aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment
diff options
context:
space:
mode:
authorAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2013-06-25 09:48:33 +0200
committerAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2013-06-25 09:48:33 +0200
commit8656e29837ec80ff8dc0bd0db826d7545b315d40 (patch)
treec1de8980535c493bf800dd78f425cd3d9452cbf6 /id/server/idserverlib/src/main/java/at/gv/egovernment
parent7e76287e8a443140d15483d2ce475f259e8215a9 (diff)
downloadmoa-id-spss-8656e29837ec80ff8dc0bd0db826d7545b315d40.tar.gz
moa-id-spss-8656e29837ec80ff8dc0bd0db826d7545b315d40.tar.bz2
moa-id-spss-8656e29837ec80ff8dc0bd0db826d7545b315d40.zip
Mandate support with PVP2
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java39
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java29
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java48
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java61
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java64
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java61
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java71
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java58
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java57
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java42
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java42
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java40
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java38
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java285
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/CheckMandateAttributes.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MandateBuilder.java59
25 files changed, 1000 insertions, 120 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index afd25dcad..773155934 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -2028,8 +2028,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// AuthConfigurationProvider.getInstance();
IdentityLink tempIdentityLink = null;
-
+
if (session.getUseMandate()) {
+ session.setMandate(mandate);
tempIdentityLink = new IdentityLink();
Element mandator = ParepUtils.extractMandator(mandate);
String dateOfBirth = "";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 3e909ecd4..aaad1cc1e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -31,6 +31,8 @@ import java.util.Iterator;
import java.util.List;
import java.util.Vector;
+import org.w3c.dom.Element;
+
import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.data.AuthenticationData;
@@ -132,6 +134,11 @@ public class AuthenticationSession {
private String assertionSignerCertificateBase64;
/**
+ * Mandate element
+ */
+ private Element mandate;
+
+ /**
* bussiness service for the assertion
*/
boolean assertionBusinessService;
@@ -1005,4 +1012,12 @@ public class AuthenticationSession {
XMLVerifySignatureResponse = xMLVerifySignatureResponse;
}
+ public Element getMandate() {
+ return mandate;
+ }
+
+ public void setMandate(Element mandate) {
+ this.mandate = mandate;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index 04fbc0588..fa4deddb6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -50,6 +50,7 @@ import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
@@ -182,9 +183,11 @@ public class GetMISSessionIDServlet extends AuthServlet {
if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
redirectURL = session.getOAURLRequested();
if (!session.getBusinessService()) {
- redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
- }
- redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ //redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
+ }
+ //redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(),
+ ModulUtils.buildAuthURL(session.getModul(), session.getAction()), samlArtifactBase64);
redirectURL = resp.encodeRedirectURL(redirectURL);
} else {
redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 5f38cd05a..11f7fb257 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -11,6 +11,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
+import org.opensaml.DefaultBootstrap;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.RequestAbstractType;
@@ -18,10 +19,11 @@ import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.Status;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.core.StatusMessage;
-import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.xml.ConfigurationException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
@@ -32,15 +34,15 @@ import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
import at.gv.egovernment.moa.id.moduls.ServletInfo;
import at.gv.egovernment.moa.id.moduls.ServletType;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
@@ -63,6 +65,13 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
static {
+ try {
+ DefaultBootstrap.bootstrap();
+ } catch (ConfigurationException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
servletList.add(new ServletInfo(PVPProcessor.class, REDIRECT,
ServletType.AUTH));
servletList.add(new ServletInfo(PVPProcessor.class, POST,
@@ -150,15 +159,23 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
AuthnRequest authnRequest = (AuthnRequest)samlReq;
Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
- int idx = 0;
+ int assertionidx = 0;
+
+ if(aIdx != null) {
+ assertionidx = aIdx.intValue();
+ }
+
+ aIdx = authnRequest.getAttributeConsumingServiceIndex();
+ int attributeIdx = 0;
if(aIdx != null) {
- idx = aIdx.intValue();
+ attributeIdx = aIdx.intValue();
}
EntityDescriptor metadata = moaRequest.getEntityMetadata();
SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
- AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(idx);
+ AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);
+ AttributeConsumingService attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
String oaURL = consumerService.getLocation();
String binding = consumerService.getBinding();
String entityID = moaRequest.getEntityMetadata().getEntityID();
@@ -173,6 +190,16 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
config.setRequest(moaRequest);
config.setTarget(PVPConfiguration.getInstance().getTargetForSP(entityID));
+ //TODO: Implement check for Mandate Attributes if mandate request
+ String useMandate = request.getParameter(PARAM_USEMANDATE);
+ if(useMandate != null) {
+ if(useMandate.equals("true")) {
+ if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
+ throw new MandateAttributesNotHandleAbleException();
+ }
+ }
+ }
+
request.getSession().setAttribute(PARAM_OA, oaURL);
return config;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
index dc0a2884a..8bdfe3e5d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
@@ -15,8 +15,20 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIssuingNat
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSectorForIDAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.GivenNameAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonBPKAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonBirthDateAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonFamilyNameAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonGivenNameAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateProfRepDescAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateProfRepOIDAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateReferenceValueAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateTypeAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.PVPVersionAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.PrincipalNameAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
public class PVPAttributeBuilder {
@@ -28,6 +40,7 @@ public class PVPAttributeBuilder {
static {
builders = new HashMap<String, IAttributeBuilder>();
+ // Citizen Token normal
addBuilder(new PVPVersionAttributeBuilder());
addBuilder(new PrincipalNameAttributeBuilder());
addBuilder(new GivenNameAttributeBuilder());
@@ -36,10 +49,24 @@ public class PVPAttributeBuilder {
addBuilder(new EIDCitizenQAALevelAttributeBuilder());
addBuilder(new EIDIssuingNationAttributeBuilder());
addBuilder(new EIDSectorForIDAttributeBuilder());
+
+ // Mandate Attributes
+ addBuilder(new MandateTypeAttributeBuilder());
+ addBuilder(new MandateLegalPersonFullNameAttributeBuilder());
+ addBuilder(new MandateLegalPersonSourcePinAttributeBuilder());
+ addBuilder(new MandateLegalPersonSourcePinTypeAttributeBuilder());
+ addBuilder(new MandateNaturalPersonBirthDateAttributeBuilder());
+ addBuilder(new MandateNaturalPersonBPKAttributeBuilder());
+ addBuilder(new MandateNaturalPersonFamilyNameAttributeBuilder());
+ addBuilder(new MandateNaturalPersonGivenNameAttributeBuilder());
+ addBuilder(new MandateTypeAttributeBuilder());
+ addBuilder(new MandateProfRepOIDAttributeBuilder());
+ addBuilder(new MandateProfRepDescAttributeBuilder());
+ addBuilder(new MandateReferenceValueAttributeBuilder());
}
public static Attribute buildAttribute(String name,
- AuthenticationSession authSession) {
+ AuthenticationSession authSession) throws PVP2Exception {
if (builders.containsKey(name)) {
return builders.get(name).build(authSession);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java
index 0b1d80e0d..ae3715b57 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java
@@ -11,7 +11,7 @@ public class BPKAttributeBuilder extends BaseAttributeBuilder {
}
public Attribute build(AuthenticationSession authSession) {
- String bpk = authSession.getIdentityLink().getIdentificationValue();
+ String bpk = authSession.getAssertionAuthData().getIdentificationValue();
if(bpk.length() > BPK_MAX_LENGTH) {
bpk = bpk.substring(0, BPK_MAX_LENGTH);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java
index c91a87548..9b0c0a289 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java
@@ -12,7 +12,7 @@ public class EIDSectorForIDAttributeBuilder extends BaseAttributeBuilder {
public Attribute build(AuthenticationSession authSession) {
return buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME,
- EID_SECTOR_FOR_IDENTIFIER_NAME, authSession.getIdentityLink().getIdentificationType());
+ EID_SECTOR_FOR_IDENTIFIER_NAME, authSession.getAssertionAuthData().getIdentificationType());
}
public Attribute buildEmpty() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java
index 96c12f413..3ed4e3870 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java
@@ -3,9 +3,10 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
import org.opensaml.saml2.core.Attribute;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
public interface IAttributeBuilder {
public String getName();
- public Attribute build(AuthenticationSession authSession);
+ public Attribute build(AuthenticationSession authSession) throws PVP2Exception;
public Attribute buildEmpty();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
new file mode 100644
index 000000000..f52f5786d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
@@ -0,0 +1,48 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MandateLegalPersonFullNameAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_LEG_PER_FULL_NAME_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession) throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+ if(corporation == null) {
+ Logger.error("No corporation mandate");
