Merge branch 'release-1.x'

OpenConext · Apr 29, 2016 · e952b5c · e952b5c
2 parents 331a315 + d6b3138
commit e952b5c
Show file tree

Hide file tree

Showing 11 changed files with 193 additions and 128 deletions.
diff --git a/app/Resources/translations/messages.en_GB.xliff b/app/Resources/translations/messages.en_GB.xliff
diff --git a/app/Resources/translations/messages.nl_NL.xliff b/app/Resources/translations/messages.nl_NL.xliff
diff --git a/app/Resources/translations/validators.en_GB.xliff b/app/Resources/translations/validators.en_GB.xliff
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2015-07-27T17:13:28Z" source-language="en" target-language="en_GB" datatype="plaintext" original="not.available">
+  <file date="2016-04-29T10:03:47Z" source-language="en" target-language="en_GB" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>

diff --git a/app/Resources/translations/validators.nl_NL.xliff b/app/Resources/translations/validators.nl_NL.xliff
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2015-07-27T17:13:24Z" source-language="en" target-language="nl_NL" datatype="plaintext" original="not.available">
+  <file date="2016-04-29T10:03:49Z" source-language="en" target-language="nl_NL" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>

diff --git a/app/config/samlstepupproviders.yml b/app/config/samlstepupproviders.yml
@@ -3,8 +3,8 @@ imports:
 
 surfnet_stepup_ra_saml_stepup_provider:
     routes:
-        consume_assertion: %gssp_routes_consume_assertion%
-        metadata: %gssp_routes_metadata%
+        consume_assertion: ra_vetting_gssf_verify
+        metadata: ra_vetting_gssf_metadata
     providers:
         tiqr:
             hosted:
@@ -18,3 +18,15 @@ surfnet_stepup_ra_saml_stepup_provider:
                 entity_id: %gssp_tiqr_remote_entity_id%
                 sso_url: %gssp_tiqr_remote_sso_url%
                 certificate: %gssp_tiqr_remote_certificate%
+        biometric:
+            hosted:
+                service_provider:
+                    public_key: %gssp_biometric_sp_publickey%
+                    private_key: %gssp_biometric_sp_privatekey%
+                metadata:
+                    public_key: %gssp_biometric_metadata_publickey%
+                    private_key: %gssp_biometric_metadata_privatekey%
+            remote:
+                entity_id: %gssp_biometric_remote_entity_id%
+                sso_url: %gssp_biometric_remote_sso_url%
+                certificate: %gssp_biometric_remote_certificate%
diff --git a/app/config/samlstepupproviders_parameters.yml.dist b/app/config/samlstepupproviders_parameters.yml.dist
@@ -1,11 +1,15 @@
 parameters:
-    # the routes should be kept as is, they map to specific URLs on the gateway
-    gssp_routes_consume_assertion: ra_vetting_gssf_verify
-    gssp_routes_metadata: ra_vetting_gssf_metadata
     gssp_tiqr_sp_publickey: '/full/path/to/the/gateway-as-sp/public-key-file.cer'
     gssp_tiqr_sp_privatekey: '/full/path/to/the/gateway-as-sp/private-key-file.pem'
     gssp_tiqr_metadata_publickey: '/full/path/to/the/gateway-metadata/public-key-file.cer'
     gssp_tiqr_metadata_privatekey: '/full/path/to/the/gateway-as-sp/private-key-file.pem'
     gssp_tiqr_remote_entity_id: 'https://actual-gssp.entity-id.tld'
     gssp_tiqr_remote_sso_url: 'https://actual-gssp.entity-id.tld/single-sign-on/url'
     gssp_tiqr_remote_certificate: 'The contents of the certificate published by the gssp'
+    gssp_biometric_sp_publickey: '/full/path/to/the/gateway-as-sp/public-key-file.cer'
+    gssp_biometric_sp_privatekey: '/full/path/to/the/gateway-as-sp/private-key-file.pem'
+    gssp_biometric_metadata_publickey: '/full/path/to/the/gateway-metadata/public-key-file.cer'
+    gssp_biometric_metadata_privatekey: '/full/path/to/the/gateway-as-sp/private-key-file.pem'
+    gssp_biometric_remote_entity_id: 'https://actual-gssp.entity-id.tld'
+    gssp_biometric_remote_sso_url: 'https://actual-gssp.entity-id.tld/single-sign-on/url'
+    gssp_biometric_remote_certificate: 'The contents of the certificate published by the gssp'
diff --git a/composer.json b/composer.json
@@ -25,7 +25,7 @@
         "jms/di-extra-bundle": "~1.4.0",
         "surfnet/stepup-middleware-client-bundle": "dev-develop",
         "surfnet/stepup-saml-bundle": "dev-develop",
-        "surfnet/stepup-bundle": "dev-develop",
+        "surfnet/stepup-bundle": "^1.3.0",
         "surfnet/stepup-u2f-bundle": "dev-develop",
         "guzzlehttp/guzzle": "~4",
         "symfony/swiftmailer-bundle": "~2.3",

diff --git a/composer.lock b/composer.lock
diff --git a/src/Surfnet/StepupRa/RaBundle/Controller/VettingController.php b/src/Surfnet/StepupRa/RaBundle/Controller/VettingController.php
@@ -19,6 +19,7 @@
 namespace Surfnet\StepupRa\RaBundle\Controller;
 
