summaryrefslogtreecommitdiff
path: root/eaaf_core/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_core/src/main/java')
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPVPAttributeDefinitions.java8
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ILoALevelMapper.java12
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java71
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/EAAFAuthProcessDataConstants.java5
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java98
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java16
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFBuilderException.java2
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java141
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java331
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java17
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEncryptedSourceIdAttributeBuilder.java58
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEncryptedSourceIdTypeAttributeBuilder.java58
12 files changed, 622 insertions, 195 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPVPAttributeDefinitions.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPVPAttributeDefinitions.java
index d5ebbd51..62242799 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPVPAttributeDefinitions.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPVPAttributeDefinitions.java
@@ -38,4 +38,12 @@ public interface ExtendedPVPAttributeDefinitions extends PVPAttributeDefinitions
public static final String SP_USESMANDATES_NAME = "http://eid.gv.at/eID/attributes/ServiceProviderMandateProfiles";
public static final String SP_USESMANDATES_FRIENDLY_NAME = "ServiceProvider-MandateProfiles";
+ /* Attributes for E-ID */
+ public static final String EID_ENCRYPTED_SOURCEID_NAME = "http://eid.gv.at/eID/attributes/vsz/value";
+ public static final String EID_ENCRYPTED_SOURCEID_FRIENDLY_NAME = "vSZ";
+
+ public static final String EID_ENCRYPTED_SOURCEID_TYPE_NAME = "http://eid.gv.at/eID/attributes/vsz/type";
+ public static final String EID_ENCRYPTED_SOURCEID_TYPE_FRIENDLY_NAME = "vSZ-Type";
+
+
}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ILoALevelMapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ILoALevelMapper.java
index 759f4ce0..ed79dc60 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ILoALevelMapper.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ILoALevelMapper.java
@@ -40,7 +40,17 @@ public interface ILoALevelMapper {
* Map an arbitrary QAA level to PVP SecClass
*
* @param qaa, but not null
- * @return An PVP SecClass if there is a mapping, otherwise null
+ * @return A PVP SecClass if there is a mapping, otherwise null
*/
public String mapToSecClass(String qaa);
+
+
+ /**
+ * Map an an arbitrary eIDAS LoA to STORK QAA Level
+ *
+ * @param eidasqaaLevel
+ * @return A STORK QAA level
+ */
+ @Deprecated
+ public String mapeIDASQAAToSTORKQAA(String eidasqaaLevel);
}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java
index e7e9844a..2a92e5f3 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java
@@ -33,7 +33,7 @@ public interface PVPAttributeDefinitions {
public static final String PVP_VERSION_OID = "1.2.40.0.10.2.1.1.261.10";
public static final String PVP_VERSION_NAME = URN_OID_PREFIX + PVP_VERSION_OID;
public static final String PVP_VERSION_FRIENDLY_NAME = "PVP-VERSION";
- public static final String PVP_VERSION_2_1 = "2.1";
+ public static final String PVP_VERSION_2_1 = "2.2";
public static final String SECCLASS_OID = "1.2.40.0.10.2.1.1.261.110";
@@ -144,25 +144,30 @@ public interface PVPAttributeDefinitions {
public static final String EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME = "EID-SECTOR-FOR-IDENTIFIER";
public static final int EID_SECTOR_FOR_IDENTIFIER_MAX_LENGTH = 255;
- public static final String EID_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.36";
- public static final String EID_SOURCE_PIN_NAME = URN_OID_PREFIX + EID_SOURCE_PIN_OID;
- public static final String EID_SOURCE_PIN_FRIENDLY_NAME = "EID-SOURCE-PIN";
- public static final int EID_SOURCE_PIN_MAX_LENGTH = 128;
+ @Deprecated public static final String EID_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.36";
+ @Deprecated public static final String EID_SOURCE_PIN_NAME = URN_OID_PREFIX + EID_SOURCE_PIN_OID;
+ @Deprecated public static final String EID_SOURCE_PIN_FRIENDLY_NAME = "EID-SOURCE-PIN";
+ @Deprecated public static final int EID_SOURCE_PIN_MAX_LENGTH = 128;
- public static final String EID_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.104";
- public static final String EID_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + EID_SOURCE_PIN_TYPE_OID;
- public static final String EID_SOURCE_PIN_TYPE_FRIENDLY_NAME = "EID-SOURCE-PIN-TYPE";
- public static final int EID_SOURCE_PIN_TYPE_MAX_LENGTH = 128;
+ @Deprecated public static final String EID_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.104";
+ @Deprecated public static final String EID_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + EID_SOURCE_PIN_TYPE_OID;
+ @Deprecated public static final String EID_SOURCE_PIN_TYPE_FRIENDLY_NAME = "EID-SOURCE-PIN-TYPE";
+ @Deprecated public static final int EID_SOURCE_PIN_TYPE_MAX_LENGTH = 128;
- public static final String EID_IDENTITY_LINK_OID = "1.2.40.0.10.2.1.1.261.38";
- public static final String EID_IDENTITY_LINK_NAME = URN_OID_PREFIX + EID_IDENTITY_LINK_OID;
- public static final String EID_IDENTITY_LINK_FRIENDLY_NAME = "EID-IDENTITY-LINK";
- public static final int EID_IDENTITY_LINK_MAX_LENGTH = 32767;
+ @Deprecated public static final String EID_IDENTITY_LINK_OID = "1.2.40.0.10.2.1.1.261.38";
+ @Deprecated public static final String EID_IDENTITY_LINK_NAME = URN_OID_PREFIX + EID_IDENTITY_LINK_OID;
+ @Deprecated public static final String EID_IDENTITY_LINK_FRIENDLY_NAME = "EID-IDENTITY-LINK";
+ @Deprecated public static final int EID_IDENTITY_LINK_MAX_LENGTH = 32767;
- public static final String EID_AUTH_BLOCK_OID = "1.2.40.0.10.2.1.1.261.62";
- public static final String EID_AUTH_BLOCK_NAME = URN_OID_PREFIX + EID_AUTH_BLOCK_OID;
- public static final String EID_AUTH_BLOCK_FRIENDLY_NAME = "EID-AUTH-BLOCK";
- public static final int EID_AUTH_BLOCK_MAX_LENGTH = 32767;
