diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-10-24 13:47:00 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-10-24 13:47:00 +0200 |
commit | d553bf08d1c70d9a1705f38d9fe1c7c3a3730b0d (patch) | |
tree | 527d9753615f28a555040b328dd1edc26788ad33 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder | |
parent | a9e03893056cf1b349148b0f1048c37c9073e557 (diff) | |
download | moa-id-spss-d553bf08d1c70d9a1705f38d9fe1c7c3a3730b0d.tar.gz moa-id-spss-d553bf08d1c70d9a1705f38d9fe1c7c3a3730b0d.tar.bz2 moa-id-spss-d553bf08d1c70d9a1705f38d9fe1c7c3a3730b0d.zip |
update STORK <-> PVP gateway functionality
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java | 103 |
1 files changed, 56 insertions, 47 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index cd2bfcf91..2c20e96ed 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -78,6 +78,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; @@ -175,7 +176,11 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { //get OnlineApplication from MOA-ID-Auth configuration oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(oaID); - + + //build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway + if (oaParam.isSTORKPVPGateway()) + oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, protocolRequest); + } else { //build OnlineApplication dynamic from requested attributes oaParam = DynamicOAAuthParameterBuilder.buildFromAttributeQuery(reqAttributes, interfIDP); @@ -347,24 +352,24 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { Logger.debug("Build AuthData from assertion starts ...."); - authData.setFamilyName(extractor.getAttribute(PVPConstants.PRINCIPAL_NAME_NAME)); - authData.setGivenName(extractor.getAttribute(PVPConstants.GIVEN_NAME_NAME)); - authData.setDateOfBirth(extractor.getAttribute(PVPConstants.BIRTHDATE_NAME)); - authData.setBPKType(extractor.getAttribute(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)); - authData.setCcc(extractor.getAttribute(PVPConstants.EID_ISSUING_NATION_NAME)); - authData.setBkuURL(extractor.getAttribute(PVPConstants.EID_CCS_URL_NAME)); - authData.setIdentificationValue(extractor.getAttribute(PVPConstants.EID_SOURCE_PIN_NAME)); - authData.setIdentificationType(extractor.getAttribute(PVPConstants.EID_SOURCE_PIN_TYPE_NAME)); + authData.setFamilyName(extractor.getSingleAttributeValue(PVPConstants.PRINCIPAL_NAME_NAME)); + authData.setGivenName(extractor.getSingleAttributeValue(PVPConstants.GIVEN_NAME_NAME)); + authData.setDateOfBirth(extractor.getSingleAttributeValue(PVPConstants.BIRTHDATE_NAME)); + authData.setBPKType(extractor.getSingleAttributeValue(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)); + authData.setCcc(extractor.getSingleAttributeValue(PVPConstants.EID_ISSUING_NATION_NAME)); + authData.setBkuURL(extractor.getSingleAttributeValue(PVPConstants.EID_CCS_URL_NAME)); + authData.setIdentificationValue(extractor.getSingleAttributeValue(PVPConstants.EID_SOURCE_PIN_NAME)); + authData.setIdentificationType(extractor.getSingleAttributeValue(PVPConstants.EID_SOURCE_PIN_TYPE_NAME)); if (extractor.containsAttribute(PVPConstants.BPK_NAME)) { - String pvpbPK = extractor.getAttribute(PVPConstants.BPK_NAME); + String pvpbPK = extractor.getSingleAttributeValue(PVPConstants.BPK_NAME); authData.setBPK(pvpbPK.split(":")[1]); } boolean foundEncryptedbPKForOA = false; if (extractor.containsAttribute(PVPConstants.ENC_BPK_LIST_NAME)) { List<String> encbPKList = Arrays.asList( - extractor.getAttribute(PVPConstants.ENC_BPK_LIST_NAME).split(";")); + extractor.getSingleAttributeValue(PVPConstants.ENC_BPK_LIST_NAME).split(";")); authData.setEncbPKList(encbPKList); for (String fullEncbPK : encbPKList) { int index = fullEncbPK.indexOf("|"); @@ -501,11 +506,11 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { if (extractor.containsAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)) authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + - extractor.getAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)); + extractor.getSingleAttributeValue(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)); if (extractor.containsAttribute(PVPConstants.EID_AUTH_BLOCK_NAME)) { try { - byte[] authBlock = Base64Utils.decode(extractor.getAttribute(PVPConstants.EID_AUTH_BLOCK_NAME), false); + byte[] authBlock = Base64Utils.decode(extractor.getSingleAttributeValue(PVPConstants.EID_AUTH_BLOCK_NAME), false); authData.setAuthBlock(new String(authBlock, "UTF-8")); } catch (IOException e) { @@ -517,7 +522,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { if (extractor.containsAttribute(PVPConstants.EID_SIGNER_CERTIFICATE_NAME)) { try { authData.setSignerCertificate(Base64Utils.decode( - extractor.getAttribute(PVPConstants.EID_SIGNER_CERTIFICATE_NAME), false)); + extractor.getSingleAttributeValue(PVPConstants.EID_SIGNER_CERTIFICATE_NAME), false)); } catch (IOException e) { Logger.error("Received SignerCertificate is not valid", e); @@ -527,7 +532,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { if (extractor.containsAttribute(PVPConstants.EID_IDENTITY_LINK_NAME)) { try { - InputStream idlStream = Base64Utils.decodeToStream(extractor.getAttribute(PVPConstants.EID_IDENTITY_LINK_NAME), false); + InputStream idlStream = Base64Utils.decodeToStream(extractor.getSingleAttributeValue(PVPConstants.EID_IDENTITY_LINK_NAME), false); IdentityLink idl = new IdentityLinkAssertionParser(idlStream).parseIdentityLink(); buildOAspecificIdentityLink(oaParam, authData, idl); @@ -542,12 +547,12 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { // set mandate attributes - authData.setMandateReferenceValue(extractor.getAttribute(PVPConstants.MANDATE_REFERENCE_VALUE_NAME)); + authData.setMandateReferenceValue(extractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME)); if (extractor.containsAttribute(PVPConstants.MANDATE_FULL_MANDATE_NAME)) { try { byte[] mandate = Base64Utils.decode( - (extractor.getAttribute(PVPConstants.MANDATE_FULL_MANDATE_NAME)), false); + (extractor.getSingleAttributeValue(PVPConstants.MANDATE_FULL_MANDATE_NAME)), false); if (authData.getMISMandate() == null) authData.setMISMandate(new MISMandate()); @@ -588,9 +593,9 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { legalperson.getIdentification().add(legalID ); mandator.setCorporateBody(legalperson ); - legalperson.setFullName(extractor.getAttribute(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME)); - legalID.setType(extractor.getAttribute(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME)); - idvalue.setValue(extractor.getAttribute(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME)); + legalperson.setFullName(extractor.getSingleAttributeValue(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME)); + legalID.setType(extractor.getSingleAttributeValue(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME)); + idvalue.setValue(extractor.getSingleAttributeValue(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME)); //build natural person short mandate } else if ( (extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME) || @@ -610,18 +615,18 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { Value idValue = new Value(); persID.setValue(idValue ); - String[] pvp2GivenName = extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME).split(" "); + String[] pvp2GivenName = extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME).split(" "); for(int i=0; i<pvp2GivenName.length; i++) persName.getGivenName().add(pvp2GivenName[i]); - familyName.setValue(extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME)); - physPerson.setDateOfBirth(extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME)); + familyName.setValue(extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME)); + physPerson.setDateOfBirth(extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME)); if (extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME)) { persID.setType(Constants.URN_PREFIX_BASEID); - idValue.setValue(extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME)); + idValue.setValue(extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME)); } else { - String[] pvp2bPK = extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_BPK_NAME).split(":"); + String[] pvp2bPK = extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BPK_NAME).split(":"); if (pvp2bPK.length == 2) { idValue.setValue(pvp2bPK[1]); @@ -633,7 +638,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { persID.setType(Constants.URN_PREFIX_WBPK + "+" + pvp2bPK[0]); } else { - Logger.warn("Receive mandator bPK from federation with an unsupported format. " + extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_BPK_NAME)); + Logger.warn("Receive mandator bPK from federation with an unsupported format. " + extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BPK_NAME)); throw new AssertionAttributeExtractorExeption("Receive mandator bPK from federation with an unsupported format."); } @@ -671,14 +676,25 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { if (authData.getMISMandate() == null) authData.setMISMandate(new MISMandate()); authData.getMISMandate().setProfRep( - extractor.getAttribute(PVPConstants.MANDATE_PROF_REP_OID_NAME)); + extractor.getSingleAttributeValue(PVPConstants.MANDATE_PROF_REP_OID_NAME)); } - + + //set PVP role attribute + if (extractor.containsAttribute(PVPConstants.ROLES_NAME)) { + String pvpRoles = extractor.getSingleAttributeValue(PVPConstants.ROLES_NAME); + if (MiscUtil.isNotEmpty(pvpRoles)) { + List<String> roles = Arrays.asList(pvpRoles.split(";")); + for (String role : roles) { + authData.addAuthenticationRole(AuthenticationRoleFactory.buildFormPVPole(role)); + } + } + } + //set STORK attributes if (extractor.containsAttribute(PVPConstants.EID_STORK_TOKEN_NAME)) { - authData.setStorkAuthnResponse(extractor.getAttribute(PVPConstants.EID_STORK_TOKEN_NAME)); + authData.setStorkAuthnResponse(extractor.getSingleAttributeValue(PVPConstants.EID_STORK_TOKEN_NAME)); authData.setForeigner(true); } @@ -712,10 +728,15 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { String oaTarget = null; if (oaParam.getBusinessService()) { - if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK)) + if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK) || + oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_STORK)) oaTarget = oaParam.getIdentityLinkDomainIdentifier(); - else - oaTarget = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier(); + + else { + Logger.warn("BusinessIdentifier can not be clearly assigned, because it starts without a prefix."); + return false; + + } } else { oaTarget = Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget(); @@ -891,22 +912,10 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { if (oaParam.getBusinessService()) { //since we have foreigner, wbPK is not calculated in BKU if (baseIDType.equals(Constants.URN_PREFIX_BASEID)) { - String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); - - if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { - // If domainIdentifier starts with prefix - // "urn:publicid:gv.at:wbpk+"; remove this prefix - registerAndOrdNr = registerAndOrdNr - .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); - Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " - + registerAndOrdNr); - } - - String wbpkBase64 = new BPKBuilder().buildWBPK(baseID, registerAndOrdNr); - authData.setBPK(wbpkBase64); - authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); - + authData.setBPK(new BPKBuilder().buildbPKorwbPK(baseID, registerAndOrdNr)); + authData.setBPKType(registerAndOrdNr); + } else { authData.setBPK(baseID); authData.setBPKType(baseIDType); |