/******************************************************************************* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. ******************************************************************************/ /* * Copyright 2003 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egovernment.moa.id.config.auth; import java.io.IOException; import java.io.Serializable; import java.security.PrivateKey; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Set; import org.apache.commons.lang.SerializationUtils; import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IStorkConfig; import at.gv.egovernment.moa.id.commons.api.data.BPKDecryptionParameters; import at.gv.egovernment.moa.id.commons.api.data.CPEPS; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.validation.TargetValidator; import at.gv.egovernment.moa.id.data.EncryptedData; import at.gv.egovernment.moa.id.util.ConfigurationEncrytionUtil; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; /** * Configuration parameters belonging to an online application, * to use with the MOA ID Auth component. * * @author Thomas Lenz */ public class OAAuthParameterDecorator implements IOAAuthParameters, Serializable{ private static final long serialVersionUID = -6522544229837934376L; final public static String DEFAULT_KEYBOXIDENTIFIER = "SecureSignatureKeypair"; private ISPConfiguration spConfiguration; public OAAuthParameterDecorator(ISPConfiguration spConfiguration) { this.spConfiguration = spConfiguration; } @Override public boolean hasBaseIdInternalProcessingRestriction() { String targetAreaIdentifier = getAreaSpecificTargetIdentifier(); for (String el : spConfiguration.getTargetsWithNoBaseIdInternalProcessingRestriction()) { if (targetAreaIdentifier.startsWith(el)) return false; } return true; } @Override public boolean hasBaseIdTransferRestriction() { String targetAreaIdentifier = getAreaSpecificTargetIdentifier(); for (String el : spConfiguration.getTargetsWithNoBaseIdTransferRestriction()) { if (targetAreaIdentifier.startsWith(el)) return false; } return true; } @Override public String getAreaSpecificTargetIdentifier() { if (getBusinessService()) return getIdentityLinkDomainIdentifier(); else return MOAIDAuthConstants.PREFIX_CDID + getTarget(); } @Override public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException{ if (getBusinessService()) return getIdentityLinkDomainIdentifierType(); else return getTargetFriendlyName(); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifier() */ //@Override private String getIdentityLinkDomainIdentifier() { String type = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE); String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE); if (MiscUtil.isNotEmpty(type) && MiscUtil.isNotEmpty(value)) { if (MOAIDConstants.IDENIFICATIONTYPE_STORK.equals(type)) { return MOAIDConstants.PREFIX_STORK + "AT" + "+" + value; } else if (MOAIDConstants.IDENIFICATIONTYPE_EIDAS.equals(type)) { return MOAIDConstants.PREFIX_EIDAS + value; } else { return MOAIDConstants.PREFIX_WPBK + type + "+" + value; } } return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifierType() */ //@Override private String getIdentityLinkDomainIdentifierType() { String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE); if (MiscUtil.isNotEmpty(value)) return MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(value); else return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTarget() */ //@Override private String getTarget() { if (Boolean.parseBoolean(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_OWN))) return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_TARGET); else { if (Boolean.parseBoolean(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_SUB))) { return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET) + "-" + spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET_SUB); } else { return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET); } } } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTargetFriendlyName() */ //@Override private String getTargetFriendlyName() { if (Boolean.parseBoolean(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_OWN))) return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_NAME); else return TargetValidator.getTargetFriendlyName(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET)); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getKeyBoxIdentifier() */ @Override public String getKeyBoxIdentifier() { String keyBoxId = spConfiguration.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_BKU_KEYBOXIDENTIFIER); if (MiscUtil.isNotEmpty(keyBoxId)) return keyBoxId; else return DEFAULT_KEYBOXIDENTIFIER; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSAML1Parameter() */ @Override public SAML1ConfigurationParameters getSAML1Parameter() { SAML1ConfigurationParameters returnValue = new SAML1ConfigurationParameters(); if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_ENABLED)) returnValue.setActive( Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_ENABLED))); if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_AUTHBLOCK)) returnValue.setProvideAuthBlock( Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_AUTHBLOCK))); if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_IDL)) returnValue.setProvideIdl( Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_IDL))); if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_BASEID)) returnValue.setProvideBaseId( Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_BASEID))); if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_CERTIFICATE)) returnValue.setProvideCertificate( Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_CERTIFICATE))); if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_MANDATE)) returnValue.setProvideMandate( Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_MANDATE))); if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_RETURNERROR)) returnValue.setProvideAllErrors( Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_RETURNERROR))); return