+ public static final String EID_E_ID_TOKEN_OID = "1.2.40.0.10.2.1.1.261.39";
+ public static final String EID_E_ID_TOKEN_NAME = URN_OID_PREFIX + EID_E_ID_TOKEN_OID;
+ public static final String EID_E_ID_TOKEN_FRIENDLY_NAME = "EID-E-ID-TOKEN";
+ public static final int EID_E_ID_TOKEN_MAX_LENGTH = 32767;
+
+ @Deprecated public static final String EID_AUTH_BLOCK_OID = "1.2.40.0.10.2.1.1.261.62";
+ @Deprecated public static final String EID_AUTH_BLOCK_NAME = URN_OID_PREFIX + EID_AUTH_BLOCK_OID;
+ @Deprecated public static final String EID_AUTH_BLOCK_FRIENDLY_NAME = "EID-AUTH-BLOCK";
+ @Deprecated public static final int EID_AUTH_BLOCK_MAX_LENGTH = 32767;
public static final String EID_CCS_URL_OID = "1.2.40.0.10.2.1.1.261.64";
public static final String EID_CCS_URL_NAME = URN_OID_PREFIX + EID_CCS_URL_OID;
@@ -174,10 +179,10 @@ public interface PVPAttributeDefinitions {
public static final String EID_SIGNER_CERTIFICATE_FRIENDLY_NAME = "EID-SIGNER-CERTIFICATE";
public static final int EID_SIGNER_CERTIFICATE_MAX_LENGTH = 32767;
- public static final String EID_STORK_TOKEN_OID = "1.2.40.0.10.2.1.1.261.96";
- public static final String EID_STORK_TOKEN_NAME = URN_OID_PREFIX + EID_STORK_TOKEN_OID;
- public static final String EID_STORK_TOKEN_FRIENDLY_NAME = "EID-STORK-TOKEN";
- public static final int EID_STORK_TOKEN_MAX_LENGTH = 32767;
+ @Deprecated public static final String EID_STORK_TOKEN_OID = "1.2.40.0.10.2.1.1.261.96";
+ @Deprecated public static final String EID_STORK_TOKEN_NAME = URN_OID_PREFIX + EID_STORK_TOKEN_OID;
+ @Deprecated public static final String EID_STORK_TOKEN_FRIENDLY_NAME = "EID-STORK-TOKEN";
+ @Deprecated public static final int EID_STORK_TOKEN_MAX_LENGTH = 32767;
public static final String MANDATE_TYPE_OID = "1.2.40.0.10.2.1.1.261.68";
public static final String MANDATE_TYPE_NAME = URN_OID_PREFIX + MANDATE_TYPE_OID;
@@ -189,20 +194,20 @@ public interface PVPAttributeDefinitions {
public static final String MANDATE_TYPE_OID_FRIENDLY_NAME = "MANDATE-TYPE-OID";
public static final int MANDATE_TYPE_OID_MAX_LENGTH = 256;
- public static final String MANDATE_NAT_PER_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.70";
- public static final String MANDATE_NAT_PER_SOURCE_PIN_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_OID;
- public static final String MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN";
- public static final int MANDATE_NAT_PER_SOURCE_PIN_MAX_LENGTH = 128;
+ @Deprecated public static final String MANDATE_NAT_PER_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.70";
+ @Deprecated public static final String MANDATE_NAT_PER_SOURCE_PIN_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_OID;
+ @Deprecated public static final String MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN";
+ @Deprecated public static final int MANDATE_NAT_PER_SOURCE_PIN_MAX_LENGTH = 128;
public static final String MANDATE_LEG_PER_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.100";
public static final String MANDATE_LEG_PER_SOURCE_PIN_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_SOURCE_PIN_OID;
public static final String MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-SOURCE-PIN";
public static final int MANDATE_LEG_PER_SOURCE_PIN_MAX_LENGTH = 128;
- public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.102";
- public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID;
- public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN-TYPE";
- public static final int MANDATE_NAT_PER_SOURCE_PIN_TYPE_MAX_LENGTH = 128;
+ @Deprecated public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.102";
+ @Deprecated public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID;
+ @Deprecated public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN-TYPE";
+ @Deprecated public static final int MANDATE_NAT_PER_SOURCE_PIN_TYPE_MAX_LENGTH = 128;
public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.76";
public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_SOURCE_PIN_TYPE_OID;
@@ -259,10 +264,10 @@ public interface PVPAttributeDefinitions {
public static final String MANDATE_REFERENCE_VALUE_FRIENDLY_NAME = "MANDATE-REFERENCE-VALUE";
public static final int MANDATE_REFERENCE_VALUE_MAX_LENGTH = 100;
- public static final String MANDATE_FULL_MANDATE_OID = "1.2.40.0.10.2.1.1.261.92";
- public static final String MANDATE_FULL_MANDATE_NAME = URN_OID_PREFIX + MANDATE_FULL_MANDATE_OID;
- public static final String MANDATE_FULL_MANDATE_FRIENDLY_NAME = "MANDATE-FULL-MANDATE";
- public static final int MANDATE_FULL_MANDATE_MAX_LENGTH = 32767;
+ @Deprecated public static final String MANDATE_FULL_MANDATE_OID = "1.2.40.0.10.2.1.1.261.92";
+ @Deprecated public static final String MANDATE_FULL_MANDATE_NAME = URN_OID_PREFIX + MANDATE_FULL_MANDATE_OID;
+ @Deprecated public static final String MANDATE_FULL_MANDATE_FRIENDLY_NAME = "MANDATE-FULL-MANDATE";
+ @Deprecated public static final int MANDATE_FULL_MANDATE_MAX_LENGTH = 32767;
public static final String INVOICE_RECPT_ID_OID = "1.2.40.0.10.2.1.1.261.40";
public static final String INVOICE_RECPT_ID_NAME = URN_OID_PREFIX + INVOICE_RECPT_ID_OID;
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/EAAFAuthProcessDataConstants.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/EAAFAuthProcessDataConstants.java
index f13cd27e..7ce24cf4 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/EAAFAuthProcessDataConstants.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/EAAFAuthProcessDataConstants.java
@@ -36,10 +36,11 @@ public interface EAAFAuthProcessDataConstants {
public static final String FLAG_IS_FOREIGNER = "direct_flagIsForeigner";
public static final String FLAG_USE_MANDATE = "direct_flagUseMandate";
public static final String FLAG_IS_ORGANWALTER = "direct_flagOrganwalter";
+ public static final String FLAG_IS_NEW_EID_PROCESS = "direct_flagIsNewEID";
- public static final String VALUE_IDENTITYLINK = "direct_idl";
+ @Deprecated public static final String VALUE_IDENTITYLINK = "direct_idl";
public static final String VALUE_QAALEVEL = "direct_qaaLevel";
- public static final String VALUE_MISMANDATE = "direct_MIS_Mandate";
+ @Deprecated public static final String VALUE_MISMANDATE = "direct_MIS_Mandate";
