aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2018-06-22 15:20:53 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2018-06-22 15:20:53 +0200
commitd1d206293ea012fd37c891673a8b5e74ad40a0cf (patch)
tree50aae3530d0a8fb4a4556df483340091c02bd309 /id/server/idserverlib/src/main/java/at/gv
parent016663e3a46f5f41f4d621c19e49063c78ccca70 (diff)
downloadmoa-id-spss-d1d206293ea012fd37c891673a8b5e74ad40a0cf.tar.gz
moa-id-spss-d1d206293ea012fd37c891673a8b5e74ad40a0cf.tar.bz2
moa-id-spss-d1d206293ea012fd37c891673a8b5e74ad40a0cf.zip
some more pvp2 updates
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java657
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java359
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java231
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java312
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java43
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java76
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java2
20 files changed, 279 insertions, 1516 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index 8298b082b..9894ffbe9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -33,11 +33,11 @@ import org.springframework.stereotype.Service;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egiz.eaaf.modules.pvp2.PVPEventConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 998817b19..b6f78119c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -23,19 +23,14 @@
package at.gv.egovernment.moa.id.auth.builder;
import java.io.IOException;
-import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.Arrays;
-import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
-import javax.naming.ldap.LdapName;
-import javax.naming.ldap.Rdn;
-
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.w3c.dom.DOMException;
@@ -46,17 +41,24 @@ import org.w3c.dom.NodeList;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFParserException;
import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.exceptions.XPathException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
-import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -64,7 +66,6 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -82,24 +83,21 @@ import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.MiscUtil;
-import at.gv.egovernment.moa.util.XPathException;
-import at.gv.egovernment.moa.util.XPathUtils;
import at.gv.util.client.szr.SZRClient;
import at.gv.util.config.EgovUtilPropertiesConfiguration;
import at.gv.util.wsdl.szr.SZRException;
import at.gv.util.xsd.szr.PersonInfoType;
-import iaik.x509.X509Certificate;
/**
* @author tlenz
*
*/
@Service("AuthenticationDataBuilder")
-public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAuthenticationDataBuilder{
+public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder {
@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
@Autowired protected AuthConfiguration authConfig;
- @Autowired private LoALevelMapper loaLevelMapper;
+ @Autowired protected LoALevelMapper loaLevelMapper;
@Override
public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException {
@@ -108,16 +106,17 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()),
pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class));
- } catch (ConfigurationException | BuildException | WrongParametersException | DynamicOABuildException e) {
+ } catch (ConfigurationException | BuildException | WrongParametersException | DynamicOABuildException | EAAFBuilderException e) {
Logger.warn("Can not build authentication data from session information");
throw new EAAFAuthenticationException("TODO", new Object[]{},
"Can not build authentication data from session information", e);
+
}
}
private IAuthData buildAuthenticationData(IRequest pendingReq,
- IAuthenticationSession session, IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
+ IAuthenticationSession session, IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException, EAAFBuilderException {
MOAAuthenticationData authdata = null;
//only needed for SAML1 legacy support
@@ -181,96 +180,13 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
}
private void buildAuthDataFormMOASession(MOAAuthenticationData authData, IAuthenticationSession session,
- IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException {
-
- Collection<String> includedToGenericAuthData = null;
- if (session.getGenericSessionDataStorage() != null &&
- !session.getGenericSessionDataStorage().isEmpty())
- includedToGenericAuthData = session.getGenericSessionDataStorage().keySet();
- else
- includedToGenericAuthData = new ArrayList<String>();
-
- try {
- //####################################################
- //set general authData info's
- authData.setAuthenticationIssuer(protocolRequest.getAuthURL());
- authData.setSsoSession(protocolRequest.needSingleSignOnFunctionality());
- authData.setBaseIDTransferRestrication(oaParam.hasBaseIdTransferRestriction());
-
-
- //####################################################
- //parse user info's from identityLink
- IIdentityLink idlFromPVPAttr = null;
- IIdentityLink identityLink = session.getIdentityLink();
- if (identityLink != null) {
- parseBasicUserInfosFromIDL(authData, identityLink, includedToGenericAuthData);
-
- } else {
- // identityLink is not direct in MOASession
- String pvpAttrIDL = session.getGenericDataFromSession(PVPConstants.EID_IDENTITY_LINK_NAME, String.class);
- //find PVP-Attr. which contains the IdentityLink
- if (MiscUtil.isNotEmpty(pvpAttrIDL)) {
- Logger.debug("Find PVP-Attr: " + PVPConstants.EID_IDENTITY_LINK_FRIENDLY_NAME
- + " --> Parse basic user info's from that attribute.");
- InputStream idlStream = null;
- try {
- idlStream = Base64Utils.decodeToStream(pvpAttrIDL, false);
- idlFromPVPAttr = new IdentityLinkAssertionParser(idlStream).parseIdentityLink();
- parseBasicUserInfosFromIDL(authData, idlFromPVPAttr, includedToGenericAuthData);
-
- } catch (ParseException e) {
- Logger.error("Received IdentityLink is not valid", e);
-
- } catch (Exception e) {
- Logger.error("Received IdentityLink is not valid", e);
-
- } finally {
- try {
- includedToGenericAuthData.remove(PVPConstants.EID_IDENTITY_LINK_NAME);
- if (idlStream != null)
- idlStream.close();
-
- } catch (IOException e) {
- Logger.fatal("Close InputStream FAILED.", e);
-
- }
-
- }
-
- }
-
- //if no basic user info's are set yet, parse info's single PVP-Attributes
- if (MiscUtil.isEmpty(authData.getFamilyName())) {
- Logger.debug("No IdentityLink found or not parseable --> Parse basic user info's from single PVP-Attributes.");
- authData.setFamilyName(session.getGenericDataFromSession(PVPConstants.PRINCIPAL_NAME_NAME, String.class));
- authData.setGivenName(session.getGenericDataFromSession(PVPConstants.GIVEN_NAME_NAME, String.class));
- authData.setDateOfBirth(session.getGenericDataFromSession(PVPConstants.BIRTHDATE_NAME, String.class));
- authData.setIdentificationValue(session.getGenericDataFromSession(PVPConstants.EID_SOURCE_PIN_NAME, String.class));
- authData.setIdentificationType(session.getGenericDataFromSession(PVPConstants.EID_SOURCE_PIN_TYPE_NAME, String.class));
-
- //remove corresponding keys from genericSessionData if exists
- includedToGenericAuthData.remove(PVPConstants.PRINCIPAL_NAME_NAME);
- includedToGenericAuthData.remove(PVPConstants.GIVEN_NAME_NAME);
- includedToGenericAuthData.remove(PVPConstants.BIRTHDATE_NAME);
- includedToGenericAuthData.remove(PVPConstants.EID_SOURCE_PIN_NAME);
- includedToGenericAuthData.remove(PVPConstants.EID_SOURCE_PIN_TYPE_NAME);
- }
-
- }
-
- if (authData.getIdentificationType() != null &&
- !authData.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
- Logger.trace("IdentificationType is not a baseID --> clear it. ");
- authData.setBPK(authData.getIdentificationValue());
- authData.setBPKType(authData.getIdentificationType());
-
- authData.setIdentificationValue(null);
- authData.setIdentificationType(null);
-
- }
+ IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException, EAAFBuilderException {
+ try {
+ //generate basic authentication data
+ generateBasicAuthData(authData, protocolRequest, session);
- //####################################################
+ // #### generate MOA-ID specific authentication data ######
//set BKU URL
includedToGenericAuthData.remove(PVPConstants.EID_CCS_URL_NAME);
if (MiscUtil.isNotEmpty(session.getBkuURL()))
@@ -282,41 +198,50 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
//TODO: fully switch from STORK QAA to eIDAS LoA
//####################################################
//set QAA level
- includedToGenericAuthData.remove(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME);
- String currentLoA = null;
- if (MiscUtil.isNotEmpty(session.getQAALevel()))
- currentLoA = session.getQAALevel();
- else {
- currentLoA = session.getGenericDataFromSession(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, String.class);
- if (MiscUtil.isNotEmpty(currentLoA)) {
- Logger.debug("Find PVP-Attr '" + PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA
- + " --> Parse QAA-Level from that attribute.");
+ if (MiscUtil.isNotEmpty(authData.getEIDASQAALevel())) {
+ Logger.debug("Find eIDAS LoA. Map it to STORK QAA");
+ authData.setQAALevel(loaLevelMapper.mapeIDASQAAToSTORKQAA(authData.getEIDASQAALevel()));
+
+ } else {
+ Logger.info("Find NO eIDAS Loa. Starting STORK QAA processing as backup ... ");
+
+
+ includedToGenericAuthData.remove(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME);
+ String currentLoA = null;
+ if (MiscUtil.isNotEmpty(session.getQAALevel()))
+ currentLoA = session.getQAALevel();
+ else {
+ currentLoA = session.getGenericDataFromSession(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, String.class);