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
+use Surfnet\StepupBundle\Value\SecondFactorType;
 use Surfnet\StepupRa\RaBundle\Command\StartVettingProcedureCommand;
 use Surfnet\StepupRa\RaBundle\Command\VerifyIdentityCommand;
 use Surfnet\StepupRa\RaBundle\Exception\DomainException;
@@ -104,20 +105,25 @@ public function startProcedureAction(Request $request)
             ->forProcedure($procedureId)
             ->notice(sprintf('Starting new Vetting Procedure for second factor of type "%s"', $secondFactor->type));
 
-        switch ($secondFactor->type) {
-            case 'yubikey':
-                return $this->redirectToRoute('ra_vetting_yubikey_verify', ['procedureId' => $procedureId]);
-            case 'sms':
-                return $this->redirectToRoute('ra_vetting_sms_send_challenge', ['procedureId' => $procedureId]);
-            case 'tiqr':
-                return $this->redirectToRoute('ra_vetting_gssf_initiate', [
+        $secondFactorType = new SecondFactorType($secondFactor->type);
+        if ($secondFactorType->isYubikey()) {
+            return $this->redirectToRoute('ra_vetting_yubikey_verify', ['procedureId' => $procedureId]);
+        } elseif ($secondFactorType->isSms()) {
+            return $this->redirectToRoute('ra_vetting_sms_send_challenge', ['procedureId' => $procedureId]);
+        } elseif ($secondFactorType->isGssf()) {
+            return $this->redirectToRoute(
+                'ra_vetting_gssf_initiate',
+                [
                     'procedureId' => $procedureId,
-                    'provider' => $secondFactor->type
-                ]);
-            case 'u2f':
-                return $this->redirectToRoute('ra_vetting_u2f_start_authentication', ['procedureId' => $procedureId]);
-            default:
-                throw new RuntimeException(sprintf("Unexpected second factor type '%s'", $secondFactor->type));
+                    'provider'    => $secondFactor->type
+                ]
+            );
+        } elseif ($secondFactorType->isU2f()) {
+            return $this->redirectToRoute('ra_vetting_u2f_start_authentication', ['procedureId' => $procedureId]);
+        } else {
+            throw new RuntimeException(
+                sprintf('RA does not support vetting procedure for second factor type "%s"', $secondFactor->type)
+            );
         }
     }
 

diff --git a/src/Surfnet/StepupRa/RaBundle/Form/Type/InitiateGssfType.php b/src/Surfnet/StepupRa/RaBundle/Form/Type/InitiateGssfType.php
@@ -45,7 +45,7 @@ public function buildForm(FormBuilderInterface $builder, array $options)
         $builder
             ->add('submit', 'submit', [
                 'attr'  => ['class' => 'btn btn-primary'],
-                'label' => 'ra.vetting.gssf.initiate.' . $options['provider'] . '.button.initiate'
+                'label' => /** @Ignore */ 'ra.vetting.gssf.initiate.' . $options['provider'] . '.button.initiate'
             ])
             ->setAction($action);
     }

diff --git a/src/Surfnet/StepupRa/RaBundle/Resources/views/translations.html.twig b/src/Surfnet/StepupRa/RaBundle/Resources/views/translations.html.twig
@@ -39,6 +39,10 @@
 {{ ('ra.vetting.gssf.initiate.tiqr.text.explanation')|trans }}
 {{ ('ra.vetting.gssf.initiate.tiqr.button.initiate')|trans }}
 {{ ('ra.vetting.gssf.initiate.tiqr.error.gssf_id_mismatch')|trans }}
+{{ ('ra.vetting.gssf.initiate.biometric.title.page')|trans }}
+{{ ('ra.vetting.gssf.initiate.biometric.text.explanation')|trans }}
+{{ ('ra.vetting.gssf.initiate.biometric.button.initiate')|trans }}
+{{ ('ra.vetting.gssf.initiate.biometric.error.gssf_id_mismatch')|trans }}
 
 {# RaRoleChoiceList labels #}
 {{ ('ra.form.extension.ra_role_choice.ra'|trans) }}