}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java
index 7dcd643d..e9d86efa 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java
@@ -115,56 +115,19 @@ public interface IAuthData {
String getFormatedDateOfBirth();
/**
- * Get bPK of the user
- *
- * @return
- */
- @Deprecated
- String getBPK();
-
- /**
- * Get sector for user's bPK
- *
- *
- * @return Sector identifier with prefix
- */
- @Deprecated
- String getBPKType();
-
-
- /**
- * Get List of bPK/bPKType tuples for this service provider
- * @return List of Pairs<bPK, bPKType>
- */
- @Deprecated
- List<Pair<String, String>> getAdditionalbPKs();
-
- /**
- * Get baseId of this user
+ * Get the encrypted SourceId (vSZ) from new E-ID scheme
*
* @return
*/
- @Deprecated
- String getIdentificationValue();
+ String getEncryptedSourceId();
/**
- * Get type identifier of the baseId
- * By default, this type is urn:publicid:gv.at:baseid
+ * Get the type identifier of encrypted SourceId
*
* @return
*/
- @Deprecated
- String getIdentificationType();
-
-
- /**
- * Get the identityLink for the authenticated user
- *
- * @return IDL, or NULL if no IDL is available
- */
- @Deprecated
- IIdentityLink getIdentityLink();
-
+ String getEncryptedSourceIdType();
+
/**
* Return LoA for this user authentication
*
@@ -234,4 +197,55 @@ public interface IAuthData {
*/
public <T> T getGenericData(String key, final Class<T> clazz);
+
+ /**
+ * Get bPK of the user
+ *
+ * @return
+ */
+ @Deprecated
+ String getBPK();
+
+ /**
+ * Get sector for user's bPK
+ *
+ *
+ * @return Sector identifier with prefix
+ */
+ @Deprecated
+ String getBPKType();
+
+
+ /**
+ * Get List of bPK/bPKType tuples for this service provider
+ * @return List of Pairs<bPK, bPKType>
+ */
+ @Deprecated
+ List<Pair<String, String>> getAdditionalbPKs();
+
+ /**
+ * Get baseId of this user
+ *
+ * @return
+ */
+ @Deprecated
+ String getIdentificationValue();
+
+ /**
+ * Get type identifier of the baseId
+ * By default, this type is urn:publicid:gv.at:baseid
+ *
+ * @return
+ */
+ @Deprecated
+ String getIdentificationType();
+
+
+ /**
+ * Get the identityLink for the authenticated user
+ *
+ * @return IDL, or NULL if no IDL is available
+ */
+ @Deprecated
+ IIdentityLink getIdentityLink();
}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java
index 46dd3850..17ec6445 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java
@@ -79,6 +79,22 @@ public interface IAuthProcessDataContainer {
@Deprecated
void setIdentityLink(IIdentityLink identityLink);
+
+ /**
+ * Flag marks the authentication process as new E-ID process
+ *
+ * @return true if E-ID process, otherwise false
+ */
+ boolean isEIDProcess();
+
+
+ /**
+ * Set the flag to make the process as new E-ID process
+ *
+ * @param value true if new E-ID process, otherwise false
+ */
+ void setEIDProcess(boolean value);
+
/**
* Indicate that mandates was used in this auth. process
*
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFBuilderException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFBuilderException.java
index c3fc6b76..dc2b61f7 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFBuilderException.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFBuilderException.java
@@ -37,7 +37,7 @@ public class EAAFBuilderException extends EAAFException {
super(errorId, params);
}
- public EAAFBuilderException(String errorId, Object[] objects, String message, Exception ex) {
+ public EAAFBuilderException(String errorId, Object[] objects, String message, Throwable ex) {
super(errorId, objects, ex);
}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java
index 392ed9a9..a6bf247a 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java
@@ -58,21 +58,27 @@ public class AuthenticationData implements IAuthData, Serializable {
public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
private boolean isBaseIDTransferRestrication = true;
- private Map<String, Object> genericDataStorate = new HashedMap<String, Object>();
+ private final Map<String, Object> genericDataStorate = new HashedMap<String, Object>();
private String issuer;
private Date issueInstant;
- private String identificationValue;
- private String identificationType;
- private IIdentityLink identityLink = null;
+ @Deprecated private String identificationValue;
+ @Deprecated private String identificationType;
+ @Deprecated private IIdentityLink identityLink = null;
private String familyName;
private String givenName;
private Date dateOfBirth;
- private String bPK;
- private String bPKType;
- private List<Pair<String, String>> additionalBpks;
+
+ private String encSourceId;
+ private String encSourceIdType;
+
+
+
+ @Deprecated private String bPK;
+ @Deprecated private String bPKType;
+ @Deprecated private List<Pair<String, String>> additionalBpks;
private String ccc = null;
@@ -86,7 +92,7 @@ public class AuthenticationData implements IAuthData, Serializable {
private String sessionIndex = null;
private String nameID = null;
private String nameIDFormat = null;
-
+
public AuthenticationData() {
this.issueInstant = new Date();
@@ -102,7 +108,7 @@ public class AuthenticationData implements IAuthData, Serializable {
*
* @param authIssuer
*/
- public void setAuthenticationIssuer(String authIssuer) {
+ public void setAuthenticationIssuer(final String authIssuer) {
this.issuer = authIssuer;
}
@@ -114,8 +120,9 @@ public class AuthenticationData implements IAuthData, Serializable {
}
- public String getAuthenticationIssueInstantString() {
- SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
+ @Override
+ public String getAuthenticationIssueInstantString() {
+ final SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
f.setTimeZone(TimeZone.getTimeZone("UTC"));
return f.format(this.issueInstant);
@@ -126,7 +133,7 @@ public class AuthenticationData implements IAuthData, Serializable {
*
* @param date
*/
- public void setAuthenticationIssueInstant(Date date) {
+ public void setAuthenticationIssueInstant(final Date date) {
this.issueInstant = date;
}
@@ -136,6 +143,8 @@ public class AuthenticationData implements IAuthData, Serializable {
}
+ @Override
+ @Deprecated
public String getBPK() {
return bPK;
}
@@ -144,17 +153,20 @@ public class AuthenticationData implements IAuthData, Serializable {
* Sets the bPK.
