aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2019-02-18 08:30:49 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2019-02-18 08:30:49 +0100
commitffb4fc9f4ff9e1779ae4da8017fc686881a3e8ae (patch)
tree8ea45cf604651c0a6e30cc6d2d76f2a4daefff90 /id/server/idserverlib/src/main/java/at/gv
parent198954f9257a4ec9984ea8766e216b85733a8c0f (diff)
downloadmoa-id-spss-ffb4fc9f4ff9e1779ae4da8017fc686881a3e8ae.tar.gz
moa-id-spss-ffb4fc9f4ff9e1779ae4da8017fc686881a3e8ae.tar.bz2
moa-id-spss-ffb4fc9f4ff9e1779ae4da8017fc686881a3e8ae.zip
add 'Austrian eID' demo-mode to simulate attribute behavior from 2020
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java49
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java658
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java52
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java68
9 files changed, 237 insertions, 645 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 3e6308bf6..c58f19333 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -75,6 +75,7 @@ import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
@@ -212,6 +213,18 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
try {
//generate basic authentication data
generateBasicAuthData(authData, protocolRequest, session);
+
+ //set Austrian eID demo-mode flag
+ authData.setIseIDNewDemoMode(Boolean.parseBoolean(
+ oaParam.getConfigurationValue(
+ MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE,
+ String.valueOf(false))));
+
+ if (authData.isIseIDNewDemoMode()) {
+ Logger.info("Demo-mode for 'New Austrian eID' is active. Set 'BaseIDTransferRestrication' to true");
+ authData.setBaseIDTransferRestrication(true);
+
+ }
// #### generate MOA-ID specific authentication data ######
@@ -521,6 +534,26 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
//build foreign bPKs
generateForeignbPK(authData, oaParam.foreignbPKSectorsRequested());
+
+ if (Boolean.parseBoolean(
+ oaParam.getConfigurationValue(
+ MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE,
+ String.valueOf(false)))) {
+ Logger.info("Demo-Mode for Austrian eID is active. Post-Processing authData according the new requirements ... ");
+
+ //build additional bPKs
+ Logger.debug("Search for additional bPKs");
+ generateAdditonalbPK(authData, oaParam.additionalbPKSectorsRequested());
+
+ Logger.debug("Clearing identitylink ... ");
+ authData.setIdentityLink(null);
+
+ Logger.debug("Clearing authBlock ... ");
+ authData.setAuthBlock(null);
+
+ Logger.info("Post-Processing for Austrian eID finished");
+ }
+
//####################################################################
//copy all generic authentication information, which are not processed before to authData
Iterator<String> copyInterator = includedToGenericAuthData.iterator();
@@ -827,4 +860,20 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
}
+ private void generateAdditonalbPK(MOAAuthenticationData authData, List<String> additionalbPKSectorsRequested) throws EAAFBuilderException {
+ if (additionalbPKSectorsRequested != null && !additionalbPKSectorsRequested.isEmpty()) {
+ Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... ");
+ for (String sector : additionalbPKSectorsRequested) {
+ Logger.trace("Process sector: " + sector + " ... ");
+ Pair<String, String> bpk = new BPKBuilder().generateAreaSpecificPersonIdentifier(
+ authData.getIdentificationValue(),
+ authData.getIdentificationType(),
+ sector);
+
+ Logger.trace("Calculate additional bPK for sector: " + bpk.getSecond() + " with value: " + bpk.getFirst() );
+ authData.addAdditionalbPKPair(bpk);
+
+ }
+ }
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
index a2dfeba2f..ab2a07f7c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
@@ -263,6 +263,19 @@ public String getKeyBoxIdentifier() {
returnValue.setProvideAllErrors(
Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_RETURNERROR)));
+ if (Boolean.parseBoolean(
+ spConfiguration.getConfigurationValue(
+ MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE,
+ String.valueOf(false)))) {
+ Logger.info("Demo-mode for 'New Austrian eID' is active. Restrict SAML1 response ... ");
+ returnValue.setProvideBaseId(false);
+ returnValue.setProvideAuthBlock(false);
+ returnValue.setProvideIdl(false);
+ returnValue.setProvideMandate(false);
+
+ }
+
+
return returnValue;
}
@@ -920,6 +933,16 @@ public List<String> foreignbPKSectorsRequested() {
}
+@Override
+public List<String> additionalbPKSectorsRequested() {
+ String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_ADDITIONAL_BPKS);
+ if (MiscUtil.isNotEmpty(value))
