add one file

1 files changed, 820 insertions, 0 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
new file mode 100644
index 000000000..4b29fef3b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -0,0 +1,820 @@
+/**
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.data;
+
+import java.io.Serializable;
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.commons.collections4.map.HashedMap;
+import org.w3c.dom.Element;
+
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
+import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AuthenticationData  implements IAuthData, Serializable {
+
+	private static final long serialVersionUID = -1042697056735596866L;
+	public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
+	
+	  /**
+	   * URL of the MOA-ID Auth component issueing this assertion
+	   */
+	  private String issuer;
+	  /**
+	   * time instant of issue of this assertion
+	   */
+	  private Date issueInstant;
+	  /**
+	   * user identification value (Stammzahl); <code>null</code>, 
+	   * if the authentication module is configured not to return this data
+	   */
+	  private String identificationValue;
+		/**
+		 * user identification type
+		 */
+	  private String identificationType;
+		
+		/**
+		 * user identityLink specialized to OAParamter
+		 */
+	  private IIdentityLink identityLink;
+		
+	  /**
+	   * application specific user identifier (bPK/wbPK)
+	   */
+	  private String bPK;
+	  
+	  /**
+	   * application specific user identifier type
+	   */
+	  private String bPKType;
+	  
+	  /**
+	   * given name of the user
+	   */
+	  private String givenName;
+	  /**
+	   * family name of the user
+	   */
+	  private String familyName;
+	  /**
+	   * date of birth of the user
+	   */
+	  private Date dateOfBirth;
+	  /**
+	   * says whether the certificate is a qualified certificate or not
+	   */
+	  private boolean qualifiedCertificate;
+	  /**
+	   * says whether the certificate is a public authority or not
+	   */
+	  private boolean publicAuthority;
+	  /**
+	   * public authority code (Beh&ouml;rdenkennzeichen - BKZ)
+	   */
+	  private String publicAuthorityCode;
+
+	  /**
+	   * URL of the BKU
+	   */
+	  private String bkuURL;
+	  /**
+	   * the corresponding <code>lt;saml:Assertion&gt;</code>
+	   */
+
+	  private boolean isBaseIDTransferRestrication = true;
+	  
+	  
+	 /**
+	  * STORK attributes from response
+	  */
+	  private String ccc = null;
+	  
+	  private Map<String, Object> genericDataStorate = new HashedMap<String, Object>();
+	  
+	  private byte[] signerCertificate = null;
+	  	  
+	  private String authBlock = null; 
+	  private List<String> encbPKList = null;
+	  
+	  //ISA 1.18 attributes
+	  private List<AuthenticationRole> roles = null;
+	  private String pvpAttribute_OU = null;
+	  
+	  private boolean useMandate = false;
+	  private IMISMandate mandate = null;
+	  private String mandateReferenceValue = null;
+	  
+	  private boolean foreigner =false;
+	  private String QAALevel = null;
+	  
+	  private boolean ssoSession = false;
+	  private Date ssoSessionValidTo = null;
+
+//	  private boolean interfederatedSSOSession = false;
+//	  private String interfederatedIDP = null;
+	  
+	  private String sessionIndex = null;
+	  private String nameID = null;
+	  private String nameIDFormat = null;
+	  
+	  public AuthenticationData() {
+		  issueInstant = new Date();
+	  }
+	  	  
+	  /**
+	   * Returns the publicAuthority.
+	   * @return boolean
+	   */
+	  public boolean isPublicAuthority() {
+	    return publicAuthority;
+	  }
+
+	  /**
+	   * Returns the publicAuthorityCode.
+	   * @return String
+	   */
+	  public String getPublicAuthorityCode() {
+	    return publicAuthorityCode;
+	  }
+
+	  /**
+	   * Returns the qualifiedCertificate.
+	   * @return boolean
+	   */
+	  public boolean isQualifiedCertificate() {
+	    return qualifiedCertificate;
+	  }
+
+	  /**
+	   * Returns the bPK.
+	   * @return String
+	   */
+	  public String getBPK() {
+	    return bPK;
+	  }
+
+	  /**
+	   * Sets the publicAuthority.
+	   * @param publicAuthority The publicAuthority to set
+	   */
+	  public void setPublicAuthority(boolean publicAuthority) {
+	    this.publicAuthority = publicAuthority;
+	  }
+
+	  /**
+	   * Sets the publicAuthorityCode.
