diff options
Diffstat (limited to 'eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp')
5 files changed, 489 insertions, 116 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java index 392ed9a9..a6bf247a 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java @@ -58,21 +58,27 @@ public class AuthenticationData implements IAuthData, Serializable { public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; private boolean isBaseIDTransferRestrication = true; - private Map<String, Object> genericDataStorate = new HashedMap<String, Object>(); + private final Map<String, Object> genericDataStorate = new HashedMap<String, Object>(); private String issuer; private Date issueInstant; - private String identificationValue; - private String identificationType; - private IIdentityLink identityLink = null; + @Deprecated private String identificationValue; + @Deprecated private String identificationType; + @Deprecated private IIdentityLink identityLink = null; private String familyName; private String givenName; private Date dateOfBirth; - private String bPK; - private String bPKType; - private List<Pair<String, String>> additionalBpks; + + private String encSourceId; + private String encSourceIdType; + + + + @Deprecated private String bPK; + @Deprecated private String bPKType; + @Deprecated private List<Pair<String, String>> additionalBpks; private String ccc = null; @@ -86,7 +92,7 @@ public class AuthenticationData implements IAuthData, Serializable { private String sessionIndex = null; private String nameID = null; private String nameIDFormat = null; - + public AuthenticationData() { this.issueInstant = new Date(); @@ -102,7 +108,7 @@ public class AuthenticationData implements IAuthData, Serializable { * * @param authIssuer */ - public void setAuthenticationIssuer(String authIssuer) { + public void setAuthenticationIssuer(final String authIssuer) { this.issuer = authIssuer; } @@ -114,8 +120,9 @@ public class AuthenticationData implements IAuthData, Serializable { } - public String getAuthenticationIssueInstantString() { - SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"); + @Override + public String getAuthenticationIssueInstantString() { + final SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"); f.setTimeZone(TimeZone.getTimeZone("UTC")); return f.format(this.issueInstant); @@ -126,7 +133,7 @@ public class AuthenticationData implements IAuthData, Serializable { * * @param date */ - public void setAuthenticationIssueInstant(Date date) { + public void setAuthenticationIssueInstant(final Date date) { this.issueInstant = date; } @@ -136,6 +143,8 @@ public class AuthenticationData implements IAuthData, Serializable { } + @Override + @Deprecated public String getBPK() { return bPK; } @@ -144,17 +153,20 @@ public class AuthenticationData implements IAuthData, Serializable { * Sets the bPK. * @param bPK The bPK to set */ - public void setBPK(String bPK) { + @Deprecated + public void setBPK(final String bPK) { this.bPK = bPK; } + @Override public Date getDateOfBirth() { return this.dateOfBirth; } + @Override public String getFormatedDateOfBirth() { - DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); + final DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); if (getDateOfBirth() != null) return pvpDateFormat.format(getDateOfBirth()); else @@ -163,26 +175,42 @@ public class AuthenticationData implements IAuthData, Serializable { } + @Override public String getFamilyName() { return this.familyName; } + @Override public String getGivenName() { return this.givenName; } + @Override + public String getEncryptedSourceId() { + return this.encSourceId; + } + @Override + public String getEncryptedSourceIdType() { + return this.encSourceIdType; + } + + @Override + @Deprecated public String getIdentificationValue() { return identificationValue; } + @Override + @Deprecated public String getIdentificationType() { return identificationType; } @Override + @Deprecated public IIdentityLink getIdentityLink() { return identityLink; } @@ -190,7 +218,8 @@ public class AuthenticationData implements IAuthData, Serializable { /** * @param identityLink the identityLink to set */ - public void setIdentityLink(IIdentityLink identityLink) { + @Deprecated + public void setIdentityLink(final IIdentityLink identityLink) { this.identityLink = identityLink; } @@ -198,19 +227,19 @@ public class AuthenticationData implements IAuthData, Serializable { * Sets the dateOfBirth. * @param dateOfBirth The dateOfBirth to set */ - public void setDateOfBirth(Date dateOfBirth) { + public void setDateOfBirth(final Date dateOfBirth) { this.dateOfBirth = dateOfBirth; } - public void setDateOfBirth(String dateOfBirth) { + public void setDateOfBirth(final String dateOfBirth) { try { if (StringUtils.isNotEmpty(dateOfBirth)) { - DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); + final DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); this.dateOfBirth = identityLinkFormat.parse(dateOfBirth); } - } catch (ParseException e) { + } catch (final ParseException e) { log.warn("Parse dateOfBirht from IdentityLink FAILED", e); } @@ -220,7 +249,7 @@ public class AuthenticationData implements IAuthData, Serializable { * Sets the familyName. * @param familyName The familyName to set */ - public void setFamilyName(String familyName) { + public void setFamilyName(final String familyName) { this.familyName = familyName; } @@ -228,7 +257,7 @@ public class AuthenticationData implements IAuthData, Serializable { * Sets the givenName. * @param givenName The givenName to set */ - public void setGivenName(String givenName) { + public void setGivenName(final String givenName) { this.givenName = givenName; } @@ -236,7 +265,8 @@ public class AuthenticationData implements IAuthData, Serializable { * Sets the identificationValue. * @param identificationValue The identificationValue to set */ - public void setIdentificationValue(String identificationValue) { + @Deprecated + public void setIdentificationValue(final String identificationValue) { this.identificationValue = identificationValue; } @@ -244,11 +274,14 @@ public class AuthenticationData implements IAuthData, Serializable { * Sets the identificationType. * @param identificationType The identificationType to set */ - public void setIdentificationType(String identificationType) { + @Deprecated + public void setIdentificationType(final String identificationType) { this.identificationType = identificationType; } + @Override + @Deprecated public String getBPKType() { return bPKType; } @@ -258,16 +291,19 @@ public class AuthenticationData implements IAuthData, Serializable { * * @param bPKType */ - public void setBPKType(String bPKType) { + @Deprecated + public void setBPKType(final String bPKType) { this.bPKType = bPKType; } + @Override public String getEIDASQAALevel() { return this.eIDASLoA; } + @Override public boolean isForeigner() { return this.foreigner; } @@ -278,7 +314,7 @@ public class AuthenticationData implements IAuthData, Serializable { * * @param true if the user is a foreigner, otherwise false */ - public void setForeigner(boolean foreigner) { + public void setForeigner(final boolean foreigner) { this.foreigner = foreigner; } @@ -293,7 +329,7 @@ public class AuthenticationData implements IAuthData, Serializable { * * @param true if a SSO was used, otherwise false */ - public void setSsoSession(boolean ssoSession) { + public void setSsoSession(final boolean ssoSession) { this.ssoSession = ssoSession; } @@ -303,10 +339,11 @@ public class AuthenticationData implements IAuthData, Serializable { * * @param ccc Two letter country code */ - public void setCiticenCountryCode(String ccc) { + public void setCiticenCountryCode(final String ccc) { this.ccc = ccc; } + @Override public String getSessionIndex() { return sessionIndex; } @@ -314,7 +351,7 @@ public class AuthenticationData implements IAuthData, Serializable { /** * @param sessionIndex the sessionIndex to set */ - public void setSessionIndex(String sessionIndex) { + public void setSessionIndex(final String sessionIndex) { this.sessionIndex = sessionIndex; } @@ -327,13 +364,14 @@ public class AuthenticationData implements IAuthData, Serializable { /** * @param nameID the nameID to set */ - public void setNameID(String nameID) { + public void setNameID(final String nameID) { this.nameID = nameID; } /** * @return the nameIDFormat */ + @Override public String getNameIDFormat() { return nameIDFormat; } @@ -341,13 +379,14 @@ public class AuthenticationData implements IAuthData, Serializable { /** * @param nameIDFormat the nameIDFormat to set */ - public void setNameIDFormat(String nameIDFormat) { + public void setNameIDFormat(final String nameIDFormat) { this.nameIDFormat = nameIDFormat; } /** * @return the ssoSessionValidTo */ + @Override public Date getSsoSessionValidTo() { return