diff options
author | Thomas <thomas.lenz@egiz.gv.at> | 2019-12-05 09:52:48 +0100 |
---|---|---|
committer | Thomas <thomas.lenz@egiz.gv.at> | 2019-12-05 09:52:48 +0100 |
commit | 3fada6cef21c9b16467177d866df778203b51b4d (patch) | |
tree | 8fe8ed37b6ee9fe35a1e035ceba6c68808328415 /eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder | |
parent | 95b21a826e5d81fdeabcf4673a9e87047edaec9d (diff) | |
download | EAAF-Components-3fada6cef21c9b16467177d866df778203b51b4d.tar.gz EAAF-Components-3fada6cef21c9b16467177d866df778203b51b4d.tar.bz2 EAAF-Components-3fada6cef21c9b16467177d866df778203b51b4d.zip |
some code code-style modifications
active code-quality checks!
Diffstat (limited to 'eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder')
2 files changed, 186 insertions, 180 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java index b12658f5..f5c687f1 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java @@ -25,14 +25,26 @@ import java.io.InputStream; import java.util.ArrayList; import java.util.Collection; import java.util.Map.Entry; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.lang.NonNull; +import org.springframework.util.Assert; +import org.springframework.util.Base64Utils; +import org.w3c.dom.DOMException; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.data.EAAFConstants; -import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions; -import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder; import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; -import at.gv.egiz.eaaf.core.api.idp.IspConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; @@ -47,17 +59,6 @@ import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.lang.NonNull; -import org.springframework.util.Assert; -import org.springframework.util.Base64Utils; -import org.w3c.dom.DOMException; -import org.w3c.dom.Element; -import org.w3c.dom.Node; - public abstract class AbstractAuthenticationDataBuilder implements IAuthenticationDataBuilder { private static final Logger log = @@ -83,7 +84,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati pendingReq.getSessionData(AuthProcessDataWrapper.class); try { - if (authProcessData.isEIDProcess()) { + if (authProcessData.isEidProcess()) { log.debug("Building AuthData from new E-ID information ... "); authData = getAuthDataInstance(pendingReq); Assert.notNull(authData, "AuthData is null"); @@ -107,7 +108,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } catch (XPathException | DOMException | EaafException e) { log.warn("Can not build authentication data from auth. process information"); - throw new EaafAuthenticationException("builder.11", new Object[] {e.getMessage()}, e); + throw new EaafAuthenticationException("builder.11", new Object[] { e.getMessage() }, e); } @@ -127,8 +128,8 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati protected abstract IAuthData getAuthDataInstance(IRequest pendingReq) throws EaafException; /** - * Build service-specific AuthData by using information from E-ID This builder uses vSZ, MDS and - * Consent as input information. + * Build service-specific AuthData by using information from E-ID This builder + * uses vSZ, MDS and Consent as input information. * * @param pendingReq current pendingRequest * @return {@link IAuthData} but never <code>null</code> @@ -137,13 +138,13 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati protected abstract void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) throws EaafException; - /** * Add generic E-ID information into already existing AuthData. * - * @param authData AuthData object - * @param authProcessData Authentication information holder from current pending request - * @param pendingReq current pending request + * @param authData AuthData object + * @param authProcessData Authentication information holder from current pending + * request + * @param pendingReq current pending request */ private void buildInternalAuthDataGeneric(@NonNull final IAuthData authData, @NonNull final IAuthProcessDataContainer authProcessData, @@ -164,7 +165,8 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati // TODO: check if it is needed // if (authProcessData.getGenericSessionDataStorage() != null && // !authProcessData.getGenericSessionDataStorage().isEmpty()) - // includedToGenericAuthData = authProcessData.getGenericSessionDataStorage().keySet(); + // includedToGenericAuthData = + // authProcessData.getGenericSessionDataStorage().keySet(); // else includedToGenericAuthData = new ArrayList<>(); @@ -178,31 +180,28 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati // #################################################### // set MDS and vSZ internalAuthData.setFamilyName(authProcessData - .getGenericDataFromSession(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME, String.class)); + .getGenericDataFromSession(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, String.class)); internalAuthData.setGivenName(authProcessData - .getGenericDataFromSession(PVPAttributeDefinitions.GIVEN_NAME_NAME, String.class)); + .getGenericDataFromSession(PvpAttributeDefinitions.GIVEN_NAME_NAME, String.class)); internalAuthData.setDateOfBirth(authProcessData - .getGenericDataFromSession(PVPAttributeDefinitions.BIRTHDATE_NAME, String.class)); + .getGenericDataFromSession(PvpAttributeDefinitions.BIRTHDATE_NAME, String.class)); internalAuthData.setEncSourceId(authProcessData.getGenericDataFromSession( - ExtendedPVPAttributeDefinitions.EID_ENCRYPTED_SOURCEID_NAME, String.class)); + ExtendedPvpAttributeDefinitions.EID_ENCRYPTED_SOURCEID_NAME, String.class)); internalAuthData.setEncSourceIdType(authProcessData.getGenericDataFromSession( - ExtendedPVPAttributeDefinitions.EID_ENCRYPTED_SOURCEID_TYPE_NAME, String.class)); + ExtendedPvpAttributeDefinitions.EID_ENCRYPTED_SOURCEID_TYPE_NAME, String.class)); // #################################################### // set QAA level setQaaLevel(internalAuthData, authProcessData); - // #################################################### // set isForeigner flag setFlagForeigner(internalAuthData, authProcessData); - // #################################################### // set citizen country-code setCitizenCountryCode(internalAuthData, authProcessData); - // set generic authProcessData to authdata for (final Entry<String, Object> el : authProcessData.getGenericSessionDataStorage() .entrySet()) { @@ -220,33 +219,33 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } - } /** * Parse citzen country-code into AuthData. * - * @param authData Current authentication data - * @param authProcessData Authentication information holder from current pending request + * @param authData Current authentication data + * @param authProcessData Authentication information holder from current pending + * request */ private void setCitizenCountryCode(final AuthenticationData authData, final IAuthProcessDataContainer authProcessData) { - includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_ISSUING_NATION_NAME); + includedToGenericAuthData.remove(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME); final String pvpCccAttr = authProcessData - .getGenericDataFromSession(PVPAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class); + .getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class); if (StringUtils.isNotEmpty(pvpCccAttr)) { authData.setCiticenCountryCode(pvpCccAttr); - log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME); + log.debug("Find PVP-Attr: " + PvpAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME); } else { if (authData.isForeigner()) { - //TODO: + // TODO: log.warn("Foreign citizen country NOT set yet!"); } else { authData.setCiticenCountryCode(basicConfig.getBasicConfiguration( IConfigurationWithSP.CONFIG_PROPS_AUTH_DEFAULT_COUNTRYCODE, - EAAFConstants.COUNTRYCODE_AUSTRIA)); + EaafConstants.COUNTRYCODE_AUSTRIA)); } } @@ -256,28 +255,29 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati /** * parse QAA Level into AuthData. * - * @param authData current authentication data - * @param authProcessData Authentication information holder from current pending request - * @param pendingReq current pending request + * @param authData current authentication data + * @param authProcessData Authentication information holder from current pending + * request + * @param pendingReq current pending request */ private void setQaaLevel(@NonNull final AuthenticationData authData, @NonNull final IAuthProcessDataContainer authProcessData) { - includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME); + includedToGenericAuthData.remove(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME); String currentLoA = null; - if (StringUtils.isNotEmpty(authProcessData.getQAALevel())) { - currentLoA = authProcessData.getQAALevel(); + if (StringUtils.isNotEmpty(authProcessData.getQaaLevel())) { + currentLoA = authProcessData.getQaaLevel(); } else { currentLoA = authProcessData.getGenericDataFromSession( - PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, String.class); + PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, String.class); if (StringUtils.isNotEmpty(currentLoA)) { log.debug( - "Find PVP-Attr '" + PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME + "Find PVP-Attr '" + PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA + " --> Parse QAA-Level from that attribute."); } } if (StringUtils.isNotEmpty(currentLoA)) { - if (currentLoA.startsWith(EAAFConstants.EIDAS_LOA_PREFIX)) { + if (currentLoA.startsWith(EaafConstants.EIDAS_LOA_PREFIX)) { authData.setEidasLoa(currentLoA); } else { @@ -285,20 +285,19 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } } else { - log.info("No QAA level