add SZR request to get baseID

2 files changed, 174 insertions, 75 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index a8a7d0c51..0510f545a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -31,7 +31,6 @@ import java.security.PrivateKey;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Date;
-import java.util.Iterator;
 import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -66,6 +65,7 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
@@ -102,6 +102,11 @@ import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.XPathUtils;
+import at.gv.util.client.szr.SZRClient;
+import at.gv.util.config.EgovUtilPropertiesConfiguration;
+import at.gv.util.ex.EgovUtilException;
+import at.gv.util.wsdl.szr.SZRException;
+import at.gv.util.xsd.szr.PersonInfoType;
 
 /**
  * @author tlenz
@@ -406,10 +411,61 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 			}						
 		}
 		
-		if (MiscUtil.isEmpty(authData.getBPK()) && authData.getEncbPKList().size() == 0) {
-			Logger.error("Federated assertion include no bPK or encrypted bPK");
-			throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
-					+ " or " + PVPConstants.ENC_BPK_LIST_FRIENDLY_NAME);
+		if (MiscUtil.isEmpty(authData.getBPK()) && authData.getEncbPKList().size() == 0 && 
+				MiscUtil.isEmpty(authData.getIdentificationValue())) {
+			Logger.info("Federated assertion include no bPK, encrypted bPK or baseID");
+			
+			try {
+				EgovUtilPropertiesConfiguration eGovClientsConfig = AuthConfigurationProvider.getInstance().geteGovUtilsConfig();
+				if (eGovClientsConfig != null) {
+					SZRClient szrclient = new SZRClient(eGovClientsConfig);
+					
+					Logger.debug("Create SZR request to get baseID ... ");
+					PersonInfoType personInfo = new PersonInfoType();
+					at.gv.util.xsd.szr.persondata.PhysicalPersonType person = new at.gv.util.xsd.szr.persondata.PhysicalPersonType();
+					personInfo.setPerson(person);					
+					at.gv.util.xsd.szr.persondata.PersonNameType name = new at.gv.util.xsd.szr.persondata.PersonNameType();
+					person.setName(name);
+					
+					name.setGivenName(authData.getGivenName());
+					name.setFamilyName(authData.getFamilyName());
+					if (authData.getDateOfBirth() != null)
+						person.setDateOfBirth(authData.getFormatedDateOfBirth());
+				
+					authData.setIdentificationValue(szrclient.getStammzahl(personInfo));
+					authData.setIdentificationType(Constants.URN_PREFIX_BASEID);
+										
+				} else {
+					Logger.warn("No SZR clieht configuration found. Interfederation SSO login not possible.");
+					throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
+							+ " or " + PVPConstants.EID_SOURCE_PIN_NAME);
+					
+				}
+							
+			} catch (ConfigurationException e) {
+				 Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
+				throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
+						+ " or " + PVPConstants.EID_SOURCE_PIN_NAME);
+				
+			} catch (EgovUtilException e) {
+				Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
+				throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
+						+ " or " + PVPConstants.EID_SOURCE_PIN_NAME);
+				
+			} catch (SZRException e) {
+				Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
+				throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
+						+ " or " + PVPConstants.EID_SOURCE_PIN_NAME);
+				
+			}
+					
+		}
+		
+		if (MiscUtil.isEmpty(authData.getBPK())) {
+			Logger.debug("Calcutlate bPK from baseID");
+			buildOAspecificbPK(oaParam, authData, 
+					authData.getIdentificationValue(), 
+					authData.getIdentificationType());
 			
 		}
 		
@@ -443,8 +499,8 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 			try {
 				InputStream idlStream = Base64Utils.decodeToStream(extractor.getAttribute(PVPConstants.EID_IDENTITY_LINK_NAME), false);				
 				IdentityLink idl = new IdentityLinkAssertionParser(idlStream).parseIdentityLink();				
-				authData.setIdentityLink(idl);
-				
+				buildOAspecificIdentityLink(oaParam, authData, idl);
+								
 			} catch (ParseException e) {
 				Logger.error("Received IdentityLink is not valid", e);
 				
