ public List foreignbPKSectorsRequested(); + + /** + * Get a List of sectors for that this service provider requires additional unencrypted bPKs + * + * @return list of sectors, or null if no sectors are defined + */ + public List additionalbPKSectorsRequested(); + + + + } \ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java index 4555f61d2..4adff7f19 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java @@ -176,12 +176,25 @@ public class ConfigurationMigrationUtils { } } + //Austrian eID demo-mode + if (oa.getIseIDDemoModeActive() != null) + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, oa.getIseIDDemoModeActive().toString()); + else + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, Boolean.FALSE.toString()); + if (MiscUtil.isNotEmpty(oa.getForeignbPKTargetList())) result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, oa.getForeignbPKTargetList()); else result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, StringUtils.EMPTY); - + if (MiscUtil.isNotEmpty(oa.getAdditionalbPKTargetList())) + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS, oa.getAdditionalbPKTargetList()); + else + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS, StringUtils.EMPTY); + + + + //convert selected SZR-GW service if (MiscUtil.isNotEmpty(oa.getSelectedSZRGWServiceURL())) result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL, oa.getSelectedSZRGWServiceURL()); @@ -857,9 +870,19 @@ public class ConfigurationMigrationUtils { } } + //Austrian eID demo-mode + if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE))) + dbOA.setIseIDDemoModeActive(Boolean.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE))); + else + dbOA.setIseIDDemoModeActive(false); + if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN))) dbOA.setForeignbPKTargetList(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN)); + if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS))) + dbOA.setAdditionalbPKTargetList(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS)); + + //store BKU-URLs BKUURLS bkuruls = new BKUURLS(); authoa.setBKUURLS(bkuruls); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java index a6315fe2c..1be97c49d 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java @@ -64,6 +64,8 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { public static final String SERVICE_AUTH_TARGET_BUSINESS_TYPE = SERVICE_AUTH_TARGET_BUSINESS + ".type"; public static final String SERVICE_AUTH_TARGET_BUSINESS_VALUE = SERVICE_AUTH_TARGET_BUSINESS + ".value"; public static final String SERVICE_AUTH_TARGET_FOREIGN = SERVICE_AUTH_TARGET + ".foreign"; + public static final String SERVICE_AUTH_TARGET_ADDITIONAL_BPKS = SERVICE_AUTH_TARGET + ".additionalbPKs"; + public static final String SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE = AUTH + ".austrianeIDdemomode"; public static final String SERVICE_AUTH_TARGET_PUBLIC_TARGET = SERVICE_AUTH_TARGET_PUBLIC + ".target"; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java index e37873a72..510fd0581 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java @@ -115,10 +115,15 @@ public class OnlineApplication @XmlTransient protected String mandateServiceSelectionTemplateURL = null; - @XmlTransient + @XmlTransient protected String foreignbPKTargetList = null; + @XmlTransient + protected String additionalbPKTargetList = null; + @XmlTransient + protected Boolean iseIDDemoModeActive = false; + public String getForeignbPKTargetList() { return foreignbPKTargetList; @@ -128,6 +133,25 @@ public class OnlineApplication this.foreignbPKTargetList = foreignbPKTargetList; } + + + + public String getAdditionalbPKTargetList() { + return additionalbPKTargetList; + } + + public void setAdditionalbPKTargetList(String additionalbPKTargetList) { + this.additionalbPKTargetList = additionalbPKTargetList; + } + + public Boolean getIseIDDemoModeActive() { + return iseIDDemoModeActive; + } + + public void setIseIDDemoModeActive(Boolean iseIDDemoModeActive) { + this.iseIDDemoModeActive = iseIDDemoModeActive; + } + /** * @return the saml2PostBindingTemplateURL */ diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java deleted file mode 100644 index e3b58d259..000000000 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth.modules.eidas.utils; - -import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; - -/** - * @author tlenz - * - */ -public class SimpleEidasAttributeGenerator implements IAttributeGenerator { - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildStringAttribute(java.lang.String, java.lang.String, java.lang.String) - */ - @Override - public String buildStringAttribute(String friendlyName, String name, String value) { - return value; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildIntegerAttribute(java.lang.String, java.lang.String, int) - */ - @Override - public String buildIntegerAttribute(String friendlyName, String name, int value) { - return String.valueOf(value); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildLongAttribute(java.lang.String, java.lang.String, long) - */ - @Override - public String buildLongAttribute(String friendlyName, String name, long value) { - return