+ if (MiscUtil.isNotEmpty(currentLoA)) {
+ Logger.debug("Find PVP-Attr '" + PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA
+ + " --> Parse QAA-Level from that attribute.");
+ }
}
- }
- if (MiscUtil.isNotEmpty(currentLoA)) {
- if (currentLoA.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
- authData.setQAALevel(currentLoA);
- authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(currentLoA));
+ if (MiscUtil.isNotEmpty(currentLoA)) {
+ if (currentLoA.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
+ authData.setQAALevel(currentLoA);
+ authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(currentLoA));
- } else if (currentLoA.startsWith(EAAFConstants.EIDAS_QAA_PREFIX)) {
- authData.setQAALevel(loaLevelMapper.mapeIDASQAAToSTORKQAA(currentLoA));
- authData.seteIDASLoA(currentLoA);
+ } else if (currentLoA.startsWith(EAAFConstants.EIDAS_QAA_PREFIX)) {
+ authData.setQAALevel(loaLevelMapper.mapeIDASQAAToSTORKQAA(currentLoA));
+ authData.seteIDASLoA(currentLoA);
- } else {
- Logger.debug("Found PVP SecClass. QAA mapping process starts ... ");
- String mappedStorkQAA = loaLevelMapper.mapSecClassToQAALevel(currentLoA);
- if (MiscUtil.isNotEmpty(mappedStorkQAA)) {
- authData.setQAALevel(mappedStorkQAA);
- authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(mappedStorkQAA));
+ } else {
+ Logger.debug("Found PVP SecClass. QAA mapping process starts ... ");
+ String mappedStorkQAA = loaLevelMapper.mapSecClassToQAALevel(currentLoA);
+ if (MiscUtil.isNotEmpty(mappedStorkQAA)) {
+ authData.setQAALevel(mappedStorkQAA);
+ authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(mappedStorkQAA));
- }
- }
- }
+ }
+ }
+ }
+ }
//if no QAA level is set in MOASession then set default QAA level
- if (MiscUtil.isEmpty(authData.getQAALevel())) {
+ if (MiscUtil.isEmpty(authData.getEIDASQAALevel())) {
Logger.info("No QAA level found. Set to default level " + EAAFConstants.EIDAS_QAA_LOW);
authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + "1");
authData.seteIDASLoA(EAAFConstants.EIDAS_QAA_LOW);
@@ -371,65 +296,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
}
-
- //####################################################
- //set isForeigner flag
- //TODO: change to new eIDAS-token attribute identifier
- if (session.getGenericDataFromSession(PVPConstants.EID_STORK_TOKEN_NAME) != null) {
- Logger.debug("Find PVP-Attr: " + PVPConstants.EID_STORK_TOKEN_FRIENDLY_NAME
- + " --> Set 'isForeigner' flag to TRUE");
- authData.setForeigner(true);
-
- } else {
- authData.setForeigner(session.isForeigner());
-
- }
-
-
- //####################################################
- //set citizen country-code
- includedToGenericAuthData.remove(PVPConstants.EID_ISSUING_NATION_NAME);
- String pvpCCCAttr = session.getGenericDataFromSession(PVPConstants.EID_ISSUING_NATION_NAME, String.class);
- if (MiscUtil.isNotEmpty(pvpCCCAttr)) {
- authData.setCiticenCountryCode(pvpCCCAttr);
- Logger.debug("Find PVP-Attr: " + PVPConstants.EID_ISSUING_NATION_FRIENDLY_NAME);
-
- } else {
- if (authData.isForeigner()) {
- try {
- if (authData.getSignerCertificate() != null) {
- //TODO: replace with TSL lookup when TSL is ready!
- X509Certificate certificate = new X509Certificate(authData.getSignerCertificate());
- if (certificate != null) {
- LdapName ln = new LdapName(certificate.getIssuerDN()
- .getName());
- for (Rdn rdn : ln.getRdns()) {
- if (rdn.getType().equalsIgnoreCase("C")) {
- Logger.info("C is: " + rdn.getValue());
- authData.setCiticenCountryCode(rdn.getValue().toString());
- break;
- }
- }
- }
-
- } else
- Logger.warn("NO PVP-Attr: " + PVPConstants.EID_ISSUING_NATION_NAME
- + " and NO SignerCertificate in MOASession -->"
- + " Can NOT extract citizen-country of foreign person.");
-
-
- } catch (Exception e) {
- Logger.error("Failed to extract country code from certificate with message: " + e.getMessage());
-
- }
-
- } else {
- authData.setCiticenCountryCode(COUNTRYCODE_AUSTRIA);
-
- }
- }
-
-
+
//####################################################
//set max. SSO session time
includedToGenericAuthData.remove(AuthenticationSessionStorageConstants.FEDERATION_RESPONSE_VALIDE_TO);
@@ -558,11 +425,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
includedToGenericAuthData.remove(PVPConstants.MANDATE_PROF_REP_OID_NAME);
}
}
-
-
-
-
-
+
//####################################################
// set bPK and IdentityLink for Organwalter -->
// Organwalter has a special bPK is received from MIS
@@ -572,111 +435,14 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
authData.setBPK(misMandate.getOWbPK());
authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW");
Logger.trace("Authenticated User is OW: " + misMandate.getOWbPK());
-
-
- //TODO: check in case of mandates for business services
- if (identityLink != null)
- authData.setIdentityLink(identityLink);
-
- else if (idlFromPVPAttr != null){
- authData.setIdentityLink(idlFromPVPAttr);
- Logger.debug("Set IdentityLink received from federated IDP for Organwalter");
-
- } else
- Logger.info("Can NOT set Organwalter IdentityLink. Msg: No IdentityLink found");
-
-
+
//set bPK and IdenityLink for all other
- } else {
- //build bPK
- String pvpbPKValue = getbPKValueFromPVPAttribute(session);
- String pvpbPKTypeAttr = getbPKTypeFromPVPAttribute(session);
- Pair<String, String> pvpEncbPKAttr = getEncryptedbPKFromPVPAttribute(session, authData, oaParam);
-
- //check if a unique ID for this citizen exists
- if (MiscUtil.isEmpty(authData.getIdentificationValue()) &&
- MiscUtil.isEmpty(pvpbPKValue) && MiscUtil.isEmpty(authData.getBPK()) &&
- pvpEncbPKAttr == null) {
- Logger.info("Can not build authData, because moaSession include no bPK, encrypted bPK or baseID");
- throw new MOAIDException("builder.08", new Object[]{"No " + PVPConstants.BPK_FRIENDLY_NAME
- + " or " + PVPConstants.EID_SOURCE_PIN_FRIENDLY_NAME
- + " or " + PVPConstants.ENC_BPK_LIST_FRIENDLY_NAME});
-
- }
-
- // baseID is in MOASesson --> calculate bPK directly
- if (MiscUtil.isNotEmpty(authData.getIdentificationValue())) {
- Logger.debug("Citizen baseID is in MOASession --> calculate bPK from this.");
- Pair<String, String> result = buildOAspecificbPK(protocolRequest, oaParam, authData);
- authData.setBPK(result.getFirst());
- authData.setBPKType(result.getSecond());
-
- //check if bPK already added to AuthData matches OA
- } else if (MiscUtil.isNotEmpty(authData.getBPK())
- && matchsReceivedbPKToOnlineApplication(oaParam, authData.getBPKType()) ) {
- Logger.debug("Correct bPK is already included in AuthData.");
-
- //check if bPK received by PVP-Attribute matches OA
- } else if (MiscUtil.isNotEmpty(pvpbPKValue) &&
- matchsReceivedbPKToOnlineApplication(oaParam, pvpbPKTypeAttr)) {
- Logger.debug("Receive correct bPK from PVP-Attribute");
- authData.setBPK(pvpbPKValue);
- authData.setBPKType(pvpbPKTypeAttr);
-
- //check if decrypted bPK exists
- } else if (pvpEncbPKAttr != null) {
- Logger.debug("Receive bPK as encrypted bPK and decryption was possible.");
- authData.setBPK(pvpEncbPKAttr.getFirst());
- authData.setBPKType(pvpEncbPKAttr.getSecond());
+ Logger.debug("User is an OW. Set original IDL into authdata ... ");
+ authData.setIdentityLink(session.getIdentityLink());
- //ask SZR to get bPK
- } else {
- String notValidbPK = authData.getBPK();
- String notValidbPKType = authData.getBPKType();
- if (MiscUtil.isEmpty(notValidbPK) &&
- MiscUtil.isEmpty(notValidbPKType)) {
- notValidbPK = pvpbPKValue;
- notValidbPKType = pvpbPKTypeAttr;
-
- if (MiscUtil.isEmpty(notValidbPK) &&
- MiscUtil.isEmpty(notValidbPKType)) {
- Logger.fatal("No bPK in MOASession. THIS error should not occur any more.");
- throw new NullPointerException("No bPK in MOASession. THIS error should not occur any more.");
- }
- }
-
- Pair<String, String> baseIDFromSZR = getbaseIDFromSZR(authData, notValidbPK, notValidbPKType);
- if (baseIDFromSZR != null) {
- Logger.info("Receive citizen baseID from SRZ. Authentication can be completed");
- authData.setIdentificationValue(baseIDFromSZR.getFirst());
- authData.setIdentificationType(baseIDFromSZR.getSecond());
- Pair<String, String> result = buildOAspecificbPK(protocolRequest, oaParam, authData);
- authData.setBPK(result.getFirst());
- authData.setBPKType(result.getSecond());
-
- } else {
- Logger.warn("Can not build authData, because moaSession include no valid bPK, encrypted bPK or baseID");
- throw new MOAIDException("builder.08", new Object[]{"No valid " + PVPConstants.BPK_FRIENDLY_NAME
- + " or " + PVPConstants.EID_SOURCE_PIN_FRIENDLY_NAME
- + " or " + PVPConstants.ENC_BPK_LIST_FRIENDLY_NAME});
-
- }
- }
-
- //build IdentityLink
- if (identityLink != null)
- authData.setIdentityLink(buildOAspecificIdentityLink(oaParam, identityLink, authData.getBPK(), authData.getBPKType()));
- else if (idlFromPVPAttr != null) {
- authData.setIdentityLink(buildOAspecificIdentityLink(oaParam, idlFromPVPAttr, authData.getBPK(), authData.getBPKType()));
- Logger.debug("Set IdentityLink received from federated IDP");
- } else {
- Logger.info("Can NOT set IdentityLink. Msg: No IdentityLink found");
-
- }
- }
-
+ }
//###################################################################
//set PVP role attribute (implemented for ISA 1.18 action)
@@ -738,7 +504,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
}
}
- } catch (BuildException e) {
+ } catch (EAAFBuilderException e) {
throw e;
} catch (Throwable ex) {
@@ -747,38 +513,6 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
}
}
-
- /**
- * Check a bPK-Type against a Service-Provider configuration <br>
- * If bPK-Type is <code>null</code> the result is <code>false</code>.
