From a4d179661754e04c882c1686e3c83f1b458717df Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 11 Apr 2019 16:52:19 +0200 Subject: refactoring of AuthData builder --- .../api/data/ExtendedPVPAttributeDefinitions.java | 8 + .../egiz/eaaf/core/api/data/ILoALevelMapper.java | 12 +- .../core/api/data/PVPAttributeDefinitions.java | 71 +++-- .../core/api/idp/EAAFAuthProcessDataConstants.java | 5 +- .../at/gv/egiz/eaaf/core/api/idp/IAuthData.java | 98 +++--- .../idp/auth/data/IAuthProcessDataContainer.java | 16 + .../eaaf/core/exceptions/EAAFBuilderException.java | 2 +- .../eaaf/core/impl/idp/AuthenticationData.java | 141 ++++++--- .../builder/AbstractAuthenticationDataBuilder.java | 331 ++++++++++++++++----- .../impl/idp/auth/data/AuthProcessDataWrapper.java | 17 +- .../EIDEncryptedSourceIdAttributeBuilder.java | 58 ++++ .../EIDEncryptedSourceIdTypeAttributeBuilder.java | 58 ++++ .../idp/auth/TestAuthenticationDataBuilder.java | 24 +- 13 files changed, 641 insertions(+), 200 deletions(-) create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEncryptedSourceIdAttributeBuilder.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEncryptedSourceIdTypeAttributeBuilder.java (limited to 'eaaf_core') diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPVPAttributeDefinitions.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPVPAttributeDefinitions.java index d5ebbd51..62242799 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPVPAttributeDefinitions.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPVPAttributeDefinitions.java @@ -38,4 +38,12 @@ public interface ExtendedPVPAttributeDefinitions extends PVPAttributeDefinitions public static final String SP_USESMANDATES_NAME = "http://eid.gv.at/eID/attributes/ServiceProviderMandateProfiles"; public static final String SP_USESMANDATES_FRIENDLY_NAME = "ServiceProvider-MandateProfiles"; + /* Attributes for E-ID */ + public static final String EID_ENCRYPTED_SOURCEID_NAME = "http://eid.gv.at/eID/attributes/vsz/value"; + public static final String EID_ENCRYPTED_SOURCEID_FRIENDLY_NAME = "vSZ"; + + public static final String EID_ENCRYPTED_SOURCEID_TYPE_NAME = "http://eid.gv.at/eID/attributes/vsz/type"; + public static final String EID_ENCRYPTED_SOURCEID_TYPE_FRIENDLY_NAME = "vSZ-Type"; + + } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ILoALevelMapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ILoALevelMapper.java index 759f4ce0..ed79dc60 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ILoALevelMapper.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/ILoALevelMapper.java @@ -40,7 +40,17 @@ public interface ILoALevelMapper { * Map an arbitrary QAA level to PVP SecClass * * @param qaa, but not null - * @return An PVP SecClass if there is a mapping, otherwise null + * @return A PVP SecClass if there is a mapping, otherwise null */ public String mapToSecClass(String qaa); + + + /** + * Map an an arbitrary eIDAS LoA to STORK QAA Level + * + * @param eidasqaaLevel + * @return A STORK QAA level + */ + @Deprecated + public String mapeIDASQAAToSTORKQAA(String eidasqaaLevel); } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java index e7e9844a..2a92e5f3 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/data/PVPAttributeDefinitions.java @@ -33,7 +33,7 @@ public interface PVPAttributeDefinitions { public static final String PVP_VERSION_OID = "1.2.40.0.10.2.1.1.261.10"; public static final String PVP_VERSION_NAME = URN_OID_PREFIX + PVP_VERSION_OID; public static final String PVP_VERSION_FRIENDLY_NAME = "PVP-VERSION"; - public static final String PVP_VERSION_2_1 = "2.1"; + public static final String PVP_VERSION_2_1 = "2.2"; public static final String SECCLASS_OID = "1.2.40.0.10.2.1.1.261.110"; @@ -144,25 +144,30 @@ public interface PVPAttributeDefinitions { public static final String EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME = "EID-SECTOR-FOR-IDENTIFIER"; public static final int EID_SECTOR_FOR_IDENTIFIER_MAX_LENGTH = 255; - public static final String EID_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.36"; - public static final String EID_SOURCE_PIN_NAME = URN_OID_PREFIX + EID_SOURCE_PIN_OID; - public static final String EID_SOURCE_PIN_FRIENDLY_NAME = "EID-SOURCE-PIN"; - public static final int EID_SOURCE_PIN_MAX_LENGTH = 128; + @Deprecated public static final String EID_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.36"; + @Deprecated public static final String EID_SOURCE_PIN_NAME = URN_OID_PREFIX + EID_SOURCE_PIN_OID; + @Deprecated public static final String EID_SOURCE_PIN_FRIENDLY_NAME = "EID-SOURCE-PIN"; + @Deprecated public static final int EID_SOURCE_PIN_MAX_LENGTH = 128; - public static final String EID_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.104"; - public static final String EID_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + EID_SOURCE_PIN_TYPE_OID; - public static final String EID_SOURCE_PIN_TYPE_FRIENDLY_NAME = "EID-SOURCE-PIN-TYPE"; - public static final int EID_SOURCE_PIN_TYPE_MAX_LENGTH = 128; + @Deprecated public static final String EID_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.104"; + @Deprecated public static final String EID_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + EID_SOURCE_PIN_TYPE_OID; + @Deprecated public static final String EID_SOURCE_PIN_TYPE_FRIENDLY_NAME = "EID-SOURCE-PIN-TYPE"; + @Deprecated public static final int EID_SOURCE_PIN_TYPE_MAX_LENGTH = 128; - public static final String EID_IDENTITY_LINK_OID = "1.2.40.0.10.2.1.1.261.38"; - public static final String EID_IDENTITY_LINK_NAME = URN_OID_PREFIX + EID_IDENTITY_LINK_OID; - public static final String EID_IDENTITY_LINK_FRIENDLY_NAME = "EID-IDENTITY-LINK"; - public static final int EID_IDENTITY_LINK_MAX_LENGTH = 32767; + @Deprecated public static final String EID_IDENTITY_LINK_OID = "1.2.40.0.10.2.1.1.261.38"; + @Deprecated public static final String EID_IDENTITY_LINK_NAME = URN_OID_PREFIX + EID_IDENTITY_LINK_OID; + @Deprecated public static final String EID_IDENTITY_LINK_FRIENDLY_NAME = "EID-IDENTITY-LINK"; + @Deprecated public static final int EID_IDENTITY_LINK_MAX_LENGTH = 32767; - public static final String EID_AUTH_BLOCK_OID = "1.2.40.0.10.2.1.1.261.62"; - public static final String EID_AUTH_BLOCK_NAME = URN_OID_PREFIX + EID_AUTH_BLOCK_OID; - public static final String EID_AUTH_BLOCK_FRIENDLY_NAME = "EID-AUTH-BLOCK"; - public static final int EID_AUTH_BLOCK_MAX_LENGTH = 32767; + public static final String EID_E_ID_TOKEN_OID = "1.2.40.0.10.2.1.1.261.39"; + public static final String EID_E_ID_TOKEN_NAME = URN_OID_PREFIX + EID_E_ID_TOKEN_OID; + public static final