add PVP SecClass to STORK QAA mapping

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2014-11-03 09:35:14 +0100
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2014-11-03 09:35:14 +0100
commit: 72e6c6c36bcbbedf073758299acca4ad9673ba9e (patch)
tree: ac1fca0df93d671aa8648fe3afcf220cc40f8955 /id/server/idserverlib
parent: 2886006ba2ca141377e66a330df5fc52797c2755 (diff)
download: moa-id-spss-72e6c6c36bcbbedf073758299acca4ad9673ba9e.tar.gz
moa-id-spss-72e6c6c36bcbbedf073758299acca4ad9673ba9e.tar.bz2
moa-id-spss-72e6c6c36bcbbedf073758299acca4ad9673ba9e.zip
5 files changed, 76 insertions, 22 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 5c0e497a3..52488c3cb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -96,6 +96,7 @@ import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
 import at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
+import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
 import at.gv.egovernment.moa.logging.Logger;
@@ -526,10 +527,40 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 			
 		}
 		
-		if (extractor.containsAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME))
-			authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX +  
-					extractor.getSingleAttributeValue(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME));
 		
+		try {
+			String qaaLevel = extractor.getQAALevel();
+			if (MiscUtil.isNotEmpty(qaaLevel) && 
+					qaaLevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
+				authData.setQAALevel(qaaLevel);
+				
+			} else {
+				Logger.debug("Found PVP QAA level. QAA mapping process starts ... ");				
+				String mappedQAA = PVPtoSTORKMapper.getInstance().mapQAALevel(qaaLevel);
+				if (MiscUtil.isNotEmpty(mappedQAA))
+					authData.setQAALevel(mappedQAA);
+				
+				else 
+					throw new AssertionAttributeExtractorExeption("PVP SecClass not mappable");
+				
+			}
+							
+		} catch (AssertionAttributeExtractorExeption e) {
+			Logger.warn("No QAA level found in <RequestedAuthnContext> element of interfederated assertion. " +
+					"(ErrorHeader=" + e.getMessage() + ")");
+			if (extractor.containsAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)) {
+				authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX +  
+						extractor.getSingleAttributeValue(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME));
+					
+			} else {
+				Logger.info("No QAA level found. Set to default level " + 
+						PVPConstants.STORK_QAA_PREFIX + "1");
+				authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + "1");
+				
+			}
+				
+		}
+										
 		if (extractor.containsAttribute(PVPConstants.EID_AUTH_BLOCK_NAME)) {
 			try {
 				byte[] authBlock = Base64Utils.decode(extractor.getSingleAttributeValue(PVPConstants.EID_AUTH_BLOCK_NAME), false);				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
index aaded0ce6..993514ec7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
@@ -23,11 +23,10 @@
 package at.gv.egovernment.moa.id.protocols.stork2;
 
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.data.AuthenticationRole;
 import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.util.PVPtoSTORKRoleMapper;
+import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.stork.peps.auth.commons.PersonalAttribute;
@@ -44,11 +43,6 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
-import org.joda.time.format.DateTimeFormat;
-import org.joda.time.format.DateTimeFormatter;
-
-import javassist.expr.Instanceof;
-
 /**
  * @author bsuzic
  *         Date: 2/19/14, Time: 4:42 PM
@@ -125,7 +119,7 @@ public class MOAAttributeProvider {
     			&& authData.getAuthenticationRoles().size() > 0) {
 
     		storkRoles = new ArrayList<String>();
-    		PVPtoSTORKRoleMapper mapper = PVPtoSTORKRoleMapper.getInstance();
+    		PVPtoSTORKMapper mapper = PVPtoSTORKMapper.getInstance();
     		for (AuthenticationRole el : authData.getAuthenticationRoles()) {
     			String storkRole = mapper.map(el);
     			if (MiscUtil.isNotEmpty(storkRole))
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
index 20f541a1a..0ea03e29d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
@@ -33,24 +33,26 @@ import at.gv.egovernment.moa.util.MiscUtil;
  * @author tlenz
  *
  */
-public class PVPtoSTORKRoleMapper {
+public class PVPtoSTORKMapper {
 