+	   * @param publicAuthorityIdentification The publicAuthorityCode to set
+	   */
+	  public void setPublicAuthorityCode(String publicAuthorityIdentification) {
+	    this.publicAuthorityCode = publicAuthorityIdentification;
+	  }
+
+	  /**
+	   * Sets the qualifiedCertificate.
+	   * @param qualifiedCertificate The qualifiedCertificate to set
+	   */
+	  public void setQualifiedCertificate(boolean qualifiedCertificate) {
+	    this.qualifiedCertificate = qualifiedCertificate;
+	  }
+
+	  /**
+	   * Sets the bPK.
+	   * @param bPK The bPK to set
+	   */
+	  public void setBPK(String bPK) {
+	    this.bPK = bPK;
+	  }
+
+	  /**
+	   * Returns the dateOfBirth.
+	   * @return String
+	   */
+	  public Date getDateOfBirth() {
+	    return dateOfBirth;
+	  }
+
+	  public String getFormatedDateOfBirth() {
+			DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
+			if (getDateOfBirth() != null)
+				return pvpDateFormat.format(getDateOfBirth());
+			else
+				return "2999-12-31";
+		}
+	  
+	  /**
+	   * Returns the familyName.
+	   * @return String
+	   */
+	  public String getFamilyName() {
+	    return familyName;
+	  }
+
+	  /**
+	   * Returns the givenName.
+	   * @return String
+	   */
+	  public String getGivenName() {
+	    return givenName;
+	  }
+
+	  /**
+	   * Holds the baseID of a citizen
+	   * 
+	   * @return baseID
+	   */
+	  public String getIdentificationValue() {
+	    return identificationValue;
+	  }
+
+		/**
+		 * Holds the type of the baseID
+		 * 
+		 * @return baseID-Type
+		 */
+		public String getIdentificationType() {
+			return identificationType;
+		}
+
+	  /**
+	   * Returns the issueInstant.
+	   * @return String
+	   */
+	  public String getIssueInstantString() {
+	    return DateTimeUtils.buildDateTimeUTC(issueInstant);
+	    
+	  }
+
+	  /**
+	   * Returns the issueInstant.
+	   * @return String
+	   */
+	  public Date getIssueInstant() {
+	    return issueInstant;
+	    
+	  }
+	  
+	  public void setIssueInstant(Date date) {
+		  this.issueInstant = date;
+	  }
+	  
+	  /**
+	   * Returns the issuer.
+	   * @return String
+	   */
+	  public String getIssuer() {
+	    return issuer;
+	  }
+	  
+	  /**
+	   * Returns the BKU URL.
+	   * @return String
+	   */
+	  public String getBkuURL() {
+	    return bkuURL;
+	  }
+
+	  /**
+	   * Sets the dateOfBirth.
+	   * @param dateOfBirth The dateOfBirth to set
+	   */
+	  public void setDateOfBirth(Date dateOfBirth) {
+	    this.dateOfBirth = dateOfBirth;
+	  }
+
+	  public void setDateOfBirth(String dateOfBirth) {		  
+		  try {		  
+			  if (MiscUtil.isNotEmpty(dateOfBirth)) {
+				  DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
+				  this.dateOfBirth = identityLinkFormat.parse(dateOfBirth);
+			  }
+			  
+		  } catch (ParseException e) {
+			  Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e);
+			  
+		  }		  
+	  }
+	  
+	  /**
+	   * Sets the familyName.
+	   * @param familyName The familyName to set
+	   */
+	  public void setFamilyName(String familyName) {
+	    this.familyName = familyName;
+	  }
+
+	  /**
+	   * Sets the givenName.
+	   * @param givenName The givenName to set
+	   */
+	  public void setGivenName(String givenName) {
+	    this.givenName = givenName;
+	  }
+
+	  /**
+	   * Sets the identificationValue.
+	   * @param identificationValue The identificationValue to set
+	   */
+	  public void setIdentificationValue(String identificationValue) {
+	    this.identificationValue = identificationValue;
+	  }
+
+		/**
+		 * Sets the identificationType.
+		 * @param identificationType The identificationType to set
+		 */
+		public void setIdentificationType(String identificationType) {
+			this.identificationType = identificationType;
+		}
+
+	  /**
+	   * Sets the issuer.