+ throw new NoMandateDataAvailableException();
+ }
+
+ return buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME,
+ MANDATE_LEG_PER_FULL_NAME_NAME, corporation.getFullName());
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME,
+ MANDATE_LEG_PER_FULL_NAME_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
new file mode 100644
index 000000000..ac55c2347
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
@@ -0,0 +1,61 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MandateLegalPersonSourcePinAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_LEG_PER_SOURCE_PIN_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession) throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+ if(corporation == null) {
+ Logger.error("No corporation mandate");
+ throw new NoMandateDataAvailableException();
+ }
+ IdentificationType id = null;
+ if(corporation.getIdentification().size() == 0) {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }
+ id = corporation.getIdentification().get(0);
+ /*if(authSession.getBusinessService()) {
+ id = MandateBuilder.getWBPKIdentification(corporation);
+ } else {
+ id = MandateBuilder.getBPKIdentification(corporation);
+ }*/
+ /*if(id == null) {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }*/
+ return buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME,
+ MANDATE_LEG_PER_SOURCE_PIN_NAME, id.getValue().getValue());
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_NAME);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
new file mode 100644
index 000000000..d5ebdea24
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
@@ -0,0 +1,64 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MandateLegalPersonSourcePinTypeAttributeBuilder extends
+ BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession)
+ throws PVP2Exception {
+ if (authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if (mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if (mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ CorporateBodyType corporation = mandateObject.getMandator()
+ .getCorporateBody();
+ if (corporation == null) {
+ Logger.error("No corporate mandate");
+ throw new NoMandateDataAvailableException();
+ }
+ IdentificationType id = null;
+ if(corporation.getIdentification().size() == 0) {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }
+ id = corporation.getIdentification().get(0);
+ /*id = MandateBuilder.getBPKIdentification(corporate);
+ if (id == null) {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }*/
+ return buildStringAttribute(
+ MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME,
+ MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, id.getType());
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(
+ MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME,
+ MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
new file mode 100644
index 000000000..b53b92aca
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -0,0 +1,61 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MandateNaturalPersonBPKAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_NAT_PER_BPK_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession) throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator()
+ .getPhysicalPerson();
+ if (physicalPerson == null) {
+ Logger.error("No physicalPerson mandate");
+ throw new NoMandateDataAvailableException();
+ }
+ IdentificationType id = null;
+ id = physicalPerson.getIdentification().get(0);
+ /*if(authSession.getBusinessService()) {
+ id = MandateBuilder.getWBPKIdentification(physicalPerson);
+ } else {
+ id = MandateBuilder.getBPKIdentification(physicalPerson);
+ }*/
+ if(id == null) {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }
+ return buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME,
+ MANDATE_NAT_PER_BPK_NAME, id.getValue().getValue());
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME,
+ MANDATE_NAT_PER_BPK_NAME);
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
new file mode 100644
index 000000000..eae3023db
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
@@ -0,0 +1,71 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MandateNaturalPersonBirthDateAttributeBuilder extends
+ BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_NAT_PER_BIRTHDATE_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession)
+ throws PVP2Exception {
+ if (authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if (mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if (mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator()
+ .getPhysicalPerson();
+ if (physicalPerson == null) {
+ Logger.error("No physicalPerson mandate");
+ throw new NoMandateDataAvailableException();
+ }
+
+ String dateOfBirth = physicalPerson.getDateOfBirth();
+ try {
+ DateFormat mandateFormat = new SimpleDateFormat(
+ MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT);
+ Date date = mandateFormat.parse(dateOfBirth);
+ DateFormat pvpDateFormat = new SimpleDateFormat(
+ MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN);
+ String dateString = pvpDateFormat.format(date);
+
+ return buildStringAttribute(
+ MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME,
+ MANDATE_NAT_PER_BIRTHDATE_NAME, dateString);
+ } catch (ParseException e) {
+ e.printStackTrace();
+ throw new InvalidDateFormatException();
+ }
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME,
+ MANDATE_NAT_PER_BIRTHDATE_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
new file mode 100644
index 000000000..38d540883
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