String EID_E_ID_TOKEN_FRIENDLY_NAME = "EID-E-ID-TOKEN"; + public static final int EID_E_ID_TOKEN_MAX_LENGTH = 32767; + + @Deprecated public static final String EID_AUTH_BLOCK_OID = "1.2.40.0.10.2.1.1.261.62"; + @Deprecated public static final String EID_AUTH_BLOCK_NAME = URN_OID_PREFIX + EID_AUTH_BLOCK_OID; + @Deprecated public static final String EID_AUTH_BLOCK_FRIENDLY_NAME = "EID-AUTH-BLOCK"; + @Deprecated public static final int EID_AUTH_BLOCK_MAX_LENGTH = 32767; public static final String EID_CCS_URL_OID = "1.2.40.0.10.2.1.1.261.64"; public static final String EID_CCS_URL_NAME = URN_OID_PREFIX + EID_CCS_URL_OID; @@ -174,10 +179,10 @@ public interface PVPAttributeDefinitions { public static final String EID_SIGNER_CERTIFICATE_FRIENDLY_NAME = "EID-SIGNER-CERTIFICATE"; public static final int EID_SIGNER_CERTIFICATE_MAX_LENGTH = 32767; - public static final String EID_STORK_TOKEN_OID = "1.2.40.0.10.2.1.1.261.96"; - public static final String EID_STORK_TOKEN_NAME = URN_OID_PREFIX + EID_STORK_TOKEN_OID; - public static final String EID_STORK_TOKEN_FRIENDLY_NAME = "EID-STORK-TOKEN"; - public static final int EID_STORK_TOKEN_MAX_LENGTH = 32767; + @Deprecated public static final String EID_STORK_TOKEN_OID = "1.2.40.0.10.2.1.1.261.96"; + @Deprecated public static final String EID_STORK_TOKEN_NAME = URN_OID_PREFIX + EID_STORK_TOKEN_OID; + @Deprecated public static final String EID_STORK_TOKEN_FRIENDLY_NAME = "EID-STORK-TOKEN"; + @Deprecated public static final int EID_STORK_TOKEN_MAX_LENGTH = 32767; public static final String MANDATE_TYPE_OID = "1.2.40.0.10.2.1.1.261.68"; public static final String MANDATE_TYPE_NAME = URN_OID_PREFIX + MANDATE_TYPE_OID; @@ -189,20 +194,20 @@ public interface PVPAttributeDefinitions { public static final String MANDATE_TYPE_OID_FRIENDLY_NAME = "MANDATE-TYPE-OID"; public static final int MANDATE_TYPE_OID_MAX_LENGTH = 256; - public static final String MANDATE_NAT_PER_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.70"; - public static final String MANDATE_NAT_PER_SOURCE_PIN_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_OID; - public static final String MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN"; - public static final int MANDATE_NAT_PER_SOURCE_PIN_MAX_LENGTH = 128; + @Deprecated public static final String MANDATE_NAT_PER_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.70"; + @Deprecated public static final String MANDATE_NAT_PER_SOURCE_PIN_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_OID; + @Deprecated public static final String MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN"; + @Deprecated public static final int MANDATE_NAT_PER_SOURCE_PIN_MAX_LENGTH = 128; public static final String MANDATE_LEG_PER_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.100"; public static final String MANDATE_LEG_PER_SOURCE_PIN_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_SOURCE_PIN_OID; public static final String MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-SOURCE-PIN"; public static final int MANDATE_LEG_PER_SOURCE_PIN_MAX_LENGTH = 128; - public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.102"; - public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID; - public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN-TYPE"; - public static final int MANDATE_NAT_PER_SOURCE_PIN_TYPE_MAX_LENGTH = 128; + @Deprecated public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.102"; + @Deprecated public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID; + @Deprecated public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN-TYPE"; + @Deprecated public static final int MANDATE_NAT_PER_SOURCE_PIN_TYPE_MAX_LENGTH = 128; public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.76"; public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_SOURCE_PIN_TYPE_OID; @@ -259,10 +264,10 @@ public interface PVPAttributeDefinitions { public static final String MANDATE_REFERENCE_VALUE_FRIENDLY_NAME = "MANDATE-REFERENCE-VALUE"; public static final int MANDATE_REFERENCE_VALUE_MAX_LENGTH = 100; - public static final String MANDATE_FULL_MANDATE_OID = "1.2.40.0.10.2.1.1.261.92"; - public static final String MANDATE_FULL_MANDATE_NAME = URN_OID_PREFIX + MANDATE_FULL_MANDATE_OID; - public static final String MANDATE_FULL_MANDATE_FRIENDLY_NAME = "MANDATE-FULL-MANDATE"; - public static final int MANDATE_FULL_MANDATE_MAX_LENGTH = 32767; + @Deprecated public static final String MANDATE_FULL_MANDATE_OID = "1.2.40.0.10.2.1.1.261.92"; + @Deprecated public static final String MANDATE_FULL_MANDATE_NAME = URN_OID_PREFIX + MANDATE_FULL_MANDATE_OID; + @Deprecated public static final String MANDATE_FULL_MANDATE_FRIENDLY_NAME = "MANDATE-FULL-MANDATE"; + @Deprecated public static final int MANDATE_FULL_MANDATE_MAX_LENGTH = 32767; public static final String INVOICE_RECPT_ID_OID = "1.2.40.0.10.2.1.1.261.40"; public static final String INVOICE_RECPT_ID_NAME = URN_OID_PREFIX + INVOICE_RECPT_ID_OID; diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/EAAFAuthProcessDataConstants.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/EAAFAuthProcessDataConstants.java index f13cd27e..7ce24cf4 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/EAAFAuthProcessDataConstants.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/EAAFAuthProcessDataConstants.java @@ -36,10 +36,11 @@ public interface EAAFAuthProcessDataConstants { public static final String FLAG_IS_FOREIGNER = "direct_flagIsForeigner"; public static final String FLAG_USE_MANDATE = "direct_flagUseMandate"; public static final String FLAG_IS_ORGANWALTER = "direct_flagOrganwalter"; + public static final String FLAG_IS_NEW_EID_PROCESS = "direct_flagIsNewEID"; - public static final String VALUE_IDENTITYLINK = "direct_idl"; + @Deprecated public static final String VALUE_IDENTITYLINK = "direct_idl"; public static final String VALUE_QAALEVEL = "direct_qaaLevel"; - public static final String VALUE_MISMANDATE = "direct_MIS_Mandate"; + @Deprecated public static final String VALUE_MISMANDATE = "direct_MIS_Mandate"; } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java index 7dcd643d..e9d86efa 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java @@ -115,56 +115,19 @@ public interface IAuthData { String getFormatedDateOfBirth(); /** - * Get bPK of the user - * - * @return - */ - @Deprecated - String getBPK(); - - /** - * Get sector for user's bPK - * - * - * @return Sector identifier with prefix - */ - @Deprecated - String getBPKType(); - - - /** - * Get List of bPK/bPKType tuples for this service provider - * @return List of Pairs - */ - @Deprecated - List> getAdditionalbPKs(); - - /** - * Get baseId of this user + * Get the encrypted SourceId (vSZ) from new E-ID scheme * * @return */ - @Deprecated - String getIdentificationValue(); + String getEncryptedSourceId(); /** - * Get type identifier of the baseId - * By default, this type is urn:publicid:gv.at:baseid + * Get the type identifier of encrypted SourceId * * @return */ - @Deprecated - String getIdentificationType(); - - - /** - * Get the identityLink for the authenticated user - * - * @return IDL, or NULL if no IDL is available - */ - @Deprecated - IIdentityLink getIdentityLink(); - + String getEncryptedSourceIdType(); + /** * Return LoA for this user authentication * @@ -234,4 +197,55 @@ public interface IAuthData { */ public T getGenericData(String key, final Class clazz); + + /** + * Get bPK of the user + * + * @return + */ + @Deprecated + String getBPK(); + + /** + * Get sector for user's bPK + * + * + * @return Sector identifier with prefix + */ + @Deprecated + String getBPKType(); + + + /** + * Get List of bPK/bPKType tuples for this service provider + * @return List of Pairs + */ + @Deprecated + List> getAdditionalbPKs(); + + /** + * Get baseId of this user + * + * @return + */ + @Deprecated + String getIdentificationValue(); + + /** + * Get type identifier of the baseId + * By default, this type is urn:publicid:gv.at:baseid + * + * @return + */ + @Deprecated + String getIdentificationType(); + + + /** + * Get the identityLink for the authenticated user + * + * @return IDL, or NULL if no IDL is available + */ + @Deprecated + IIdentityLink getIdentityLink(); } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java index 46dd3850..17ec6445 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java @@ -79,6 +79,22 @@ public interface IAuthProcessDataContainer { @Deprecated void setIdentityLink(IIdentityLink identityLink); + + /** + * Flag marks the authentication process as new E-ID process + * + * @return true if E-ID process, otherwise false + */ + boolean isEIDProcess(); + + + /** + * Set the flag to make the process as new E-ID process + * + * @param value true if new E-ID process, otherwise false + */ + void setEIDProcess(boolean value); + /** * Indicate that mandates was used in this auth. process * diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFBuilderException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFBuilderException.java index c3fc6b76..dc2b61f7 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFBuilderException.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFBuilderException.java @@ -37,7 +37,7 @@ public class EAAFBuilderException extends EAAFException { super(errorId, params); } - public EAAFBuilderException(String errorId, Object[] objects, String message, Exception ex) { + public EAAFBuilderException(String errorId, Object[] objects, String message, Throwable ex) { super(errorId, objects, ex); } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java index 392ed9a9..a6bf247a 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java @@ -58,21 +58,27 @@ public class AuthenticationData implements IAuthData, Serializable { public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; private boolean isBaseIDTransferRestrication = true; - private Map genericDataStorate = new HashedMap(); + private final Map genericDataStorate = new HashedMap(); private String issuer; private Date issueInstant; - private String identificationValue; - private String identificationType; - private IIdentityLink identityLink = null; + @Deprecated private String identificationValue; + @Deprecated private String identificationType; + @Deprecated private IIdentityLink identityLink = null; private String familyName; private String givenName; private Date dateOfBirth; - private String bPK; - private String bPKType; - private List> additionalBpks; + + private String encSourceId; + private String encSourceIdType; + + + + @Deprecated private String bPK; + @Deprecated private String bPKType; + @Deprecated private List> additionalBpks; private String ccc = null; @@ -86,7 +92,7 @@ public class AuthenticationData implements IAuthData, Serializable { private String sessionIndex = null; private String nameID = null; private String nameIDFormat = null; - + public AuthenticationData() { this.issueInstant = new Date(); @@ -102,7 +108,7 @@ public class AuthenticationData implements IAuthData, Serializable { * * @param authIssuer */ - public void setAuthenticationIssuer(String authIssuer) { + public void setAuthenticationIssuer(final String authIssuer) { this.issuer = authIssuer; } @@ -114,8 +120,9 @@ public class AuthenticationData implements IAuthData, Serializable { } - public String getAuthenticationIssueInstantString() { - SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"); + @Override + public String getAuthenticationIssueInstantString() { + final SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"); f.setTimeZone(TimeZone.getTimeZone("UTC")); return f.format(this.issueInstant); @@ -126,7 +133,7 @@ public class AuthenticationData implements IAuthData, Serializable { * * @param date */ - public void setAuthenticationIssueInstant(Date date) { + public void setAuthenticationIssueInstant(final Date date) { this.issueInstant = date; } @@ -136,6 +143,8 @@ public class AuthenticationData implements IAuthData, Serializable { } + @Override + @Deprecated public String getBPK() { return bPK; } @@ -144,17 +153,20 @@ public class AuthenticationData implements IAuthData, Serializable { * Sets the bPK. * @param bPK The bPK to set */ - public void setBPK(String bPK) { + @Deprecated + public void setBPK(final String bPK) { this.bPK = bPK; } + @Override public Date getDateOfBirth() { return this.dateOfBirth; } + @Override public String getFormatedDateOfBirth() { - DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); + final DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); if (getDateOfBirth() != null) return pvpDateFormat.format(getDateOfBirth()); else @@ -163,26 +175,42 @@ public class AuthenticationData implements IAuthData, Serializable { } + @Override public String getFamilyName() { return this.familyName; } + @Override public String getGivenName() { return this.givenName; } + @Override + public String getEncryptedSourceId() { + return this.encSourceId; + } + @Override + public String getEncryptedSourceIdType() { + return this.encSourceIdType; + } + + @Override + @Deprecated public String getIdentificationValue() { return identificationValue; } + @Override + @Deprecated public String getIdentificationType() { return identificationType; } @Override + @Deprecated public