@@ -618,15 +674,11 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 	
 	private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session, 
 			IOAAuthParameters oaParam) throws BuildException, ConfigurationException {
-
-		String target = oaParam.getTarget();
 		
 		IdentityLink identityLink = session.getIdentityLink();
 
 		VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse();
 
-		boolean businessService = oaParam.getBusinessService();
-
 		authData.setIssuer(session.getAuthURL());
 				
 		//baseID or wbpk in case of BusinessService without SSO or BusinessService SSO
@@ -733,67 +785,12 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 				Logger.trace("Authenticated User is OW: " + mandate.getOWbPK());
 
             } else {
-
-                if (businessService) {
-                    //since we have foreigner, wbPK is not calculated in BKU
-                    if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
-
-                        String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier();
-
-                        if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) {
-                            // If domainIdentifier starts with prefix
-                            // "urn:publicid:gv.at:wbpk+"; remove this prefix
-                            registerAndOrdNr = registerAndOrdNr
-                                    .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
-                            Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
-                                    + registerAndOrdNr);
-                        }
-
-                        String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr);
-                        authData.setBPK(wbpkBase64);
-                        authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr);
-
-                    } else {
-                        authData.setBPK(identityLink.getIdentificationValue());
-                        authData.setBPKType(identityLink.getIdentificationType());
-
-                    }
-
-                    Logger.trace("Authenticate user with wbPK " + authData.getBPK());
-
-                    Element idlassertion = session.getIdentityLink().getSamlAssertion();
-                    //set bpk/wpbk;
-                    Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
-                    prIdentification.getFirstChild().setNodeValue(authData.getBPK());
-                    //set bkp/wpbk type
-                    Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
-                    prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType());
-
-                    IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
-                    IdentityLink idl = idlparser.parseIdentityLink();
-                                        
-                    //resign IDL
-    				IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();					
-    				Element resignedilAssertion;
-    				resignedilAssertion = identitylinkresigner.resignIdentityLink(idl.getSamlAssertion());    				    				
-    				IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion);
-    				IdentityLink resignedIDL = resignedIDLParser.parseIdentityLink();
-    				
-                    authData.setIdentityLink(resignedIDL);
-    				
-                } else {
-
-                    if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
-                        // only compute bPK if online application is a public service and we have the Stammzahl
-                        String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target);
-                        authData.setBPK(bpkBase64);
-                        authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
-                    }
-
-                    Logger.trace("Authenticate user with bPK " + authData.getBPK());
-
-                    authData.setIdentityLink(identityLink);
-                }
+            	buildOAspecificbPK(oaParam, authData, 
+            			identityLink.getIdentificationValue(), 
+            			identityLink.getIdentificationType());
+            	
+            	buildOAspecificIdentityLink(oaParam, authData, identityLink);
+            	                        
             }
 			
 					
@@ -803,4 +800,77 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
         }
 		