found. Set to default level " + EAAFConstants.EIDAS_LOA_LOW); - authData.setEidasLoa(EAAFConstants.EIDAS_LOA_LOW); + log.info("No QAA level found. Set to default level " + EaafConstants.EIDAS_LOA_LOW); + authData.setEidasLoa(EaafConstants.EIDAS_LOA_LOW); } } - private void setFlagForeigner(final AuthenticationData authData, final IAuthProcessDataContainer authProcessData) { // TODO: change to new eIDAS-token attribute identifier if (authProcessData - .getGenericDataFromSession(PVPAttributeDefinitions.EID_STORK_TOKEN_NAME) != null) { - log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_STORK_TOKEN_FRIENDLY_NAME + .getGenericDataFromSession(PvpAttributeDefinitions.EID_STORK_TOKEN_NAME) != null) { + log.debug("Find PVP-Attr: " + PvpAttributeDefinitions.EID_STORK_TOKEN_FRIENDLY_NAME + " --> Set 'isForeigner' flag to TRUE"); authData.setForeigner(true); @@ -309,8 +308,9 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } /** - * Build authentication data by using information from citizen-card or mobile-phone signature This - * builder uses IdentityLink, AuthBlock, full MIS mandate as input information. + * Build authentication data by using information from citizen-card or + * mobile-phone signature This builder uses IdentityLink, AuthBlock, full MIS + * mandate as input information. * * @param pendingReq current pendingRequest * @return {@link IAuthData} but never <code>null</code> @@ -340,7 +340,6 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati authData.setBaseIdTransferRestrication( pendingReq.getServiceProviderConfiguration().hasBaseIdTransferRestriction()); - // #################################################### // parse user info's from identityLink IIdentityLink idlFromPvpAttr = null; @@ -351,10 +350,10 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } else { // identityLink is not direct in MOASession final String pvpAttrIdl = authProcessData - .getGenericDataFromSession(PVPAttributeDefinitions.EID_IDENTITY_LINK_NAME, String.class); + .getGenericDataFromSession(PvpAttributeDefinitions.EID_IDENTITY_LINK_NAME, String.class); // find PVP-Attr. which contains the IdentityLink if (StringUtils.isNotEmpty(pvpAttrIdl)) { - log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_IDENTITY_LINK_FRIENDLY_NAME + log.debug("Find PVP-Attr: " + PvpAttributeDefinitions.EID_IDENTITY_LINK_FRIENDLY_NAME + " --> Parse basic user info's from that attribute."); InputStream idlStream = null; try { @@ -373,7 +372,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } finally { try { - includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_IDENTITY_LINK_NAME); + includedToGenericAuthData.remove(PvpAttributeDefinitions.EID_IDENTITY_LINK_NAME); if (idlStream != null) { idlStream.close(); } @@ -390,28 +389,28 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati log.debug( "No IdentityLink found or not parseable --> Parse basic user info's from single PVP-Attributes."); authData.setFamilyName(authProcessData - .getGenericDataFromSession(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME, String.class)); + .getGenericDataFromSession(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, String.class)); authData.setGivenName(authProcessData - .getGenericDataFromSession(PVPAttributeDefinitions.GIVEN_NAME_NAME, String.class)); + .getGenericDataFromSession(PvpAttributeDefinitions.GIVEN_NAME_NAME, String.class)); authData.setDateOfBirth(authProcessData - .getGenericDataFromSession(PVPAttributeDefinitions.BIRTHDATE_NAME, String.class)); + .getGenericDataFromSession(PvpAttributeDefinitions.BIRTHDATE_NAME, String.class)); authData.setIdentificationValue(authProcessData - .getGenericDataFromSession(PVPAttributeDefinitions.EID_SOURCE_PIN_NAME, String.class)); + .getGenericDataFromSession(PvpAttributeDefinitions.EID_SOURCE_PIN_NAME, String.class)); authData.setIdentificationType(authProcessData.getGenericDataFromSession( - PVPAttributeDefinitions.EID_SOURCE_PIN_TYPE_NAME, String.class)); + PvpAttributeDefinitions.EID_SOURCE_PIN_TYPE_NAME, String.class)); // remove corresponding keys from genericSessionData if exists - includedToGenericAuthData.remove(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME); - includedToGenericAuthData.remove(PVPAttributeDefinitions.GIVEN_NAME_NAME); - includedToGenericAuthData.remove(PVPAttributeDefinitions.BIRTHDATE_NAME); - includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_SOURCE_PIN_NAME); - includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_SOURCE_PIN_TYPE_NAME); + includedToGenericAuthData.remove(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME); + includedToGenericAuthData.remove(PvpAttributeDefinitions.GIVEN_NAME_NAME); + includedToGenericAuthData.remove(PvpAttributeDefinitions.BIRTHDATE_NAME); + includedToGenericAuthData.remove(PvpAttributeDefinitions.EID_SOURCE_PIN_NAME); + includedToGenericAuthData.remove(PvpAttributeDefinitions.EID_SOURCE_PIN_TYPE_NAME); } } if (authData.getIdentificationType() != null - && !authData.getIdentificationType().equals(EAAFConstants.URN_PREFIX_BASEID)) { + && !authData.getIdentificationType().equals(EaafConstants.URN_PREFIX_BASEID)) { log.trace("IdentificationType is not a baseID --> clear it. "); authData.setBpk(authData.getIdentificationValue()); authData.setBpkType(authData.getIdentificationType()); @@ -420,22 +419,18 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati authData.setIdentificationType(null); } - // #################################################### // set QAA level setQaaLevel(authData, authProcessData); - // #################################################### // set isForeigner flag setFlagForeigner(authData, authProcessData); - // #################################################### // set citizen country-code setCitizenCountryCode(authData, authProcessData); - // #################################################### // set bPK and IdentityLink final String pvpBpkValue = getBpkValueFromPvpAttribute(authProcessData); @@ -449,12 +444,12 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati log.info( "Can not build authData, because moaSession include no bPK, encrypted bPK or baseID"); throw new EaafBuilderException("builder.08", - new Object[] {"No " + PVPAttributeDefinitions.BPK_FRIENDLY_NAME + " or " - + PVPAttributeDefinitions.EID_SOURCE_PIN_FRIENDLY_NAME + " or " - + PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME}, - "No " + PVPAttributeDefinitions.BPK_FRIENDLY_NAME + " or " - + PVPAttributeDefinitions.EID_SOURCE_PIN_FRIENDLY_NAME + " or " - + PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME); + new Object[] { "No " + PvpAttributeDefinitions.BPK_FRIENDLY_NAME + " or " + + PvpAttributeDefinitions.EID_SOURCE_PIN_FRIENDLY_NAME + " or " + + PvpAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME }, + "No " + PvpAttributeDefinitions.BPK_FRIENDLY_NAME + " or " + + PvpAttributeDefinitions.EID_SOURCE_PIN_FRIENDLY_NAME + " or " + + PvpAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME); } @@ -513,10 +508,10 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati "Can not build authData, because moaSession include no valid bPK, encrypted bPK or sourceID"); throw new EaafBuilderException("builder.13", new Object[] { - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()}, - "No valid " + PVPAttributeDefinitions.BPK_FRIENDLY_NAME + " or " - + PVPAttributeDefinitions.EID_SOURCE_PIN_FRIENDLY_NAME + " or " - + PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME); + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier() }, + "No valid " + PvpAttributeDefinitions.BPK_FRIENDLY_NAME + " or " + + PvpAttributeDefinitions.EID_SOURCE_PIN_FRIENDLY_NAME + " or " + + PvpAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME); } } @@ -536,7 +531,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati @Deprecated protected abstract Pair<String, String> getEncryptedBpkFromPvpAttribute( IAuthProcessDataContainer authProcessDataContainer, AuthenticationData authData, - IspConfiguration spConfig) throws EaafBuilderException; + ISpConfiguration spConfig) throws EaafBuilderException; // request baseId from SRZ @Deprecated @@ -546,13 +541,13 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati @Deprecated protected Pair<String, String> buildOAspecificbPK(final IRequest pendingReq, final AuthenticationData authData) throws EaafBuilderException { - final IspConfiguration oaParam = pendingReq.getServiceProviderConfiguration(); + final ISpConfiguration oaParam = pendingReq.getServiceProviderConfiguration(); final String baseID = authData.getIdentificationValue(); final String baseIdType = authData.getIdentificationType(); Pair<String, String> sectorSpecId = null; - if (EAAFConstants.URN_PREFIX_BASEID.equals(baseIdType)) { + if (EaafConstants.URN_PREFIX_BASEID.equals(baseIdType)) { // SAML1 legacy target parameter work-around final String spTargetId = oaParam.getAreaSpecificTargetIdentifier(); log.debug("Use OA target identifier '" + spTargetId + "' from configuration"); @@ -575,7 +570,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } @Deprecated - protected IIdentityLink buildOAspecificIdentityLink(final IspConfiguration spConfig, + protected IIdentityLink buildOAspecificIdentityLink(final ISpConfiguration spConfig, final IIdentityLink idl, final String bpk, final String bpkType) throws EaafConfigurationException, XPathException, DOMException, EaafParserException { if (spConfig.hasBaseIdTransferRestriction()) { @@ -607,10 +602,11 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati * * @param oaParam Service-Provider configuration, never null * @param bpkType bPK-Type to check - * @return true, if bPK-Type matchs to Service-Provider