IIdentityLink getIdentityLink() { return identityLink; } @@ -190,7 +218,8 @@ public class AuthenticationData implements IAuthData, Serializable { /** * @param identityLink the identityLink to set */ - public void setIdentityLink(IIdentityLink identityLink) { + @Deprecated + public void setIdentityLink(final IIdentityLink identityLink) { this.identityLink = identityLink; } @@ -198,19 +227,19 @@ public class AuthenticationData implements IAuthData, Serializable { * Sets the dateOfBirth. * @param dateOfBirth The dateOfBirth to set */ - public void setDateOfBirth(Date dateOfBirth) { + public void setDateOfBirth(final Date dateOfBirth) { this.dateOfBirth = dateOfBirth; } - public void setDateOfBirth(String dateOfBirth) { + public void setDateOfBirth(final String dateOfBirth) { try { if (StringUtils.isNotEmpty(dateOfBirth)) { - DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); + final DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); this.dateOfBirth = identityLinkFormat.parse(dateOfBirth); } - } catch (ParseException e) { + } catch (final ParseException e) { log.warn("Parse dateOfBirht from IdentityLink FAILED", e); } @@ -220,7 +249,7 @@ public class AuthenticationData implements IAuthData, Serializable { * Sets the familyName. * @param familyName The familyName to set */ - public void setFamilyName(String familyName) { + public void setFamilyName(final String familyName) { this.familyName = familyName; } @@ -228,7 +257,7 @@ public class AuthenticationData implements IAuthData, Serializable { * Sets the givenName. * @param givenName The givenName to set */ - public void setGivenName(String givenName) { + public void setGivenName(final String givenName) { this.givenName = givenName; } @@ -236,7 +265,8 @@ public class AuthenticationData implements IAuthData, Serializable { * Sets the identificationValue. * @param identificationValue The identificationValue to set */ - public void setIdentificationValue(String identificationValue) { + @Deprecated + public void setIdentificationValue(final String identificationValue) { this.identificationValue = identificationValue; } @@ -244,11 +274,14 @@ public class AuthenticationData implements IAuthData, Serializable { * Sets the identificationType. * @param identificationType The identificationType to set */ - public void setIdentificationType(String identificationType) { + @Deprecated + public void setIdentificationType(final String identificationType) { this.identificationType = identificationType; } + @Override + @Deprecated public String getBPKType() { return bPKType; } @@ -258,16 +291,19 @@ public class AuthenticationData implements IAuthData, Serializable { * * @param bPKType */ - public void setBPKType(String bPKType) { + @Deprecated + public void setBPKType(final String bPKType) { this.bPKType = bPKType; } + @Override public String getEIDASQAALevel() { return this.eIDASLoA; } + @Override public boolean isForeigner() { return this.foreigner; } @@ -278,7 +314,7 @@ public class AuthenticationData implements IAuthData, Serializable { * * @param true if the user is a foreigner, otherwise false */ - public void setForeigner(boolean foreigner) { + public void setForeigner(final boolean foreigner) { this.foreigner = foreigner; } @@ -293,7 +329,7 @@ public class AuthenticationData implements IAuthData, Serializable { * * @param true if a SSO was used, otherwise false */ - public void setSsoSession(boolean ssoSession) { + public void setSsoSession(final boolean ssoSession) { this.ssoSession = ssoSession; } @@ -303,10 +339,11 @@ public class AuthenticationData implements IAuthData, Serializable { * * @param ccc Two letter country code */ - public void setCiticenCountryCode(String ccc) { + public void setCiticenCountryCode(final String ccc) { this.ccc = ccc; } + @Override public String getSessionIndex() { return sessionIndex; } @@ -314,7 +351,7 @@ public class AuthenticationData implements IAuthData, Serializable { /** * @param sessionIndex the sessionIndex to set */ - public void setSessionIndex(String sessionIndex) { + public void setSessionIndex(final String sessionIndex) { this.sessionIndex = sessionIndex; } @@ -327,13 +364,14 @@ public class AuthenticationData implements IAuthData, Serializable { /** * @param nameID the nameID to set */ - public void setNameID(String nameID) { + public void setNameID(final String nameID) { this.nameID = nameID; } /** * @return the nameIDFormat */ + @Override public String getNameIDFormat() { return nameIDFormat; } @@ -341,13 +379,14 @@ public class AuthenticationData implements IAuthData, Serializable { /** * @param nameIDFormat the nameIDFormat to set */ - public void setNameIDFormat(String nameIDFormat) { + public void setNameIDFormat(final String nameIDFormat) { this.nameIDFormat = nameIDFormat; } /** * @return the ssoSessionValidTo */ + @Override public Date getSsoSessionValidTo() { return ssoSessionValidTo; } @@ -355,7 +394,7 @@ public class AuthenticationData implements IAuthData, Serializable { /** * @param ssoSessionValidTo the ssoSessionValidTo to set */ - public void setSsoSessionValidTo(Date ssoSessionValidTo) { + public void setSsoSessionValidTo(final Date ssoSessionValidTo) { this.ssoSessionValidTo = ssoSessionValidTo; } @@ -371,7 +410,7 @@ public class AuthenticationData implements IAuthData, Serializable { /** * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set */ - public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) { + public void setBaseIDTransferRestrication(final boolean isBaseIDTransferRestrication) { this.isBaseIDTransferRestrication = isBaseIDTransferRestrication; } @@ -382,19 +421,21 @@ public class AuthenticationData implements IAuthData, Serializable { * @param clazz The class type which is stored with this key * @return The data object or null if no data is found with this key */ - public T getGenericData(String key, final Class clazz) { + @Override + public T getGenericData(final String key, final Class clazz) { if (StringUtils.isNotEmpty(key)) { - Object data = genericDataStorate.get(key); + final Object data = genericDataStorate.get(key); if (data == null) return null; try { @SuppressWarnings("unchecked") + final T test = (T) data; return test; - } catch (Exception e) { + } catch (final Exception e) { log.warn("Generic authentication-data object can not be casted to requsted type", e); return null; @@ -414,7 +455,7 @@ public class AuthenticationData implements IAuthData, Serializable { * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage */ - public void setGenericData(String key, Object object) throws EAAFStorageException { + public void setGenericData(final