+ return KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(value));
+
+ else
+ return null;
+
+}
@Override
@@ -1002,4 +1025,5 @@ public boolean isConfigurationValue(String key, boolean defaultValue) {
}
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index 390b77dab..1b2d203c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -541,6 +541,12 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
}
@Override
+ public List<String> additionalbPKSectorsRequested() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
public boolean containsConfigurationKey(String arg0) {
// TODO Auto-generated method stub
return false;
@@ -593,6 +599,5 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
public String getLoAMatchingMode() {
return EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM;
}
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
index ff4b96aab..415f4db18 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
@@ -35,4 +35,10 @@ public interface IMOAAuthData extends IAuthData{
String getPvpAttribute_OU();
List<AuthenticationRole> getAuthenticationRoles();
+ /**
+ * Indicate Austrian eID demo-mode
+ *
+ * @return true if it is in demo-mode, otherwise false
+ */
+ public boolean isIseIDNewDemoMode();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
index ca0ae0687..c1545f354 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
@@ -69,6 +69,8 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
private LoALevelMapper loaMapper;
+ private boolean iseIDNewDemoMode = false;
+
public MOAAuthenticationData(ILoALevelMapper loaMapper) {
if (loaMapper instanceof LoALevelMapper)
this.loaMapper = (LoALevelMapper) loaMapper;
@@ -321,648 +323,18 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
public void setQualifiedCertificate(boolean qualifiedCertificate) {
this.qualifiedCertificate = qualifiedCertificate;
}
-
-
-// private static final long serialVersionUID = -1042697056735596866L;
-// public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
-//
-// /**
-// * URL of the MOA-ID Auth component issueing this assertion
-// */
-// private String issuer;
-// /**
-// * time instant of issue of this assertion
-// */
-// private Date issueInstant;
-// /**
-// * user identification value (Stammzahl); <code>null</code>,
-// * if the authentication module is configured not to return this data
-// */
-// private String identificationValue;
-// /**
-// * user identification type
-// */
-// private String identificationType;
-//
-// /**
-// * user identityLink specialized to OAParamter
-// */
-// private IIdentityLink identityLink;
-//
-// /**
-// * application specific user identifier (bPK/wbPK)
-// */
-// private String bPK;
-//
-// /**
-// * application specific user identifier type
-// */
-// private String bPKType;
-//
-// /**
-// * given name of the user
-// */
-// private String givenName;
-// /**
-// * family name of the user
-// */
-// private String familyName;
-// /**
-// * date of birth of the user
-// */
-// private Date dateOfBirth;
-// /**
-// * says whether the certificate is a qualified certificate or not
-// */
-//
-// /**
-// * says whether the certificate is a public authority or not
-// */
-// /**
-// * public authority code (Beh&ouml;rdenkennzeichen - BKZ)
-// */
-//
-//
-// /**
-// * URL of the BKU
-// */
-//
-// /**
-// * the corresponding <code>lt;saml:Assertion&gt;</code>
-// */
-//
-// private boolean isBaseIDTransferRestrication = true;
-//
-//
-// /**
-// * STORK attributes from response
-// */
-// private String ccc = null;
-//
-// private Map<String, Object> genericDataStorate = new HashedMap<String, Object>();
-//
-//
-//
-// private String authBlock = null;
-// private List<String> encbPKList = null;
-//
-// //ISA 1.18 attributes
-// private List<AuthenticationRole> roles = null;
-// private String pvpAttribute_OU = null;
-//
-// private boolean useMandate = false;
-// private IMISMandate mandate = null;
-// private String mandateReferenceValue = null;
-//
-// private boolean foreigner =false;
-// private String QAALevel = null;
-//
-// private boolean ssoSession = false;
-// private Date ssoSessionValidTo = null;
-//
-//// private boolean interfederatedSSOSession = false;
-//// private String interfederatedIDP = null;
-//
-// private String sessionIndex = null;
-// private String nameID = null;
-// private String nameIDFormat = null;
-//
-// public AuthenticationData() {
-// issueInstant = new Date();
-// }
-//
-// /**
-// * Returns the publicAuthority.
-// * @return boolean
-// */
-// public boolean isPublicAuthority() {
-// return publicAuthority;
-// }
-//
-// /**
-// * Returns the publicAuthorityCode.