 	}
+	
+	private static void buildOAspecificIdentityLink(IOAAuthParameters oaParam, AuthenticationData authData, IdentityLink idl) throws MOAIDException {
+		if (oaParam.getBusinessService()) {
+            Element idlassertion = idl.getSamlAssertion();
+            //set bpk/wpbk;
+	        Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+	        prIdentification.getFirstChild().setNodeValue(authData.getBPK());
+            //set bkp/wpbk type
+            Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
+            prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType());
+
+            IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
+            IdentityLink businessServiceIdl = idlparser.parseIdentityLink();
+                                
+            //resign IDL
+			IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();					
+			Element resignedilAssertion;
+			resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion());    				    				
+			IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion);
+			IdentityLink resignedIDL = resignedIDLParser.parseIdentityLink();
+			
+            authData.setIdentityLink(resignedIDL);
+            
+        } else
+        	authData.setIdentityLink(idl);
+        	
+		
+	}		
+	
+	private static void buildOAspecificbPK(IOAAuthParameters oaParam, AuthenticationData authData, String baseID, String baseIDType) throws BuildException  {
+		
+        if (oaParam.getBusinessService()) {
+            //since we have foreigner, wbPK is not calculated in BKU
+            if (baseIDType.equals(Constants.URN_PREFIX_BASEID)) {
+
+                String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier();
+
+                if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) {
+                    // If domainIdentifier starts with prefix
+                    // "urn:publicid:gv.at:wbpk+"; remove this prefix
+                    registerAndOrdNr = registerAndOrdNr
+                            .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
+                    Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
+                            + registerAndOrdNr);
+                }
+
+                String wbpkBase64 = new BPKBuilder().buildWBPK(baseID, registerAndOrdNr);
+                authData.setBPK(wbpkBase64);
+                authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr);
+
+            } else {
+                authData.setBPK(baseID);
+                authData.setBPKType(baseIDType);
+
+            }
+
+            Logger.trace("Authenticate user with wbPK " + authData.getBPK());
+			
+        } else {
+
+            if (baseIDType.equals(Constants.URN_PREFIX_BASEID)) {
+                // only compute bPK if online application is a public service and we have the Stammzahl
+                String bpkBase64 = new BPKBuilder().buildBPK(baseID, oaParam.getTarget());
+                authData.setBPK(bpkBase64);
+                authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
+            }
+
+            Logger.trace("Authenticate user with bPK " + authData.getBPK());           
+        }
+		
+		
+	}
+	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index a62de27fc..23369fecc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -113,6 +113,8 @@ import at.gv.egovernment.moa.id.data.IssuerAndSerial;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.util.config.EgovUtilConfiguration;
+import at.gv.util.config.EgovUtilPropertiesConfiguration;
 
 /**
  * A class providing access to the Auth Part of the MOA-ID configuration data.
@@ -210,6 +212,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
   
   private static SSO ssoconfig = null;
   
+  private EgovUtilPropertiesConfiguration eGovUtilsConfig = null;
+  
   private static Date date = null;
   
   private String publicURLPreFix = null;
@@ -325,7 +329,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
 			    	  statisticProps.put(propertyName, props.get(key.toString()));
 			     }
 			  }
-			
+		     			
 			// initialize hibernate
 			synchronized (AuthConfigurationProvider.class) {
 				
@@ -384,6 +388,24 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
 //		String xmlconfigout = props.getProperty("configuration.xml.out");
 		
 		
+		//configure eGovUtils client implementations
+		
+	    //read eGovUtils client configuration
+	    Properties eGovUtilsConfigProp = new Properties();
+	    for (Object key : props.keySet()) {
+	    	String propPrefix = "service.";
+		    if (key.toString().startsWith(propPrefix+"egovutil")) {
+		    	String propertyName = key.toString().substring(propPrefix.length());
+		    	eGovUtilsConfigProp.put(propertyName, props.get(key.toString()));
+		    }
+		}
+		if (!eGovUtilsConfigProp.isEmpty()) {
+			Logger.info("Start eGovUtils client implementation configuration ...");
+			eGovUtilsConfig = 
+					new EgovUtilPropertiesConfiguration(eGovUtilsConfigProp, rootConfigFileDir);
+		}
+		
+		
 		//check if XML config should be used
 		if (MiscUtil.isNotEmpty(legacyconfig) || MiscUtil.isNotEmpty(xmlconfig)) {
 			Logger.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!");
@@ -1035,7 +1057,14 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
 	  return storkconfig;
   }
   
-  private void setCertStoreDirectory() throws ConfigurationException {
+  /**
+ * @return the eGovUtilsConfig
+ */
+public EgovUtilPropertiesConfiguration geteGovUtilsConfig() {
+	return eGovUtilsConfig;
+}
+
+private void setCertStoreDirectory() throws ConfigurationException {
 	  AuthComponentGeneral auth = getAuthComponentGeneral();
 	  
 	  if (auth.getGeneralConfiguration() != null)		  
@@ -1075,5 +1104,5 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
 	  }
 	  return moasp;
   }
-
+  
 }