returnValue; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTemplateURL() */ @Override public List getTemplateURL() { List list = new ArrayList(); if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE)) list.add(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE)); if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE)) list.add(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE)); if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE)) list.add(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE)); return list; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getAditionalAuthBlockText() */ @Override public String getAditionalAuthBlockText() { return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCKTEXT); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL(java.lang.String) */ @Override public String getBKUURL(String bkutype) { if (bkutype.equals(THIRDBKU)) { return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD); } else if (bkutype.equals(HANDYBKU)) { return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY); } else if (bkutype.equals(LOCALBKU)) { return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL); } else if (bkutype.equals(ONLINEBKU)) { return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD); } Logger.warn("BKU Type does not match: " + THIRDBKU + " or " + HANDYBKU + " or " + LOCALBKU); return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL() */ @Override public List getBKUURL() { List list = new ArrayList(); if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD)) list.add(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD)); if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY)) list.add(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY)); if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL)) list.add(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL)); return list; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSO() */ @Override public boolean useSSO() { try { return Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SSO_ENABLED)); } catch (Exception e) { Logger.warn("Use SSO configuration parameter is not parseable.", e); return false; } } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSOQuestion() */ @Override public boolean useSSOQuestion() { try { return Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SSO_USERREQUEST)); } catch (Exception e) { Logger.warn("SSO user question configuration parameter is not parseable.", e); return true; } } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getMandateProfiles() */ @Override public List getMandateProfiles() { String profileConfig = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_PROFILES); if (MiscUtil.isNotEmpty(profileConfig)) { List list = new ArrayList(); String profilesArray[] = profileConfig.split(","); for(int i = 0; i < profilesArray.length; i++) { list.add(profilesArray[i].trim()); } return list; } return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowMandateCheckBox() */ @Override public boolean isShowMandateCheckBox() { try { return Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_USE)); } catch (Exception e) { Logger.warn("Enable mandates configuration parameter is not parseable.", e); return true; } } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOnlyMandateAllowed() */ @Override public boolean isOnlyMandateAllowed() { try { return Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_ONLY)); } catch (Exception e) { Logger.warn("Use ONLY mandates configuration parameter is not parseable.", e); return false; } } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowStorkLogin() */ @Override public boolean isShowStorkLogin() { try { return Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED)); } catch (Exception e) { Logger.warn("Enable STORK login configuration parameter is not parseable.", e); return false; } } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel() */ @Override public String getQaaLevel() { String eidasLoALevel = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL); if (MiscUtil.isEmpty(eidasLoALevel)) return MOAIDConstants.eIDAS_LOA_HIGH; else return eidasLoALevel; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getRequestedAttributes() */ @Override public Collection getRequestedSTORKAttributes() { Map attrMap = new HashMap(); Map resultMap = new HashMap(); Set configKeys = spConfiguration.getFullConfiguration().keySet(); for (String el : configKeys) { if (el.startsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST)) { String index = KeyValueUtils.getFirstChildAfterPrefix(el, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST); if (!attrMap.containsKey(index)) { String isRequested = spConfiguration.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_REQUESTED); if (MiscUtil.isNotEmpty(isRequested) && Boolean.parseBoolean(isRequested)) { StorkAttribute attr = new StorkAttribute( spConfiguration.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_NAME), Boolean.valueOf(spConfiguration.