- *
- * @param oaParam Service-Provider configuration, never null
- * @param bPKType bPK-Type to check
- * @return true, if bPK-Type matchs to Service-Provider configuration, otherwise false
- * @throws ConfigurationException
- */
- private boolean matchsReceivedbPKToOnlineApplication(IOAAuthParameters oaParam, String bPKType) throws ConfigurationException {
- return oaParam.getAreaSpecificTargetIdentifier().equals(bPKType);
-
- }
-
- private void parseBasicUserInfosFromIDL(AuthenticationData authData, IIdentityLink identityLink, Collection<String> includedGenericSessionData) {
- //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO
- authData.setIdentificationValue(identityLink.getIdentificationValue());
- authData.setIdentificationType(identityLink.getIdentificationType());
-
- authData.setGivenName(identityLink.getGivenName());
- authData.setFamilyName(identityLink.getFamilyName());
- authData.setDateOfBirth(identityLink.getDateOfBirth());
-
- //remove corresponding keys from genericSessionData if exists
- includedGenericSessionData.remove(PVPConstants.PRINCIPAL_NAME_NAME);
- includedGenericSessionData.remove(PVPConstants.GIVEN_NAME_NAME);
- includedGenericSessionData.remove(PVPConstants.BIRTHDATE_NAME);
- includedGenericSessionData.remove(PVPConstants.EID_SOURCE_PIN_NAME);
- includedGenericSessionData.remove(PVPConstants.EID_SOURCE_PIN_TYPE_NAME);
-
- }
/**
* @param authData
@@ -786,7 +520,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
* @param notValidbPKType
* @return
*/
- private Pair<String, String> getbaseIDFromSZR(AuthenticationData authData, String notValidbPK,
+ @Override
+ protected Pair<String, String> getbaseIDFromSZR(AuthenticationData authData, String notValidbPK,
String notValidbPKType) {
try {
EgovUtilPropertiesConfiguration eGovClientsConfig = authConfig.geteGovUtilsConfig();
@@ -841,7 +576,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
* MOASession as 'GenericData' <br> <pre><code>session.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class)</code></pre>
* to <code>authData</code>
*
- * @param session MOASession, but never null
+ * @param authProcessDataContainer MOASession, but never null
* @param authData AuthenticationData DAO
* @param spConfig Service-Provider configuration
*
@@ -849,194 +584,124 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
* or <code>null</code> if no attribute exists or can not decrypted
* @throws ConfigurationException
*/
- private Pair<String, String> getEncryptedbPKFromPVPAttribute(IAuthenticationSession session,
- MOAAuthenticationData authData, IOAAuthParameters spConfig) throws ConfigurationException {
- //set List of encrypted bPKs to authData DAO
- String pvpEncbPKListAttr = session.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class);
- if (MiscUtil.isNotEmpty(pvpEncbPKListAttr)) {
- List<String> encbPKList = Arrays.asList(pvpEncbPKListAttr.split(";"));
- authData.setEncbPKList(encbPKList);
-
- //check if one of this encrypted bPK could be decrypt for this Service-Provider
- for (String fullEncbPK : encbPKList) {
- int index = fullEncbPK.indexOf("|");
- if (index >= 0) {
- String encbPK = fullEncbPK.substring(index+1);
- String second = fullEncbPK.substring(0, index);
- int secIndex = second.indexOf("+");
- if (secIndex >= 0) {
- String oaTargetId = spConfig.getAreaSpecificTargetIdentifier();
- if (oaTargetId.startsWith(MOAIDAuthConstants.PREFIX_CDID)) {
- String publicServiceShortTarget = oaTargetId.substring(MOAIDAuthConstants.PREFIX_CDID.length());
- if (publicServiceShortTarget.equals(second.substring(secIndex+1))) {
- Logger.debug("Found encrypted bPK for online-application "
- + spConfig.getPublicURLPrefix()
- + " Start decryption process ...");
- PrivateKey privKey = spConfig.getBPKDecBpkDecryptionKey();
- if (privKey != null) {
- try {
- String bPK = BPKBuilder.decryptBPK(encbPK, publicServiceShortTarget, privKey);
- if (MiscUtil.isNotEmpty(bPK)) {
- Logger.info("bPK decryption process finished successfully.");
- return Pair.newInstance(bPK, oaTargetId);
-
- } else {
- Logger.error("bPK decryption FAILED.");
-
+ @Override
+ protected Pair<String, String> getEncryptedbPKFromPVPAttribute(IAuthProcessDataContainer authProcessDataContainer,
+ AuthenticationData authData, ISPConfiguration spConfig) throws EAAFBuilderException {
+ //set List of encrypted bPKs to authData DAO
+ if (authData instanceof MOAAuthenticationData &&
+ spConfig instanceof IOAAuthParameters) {
+
+ String pvpEncbPKListAttr = authProcessDataContainer.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class);
+ if (MiscUtil.isNotEmpty(pvpEncbPKListAttr)) {
+ List<String> encbPKList = Arrays.asList(pvpEncbPKListAttr.split(";"));
+ ((MOAAuthenticationData) authData).setEncbPKList(encbPKList);
+
+ //check if one of this encrypted bPK could be decrypt for this Service-Provider
+ for (String fullEncbPK : encbPKList) {
+ int index = fullEncbPK.indexOf("|");
+ if (index >= 0) {
+ String encbPK = fullEncbPK.substring(index+1);
+ String second = fullEncbPK.substring(0, index);
+ int secIndex = second.indexOf("+");
+ if (secIndex >= 0) {
+ String oaTargetId = spConfig.getAreaSpecificTargetIdentifier();
+ if (oaTargetId.startsWith(MOAIDAuthConstants.PREFIX_CDID)) {
+ String publicServiceShortTarget = oaTargetId.substring(MOAIDAuthConstants.PREFIX_CDID.length());
+ if (publicServiceShortTarget.equals(second.substring(secIndex+1))) {
+ Logger.debug("Found encrypted bPK for online-application "
+ + spConfig.getUniqueIdentifier()
+ + " Start decryption process ...");
+ PrivateKey privKey = ((IOAAuthParameters) spConfig).getBPKDecBpkDecryptionKey();
+ if (privKey != null) {
+ try {
+ String bPK = BPKBuilder.decryptBPK(encbPK, publicServiceShortTarget, privKey);
+ if (MiscUtil.isNotEmpty(bPK)) {
+ Logger.info("bPK decryption process finished successfully.");
+ return Pair.newInstance(bPK, oaTargetId);
+
+ } else {
+ Logger.error("bPK decryption FAILED.");
+
+ }
+ } catch (EAAFBuilderException e) {
+ Logger.error("bPK decryption FAILED.", e);
+
}
- } catch (BuildException e) {
- Logger.error("bPK decryption FAILED.", e);
- }
+ } else {
+ Logger.info("bPK decryption FAILED, because no valid decryption key is found.");
+
+ }
} else {
- Logger.info("bPK decryption FAILED, because no valid decryption key is found.");
+ Logger.info("Found encrypted bPK but " +
+ "encrypted bPK target does not match to online-application target");
- }
+ }
} else {
- Logger.info("Found encrypted bPK but " +
- "encrypted bPK target does not match to online-application target");
+ Logger.info("Encrypted bPKs are only allowed for public services with prefix: " + MOAIDAuthConstants.PREFIX_CDID
+ + " BUT oaTarget is " + oaTargetId);
}
-
- } else {
- Logger.info("Encrypted bPKs are only allowed for public services with prefix: " + MOAIDAuthConstants.PREFIX_CDID
- + " BUT oaTarget is " + oaTargetId);
-
- }
- }
- }
- }
- }
-
- return null;
- }
-
- /**
- * Get bPK from PVP Attribute 'BPK_NAME', which could be exist in
- * MOASession as 'GenericData' <br> <pre><code>session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class)</code></pre>
- *
- * @param session MOASession, but never null
- * @return bPK, which was received by PVP-Attribute, or <code>null</code> if no attribute exists
- */
- private String getbPKValueFromPVPAttribute(IAuthenticationSession session) {
- String pvpbPKValueAttr = session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class);
- if (MiscUtil.isNotEmpty(pvpbPKValueAttr)) {
-
- //fix a wrong bPK-value prefix, which was used in some PVP Standardportal implementations
- if (pvpbPKValueAttr.startsWith("bPK:")) {
- Logger.warn("Attribute " + PVPConstants.BPK_NAME
- + " contains a not standardize prefix! Staring attribute value correction process ...");
- pvpbPKValueAttr = pvpbPKValueAttr.substring("bPK:".length());
-
- }
-
- String[] spitted = pvpbPKValueAttr.split(":");
- if (spitted.length != 2) {
- Logger.warn("Attribute " + PVPConstants.BPK_NAME + " has a wrong encoding and can NOT be USED!"