* @param bPK The bPK to set
*/
- public void setBPK(String bPK) {
+ @Deprecated
+ public void setBPK(final String bPK) {
this.bPK = bPK;
}
+ @Override
public Date getDateOfBirth() {
return this.dateOfBirth;
}
+ @Override
public String getFormatedDateOfBirth() {
- DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
+ final DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
if (getDateOfBirth() != null)
return pvpDateFormat.format(getDateOfBirth());
else
@@ -163,26 +175,42 @@ public class AuthenticationData implements IAuthData, Serializable {
}
+ @Override
public String getFamilyName() {
return this.familyName;
}
+ @Override
public String getGivenName() {
return this.givenName;
}
+ @Override
+ public String getEncryptedSourceId() {
+ return this.encSourceId;
+ }
+ @Override
+ public String getEncryptedSourceIdType() {
+ return this.encSourceIdType;
+ }
+
+ @Override
+ @Deprecated
public String getIdentificationValue() {
return identificationValue;
}
+ @Override
+ @Deprecated
public String getIdentificationType() {
return identificationType;
}
@Override
+ @Deprecated
public IIdentityLink getIdentityLink() {
return identityLink;
}
@@ -190,7 +218,8 @@ public class AuthenticationData implements IAuthData, Serializable {
/**
* @param identityLink the identityLink to set
*/
- public void setIdentityLink(IIdentityLink identityLink) {
+ @Deprecated
+ public void setIdentityLink(final IIdentityLink identityLink) {
this.identityLink = identityLink;
}
@@ -198,19 +227,19 @@ public class AuthenticationData implements IAuthData, Serializable {
* Sets the dateOfBirth.
* @param dateOfBirth The dateOfBirth to set
*/
- public void setDateOfBirth(Date dateOfBirth) {
+ public void setDateOfBirth(final Date dateOfBirth) {
this.dateOfBirth = dateOfBirth;
}
- public void setDateOfBirth(String dateOfBirth) {
+ public void setDateOfBirth(final String dateOfBirth) {
try {
if (StringUtils.isNotEmpty(dateOfBirth)) {
- DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
+ final DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
this.dateOfBirth = identityLinkFormat.parse(dateOfBirth);
}
- } catch (ParseException e) {
+ } catch (final ParseException e) {
log.warn("Parse dateOfBirht from IdentityLink FAILED", e);
}
@@ -220,7 +249,7 @@ public class AuthenticationData implements IAuthData, Serializable {
* Sets the familyName.
* @param familyName The familyName to set
*/
- public void setFamilyName(String familyName) {
+ public void setFamilyName(final String familyName) {
this.familyName = familyName;
}
@@ -228,7 +257,7 @@ public class AuthenticationData implements IAuthData, Serializable {
* Sets the givenName.
* @param givenName The givenName to set
*/
- public void setGivenName(String givenName) {
+ public void setGivenName(final String givenName) {
this.givenName = givenName;
}
@@ -236,7 +265,8 @@ public class AuthenticationData implements IAuthData, Serializable {
* Sets the identificationValue.
* @param identificationValue The identificationValue to set
*/
- public void setIdentificationValue(String identificationValue) {
+ @Deprecated
+ public void setIdentificationValue(final String identificationValue) {
this.identificationValue = identificationValue;
}
@@ -244,11 +274,14 @@ public class AuthenticationData implements IAuthData, Serializable {
* Sets the identificationType.
* @param identificationType The identificationType to set
*/
- public void setIdentificationType(String identificationType) {
+ @Deprecated
+ public void setIdentificationType(final String identificationType) {
this.identificationType = identificationType;
}
+ @Override
+ @Deprecated
public String getBPKType() {
return bPKType;
}
@@ -258,16 +291,19 @@ public class AuthenticationData implements IAuthData, Serializable {
*
* @param bPKType
*/
- public void setBPKType(String bPKType) {
+ @Deprecated
+ public void setBPKType(final String bPKType) {
this.bPKType = bPKType;
}
+ @Override
public String getEIDASQAALevel() {
return this.eIDASLoA;
}
+ @Override
public boolean isForeigner() {
return this.foreigner;
}
@@ -278,7 +314,7 @@ public class AuthenticationData implements IAuthData, Serializable {
*
* @param true if the user is a foreigner, otherwise false
*/
- public void setForeigner(boolean foreigner) {
+ public void setForeigner(final boolean foreigner) {
this.foreigner = foreigner;
}
@@ -293,7 +329,7 @@ public class AuthenticationData implements IAuthData, Serializable {
*
* @param true if a SSO was used, otherwise false
*/
- public void setSsoSession(boolean ssoSession) {
+ public void setSsoSession(final boolean ssoSession) {
this.ssoSession = ssoSession;
}
@@ -303,10 +339,11 @@ public class AuthenticationData implements IAuthData, Serializable {
*
* @param ccc Two letter country code
*/
- public void setCiticenCountryCode(String ccc) {
+ public void setCiticenCountryCode(final String ccc) {
this.ccc = ccc;
}
+ @Override
public String getSessionIndex() {
return sessionIndex;
}
@@ -314,7 +351,7 @@ public class AuthenticationData implements IAuthData, Serializable {
/**
* @param sessionIndex the sessionIndex to set
*/
- public void setSessionIndex(String sessionIndex) {
+ public void setSessionIndex(final String sessionIndex) {
this.sessionIndex = sessionIndex;
}
@@ -327,13 +364,14 @@ public class AuthenticationData implements IAuthData, Serializable {
/**
* @param nameID the nameID to set
*/
- public void setNameID(String nameID) {
+ public void setNameID(final String nameID) {
this.nameID = nameID;
}
/**
* @return the nameIDFormat
*/
+ @Override
public String getNameIDFormat() {
return nameIDFormat;
}
@@ -341,13 +379,14 @@ public class AuthenticationData implements IAuthData, Serializable {
/**
* @param nameIDFormat the nameIDFormat to set
*/
- public void setNameIDFormat(String nameIDFormat) {
+ public void setNameIDFormat(final String nameIDFormat) {
this.nameIDFormat = nameIDFormat;
}
/**
* @return the ssoSessionValidTo
*/
+ @Override
public Date getSsoSessionValidTo() {
return ssoSessionValidTo;
}
@@ -355,7 +394,7 @@ public class AuthenticationData implements IAuthData, Serializable {
/**
* @param ssoSessionValidTo the ssoSessionValidTo to set
*/
- public void setSsoSessionValidTo(Date ssoSessionValidTo) {
+ public void setSsoSessionValidTo(final Date ssoSessionValidTo) {
this.ssoSessionValidTo = ssoSessionValidTo;
}
@@ -371,7 +410,7 @@ public class AuthenticationData implements IAuthData, Serializable {
/**
* @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set
*/
- public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) {