-// * @return String
-// */
-// public String getPublicAuthorityCode() {
-// return publicAuthorityCode;
-// }
-//
-// /**
-// * Returns the qualifiedCertificate.
-// * @return boolean
-// */
-// public boolean isQualifiedCertificate() {
-// return qualifiedCertificate;
-// }
-//
-// /**
-// * Returns the bPK.
-// * @return String
-// */
-// public String getBPK() {
-// return bPK;
-// }
-//
-// /**
-// * Sets the publicAuthority.
-// * @param publicAuthority The publicAuthority to set
-// */
-// public void setPublicAuthority(boolean publicAuthority) {
-// this.publicAuthority = publicAuthority;
-// }
-//
-// /**
-// * Sets the publicAuthorityCode.
-// * @param publicAuthorityIdentification The publicAuthorityCode to set
-// */
-// public void setPublicAuthorityCode(String publicAuthorityIdentification) {
-// this.publicAuthorityCode = publicAuthorityIdentification;
-// }
-//
-// /**
-// * Sets the qualifiedCertificate.
-// * @param qualifiedCertificate The qualifiedCertificate to set
-// */
-// public void setQualifiedCertificate(boolean qualifiedCertificate) {
-// this.qualifiedCertificate = qualifiedCertificate;
-// }
-//
-// /**
-// * Sets the bPK.
-// * @param bPK The bPK to set
-// */
-// public void setBPK(String bPK) {
-// this.bPK = bPK;
-// }
-//
-// /**
-// * Returns the dateOfBirth.
-// * @return String
-// */
-// public Date getDateOfBirth() {
-// return dateOfBirth;
-// }
-//
-// public String getFormatedDateOfBirth() {
-// DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
-// if (getDateOfBirth() != null)
-// return pvpDateFormat.format(getDateOfBirth());
-// else
-// return "2999-12-31";
-// }
-//
-// /**
-// * Returns the familyName.
-// * @return String
-// */
-// public String getFamilyName() {
-// return familyName;
-// }
-//
-// /**
-// * Returns the givenName.
-// * @return String
-// */
-// public String getGivenName() {
-// return givenName;
-// }
-//
-// /**
-// * Holds the baseID of a citizen
-// *
-// * @return baseID
-// */
-// public String getIdentificationValue() {
-// return identificationValue;
-// }
-//
-// /**
-// * Holds the type of the baseID
-// *
-// * @return baseID-Type
-// */
-// public String getIdentificationType() {
-// return identificationType;
-// }
-//
-// /**
-// * Returns the issueInstant.
-// * @return String
-// */
-// public String getIssueInstantString() {
-// return DateTimeUtils.buildDateTimeUTC(issueInstant);
-//
-// }
-//
-// /**
-// * Returns the issueInstant.
-// * @return String
-// */
-// public Date getIssueInstant() {
-// return issueInstant;
-//
-// }
-//
-// public void setIssueInstant(Date date) {
-// this.issueInstant = date;
-// }
-//
-// /**
-// * Returns the issuer.
-// * @return String
-// */
-// public String getIssuer() {
-// return issuer;
-// }
-//
-// /**
-// * Returns the BKU URL.
-// * @return String
-// */
-// public String getBkuURL() {
-// return bkuURL;
-// }
-//
-// /**
-// * Sets the dateOfBirth.
-// * @param dateOfBirth The dateOfBirth to set
-// */
-// public void setDateOfBirth(Date dateOfBirth) {
-// this.dateOfBirth = dateOfBirth;
-// }
-//
-// public void setDateOfBirth(String dateOfBirth) {
-// try {
-// if (MiscUtil.isNotEmpty(dateOfBirth)) {
-// DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
-// this.dateOfBirth = identityLinkFormat.parse(dateOfBirth);
-// }
-//
-// } catch (ParseException e) {
-// Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e);
-//
-// }
-// }
-//
-// /**
-// * Sets the familyName.
-// * @param familyName The familyName to set
-// */
-// public void setFamilyName(String familyName) {
-// this.familyName = familyName;
-// }
-//
-// /**
-// * Sets the givenName.
-// * @param givenName The givenName to set
-// */
-// public void setGivenName(String givenName) {
-// this.givenName = givenName;
-// }
-//
-// /**
-// * Sets the identificationValue.