- + " Value:" + pvpbPKValueAttr);
- return null;
-
+ }
+ }
+ }
}
- Logger.debug("Find PVP-Attr: " + PVPConstants.BPK_FRIENDLY_NAME);
- return spitted[1];
- }
+ } else
+ Logger.warn("AuthData: " + authData.getClass().getName() + " or spConfig: " + spConfig.getClass().getName()
+ + " are not MOAID data-objects");
return null;
}
- /**
- * Get bPK-Type from PVP Attribute 'EID_SECTOR_FOR_IDENTIFIER_NAME', which could be exist in
- * MOASession as 'GenericData' <br> <pre><code>session.getGenericDataFromSession(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class)</code></pre>
- *
- * @param session MOASession, but never null
- * @return bPKType, which was received by PVP-Attribute, or <code>null</code> if no attribute exists
- */
- private String getbPKTypeFromPVPAttribute(IAuthenticationSession session) {
- String pvpbPKTypeAttr = session.getGenericDataFromSession(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class);
- if (MiscUtil.isNotEmpty(pvpbPKTypeAttr)) {
-
- //fix a wrong bPK-Type encoding, which was used in some PVP Standardportal implementations
- if (pvpbPKTypeAttr.startsWith(Constants.URN_PREFIX_CDID) &&
- !pvpbPKTypeAttr.substring(Constants.URN_PREFIX_CDID.length(),
- Constants.URN_PREFIX_CDID.length() + 1).equals("+")) {
- Logger.warn("Receive uncorrect encoded bBKType attribute " + pvpbPKTypeAttr + " Starting attribute value correction ... ");
- pvpbPKTypeAttr = Constants.URN_PREFIX_CDID + "+" + pvpbPKTypeAttr.substring(Constants.URN_PREFIX_CDID.length() + 1);
-
- }
- Logger.debug("Find PVP-Attr: " + PVPConstants.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME);
- return pvpbPKTypeAttr;
- }
-
- return null;
-
-
- /*
- * INFO: This code could be used to extract the bPKType from 'PVPConstants.BPK_NAME',
- * because the prefix of BPK_NAME attribute contains the postfix of the bPKType
- *
- * Now, all PVP Standardportals should be able to send 'EID_SECTOR_FOR_IDENTIFIER'
- * PVP attributes
- */
-// String pvpbPKValueAttr = session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class);
-// String[] spitted = pvpbPKValueAttr.split(":");
-// if (MiscUtil.isEmpty(authData.getBPKType())) {
-// Logger.debug("PVP assertion contains NO bPK/wbPK target attribute. " +
-// "Starting target extraction from bPK/wbPK prefix ...");
-// //exract bPK/wbPK type from bpk attribute value prefix if type is
-// //not transmitted as single attribute
-// Pattern pattern = Pattern.compile("[a-zA-Z]{2}(-[a-zA-Z]+)?");
-// Matcher matcher = pattern.matcher(spitted[0]);
-// if (matcher.matches()) {
-// //find public service bPK
-// authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + spitted[0]);
-// Logger.debug("Found bPK prefix. Set target to " + authData.getBPKType());
-//
-// } else {
-// //find business service wbPK
-// authData.setBPKType(Constants.URN_PREFIX_WBPK+ "+" + spitted[0]);
-// Logger.debug("Found wbPK prefix. Set target to " + authData.getBPKType());
-//
-// }
-// }
-
- }
+ @Override
+ protected IIdentityLink buildOAspecificIdentityLink(ISPConfiguration spConfig, IIdentityLink idl, String bPK, String bPKType) throws EAAFConfigurationException, XPathException, DOMException, EAAFParserException {
+ if (spConfig.hasBaseIdTransferRestriction()) {
+ try {
+ Element idlassertion = idl.getSamlAssertion();
+
+ //set bpk/wpbk;
+ Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+ prIdentification.getFirstChild().setNodeValue(bPK);
- private IIdentityLink buildOAspecificIdentityLink(IOAAuthParameters oaParam, IIdentityLink idl, String bPK, String bPKType) throws MOAIDException, EAAFConfigurationException, XPathException, DOMException {
- if (oaParam.hasBaseIdTransferRestriction()) {
- Element idlassertion = idl.getSamlAssertion();
- //set bpk/wpbk;
- Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
- prIdentification.getFirstChild().setNodeValue(bPK);
- //set bkp/wpbk type
- Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
- prIdentificationType.getFirstChild().setNodeValue(bPKType);
+ //set bkp/wpbk type
+ Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
+ prIdentificationType.getFirstChild().setNodeValue(bPKType);
- IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
- IIdentityLink businessServiceIdl = idlparser.parseIdentityLink();
+ IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
+ IIdentityLink businessServiceIdl = idlparser.parseIdentityLink();
- //resign IDL
- IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
- Element resignedilAssertion;
-
- if (authConfig.isIdentityLinkResigning()) {
- resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), authConfig.getIdentityLinkResigningKey());
- } else {
- resignedilAssertion = businessServiceIdl.getSamlAssertion();
+ //resign IDL
+ IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
+ Element resignedilAssertion;
+
+ if (authConfig.isIdentityLinkResigning()) {
+ resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), authConfig.getIdentityLinkResigningKey());
+ } else {
+ resignedilAssertion = businessServiceIdl.getSamlAssertion();
+ }
+
+ IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion);
+ return resignedIDLParser.parseIdentityLink();
+
+ } catch (MOAIDException e) {
+ Logger.warn("Can not build OA specific IDL. Reason: " + e.getMessage(), e);
+ throw new EAAFParserException("TODO", null,
+ "Can not build OA specific IDL. Reason: " + e.getMessage(), e);
+
}
- IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion);
- return resignedIDLParser.parseIdentityLink();
} else
return idl;
-
-
- }
-
-
- private Pair<String, String> buildOAspecificbPK(IRequest pendingReq, IOAAuthParameters oaParam, AuthenticationData authData) throws BuildException, ConfigurationException {
+
+ }
+
+
+ @Override
+ protected Pair<String, String> buildOAspecificbPK(IRequest pendingReq, AuthenticationData authData) throws EAAFBuilderException {
+ ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
String baseID = authData.getIdentificationValue();
String baseIDType = authData.getIdentificationType();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
deleted file mode 100644
index 4bc4a7e81..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ /dev/null
@@ -1,359 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.security.InvalidKeyException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * Builder for the bPK, as defined in
- * <code>&quot;Ableitung f&uml;r die bereichsspezifische Personenkennzeichnung&quot;</code>
- * version <code>1.0.1</code> from <code>&quot;reference.e-government.gv.at&quot;</code>.