ssoSessionValidTo; } @@ -355,7 +394,7 @@ public class AuthenticationData implements IAuthData, Serializable { /** * @param ssoSessionValidTo the ssoSessionValidTo to set */ - public void setSsoSessionValidTo(Date ssoSessionValidTo) { + public void setSsoSessionValidTo(final Date ssoSessionValidTo) { this.ssoSessionValidTo = ssoSessionValidTo; } @@ -371,7 +410,7 @@ public class AuthenticationData implements IAuthData, Serializable { /** * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set */ - public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) { + public void setBaseIDTransferRestrication(final boolean isBaseIDTransferRestrication) { this.isBaseIDTransferRestrication = isBaseIDTransferRestrication; } @@ -382,19 +421,21 @@ public class AuthenticationData implements IAuthData, Serializable { * @param clazz The class type which is stored with this key * @return The data object or null if no data is found with this key */ - public <T> T getGenericData(String key, final Class<T> clazz) { + @Override + public <T> T getGenericData(final String key, final Class<T> clazz) { if (StringUtils.isNotEmpty(key)) { - Object data = genericDataStorate.get(key); + final Object data = genericDataStorate.get(key); if (data == null) return null; try { @SuppressWarnings("unchecked") + final T test = (T) data; return test; - } catch (Exception e) { + } catch (final Exception e) { log.warn("Generic authentication-data object can not be casted to requsted type", e); return null; @@ -414,7 +455,7 @@ public class AuthenticationData implements IAuthData, Serializable { * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage */ - public void setGenericData(String key, Object object) throws EAAFStorageException { + public void setGenericData(final String key, final Object object) throws EAAFStorageException { if (StringUtils.isEmpty(key)) { log.info("Generic session-data can not be stored with a 'null' key"); throw new EAAFStorageException("Generic data can not be stored with a 'null' key", null); @@ -437,27 +478,49 @@ public class AuthenticationData implements IAuthData, Serializable { genericDataStorate.put(key, object); } - public void seteIDASLoA(String eIDASLoA) { + public void seteIDASLoA(final String eIDASLoA) { this.eIDASLoA = eIDASLoA; } @Override + @Deprecated public List<Pair<String, String>> getAdditionalbPKs() { return this.additionalBpks; } /** + * Set the encrypted SourceId for current authenticated user + * + * @param encSourceId + */ + public void setEncSourceId(final String encSourceId) { + this.encSourceId = encSourceId; + } + + /** + * Set the type identifier of the encrypted SourceId + * + * @param encSourceIdType + */ + public void setEncSourceIdType(final String encSourceIdType) { + this.encSourceIdType = encSourceIdType; + } + + + + /** * Add an additional bPK Pair<bPK, bPKType> into authdata * * @param bPK Pair<bPK, bPKType> */ - public void addAdditionalbPKPair(Pair<String, String> bPK) { + @Deprecated + public void addAdditionalbPKPair(final Pair<String, String> bPK) { if (this.additionalBpks == null) { this.additionalBpks = new ArrayList<Pair<String, String>>(); } this.additionalBpks.add(bPK); - } + } } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java index f578afd8..2482d65f 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java @@ -36,6 +36,8 @@ import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.lang.NonNull; +import org.springframework.util.Assert; import org.springframework.util.Base64Utils; import org.w3c.dom.DOMException; import org.w3c.dom.Element; @@ -43,18 +45,23 @@ import org.w3c.dom.Node; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions; import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.EAAFParserException; import at.gv.egiz.eaaf.core.exceptions.XPathException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; @@ -67,7 +74,221 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati protected Collection<String> includedToGenericAuthData = null; @Autowired protected IConfiguration basicConfig; - protected void generateBasicAuthData(AuthenticationData authData, IRequest pendingReq, + @Override + public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException { + IAuthData authData = null; + final IAuthProcessDataContainer authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + + try { + if (authProcessData.isEIDProcess()) { + log.debug("Building AuthData from new E-ID