configuration, otherwise false + * @return true, if bPK-Type matchs to Service-Provider configuration, otherwise + * false */ @Deprecated - protected boolean matchsReceivedBpkToOnlineApplication(final IspConfiguration oaParam, + protected boolean matchsReceivedBpkToOnlineApplication(final ISpConfiguration oaParam, final String bpkType) { return oaParam.getAreaSpecificTargetIdentifier().equals(bpkType); @@ -619,9 +615,10 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati /** * Parse information from an IdentityLink into AuthData object. * - * @param authData current authentication data - * @param identityLink User's identityLink - * @param includedGenericSessionData Generic AuthSession Data from PVP attributes + * @param authData current authentication data + * @param identityLink User's identityLink + * @param includedGenericSessionData Generic AuthSession Data from PVP + * attributes */ @Deprecated private void parseBasicUserInfosFromIdl(final AuthenticationData authData, @@ -631,10 +628,11 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati /* * GivenNames and FamilyNames with simple Apostrophe were escaped with ' in - * IdentityLinkParser since 5 years. This feature was bug-fix for an SL1.0 AuthBlock problem. - * However, the authentication attributes (SAML2, eIDAS, OpenID-Connect) also includes this - * escaped values, but there it is not neccesary. We fix this problem in 3.4.3, but the fix can - * be deactivated for dependency reasons. + * IdentityLinkParser since 5 years. This feature was bug-fix for an SL1.0 + * AuthBlock problem. However, the authentication attributes (SAML2, eIDAS, + * OpenID-Connect) also includes this escaped values, but there it is not + * neccesary. We fix this problem in 3.4.3, but the fix can be deactivated for + * dependency reasons. */ if (basicConfig.getBasicConfigurationBoolean(CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING, false)) { @@ -649,35 +647,37 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati authData.setDateOfBirth(identityLink.getDateOfBirth()); - // remove corresponding keys from genericSessionData if exists - includedGenericSessionData.remove(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME); - includedGenericSessionData.remove(PVPAttributeDefinitions.GIVEN_NAME_NAME); - includedGenericSessionData.remove(PVPAttributeDefinitions.BIRTHDATE_NAME); - includedGenericSessionData.remove(PVPAttributeDefinitions.EID_SOURCE_PIN_NAME); - includedGenericSessionData.remove(PVPAttributeDefinitions.EID_SOURCE_PIN_TYPE_NAME); + includedGenericSessionData.remove(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME); + includedGenericSessionData.remove(PvpAttributeDefinitions.GIVEN_NAME_NAME); + includedGenericSessionData.remove(PvpAttributeDefinitions.BIRTHDATE_NAME); + includedGenericSessionData.remove(PvpAttributeDefinitions.EID_SOURCE_PIN_NAME); + includedGenericSessionData.remove(PvpAttributeDefinitions.EID_SOURCE_PIN_TYPE_NAME); } /** - * Get bPK from PVP Attribute 'BPK_NAME', which could be exist in MOASession as 'GenericData'. <br> + * Get bPK from PVP Attribute 'BPK_NAME', which could be exist in MOASession as + * 'GenericData'. <br> * * <pre> * <code>session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class)</code> * </pre> * * @param session MOASession, but never null - * @return bPK, which was received by PVP-Attribute, or <code>null</code> if no attribute exists + * @return bPK, which was received by PVP-Attribute, or <code>null</code> if no + * attribute exists */ @Deprecated private String getBpkValueFromPvpAttribute(final IAuthProcessDataContainer session) { String pvpBpkValueAttr = - session.getGenericDataFromSession(PVPAttributeDefinitions.BPK_NAME, String.class); + session.getGenericDataFromSession(PvpAttributeDefinitions.BPK_NAME, String.class); if (StringUtils.isNotEmpty(pvpBpkValueAttr)) { - // fix a wrong bPK-value prefix, which was used in some PVP Standardportal implementations + // fix a wrong bPK-value prefix, which was used in some PVP Standardportal + // implementations if (pvpBpkValueAttr.startsWith("bPK:")) { - log.warn("Attribute " + PVPAttributeDefinitions.BPK_NAME + log.warn("Attribute " + PvpAttributeDefinitions.BPK_NAME + " contains a not standardize prefix! Staring attribute value correction process ..."); pvpBpkValueAttr = pvpBpkValueAttr.substring("bPK:".length()); @@ -685,18 +685,16 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati final String[] spitted = pvpBpkValueAttr.split(":"); if (spitted.length == 2) { - log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.BPK_FRIENDLY_NAME); + log.debug("Find PVP-Attr: " + PvpAttributeDefinitions.BPK_FRIENDLY_NAME); return spitted[1]; - - } else if (spitted.length > 2) { - log.warn("Attribute " + PVPAttributeDefinitions.BPK_NAME + log.warn("Attribute " + PvpAttributeDefinitions.BPK_NAME + " has a wrong encoding and can NOT be USED!" + " Value:" + pvpBpkValueAttr); return null; } else { - log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.BPK_FRIENDLY_NAME + log.debug("Find PVP-Attr: " + PvpAttributeDefinitions.BPK_FRIENDLY_NAME + " without prefix. Use it as it is"); return spitted[0]; @@ -708,49 +706,52 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } /** - * Get bPK-Type from PVP Attribute 'EID_SECTOR_FOR_IDENTIFIER_NAME', which could be exist in - * MOASession as 'GenericData'. <br> + * Get bPK-Type from PVP Attribute 'EID_SECTOR_FOR_IDENTIFIER_NAME', which could + * be exist in MOASession as 'GenericData'. <br> * * <pre> * <code>session.getGenericDataFromSession(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class)</code> * </pre> * * @param session MOASession, but never null - * @return bPKType, which was received by PVP-Attribute, or <code>null</code> if no attribute - * exists + * @return bPKType, which was received by PVP-Attribute, or <code>null</code> if + * no attribute exists */ @Deprecated private String getBpkTypeFromPvpAttribute(final IAuthProcessDataContainer session) { final String pvpBpkTypeAttr = session.getGenericDataFromSession( - PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class); + PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class); if (StringUtils.isNotEmpty(pvpBpkTypeAttr)) { - // //fix a wrong bPK-Type encoding, which was used in some PVP Standardportal implementations + // //fix a wrong bPK-Type encoding, which was used in some PVP Standardportal + // implementations // if (pvpbPKTypeAttr.startsWith(EAAFConstants.URN_PREFIX_CDID) && // !pvpbPKTypeAttr.substring(EAAFConstants.URN_PREFIX_CDID.length(), // EAAFConstants.URN_PREFIX_CDID.length() + 1).equals("+")) { - // log.warn("Receive uncorrect encoded bBKType attribute " + pvpbPKTypeAttr + " Starting + // log.warn("Receive uncorrect encoded bBKType attribute " + pvpbPKTypeAttr + " + // Starting // attribute value correction ... "); // pvpbPKTypeAttr = EAAFConstants.URN_PREFIX_CDID + "+" + // pvpbPKTypeAttr.substring(EAAFConstants.URN_PREFIX_CDID.length() + 1); // // } log.debug( - "Find PVP-Attr: " + PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME); + "Find PVP-Attr: " + PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME); return pvpBpkTypeAttr; } return null; - /* - * INFO: This code could be used to extract the bPKType from 'PVPConstants.BPK_NAME', because - * the prefix of BPK_NAME attribute contains the postfix of the bPKType + * INFO: This code could be used to extract the bPKType from + * 'PVPConstants.BPK_NAME', because the prefix of BPK_NAME attribute contains + * the postfix of the bPKType * - * Now, all PVP Standardportals should be able to send 'EID_SECTOR_FOR_IDENTIFIER' PVP - * attributes + * Now, all PVP Standardportals should be able to send + * 'EID_SECTOR_FOR_IDENTIFIER' PVP attributes */ - // String pvpbPKValueAttr = session.getGenericDataFromSession(PVPConstants.BPK_NAME, + // String pvpbPKValueAttr = + // session.getGenericDataFromSession(PVPConstants.BPK_NAME, // String.class); // String[] spitted = pvpbPKValueAttr.split(":"); // if (MiscUtil.isEmpty(authData.getBPKType())) { diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java index 60c08253..a613bd56 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java @@ -16,8 +16,6 @@ * works that you distribute must include a readable copy of the "NOTICE" text file. */ - - package at.gv.egiz.eaaf.core.impl.idp.auth.builder; import java.security.InvalidKeyException; @@ -27,22 +25,26 @@ import java.security.PrivateKey; import java.security.PublicKey; import java.text.SimpleDateFormat; import java.util.Date; + import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; -import at.gv.egiz.eaaf.core.api.data.EAAFConstants; -import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; -import at.gv.egiz.eaaf.core.impl.data.Pair; + import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.util.Base64Utils; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; + /** * Builder for the bPK, as defined in - * <code>"Ableitung f¨r die bereichsspezifische Personenkennzeichnung"</code> version - * <code>1.0.1</code> from <code>"reference.e-government.gv.at"</code>. + * <code>"Ableitung f¨r die bereichsspezifische Personenkennzeichnung"</code> + * version <code>1.0.1</code> from + * <code>"reference.e-government.gv.at"</code>. * */ public class BpkBuilder { @@ -51,58 +53,60 @@ public class BpkBuilder { /** * Calculates an area specific unique person-identifier from a baseID. * - * @param baseID baseId from user but never null - * @param targetIdentifier target identifier for area specific identifier calculation but never - * null - * @return Pair consists of (unique person identifier for this target, targetArea) but never