- *
- * @author Paul Schamberger
- * @version $Id$
- */
-public class BPKBuilder {
-
- /**
- * Calculates an area specific unique person-identifier from a baseID
- *
- * @param baseID baseId from user but never null
- * @param targetIdentifier target identifier for area specific identifier calculation but never null
- * @return Pair<unique person identifier for this target, targetArea> but never null
- * @throws BuildException if some input data are not valid
- */
- public Pair<String, String> generateAreaSpecificPersonIdentifier(String baseID, String targetIdentifier) throws BuildException{
- return generateAreaSpecificPersonIdentifier(baseID, Constants.URN_PREFIX_BASEID, targetIdentifier);
-
- }
-
- /**
- * Calculates an area specific unique person-identifier from an unique identifier with a specific type
- *
- * @param baseID baseId from user but never null
- * @param baseIdType Type of the baseID but never null
- * @param targetIdentifier target identifier for area specific identifier calculation but never null
- * @return Pair<unique person identifier for this target, targetArea> but never null
- * @throws BuildException if some input data are not valid
- */
- public Pair<String, String> generateAreaSpecificPersonIdentifier(String baseID, String baseIdType, String targetIdentifier) throws BuildException{
- if (MiscUtil.isEmpty(baseID))
- throw new BuildException("builder.00", new Object[]{"baseID is empty or null"});
-
- if (MiscUtil.isEmpty(baseIdType))
- throw new BuildException("builder.00", new Object[]{"the type of baseID is empty or null"});
-
- if (MiscUtil.isEmpty(targetIdentifier))
- throw new BuildException("builder.00", new Object[]{"OA specific target identifier is empty or null"});
-
- if (baseIdType.equals(Constants.URN_PREFIX_BASEID)) {
- Logger.trace("Find baseID. Starting unique identifier caluclation for this target");
-
- if (targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_CDID) ||
- targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_WPBK) ||
- targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_STORK)) {
- Logger.trace("Calculate bPK, wbPK, or STORK identifier for target: " + targetIdentifier);
- return Pair.newInstance(calculatebPKwbPK(baseID + "+" + targetIdentifier), targetIdentifier);
-
- } else if (targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_EIDAS)) {
- Logger.trace("Calculate eIDAS identifier for target: " + targetIdentifier);
- String[] splittedTarget = targetIdentifier.split("\\+");
- String cititzenCountryCode = splittedTarget[1];
- String eIDASOutboundCountry = splittedTarget[2];
-
- if (cititzenCountryCode.equalsIgnoreCase(eIDASOutboundCountry)) {
- Logger.warn("Suspect configuration FOUND!!! CitizenCountry equals DestinationCountry");
-
- }
- return buildeIDASIdentifer(baseID, baseIdType, cititzenCountryCode, eIDASOutboundCountry);
-
-
- } else
- throw new BuildException("builder.00",
- new Object[]{"Target identifier: " + targetIdentifier + " is NOT allowed or unknown"});
-
- } else {
- Logger.trace("BaseID is not of type " + Constants.URN_PREFIX_BASEID + ". Check type against requested target ...");
- if (baseIdType.equals(targetIdentifier)) {
- Logger.debug("Unique identifier is already area specific. Is nothing todo");
- return Pair.newInstance(baseID, targetIdentifier);
-
- } else {
- Logger.warn("Get unique identifier for target: " + baseIdType + " but target: " + targetIdentifier + " is required!");
- throw new BuildException("builder.00",
- new Object[]{"Get unique identifier for target: " + baseIdType + " but target: " + targetIdentifier + " is required"});
-
- }
- }
- }
-
-
- /**
- * Builds the storkeid from the given parameters.
- *
- * @param baseID baseID of the citizen
- * @param baseIDType Type of the baseID
- * @param sourceCountry CountryCode of that country, which build the eIDAs ID
- * @param destinationCountry CountryCode of that country, which receives the eIDAs ID
- *
- * @return Pair<eIDAs, bPKType> in a BASE64 encoding
- * @throws BuildException if an error occurs on building the wbPK
- */
- private Pair<String, String> buildeIDASIdentifer(String baseID, String baseIDType, String sourceCountry, String destinationCountry)
- throws BuildException {
- String bPK = null;
- String bPKType = null;
-
- // check if we have been called by public sector application
- if (baseIDType.startsWith(Constants.URN_PREFIX_BASEID)) {
- bPKType = Constants.URN_PREFIX_EIDAS + "+" + sourceCountry + "+" + destinationCountry;
- Logger.debug("Building eIDAS identification from: [identValue]+" + bPKType);
- bPK = calculatebPKwbPK(baseID + "+" + bPKType);
-
- } else { // if not, sector identification value is already calculated by BKU
- Logger.debug("eIDAS eIdentifier already provided by BKU");
- bPK = baseID;
- }
-
- if ((MiscUtil.isEmpty(bPK) ||
- MiscUtil.isEmpty(sourceCountry) ||
- MiscUtil.isEmpty(destinationCountry))) {
- throw new BuildException("builder.00",
- new Object[]{"eIDAS-ID", "Unvollständige Parameterangaben: identificationValue=" +
- bPK + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry});
- }
-
- Logger.debug("Building eIDAS identification from: " + sourceCountry+"/"+destinationCountry+"/" + "[identValue]");
- String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bPK;
-
- return Pair.newInstance(eIdentifier, bPKType);
- }
-
-// /**
-// * Builds the bPK from the given parameters.
-// *
-// * @param identificationValue Base64 encoded "Stammzahl"
-// * @param target "Bereich lt. Verordnung des BKA"
-// * @return bPK in a BASE64 encoding
-// * @throws BuildException if an error occurs on building the bPK
-// */
-// private String buildBPK(String identificationValue, String target)
-// throws BuildException {
-//
-// if ((identificationValue == null ||
-// identificationValue.length() == 0 ||
-// target == null ||
-// target.length() == 0)) {
-// throw new BuildException("builder.00",
-// new Object[]{"BPK", "Unvollständige Parameterangaben: identificationValue=" +
-// identificationValue + ",target=" + target});
-// }
-// String basisbegriff;
-// if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
-// basisbegriff = identificationValue + "+" + target;
-// else
-// basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target;
-//
-// return calculatebPKwbPK(basisbegriff);
-// }
-//
-// /**
-// * Builds the wbPK from the given parameters.
-// *
-// * @param identificationValue Base64 encoded "Stammzahl"
-// * @param registerAndOrdNr type of register + "+" + number in register.