+	private static final String PVP_SECCLASS_PREFIX = "http://www.ref.gv.at/ns/names/agiz/pvp/";
+	
 	private static final String MAPPING_RESOURCE = 
-			"resources/properties/pvp-stork_role_mapping.properties";
+			"resources/properties/pvp-stork_mapping.properties";
 	
 	private Properties mapping = null;
 	
-	private static PVPtoSTORKRoleMapper instance = null;
+	private static PVPtoSTORKMapper instance = null;
 	
-	public static PVPtoSTORKRoleMapper getInstance() {
+	public static PVPtoSTORKMapper getInstance() {
 		if (instance == null) {
-			instance = new PVPtoSTORKRoleMapper();			
+			instance = new PVPtoSTORKMapper();			
 		}
 		
 		return instance;
 	}
 	
-	private PVPtoSTORKRoleMapper() {
+	private PVPtoSTORKMapper() {
 		try {
 			mapping = new Properties();
 			mapping.load(this.getClass().getClassLoader().getResourceAsStream(MAPPING_RESOURCE));
@@ -65,9 +67,29 @@ public class PVPtoSTORKRoleMapper {
 		
 	}
 
-	/**
-	 * @param el
-	 * @return
+	/**Map a PVP SecClass to STORK QAA level
+	 * 
+	 * @param PVP SecClass pvpQAALevel
+	 * @return STORK-QAA level
+	 */	
+	public String mapQAALevel(String pvpQAALevel) {
+		if (mapping != null) {
+			String input = pvpQAALevel.substring(PVP_SECCLASS_PREFIX.length());			
+			String mappedQAA = mapping.getProperty(input);
+			if (MiscUtil.isNotEmpty(mappedQAA)) {
+				Logger.info("Map PVP SecClass " + pvpQAALevel + " to STORK-QAA " + mappedQAA);
+				return mappedQAA;
+				
+			}						
+		}		
+		Logger.warn("No mapping for PVP SecClass " + pvpQAALevel +" !");
+		return null;
+	}
+	
+	/**Map a PVP Role attribute to STORK ECAuthenticationRole attribute values
+	 * 
+	 * @param PVP Role attribute
+	 * @return STORK ECAuthenticationRole attribute value
 	 */
 	public String map(AuthenticationRole el) {
 		if (mapping != null) {
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties
new file mode 100644
index 000000000..63745f826
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties
@@ -0,0 +1,9 @@
+##PVP role mapping
+viewer=CIRCABC/viewer
+CIRCABC-viewer=CIRCABC/viewer
+
+##PVP SecClass mapping
+secclass/0=http://www.stork.gov.eu/1.0/citizenQAALevel/1
+secclass/0-1=http://www.stork.gov.eu/1.0/citizenQAALevel/2
+secclass/0-2=http://www.stork.gov.eu/1.0/citizenQAALevel/3
+secclass/0-3=http://www.stork.gov.eu/1.0/citizenQAALevel/4
+\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties
deleted file mode 100644
index 295d381cd..000000000
--- a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties
+++ /dev/null
@@ -1,2 +0,0 @@
-viewer=CIRCABC/viewer
-CIRCABC-viewer=CIRCABC/viewer
-\ No newline at end of file
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2014-11-03 09:35:14 +0100
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2014-11-03 09:35:14 +0100
commit	72e6c6c36bcbbedf073758299acca4ad9673ba9e (patch)
tree	ac1fca0df93d671aa8648fe3afcf220cc40f8955 /id/server/idserverlib
parent	2886006ba2ca141377e66a330df5fc52797c2755 (diff)
download	moa-id-spss-72e6c6c36bcbbedf073758299acca4ad9673ba9e.tar.gz moa-id-spss-72e6c6c36bcbbedf073758299acca4ad9673ba9e.tar.bz2 moa-id-spss-72e6c6c36bcbbedf073758299acca4ad9673ba9e.zip