diff options
Diffstat (limited to 'eaaf_core/src')
7 files changed, 92 insertions, 28 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java index 3d566980..e8e41999 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java @@ -45,8 +45,10 @@ package at.gv.egiz.eaaf.core.api.idp; import java.util.Date; +import java.util.List; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.impl.data.Pair; /** * @author tlenz @@ -126,7 +128,14 @@ public interface IAuthData { * @return Sector identifier with prefix */ String getBPKType(); - + + + /** + * Get List of bPK/bPKType tuples for this service provider + * @return List of Pairs<bPK, bPKType> + */ + List<Pair<String, String>> getAdditionalbPKs(); + /** * Get baseId of this user * diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java index 5762e1dd..392ed9a9 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java @@ -30,7 +30,9 @@ import java.io.Serializable; import java.text.DateFormat; import java.text.ParseException; import java.text.SimpleDateFormat; +import java.util.ArrayList; import java.util.Date; +import java.util.List; import java.util.Map; import java.util.TimeZone; @@ -42,6 +44,7 @@ import org.slf4j.LoggerFactory; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.impl.data.Pair; /** * @author tlenz @@ -68,7 +71,8 @@ public class AuthenticationData implements IAuthData, Serializable { private String givenName; private Date dateOfBirth; private String bPK; - private String bPKType; + private String bPKType; + private List<Pair<String, String>> additionalBpks; private String ccc = null; @@ -436,5 +440,24 @@ public class AuthenticationData implements IAuthData, Serializable { public void seteIDASLoA(String eIDASLoA) { this.eIDASLoA = eIDASLoA; } + + @Override + public List<Pair<String, String>> getAdditionalbPKs() { + return this.additionalBpks; + } + + /** + * Add an additional bPK Pair<bPK, bPKType> into authdata + * + * @param bPK Pair<bPK, bPKType> + */ + public void addAdditionalbPKPair(Pair<String, String> bPK) { + if (this.additionalBpks == null) { + this.additionalBpks = new ArrayList<Pair<String, String>>(); + + } + + this.additionalBpks.add(bPK); + } } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BPKAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BPKAttributeBuilder.java index 261fd211..a5c1e7d4 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BPKAttributeBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BPKAttributeBuilder.java @@ -41,7 +41,8 @@ import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; @PVPMETADATA public class BPKAttributeBuilder implements IPVPAttributeBuilder { - private static final Logger log = LoggerFactory.getLogger(BPKAttributeBuilder.class); + private static final Logger log = LoggerFactory.getLogger(BPKAttributeBuilder.class); + protected static final String DELIMITER_BPKTYPE_BPK = ":"; public String getName() { return BPK_NAME; @@ -49,32 +50,66 @@ public class BPKAttributeBuilder implements IPVPAttributeBuilder { public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeBuilderException { - String bpk = authData.getBPK(); - String type = authData.getBPKType(); + String result = getBpkForSP(authData); + log.trace("Authenticate user with bPK/wbPK: " + result); + return g.buildStringAttribute(BPK_FRIENDLY_NAME, BPK_NAME, result); + + } + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(BPK_FRIENDLY_NAME, BPK_NAME); + } + + /** + * Generate the bPK String for this specific SP + * + * @param authData + * @return + * @throws UnavailableAttributeException + */ + protected String getBpkForSP(IAuthData authData) throws UnavailableAttributeException { + String bpk = attrMaxSize(authData.getBPK()); + String type = removeBpkTypePrefix(authData.getBPKType()); if (StringUtils.isEmpty(bpk)) throw new UnavailableAttributeException(BPK_NAME); - + + return type + DELIMITER_BPKTYPE_BPK + bpk; + + } + + /** + * Limit the attribute value to maximum size + * + * @param attr + * @return + */ + protected String attrMaxSize(String attr) { + if (attr != null && attr.length() > BPK_MAX_LENGTH) { + attr = attr.substring(0, BPK_MAX_LENGTH); + } + return attr; + + } + + /** + * Remove bPKType prefix if available + * + * @param type + * @return + */ + protected String removeBpkTypePrefix(String type) { if (type.startsWith(EAAFConstants.URN_PREFIX_WBPK)) - type = type.substring((EAAFConstants.URN_PREFIX_WBPK).length()); + return type.substring((EAAFConstants.URN_PREFIX_WBPK).length()); else if (type.startsWith(EAAFConstants.URN_PREFIX_CDID)) - type = type.substring((EAAFConstants.URN_PREFIX_CDID).length()); + return type.substring((EAAFConstants.URN_PREFIX_CDID).length()); else if (type.startsWith(EAAFConstants.URN_PREFIX_EIDAS)) - type = type.substring((EAAFConstants.URN_PREFIX_EIDAS).length()); - - if (bpk.length() > BPK_MAX_LENGTH) { - bpk = bpk.substring(0, BPK_MAX_LENGTH); - } + return type.substring((EAAFConstants.URN_PREFIX_EIDAS).length()); - log.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type); + else + return type; - return g.buildStringAttribute(BPK_FRIENDLY_NAME, BPK_NAME, type + ":" + bpk); } - - public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { - return g.buildEmptyAttribute(BPK_FRIENDLY_NAME, BPK_NAME); - } - } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDIdentityLinkBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDIdentityLinkBuilder.java index a3e22ea3..8a2cabbc 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDIdentityLinkBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDIdentityLinkBuilder.java @@ -39,7 +39,7 @@ import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; - +@Deprecated @PVPMETADATA public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder { private static final Logger log = LoggerFactory.getLogger(EIDIdentityLinkBuilder.class); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSourcePIN.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSourcePIN.java index 4e5f8505..0db3f1fe 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSourcePIN.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSourcePIN.java @@ -36,6 +36,7 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.AttributePolicyException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +@Deprecated @PVPMETADATA public class EIDSourcePIN implements IPVPAttributeBuilder { diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSourcePINType.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSourcePINType.java index f55f5fb4..42e47a42 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSourcePINType.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDSourcePINType.java @@ -33,6 +33,7 @@ import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +@Deprecated @PVPMETADATA public class EIDSourcePINType implements IPVPAttributeBuilder { diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/SPConfigurationImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/SPConfigurationImpl.java index 6c827489..1b99ce50 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/SPConfigurationImpl.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/SPConfigurationImpl.java @@ -58,17 +58,12 @@ public class SPConfigurationImpl implements ISPConfiguration { CONFIG_KEY_RESTRICTIONS_BASEID_INTERNAL, EAAFConstants.URN_PREFIX_CDID))); - if (!authConfig.getBasicMOAIDConfigurationBoolean(CONFIG_KEY_RESTRICTIONS_EID_DEMO_MODE, false)) { - targetAreasWithNoBaseIdTransmissionRestriction = Collections.unmodifiableList( + targetAreasWithNoBaseIdTransmissionRestriction = Collections.unmodifiableList( KeyValueUtils.getListOfCSVValues( authConfig.getBasicConfiguration( CONFIG_KEY_RESTRICTIONS_BASEID_TRANSMISSION, EAAFConstants.URN_PREFIX_CDID))); - - } else - targetAreasWithNoBaseIdTransmissionRestriction = Collections.emptyList(); - - + if (log.isTraceEnabled()) { log.trace("Internal policy for OA: " + getUniqueIdentifier()); for (String el : targetAreasWithNoInteralBaseIdRestriction) |