aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-10-24 13:47:00 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-10-24 13:47:00 +0200
commitd553bf08d1c70d9a1705f38d9fe1c7c3a3730b0d (patch)
tree527d9753615f28a555040b328dd1edc26788ad33 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder
parenta9e03893056cf1b349148b0f1048c37c9073e557 (diff)
downloadmoa-id-spss-d553bf08d1c70d9a1705f38d9fe1c7c3a3730b0d.tar.gz
moa-id-spss-d553bf08d1c70d9a1705f38d9fe1c7c3a3730b0d.tar.bz2
moa-id-spss-d553bf08d1c70d9a1705f38d9fe1c7c3a3730b0d.zip
update STORK <-> PVP gateway functionality
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java103
1 files changed, 56 insertions, 47 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index cd2bfcf91..2c20e96ed 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -78,6 +78,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
@@ -175,7 +176,11 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
//get OnlineApplication from MOA-ID-Auth configuration
oaParam = AuthConfigurationProvider.getInstance()
.getOnlineApplicationParameter(oaID);
-
+
+ //build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway
+ if (oaParam.isSTORKPVPGateway())
+ oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, protocolRequest);
+
} else {
//build OnlineApplication dynamic from requested attributes
oaParam = DynamicOAAuthParameterBuilder.buildFromAttributeQuery(reqAttributes, interfIDP);
@@ -347,24 +352,24 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
Logger.debug("Build AuthData from assertion starts ....");
- authData.setFamilyName(extractor.getAttribute(PVPConstants.PRINCIPAL_NAME_NAME));
- authData.setGivenName(extractor.getAttribute(PVPConstants.GIVEN_NAME_NAME));
- authData.setDateOfBirth(extractor.getAttribute(PVPConstants.BIRTHDATE_NAME));
- authData.setBPKType(extractor.getAttribute(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME));
- authData.setCcc(extractor.getAttribute(PVPConstants.EID_ISSUING_NATION_NAME));
- authData.setBkuURL(extractor.getAttribute(PVPConstants.EID_CCS_URL_NAME));
- authData.setIdentificationValue(extractor.getAttribute(PVPConstants.EID_SOURCE_PIN_NAME));
- authData.setIdentificationType(extractor.getAttribute(PVPConstants.EID_SOURCE_PIN_TYPE_NAME));
+ authData.setFamilyName(extractor.getSingleAttributeValue(PVPConstants.PRINCIPAL_NAME_NAME));
+ authData.setGivenName(extractor.getSingleAttributeValue(PVPConstants.GIVEN_NAME_NAME));
+ authData.setDateOfBirth(extractor.getSingleAttributeValue(PVPConstants.BIRTHDATE_NAME));
+ authData.setBPKType(extractor.getSingleAttributeValue(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME));
+ authData.setCcc(extractor.getSingleAttributeValue(PVPConstants.EID_ISSUING_NATION_NAME));
+ authData.setBkuURL(extractor.getSingleAttributeValue(PVPConstants.EID_CCS_URL_NAME));
+ authData.setIdentificationValue(extractor.getSingleAttributeValue(PVPConstants.EID_SOURCE_PIN_NAME));
+ authData.setIdentificationType(extractor.getSingleAttributeValue(PVPConstants.EID_SOURCE_PIN_TYPE_NAME));
if (extractor.containsAttribute(PVPConstants.BPK_NAME)) {
- String pvpbPK = extractor.getAttribute(PVPConstants.BPK_NAME);
+ String pvpbPK = extractor.getSingleAttributeValue(PVPConstants.BPK_NAME);
authData.setBPK(pvpbPK.split(":")[1]);
}
boolean foundEncryptedbPKForOA = false;
if (extractor.containsAttribute(PVPConstants.ENC_BPK_LIST_NAME)) {
List<String> encbPKList = Arrays.asList(
- extractor.getAttribute(PVPConstants.ENC_BPK_LIST_NAME).split(";"));
+ extractor.getSingleAttributeValue(PVPConstants.ENC_BPK_LIST_NAME).split(";"));
authData.setEncbPKList(encbPKList);
for (String fullEncbPK : encbPKList) {
int index = fullEncbPK.indexOf("|");
@@ -501,11 +506,11 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
if (extractor.containsAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME))
authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX +
- extractor.getAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME));
+ extractor.getSingleAttributeValue(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME));
if (extractor.containsAttribute(PVPConstants.EID_AUTH_BLOCK_NAME)) {
try {
- byte[] authBlock = Base64Utils.decode(extractor.getAttribute(PVPConstants.EID_AUTH_BLOCK_NAME), false);
+ byte[] authBlock = Base64Utils.decode(extractor.getSingleAttributeValue(PVPConstants.EID_AUTH_BLOCK_NAME), false);
authData.setAuthBlock(new String(authBlock, "UTF-8"));
} catch (IOException e) {
@@ -517,7 +522,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
if (extractor.containsAttribute(PVPConstants.EID_SIGNER_CERTIFICATE_NAME)) {
try {
authData.setSignerCertificate(Base64Utils.decode(
- extractor.getAttribute(PVPConstants.EID_SIGNER_CERTIFICATE_NAME), false));
+ extractor.getSingleAttributeValue(PVPConstants.EID_SIGNER_CERTIFICATE_NAME), false));
} catch (IOException e) {
Logger.error("Received SignerCertificate is not valid", e);
@@ -527,7 +532,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
if (extractor.containsAttribute(PVPConstants.EID_IDENTITY_LINK_NAME)) {
try {
- InputStream idlStream = Base64Utils.decodeToStream(extractor.getAttribute(PVPConstants.EID_IDENTITY_LINK_NAME), false);
+ InputStream idlStream = Base64Utils.decodeToStream(extractor.getSingleAttributeValue(PVPConstants.EID_IDENTITY_LINK_NAME), false);
IdentityLink idl = new IdentityLinkAssertionParser(idlStream).parseIdentityLink();
buildOAspecificIdentityLink(oaParam, authData, idl);
@@ -542,12 +547,12 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
// set mandate attributes
- authData.setMandateReferenceValue(extractor.getAttribute(PVPConstants.MANDATE_REFERENCE_VALUE_NAME));
+ authData.setMandateReferenceValue(extractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME));
if (extractor.containsAttribute(PVPConstants.MANDATE_FULL_MANDATE_NAME)) {
try {