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY))); attrMap.put(index, 0); resultMap.put(attr.getName(), attr); } } } } //add mandatory attributes from general config try { for (StorkAttribute el : AuthConfigurationProviderFactory.getInstance().getStorkConfig().getStorkAttributes()) { if (el.getMandatory()) resultMap.put(el.getName(), el); } } catch (Exception e) { Logger.warn("Mandatory STORK attributes can not added.", e); } return resultMap.values(); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isRequireConsentForStorkAttributes() */ @Override public boolean isRequireConsentForStorkAttributes() { try{ if (isSTORKPVPGateway()) return false; if (MiscUtil.isEmpty(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_REQUIRECONSENT))) { Logger.info("isRequireConsentForStorkAttributes() is empty, returning default value 'true'"); return true; } return Boolean.parseBoolean(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_REQUIRECONSENT)); }catch(Exception e) { Logger.warn("isRequireConsentForStorkAttributes() failed, returning default value 'true'", e); return true; } } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getStorkAPs() */ @Override public Collection getStorkAPs() { Map pluginMap = new HashMap(); Set configKeys = spConfiguration.getFullConfiguration().keySet(); for (String el : configKeys) { if (el.startsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST)) { String index = KeyValueUtils.getFirstChildAfterPrefix(el, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST); if (!pluginMap.containsKey(index)) { StorkAttributeProviderPlugin attr = new StorkAttributeProviderPlugin( spConfiguration.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME), spConfiguration.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_URL), spConfiguration.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_ATTRIBUTES)); pluginMap.put(index, attr); } } } return pluginMap.values(); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUSelectionTemplate() */ @Override public byte[] getBKUSelectionTemplate() { try { String bkuSelectionTemplateBase64 = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA); if (MiscUtil.isNotEmpty(bkuSelectionTemplateBase64)) { return Base64Utils.decode(bkuSelectionTemplateBase64, false); } } catch (Exception e) { Logger.warn("OA specific BKU selection template is not decodeable", e); } return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSendAssertionTemplate() */ @Override public byte[] getSendAssertionTemplate() { try { String bkuSelectionTemplateBase64 = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA); if (MiscUtil.isNotEmpty(bkuSelectionTemplateBase64)) { return Base64Utils.decode(bkuSelectionTemplateBase64, false); } } catch (Exception e) { Logger.warn("OA specific BKU selection template is not decodeable", e); } return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPepsList() */ @Override public Collection getPepsList() { Map cPEPSMap = new HashMap(); try { IStorkConfig availableSTORKConfig = AuthConfigurationProviderFactory.getInstance().getStorkConfig(); if (availableSTORKConfig != null) { Set configKeys = spConfiguration.getFullConfiguration().keySet(); for (String el : configKeys) { if (el.startsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST)) { String index = KeyValueUtils.getFirstChildAfterPrefix(el, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST); if (!cPEPSMap.containsKey(index)) { if (Boolean.parseBoolean(spConfiguration.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_ENABLED))) { CPEPS availableCPEPS = availableSTORKConfig.getCPEPSWithFullName( spConfiguration.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_COUNTRYCODE)); if (availableCPEPS != null) cPEPSMap.put(index, availableCPEPS); } } } } } } catch (ConfigurationException e) { Logger.error("MOA-ID configuration is not accessable.", e); } return cPEPSMap.values(); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIDPAttributQueryServiceURL() */ @Override public String getIDPAttributQueryServiceURL() { return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_ATTRIBUTQUERY_URL); } @Override public boolean isInboundSSOInterfederationAllowed() { String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_INBOUND); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else return false; } @Override public boolean isOutboundSSOInterfederationAllowed() { String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_OUTBOUND); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else return false; } @Override public boolean isPassivRequestUsedForInterfederation() { String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_PASSIVEREQUEST); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else return false; } @Override public boolean isPerformLocalAuthenticationOnInterfederationError() { String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_LOCALAUTHONERROR); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else return false; } @Override public boolean isInterfederationSSOStorageAllowed() { String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_STORE); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else return false; } public boolean isIDPPublicService() throws ConfigurationException { return !hasBaseIdTransferRestriction(); } public String getSTORKPVPForwardEntity() { return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_FORWARD_IDPIDENTIFIER); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isTestCredentialEnabled() */ @Override public boolean isTestCredentialEnabled() { String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_ENABLED); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else return false; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTestCredentialOIDs() */ @Override public List getTestCredentialOIDs() { String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_OIDs); if (MiscUtil.isNotEmpty(value)) { List list = new ArrayList(); String profilesArray[] = value.split(","); for(int i = 0; i < profilesArray.length; i++) { list.add(profilesArray[i].trim()); } return