Refector eIDAS attribute generation do a dynamic way similar to the PVP attribute builder concept

The eIDAS attribute list in eIDAS metadata that contains currently supported attributes is also generated dynamical

1 files changed, 167 insertions, 0 deletions

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
new file mode 100644
index 000000000..1f34a912d
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
@@ -0,0 +1,167 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+import java.util.ServiceLoader;
+
+import com.google.common.collect.ImmutableSet;
+
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.Pair;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import eu.eidas.auth.commons.attribute.AttributeDefinition;
+import eu.eidas.auth.commons.attribute.AttributeDefinition.Builder;
+import eu.eidas.auth.commons.attribute.AttributeValue;
+import eu.eidas.auth.commons.attribute.AttributeValueMarshaller;
+import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASAttributeBuilder extends PVPAttributeBuilder {		
+	private static IAttributeGenerator<String> generator = new SimpleEidasAttributeGenerator();
+	
+	private static List<String> listOfSupportedeIDASAttributes;
+	private static ServiceLoader<IeIDASAttribute> eIDASAttributLoader = 
+			ServiceLoader.load(IeIDASAttribute.class);
+	
+	static {
+		List<String> supportAttrList = new ArrayList<String>();
+		
+		Logger.info("Select eIDAS attributes that are corrently providable:");
+		if (eIDASAttributLoader != null ) {		
+			Iterator<IeIDASAttribute> moduleLoaderInterator = eIDASAttributLoader.iterator();
+			while (moduleLoaderInterator.hasNext()) {
+				try {
+					IeIDASAttribute modul = moduleLoaderInterator.next();
+					Logger.info("Loading eIDAS attribut-builder Modul Information: " + modul.getName());
+					supportAttrList.add(modul.getName());
+					
+				} catch(Throwable e) {
+					Logger.error("Check configuration! " + "Some attribute-builder modul" + 
+							" is not a valid IAttributeBuilder", e);
+				}	
+			}
+		}
+		
+		listOfSupportedeIDASAttributes = Collections.unmodifiableList(supportAttrList);		
+		Logger.info("Selection of providable eIDAS attributes done");
+				
+	}
+	
+	public static List<String> getAllProvideableeIDASAttributes() {
+		return listOfSupportedeIDASAttributes;
+	}
+	
+	/**
+	 * 
+	 * @param attr
+	 * @param onlineApplicationConfiguration
+	 * @param authData
+	 * @return
+	 */
+	public static Pair<AttributeDefinition<?>,ImmutableSet<AttributeValue<?>>> buildAttribute(AttributeDefinition<?> attr, IOAAuthParameters onlineApplicationConfiguration,
+			IAuthData authData) {
+		
+		String attrName = attr.getNameUri().toString();
+		Logger.trace("Build eIDAS attribute: "+ attrName);
+		
+				
+		IAttributeBuilder attrBuilder = getAttributeBuilder(attrName);
+		if (attrBuilder != null) {
+			try {
+				String attrValue = attrBuilder.build(onlineApplicationConfiguration, authData, generator);
+				if (MiscUtil.isNotEmpty(attrValue)) {
+					//set uniqueIdentifier attribute, because eIDAS SAMLEngine use this flag to select the
+					//  Subject->NameID value from this attribute
+					Builder<?> eIDASAttrBuilder = AttributeDefinition.builder(attr);
+					eIDASAttrBuilder.uniqueIdentifier(evaluateUniqueID(attrName, authData.isUseMandate()));
+					AttributeDefinition<?> returnAttr = eIDASAttrBuilder.build();
+					
+					//unmarshal attribute value into eIDAS attribute  
+					AttributeValueMarshaller<?> attributeValueMarshaller = returnAttr.getAttributeValueMarshaller();
+		            ImmutableSet.Builder<AttributeValue<?>> builder = ImmutableSet.builder();
+						            
+		            AttributeValue<?> attributeValue = null;
+		            try {
+	                    attributeValue = attributeValueMarshaller.unmarshal(attrValue, false);
+	                    builder.add(attributeValue);
+	                    
+	                } catch (AttributeValueMarshallingException e) {
+	                    throw new IllegalStateException(e);
+	                    
+	                }
+					
+		            return Pair.newInstance(returnAttr, builder.build());
+										
+				} 
+								
+			} catch (AttributeException e) {
+				Logger.debug("Attribute can not generate requested attribute:" + attr.getNameUri().toString() + " Reason:" + e.getMessage());
+				
+			}
+			
+		} else				
+			Logger.warn("NO attribute builder FOUND for eIDAS attr: " + attrName);
+		
+		return null;
+	}
+
+	/**
+	 * This method use the information from authenticated session and 
+	 * evaluate the uniqueID flag according to eIDAS specification
+	 * 
+	 * @param attrName eIDAS attribute name that is evaluated
+	 * @param useMandate flag that indicates if the current authenticated session includes a mandate
+	 * @return true if eIDAS attribute holds the unique ID, otherwise false
+	 */
+	private static boolean evaluateUniqueID(String attrName, boolean useMandate) {
+		//if no mandate is used the natural person identifier is the unique ID
+		if (!useMandate && 
+				attrName.equals(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PERSON_IDENTIFIER.getNameUri().toString()))
+			return true;
+				
+		//if mandates are used the the legal person identifier or the natural person identifier of the mandator is the unique ID
+		else if (useMandate && 
+				attrName.equals(eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_PERSON_IDENTIFIER.getNameUri().toString()))
+			return true;
+		
+		//TODO: implement flag selector for mandates and natural persons
+		
+		
+		return false;
+	}
+
+}