-// * @return wbPK in a BASE64 encoding
-// * @throws BuildException if an error occurs on building the wbPK
-// */
-// private String buildWBPK(String identificationValue, String registerAndOrdNr)
-// throws BuildException {
-//
-// if ((identificationValue == null ||
-// identificationValue.length() == 0 ||
-// registerAndOrdNr == null ||
-// registerAndOrdNr.length() == 0)) {
-// throw new BuildException("builder.00",
-// new Object[]{"wbPK", "Unvollständige Parameterangaben: identificationValue=" +
-// identificationValue + ",Register+Registernummer=" + registerAndOrdNr});
-// }
-//
-// String basisbegriff;
-// if (registerAndOrdNr.startsWith(Constants.URN_PREFIX_WBPK + "+"))
-// basisbegriff = identificationValue + "+" + registerAndOrdNr;
-// else
-// basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr;
-//
-// return calculatebPKwbPK(basisbegriff);
-// }
-//
-// private String buildbPKorwbPK(String baseID, String bPKorwbPKTarget) throws BuildException {
-// if (MiscUtil.isEmpty(baseID) ||
-// !(bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_CDID + "+") ||
-// bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_WBPK + "+") ||
-// bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_STORK + "+")) ) {
-// throw new BuildException("builder.00",
-// new Object[]{"bPK/wbPK", "bPK or wbPK target " + bPKorwbPKTarget
-// + " has an unkown prefix."});
-//
-// }
-//
-// return calculatebPKwbPK(baseID + "+" + bPKorwbPKTarget);
-//
-// }
-
- public static String encryptBPK(String bpk, String target, PublicKey publicKey) throws BuildException {
- MiscUtil.assertNotNull(bpk, "BPK");
- MiscUtil.assertNotNull(publicKey, "publicKey");
-
- SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");
- if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
- target = target.substring((Constants.URN_PREFIX_CDID + "+").length());
-
- String input = "V1::urn:publicid:gv.at:cdid+" + target + "::"
- + bpk + "::"
- + sdf.format(new Date());
- System.out.println(input);
- byte[] result;
- try {
- byte[] inputBytes = input.getBytes("ISO-8859-1");
- result = encrypt(inputBytes, publicKey);
- return new String(Base64Utils.encode(result, "ISO-8859-1")).replaceAll("\r\n", "");
-
- } catch (Exception e) {
- throw new BuildException("bPK encryption FAILED", null, e);
- }
- }
-
- public static String decryptBPK(String encryptedBpk, String target, PrivateKey privateKey) throws BuildException {
- MiscUtil.assertNotEmpty(encryptedBpk, "Encrypted BPK");
- MiscUtil.assertNotNull(privateKey, "Private key");
- String decryptedString;
- try {
- byte[] encryptedBytes = Base64Utils.decode(encryptedBpk, false, "ISO-8859-1");
- byte[] decryptedBytes = decrypt(encryptedBytes, privateKey);
- decryptedString = new String(decryptedBytes, "ISO-8859-1");
-
- } catch (Exception e) {
- throw new BuildException("bPK decryption FAILED", null, e);
- }
- String tmp = decryptedString.substring(decryptedString.indexOf('+') + 1);
- String sector = tmp.substring(0, tmp.indexOf("::"));
- tmp = tmp.substring(tmp.indexOf("::") + 2);
- String bPK = tmp.substring(0, tmp.indexOf("::"));
-
- if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
- target = target.substring((Constants.URN_PREFIX_CDID + "+").length());
-
- if (target.equals(sector))
- return bPK;
-
- else {
- Logger.error("Decrypted bPK does not match to request bPK target.");
- return null;
- }
- }
-
- private String calculatebPKwbPK(String basisbegriff) throws BuildException {
- try {
- MessageDigest md = MessageDigest.getInstance("SHA-1");
- byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1"));
- String hashBase64 = Base64Utils.encode(hash);
- return hashBase64;
-
- } catch (Exception ex) {
- throw new BuildException("builder.00", new Object[]{"bPK/wbPK", ex.toString()}, ex);
- }
-
- }
-
- private static byte[] encrypt(byte[] inputBytes, PublicKey publicKey) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
- byte[] result;
- Cipher cipher = null;
- try {
- cipher = Cipher.getInstance("RSA/ECB/OAEPPadding"); // try with bouncycastle
- } catch(NoSuchAlgorithmException e) {
- cipher = Cipher.getInstance("RSA/ECB/OAEP"); // try with iaik provider
- }
- cipher.init(Cipher.ENCRYPT_MODE, publicKey);
- result = cipher.doFinal(inputBytes);
-
- return result;
- }
-
- private static byte[] decrypt(byte[] encryptedBytes, PrivateKey privateKey)
- throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException{
- byte[] result;
- Cipher cipher = null;
- try {
- cipher = Cipher.getInstance("RSA/ECB/OAEPPadding"); // try with bouncycastle
- } catch(NoSuchAlgorithmException e) {
- cipher = Cipher.getInstance("RSA/ECB/OAEP"); // try with iaik provider
- }
- cipher.init(Cipher.DECRYPT_MODE, privateKey);
- result = cipher.doFinal(encryptedBytes);
- return result;
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java
index aa462c480..3dfba9cca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java
@@ -10,12 +10,13 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.Identificati
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
import at.gv.egiz.eaaf.modules.pvp2.idp.api.builder.ISubjectNameIdGenerator;
import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -97,7 +98,7 @@ public class MOAIDSubjectNameIdGenerator implements ISubjectNameIdGenerator {
try {
return new BPKBuilder().generateAreaSpecificPersonIdentifier(bpk, spConfig.getAreaSpecificTargetIdentifier());
- } catch (BuildException e) {
+ } catch (EAAFBuilderException e) {
Logger.warn("Can NOT generate SubjectNameId." , e);
throw new ResponderErrorException("pvp2.01", null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index d23e32c81..926bfe242 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -48,13 +48,13 @@ import java.util.Map;
import org.apache.commons.collections4.map.HashedMap;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants;
import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -618,17 +618,17 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi
* @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setGenericDataToSession(java.lang.String, java.lang.Object)
*/
@Override
- public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException {
+ public void setGenericDataToSession(String key, Object object) throws EAAFStorageException {
if (MiscUtil.isEmpty(key)) {
Logger.warn("Generic session-data can not be stored with a 'null' key");
- throw new SessionDataStorageException("Generic session-data can not be stored with a 'null' key", null);
+ throw new EAAFStorageException("Generic session-data can not be stored with a 'null' key");
}
if (object != null) {
if (!Serializable.class.isInstance(object)) {
Logger.warn("Generic session-data can only store objects which implements the 'Seralizable' interface");
- throw new SessionDataStorageException("Generic session-data can only store objects which implements the 'Seralizable' interface", null);
+ throw new EAAFStorageException("Generic session-data can only store objects which implements the 'Seralizable' interface");
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java
index fb584047e..aea6f26fb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java
@@ -26,79 +26,35 @@ import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Collections;
-import java.util.Date;
-import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants;
import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
import iaik.x509.X509Certificate;
/**
* @author tlenz
*
*/
-public class AuthenticationSessionWrapper implements IAuthenticationSession, AuthProzessDataConstants {
+public class AuthenticationSessionWrapper extends AuthProcessDataWrapper implements IAuthenticationSession, AuthProzessDataConstants {
-
- private Map<String, Object> sessionData;
/**
* @param genericDataStorage
*/
public AuthenticationSessionWrapper(Map<String, Object> genericDataStorage) {
- this.sessionData = genericDataStorage;
- }
-
- private <T> T wrapStringObject(String key, Object defaultValue, Class<T> clazz) {
- if (MiscUtil.isNotEmpty(key)) {
- Object obj = sessionData.get(key);
- if (obj != null && clazz.isInstance(obj))
- return (T) obj;
- }
+ super(genericDataStorage);
- if (defaultValue == null)
- return null;
-
- else if (clazz.isInstance(defaultValue))
- return (T)defaultValue;
-
- else {
- Logger.error("DefaultValue: " + defaultValue.getClass().getName() + " is not of Type:" + clazz.getName());
- throw new IllegalStateException("DefaultValue: " + defaultValue.getClass().getName() + " is not of Type:" + clazz.getName());
-
- }
}
+
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isAuthenticated()
- */
- @Override
- public boolean isAuthenticated() {
- return wrapStringObject(FLAG_IS_AUTHENTICATED, false, Boolean.class);
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthenticated(boolean)
- */
- @Override
- public void setAuthenticated(boolean authenticated) {
- sessionData.put(FLAG_IS_AUTHENTICATED, authenticated);
-
- }
-
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSignerCertificate()
*/
@@ -133,7 +89,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
@Override
public void setSignerCertificate(X509Certificate signerCertificate) {
try {
- sessionData.put(VALUE_SIGNER_CERT, signerCertificate.getEncoded());