list; } else return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBPKDecBpkDecryptionParameters() */ @Override public PrivateKey getBPKDecBpkDecryptionKey() { try { EncryptedData encdata = new EncryptedData( Base64Utils.decode( spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_FOREIGNBPK_DECRYPT_BLOB), false), Base64Utils.decode( spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_FOREIGNBPK_DECRYPT_IV), false)); byte[] serializedData = ConfigurationEncrytionUtil.getInstance().decrypt(encdata); BPKDecryptionParameters data = (BPKDecryptionParameters) SerializationUtils.deserialize(serializedData); return data.getPrivateKey(); } catch (BuildException e) { Logger.error("Can not decrypt key information for bPK decryption", e); } catch (NullPointerException e) { Logger.error("No keyInformation found for bPK decryption"); } catch (IOException e) { Logger.error("Can not decode key information for bPK decryption.", e); } return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPublicURLPrefix() */ @Override public String getPublicURLPrefix() { return spConfiguration.getUniqueIdentifier(); } private boolean getBusinessService() { String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else return true; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInderfederationIDP() */ @Override public boolean isInderfederationIDP() { String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES); return MOAIDConfigurationConstants.PREFIX_IIDP.equals(value); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isSTORKPVPGateway() */ @Override public boolean isSTORKPVPGateway() { String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES); return MOAIDConfigurationConstants.PREFIX_GATEWAY.equals(value); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFriendlyName() */ @Override public String getFriendlyName() { return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME); } ///* (non-Javadoc) // * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getOaType() // */ //@Override //public String getOaType() { // if (getBusinessService()) // return "businessService"; // else // return "publicService"; //} /** * * @return true/false if bPK or wbPK should not be visible in AuthBlock */ public boolean isRemovePBKFromAuthBlock() { String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCK_REMOVEBPK); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else return false; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getReversionsLoggingEventCodes() */ @Override public List getReversionsLoggingEventCodes() { String isEnabled = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_ENABLED); if (MiscUtil.isNotEmpty(isEnabled) && Boolean.parseBoolean(isEnabled)) { String eventCodes = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES); if (MiscUtil.isNotEmpty(eventCodes)) { String[] codes = eventCodes.split(","); List result = new ArrayList(); for (String el : codes) { try { result.add(Integer.valueOf(el.trim())); } catch (NumberFormatException e) { Logger.warn("EventCode can not parsed to Integer.", e); } } if (!result.isEmpty()) return result; } } return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseIDLTestTrustStore() */ @Override public boolean isUseIDLTestTrustStore() { String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_USETESTIDLTRUSTSTORE); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else return false; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseAuthBlockTestTestStore() */ @Override public boolean isUseAuthBlockTestTestStore() { String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_USETESTAUTHBLOCKTRUSTSTORE); if (MiscUtil.isNotEmpty(value)) return Boolean.parseBoolean(value); else return false; } public String toString() { if (spConfiguration.getFullConfiguration() != null) return Arrays.asList(spConfiguration.getFullConfiguration()).toString(); return "Object not initialized"; } @Override public boolean containsConfigurationKey(String arg0) { return spConfiguration.containsConfigurationKey(arg0); } @Override public List foreignbPKSectorsRequested() { String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN); if (MiscUtil.isNotEmpty(value)) return KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(value)); else return null; } @Override public Map getFullConfiguration() { return spConfiguration.getFullConfiguration(); } @Override /** * THIS METHODE IS NOT SUPPORTED IN THIS IMPLEMENTATION */ public List getTargetsWithNoBaseIdInternalProcessingRestriction() { return null; } @Override /** * THIS METHODE IS NOT SUPPORTED IN THIS IMPLEMENTATION */ public List getTargetsWithNoBaseIdTransferRestriction() { return null; } @Override public String getUniqueIdentifier() { return getPublicURLPrefix(); } @Override public List getRequiredLoA() { String loa = getQaaLevel(); if (loa != null) return Arrays.asList(loa); else return null; } @Override public String getLoAMatchingMode() { return EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM; } @Override public String getConfigurationValue(String key) { return spConfiguration.getConfigurationValue(key); } @Override public String getConfigurationValue(String key, String defaultValue) { String value = getConfigurationValue(key); if (value == null) return defaultValue; else return value; } @Override public Boolean isConfigurationValue(String key) { String value = getConfigurationValue(key); if (value == null) return Boolean.parseBoolean(value); return null; } @Override public boolean isConfigurationValue(String key, boolean defaultValue) { String value = getConfigurationValue(key); if (value == null) return Boolean.parseBoolean(value); else return defaultValue; } }