aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-11-03 09:35:14 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-11-03 09:35:14 +0100
commit72e6c6c36bcbbedf073758299acca4ad9673ba9e (patch)
treeac1fca0df93d671aa8648fe3afcf220cc40f8955 /id/server/idserverlib/src/main/java/at
parent2886006ba2ca141377e66a330df5fc52797c2755 (diff)
downloadmoa-id-spss-72e6c6c36bcbbedf073758299acca4ad9673ba9e.tar.gz
moa-id-spss-72e6c6c36bcbbedf073758299acca4ad9673ba9e.tar.bz2
moa-id-spss-72e6c6c36bcbbedf073758299acca4ad9673ba9e.zip
add PVP SecClass to STORK QAA mapping
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java37
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java)40
3 files changed, 67 insertions, 20 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 5c0e497a3..52488c3cb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -96,6 +96,7 @@ import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
+import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.logging.Logger;
@@ -526,10 +527,40 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
}
- if (extractor.containsAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME))
- authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX +
- extractor.getSingleAttributeValue(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME));
+ try {
+ String qaaLevel = extractor.getQAALevel();
+ if (MiscUtil.isNotEmpty(qaaLevel) &&
+ qaaLevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
+ authData.setQAALevel(qaaLevel);
+
+ } else {
+ Logger.debug("Found PVP QAA level. QAA mapping process starts ... ");
+ String mappedQAA = PVPtoSTORKMapper.getInstance().mapQAALevel(qaaLevel);
+ if (MiscUtil.isNotEmpty(mappedQAA))
+ authData.setQAALevel(mappedQAA);
+
+ else
+ throw new AssertionAttributeExtractorExeption("PVP SecClass not mappable");
+
+ }
+
+ } catch (AssertionAttributeExtractorExeption e) {
+ Logger.warn("No QAA level found in <RequestedAuthnContext> element of interfederated assertion. " +
+ "(ErrorHeader=" + e.getMessage() + ")");
+ if (extractor.containsAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)) {
+ authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX +
+ extractor.getSingleAttributeValue(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME));
+
+ } else {
+ Logger.info("No QAA level found. Set to default level " +
+ PVPConstants.STORK_QAA_PREFIX + "1");
+ authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + "1");
+
+ }
+
+ }
+
if (extractor.containsAttribute(PVPConstants.EID_AUTH_BLOCK_NAME)) {
try {
byte[] authBlock = Base64Utils.decode(extractor.getSingleAttributeValue(PVPConstants.EID_AUTH_BLOCK_NAME), false);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
index aaded0ce6..993514ec7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
@@ -23,11 +23,10 @@
package at.gv.egovernment.moa.id.protocols.stork2;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.data.AuthenticationRole;
import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.util.PVPtoSTORKRoleMapper;
+import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import eu.stork.peps.auth.commons.PersonalAttribute;
@@ -44,11 +43,6 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import org.joda.time.format.DateTimeFormat;
-import org.joda.time.format.DateTimeFormatter;
-
-import javassist.expr.Instanceof;
-
/**
* @author bsuzic
* Date: 2/19/14, Time: 4:42 PM
@@ -125,7 +119,7 @@ public class MOAAttributeProvider {
&& authData.getAuthenticationRoles().size() > 0) {
storkRoles = new ArrayList<String>();
- PVPtoSTORKRoleMapper mapper = PVPtoSTORKRoleMapper.getInstance();
+ PVPtoSTORKMapper mapper = PVPtoSTORKMapper.getInstance();
for (AuthenticationRole el : authData.getAuthenticationRoles()) {
String storkRole = mapper.map(el);
if (MiscUtil.isNotEmpty(storkRole))
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
index 20f541a1a..0ea03e29d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
@@ -33,24 +33,26 @@ import at.gv.egovernment.moa.util.MiscUtil;
* @author tlenz
*
*/
-public class PVPtoSTORKRoleMapper {
+public class PVPtoSTORKMapper {
+ private static final String PVP_SECCLASS_PREFIX = "http://www.ref.gv.at/ns/names/agiz/pvp/";
+
private static final String MAPPING_RESOURCE =
- "resources/properties/pvp-stork_role_mapping.properties";
+ "resources/properties/pvp-stork_mapping.properties";
private Properties mapping = null;
- private static PVPtoSTORKRoleMapper instance = null;
+ private static PVPtoSTORKMapper instance = null;
- public static PVPtoSTORKRoleMapper getInstance() {
+ public static PVPtoSTORKMapper getInstance() {
if (instance == null) {
- instance = new PVPtoSTORKRoleMapper();
+ instance = new PVPtoSTORKMapper();
}
return instance;
}
- private PVPtoSTORKRoleMapper() {
+ private PVPtoSTORKMapper() {
try {
mapping = new Properties();
mapping.load(this.getClass().getClassLoader().getResourceAsStream(MAPPING_RESOURCE));
@@ -65,9 +67,29 @@ public class PVPtoSTORKRoleMapper {
}
- /**
- * @param el
- * @return
+ /**Map a PVP SecClass to STORK QAA level
+ *
+ * @param PVP SecClass pvpQAALevel
+ * @return STORK-QAA level
+ */
+ public String mapQAALevel(String pvpQAALevel) {
+ if (mapping != null) {
+ String input = pvpQAALevel.substring(PVP_SECCLASS_PREFIX.length());
+ String mappedQAA = mapping.getProperty(input);
+ if (MiscUtil.isNotEmpty(mappedQAA)) {
+ Logger.info("Map PVP SecClass " + pvpQAALevel + " to STORK-QAA " + mappedQAA);
+ return mappedQAA;
+
+ }
+ }
+ Logger.warn("No mapping for PVP SecClass " + pvpQAALevel +" !");
+ return null;
+ }
+
+ /**Map a PVP Role attribute to STORK ECAuthenticationRole attribute values
+ *
+ * @param PVP Role attribute
+ * @return STORK ECAuthenticationRole attribute value
*/
public String map(AuthenticationRole el) {
if (mapping != null) {