String key, final Object object) throws EAAFStorageException { if (StringUtils.isEmpty(key)) { log.info("Generic session-data can not be stored with a 'null' key"); throw new EAAFStorageException("Generic data can not be stored with a 'null' key", null); @@ -437,27 +478,49 @@ public class AuthenticationData implements IAuthData, Serializable { genericDataStorate.put(key, object); } - public void seteIDASLoA(String eIDASLoA) { + public void seteIDASLoA(final String eIDASLoA) { this.eIDASLoA = eIDASLoA; } @Override + @Deprecated public List> getAdditionalbPKs() { return this.additionalBpks; } + /** + * Set the encrypted SourceId for current authenticated user + * + * @param encSourceId + */ + public void setEncSourceId(final String encSourceId) { + this.encSourceId = encSourceId; + } + + /** + * Set the type identifier of the encrypted SourceId + * + * @param encSourceIdType + */ + public void setEncSourceIdType(final String encSourceIdType) { + this.encSourceIdType = encSourceIdType; + } + + + /** * Add an additional bPK Pair into authdata * * @param bPK Pair */ - public void addAdditionalbPKPair(Pair bPK) { + @Deprecated + public void addAdditionalbPKPair(final Pair bPK) { if (this.additionalBpks == null) { this.additionalBpks = new ArrayList>(); } this.additionalBpks.add(bPK); - } + } } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java index f578afd8..2482d65f 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java @@ -36,6 +36,8 @@ import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.lang.NonNull; +import org.springframework.util.Assert; import org.springframework.util.Base64Utils; import org.w3c.dom.DOMException; import org.w3c.dom.Element; @@ -43,18 +45,23 @@ import org.w3c.dom.Node; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions; import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.EAAFParserException; import at.gv.egiz.eaaf.core.exceptions.XPathException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; @@ -67,7 +74,221 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati protected Collection includedToGenericAuthData = null; @Autowired protected IConfiguration basicConfig; - protected void generateBasicAuthData(AuthenticationData authData, IRequest pendingReq, + @Override + public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException { + IAuthData authData = null; + final IAuthProcessDataContainer authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + + try { + if (authProcessData.isEIDProcess()) { + log.debug("Building AuthData from new E-ID information ... "); + authData = getAuthDataInstance(pendingReq); + Assert.notNull(authData, "AuthData is null"); + + log.trace("Adding generic AuthData information ... "); + buildInternalAuthDataGeneric(authData, authProcessData, pendingReq); + + log.trace("Build service-specific AuthData information ... "); + buildServiceSpecificAuthenticationData(authData, pendingReq); + + } else { + log.info("User authentication uses the deprecated. Building AuthData from deprecated information ... "); + authData = buildDeprecatedAuthData(pendingReq); + Assert.notNull(authData, "AuthData is null"); + + } + + + } catch (XPathException | DOMException | EAAFException e) { + log.warn("Can not build authentication data from auth. process information"); + throw new EAAFAuthenticationException("builder.11", new Object[]{e.getMessage()}, e); + + } + + log.trace("AuthData generation finished"); + return authData; + + } + + /** + * * @param pendingReq current pendingRequest + * + * @param pendingReq current pendingRequest + * @return {@link IAuthData} but never null + * @throws EAAFException + */ + @NonNull + abstract protected IAuthData getAuthDataInstance(IRequest pendingReq) throws EAAFException; + + /** + * Build service-specific AuthData by using information from E-ID + * This builder uses vSZ, MDS and Consent as input information + * + * @param pendingReq current pendingRequest + * @return {@link IAuthData} but never null + * @throws EAAFException + */ + abstract protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) throws EAAFException; + + + /** + * Add generic E-ID information into already existing AuthData + * + * @param authData + * @param authProcessData + * @param pendingReq + */ + private void buildInternalAuthDataGeneric(@NonNull IAuthData authData, + @NonNull IAuthProcessDataContainer authProcessData, @NonNull IRequest pendingReq) { + Assert.notNull(pendingReq, "PendingRequest is null"); + Assert.notNull(authData, "AuthData is null"); + Assert.notNull(authProcessData, "AuthProcessData is null"); + + if (!(authData instanceof AuthenticationData)) { + log.error("AuthData has no suitable type! Requires: {}", AuthenticationData.class.getName()); + throw new RuntimeException("AuthData has no suitable type! Requires: " + AuthenticationData.class.getName()); + + } + + final AuthenticationData internalAuthData = (AuthenticationData)authData; + + //TODO: check if it is needed +// if (authProcessData.getGenericSessionDataStorage() != null && +// !authProcessData.getGenericSessionDataStorage().isEmpty()) +// includedToGenericAuthData = authProcessData.getGenericSessionDataStorage().keySet(); +// else + includedToGenericAuthData = new ArrayList(); + + //#################################################### + //set general authData info's + internalAuthData.setAuthenticationIssuer(pendingReq.getAuthURL()); + internalAuthData.setSsoSession(pendingReq.needSingleSignOnFunctionality()); + internalAuthData.setBaseIDTransferRestrication(pendingReq.getServiceProviderConfiguration().hasBaseIdTransferRestriction()); + + //#################################################### + //set MDS and vSZ + internalAuthData.setFamilyName(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.PRINCIPAL_NAME_NAME, String.class)); + internalAuthData.setGivenName(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.GIVEN_NAME_NAME, String.class)); + internalAuthData.setDateOfBirth(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.BIRTHDATE_NAME, String.class)); + internalAuthData.setEncSourceId(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.EID_ENCRYPTED_SOURCEID_NAME, String.class)); + internalAuthData.setEncSourceIdType(authProcessData.getGenericDataFromSession(ExtendedPVPAttributeDefinitions.EID_ENCRYPTED_SOURCEID_TYPE_NAME, String.class)); + + + //#################################################### + //set QAA level + setQAALevel(internalAuthData, authProcessData, pendingReq); + + + //#################################################### + //set isForeigner flag + setFlagForeigner(internalAuthData, authProcessData, pendingReq); + + + //#################################################### + //set citizen country-code + setCitizenCountryCode(internalAuthData, authProcessData, pendingReq); + + } + + /** + * Parse citzen country-code into AuthData + * + * @param internalAuthData + * @param authProcessData + * @param pendingReq + */ + private void setCitizenCountryCode(AuthenticationData authData, IAuthProcessDataContainer authProcessData, + IRequest pendingReq) { + includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_ISSUING_NATION_NAME); + final String pvpCCCAttr = authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class); + if (StringUtils.isNotEmpty(pvpCCCAttr)) { + authData.setCiticenCountryCode(pvpCCCAttr); + log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME); + + } else { + if (authData.isForeigner()) { + //TODO!!!! + + } else { + authData.setCiticenCountryCode(basicConfig.getBasicConfiguration( + IConfiguration.CONFIG_PROPS_AUTH_DEFAULT_COUNTRYCODE, + EAAFConstants.COUNTRYCODE_AUSTRIA)); + + } + } + + } + + /** + * parse QAA Level into AuthData + * + * @param authData + * @param authProcessData + * @param pendingReq + */ + private void setQAALevel(@NonNull AuthenticationData authData, + @NonNull IAuthProcessDataContainer authProcessData, @NonNull IRequest pendingReq) { + includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME); + String currentLoA = null; + if (StringUtils.isNotEmpty(authProcessData.getQAALevel())) + currentLoA = authProcessData.getQAALevel(); + else { + currentLoA = authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, String.class); + if (StringUtils.isNotEmpty(currentLoA)) { + log.debug("Find PVP-Attr '" + PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA + + " --> Parse QAA-Level from that attribute."); + + } + } + if (StringUtils.isNotEmpty(currentLoA)) { + if (currentLoA.startsWith(EAAFConstants.EIDAS_LOA_PREFIX)) { + authData.seteIDASLoA(currentLoA); + + } else + log.info("Only eIDAS LoAs are supported by this implementation"); + + } else { + log.info("No QAA level found. Set to default level " + EAAFConstants.EIDAS_LOA_LOW); + authData.seteIDASLoA(EAAFConstants.EIDAS_LOA_LOW); + + } + + } + + /** + * Parse Foreigner information into AuthData + * + * @param authData + * @param authProcessData + * @param pendingReq + */ + private void setFlagForeigner(AuthenticationData authData, IAuthProcessDataContainer authProcessData, IRequest pendingReq) { + //TODO: change to new eIDAS-token attribute identifier + if (authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_STORK_TOKEN_NAME) != null) { + log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_STORK_TOKEN_FRIENDLY_NAME + + " --> Set 'isForeigner' flag to TRUE"); + authData.setForeigner(true); + + } else { + authData.setForeigner(authProcessData.isForeigner()); + + } + } + + /** + * Build authentication data by using information from citizen-card or mobile-phone signature + * This builder uses IdentityLink, AuthBlock, full MIS mandate as input information + * + * @param pendingReq current pendingRequest + * @return {@link IAuthData} but never null + * @throws EAAFException + */ + @Deprecated + @NonNull + abstract protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EAAFException; + + @Deprecated + protected void generateDeprecatedBasicAuthData(AuthenticationData authData, IRequest pendingReq, IAuthProcessDataContainer authProcessData) throws EAAFBuilderException, EAAFConfigurationException, XPathException, DOMException, EAAFParserException { if (authProcessData.getGenericSessionDataStorage() != null && @@ -86,13 +307,13 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati //#################################################### //parse user info's from identityLink IIdentityLink idlFromPVPAttr = null; - IIdentityLink identityLink = authProcessData.getIdentityLink(); + final IIdentityLink identityLink = authProcessData.getIdentityLink(); if (identityLink != null) { parseBasicUserInfosFromIDL(authData, identityLink, includedToGenericAuthData); } else { // identityLink is not direct in MOASession - String pvpAttrIDL = authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_IDENTITY_LINK_NAME, String.class); + final String pvpAttrIDL = authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_IDENTITY_LINK_NAME, String.class); //find PVP-Attr. which contains the IdentityLink if (StringUtils.isNotEmpty(pvpAttrIDL)) { log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_IDENTITY_LINK_FRIENDLY_NAME @@ -106,10 +327,10 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati //set identitylink into AuthProcessData authProcessData.setIdentityLink(idlFromPVPAttr);; - } catch (EAAFParserException e) { + } catch (final EAAFParserException e) { log.warn("Received IdentityLink is not valid", e); - } catch (Exception e) { + } catch (final Exception e) { log.warn("Received IdentityLink is not valid", e); } finally { @@ -118,7 +339,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati if (idlStream != null) idlStream.close(); - } catch (IOException e) { + } catch (final IOException e) { log.warn("Close InputStream FAILED.", e); } @@ -154,72 +375,27 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati authData.setIdentificationType(null); } + //#################################################### //set QAA level - includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME); - String currentLoA = null; - if (StringUtils.isNotEmpty(authProcessData.getQAALevel())) - currentLoA = authProcessData.getQAALevel(); - else { - currentLoA = authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, String.class); - if (StringUtils.isNotEmpty(currentLoA)) { - log.debug("Find PVP-Attr '" + PVPAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA - + " --> Parse QAA-Level from that attribute."); - - } - } - if (StringUtils.isNotEmpty(currentLoA)) { - if (currentLoA.startsWith(EAAFConstants.EIDAS_LOA_PREFIX)) { - authData.seteIDASLoA(currentLoA); - - } else - log.info("Only eIDAS LoAs are supported by this implementation"); - - } else { - log.info("No QAA level found. Set to default level " + EAAFConstants.EIDAS_LOA_LOW); - authData.seteIDASLoA(EAAFConstants.EIDAS_LOA_LOW); + setQAALevel(authData, authProcessData, pendingReq); - } //#################################################### - //set isForeigner flag - //TODO: change to new eIDAS-token attribute identifier - if (authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_STORK_TOKEN_NAME) != null) { - log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_STORK_TOKEN_FRIENDLY_NAME - + " --> Set 'isForeigner' flag to