+ public void setBaseIDTransferRestrication(final boolean isBaseIDTransferRestrication) {
this.isBaseIDTransferRestrication = isBaseIDTransferRestrication;
}
@@ -382,19 +421,21 @@ public class AuthenticationData implements IAuthData, Serializable {
* @param clazz The class type which is stored with this key
* @return The data object or null if no data is found with this key
*/
- public <T> T getGenericData(String key, final Class<T> clazz) {
+ @Override
+ public <T> T getGenericData(final String key, final Class<T> clazz) {
if (StringUtils.isNotEmpty(key)) {
- Object data = genericDataStorate.get(key);
+ final Object data = genericDataStorate.get(key);
if (data == null)
return null;
try {
@SuppressWarnings("unchecked")
+ final
T test = (T) data;
return test;
- } catch (Exception e) {
+ } catch (final Exception e) {
log.warn("Generic authentication-data object can not be casted to requsted type", e);
return null;
@@ -414,7 +455,7 @@ public class AuthenticationData implements IAuthData, Serializable {
* @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
* @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
*/
- public void setGenericData(String key, Object object) throws EAAFStorageException {
+ public void setGenericData(final String key, final Object object) throws EAAFStorageException {
if (StringUtils.isEmpty(key)) {
log.info("Generic session-data can not be stored with a 'null' key");
throw new EAAFStorageException("Generic data can not be stored with a 'null' key", null);
@@ -437,27 +478,49 @@ public class AuthenticationData implements IAuthData, Serializable {
genericDataStorate.put(key, object);
}
- public void seteIDASLoA(String eIDASLoA) {
+ public void seteIDASLoA(final String eIDASLoA) {
this.eIDASLoA = eIDASLoA;
}
@Override
+ @Deprecated
public List<Pair<String, String>> getAdditionalbPKs() {
return this.additionalBpks;
}
/**
+ * Set the encrypted SourceId for current authenticated user
+ *
+ * @param encSourceId
+ */
+ public void setEncSourceId(final String encSourceId) {
+ this.encSourceId = encSourceId;
+ }
+
+ /**
+ * Set the type identifier of the encrypted SourceId
+ *
+ * @param encSourceIdType
+ */
+ public void setEncSourceIdType(final String encSourceIdType) {
+ this.encSourceIdType = encSourceIdType;
+ }
+
+
+
+ /**
* Add an additional bPK Pair<bPK, bPKType> into authdata
*
* @param bPK Pair<bPK, bPKType>
*/
- public void addAdditionalbPKPair(Pair<String, String> bPK) {
+ @Deprecated
+ public void addAdditionalbPKPair(final Pair<String, String> bPK) {
if (this.additionalBpks == null) {
this.additionalBpks = new ArrayList<Pair<String, String>>();
}
this.additionalBpks.add(bPK);
- }
+ }
}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
index f578afd8..2482d65f 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
@@ -36,6 +36,8 @@ import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.lang.NonNull;
+import org.springframework.util.Assert;
import org.springframework.util.Base64Utils;
import org.w3c.dom.DOMException;
import org.w3c.dom.Element;
@@ -43,18 +45,23 @@ import org.w3c.dom.Node;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.exceptions.EAAFParserException;
import at.gv.egiz.eaaf.core.exceptions.XPathException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
@@ -67,7 +74,221 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
protected Collection<String> includedToGenericAuthData = null;
@Autowired protected IConfiguration basicConfig;
- protected void generateBasicAuthData(AuthenticationData authData, IRequest pendingReq,
+ @Override
+ public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException {
+ IAuthData authData = null;
+ final IAuthProcessDataContainer authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+
+ try {
+ if (authProcessData.isEIDProcess()) {
+ log.debug("Building AuthData from new E-ID information ... ");
+ authData = getAuthDataInstance(pendingReq);
+ Assert.notNull(authData, "AuthData is null");
+
+ log.trace("Adding generic AuthData information ... ");
+ buildInternalAuthDataGeneric(authData, authProcessData, pendingReq);
+
+ log.trace("Build service-specific AuthData information ... ");
+ buildServiceSpecificAuthenticationData(authData, pendingReq);
+
+ } else {
+ log.info("User authentication uses the deprecated. Building AuthData from deprecated information ... ");
+ authData = buildDeprecatedAuthData(pendingReq);
+ Assert.notNull(authData, "AuthData is null");
+
+ }
+
+
+ } catch (XPathException | DOMException | EAAFException e) {
+ log.warn("Can not build authentication data from auth. process information");
+ throw new EAAFAuthenticationException("builder.11", new Object[]{e.getMessage()}, e);
+
+ }
+
+ log.trace("AuthData generation finished");
+ return authData;
+
+ }
+
+ /**
+ * * @param pendingReq current pendingRequest
+ *
+ * @param pendingReq current pendingRequest
+ * @return {@link IAuthData} but never <code>null</code>
+ * @throws EAAFException
+ */
+ @NonNull
+ abstract protected IAuthData getAuthDataInstance(IRequest pendingReq) throws EAAFException;
+
+ /**
+ * Build service-specific AuthData by using information from E-ID
+ * This builder uses vSZ, MDS and Consent as input information
+ *
+ * @param pendingReq current pendingRequest
+ * @return {@link IAuthData} but never <code>null</code>
+ * @throws EAAFException
+ */
+ abstract protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) throws EAAFException;
+
+
+ /**
+ * Add generic E-ID information into already existing AuthData
+ *
+ * @param authData
+ * @param authProcessData
+ * @param pendingReq
+ */
+ private void buildInternalAuthDataGeneric(@NonNull IAuthData authData,
+ @NonNull IAuthProcessDataContainer authProcessData, @NonNull IRequest pendingReq) {
+ Assert.notNull(pendingReq, "PendingRequest is null");
+ Assert.notNull(authData, "AuthData is null");
+ Assert.notNull(authProcessData, "AuthProcessData is null");
+
+ if (!(authData instanceof AuthenticationData)) {
+ log.error("AuthData has no suitable type! Requires: {}", AuthenticationData.class.getName());
+ throw new RuntimeException("AuthData has no suitable type! Requires: " + AuthenticationData.class.getName());
+
+ }
+
+ final AuthenticationData internalAuthData = (AuthenticationData)authData;
+
+ //TODO: check if it is needed
+// if (authProcessData.getGenericSessionDataStorage() != null &&
+// !authProcessData.getGenericSessionDataStorage().isEmpty())
+// includedToGenericAuthData = authProcessData.getGenericSessionDataStorage().keySet();
+// else
+ includedToGenericAuthData = new ArrayList<String>();
+