@@ -0,0 +1,58 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import java.util.Iterator;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType.FamilyName;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MandateNaturalPersonFamilyNameAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_NAT_PER_FAMILY_NAME_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession) throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+ if(physicalPerson == null) {
+ Logger.error("No physicalPerson mandate");
+ throw new NoMandateDataAvailableException();
+ }
+
+ StringBuilder sb = new StringBuilder();
+ Iterator<FamilyName> fNamesit = physicalPerson.getName().getFamilyName().iterator();
+
+ while(fNamesit.hasNext()) {
+ sb.append(" " + fNamesit.next().getValue());
+ }
+
+ return buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME,
+ MANDATE_NAT_PER_FAMILY_NAME_NAME, sb.toString());
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME,
+ MANDATE_NAT_PER_FAMILY_NAME_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
new file mode 100644
index 000000000..a876f600b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
@@ -0,0 +1,57 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import java.util.Iterator;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MandateNaturalPersonGivenNameAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_NAT_PER_GIVEN_NAME_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession) throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+ if(physicalPerson == null) {
+ Logger.error("No physicalPerson mandate");
+ throw new NoMandateDataAvailableException();
+ }
+
+ StringBuilder sb = new StringBuilder();
+ Iterator<String> gNamesit = physicalPerson.getName().getGivenName().iterator();
+
+ while(gNamesit.hasNext()) {
+ sb.append(" " + gNamesit.next());
+ }
+
+ return buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME,
+ MANDATE_NAT_PER_GIVEN_NAME_NAME, sb.toString());
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME,
+ MANDATE_NAT_PER_GIVEN_NAME_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java
new file mode 100644
index 000000000..8588b6424
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java
@@ -0,0 +1,42 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+
+public class MandateProfRepDescAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_PROF_REP_DESC_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession) throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+
+ //TODO: extract PROF REP DESCRIPTION
+ return buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME,
+ MANDATE_PROF_REP_DESC_NAME, "TODO");
+
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME,
+ MANDATE_PROF_REP_DESC_NAME);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java
new file mode 100644
index 000000000..9f655761b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java
@@ -0,0 +1,42 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+
+public class MandateProfRepOIDAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_PROF_REP_OID_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession) throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+
+ //TODO: extract PROF REP OID
+ return buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME,
+ MANDATE_PROF_REP_OID_NAME, "TODO");
+
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME,
+ MANDATE_PROF_REP_OID_NAME);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java
new file mode 100644
index 000000000..8625eddeb
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java
@@ -0,0 +1,40 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+
+public class MandateReferenceValueAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_REFERENCE_VALUE_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession) throws PVP2Exception {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+
+ return buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME,
+ MANDATE_REFERENCE_VALUE_NAME, mandateObject.getMandateID());
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME,
+ MANDATE_REFERENCE_VALUE_NAME);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java
new file mode 100644
index 000000000..0064ed102
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java
@@ -0,0 +1,38 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import org.opensaml.saml2.core.Attribute;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.ResponderErrorException;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+
+public class MandateTypeAttributeBuilder extends BaseAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_TYPE_NAME;
+ }
+
+ public Attribute build(AuthenticationSession authSession) throws ResponderErrorException {
+ if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(mandate == null) {
+ throw new ResponderErrorException("No mandate data available", null);
+ }
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new ResponderErrorException("No mandate data available", null);
+ }
+
+ return buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateObject.getAnnotation());
+ }
+ return null;
+
+ }
+
+ public Attribute buildEmpty() {
+ return buildemptyAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
new file mode 100644
index 000000000..b3eb61d46
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
@@ -0,0 +1,14 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+public class InvalidDateFormatException extends PVP2Exception {
+
+ public InvalidDateFormatException() {
+ super("Invalid date format", null);
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -6867976890237846085L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