byte[] mandate = Base64Utils.decode(
- (extractor.getAttribute(PVPConstants.MANDATE_FULL_MANDATE_NAME)), false);
+ (extractor.getSingleAttributeValue(PVPConstants.MANDATE_FULL_MANDATE_NAME)), false);
if (authData.getMISMandate() == null)
authData.setMISMandate(new MISMandate());
@@ -588,9 +593,9 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
legalperson.getIdentification().add(legalID );
mandator.setCorporateBody(legalperson );
- legalperson.setFullName(extractor.getAttribute(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME));
- legalID.setType(extractor.getAttribute(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME));
- idvalue.setValue(extractor.getAttribute(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME));
+ legalperson.setFullName(extractor.getSingleAttributeValue(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME));
+ legalID.setType(extractor.getSingleAttributeValue(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME));
+ idvalue.setValue(extractor.getSingleAttributeValue(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME));
//build natural person short mandate
} else if ( (extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME) ||
@@ -610,18 +615,18 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
Value idValue = new Value();
persID.setValue(idValue );
- String[] pvp2GivenName = extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME).split(" ");
+ String[] pvp2GivenName = extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME).split(" ");
for(int i=0; i<pvp2GivenName.length; i++)
persName.getGivenName().add(pvp2GivenName[i]);
- familyName.setValue(extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME));
- physPerson.setDateOfBirth(extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME));
+ familyName.setValue(extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME));
+ physPerson.setDateOfBirth(extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME));
if (extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME)) {
persID.setType(Constants.URN_PREFIX_BASEID);
- idValue.setValue(extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME));
+ idValue.setValue(extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME));
} else {
- String[] pvp2bPK = extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_BPK_NAME).split(":");
+ String[] pvp2bPK = extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BPK_NAME).split(":");
if (pvp2bPK.length == 2) {
idValue.setValue(pvp2bPK[1]);
@@ -633,7 +638,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
persID.setType(Constants.URN_PREFIX_WBPK + "+" + pvp2bPK[0]);
} else {
- Logger.warn("Receive mandator bPK from federation with an unsupported format. " + extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_BPK_NAME));
+ Logger.warn("Receive mandator bPK from federation with an unsupported format. " + extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BPK_NAME));
throw new AssertionAttributeExtractorExeption("Receive mandator bPK from federation with an unsupported format.");
}
@@ -671,14 +676,25 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
if (authData.getMISMandate() == null)
authData.setMISMandate(new MISMandate());
authData.getMISMandate().setProfRep(
- extractor.getAttribute(PVPConstants.MANDATE_PROF_REP_OID_NAME));
+ extractor.getSingleAttributeValue(PVPConstants.MANDATE_PROF_REP_OID_NAME));
}
-
+
+ //set PVP role attribute
+ if (extractor.containsAttribute(PVPConstants.ROLES_NAME)) {
+ String pvpRoles = extractor.getSingleAttributeValue(PVPConstants.ROLES_NAME);
+ if (MiscUtil.isNotEmpty(pvpRoles)) {
+ List<String> roles = Arrays.asList(pvpRoles.split(";"));
+ for (String role : roles) {
+ authData.addAuthenticationRole(AuthenticationRoleFactory.buildFormPVPole(role));
+ }
+ }
+ }
+
//set STORK attributes
if (extractor.containsAttribute(PVPConstants.EID_STORK_TOKEN_NAME)) {
- authData.setStorkAuthnResponse(extractor.getAttribute(PVPConstants.EID_STORK_TOKEN_NAME));
+ authData.setStorkAuthnResponse(extractor.getSingleAttributeValue(PVPConstants.EID_STORK_TOKEN_NAME));
authData.setForeigner(true);
}
@@ -712,10 +728,15 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
String oaTarget = null;
if (oaParam.getBusinessService()) {
- if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK))
+ if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK) ||
+ oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_STORK))
oaTarget = oaParam.getIdentityLinkDomainIdentifier();
- else
- oaTarget = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier();
+
+ else {
+ Logger.warn("BusinessIdentifier can not be clearly assigned, because it starts without a prefix.");
+ return false;
+
+ }
} else {
oaTarget = Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget();
@@ -891,22 +912,10 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
if (oaParam.getBusinessService()) {
//since we have foreigner, wbPK is not calculated in BKU
if (baseIDType.equals(Constants.URN_PREFIX_BASEID)) {
-
String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier();
-
- if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) {
- // If domainIdentifier starts with prefix
- // "urn:publicid:gv.at:wbpk+"; remove this prefix
- registerAndOrdNr = registerAndOrdNr
- .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
- Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
- + registerAndOrdNr);
- }
-
- String wbpkBase64 = new BPKBuilder().buildWBPK(baseID, registerAndOrdNr);
- authData.setBPK(wbpkBase64);
- authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr);
-
+ authData.setBPK(new BPKBuilder().buildbPKorwbPK(baseID, registerAndOrdNr));
+ authData.setBPKType(registerAndOrdNr);
+
} else {
authData.setBPK(baseID);
authData.setBPKType(baseIDType);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-23 03:36:34 +0000