+ //####################################################
+ //set general authData info's
+ internalAuthData.setAuthenticationIssuer(pendingReq.getAuthURL());
+ internalAuthData.setSsoSession(pendingReq.needSingleSignOnFunctionality());
+ internalAuthData.setBaseIDTransferRestrication(pendingReq.getServiceProviderConfiguration().hasBaseIdTransferRestriction());
+
+ //####################################################
+ //set MDS and vSZ
+ internalAuthData.setFamilyName(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.PRINCIPAL_NAME_NAME, String.class));
+ internalAuthData.setGivenName(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.GIVEN_NAME_NAME, String.class));
+ internalAuthData.setDateOfBirth(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.BIRTHDATE_NAME, String.class));
+ internalAuthData.setEncSourceId(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.EID_ENCRYPTED_SOURCEID_NAME, String.class));
+ internalAuthData.setEncSourceIdType(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.EID_ENCRYPTED_SOURCEID_TYPE_NAME, String.class));
+
+
+ //####################################################
+ //set QAA level
+ setQAALevel(internalAuthData, authProcessData, pendingReq);
+
+
+ //####################################################
+ //set isForeigner flag
+ setFlagForeigner(internalAuthData, authProcessData, pendingReq);
+
+
+ //####################################################
+ //set citizen country-code
+ setCitizenCountryCode(internalAuthData, authProcessData, pendingReq);
+
+ }
+
+ /**
+ * Parse citzen country-code into AuthData
+ *
+ * @param internalAuthData
+ * @param authProcessData
+ * @param pendingReq
+ */
+ private void setCitizenCountryCode(AuthenticationData authData, IAuthProcessDataContainer authProcessData,
+ IRequest pendingReq) {
+ includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_ISSUING_NATION_NAME);
+ final String pvpCCCAttr = authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class);
+ if (StringUtils.isNotEmpty(pvpCCCAttr)) {
+ authData.setCiticenCountryCode(pvpCCCAttr);
+ log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME);
+
+ } else {
+ if (authData.isForeigner()) {
+ //TODO!!!!
+
+ } else {
+ authData.setCiticenCountryCode(basicConfig.getBasicConfiguration(
+ IConfiguration.CONFIG_PROPS_AUTH_DEFAULT_COUNTRYCODE,
+ EAAFConstants.COUNTRYCODE_AUSTRIA));
+
+ }
+ }
+
+ }
+
+ /**
+ * parse QAA Level into AuthData
+ *
+ * @param authData
+ * @param authProcessData
+ * @param pendingReq
+ */
+ private void setQAALevel(@NonNull AuthenticationData authData,
+ @NonNull IAuthProcessDataContainer authProcessData, @NonNull IRequest pendingReq) {
+ includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME);
+ String currentLoA = null;
+ if (StringUtils.isNotEmpty(authProcessData.getQAALevel()))
+ currentLoA = authProcessData.getQAALevel();
+ else {
+ currentLoA = authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, String.class);
+ if (StringUtils.isNotEmpty(currentLoA)) {
+ log.debug("Find PVP-Attr '" + PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA
+ + " --> Parse QAA-Level from that attribute.");
+
+ }
+ }
+ if (StringUtils.isNotEmpty(currentLoA)) {
+ if (currentLoA.startsWith(EAAFConstants.EIDAS_LOA_PREFIX)) {
+ authData.seteIDASLoA(currentLoA);
+
+ } else
+ log.info("Only eIDAS LoAs are supported by this implementation");
+
+ } else {
+ log.info("No QAA level found. Set to default level " + EAAFConstants.EIDAS_LOA_LOW);
+ authData.seteIDASLoA(EAAFConstants.EIDAS_LOA_LOW);
+
+ }
+
+ }
+
+ /**
+ * Parse Foreigner information into AuthData
+ *
+ * @param authData
+ * @param authProcessData
+ * @param pendingReq
+ */
+ private void setFlagForeigner(AuthenticationData authData, IAuthProcessDataContainer authProcessData, IRequest pendingReq) {
+ //TODO: change to new eIDAS-token attribute identifier
+ if (authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_STORK_TOKEN_NAME) != null) {
+ log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_STORK_TOKEN_FRIENDLY_NAME
+ + " --> Set 'isForeigner' flag to TRUE");
+ authData.setForeigner(true);
+
+ } else {
+ authData.setForeigner(authProcessData.isForeigner());
+
+ }
+ }
+
+ /**
+ * Build authentication data by using information from citizen-card or mobile-phone signature
+ * This builder uses IdentityLink, AuthBlock, full MIS mandate as input information
+ *
+ * @param pendingReq current pendingRequest
+ * @return {@link IAuthData} but never <code>null</code>
+ * @throws EAAFException
+ */
+ @Deprecated
+ @NonNull
+ abstract protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EAAFException;
+
+ @Deprecated
+ protected void generateDeprecatedBasicAuthData(AuthenticationData authData, IRequest pendingReq,
IAuthProcessDataContainer authProcessData) throws EAAFBuilderException, EAAFConfigurationException, XPathException, DOMException, EAAFParserException {
if (authProcessData.getGenericSessionDataStorage() != null &&
@@ -86,13 +307,13 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
//####################################################
//parse user info's from identityLink
IIdentityLink idlFromPVPAttr = null;
- IIdentityLink identityLink = authProcessData.getIdentityLink();
+ final IIdentityLink identityLink = authProcessData.getIdentityLink();
if (identityLink != null) {
parseBasicUserInfosFromIDL(authData, identityLink, includedToGenericAuthData);
} else {
// identityLink is not direct in MOASession
- String pvpAttrIDL = authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_IDENTITY_LINK_NAME, String.class);
+ final String pvpAttrIDL = authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_IDENTITY_LINK_NAME, String.class);
//find PVP-Attr. which contains the IdentityLink
if (StringUtils.isNotEmpty(pvpAttrIDL)) {
log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_IDENTITY_LINK_FRIENDLY_NAME
@@ -106,10 +327,10 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
//set identitylink into AuthProcessData
authProcessData.setIdentityLink(idlFromPVPAttr);;
- } catch (EAAFParserException e) {
+ } catch (final EAAFParserException e) {
log.warn("Received IdentityLink is not valid", e);
- } catch (Exception e) {
+ } catch (final Exception e) {
log.warn("Received IdentityLink is not valid", e);
} finally {
@@ -118,7 +339,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
if (idlStream != null)
idlStream.close();
- } catch (IOException e) {
+ } catch (final IOException e) {
log.warn("Close InputStream FAILED.", e);
}
@@ -154,72 +375,27 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