String.valueOf(value); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildEmptyAttribute(java.lang.String, java.lang.String) - */ - @Override - public String buildEmptyAttribute(String friendlyName, String name) { - return null; - } - -} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java index bf0e09c62..d2323d161 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java @@ -38,6 +38,7 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.data.IMOAAuthData; +import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; import at.gv.egovernment.moa.logging.Logger; @@ -53,7 +54,7 @@ import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException; * */ public class eIDASAttributeBuilder extends PVPAttributeBuilder { - private static IAttributeGenerator generator = new SimpleEidasAttributeGenerator(); + private static IAttributeGenerator generator = new SimpleStringAttributeGenerator(); private static List listOfSupportedeIDASAttributes; private static ServiceLoader eIDASAttributLoader = diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java index 19fdb3fee..8e9d1e4f5 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java @@ -44,11 +44,13 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType; import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; +import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate; +import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder; @@ -95,8 +97,9 @@ public final class OAuth20AttributeBuilder { private static final List buildersProfile = new ArrayList(); private static final List buildersEID = new ArrayList(); private static final List buildersEIDGov = new ArrayList(); - private static final List buildersMandate = new ArrayList(); - private static final List buildersSTORK = new ArrayList(); + private static final List buildersMandate = new ArrayList(); + @Deprecated private static final List buildersSTORK = new ArrayList(); + static { // openId buildersOpenId.add(new OpenIdIssuerAttribute()); @@ -120,11 +123,14 @@ public final class OAuth20AttributeBuilder { buildersEID.add(new EIDAuthBlock()); buildersEID.add(new EIDSignerCertificate()); buildersEID.add(new BPKAttributeBuilder()); + buildersEID.add(new BPKListAttributeBuilder()); + buildersEID.add(new EncryptedBPKAttributeBuilder()); // eID_gov buildersEIDGov.add(new EIDSourcePIN()); buildersEIDGov.add(new EIDSourcePINType()); buildersEIDGov.add(new EIDIdentityLinkBuilder()); + buildersEIDGov.add(new BPKListAttributeBuilder()); // mandate buildersMandate.add(new MandateTypeAttributeBuilder()); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java index 69e3e7995..0d6086118 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java @@ -323,4 +323,10 @@ public class DummyOA implements IOAAuthParameters { return false; } + @Override + public List additionalbPKSectorsRequested() { + // TODO Auto-generated method stub + return null; + } + } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java index 044366eb6..02577c110 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -29,6 +29,7 @@ import java.util.List; import org.w3c.dom.Element; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; @@ -374,5 +375,17 @@ public class SSOTransferAuthenticationData implements IMOAAuthData { return false; } + @Override + public List> getAdditionalbPKs() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isIseIDNewDemoMode() { + // TODO Auto-generated method stub + return false; + } + } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java index c9bccb708..9e7a4fe8c 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java @@ -482,4 +482,10 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters { return null; } + @Override + public List additionalbPKSectorsRequested() { + // TODO Auto-generated method stub + return null; + } + } diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index c8f01f67d..23d214d3e 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -71,7 +71,11 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.data.MOAAuthenticationData; +import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -338,7 +342,39 @@ public class SAML1AuthenticationServer extends AuthenticationServer { ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); } - + + //add additional bPKs and foreign bPKs in case of Austrian eID demo-mode + if (Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, + String.valueOf(false)))) { + Logger.info("Demo-mode for 'New Austrian eID' is active. Add additonal attributes ... "); + + if (oaAttributes == null) + oaAttributes = new ArrayList(); + + String additionalBpks = new BPKListAttributeBuilder().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + Logger.trace("Adding additional bPKs: " + additionalBpks + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.BPK_LIST_FRIENDLY_NAME, additionalBpks, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + String encryptedBpks = new EncryptedBPKAttributeBuilder().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + Logger.trace("Adding foreign bPKs: " + encryptedBpks + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME, encryptedBpks, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + String samlAssertion = null; //add mandate info's if (authData.isUseMandate()) { -- cgit v1.2.3