new file mode 100644
index 000000000..dbee8d696
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class MandateAttributesNotHandleAbleException extends PVP2Exception {
+
+ public MandateAttributesNotHandleAbleException() {
+ super("Mandate attributes not listed in attribute consumer service", null);
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -1466424425852327722L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
new file mode 100644
index 000000000..a7cb74657
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
@@ -0,0 +1,14 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+public class NoMandateDataAvailableException extends PVP2Exception {
+
+ public NoMandateDataAvailableException() {
+ super("No mandate data available", null);
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 4540420741715406351L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 4f778f27b..194138235 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -32,9 +32,11 @@ import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
+import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding;
@@ -46,9 +48,11 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSupported;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
@@ -58,151 +62,215 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
public void process(MOARequest obj, HttpServletRequest req,
HttpServletResponse resp) throws MOAIDException {
- if(!handleObject(obj)) {
+ if (!handleObject(obj)) {
throw new MOAIDException("INVALID HANDLER SELECETED", null);
}
-
- AuthnRequest authnRequest = (AuthnRequest)obj.getSamlRequest();
-
- RequestedAuthnContext reqAuthnContext = authnRequest.getRequestedAuthnContext();
-
- if(reqAuthnContext == null) {
+
+ AuthnRequest authnRequest = (AuthnRequest) obj.getSamlRequest();
+
+ RequestedAuthnContext reqAuthnContext = authnRequest
+ .getRequestedAuthnContext();
+
+ if (reqAuthnContext == null) {
throw new NoAuthContextException("No Authn Context provided!", null);
}
-
+
boolean stork_qaa_1_4_found = false;
-
- Iterator<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs().iterator();
-
- while(reqAuthnContextClassRefIt.hasNext()) {
- AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt.next();
- String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split("\\s+");
- for(int i = 0; i < qaa_uris.length; i++) {
- if(qaa_uris[i].trim().equals(STORK_QAA_1_4)) {
+
+ Iterator<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
+ .getAuthnContextClassRefs().iterator();
+
+ while (reqAuthnContextClassRefIt.hasNext()) {
+ AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt
+ .next();
+ String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split(
+ "\\s+");
+ for (int i = 0; i < qaa_uris.length; i++) {
+ if (qaa_uris[i].trim().equals(STORK_QAA_1_4)) {
stork_qaa_1_4_found = true;
break;
}
}
}
-
- if(!stork_qaa_1_4_found) {
- throw new NoAuthContextException("QAA not available Only supported QAA: " + STORK_QAA_1_4, null);
+
+ if (!stork_qaa_1_4_found) {
+ throw new NoAuthContextException(
+ "QAA not available Only supported QAA: " + STORK_QAA_1_4,
+ null);
}
-
- AuthenticationSession authSession =
- AuthenticationManager.getAuthenticationSession(req.getSession());
-
- //authSession.getM
-
+
+ AuthenticationSession authSession = AuthenticationManager
+ .getAuthenticationSession(req.getSession());
+
+ // authSession.getM
+
Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
- reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs().iterator();
+ reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs()
+ .iterator();
StringBuilder authContextsb = new StringBuilder();
- while(reqAuthnContextClassRefIt.hasNext()) {
- AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt.next();
- String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split("\\s+");
- for(int i = 0; i < qaa_uris.length; i++) {
- if(qaa_uris[i].trim().equals(STORK_QAA_1_4) ||
- qaa_uris[i].trim().equals(STORK_QAA_1_3)||
- qaa_uris[i].trim().equals(STORK_QAA_1_2)||
- qaa_uris[i].trim().equals(STORK_QAA_1_1)) {
+ while (reqAuthnContextClassRefIt.hasNext()) {
+ AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt
+ .next();
+ String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split(
+ "\\s+");
+ for (int i = 0; i < qaa_uris.length; i++) {
+ if (qaa_uris[i].trim().equals(STORK_QAA_1_4)
+ || qaa_uris[i].trim().equals(STORK_QAA_1_3)
+ || qaa_uris[i].trim().equals(STORK_QAA_1_2)
+ || qaa_uris[i].trim().equals(STORK_QAA_1_1)) {
authContextsb.append(qaa_uris[i].trim());
authContextsb.append(" ");
}
}
}
- AuthnContextClassRef authnContextClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
+ AuthnContextClassRef authnContextClassRef = SAML2Utils
+ .createSAMLObject(AuthnContextClassRef.class);
authnContextClassRef.setAuthnContextClassRef(authContextsb.toString());
- AuthnContext authnContext = SAML2Utils.createSAMLObject(AuthnContext.class);
+ AuthnContext authnContext = SAML2Utils
+ .createSAMLObject(AuthnContext.class);
authnContext.setAuthnContextClassRef(authnContextClassRef);
-
- AuthnStatement authnStatement = SAML2Utils.createSAMLObject(AuthnStatement.class);
+
+ AuthnStatement authnStatement = SAML2Utils
+ .createSAMLObject(AuthnStatement.class);
String remoteSessionID = SAML2Utils.getSecureIdentifier();
authnStatement.setAuthnInstant(new DateTime());
// currently dummy id ...
authnStatement.setSessionIndex(remoteSessionID);
authnStatement.setAuthnContext(authnContext);
-
+
assertion.getAuthnStatements().add(authnStatement);
EntityDescriptor peerEntity = obj.getEntityMetadata();
- SPSSODescriptor spSSODescriptor = peerEntity.
- getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-
+ SPSSODescriptor spSSODescriptor = peerEntity
+ .getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+
Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
int idx = 0;
-
- if(aIdx != null) {
+
+ if (aIdx != null) {
idx = aIdx.intValue();
}
-
- AttributeConsumingService attributeConsumingService =
- spSSODescriptor.getAttributeConsumingServices().get(idx);
-
- AttributeStatement attributeStatement = SAML2Utils.createSAMLObject(AttributeStatement.class);
-
- Iterator<RequestedAttribute> it = attributeConsumingService.getRequestAttributes().iterator();
- while(it.hasNext()) {
- RequestedAttribute reqAttribut = it.next();
- Attribute attr = PVPAttributeBuilder.buildAttribute(reqAttribut.getName(), authSession);
- if(attr == null) {
- if(reqAttribut.isRequired()) {
- throw new UnprovideableAttributeException(reqAttribut.getName());
- }
- } else {
- attributeStatement.getAttributes().add(attr);
- }
- }
-
- if(attributeStatement.getAttributes().size() > 0) {
- assertion.getAttributeStatements().add(attributeStatement);
- }
+
+ AttributeConsumingService attributeConsumingService = spSSODescriptor
+ .getAttributeConsumingServices().get(idx);
+
+ AttributeStatement attributeStatement = SAML2Utils
+ .createSAMLObject(AttributeStatement.class);
Subject subject = SAML2Utils.createSAMLObject(Subject.class);
NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
boolean foundFormat = false;
- Iterator<NameIDFormat> formatIt = spSSODescriptor.getNameIDFormats().iterator();
- while(formatIt.hasNext()) {
- if(formatIt.next().getFormat().equals(NameID.PERSISTENT)) {
+ Iterator<NameIDFormat> formatIt = spSSODescriptor.getNameIDFormats()
+ .iterator();
+ while (formatIt.hasNext()) {
+ if (formatIt.next().getFormat().equals(NameID.PERSISTENT)) {
foundFormat = true;
break;
}
}
- if(!foundFormat) {
+ if (!foundFormat) {
// TODO use correct exception
- throw new SAMLRequestNotSupported(NameID.PERSISTENT + " not supported by SP", null);
+ throw new SAMLRequestNotSupported(NameID.PERSISTENT
+ + " not supported by SP", null);
}
- subjectNameID.setFormat(NameID.PERSISTENT);
- subjectNameID.setNameQualifier(authSession.getIdentityLink().getIdentificationType());
- subjectNameID.setValue(authSession.getAuthData().getIdentificationValue());
+
+ //TODO: Check if we need to hide source pin
+ /*if(authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+ if(authSession.getBusinessService()) {
+ // Hide Source PIN!
+ ParepUtils.HideStammZahlen(mandate, true, null, authSession.getDomainIdentifier(), true);
+ } else {
+ ParepUtils.HideStammZahlen(mandate, false, authSession.getTarget(), null, true);
+ }
+ }*/
+
+/* if (authSession.getUseMandate()) {
+ Element mandate = authSession.getMandate();
+
+ Document document = mandate.getOwnerDocument();
+ DOMImplementationLS domImplLS = (DOMImplementationLS) document
+ .getImplementation();
+ LSSerializer serializer = domImplLS.createLSSerializer();
+ String str = serializer.writeToString(mandate);
+ Logger.info("Full Mandate: " + str);
+ //TODO: extract attributes for mandates
+ Logger.info("Assertion Authdata getAssertionID: " + authSession.getAssertionAuthData().getAssertionID());
+ Logger.info("Assertion Authdata getBkuURL: " + authSession.getAssertionAuthData().getBkuURL());
+ Logger.info("Assertion Authdata getBPK: " + authSession.getAssertionAuthData().getBPK());
+ Logger.info("Assertion Authdata getDateOfBirth: " + authSession.getAssertionAuthData().getDateOfBirth());
+ Logger.info("Assertion Authdata getFamilyName: " + authSession.getAssertionAuthData().getFamilyName());
+ Logger.info("Assertion Authdata getGivenName: " + authSession.getAssertionAuthData().getGivenName());
+ Logger.info("Assertion Authdata getIdentificationType: " + authSession.getAssertionAuthData().getIdentificationType());
+ Logger.info("Assertion Authdata getIdentificationValue: " + authSession.getAssertionAuthData().getIdentificationValue());
+ Logger.info("Assertion Authdata getWBPK: " + authSession.getAssertionAuthData().getWBPK());
+ Logger.info("Assertion getMandateData: " + authSession.getMandateData());
+ Logger.info("Assertion getMandateReferenceValue: " + authSession.getMandateReferenceValue());
+ } else {
+*/
+ Iterator<RequestedAttribute> it = attributeConsumingService
+ .getRequestAttributes().iterator();
+ while (it.hasNext()) {
+ RequestedAttribute reqAttribut = it.next();
+ try {
+ Attribute attr = PVPAttributeBuilder.buildAttribute(
