Update authdate generation from interfedered assertion information

7 files changed, 115 insertions, 3 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 2c20e96ed..48933d5c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -352,6 +352,8 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 		
 		Logger.debug("Build AuthData from assertion starts ....");
 		
+		authData.setIsBusinessService(oaParam.getBusinessService());
+		
 		authData.setFamilyName(extractor.getSingleAttributeValue(PVPConstants.PRINCIPAL_NAME_NAME));		
 		authData.setGivenName(extractor.getSingleAttributeValue(PVPConstants.GIVEN_NAME_NAME));		
 		authData.setDateOfBirth(extractor.getSingleAttributeValue(PVPConstants.BIRTHDATE_NAME));
@@ -706,6 +708,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 		}
 				
 		authData.setSsoSession(true);
+		authData.setInterfederatedSSOSession(true);
 		
 		if (extractor.getFullAssertion().getConditions() != null && extractor.getFullAssertion().getConditions().getNotOnOrAfter() != null)
 			authData.setSsoSessionValidTo(extractor.getFullAssertion().getConditions().getNotOnOrAfter().toDate());
@@ -791,6 +794,8 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 		authData.setForeigner(session.isForeigner());
 		authData.setQAALevel(session.getQAALevel());
 
+		authData.setIsBusinessService(oaParam.getBusinessService());
+		
 		if (session.isForeigner()) {
 			try {
 				//TODO: replace with TSL lookup when TSL is ready!
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index 050706d7a..e20c805ac 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -27,6 +27,7 @@ import java.text.DateFormat;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Date;
 import java.util.List;
 
@@ -117,6 +118,8 @@ public class AuthenticationData  implements IAuthData, Serializable {
 	   * the corresponding <code>lt;saml:Assertion&gt;</code>
 	   */
 
+	  private boolean businessService;
+	  
 	 /**
 	  * STORK attributes from response
 	  */
@@ -695,6 +698,12 @@ public class AuthenticationData  implements IAuthData, Serializable {
 	 * @return the roles
 	 */
 	public List<AuthenticationRole> getAuthenticationRoles() {
+//		if (this.roles == null) {
+//			this.roles = new ArrayList<AuthenticationRole>();
+//			this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole"));
+//			this.roles.add(new AuthenticationRole("yypvprole", "yypvprole"));
+//		}
+		
 		return roles;
 	}
 
@@ -708,6 +717,20 @@ public class AuthenticationData  implements IAuthData, Serializable {
 		this.roles.add(role);
 	}
 
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService()
+	 */
+	@Override
+	public boolean isBusinessService() {
+		// TODO Auto-generated method stub
+		return this.businessService;
+	}
+	
+	public void setIsBusinessService(boolean flag) {
+		this.businessService = flag;
+		
+	}
+
 	
 	
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
index 0d55dbdd1..ebbf62ce7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
@@ -42,6 +42,7 @@ public interface IAuthData {
 	 Date getIssueInstant();
 	 String getIssuer();
 
+	 boolean isBusinessService();
 	 boolean isSsoSession();
 	 boolean isInterfederatedSSOSession();
 	 boolean isUseMandate();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java
index 16de43e11..1327c634b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java
@@ -38,7 +38,7 @@ public class EIDSourcePIN implements IPVPAttributeBuilder  {
 	public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeException {
 		
-		if (oaParam.getBusinessService())
+		if (authData.isBusinessService())
 			throw new AttributePolicyException(EID_SOURCE_PIN_NAME);
 		
 		else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java
index 0681419fc..2145e3af7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java
@@ -36,7 +36,7 @@ public class EIDSourcePINType implements IPVPAttributeBuilder {
 	public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeException {
 		
-		if (oaParam.getBusinessService())
+		if (authData.isBusinessService())
 			throw new UnavailableAttributeException(EID_SOURCE_PIN_TYPE_NAME);
 		
 		else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
index c5ad26744..f0373e214 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -139,7 +139,7 @@ public class AssertionAttributeExtractor {
 	}
 	
 	public String getSingleAttributeValue(String attributeName) {
-		if (attributs.containsKey(attributeName))
+		if (attributs.containsKey(attributeName) && attributs.get(attributeName).size() > 0)
 			return attributs.get(attributeName).get(0);
 		else
 			return null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java
new file mode 100644
index 000000000..20f541a1a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.util;
+
+import java.io.IOException;
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.data.AuthenticationRole;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class PVPtoSTORKRoleMapper {
+
+	private static final String MAPPING_RESOURCE = 
+			"resources/properties/pvp-stork_role_mapping.properties";
+	
+	private Properties mapping = null;
+	
+	private static PVPtoSTORKRoleMapper instance = null;
+	
+	public static PVPtoSTORKRoleMapper getInstance() {
+		if (instance == null) {
+			instance = new PVPtoSTORKRoleMapper();			
+		}
+		
+		return instance;
+	}
+	
+	private PVPtoSTORKRoleMapper() {
+		try {
+			mapping = new Properties();
+			mapping.load(this.getClass().getClassLoader().getResourceAsStream(MAPPING_RESOURCE));
+			Logger.debug("PVP -> STORK Role mapping initialisation finished.");
+			
+		} catch (IOException e) {
+			Logger.error("PVP -> STORK Role mapping initialisation FAILED." , e);
+			mapping = null;
+			
+		}
+		
+		
+	}
+
+	/**
+	 * @param el
+	 * @return
+	 */
+	public String map(AuthenticationRole el) {
+		if (mapping != null) {
+			String ecRole = mapping.getProperty(el.getRawRoleString());
+			if (MiscUtil.isNotEmpty(ecRole)) {
+				Logger.info("Map PVPRole " + el.getRawRoleString() + " to ECRole " + ecRole);
+				return ecRole;
+			}			
+		}
+		Logger.warn("NO mapping for PVPRole "+ el.getRawRoleString() + " !");
+		return null;
+	}
+}