+ authProcessData.put(VALUE_SIGNER_CERT, signerCertificate.getEncoded());
}catch (CertificateEncodingException e) {
Logger.warn("Signer certificate can not be stored to session database!", e);
@@ -142,15 +98,6 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
}
/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIdentityLink()
- */
- @Override
- public IIdentityLink getIdentityLink() {
- return wrapStringObject(VALUE_IDENTITYLINK, null, IIdentityLink.class);
-
- }
-
- /* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionID()
*/
@Override
@@ -160,20 +107,11 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
}
/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIdentityLink(at.gv.egovernment.moa.id.auth.data.IdentityLink)
- */
- @Override
- public void setIdentityLink(IIdentityLink identityLink) {
- sessionData.put(VALUE_IDENTITYLINK, identityLink);
-
- }
-
- /* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSessionID(java.lang.String)
*/
@Override
public void setSSOSessionID(String sessionId) {
- sessionData.put(ISSOManager.AUTH_DATA_SSO_SESSIONID, sessionId);
+ authProcessData.put(ISSOManager.AUTH_DATA_SSO_SESSIONID, sessionId);
}
@@ -190,7 +128,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
*/
@Override
public void setBkuURL(String bkuURL) {
- sessionData.put(VALUE_BKUURL, bkuURL);
+ authProcessData.put(VALUE_BKUURL, bkuURL);
}
@@ -207,7 +145,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
*/
@Override
public void setAuthBlock(String authBlock) {
- sessionData.put(VALUE_AUTHBLOCK, authBlock);
+ authProcessData.put(VALUE_AUTHBLOCK, authBlock);
}
@@ -224,7 +162,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
*/
@Override
public void setExtendedSAMLAttributesAUTH(List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH) {
- sessionData.put(VALUE_EXTENTEDSAMLATTRAUTH, extendedSAMLAttributesAUTH);
+ authProcessData.put(VALUE_EXTENTEDSAMLATTRAUTH, extendedSAMLAttributesAUTH);
}
@@ -241,7 +179,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
*/
@Override
public void setExtendedSAMLAttributesOA(List<ExtendedSAMLAttribute> extendedSAMLAttributesOA) {
- sessionData.put(VALUE_EXTENTEDSAMLATTROA, extendedSAMLAttributesOA);
+ authProcessData.put(VALUE_EXTENTEDSAMLATTROA, extendedSAMLAttributesOA);
}
@@ -258,24 +196,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
*/
@Override
public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) {
- sessionData.put(FLAG_SAMLATTRIBUTEGEBEORWBPK, samlAttributeGebeORwbpk);
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant()
- */
- @Override
- public String getIssueInstant() {
- return wrapStringObject(VALUE_ISSUEINSTANT, null, String.class);
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIssueInstant(java.lang.String)
- */
- @Override
- public void setIssueInstant(String issueInstant) {
- sessionData.put(VALUE_ISSUEINSTANT, issueInstant);
+ authProcessData.put(FLAG_SAMLATTRIBUTEGEBEORWBPK, samlAttributeGebeORwbpk);
}
@@ -292,28 +213,11 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
}
/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandates(boolean)
- */
- @Override
- public void setUseMandates(boolean useMandates) {
- sessionData.put(FLAG_USE_MANDATE, useMandates);
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isMandateUsed()
- */
- @Override
- public boolean isMandateUsed() {
- return wrapStringObject(FLAG_USE_MANDATE, false, Boolean.class);
- }
-
- /* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISSessionID(java.lang.String)
*/
@Override
public void setMISSessionID(String misSessionID) {
- sessionData.put(VALUE_MISSESSIONID, misSessionID);
+ authProcessData.put(VALUE_MISSESSIONID, misSessionID);
}
@@ -338,24 +242,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
*/
@Override
public void setMandateReferenceValue(String mandateReferenceValue) {
- sessionData.put(VALUE_MISREFVALUE, mandateReferenceValue);
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isForeigner()
- */
- @Override
- public boolean isForeigner() {
- return wrapStringObject(FLAG_IS_FOREIGNER, false, Boolean.class);
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setForeigner(boolean)
- */
- @Override
- public void setForeigner(boolean isForeigner) {
- sessionData.put(FLAG_IS_FOREIGNER, isForeigner);
+ authProcessData.put(VALUE_MISREFVALUE, mandateReferenceValue);
}
@@ -372,7 +259,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
*/
@Override
public void setXMLVerifySignatureResponse(IVerifiyXMLSignatureResponse xMLVerifySignatureResponse) {
- sessionData.put(VALUE_VERIFYSIGRESP, xMLVerifySignatureResponse);
+ authProcessData.put(VALUE_VERIFYSIGRESP, xMLVerifySignatureResponse);
}
@@ -389,27 +276,10 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
*/
@Override
public void setMISMandate(IMISMandate mandate) {
- sessionData.put(VALUE_MISMANDATE, mandate);
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isOW()
- */
- @Override
- public boolean isOW() {
- return wrapStringObject(FLAG_IS_ORGANWALTER, false, Boolean.class);
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setOW(boolean)
- */
- @Override
- public void setOW(boolean isOW) {
- sessionData.put(FLAG_IS_ORGANWALTER, isOW);
+ authProcessData.put(VALUE_MISMANDATE, mandate);
}
-
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlockTokken()
*/
@@ -423,78 +293,13 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
*/
@Override
public void setAuthBlockTokken(String authBlockTokken) {
- sessionData.put(VALUE_AUTNBLOCKTOKKEN, authBlockTokken);
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getQAALevel()
- */
- @Override
- public String getQAALevel() {
- return wrapStringObject(VALUE_QAALEVEL, null, String.class);
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setQAALevel(java.lang.String)
- */
- @Override
- public void setQAALevel(String qAALevel) {
- sessionData.put(VALUE_QAALEVEL, qAALevel);
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionCreated()
- */
- @Override
- public Date getSessionCreated() {
- return wrapStringObject(EAAFConstants.AUTH_DATA_CREATED, null, Date.class);
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericSessionDataStorage()
- */
- @Override
- public Map<String, Object> getGenericSessionDataStorage() {
- Map<String, Object> result = new HashMap<String, Object>();
- for (String el : sessionData.keySet()) {
- if (el.startsWith(GENERIC_PREFIX))
- result.put(el.substring(GENERIC_PREFIX.length()), sessionData.get(el));
-
- }
-
- return result;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String)
- */
- @Override
- public Object getGenericDataFromSession(String key) {
- return sessionData.get(GENERIC_PREFIX + key);
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String, java.lang.Class)
- */
- @Override
- public <T> T getGenericDataFromSession(String key, Class<T> clazz) {
- return wrapStringObject(GENERIC_PREFIX + key, null, clazz);
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setGenericDataToSession(java.lang.String, java.lang.Object)
- */
- @Override
- public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException {
- sessionData.put(GENERIC_PREFIX + key, object);
+ authProcessData.put(VALUE_AUTNBLOCKTOKKEN, authBlockTokken);
}
@Override
public Map<String, Object> getKeyValueRepresentationFromAuthSession() {
- return Collections.unmodifiableMap(sessionData);
+ return Collections.unmodifiableMap(authProcessData);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
deleted file mode 100644
index 2690bc2cc..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
+++ /dev/null
@@ -1,312 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.data;
-
-import java.io.IOException;
-import java.io.Serializable;
-import java.security.PublicKey;
-
-import javax.xml.transform.TransformerException;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
-import at.gv.egovernment.moa.util.DOMUtils;
-
-
-/**
- * Data contained in an identity link issued by BMI, relevant to the MOA ID component.
- * <br><code>"IdentityLink"</code> is the translation of <code>"Personenbindung"</code>.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class IdentityLink implements Serializable, IIdentityLink{
-
- private static final long serialVersionUID = 1L;
-
- /**
- * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
- */
- private String identificationValue;
- /**
- * <code>"identificationType"</code> type of the identificationValue in the IdentityLink.
- */
- private String identificationType;
- /**
- * first name
- */
- private String givenName;
- /**
- * family name
- */
- private String familyName;
-
- /**
- * The name as (givenName + familyName)
- */
- private String name;
- /**
- * date of birth
- */
- private String dateOfBirth;
- /**
- * the original saml:Assertion-Element
- */
- private Element samlAssertion;
- /**
- * the serializes saml:Assertion
- */
- private String serializedSamlAssertion;
- /**
- * Element /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person
- */
- private Element prPerson;
- /**
- * we need for each dsig:Reference Element all
- * transformation elements
- */
- private Element[] dsigReferenceTransforms;
-
- /**
- * The issuing time of the identity link SAML assertion.
