aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-10-29 12:00:46 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-10-29 12:00:46 +0100
commit54f672c214839a655f66ea5caa804f4d4b68eb90 (patch)
treed9c9b4df60f328c85e18515ecad0848b9b12ca1f /id/server
parent9c7c8c568ba83e0730e7667e09a221bc2e79afe2 (diff)
downloadmoa-id-spss-54f672c214839a655f66ea5caa804f4d4b68eb90.tar.gz
moa-id-spss-54f672c214839a655f66ea5caa804f4d4b68eb90.tar.bz2
moa-id-spss-54f672c214839a655f66ea5caa804f4d4b68eb90.zip
Update authdate generation from interfedered assertion information
Diffstat (limited to 'id/server')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java23
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java83
7 files changed, 115 insertions, 3 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 2c20e96ed..48933d5c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -352,6 +352,8 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
Logger.debug("Build AuthData from assertion starts ....");
+ authData.setIsBusinessService(oaParam.getBusinessService());
+
authData.setFamilyName(extractor.getSingleAttributeValue(PVPConstants.PRINCIPAL_NAME_NAME));
authData.setGivenName(extractor.getSingleAttributeValue(PVPConstants.GIVEN_NAME_NAME));
authData.setDateOfBirth(extractor.getSingleAttributeValue(PVPConstants.BIRTHDATE_NAME));
@@ -706,6 +708,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
}
authData.setSsoSession(true);
+ authData.setInterfederatedSSOSession(true);
if (extractor.getFullAssertion().getConditions() != null && extractor.getFullAssertion().getConditions().getNotOnOrAfter() != null)
authData.setSsoSessionValidTo(extractor.getFullAssertion().getConditions().getNotOnOrAfter().toDate());
@@ -791,6 +794,8 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
authData.setForeigner(session.isForeigner());
authData.setQAALevel(session.getQAALevel());
+ authData.setIsBusinessService(oaParam.getBusinessService());
+
if (session.isForeigner()) {
try {
//TODO: replace with TSL lookup when TSL is ready!
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index 050706d7a..e20c805ac 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -27,6 +27,7 @@ import java.text.DateFormat;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Date;
import java.util.List;
@@ -117,6 +118,8 @@ public class AuthenticationData implements IAuthData, Serializable {
* the corresponding <code>lt;saml:Assertion&gt;</code>
*/
+ private boolean businessService;
+
/**
* STORK attributes from response
*/
@@ -695,6 +698,12 @@ public class AuthenticationData implements IAuthData, Serializable {
* @return the roles
*/
public List<AuthenticationRole> getAuthenticationRoles() {
+// if (this.roles == null) {
+// this.roles = new ArrayList<AuthenticationRole>();
+// this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole"));
+// this.roles.add(new AuthenticationRole("yypvprole", "yypvprole"));
+// }
+
return roles;
}
@@ -708,6 +717,20 @@ public class AuthenticationData implements IAuthData, Serializable {
this.roles.add(role);
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService()
+ */
+ @Override
+ public boolean isBusinessService() {
+ // TODO Auto-generated method stub
+ return this.businessService;
+ }
+
+ public void setIsBusinessService(boolean flag) {
+ this.businessService = flag;
+
+ }
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
index 0d55dbdd1..ebbf62ce7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
@@ -42,6 +42,7 @@ public interface IAuthData {
Date getIssueInstant();
String getIssuer();
+ boolean isBusinessService();
boolean isSsoSession();
boolean isInterfederatedSSOSession();
boolean isUseMandate();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java
index 16de43e11..1327c634b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java
@@ -38,7 +38,7 @@ public class EIDSourcePIN implements IPVPAttributeBuilder {
public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (oaParam.getBusinessService())
+ if (authData.isBusinessService())
throw new AttributePolicyException(EID_SOURCE_PIN_NAME);
else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java
index 0681419fc..2145e3af7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java
@@ -36,7 +36,7 @@ public class EIDSourcePINType implements IPVPAttributeBuilder {
public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
- if (oaParam.getBusinessService())
+ if (authData.isBusinessService())
throw new UnavailableAttributeException(EID_SOURCE_PIN_TYPE_NAME);
else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
index c5ad26744..f0373e214 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -139,7 +139,7 @@ public class AssertionAttributeExtractor {
}
public String getSingleAttributeValue(String attributeName) {
- if (attributs.containsKey(attributeName))
+ if (attributs.containsKey(attributeName) && attributs.get(attributeName).size() > 0)
return attributs.get(attributeName).get(0);
else
return null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java
new file mode 100644
index 000000000..20f541a1a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.util;
+
+import java.io.IOException;
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.data.AuthenticationRole;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class PVPtoSTORKRoleMapper {
+
+ private static final String MAPPING_RESOURCE =
+ "resources/properties/pvp-stork_role_mapping.properties";
+
+ private Properties mapping = null;
+
+ private static PVPtoSTORKRoleMapper instance = null;
+
+ public static PVPtoSTORKRoleMapper getInstance() {
+ if (instance == null) {
+ instance = new PVPtoSTORKRoleMapper();
+ }
+
+ return instance;
+ }
+
+ private PVPtoSTORKRoleMapper() {
+ try {
+ mapping = new Properties();
+ mapping.load(this.getClass().getClassLoader().getResourceAsStream(MAPPING_RESOURCE));
+ Logger.debug("PVP -> STORK Role mapping initialisation finished.");
+
+ } catch (IOException e) {
+ Logger.error("PVP -> STORK Role mapping initialisation FAILED." , e);
+ mapping = null;
+
+ }
+
+
+ }
+
+ /**
+ * @param el
+ * @return
+ */
+ public String map(AuthenticationRole el) {
+ if (mapping != null) {
+ String ecRole = mapping.getProperty(el.getRawRoleString());
+ if (MiscUtil.isNotEmpty(ecRole)) {
+ Logger.info("Map PVPRole " + el.getRawRoleString() + " to ECRole " + ecRole);
+ return ecRole;
+ }
+ }
+ Logger.warn("NO mapping for PVPRole "+ el.getRawRoleString() + " !");
+ return null;
+ }
+}