+ reqAttribut.getName(), authSession);
+ if (attr == null) {
+ if (reqAttribut.isRequired()) {
+ throw new UnprovideableAttributeException(
+ reqAttribut.getName());
+ }
+ } else {
+ attributeStatement.getAttributes().add(attr);
+ }
+ } catch(PVP2Exception e) {
+ Logger.error("Attribute generation failed! for " + reqAttribut.getFriendlyName(), e);
+ }
+ }
+
+ if (attributeStatement.getAttributes().size() > 0) {
+ assertion.getAttributeStatements().add(attributeStatement);
+ }
+
+ subjectNameID.setFormat(NameID.PERSISTENT);
+ subjectNameID.setNameQualifier(authSession.getAssertionAuthData()
+ .getIdentificationType());
+ subjectNameID.setValue(authSession.getAssertionAuthData()
+ .getIdentificationValue());
+// }
+
subject.setNameID(subjectNameID);
-
- SubjectConfirmation subjectConfirmation = SAML2Utils.createSAMLObject(SubjectConfirmation.class);
+
+ SubjectConfirmation subjectConfirmation = SAML2Utils
+ .createSAMLObject(SubjectConfirmation.class);
subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
- SubjectConfirmationData subjectConfirmationData =
- SAML2Utils.createSAMLObject(SubjectConfirmationData.class);
+ SubjectConfirmationData subjectConfirmationData = SAML2Utils
+ .createSAMLObject(SubjectConfirmationData.class);
subjectConfirmationData.setInResponseTo(authnRequest.getID());
subjectConfirmationData.setNotOnOrAfter(new DateTime().plusMinutes(20));
subjectConfirmationData.setRecipient(peerEntity.getEntityID());
-
+
subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
-
+
subject.getSubjectConfirmations().add(subjectConfirmation);
-
+
Conditions conditions = SAML2Utils.createSAMLObject(Conditions.class);
- AudienceRestriction audienceRestriction = SAML2Utils.createSAMLObject(AudienceRestriction.class);
+ AudienceRestriction audienceRestriction = SAML2Utils
+ .createSAMLObject(AudienceRestriction.class);
Audience audience = SAML2Utils.createSAMLObject(Audience.class);
-
+
audience.setAudienceURI(peerEntity.getEntityID());
audienceRestriction.getAudiences().add(audience);
conditions.setNotBefore(new DateTime());
conditions.setNotOnOrAfter(new DateTime().plusMinutes(20));
conditions.getAudienceRestrictions().add(audienceRestriction);
-
+
assertion.setConditions(conditions);
-
- //assertion.getAttributeStatements().add(CitizenTokenBuilder.buildCitizenToken(obj, authSession));
-
+
+ // assertion.getAttributeStatements().add(CitizenTokenBuilder.buildCitizenToken(obj,
+ // authSession));
+
Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
issuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName());
issuer.setFormat(NameID.ENTITY);
@@ -210,9 +278,9 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
assertion.setSubject(subject);
assertion.setID(SAML2Utils.getSecureIdentifier());
assertion.setIssueInstant(new DateTime());
-
+
Response authResponse = SAML2Utils.createSAMLObject(Response.class);
-
+
Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
nissuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName());
nissuer.setFormat(NameID.ENTITY);
@@ -220,37 +288,42 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
authResponse.setInResponseTo(authnRequest.getID());
authResponse.getAssertions().add(assertion);
authResponse.setStatus(SAML2Utils.getSuccessStatus());
-
+
aIdx = authnRequest.getAssertionConsumerServiceIndex();
idx = 0;
-
- if(aIdx != null) {
+
+ if (aIdx != null) {
idx = aIdx.intValue();
}
-
- AssertionConsumerService consumerService = spSSODescriptor.
- getAssertionConsumerServices().get(idx);
-
- if(consumerService == null) {
- throw new InvalidAssertionConsumerServiceException("IDX " + idx + " is not a valid consumer service index!", null);
+
+ AssertionConsumerService consumerService = spSSODescriptor
+ .getAssertionConsumerServices().get(idx);
+
+ if (consumerService == null) {
+ throw new InvalidAssertionConsumerServiceException("IDX " + idx
+ + " is not a valid consumer service index!", null);
}
String oaURL = consumerService.getLocation();
-
+
IEncoder binding = null;
-
- if(consumerService.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+
+ if (consumerService.getBinding().equals(
+ SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
binding = new RedirectBinding();
- } else if(consumerService.getBinding().equals(SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) {
+ } else if (consumerService.getBinding().equals(
+ SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) {
// TODO: not supported YET!!