TRUE"); - authData.setForeigner(true); - - } else { - authData.setForeigner(authProcessData.isForeigner()); - - } + //set isForeigner flag + setFlagForeigner(authData, authProcessData, pendingReq); + //#################################################### //set citizen country-code - includedToGenericAuthData.remove(PVPAttributeDefinitions.EID_ISSUING_NATION_NAME); - String pvpCCCAttr = authProcessData.getGenericDataFromSession(PVPAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class); - if (StringUtils.isNotEmpty(pvpCCCAttr)) { - authData.setCiticenCountryCode(pvpCCCAttr); - log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME); - - } else { - if (authData.isForeigner()) { - //TODO!!!! - - } else { - authData.setCiticenCountryCode(basicConfig.getBasicConfiguration( - IConfiguration.CONFIG_PROPS_AUTH_DEFAULT_COUNTRYCODE, - EAAFConstants.COUNTRYCODE_AUSTRIA)); - - } - } + setCitizenCountryCode(authData, authProcessData, pendingReq); //#################################################### // set bPK and IdentityLink - String pvpbPKValue = getbPKValueFromPVPAttribute(authProcessData); - String pvpbPKTypeAttr = getbPKTypeFromPVPAttribute(authProcessData); - Pair pvpEncbPKAttr = getEncryptedbPKFromPVPAttribute(authProcessData, authData, pendingReq.getServiceProviderConfiguration()); + final String pvpbPKValue = getbPKValueFromPVPAttribute(authProcessData); + final String pvpbPKTypeAttr = getbPKTypeFromPVPAttribute(authProcessData); + final Pair pvpEncbPKAttr = getEncryptedbPKFromPVPAttribute(authProcessData, authData, pendingReq.getServiceProviderConfiguration()); //check if a unique ID for this citizen exists if (StringUtils.isEmpty(authData.getIdentificationValue()) && @@ -250,7 +426,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati // baseID is in AuthSesson --> calculate bPK directly } else if (StringUtils.isNotEmpty(authData.getIdentificationValue())) { log.debug("Citizen baseID is in MOASession --> calculate bPK from this."); - Pair result = buildOAspecificbPK(pendingReq, authData); + final Pair result = buildOAspecificbPK(pendingReq, authData); authData.setBPK(result.getFirst()); authData.setBPKType(result.getSecond()); @@ -276,12 +452,12 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } } - Pair baseIDFromSZR = getbaseIDFromSZR(authData, notValidbPK, notValidbPKType); + final Pair baseIDFromSZR = getbaseIDFromSZR(authData, notValidbPK, notValidbPKType); if (baseIDFromSZR != null) { log.info("Receive citizen baseID from SRZ. Authentication can be completed"); authData.setIdentificationValue(baseIDFromSZR.getFirst()); authData.setIdentificationType(baseIDFromSZR.getSecond()); - Pair result = buildOAspecificbPK(pendingReq, authData); + final Pair result = buildOAspecificbPK(pendingReq, authData); authData.setBPK(result.getFirst()); authData.setBPKType(result.getSecond()); @@ -310,24 +486,26 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } //extract a encrypted bPK from PVP attrobute + @Deprecated protected abstract Pair getEncryptedbPKFromPVPAttribute(IAuthProcessDataContainer authProcessDataContainer, AuthenticationData authData, ISPConfiguration spConfig) throws EAAFBuilderException; //request baseId from SRZ + @Deprecated protected abstract Pair getbaseIDFromSZR(AuthenticationData authData, String notValidbPK, String notValidbPKType); - + @Deprecated protected Pair buildOAspecificbPK(IRequest pendingReq, AuthenticationData authData) throws EAAFBuilderException { - ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration(); + final ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration(); - String baseID = authData.getIdentificationValue(); - String baseIDType = authData.getIdentificationType(); + final String baseID = authData.getIdentificationValue(); + final String baseIDType = authData.getIdentificationType(); Pair sectorSpecId = null; if (EAAFConstants.URN_PREFIX_BASEID.equals(baseIDType)) { //SAML1 legacy target parameter work-around - String spTargetId = oaParam.getAreaSpecificTargetIdentifier(); + final String spTargetId = oaParam.getAreaSpecificTargetIdentifier(); log.debug("Use OA target identifier '" + spTargetId + "' from configuration"); //calculate sector specific unique identifier @@ -344,18 +522,19 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } + @Deprecated protected IIdentityLink buildOAspecificIdentityLink(ISPConfiguration spConfig, IIdentityLink idl, String bPK, String bPKType) throws EAAFConfigurationException, XPathException, DOMException, EAAFParserException { if (spConfig.hasBaseIdTransferRestriction()) { log.debug("SP: " + spConfig.getUniqueIdentifier() + " has baseId transfer restriction. Remove baseId from IDL ..."); - Element idlassertion = idl.getSamlAssertion(); + final Element idlassertion = idl.getSamlAssertion(); //set bpk/wpbk; - Node prIdentification = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); + final Node prIdentification = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); prIdentification.getFirstChild().setNodeValue(bPK); //set bkp/wpbk type - Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); + final Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); prIdentificationType.getFirstChild().setNodeValue(bPKType); - SimpleIdentityLinkAssertionParser idlparser = new SimpleIdentityLinkAssertionParser(idlassertion); + final SimpleIdentityLinkAssertionParser idlparser = new SimpleIdentityLinkAssertionParser(idlassertion); return idlparser.parseIdentityLink(); } else @@ -371,6 +550,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati * @param bPKType bPK-Type to check * @return true, if bPK-Type matchs to Service-Provider configuration, otherwise false */ + @Deprecated private boolean matchsReceivedbPKToOnlineApplication(ISPConfiguration oaParam, String bPKType) { return oaParam.getAreaSpecificTargetIdentifier().equals(bPKType); @@ -383,6 +563,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati * @param identityLink * @param includedGenericSessionData */ + @Deprecated private void parseBasicUserInfosFromIDL(AuthenticationData authData, IIdentityLink identityLink, Collection includedGenericSessionData) { authData.setIdentificationValue(identityLink.getIdentificationValue()); authData.setIdentificationType(identityLink.getIdentificationType()); @@ -422,6 +603,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati * @param session MOASession, but never null * @return bPK, which was received by PVP-Attribute, or null if no attribute exists */ + @Deprecated private String getbPKValueFromPVPAttribute(IAuthProcessDataContainer session) { String pvpbPKValueAttr = session.getGenericDataFromSession(PVPAttributeDefinitions.BPK_NAME, String.class); if (StringUtils.isNotEmpty(pvpbPKValueAttr)) { @@ -434,7 +616,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } - String[] spitted = pvpbPKValueAttr.split(":"); + final String[] spitted = pvpbPKValueAttr.split(":"); if (spitted.length == 2) { log.debug("Find PVP-Attr: " + PVPAttributeDefinitions.BPK_FRIENDLY_NAME); return spitted[1]; @@ -464,8 +646,9 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati * @param session MOASession, but never null * @return bPKType, which was received by PVP-Attribute, or null if no attribute exists */ + @Deprecated private String getbPKTypeFromPVPAttribute(IAuthProcessDataContainer session) { - String pvpbPKTypeAttr = session.getGenericDataFromSession(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class); + final String pvpbPKTypeAttr = session.getGenericDataFromSession(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class); if (StringUtils.isNotEmpty(pvpbPKTypeAttr)) { // //fix a wrong bPK-Type encoding, which was used in some PVP Standardportal implementations diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java index 93fbcc91..e096b8e6 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java @@ -173,6 +173,17 @@ public class AuthProcessDataWrapper implements IAuthProcessDataContainer, EAAFAu } + @Override + public boolean isEIDProcess() { + return wrapStringObject(FLAG_IS_NEW_EID_PROCESS, false, Boolean.class); + } + + @Override + public void setEIDProcess(boolean value) { + authProcessData.put(FLAG_IS_NEW_EID_PROCESS, value); + + } + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionCreated() */ @@ -186,8 +197,8 @@ public class AuthProcessDataWrapper implements IAuthProcessDataContainer, EAAFAu */ @Override public Map getGenericSessionDataStorage() { - Map result = new HashMap(); - for (String el : authProcessData.keySet()) { + final Map result = new HashMap(); + for (final String el : authProcessData.keySet()) { if (el.startsWith(GENERIC_PREFIX)) result.put(el.substring(GENERIC_PREFIX.length()), authProcessData.get(el)); @@ -223,7 +234,7 @@ public class AuthProcessDataWrapper implements IAuthProcessDataContainer, EAAFAu protected T wrapStringObject(String key, Object defaultValue, Class clazz) { if (StringUtils.isNotEmpty(key)) { - Object obj = authProcessData.get(key); + final Object obj = authProcessData.get(key); if (obj != null && clazz.isInstance(obj)) return (T) obj; } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEncryptedSourceIdAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEncryptedSourceIdAttributeBuilder.java new file mode 100644 index 00000000..3fbdaf66 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEncryptedSourceIdAttributeBuilder.java @@ -0,0 +1,58 @@ +/******************************************************************************* + * Copyright 2019 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; + +public class EIDEncryptedSourceIdAttributeBuilder implements IAttributeBuilder, ExtendedPVPAttributeDefinitions { + + @Override + public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) + throws AttributeBuilderException { + return g.buildStringAttribute(getFriendlyName(), getName(), authData.getEncryptedSourceId()); + + } + + @Override + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(getFriendlyName(), getName()); + + } + + @Override + public String getName() { + return EID_ENCRYPTED_SOURCEID_NAME; + } + + private String getFriendlyName() { + return EID_ENCRYPTED_SOURCEID_FRIENDLY_NAME; + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEncryptedSourceIdTypeAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEncryptedSourceIdTypeAttributeBuilder.java new file mode 100644 index 00000000..440ccf59 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EIDEncryptedSourceIdTypeAttributeBuilder.java @@ -0,0 +1,58 @@ +/******************************************************************************* + * Copyright 2019 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; + +public class EIDEncryptedSourceIdTypeAttributeBuilder implements IAttributeBuilder, ExtendedPVPAttributeDefinitions { + + @Override + public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) + throws AttributeBuilderException { + return g.buildStringAttribute(getFriendlyName(), getName(), authData.getEncryptedSourceIdType()); + + } + + @Override + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(getFriendlyName(), getName()); + + } + + @Override + public String getName() { + return EID_ENCRYPTED_SOURCEID_TYPE_NAME; + } + + private String getFriendlyName() { + return EID_ENCRYPTED_SOURCEID_TYPE_FRIENDLY_NAME; + } + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/TestAuthenticationDataBuilder.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/TestAuthenticationDataBuilder.java index 834c2d6e..c5610bc9 100644 --- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/TestAuthenticationDataBuilder.java +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/TestAuthenticationDataBuilder.java @@ -6,6 +6,7 @@ import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder; @@ -14,20 +15,32 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; public class TestAuthenticationDataBuilder extends AbstractAuthenticationDataBuilder { @Override - public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException { + protected IAuthData getAuthDataInstance(IRequest pendingReq) throws EAAFException { + throw new EAAFException("Not supported yet"); + } - AuthenticationData authData = new AuthenticationData(); + @Override + protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) + throws EAAFException { + throw new EAAFException("Not supported yet"); + + } + + @Override + @Deprecated + protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EAAFException { + final AuthenticationData authData = new AuthenticationData(); try { - generateBasicAuthData(authData, pendingReq, pendingReq.getSessionData(AuthProcessDataWrapper.class)); + generateDeprecatedBasicAuthData(authData, pendingReq, pendingReq.getSessionData(AuthProcessDataWrapper.class)); - } catch (Exception e) { + } catch (final Exception e) { e.printStackTrace(); throw new EAAFAuthenticationException("AuthDataGeneration FAILED", null, e); } return authData; } - + @Override protected Pair getEncryptedbPKFromPVPAttribute(IAuthProcessDataContainer authProcessDataContainer, AuthenticationData authData, ISPConfiguration spConfig) throws EAAFBuilderException { @@ -42,4 +55,5 @@ public class TestAuthenticationDataBuilder extends AbstractAuthenticationDataBui return null; } + } -- cgit v1.2.3