- */
- private String issueInstant;
-
- /**
- * we need all public keys stored in
- * the identity link
- */
- private PublicKey[] publicKey;
-
- /**
- * Constructor for IdentityLink
- */
- public IdentityLink() {
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDateOfBirth()
- */
- @Override
-public String getDateOfBirth() {
- return dateOfBirth;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getFamilyName()
- */
- @Override
-public String getFamilyName() {
- return familyName;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getGivenName()
- */
- @Override
-public String getGivenName() {
- return givenName;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getName()
- */
- @Override
-public String getName() {
- if (name == null) {
- name = givenName + " " + familyName;
- }
- return name;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationValue()
- */
- @Override
-public String getIdentificationValue() {
- return identificationValue;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationType()
- */
- @Override
- public String getIdentificationType() {
- return identificationType;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDateOfBirth(java.lang.String)
- */
- @Override
-public void setDateOfBirth(String dateOfBirth) {
- this.dateOfBirth = dateOfBirth;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setFamilyName(java.lang.String)
- */
- @Override
-public void setFamilyName(String familyName) {
- this.familyName = familyName;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setGivenName(java.lang.String)
- */
- @Override
-public void setGivenName(String givenName) {
- this.givenName = givenName;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationValue(java.lang.String)
- */
- @Override
-public void setIdentificationValue(String identificationValue) {
- this.identificationValue = identificationValue;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationType(java.lang.String)
- */
- @Override
- public void setIdentificationType(String identificationType) {
- this.identificationType = identificationType;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSamlAssertion()
- */
- @Override
-public Element getSamlAssertion() {
- return samlAssertion;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSerializedSamlAssertion()
- */
- @Override
-public String getSerializedSamlAssertion() {
- return serializedSamlAssertion;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setSamlAssertion(org.w3c.dom.Element)
- */
- @Override
-public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException {
- this.samlAssertion = samlAssertion;
- this.serializedSamlAssertion = DOMUtils.serializeNode(samlAssertion);
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDsigReferenceTransforms()
- */
- @Override
-public Element[] getDsigReferenceTransforms() {
- return dsigReferenceTransforms;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDsigReferenceTransforms(org.w3c.dom.Element[])
- */
- @Override
-public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) {
- this.dsigReferenceTransforms = dsigReferenceTransforms;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPublicKey()
- */
- @Override
-public PublicKey[] getPublicKey() {
- return publicKey;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPublicKey(java.security.PublicKey[])
- */
- @Override
-public void setPublicKey(PublicKey[] publicKey) {
- this.publicKey = publicKey;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPrPerson()
- */
- @Override
-public Element getPrPerson() {
- return prPerson;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPrPerson(org.w3c.dom.Element)
- */
- @Override
-public void setPrPerson(Element prPerson) {
- this.prPerson = prPerson;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIssueInstant()
- */
- @Override
-public String getIssueInstant() {
- return issueInstant;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIssueInstant(java.lang.String)
- */
- @Override
-public void setIssueInstant(String issueInstant) {
- this.issueInstant = issueInstant;
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
index 8f7364f62..3ff22b84d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
@@ -58,15 +58,15 @@ import java.util.List;
import org.w3c.dom.Element;
import org.w3c.dom.traversal.NodeIterator;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.IdentityLink;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
import at.gv.egovernment.moa.id.auth.exception.ECDSAConverterException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
import at.gv.egovernment.moa.id.util.ECDSAKeyValueConverter;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
/**
* Parses an identity link <code>&lt;saml:Assertion&gt;</code>
@@ -259,7 +259,7 @@ public class IdentityLinkAssertionParser {
public IIdentityLink parseIdentityLink() throws ParseException {
IIdentityLink identityLink;
- try {
+ try {
identityLink = new IdentityLink();
identityLink.setSamlAssertion(assertionElem);
identityLink.setIssueInstant(assertionElem.getAttribute(ISSUE_INSTANT_ATTR));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
index b54a43fff..e6b4e9bb8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
@@ -54,12 +54,12 @@ import java.io.InputStream;
import org.w3c.dom.Element;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
/**
* Parses a <code>&lt;VerifyXMLSignatureResponse&gt;</code> returned by
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
index 89e543209..97d1e7132 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
@@ -910,12 +910,6 @@ public boolean containsConfigurationKey(String arg0) {
@Override
-public String getConfigurationValue(String arg0) {
- return spConfiguration.getConfigurationValue(arg0);
-}
-
-
-@Override
public Map<String, String> getFullConfiguration() {
return spConfiguration.getFullConfiguration();
}
@@ -951,4 +945,41 @@ public String getMinimumLevelOfAssurence() {
}
+@Override
+public String getConfigurationValue(String key) {
+ return spConfiguration.getConfigurationValue(key);
+}
+
+@Override
+public String getConfigurationValue(String key, String defaultValue) {
+ String value = getConfigurationValue(key);
+ if (value == null)
+ return defaultValue;
+ else
+ return value;
+}
+
+
+@Override
+public Boolean isConfigurationValue(String key) {
+ String value = getConfigurationValue(key);
+ if (value == null)
+ return Boolean.parseBoolean(value);
+
+ return null;
+
+}
+
+
+@Override
+public boolean isConfigurationValue(String key, boolean defaultValue) {
+ String value = getConfigurationValue(key);
+ if (value == null)
+ return Boolean.parseBoolean(value);
+ else
+ return defaultValue;
+
+}
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index 11932f52a..76a53ee40 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -559,5 +559,23 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
return getQaaLevel();
}
+ @Override
+ public String getConfigurationValue(String arg0, String arg1) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Boolean isConfigurationValue(String arg0) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isConfigurationValue(String arg0, boolean arg1) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
index b8dccfa65..ff4b96aab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
@@ -5,7 +5,6 @@ import java.util.List;
import org.w3c.dom.Element;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
public interface IMOAAuthData extends IAuthData{
@@ -18,8 +17,7 @@ public interface IMOAAuthData extends IAuthData{
*/
String getQAALevel();
- List<String> getEncbPKList();
- IIdentityLink getIdentityLink();
+ List<String> getEncbPKList();
byte[] getSignerCertificate();
String getAuthBlock();
boolean isPublicAuthority();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java
index 25d50f57a..d1e1e5c60 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java
@@ -51,10 +51,10 @@ import java.io.Serializable;
import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.MiscUtil;
public class MISMandate implements Serializable, IMISMandate{
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
index e0dd30db3..b5d46fea3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
@@ -28,14 +28,14 @@ import java.util.List;
import org.w3c.dom.Element;
+import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.util.LoALevelMapper;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -47,7 +47,6 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class MOAAuthenticationData extends AuthenticationData implements IMOAAuthData, Serializable {
private static final long serialVersionUID = 1L;
- private IIdentityLink identityLink;
private boolean qualifiedCertificate;
private boolean publicAuthority;
private String publicAuthorityCode;
@@ -70,8 +69,9 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
private LoALevelMapper loaMapper;
- public MOAAuthenticationData(LoALevelMapper loaMapper) {
- this.loaMapper = loaMapper;
+ public MOAAuthenticationData(ILoALevelMapper loaMapper) {
+ if (loaMapper instanceof LoALevelMapper)
+ this.loaMapper = (LoALevelMapper) loaMapper;
}
@@ -82,19 +82,22 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
public String getQAALevel() {
if (this.QAALevel != null &&
this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) {
- String mappedQAA = loaMapper.mapeIDASQAAToSTORKQAA(this.QAALevel);
- if (MiscUtil.isNotEmpty(mappedQAA))
- return mappedQAA;
-
- else {
- Logger.error("eIDAS QAA-level:" + this.QAALevel
- + " can not be mapped to STORK QAA-level! Use "
+ if (loaMapper != null) {
+ String mappedQAA = loaMapper.mapeIDASQAAToSTORKQAA(this.QAALevel);
+ if (MiscUtil.isNotEmpty(mappedQAA))
+ return mappedQAA;
+ else {
+ Logger.error("eIDAS QAA-level:" + this.QAALevel
+ + " can not be mapped to STORK QAA-level! Use "
+ + PVPConstants.STORK_QAA_1_1 + " as default value.");
+ }
+
+ } else
+ Logger.error("NO LoALevelMapper found. Use "
+ PVPConstants.STORK_QAA_1_1 + " as default value.");
- return PVPConstants.STORK_QAA_1_1;
-
- }
-
+ return PVPConstants.STORK_QAA_1_1;
+
} else
return this.QAALevel;
@@ -107,18 +110,6 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
@Override
- public IIdentityLink getIdentityLink() {
- return identityLink;
- }
-
- /**
- * @param identityLink the identityLink to set
- */
- public void setIdentityLink(IIdentityLink identityLink) {
- this.identityLink = identityLink;
- }
-
- @Override
public byte[] getSignerCertificate() {
return signerCertificate;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java
deleted file mode 100644
index 2c0a9fe74..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import java.io.IOException;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.util.Base64Utils;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.id.data.IMOAAuthData;
-
-
-
-public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder {
- private static final Logger log = LoggerFactory.getLogger(EIDIdentityLinkBuilder.class);
-
-
- public String getName() {
- return EID_IDENTITY_LINK_NAME;
- }
-
- public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
- IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- try {
- String ilAssertion = null;
- if (authData instanceof IMOAAuthData
- && ((IMOAAuthData)authData).getIdentityLink() == null)
- throw new UnavailableAttributeException(EID_IDENTITY_LINK_NAME);
-
- ilAssertion = ((IMOAAuthData)authData).getIdentityLink().getSerializedSamlAssertion();
-
- return g.buildStringAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
- EID_IDENTITY_LINK_NAME, Base64Utils.encodeToString(ilAssertion.getBytes("UTF-8")));
-
-
- } catch (IOException e) {
- log.warn("IdentityLink serialization error.", e);
- return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
- EID_IDENTITY_LINK_NAME);
- }
-
- }
-
- public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
- return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
- EID_IDENTITY_LINK_NAME);
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
index 171dfe2d9..af96a9459 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -33,10 +33,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index b2a2aad88..af64ffe64 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -32,9 +32,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -91,7 +92,7 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
}
}
- catch (BuildException | ConfigurationException e) {
+ catch (BuildException | ConfigurationException | EAAFBuilderException e) {
Logger.error("Failed to generate IdentificationType");
throw new NoMandateDataAttributeException();
@@ -105,7 +106,7 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME);
}
- protected Pair<String, String> internalBPKGenerator(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException {
+ protected Pair<String, String> internalBPKGenerator(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException {
//get PVP attribute directly, if exists
Pair<String, String> calcResult = null;
if (authData instanceof IMOAAuthData) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
index 16b179d89..75ca2ccdf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
@@ -33,11 +33,11 @@ import org.opensaml.saml2.metadata.provider.FilterException;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.xml.XMLObject;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils;
import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.MiscUtil;
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
index 81041260c..d8114f19d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
@@ -35,6 +35,7 @@ import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -57,7 +58,6 @@ import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse;
import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo;
import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.MiscUtil;
public class IdentityLinkReSigner {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index 885d03fd8..397e28bc2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -62,13 +62,13 @@ import javax.xml.parsers.ParserConfigurationException;
import org.xml.sax.SAXException;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;