authData.setIdentificationType(null);
}
+
//####################################################
//set QAA level
- includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME);
- String currentLoA = null;
- if (StringUtils.isNotEmpty(authProcessData.getQAALevel()))
- currentLoA = authProcessData.getQAALevel();
- else {
- currentLoA = authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, String.class);
- if (StringUtils.isNotEmpty(currentLoA)) {
- log.debug("Find PVP-Attr '" + PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA
- + " --> Parse QAA-Level from that attribute.");
-
- }
- }
- if (StringUtils.isNotEmpty(currentLoA)) {
- if (currentLoA.startsWith(EAAFConstants.EIDAS_LOA_PREFIX)) {
- authData.seteIDASLoA(currentLoA);
-
- } else
- log.info("Only eIDAS LoAs are supported by this implementation");
-
- } else {
- log.info("No QAA level found. Set to default level " + EAAFConstants.EIDAS_LOA_LOW);
- authData.seteIDASLoA(EAAFConstants.EIDAS_LOA_LOW);
+ setQAALevel(authData, authProcessData, pendingReq);
- }
//####################################################
- //set isForeigner flag
- //TODO: change to new eIDAS-token attribute identifier
- if (authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_STORK_TOKEN_NAME) != null) {
- log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_STORK_TOKEN_FRIENDLY_NAME
- + " --> Set 'isForeigner' flag to TRUE");
- authData.setForeigner(true);
-
- } else {
- authData.setForeigner(authProcessData.isForeigner());
-
- }
+ //set isForeigner flag
+ setFlagForeigner(authData, authProcessData, pendingReq);
+
//####################################################
//set citizen country-code
- includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_ISSUING_NATION_NAME);
- String pvpCCCAttr = authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class);
- if (StringUtils.isNotEmpty(pvpCCCAttr)) {
- authData.setCiticenCountryCode(pvpCCCAttr);
- log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME);
-
- } else {
- if (authData.isForeigner()) {
- //TODO!!!!
-
- } else {
- authData.setCiticenCountryCode(basicConfig.getBasicConfiguration(
- IConfiguration.CONFIG_PROPS_AUTH_DEFAULT_COUNTRYCODE,
- EAAFConstants.COUNTRYCODE_AUSTRIA));
-
- }
- }
+ setCitizenCountryCode(authData, authProcessData, pendingReq);
//####################################################
// set bPK and IdentityLink
- String pvpbPKValue = getbPKValueFromPVPAttribute(authProcessData);
- String pvpbPKTypeAttr = getbPKTypeFromPVPAttribute(authProcessData);
- Pair<String, String> pvpEncbPKAttr = getEncryptedbPKFromPVPAttribute(authProcessData, authData, pendingReq.getServiceProviderConfiguration());
+ final String pvpbPKValue = getbPKValueFromPVPAttribute(authProcessData);
+ final String pvpbPKTypeAttr = getbPKTypeFromPVPAttribute(authProcessData);
+ final Pair<String, String> pvpEncbPKAttr = getEncryptedbPKFromPVPAttribute(authProcessData, authData, pendingReq.getServiceProviderConfiguration());
//check if a unique ID for this citizen exists
if (StringUtils.isEmpty(authData.getIdentificationValue()) &&
@@ -250,7 +426,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
// baseID is in AuthSesson --> calculate bPK directly
} else if (StringUtils.isNotEmpty(authData.getIdentificationValue())) {
log.debug("Citizen baseID is in MOASession --> calculate bPK from this.");
- Pair<String, String> result = buildOAspecificbPK(pendingReq, authData);
+ final Pair<String, String> result = buildOAspecificbPK(pendingReq, authData);
authData.setBPK(result.getFirst());
authData.setBPKType(result.getSecond());
@@ -276,12 +452,12 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
}
}
- Pair<String, String> baseIDFromSZR = getbaseIDFromSZR(authData, notValidbPK, notValidbPKType);
+ final Pair<String, String> baseIDFromSZR = getbaseIDFromSZR(authData, notValidbPK, notValidbPKType);
if (baseIDFromSZR != null) {
log.info("Receive citizen baseID from SRZ. Authentication can be completed");
authData.setIdentificationValue(baseIDFromSZR.getFirst());
authData.setIdentificationType(baseIDFromSZR.getSecond());
- Pair<String, String> result = buildOAspecificbPK(pendingReq, authData);
+ final Pair<String, String> result = buildOAspecificbPK(pendingReq, authData);
authData.setBPK(result.getFirst());
authData.setBPKType(result.getSecond());
@@ -310,24 +486,26 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
}
//extract a encrypted bPK from PVP attrobute
+ @Deprecated
protected abstract Pair<String, String> getEncryptedbPKFromPVPAttribute(IAuthProcessDataContainer authProcessDataContainer,
AuthenticationData authData, ISPConfiguration spConfig) throws EAAFBuilderException;
//request baseId from SRZ
+ @Deprecated
protected abstract Pair<String, String> getbaseIDFromSZR(AuthenticationData authData, String notValidbPK,
String notValidbPKType);
-
+ @Deprecated
protected Pair<String, String> buildOAspecificbPK(IRequest pendingReq, AuthenticationData authData) throws EAAFBuilderException {
- ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
+ final ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
- String baseID = authData.getIdentificationValue();
- String baseIDType = authData.getIdentificationType();
+ final String baseID = authData.getIdentificationValue();
+ final String baseIDType = authData.getIdentificationType();
Pair<String, String> sectorSpecId = null;
if (EAAFConstants.URN_PREFIX_BASEID.equals(baseIDType)) {
//SAML1 legacy target parameter work-around
- String spTargetId = oaParam.getAreaSpecificTargetIdentifier();
+ final String spTargetId = oaParam.getAreaSpecificTargetIdentifier();
log.debug("Use OA target identifier '" + spTargetId + "' from configuration");
//calculate sector specific unique identifier
@@ -344,18 +522,19 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
}
+ @Deprecated
protected IIdentityLink buildOAspecificIdentityLink(ISPConfiguration spConfig, IIdentityLink idl, String bPK, String bPKType) throws EAAFConfigurationException, XPathException, DOMException, EAAFParserException {
if (spConfig.hasBaseIdTransferRestriction()) {
log.debug("SP: " + spConfig.getUniqueIdentifier() + " has baseId transfer restriction. Remove baseId from IDL ...");
- Element idlassertion = idl.getSamlAssertion();
+ final Element idlassertion = idl.getSamlAssertion();
//set bpk/wpbk;
- Node prIdentification = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+ final Node prIdentification = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
prIdentification.getFirstChild().setNodeValue(bPK);
//set bkp/wpbk type
- Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
+ final Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
prIdentificationType.getFirstChild().setNodeValue(bPKType);
- SimpleIdentityLinkAssertionParser idlparser = new SimpleIdentityLinkAssertionParser(idlassertion);
+ final SimpleIdentityLinkAssertionParser idlparser = new SimpleIdentityLinkAssertionParser(idlassertion);
return idlparser.parseIdentityLink();
} else
@@ -371,6 +550,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
* @param bPKType bPK-Type to check
* @return true, if bPK-Type matchs to Service-Provider configuration, otherwise false
*/
+ @Deprecated
private boolean matchsReceivedbPKToOnlineApplication(ISPConfiguration oaParam, String bPKType) {
return oaParam.getAreaSpecificTargetIdentifier().equals(bPKType);
@@ -383,6 +563,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
* @param identityLink
* @param includedGenericSessionData
*/
+ @Deprecated
private void parseBasicUserInfosFromIDL(AuthenticationData authData, IIdentityLink identityLink, Collection<String> includedGenericSessionData) {
authData.setIdentificationValue(identityLink.getIdentificationValue());
authData.setIdentificationType(identityLink.getIdentificationType());
@@ -422,6 +603,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
* @param session MOASession, but never null
* @return bPK, which was received by PVP-Attribute, or <code>null</code> if no attribute exists
*/
+ @Deprecated
private String getbPKValueFromPVPAttribute(IAuthProcessDataContainer session) {
String pvpbPKValueAttr = session.getGenericDataFromSession(PVPAttributeDefinitions.BPK_NAME, String.class);
if (StringUtils.isNotEmpty(pvpbPKValueAttr)) {
@@ -434,7 +616,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
}
- String[] spitted = pvpbPKValueAttr.split(":");
+ final String[] spitted = pvpbPKValueAttr.split(":");
if (spitted.length == 2) {
log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.BPK_FRIENDLY_NAME);
return spitted[1];
@@ -464,8 +646,9 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
* @param session MOASession, but never null
* @return bPKType, which was received by PVP-Attribute, or <code>null</code> if no attribute exists
*/
+ @Deprecated
private String getbPKTypeFromPVPAttribute(IAuthProcessDataContainer session) {
- String pvpbPKTypeAttr = session.getGenericDataFromSession(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class);
+ final String pvpbPKTypeAttr = session.getGenericDataFromSession(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class);
if (StringUtils.isNotEmpty(pvpbPKTypeAttr)) {
// //fix a wrong bPK-Type encoding, which was used in some PVP Standardportal implementations
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java
index 93fbcc91..e096b8e6 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java
@@ -173,6 +173,17 @@ public class AuthProcessDataWrapper implements IAuthProcessDataContainer, EAAFAu
}
+ @Override
+ public boolean isEIDProcess() {
+ return wrapStringObject(FLAG_IS_NEW_EID_PROCESS, false, Boolean.class);
+ }
+
+ @Override
+ public void setEIDProcess(boolean value) {
+ authProcessData.put(FLAG_IS_NEW_EID_PROCESS, value);
+
+ }
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionCreated()
*/
@@ -186,8 +197,8 @@ public class AuthProcessDataWrapper implements IAuthProcessDataContainer, EAAFAu
*/
@Override
public Map<String, Object> getGenericSessionDataStorage() {
- Map<String, Object> result = new HashMap<String, Object>();
- for (String el : authProcessData.keySet()) {
+ final Map<String, Object> result = new HashMap<String, Object>();
+ for (final String el : authProcessData.keySet()) {
if (el.startsWith(GENERIC_PREFIX))
result.put(el.substring(GENERIC_PREFIX.length()), authProcessData.get(el));
@@ -223,7 +234,7 @@ public class AuthProcessDataWrapper implements IAuthProcessDataContainer, EAAFAu
protected <T> T wrapStringObject(String key, Object defaultValue, Class<T> clazz) {
if (StringUtils.isNotEmpty(key)) {
- Object obj = authProcessData.get(key);
+ final Object obj = authProcessData.get(key);
if (obj != null && clazz.isInstance(obj))
return (T) obj;
}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEncryptedSourceIdAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEncryptedSourceIdAttributeBuilder.java
new file mode 100644
index 00000000..3fbdaf66
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEncryptedSourceIdAttributeBuilder.java
@@ -0,0 +1,58 @@
+/*******************************************************************************
+ * Copyright 2019 Graz University of Technology
+ * EAAF-Core Components has been developed in a cooperation between EGIZ,
+ * A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.impl.idp.builder.attributes;
+
+import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+
+public class EIDEncryptedSourceIdAttributeBuilder implements IAttributeBuilder, ExtendedPVPAttributeDefinitions {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+ return g.buildStringAttribute(getFriendlyName(), getName(), authData.getEncryptedSourceId());
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(getFriendlyName(), getName());
+
+ }
+
+ @Override
+ public String getName() {
+ return EID_ENCRYPTED_SOURCEID_NAME;
+ }
+
+ private String getFriendlyName() {
+ return EID_ENCRYPTED_SOURCEID_FRIENDLY_NAME;
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEncryptedSourceIdTypeAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEncryptedSourceIdTypeAttributeBuilder.java
new file mode 100644
index 00000000..440ccf59
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEncryptedSourceIdTypeAttributeBuilder.java
@@ -0,0 +1,58 @@
+/*******************************************************************************
+ * Copyright 2019 Graz University of Technology
+ * EAAF-Core Components has been developed in a cooperation between EGIZ,
+ * A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.impl.idp.builder.attributes;
+
+import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+
+public class EIDEncryptedSourceIdTypeAttributeBuilder implements IAttributeBuilder, ExtendedPVPAttributeDefinitions {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+ return g.buildStringAttribute(getFriendlyName(), getName(), authData.getEncryptedSourceIdType());
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(getFriendlyName(), getName());
+
+ }
+
+ @Override
+ public String getName() {
+ return EID_ENCRYPTED_SOURCEID_TYPE_NAME;
+ }
+
+ private String getFriendlyName() {
+ return EID_ENCRYPTED_SOURCEID_TYPE_FRIENDLY_NAME;
+ }
+
+}