information ... "); + authData = getAuthDataInstance(pendingReq); + Assert.notNull(authData, "AuthData is null"); + + log.trace("Adding generic AuthData information ... "); + buildInternalAuthDataGeneric(authData, authProcessData, pendingReq); + + log.trace("Build service-specific AuthData information ... "); + buildServiceSpecificAuthenticationData(authData, pendingReq); + + } else { + log.info("User authentication uses the deprecated. Building AuthData from deprecated information ... "); + authData = buildDeprecatedAuthData(pendingReq); + Assert.notNull(authData, "AuthData is null"); + + } + + + } catch (XPathException | DOMException | EAAFException e) { + log.warn("Can not build authentication data from auth. process information"); + throw new EAAFAuthenticationException("builder.11", new Object[]{e.getMessage()}, e); + + } + + log.trace("AuthData generation finished"); + return authData; + + } + + /** + * * @param pendingReq current pendingRequest + * + * @param pendingReq current pendingRequest + * @return {@link IAuthData} but never <code>null</code> + * @throws EAAFException + */ + @NonNull + abstract protected IAuthData getAuthDataInstance(IRequest pendingReq) throws EAAFException; + + /** + * Build service-specific AuthData by using information from E-ID + * This builder uses vSZ, MDS and Consent as input information + * + * @param pendingReq current pendingRequest + * @return {@link IAuthData} but never <code>null</code> + * @throws EAAFException + */ + abstract protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) throws EAAFException; + + + /** + * Add generic E-ID information into already existing AuthData + * + * @param authData + * @param authProcessData + * @param pendingReq + */ + private void buildInternalAuthDataGeneric(@NonNull IAuthData authData, + @NonNull IAuthProcessDataContainer authProcessData, @NonNull IRequest pendingReq) { + Assert.notNull(pendingReq, "PendingRequest is null"); + Assert.notNull(authData, "AuthData is null"); + Assert.notNull(authProcessData, "AuthProcessData is null"); + + if (!(authData instanceof AuthenticationData)) { + log.error("AuthData has no suitable type! Requires: {}", AuthenticationData.class.getName()); + throw new RuntimeException("AuthData has no suitable type! Requires: " + AuthenticationData.class.getName()); + + } + + final AuthenticationData internalAuthData = (AuthenticationData)authData; + + //TODO: check if it is needed +// if (authProcessData.getGenericSessionDataStorage() != null && +// !authProcessData.getGenericSessionDataStorage().isEmpty()) +// includedToGenericAuthData = authProcessData.getGenericSessionDataStorage().keySet(); +// else + includedToGenericAuthData = new ArrayList<String>(); + + //#################################################### + //set general authData info's + internalAuthData.setAuthenticationIssuer(pendingReq.getAuthURL()); + internalAuthData.setSsoSession(pendingReq.needSingleSignOnFunctionality()); + internalAuthData.setBaseIDTransferRestrication(pendingReq.getServiceProviderConfiguration().hasBaseIdTransferRestriction()); + + //#################################################### + //set MDS and vSZ + internalAuthData.setFamilyName(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.PRINCIPAL_NAME_NAME, String.class)); + internalAuthData.setGivenName(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.GIVEN_NAME_NAME, String.class)); + internalAuthData.setDateOfBirth(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.BIRTHDATE_NAME, String.class)); + internalAuthData.setEncSourceId(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.EID_ENCRYPTED_SOURCEID_NAME, String.class)); + internalAuthData.setEncSourceIdType(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.EID_ENCRYPTED_SOURCEID_TYPE_NAME, String.class)); + + + //#################################################### + //set QAA level + setQAALevel(internalAuthData, authProcessData, pendingReq); + + + //#################################################### + //set isForeigner flag + setFlagForeigner(internalAuthData, authProcessData, pendingReq); + + + //#################################################### + //set citizen country-code + setCitizenCountryCode(internalAuthData, authProcessData, pendingReq); + + } + + /** + * Parse citzen country-code into AuthData + * + * @param internalAuthData + * @param authProcessData + * @param pendingReq + */ + private void