binding = new ArtifactBinding();
- } else if(consumerService.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
+ } else if (consumerService.getBinding().equals(
+ SAMLConstants.SAML2_POST_BINDING_URI)) {
binding = new PostBinding();
}
- if(binding == null) {
- throw new InvalidAssertionConsumerServiceException("Binding " + consumerService.getBinding() + " is not supported", null);
+ if (binding == null) {
+ throw new InvalidAssertionConsumerServiceException("Binding "
+ + consumerService.getBinding() + " is not supported", null);
}
-
+
try {
binding.encodeRespone(req, resp, authResponse, oaURL);
// TODO add remoteSessionID to AuthSession ExternalPVPSessionStore
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/CheckMandateAttributes.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/CheckMandateAttributes.java
new file mode 100644
index 000000000..66d0b1d46
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/CheckMandateAttributes.java
@@ -0,0 +1,47 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+
+public class CheckMandateAttributes implements PVPConstants {
+ private static List<String> minMandateAttributes;
+
+ static {
+ minMandateAttributes = new ArrayList<String>();
+ minMandateAttributes.add(MANDATE_TYPE_NAME);
+
+ minMandateAttributes.add(MANDATE_LEG_PER_FULL_NAME_NAME);
+ minMandateAttributes.add(MANDATE_LEG_PER_SOURCE_PIN_NAME);
+ minMandateAttributes.add(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME);
+
+ minMandateAttributes.add(MANDATE_NAT_PER_BIRTHDATE_NAME);
+ minMandateAttributes.add(MANDATE_NAT_PER_GIVEN_NAME_NAME);
+ minMandateAttributes.add(MANDATE_NAT_PER_BPK_NAME);
+ minMandateAttributes.add(MANDATE_NAT_PER_FAMILY_NAME_NAME);
+
+ minMandateAttributes.add(MANDATE_PROF_REP_OID_NAME);
+ minMandateAttributes.add(MANDATE_PROF_REP_DESC_NAME);
+ minMandateAttributes.add(MANDATE_REFERENCE_VALUE_NAME);
+ }
+
+ public static boolean canHandleMandate(AttributeConsumingService attributeConsumer) {
+ List<String> attrList = new ArrayList<String>(minMandateAttributes);
+ Iterator<RequestedAttribute> attrIt = attributeConsumer.getRequestAttributes().iterator();
+
+ while(attrIt.hasNext()) {
+ RequestedAttribute reqAttr = attrIt.next();
+
+ if(attrList.contains(reqAttr.getName())) {
+ attrList.remove(reqAttr.getName());
+ }
+ }
+
+ return attrList.isEmpty();
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MandateBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MandateBuilder.java
new file mode 100644
index 000000000..b56a54c90
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MandateBuilder.java
@@ -0,0 +1,59 @@
+package at.gv.egovernment.moa.id.util;
+
+import java.util.Iterator;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+
+import org.w3c.dom.Element;
+import org.w3._2000._09.xmldsig_.*;
+import at.gv.e_government.reference.namespace.*;
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.AbstractPersonType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.util.Constants;
+
+@SuppressWarnings("unused")
+public class MandateBuilder {
+
+ public static final String MANDATE_DATE_OF_BIRTH_FORMAT = "yyyy-MM-dd";
+
+ public static Mandate buildMandate(Element mandate) {
+
+ try {
+ JAXBContext jc = JAXBContext.newInstance("at.gv.e_government.reference.namespace.mandates._20040701_");
+
+ Unmarshaller u = jc.createUnmarshaller();
+ Mandate mand = (Mandate) u.unmarshal(mandate);
+ return mand;
+ } catch (JAXBException e) {
+ Logger.error("Failed to parse Mandate", e);
+ }
+ return null;
+ }
+
+ public static IdentificationType getWBPKIdentification(AbstractPersonType person) {
+ Iterator<IdentificationType> typesIt = person.getIdentification().iterator();
+ while(typesIt.hasNext()) {
+ IdentificationType id = typesIt.next();
+ if(id.getType().startsWith(Constants.URN_PREFIX_WBPK)) {
+ return id;
+ }
+ }
+ return null;
+ }
+
+ public static IdentificationType getBPKIdentification(AbstractPersonType person) {
+ Iterator<IdentificationType> typesIt = person.getIdentification().iterator();
+ while(typesIt.hasNext()) {
+ IdentificationType id = typesIt.next();
+ if(id.getType().startsWith(Constants.URN_PREFIX_BPK)) {
+ return id;
+ }
+ }
+ return null;
+ }
+}