-// * @param identificationValue The identificationValue to set
-// */
-// public void setIdentificationValue(String identificationValue) {
-// this.identificationValue = identificationValue;
-// }
-//
-// /**
-// * Sets the identificationType.
-// * @param identificationType The identificationType to set
-// */
-// public void setIdentificationType(String identificationType) {
-// this.identificationType = identificationType;
-// }
-//
-// /**
-// * Sets the issuer.
-// * @param issuer The issuer to set
-// */
-// public void setIssuer(String issuer) {
-// this.issuer = issuer;
-// }
-//
-// /**
-// * Sets the bkuURL
-// * @param url The BKU URL to set
-// */
-// public void setBkuURL(String url) {
-// this.bkuURL = url;
-// }
-//
-// public String getBPKType() {
-// return bPKType;
-// }
-//
-// public void setBPKType(String bPKType) {
-// this.bPKType = bPKType;
-// }
-//
-
-//
-//
-
-//
-//
-// public String getEIDASQAALevel() {
-// if (this.QAALevel != null &&
-// this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
-// String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel);
-// if (MiscUtil.isNotEmpty(mappedQAA))
-// return mappedQAA;
-//
-// else {
-// Logger.error("STORK QAA-level:" + this.QAALevel
-// + " can not be mapped to eIDAS QAA-level! Use "
-// + PVPConstants.EIDAS_QAA_LOW + " as default value.");
-// return PVPConstants.EIDAS_QAA_LOW;
-//
-// }
-//
-//
-// } else
-// return this.QAALevel;
-//
-// }
-//
-//
-// /**
-// * @return
-// */
-// public boolean isForeigner() {
-// return this.foreigner;
-// }
-//
-//
-// /**
-// * @param foreigner the foreigner to set
-// */
-// public void setForeigner(boolean foreigner) {
-// this.foreigner = foreigner;
-// }
-//
-//
-
-//
-// /**
-// * @return the ssoSession
-// */
-// public boolean isSsoSession() {
-// return ssoSession;
-// }
-//
-//
-// /**
-// * @param ssoSession the ssoSession to set
-// */
-// public void setSsoSession(boolean ssoSession) {
-// this.ssoSession = ssoSession;
-// }
-//
-// /**
-// * @return the mandateReferenceValue
-// */
-// public String getMandateReferenceValue() {
-// return mandateReferenceValue;
-// }
-//
-// /**
-// * @param mandateReferenceValue the mandateReferenceValue to set
-// */
-// public void setMandateReferenceValue(String mandateReferenceValue) {
-// this.mandateReferenceValue = mandateReferenceValue;
-// }
-//
-// /**
-// * CountryCode of the citizen which is identified and authenticated
-// *
-// * @return the CountryCode <pre>like. AT, SI, ...</pre>
-// */
-// public String getCcc() {
-// return ccc;
-// }
-//
-// /**
-// * @param ccc the ccc to set
-// */
-// public void setCcc(String ccc) {
-// this.ccc = ccc;
-// }
-//
-// /**
-// * @return the sessionIndex
-// */
-// public String getSessionIndex() {
-// return sessionIndex;
-// }
-//
-// /**
-// * @param sessionIndex the sessionIndex to set
-// */
-// public void setSessionIndex(String sessionIndex) {
-// this.sessionIndex = sessionIndex;
-// }
-//
-// /* (non-Javadoc)
-// * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID()
-// */
-// @Override
-// public String getNameID() {
-// return this.nameID;
-// }
-//
-// /**
-// * @param nameID the nameID to set
-// */
-// public void setNameID(String nameID) {
-// this.nameID = nameID;
-// }
-//
-// /**
-// * @return the nameIDFormat
-// */
-// public String getNameIDFormat() {
-// return nameIDFormat;
-// }
-//
-// /**
-// * @param nameIDFormat the nameIDFormat to set
-// */
-// public void setNameIDFormat(String nameIDFormat) {
-// this.nameIDFormat = nameIDFormat;
-// }
-//
-//// /**
-//// * @return the interfederatedSSOSession
-//// */
-//// public boolean isInterfederatedSSOSession() {
-//// return interfederatedSSOSession;
-//// }
-////
-//// /**
-//// * @param interfederatedSSOSession the interfederatedSSOSession to set
-//// */
-//// public void setInterfederatedSSOSession(boolean interfederatedSSOSession) {
-//// this.interfederatedSSOSession = interfederatedSSOSession;
-//// }
-////
-//// /**
-//// * @return the interfederatedIDP
-//// */
-//// public String getInterfederatedIDP() {
-//// return interfederatedIDP;
-//// }
-////
-//// /**
-//// * @param interfederatedIDP the interfederatedIDP to set