setCitizenCountryCode(AuthenticationData authData, IAuthProcessDataContainer authProcessData, + IRequest pendingReq) { + includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_ISSUING_NATION_NAME); + final String pvpCCCAttr = authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class); + if (StringUtils.isNotEmpty(pvpCCCAttr)) { + authData.setCiticenCountryCode(pvpCCCAttr); + log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME); + + } else { + if (authData.isForeigner()) { + //TODO!!!! + + } else { + authData.setCiticenCountryCode(basicConfig.getBasicConfiguration( + IConfiguration.CONFIG_PROPS_AUTH_DEFAULT_COUNTRYCODE, + EAAFConstants.COUNTRYCODE_AUSTRIA)); + + } + } + + } + + /** + * parse QAA Level into AuthData + * + * @param authData + * @param authProcessData + * @param pendingReq + */ + private void setQAALevel(@NonNull AuthenticationData authData, + @NonNull IAuthProcessDataContainer authProcessData, @NonNull IRequest pendingReq) { + includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME); + String currentLoA = null; + if (StringUtils.isNotEmpty(authProcessData.getQAALevel())) + currentLoA = authProcessData.getQAALevel(); + else { + currentLoA = authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, String.class); + if (StringUtils.isNotEmpty(currentLoA)) { + log.debug("Find PVP-Attr '" + PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA + + " --> Parse QAA-Level from that attribute."); + + } + } + if (StringUtils.isNotEmpty(currentLoA)) { + if (currentLoA.startsWith(EAAFConstants.EIDAS_LOA_PREFIX)) { + authData.seteIDASLoA(currentLoA); + + } else + log.info("Only eIDAS LoAs are supported by this implementation"); + + } else { + log.info("No QAA level found. Set to default level " + EAAFConstants.EIDAS_LOA_LOW); + authData.seteIDASLoA(EAAFConstants.EIDAS_LOA_LOW); + + } + + } + + /** + * Parse Foreigner information into AuthData + * + * @param authData + * @param authProcessData + * @param pendingReq + */ + private void setFlagForeigner(AuthenticationData authData, IAuthProcessDataContainer authProcessData, IRequest pendingReq) { + //TODO: change to new eIDAS-token attribute identifier + if (authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_STORK_TOKEN_NAME) != null) { + log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_STORK_TOKEN_FRIENDLY_NAME + + " --> Set 'isForeigner' flag to TRUE"); + authData.setForeigner(true); + + } else { + authData.setForeigner(authProcessData.isForeigner()); + + } + } + + /** + * Build authentication data by using information from citizen-card or mobile-phone signature + * This builder uses IdentityLink, AuthBlock, full MIS mandate as input information + * + * @param pendingReq current pendingRequest + * @return {@link IAuthData} but never <code>null</code> + * @throws EAAFException + */ + @Deprecated + @NonNull + abstract protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EAAFException; + + @Deprecated + protected void generateDeprecatedBasicAuthData(AuthenticationData authData, IRequest pendingReq, IAuthProcessDataContainer authProcessData) throws EAAFBuilderException, EAAFConfigurationException, XPathException, DOMException, EAAFParserException { if (authProcessData.getGenericSessionDataStorage() != null && @@ -86,13 +307,13 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati //#################################################### //parse user info's from identityLink IIdentityLink idlFromPVPAttr = null; - IIdentityLink identityLink = authProcessData.getIdentityLink(); + final IIdentityLink identityLink = authProcessData.getIdentityLink(); if (identityLink != null) { parseBasicUserInfosFromIDL(authData, identityLink, includedToGenericAuthData); } else { // identityLink is not direct in MOASession - String pvpAttrIDL = authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_IDENTITY_LINK_NAME, String.class); + final String pvpAttrIDL = authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_IDENTITY_LINK_NAME, String.class); //find PVP-Attr. which contains the IdentityLink if (StringUtils.isNotEmpty(pvpAttrIDL)) { log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_IDENTITY_LINK_FRIENDLY_NAME @@ -106,10 +327,10 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati //set identitylink into AuthProcessData authProcessData.setIdentityLink(idlFromPVPAttr);; - } catch (EAAFParserException e) { + } catch (final EAAFParserException