aboutsummaryrefslogtreecommitdiff
path: root/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core
diff options
context:
space:
mode:
Diffstat (limited to 'modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core')
-rw-r--r--modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java178
1 files changed, 23 insertions, 155 deletions
diff --git a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java
index e5937b99..9580a62f 100644
--- a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java
+++ b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java
@@ -24,28 +24,19 @@
package at.asitplus.eidas.specific.core.builder;
import java.util.Date;
-import java.util.Optional;
-import java.util.Set;
-import java.util.stream.Collectors;
import org.springframework.stereotype.Service;
-import com.google.common.collect.Streams;
-
import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
-import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
-import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.impl.data.Triple;
import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder;
@@ -55,59 +46,52 @@ import lombok.extern.slf4j.Slf4j;
@Service("AuthenticationDataBuilder")
@Slf4j
public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder {
-
- private static final String ERROR_B11 = "builder.11";
@Override
- protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EaafException {
+ protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EaafException {
final EidAuthProcessDataWrapper authProcessData =
- pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
- final EidAuthenticationData authData = new EidAuthenticationData();
-
- // set basis infos
+ pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
+ EidAuthenticationData authData = new EidAuthenticationData();
+
+ //set basis infos
super.generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData);
-
+
// set specific informations
authData.setSsoSessionValidTo(
new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000));
-
- authData.setEidStatus(authProcessData.isTestIdentity()
- ? EidIdentityStatusLevelValues.TESTIDENTITY
- : EidIdentityStatusLevelValues.IDENTITY);
-
+
+ authData.setEidStatus(authProcessData.isTestIdentity()
+ ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY);
+
return authData;
}
@Override
- protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq)
+ protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq)
throws EaafException {
if (authData instanceof EidAuthenticationData) {
- ((EidAuthenticationData) authData).setGenericData(
- ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME,
+ ((EidAuthenticationData)authData).setGenericData(
+ ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME,
pendingReq.getUniquePiiTransactionIdentifier());
log.trace("Inject piiTransactionId: {} into AuthData", pendingReq.getUniquePiiTransactionIdentifier());
-
+
// set specific informations
- ((EidAuthenticationData) authData).setSsoSessionValidTo(
+ ((EidAuthenticationData)authData).setSsoSessionValidTo(
new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000));
- // set E-ID status-level
+ //set E-ID status-level
final EidAuthProcessDataWrapper authProcessData =
- pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
- ((EidAuthenticationData) authData).setEidStatus(authProcessData.isTestIdentity()
- ? EidIdentityStatusLevelValues.TESTIDENTITY
- : EidIdentityStatusLevelValues.IDENTITY);
-
- // handle mandate informations
- buildMandateInformation((EidAuthenticationData) authData, pendingReq, authProcessData);
-
+ pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
+ ((EidAuthenticationData)authData).setEidStatus(authProcessData.isTestIdentity()
+ ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY);
+
} else {
- throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: "
+ throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: "
+ authData.getClass().getName());
-
+
}
-
+
}
@Override
@@ -136,120 +120,4 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
}
- private void buildMandateInformation(EidAuthenticationData authData, IRequest pendingReq,
- EidAuthProcessDataWrapper authProcessData) throws EaafAuthenticationException, EaafBuilderException,
- EaafStorageException {
- authData.setUseMandate(authProcessData.isMandateUsed());
- if (authProcessData.isMandateUsed()) {
- log.debug("Build mandate-releated authentication data ... ");
- if (authProcessData.isForeigner()) {
- buildMandateInformationForEidasIncoming();
-
- } else {
- buildMandateInformationForEidasOutgoing(authData, pendingReq, authProcessData);
-
- }
-
- // inject mandate information into authdata
- final Set<String> mandateAttributes = Streams.concat(
- MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES.stream(),
- MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_JUR_PVP_ATTRIBUTES.stream())
- .map(el -> el.getFirst())
- .collect(Collectors.toSet());
-
- authProcessData.getGenericSessionDataStream()
- .filter(el -> mandateAttributes.contains(el.getKey()))
- .forEach(el -> {
- try {
- authData.setGenericData(el.getKey(), el.getValue());
-
- } catch (final EaafStorageException e) {
- log.error("Can not store attribute: {} into session.", el.getKey(), e);
- throw new RuntimeException(e);
-
- }
- });
- }
- }
-
- private void buildMandateInformationForEidasIncoming() {
- log.debug("Find eIDAS incoming process. Generated mandate-information for ID-Austria system ... ");
-
- // TODO: implement IDA specific processing of foreign mandate
-
- }
-
- private void buildMandateInformationForEidasOutgoing(EidAuthenticationData authData, IRequest pendingReq,
- EidAuthProcessDataWrapper authProcessData) throws EaafAuthenticationException, EaafBuilderException,
- EaafStorageException {
- log.debug("Find eIDAS outgoing process. Generated mandate-information for other country ... ");
- if (authProcessData.getGenericDataFromSession(
- PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME) != null) {
- final Optional<Triple<String, String, Boolean>> missingAttribute =
- MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES.stream()
- .filter(el -> authProcessData.getGenericDataFromSession(el.getFirst()) == null)
- .findFirst();
- if (missingAttribute.isPresent()) {
- log.error("ID-Austria response contains not all attributes for nat. person mandator. Missing: {}",
- missingAttribute.get().getFirst());
- throw new EaafAuthenticationException(ERROR_B11, new Object[] { "Nat. person mandate" });
-
- } else {
- log.trace("Find nat. person mandate. Mandate can be used as it is ");
- authData.setGenericData(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER,
- extractBpkFromResponse(authProcessData.getGenericDataFromSession(
- PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, String.class)));
-
- }
-
- } else {
- final Optional<Triple<String, String, Boolean>> missingAttribute =
- MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_JUR_PVP_ATTRIBUTES.stream()
- .filter(el -> authProcessData.getGenericDataFromSession(el.getFirst()) == null)
- .findFirst();
- if (missingAttribute.isPresent()) {
- log.error("ID-Austria response contains not all attributes for legal. person mandator. Missing: {}",
- missingAttribute.get().getFirst());
- throw new EaafAuthenticationException(ERROR_B11, new Object[] { "Legal. person mandate" });
-
- } else {
- log.trace(
- "Find jur. person mandate. Generate eIDAS identifier from legal-person sourcePin and type ... ");
- final String sourcePin = authProcessData.getGenericDataFromSession(
- PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class);
- final String sourcePinType = authProcessData.getGenericDataFromSession(
- PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class);
-
- // build leagl-person identifier for eIDAS out-going
- final String[] splittedTarget =
- pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier().split("\\+");
- StringBuilder sb = new StringBuilder();
- sb.append(splittedTarget[1])
- .append("/")
- .append(splittedTarget[2])
- .append("/")
- .append(sourcePinType)
- .append("+")
- .append(sourcePin);
-
- log.debug("Use legal-person eIDAS identifer: {} from baseId: {} and baseIdType: {}",
- sb.toString(), sourcePin, sourcePinType);
- authData.setGenericData(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, sb.toString());
-
- }
- }
- }
-
- private String extractBpkFromResponse(String pvpBpkAttrValue) {
- final String[] split = pvpBpkAttrValue.split(":", 2);
- if (split.length == 2) {
- return split[1];
-
- } else {
- log.warn("PVP bPK attribute: {} has wrong format. Use it as it is.", pvpBpkAttrValue);
- return pvpBpkAttrValue;
-
- }
- }
-
}