null + * @param baseID baseId from user but never null + * @param targetIdentifier target identifier for area specific identifier + * calculation but never null + * @return Pair consists of (unique person identifier for this target, + * targetArea) but never null * @throws EaafBuilderException if some input data are not valid */ public static Pair<String, String> generateAreaSpecificPersonIdentifier(final String baseID, final String targetIdentifier) throws EaafBuilderException { - return generateAreaSpecificPersonIdentifier(baseID, EAAFConstants.URN_PREFIX_BASEID, + return generateAreaSpecificPersonIdentifier(baseID, EaafConstants.URN_PREFIX_BASEID, targetIdentifier); } /** - * Calculates an area specific unique person-identifier from an unique identifier with a specific - * type. + * Calculates an area specific unique person-identifier from an unique + * identifier with a specific type. * - * @param baseID baseId from user but never null - * @param baseIdType Type of the baseID but never null - * @param targetIdentifier target identifier for area specific identifier calculation but never - * null - * @return Pair consists of (unique person identifier for this target, targetArea) but never null + * @param baseID baseId from user but never null + * @param baseIdType Type of the baseID but never null + * @param targetIdentifier target identifier for area specific identifier + * calculation but never null + * @return Pair consists of (unique person identifier for this target, + * targetArea) but never null * @throws EaafBuilderException if some input data are not valid */ public static Pair<String, String> generateAreaSpecificPersonIdentifier(final String baseID, final String baseIdType, final String targetIdentifier) throws EaafBuilderException { if (StringUtils.isEmpty(baseID)) { - throw new EaafBuilderException("builder.00", new Object[] {"baseID is empty or null"}, + throw new EaafBuilderException("builder.00", new Object[] { "baseID is empty or null" }, "BaseId is empty or null"); } if (StringUtils.isEmpty(baseIdType)) { throw new EaafBuilderException("builder.00", - new Object[] {"the type of baseID is empty or null"}, "Type of baseId is empty or null"); + new Object[] { "the type of baseID is empty or null" }, "Type of baseId is empty or null"); } if (StringUtils.isEmpty(targetIdentifier)) { throw new EaafBuilderException("builder.00", - new Object[] {"SP specific target identifier is empty or null"}, + new Object[] { "SP specific target identifier is empty or null" }, "SP specific target identifier is empty or null"); } - if (baseIdType.equals(EAAFConstants.URN_PREFIX_BASEID)) { + if (baseIdType.equals(EaafConstants.URN_PREFIX_BASEID)) { log.trace("Find baseID. Starting unique identifier caluclation for this target"); - if (targetIdentifier.startsWith(EAAFConstants.URN_PREFIX_CDID) - || targetIdentifier.startsWith(EAAFConstants.URN_PREFIX_WBPK)) { + if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_CDID) + || targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) { log.trace("Calculate bPK, wbPK, or STORK identifier for target: " + targetIdentifier); return Pair.newInstance(calculatebPKwbPK(baseID + "+" + targetIdentifier), targetIdentifier); - } else if (targetIdentifier.startsWith(EAAFConstants.URN_PREFIX_EIDAS)) { + } else if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_EIDAS)) { log.trace("Calculate eIDAS identifier for target: " + targetIdentifier); final String[] splittedTarget = targetIdentifier.split("\\+"); final String cititzenCountryCode = splittedTarget[1]; @@ -114,15 +118,14 @@ public class BpkBuilder { } return buildEidasIdentifer(baseID, baseIdType, cititzenCountryCode, eidasOutboundCountry); - } else { throw new EaafBuilderException("builder.00", - new Object[] {"Target identifier: " + targetIdentifier + " is NOT allowed or unknown"}, + new Object[] { "Target identifier: " + targetIdentifier + " is NOT allowed or unknown" }, "Target identifier: " + targetIdentifier + " is NOT allowed or unknown"); } } else { - log.trace("BaseID is not of type " + EAAFConstants.URN_PREFIX_BASEID + log.trace("BaseID is not of type " + EaafConstants.URN_PREFIX_BASEID + ". Check type against requested target ..."); if (baseIdType.equals(targetIdentifier)) { log.debug("Unique identifier is already area specific. Is nothing todo"); @@ -132,8 +135,8 @@ public class BpkBuilder { log.warn("Get unique identifier for target: " + baseIdType + " but target: " + targetIdentifier + " is required!"); throw new EaafBuilderException("builder.00", - new Object[] {"Get unique identifier for target: " + baseIdType + " but target: " - + targetIdentifier + " is required"}, + new Object[] { "Get unique identifier for target: " + baseIdType + " but target: " + + targetIdentifier + " is required" }, "Get unique identifier for target: " + baseIdType + " but target: " + targetIdentifier + " is required"); @@ -141,14 +144,15 @@ public class BpkBuilder { } } - /** * Builds the eIDAS from the given parameters. * - * @param baseId baseID of the citizen - * @param baseIdType Type of the baseID - * @param sourceCountry CountryCode of that country, which build the eIDAs ID - * @param destinationCountry CountryCode of that country, which receives the eIDAs ID + * @param baseId baseID of the citizen + * @param baseIdType Type of the baseID + * @param sourceCountry CountryCode of that country, which build the eIDAs + * ID + * @param destinationCountry CountryCode of that country, which receives the + * eIDAs ID * * @return Pair eIDAs/bPKType in a BASE64 encoding * @throws EaafBuilderException if some input data are not valid @@ -160,8 +164,8 @@ public class BpkBuilder { String bpkType = null; // check if we have been called by public sector application - if (baseIdType.startsWith(EAAFConstants.URN_PREFIX_BASEID)) { - bpkType = EAAFConstants.URN_PREFIX_EIDAS + sourceCountry + "+" + destinationCountry; + if (baseIdType.startsWith(EaafConstants.URN_PREFIX_BASEID)) { + bpkType = EaafConstants.URN_PREFIX_EIDAS + sourceCountry + "+" + destinationCountry; log.debug("Building eIDAS identification from: [identValue]+" + bpkType); bpk = calculatebPKwbPK(baseId + "+" + bpkType); @@ -173,9 +177,9 @@ public class BpkBuilder { if (StringUtils.isEmpty(bpk) || StringUtils.isEmpty(sourceCountry) || StringUtils.isEmpty(destinationCountry)) { throw new EaafBuilderException("builder.00", - new Object[] {"eIDAS-ID", + new Object[] { "eIDAS-ID", "Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland=" - + destinationCountry + ", Ursprungsland=" + sourceCountry}, + + destinationCountry + ", Ursprungsland=" + sourceCountry }, "eIDAS-ID: Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry); } @@ -189,8 +193,8 @@ public class BpkBuilder { /** * Create an encrypted bPK. * - * @param bpk unencrypted bPK - * @param target bPK target + * @param bpk unencrypted bPK + * @param target bPK target * @param publicKey Public-Key used for encryption * @return encrypted bPK * @throws EaafBuilderException In case of an error @@ -198,8 +202,8 @@ public class BpkBuilder { public static String encryptBpk(final String bpk, String target, final PublicKey publicKey) throws EaafBuilderException { final SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss"); - if (target.startsWith(EAAFConstants.URN_PREFIX_CDID)) { - target = target.substring(EAAFConstants.URN_PREFIX_CDID.length()); + if (target.startsWith(EaafConstants.URN_PREFIX_CDID)) { + target = target.substring(EaafConstants.URN_PREFIX_CDID.length()); } final String input = @@ -210,8 +214,8 @@ public class BpkBuilder { final byte[] inputBytes = input.getBytes("ISO-8859-1"); result = encrypt(inputBytes, publicKey); return new String(Base64Utils.encode(result), "ISO-8859-1").replaceAll("\r\n", ""); - // return new String(Base64Utils.encode(result, "ISO-8859-1")).replaceAll("\r\n", ""); - + // return new String(Base64Utils.encode(result, + // "ISO-8859-1")).replaceAll("\r\n", ""); } catch (final Exception e) { throw new EaafBuilderException("bPK encryption FAILED", null, e.getMessage(), e); @@ -223,8 +227,8 @@ public class BpkBuilder { * Decrypt an encrypted bPK. * * @param encryptedBpk encrypted bPK - * @param target bPK target - * @param privateKey private-key for decryption + * @param target bPK target + * @param privateKey private-key for decryption * @return bPK * @throws EaafBuilderException In case of an error */ @@ -232,7 +236,8 @@ public class BpkBuilder { final PrivateKey privateKey) throws EaafBuilderException { String decryptedString; try { - // byte[] encryptedBytes = Base64Utils.decode(encryptedBpk, false, "ISO-8859-1"); + // byte[] encryptedBytes = Base64Utils.decode(encryptedBpk, false, + // "ISO-8859-1"); final byte[] encryptedBytes = Base64Utils.decode(encryptedBpk.getBytes("ISO-8859-1")); final byte[] decryptedBytes = decrypt(encryptedBytes, privateKey); decryptedString = new String(decryptedBytes, "ISO-8859-1"); @@ -247,8 +252,8 @@ public class BpkBuilder { tmp = tmp.substring(tmp.indexOf("::") + 2); final String bPK = tmp.substring(0, tmp.indexOf("::")); - if (target.startsWith(EAAFConstants.URN_PREFIX_CDID + "+")) { - target = target.substring((EAAFConstants.URN_PREFIX_CDID + "+").length()); + if (target.startsWith(EaafConstants.URN_PREFIX_CDID + "+")) { + target = target.substring((EaafConstants.URN_PREFIX_CDID + "+").length()); } if (target.equals(sector)) { @@ -268,7 +273,7 @@ public class BpkBuilder { return hashBase64; } catch (final Exception ex) { - throw new EaafBuilderException("builder.00", new Object[] {"bPK/wbPK", ex.toString()}, + throw new EaafBuilderException("builder.00", new Object[] { "bPK/wbPK", ex.toString() }, ex.getMessage(), ex); } |