e) { log.warn("Received IdentityLink is not valid", e); - } catch (Exception e) { + } catch (final Exception e) { log.warn("Received IdentityLink is not valid", e); } finally { @@ -118,7 +339,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati if (idlStream != null) idlStream.close(); - } catch (IOException e) { + } catch (final IOException e) { log.warn("Close InputStream FAILED.", e); } @@ -154,72 +375,27 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati authData.setIdentificationType(null); } + //#################################################### //set QAA level - includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME); - String currentLoA = null; - if (StringUtils.isNotEmpty(authProcessData.getQAALevel())) - currentLoA = authProcessData.getQAALevel(); - else { - currentLoA = authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, String.class); - if (StringUtils.isNotEmpty(currentLoA)) { - log.debug("Find PVP-Attr '" + PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA - + " --> Parse QAA-Level from that attribute."); - - } - } - if (StringUtils.isNotEmpty(currentLoA)) { - if (currentLoA.startsWith(EAAFConstants.EIDAS_LOA_PREFIX)) { - authData.seteIDASLoA(currentLoA); - - } else - log.info("Only eIDAS LoAs are supported by this implementation"); - - } else { - log.info("No QAA level found. Set to default level " + EAAFConstants.EIDAS_LOA_LOW); - authData.seteIDASLoA(EAAFConstants.EIDAS_LOA_LOW); + setQAALevel(authData, authProcessData, pendingReq); - } //#################################################### - //set isForeigner flag - //TODO: change to new eIDAS-token attribute identifier - if (authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_STORK_TOKEN_NAME) != null) { - log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_STORK_TOKEN_FRIENDLY_NAME - + " --> Set 'isForeigner' flag to TRUE"); - authData.setForeigner(true); - - } else { - authData.setForeigner(authProcessData.isForeigner()); - - } + //set isForeigner flag + setFlagForeigner(authData, authProcessData, pendingReq); + //#################################################### //set citizen country-code - includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_ISSUING_NATION_NAME); - String pvpCCCAttr = authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class); - if (StringUtils.isNotEmpty(pvpCCCAttr)) { - authData.setCiticenCountryCode(pvpCCCAttr); - log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME); - - } else { - if (authData.isForeigner()) { - //TODO!!!! - - } else { - authData.setCiticenCountryCode(basicConfig.getBasicConfiguration( - IConfiguration.CONFIG_PROPS_AUTH_DEFAULT_COUNTRYCODE, - EAAFConstants.COUNTRYCODE_AUSTRIA)); - - } - } + setCitizenCountryCode(authData, authProcessData, pendingReq); //#################################################### // set bPK and IdentityLink - String pvpbPKValue = getbPKValueFromPVPAttribute(authProcessData); - String pvpbPKTypeAttr = getbPKTypeFromPVPAttribute(authProcessData); - Pair<String, String> pvpEncbPKAttr = getEncryptedbPKFromPVPAttribute(authProcessData, authData, pendingReq.getServiceProviderConfiguration()); + final String pvpbPKValue = getbPKValueFromPVPAttribute(authProcessData); + final String pvpbPKTypeAttr = getbPKTypeFromPVPAttribute(authProcessData); + final Pair<String, String> pvpEncbPKAttr = getEncryptedbPKFromPVPAttribute(authProcessData, authData, pendingReq.getServiceProviderConfiguration()); //check if a unique ID for this citizen exists if (StringUtils.isEmpty(authData.getIdentificationValue()) && @@ -250,7 +426,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati // baseID is in AuthSesson --> calculate bPK directly } else if (StringUtils.isNotEmpty(authData.getIdentificationValue())) { log.debug("Citizen baseID is in MOASession --> calculate bPK from this."); - Pair<String, String> result = buildOAspecificbPK(pendingReq, authData); + final Pair<String, String> result = buildOAspecificbPK(pendingReq, authData); authData.setBPK(result.getFirst()); authData.setBPKType(result.getSecond()); @@ -276,12 +452,12 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } } - Pair<String, String> baseIDFromSZR = getbaseIDFromSZR(authData, notValidbPK, notValidbPKType); + final Pair<String, String> baseIDFromSZR = getbaseIDFromSZR(authData, notValidbPK, notValidbPKType); if (baseIDFromSZR != null) { log.info("Receive citizen baseID from