-//// */
-//// public void setInterfederatedIDP(String interfederatedIDP) {
-//// this.interfederatedIDP = interfederatedIDP;
-//// }
-//
-// /**
-// * @return the ssoSessionValidTo
-// */
-// public Date getSsoSessionValidTo() {
-// return ssoSessionValidTo;
-// }
-//
-// /**
-// * @param ssoSessionValidTo the ssoSessionValidTo to set
-// */
-// public void setSsoSessionValidTo(Date ssoSessionValidTo) {
-// this.ssoSessionValidTo = ssoSessionValidTo;
-// }
-//
-// /**
-// * @return the encbPKList
-// */
-// public List<String> getEncbPKList() {
-// return encbPKList;
-// }
-//
-// /**
-// * @param encbPKList the encbPKList to set
-// */
-// public void setEncbPKList(List<String> encbPKList) {
-// this.encbPKList = encbPKList;
-// }
-//
-// /**
-// * @return the roles
-// */
-// public List<AuthenticationRole> getAuthenticationRoles() {
-//// if (this.roles == null) {
-//// this.roles = new ArrayList<AuthenticationRole>();
-//// this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole"));
-//// this.roles.add(new AuthenticationRole("yypvprole", "yypvprole"));
-//// }
-//
-// return roles;
-// }
-//
-// //ISA 1.18 attributes
-// /**
-// * @param roles the roles to set
-// */
-// public void addAuthenticationRole(AuthenticationRole role) {
-// if (this.roles == null)
-// this.roles = new ArrayList<AuthenticationRole>();
-//
-// this.roles.add(role);
-// }
-//
-// /**
-// * @return the pvpAttribute_OU
-// */
-// public String getPvpAttribute_OU() {
-// return pvpAttribute_OU;
-// }
-//
-// /**
-// * @param pvpAttribute_OU the pvpAttribute_OU to set
-// */
-// public void setPvpAttribute_OU(String pvpAttribute_OU) {
-// this.pvpAttribute_OU = pvpAttribute_OU;
-// }
-//
-// /* (non-Javadoc)
-// * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService()
-// */
-// @Override
-// public boolean isBaseIDTransferRestrication() {
-// return isBaseIDTransferRestrication;
-// }
-//
-// /**
-// * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set
-// */
-// public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) {
-// this.isBaseIDTransferRestrication = isBaseIDTransferRestrication;
-// }
-//
-// /**
-// * Returns a generic data-object with is stored with a specific identifier
-// *
-// * @param key The specific identifier of the data object
-// * @param clazz The class type which is stored with this key
-// * @return The data object or null if no data is found with this key
-// */
-// public <T> T getGenericData(String key, final Class<T> clazz) {
-// if (MiscUtil.isNotEmpty(key)) {
-// Object data = genericDataStorate.get(key);
-//
-// if (data == null)
-// return null;
-//
-// try {
-// @SuppressWarnings("unchecked")
-// T test = (T) data;
-// return test;
-//
-// } catch (Exception e) {
-// Logger.warn("Generic authentication-data object can not be casted to requsted type", e);
-// return null;
-//
-// }
-//
-// }
-//
-// Logger.warn("Can not load generic session-data with key='null'");
-// return null;
-//
-// }
-//
-// /**
-// * Store a generic data-object to session with a specific identifier
-// *
-// * @param key Identifier for this data-object
-// * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
-// * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
-// */
-// public void setGenericData(String key, Object object) throws SessionDataStorageException {
-// if (MiscUtil.isEmpty(key)) {
-// Logger.warn("Generic session-data can not be stored with a 'null' key");
-// throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null);
-//
-// }
-//
-// if (object != null) {
-// if (!Serializable.class.isInstance(object)) {
-// Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface");
-// throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null);
-//
-// }
-// }
-//
-// if (genericDataStorate.containsKey(key))
-// Logger.debug("Overwrite generic data with key:" + key);
-// else
-// Logger.trace("Add generic data with key:" + key + " to session.");
-//
-// genericDataStorate.put(key, object);
-// }
+
+
+ public boolean isIseIDNewDemoMode() {
+ return iseIDNewDemoMode;
+ }
+
+ /**
+ * Set eID demo-mode into AuthData
+ * @param iseIDNewDemoMode true if it is in demo-mode, otherwise false
