/* * Copyright 2019 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egovernment.moa.id.auth.modules.eidproxyauth; import java.util.ArrayList; import java.util.Collections; import java.util.List; import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.core.impl.data.Trible; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; /** * @author tlenz * */ public class EIDProxyAuthConstants { public static final String MODULE_NAME_FOR_LOGGING = "E-ID proxy authentication"; public static final int METADATA_VALIDUNTIL_IN_HOURS = 24 * 365 * 10; public static final String HTTP_PARAM_EIDPROXY_AUTH_SELECTION = "forwardToEID"; public static final String ENDPOINT_POST = "/sp/eid/post"; public static final String ENDPOINT_REDIRECT = "/sp/eid/redirect"; public static final String ENDPOINT_METADATA = "/sp/eid/metadata"; public static final String ENDPOINT_APPREG_INFO = "/eid/getappregid"; public static final String CONFIG_PROPS_PREFIX = "modules.eidproxyauth."; public static final String CONFIG_PROPS_KEYSTORE = CONFIG_PROPS_PREFIX + "keystore.path"; public static final String CONFIG_PROPS_KEYSTOREPASSWORD = CONFIG_PROPS_PREFIX + "keystore.password"; public static final String CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.password"; public static final String CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.alias"; public static final String CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.password"; public static final String CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.alias"; public static final String CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.password"; public static final String CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.alias"; public static final String CONFIG_PROPS_NODE_ENTITYID = CONFIG_PROPS_PREFIX + "EID.entityId"; public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "EID.metadataUrl"; public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "EID.trustprofileID"; public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX + "required.additional.attributes"; public static final String CONFIG_PROPS_DISABLE_PROCESS_ENFORCEMENT = CONFIG_PROPS_PREFIX + "enforce.process.disabled"; public static final String CONFIG_PROPS_ENABLE_APPREG_IDENTIFIER_GENERATION_ENDPOINT = CONFIG_PROPS_PREFIX + "endpoint.appreginfo.enable"; public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EAAFConstants.EIDAS_LOA_HIGH; public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES = Collections.unmodifiableList(new ArrayList>() { private static final long serialVersionUID = 1L; { //add PVP Version attribute add(Trible.newInstance(PVPConstants.PVP_VERSION_NAME, PVPConstants.PVP_VERSION_FRIENDLY_NAME, false)); //request entity information add(Trible.newInstance(PVPConstants.GIVEN_NAME_NAME, PVPConstants.GIVEN_NAME_FRIENDLY_NAME, false)); add(Trible.newInstance(PVPConstants.PRINCIPAL_NAME_NAME, PVPConstants.PRINCIPAL_NAME_FRIENDLY_NAME, false)); add(Trible.newInstance(PVPConstants.BIRTHDATE_NAME, PVPConstants.BIRTHDATE_FRIENDLY_NAME, false)); add(Trible.newInstance(PVPConstants.BPK_NAME, PVPConstants.BPK_FRIENDLY_NAME, false)); add(Trible.newInstance(PVPConstants.BPK_LIST_NAME, PVPConstants.BPK_LIST_FRIENDLY_NAME, false)); add(Trible.newInstance(PVPConstants.ENC_BPK_LIST_NAME, PVPConstants.ENC_BPK_LIST_FRIENDLY_NAME, false)); //E-ID metadata attributes add(Trible.newInstance(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, PVPConstants.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false)); add(Trible.newInstance(PVPConstants.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, PVPConstants.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, false)); add(Trible.newInstance(PVPConstants.EID_IDENTITY_STATUS_LEVEL_NAME, PVPConstants.EID_IDENTITY_STATUS_LEVEL_FRIENDLY_NAME, false)); add(Trible.newInstance(PVPConstants.EID_ISSUING_NATION_NAME, PVPConstants.EID_ISSUING_NATION_FRIENDLY_NAME, false)); add(Trible.newInstance(PVPConstants.EID_SIGNER_CERTIFICATE_NAME, PVPConstants.EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, false)); add(Trible.newInstance(PVPConstants.EID_CCS_URL_NAME, PVPConstants.EID_CCS_URL_FRIENDLY_NAME, false)); add(Trible.newInstance(PVPConstants.EID_E_ID_TOKEN_NAME, PVPConstants.EID_E_ID_TOKEN_FRIENDLY_NAME, false)); //mandate attributes add(Trible.newInstance(PVPConstants.MANDATE_TYPE_NAME, PVPConstants.MANDATE_TYPE_FRIENDLY_NAME, false)); add(Trible.newInstance(PVPConstants.MANDATE_TYPE_OID_NAME, PVPConstants.MANDATE_TYPE_OID_FRIENDLY_NAME, false)); add(Trible.newInstance(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME, PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false)); add(Trible.newInstance(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false)); add(Trible.newInstance(PVPConstants.MANDATE_NAT_PER_BPK_NAME, PVPConstants.MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false)); add(Trible.newInstance(PVPConstants.MANDATE_NAT_PER_BPK_LIST_NAME, PVPConstants.MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, false)); add(Trible.newInstance(PVPConstants.MANDATE_NAT_PER_ENC_BPK_LIST_NAME, PVPConstants.MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, false)); add(Trible.newInstance(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME, PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false)); add(Trible.newInstance(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME, PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false)); add(Trible.newInstance(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME, PVPConstants.MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false)); add(Trible.newInstance(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME, PVPConstants.MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false)); add(Trible.newInstance(PVPConstants.MANDATE_PROF_REP_OID_NAME, PVPConstants.MANDATE_PROF_REP_OID_FRIENDLY_NAME, false)); add(Trible.newInstance(PVPConstants.MANDATE_PROF_REP_DESC_NAME, PVPConstants.MANDATE_PROF_REP_DESC_FRIENDLY_NAME, false)); add(Trible.newInstance(PVPConstants.MANDATE_REFERENCE_VALUE_NAME, PVPConstants.MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false)); } }); public static final List DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES = Collections.unmodifiableList(new ArrayList() { private static final long serialVersionUID = 1L; { for (Trible el : DEFAULT_REQUIRED_PVP_ATTRIBUTES) add(el.getFirst()); } }); }