SRZ. Authentication can be completed"); authData.setIdentificationValue(baseIDFromSZR.getFirst()); authData.setIdentificationType(baseIDFromSZR.getSecond()); - Pair<String, String> result = buildOAspecificbPK(pendingReq, authData); + final Pair<String, String> result = buildOAspecificbPK(pendingReq, authData); authData.setBPK(result.getFirst()); authData.setBPKType(result.getSecond()); @@ -310,24 +486,26 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } //extract a encrypted bPK from PVP attrobute + @Deprecated protected abstract Pair<String, String> getEncryptedbPKFromPVPAttribute(IAuthProcessDataContainer authProcessDataContainer, AuthenticationData authData, ISPConfiguration spConfig) throws EAAFBuilderException; //request baseId from SRZ + @Deprecated protected abstract Pair<String, String> getbaseIDFromSZR(AuthenticationData authData, String notValidbPK, String notValidbPKType); - + @Deprecated protected Pair<String, String> buildOAspecificbPK(IRequest pendingReq, AuthenticationData authData) throws EAAFBuilderException { - ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration(); + final ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration(); - String baseID = authData.getIdentificationValue(); - String baseIDType = authData.getIdentificationType(); + final String baseID = authData.getIdentificationValue(); + final String baseIDType = authData.getIdentificationType(); Pair<String, String> sectorSpecId = null; if (EAAFConstants.URN_PREFIX_BASEID.equals(baseIDType)) { //SAML1 legacy target parameter work-around - String spTargetId = oaParam.getAreaSpecificTargetIdentifier(); + final String spTargetId = oaParam.getAreaSpecificTargetIdentifier(); log.debug("Use OA target identifier '" + spTargetId + "' from configuration"); //calculate sector specific unique identifier @@ -344,18 +522,19 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } + @Deprecated protected IIdentityLink buildOAspecificIdentityLink(ISPConfiguration spConfig, IIdentityLink idl, String bPK, String bPKType) throws EAAFConfigurationException, XPathException, DOMException, EAAFParserException { if (spConfig.hasBaseIdTransferRestriction()) { log.debug("SP: " + spConfig.getUniqueIdentifier() + " has baseId transfer restriction. Remove baseId from IDL ..."); - Element idlassertion = idl.getSamlAssertion(); + final Element idlassertion = idl.getSamlAssertion(); //set bpk/wpbk; - Node prIdentification = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); + final Node prIdentification = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); prIdentification.getFirstChild().setNodeValue(bPK); //set bkp/wpbk type - Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); + final Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); prIdentificationType.getFirstChild().setNodeValue(bPKType); - SimpleIdentityLinkAssertionParser idlparser = new SimpleIdentityLinkAssertionParser(idlassertion); + final SimpleIdentityLinkAssertionParser idlparser = new SimpleIdentityLinkAssertionParser(idlassertion); return idlparser.parseIdentityLink(); } else @@ -371,6 +550,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati * @param bPKType bPK-Type to check * @return true, if bPK-Type matchs to Service-Provider configuration, otherwise false */ + @Deprecated private boolean matchsReceivedbPKToOnlineApplication(ISPConfiguration oaParam, String bPKType) { return oaParam.getAreaSpecificTargetIdentifier().equals(bPKType); @@ -383,6 +563,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati * @param identityLink * @param includedGenericSessionData */ + @Deprecated private void parseBasicUserInfosFromIDL(AuthenticationData authData, IIdentityLink identityLink, Collection<String> includedGenericSessionData) { authData.setIdentificationValue(identityLink.getIdentificationValue()); authData.setIdentificationType(identityLink.getIdentificationType()); @@ -422,6 +603,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati * @param session MOASession, but never null * @return bPK, which was received by PVP-Attribute, or <code>null</code> if no attribute exists */ + @Deprecated private String getbPKValueFromPVPAttribute(IAuthProcessDataContainer session) { String pvpbPKValueAttr = session.getGenericDataFromSession(PVPAttributeDefinitions.BPK_NAME, String.class); if (StringUtils.isNotEmpty(pvpbPKValueAttr)) { @@ -434,7 +616,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } - String[] spitted = pvpbPKValueAttr.split(":"); + final String[] spitted = pvpbPKValueAttr.split(":"); if (spitted.length == 2) { log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.BPK_FRIENDLY_NAME); return spitted[1]; @@ -464,8 +646,9 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati * @param session MOASession, but never null * @return bPKType, which was received by PVP-Attribute, or <code>null</code> if no attribute exists */ + @Deprecated private String getbPKTypeFromPVPAttribute(IAuthProcessDataContainer session) { - String pvpbPKTypeAttr = session.getGenericDataFromSession(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class); + final String pvpbPKTypeAttr = session.getGenericDataFromSession(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class); if (StringUtils.isNotEmpty(pvpbPKTypeAttr)) { // //fix a wrong bPK-Type encoding, which was used in some PVP Standardportal implementations diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java index 93fbcc91..e096b8e6 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java @@ -173,6 +173,17 @@ public class AuthProcessDataWrapper implements IAuthProcessDataContainer, EAAFAu } + @Override + public boolean isEIDProcess() { + return wrapStringObject(FLAG_IS_NEW_EID_PROCESS, false, Boolean.class); + } + + @Override + public void setEIDProcess(boolean value) { + authProcessData.put(FLAG_IS_NEW_EID_PROCESS, value); + + } + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionCreated() */ @@ -186,8 +197,8 @@ public class AuthProcessDataWrapper implements IAuthProcessDataContainer, EAAFAu */ @Override public Map<String, Object> getGenericSessionDataStorage() { - Map<String, Object> result = new HashMap<String, Object>(); - for (String el : authProcessData.keySet()) { + final Map<String, Object> result = new HashMap<String, Object>(); + for (final String el : authProcessData.keySet()) { if (el.startsWith(GENERIC_PREFIX)) result.put(el.substring(GENERIC_PREFIX.length()), authProcessData.get(el)); @@ -223,7 +234,7 @@ public class AuthProcessDataWrapper implements IAuthProcessDataContainer, EAAFAu protected <T> T wrapStringObject(String key, Object defaultValue, Class<T> clazz) { if (StringUtils.isNotEmpty(key)) { - Object obj = authProcessData.get(key); + final Object obj = authProcessData.get(key); if (obj != null && clazz.isInstance(obj)) return (T) obj; } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEncryptedSourceIdAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEncryptedSourceIdAttributeBuilder.java new file mode 100644 index 00000000..3fbdaf66 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEncryptedSourceIdAttributeBuilder.java @@ -0,0 +1,58 @@ +/******************************************************************************* + * Copyright 2019 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; + +public class EIDEncryptedSourceIdAttributeBuilder implements IAttributeBuilder, ExtendedPVPAttributeDefinitions { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + return g.buildStringAttribute(getFriendlyName(), getName(), authData.getEncryptedSourceId()); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(getFriendlyName(), getName()); + + } + + @Override + public String getName() { + return EID_ENCRYPTED_SOURCEID_NAME; + } + + private String getFriendlyName() { + return EID_ENCRYPTED_SOURCEID_FRIENDLY_NAME; + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEncryptedSourceIdTypeAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEncryptedSourceIdTypeAttributeBuilder.java new file mode 100644 index 00000000..440ccf59 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEncryptedSourceIdTypeAttributeBuilder.java @@ -0,0 +1,58 @@ +/******************************************************************************* + * Copyright 2019 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; + +public class EIDEncryptedSourceIdTypeAttributeBuilder implements IAttributeBuilder, ExtendedPVPAttributeDefinitions { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + return g.buildStringAttribute(getFriendlyName(), getName(), authData.getEncryptedSourceIdType()); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(getFriendlyName(), getName()); + + } + + @Override + public String getName() { + return EID_ENCRYPTED_SOURCEID_TYPE_NAME; + } + + private String getFriendlyName() { + return EID_ENCRYPTED_SOURCEID_TYPE_FRIENDLY_NAME; + } + +} |