+ */
+ public void setIseIDNewDemoMode(boolean iseIDNewDemoMode) {
+ this.iseIDNewDemoMode = iseIDNewDemoMode;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java
new file mode 100644
index 000000000..ec8c7629f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java
@@ -0,0 +1,52 @@
+
+package at.gv.egovernment.moa.id.protocols.builder.attributes;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+
+@PVPMETADATA
+public class BPKListAttributeBuilder extends BPKAttributeBuilder implements IPVPAttributeBuilder {
+
+ private static final Logger log = LoggerFactory.getLogger(BPKListAttributeBuilder.class);
+
+ protected static final String DELIMITER_BPK_LIST = ";";
+
+ public String getName() {
+ return BPK_LIST_NAME;
+ }
+
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+ String result = getBpkForSP(authData);
+
+ //add additional bPKs if someone are available
+ if (authData.getAdditionalbPKs() != null && !authData.getAdditionalbPKs().isEmpty()) {
+ log.info("Adding additional bPKs into bPK attribute");
+ for (Pair<String, String> el : authData.getAdditionalbPKs()) {
+ result += DELIMITER_BPK_LIST
+ + removeBpkTypePrefix(el.getSecond())
+ + DELIMITER_BPKTYPE_BPK
+ + attrMaxSize(el.getFirst());
+
+ }
+ log.trace("Authenticate user with bPK-List: " + result);
+ }
+
+ log.trace("Authenticate user with bPK/wbPK: " + result);
+ return g.buildStringAttribute(BPK_LIST_FRIENDLY_NAME, BPK_LIST_NAME, result);
+ }
+
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(BPK_LIST_FRIENDLY_NAME, BPK_LIST_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
index 139bb15cc..a1a5825b3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
@@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
+@Deprecated
@PVPMETADATA
public class EIDAuthBlock implements IPVPAttributeBuilder {
@@ -49,6 +50,13 @@ public class EIDAuthBlock implements IPVPAttributeBuilder {
try {
if (authData instanceof IMOAAuthData) {
+
+ if (((IMOAAuthData)authData).isIseIDNewDemoMode()) {
+ Logger.info(EID_AUTH_BLOCK_FRIENDLY_NAME + " is NOT available in Austrian eID demo-mode");
+ throw new UnavailableAttributeException(EID_AUTH_BLOCK_NAME);
+
+ }
+
String authblock = ((IMOAAuthData)authData).getAuthBlock();
if (MiscUtil.isNotEmpty(authblock)) {
return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
index a40c0fefb..fb101467a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -48,8 +48,16 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- if (authData instanceof IMOAAuthData) {
+ if (authData instanceof IMOAAuthData) {
if (((IMOAAuthData)authData).isUseMandate()) {
+
+ if (((IMOAAuthData)authData).isIseIDNewDemoMode()) {
+ Logger.info(MANDATE_FULL_MANDATE_FRIENDLY_NAME + " is NOT available in Austrian eID demo-mode");
+ return null;
+
+ }
+
+
//only provide full mandate if it is included.
//In case of federation only a short mandate could be include
if (((IMOAAuthData)authData).getMandate() != null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java
new file mode 100644
index 000000000..5daa71b1f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.builder.attributes;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SimpleStringAttributeGenerator implements IAttributeGenerator<String> {
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildStringAttribute(java.lang.String, java.lang.String, java.lang.String)
+ */
+ @Override
+ public String buildStringAttribute(String friendlyName, String name, String value) {
+ return value;
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildIntegerAttribute(java.lang.String, java.lang.String, int)
+ */
+ @Override
+ public String buildIntegerAttribute(String friendlyName, String name, int value) {
+ return String.valueOf(value);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildLongAttribute(java.lang.String, java.lang.String, long)
+ */
+ @Override
+ public String buildLongAttribute(String friendlyName, String name, long value) {
+ return String.valueOf(value);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildEmptyAttribute(java.lang.String, java.lang.String)
+ */
+ @Override
+ public String buildEmptyAttribute(String friendlyName, String name) {
+ return null;
+ }
+
+}