diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-11-03 09:35:14 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-11-03 09:35:14 +0100 |
commit | 72e6c6c36bcbbedf073758299acca4ad9673ba9e (patch) | |
tree | ac1fca0df93d671aa8648fe3afcf220cc40f8955 /id/server/idserverlib/src/main/java/at | |
parent | 2886006ba2ca141377e66a330df5fc52797c2755 (diff) | |
download | moa-id-spss-72e6c6c36bcbbedf073758299acca4ad9673ba9e.tar.gz moa-id-spss-72e6c6c36bcbbedf073758299acca4ad9673ba9e.tar.bz2 moa-id-spss-72e6c6c36bcbbedf073758299acca4ad9673ba9e.zip |
add PVP SecClass to STORK QAA mapping
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java | 37 | ||||
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java | 10 | ||||
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java) | 40 |
3 files changed, 67 insertions, 20 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 5c0e497a3..52488c3cb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -96,6 +96,7 @@ import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; +import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; @@ -526,10 +527,40 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { } - if (extractor.containsAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)) - authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + - extractor.getSingleAttributeValue(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)); + try { + String qaaLevel = extractor.getQAALevel(); + if (MiscUtil.isNotEmpty(qaaLevel) && + qaaLevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) { + authData.setQAALevel(qaaLevel); + + } else { + Logger.debug("Found PVP QAA level. QAA mapping process starts ... "); + String mappedQAA = PVPtoSTORKMapper.getInstance().mapQAALevel(qaaLevel); + if (MiscUtil.isNotEmpty(mappedQAA)) + authData.setQAALevel(mappedQAA); + + else + throw new AssertionAttributeExtractorExeption("PVP SecClass not mappable"); + + } + + } catch (AssertionAttributeExtractorExeption e) { + Logger.warn("No QAA level found in <RequestedAuthnContext> element of interfederated assertion. " + + "(ErrorHeader=" + e.getMessage() + ")"); + if (extractor.containsAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)) { + authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + + extractor.getSingleAttributeValue(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)); + + } else { + Logger.info("No QAA level found. Set to default level " + + PVPConstants.STORK_QAA_PREFIX + "1"); + authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + "1"); + + } + + } + if (extractor.containsAttribute(PVPConstants.EID_AUTH_BLOCK_NAME)) { try { byte[] authBlock = Base64Utils.decode(extractor.getSingleAttributeValue(PVPConstants.EID_AUTH_BLOCK_NAME), false); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java index aaded0ce6..993514ec7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -23,11 +23,10 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.data.AuthenticationRole; import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.util.PVPtoSTORKRoleMapper; +import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -44,11 +43,6 @@ import java.util.HashMap; import java.util.List; import java.util.Map; -import org.joda.time.format.DateTimeFormat; -import org.joda.time.format.DateTimeFormatter; - -import javassist.expr.Instanceof; - /** * @author bsuzic * Date: 2/19/14, Time: 4:42 PM @@ -125,7 +119,7 @@ public class MOAAttributeProvider { && authData.getAuthenticationRoles().size() > 0) { storkRoles = new ArrayList<String>(); - PVPtoSTORKRoleMapper mapper = PVPtoSTORKRoleMapper.getInstance(); + PVPtoSTORKMapper mapper = PVPtoSTORKMapper.getInstance(); for (AuthenticationRole el : authData.getAuthenticationRoles()) { String storkRole = mapper.map(el); if (MiscUtil.isNotEmpty(storkRole)) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java index 20f541a1a..0ea03e29d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java @@ -33,24 +33,26 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ -public class PVPtoSTORKRoleMapper { +public class PVPtoSTORKMapper { + private static final String PVP_SECCLASS_PREFIX = "http://www.ref.gv.at/ns/names/agiz/pvp/"; + private static final String MAPPING_RESOURCE = - "resources/properties/pvp-stork_role_mapping.properties"; + "resources/properties/pvp-stork_mapping.properties"; private Properties mapping = null; - private static PVPtoSTORKRoleMapper instance = null; + private static PVPtoSTORKMapper instance = null; - public static PVPtoSTORKRoleMapper getInstance() { + public static PVPtoSTORKMapper getInstance() { if (instance == null) { - instance = new PVPtoSTORKRoleMapper(); + instance = new PVPtoSTORKMapper(); } return instance; } - private PVPtoSTORKRoleMapper() { + private PVPtoSTORKMapper() { try { mapping = new Properties(); mapping.load(this.getClass().getClassLoader().getResourceAsStream(MAPPING_RESOURCE)); @@ -65,9 +67,29 @@ public class PVPtoSTORKRoleMapper { } - /** - * @param el - * @return + /**Map a PVP SecClass to STORK QAA level + * + * @param PVP SecClass pvpQAALevel + * @return STORK-QAA level + */ + public String mapQAALevel(String pvpQAALevel) { + if (mapping != null) { + String input = pvpQAALevel.substring(PVP_SECCLASS_PREFIX.length()); + String mappedQAA = mapping.getProperty(input); + if (MiscUtil.isNotEmpty(mappedQAA)) { + Logger.info("Map PVP SecClass " + pvpQAALevel + " to STORK-QAA " + mappedQAA); + return mappedQAA; + + } + } + Logger.warn("No mapping for PVP SecClass " + pvpQAALevel +" !"); + return null; + } + + /**Map a PVP Role attribute to STORK ECAuthenticationRole attribute values + * + * @param PVP Role attribute + * @return STORK ECAuthenticationRole attribute value */ public String map(AuthenticationRole el) { if (mapping != null) { |