+	   * @param issuer The issuer to set
+	   */
+	  public void setIssuer(String issuer) {
+	    this.issuer = issuer;
+	  }
+	  
+	  /**
+	   * Sets the bkuURL
+	   * @param url The BKU URL to set
+	   */
+	  public void setBkuURL(String url) {
+	    this.bkuURL = url;
+	  }
+
+	public String getBPKType() {
+		return bPKType;
+	}
+
+	public void setBPKType(String bPKType) {
+		this.bPKType = bPKType;
+	}
+
+	/**
+	 * @return the identityLink
+	 */
+	public IIdentityLink getIdentityLink() {
+		return identityLink;
+	}
+
+	/**
+	 * @param identityLink the identityLink to set
+	 */
+	public void setIdentityLink(IIdentityLink identityLink) {
+		this.identityLink = identityLink;
+	}
+
+	/**
+	 * @return the signerCertificate
+	 */
+	public byte[] getSignerCertificate() {
+		return signerCertificate;
+	}
+
+
+	/**
+	 * @param signerCertificate the signerCertificate to set
+	 */
+	public void setSignerCertificate(byte[] signerCertificate) {
+		this.signerCertificate = signerCertificate;
+	}
+
+
+	/**
+	 * @return the authBlock
+	 */
+	public String getAuthBlock() {
+		return authBlock;
+	}
+
+
+	/**
+	 * @param authBlock the authBlock to set
+	 */
+	public void setAuthBlock(String authBlock) {
+		this.authBlock = authBlock;
+	}
+
+
+	/**
+	 * @return the mandate
+	 */
+	public IMISMandate getMISMandate() {
+		return mandate;
+	}
+
+	public Element getMandate() {
+		if (mandate == null)
+			return null;
+		
+		//parse Element from mandate XML
+		try {
+			byte[] byteMandate = mandate.getMandate();
+			String stringMandate = new String(byteMandate);
+			return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();
+			
+		}
+		catch (Throwable e) {
+			Logger.warn("Mandate content could not be generated from MISMandate.");
+			return null;
+		}
+	}
+	
+
+	/**
+	 * @param mandate the mandate to set
+	 */
+	public void setMISMandate(IMISMandate mandate) {
+		this.mandate = mandate;
+	}
+
+
+	/**
+	 * @return the useMandate
+	 */
+	public boolean isUseMandate() {
+		return useMandate;
+	}
+
+
+	/**
+	 * @param useMandate the useMandate to set
+	 */
+	public void setUseMandate(boolean useMandate) {
+		this.useMandate = useMandate;
+	}
+
+
+	/**
+	 * @return
+	 */
+	public String getQAALevel() {
+		if (this.QAALevel != null && 
+				this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) {
+			String mappedQAA = PVPtoSTORKMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel);
+			if (MiscUtil.isNotEmpty(mappedQAA))
+				return mappedQAA;
+			
+			else {
+				Logger.error("eIDAS QAA-level:" + this.QAALevel 
+						+ " can not be mapped to STORK QAA-level! Use "
+						+ PVPConstants.STORK_QAA_1_1 + " as default value.");
+				return PVPConstants.STORK_QAA_1_1;
+				
+			}
+			
+			
+		} else
+			return this.QAALevel;
+	}
+
+	
+	public String getEIDASQAALevel() {
+		if (this.QAALevel != null && 
+				this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
+			String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel);
+			if (MiscUtil.isNotEmpty(mappedQAA))
+				return mappedQAA;
+			
+			else {
+				Logger.error("STORK QAA-level:" + this.QAALevel 
+						+ " can not be mapped to eIDAS QAA-level! Use "
+						+ PVPConstants.EIDAS_QAA_LOW + " as default value.");
+				return PVPConstants.EIDAS_QAA_LOW;
+				
+			}
+			
+			
+		} else
+			return this.QAALevel;
+		
+	}
+	
+
+	/**
+	 * @return
+	 */
+	public boolean isForeigner() {
+		return this.foreigner;
+	}
+
+
+	/**
+	 * @param foreigner the foreigner to set
+	 */
+	public void setForeigner(boolean foreigner) {
+		this.foreigner = foreigner;
+	}
+
+
+	/**
+	 * Store QAA level in eIDAS format to authentication Data
+	 * 
+	 * @param qAALevel the qAALevel to set
+	 * @throws AssertionAttributeExtractorExeption 
+	 */
+	public void setQAALevel(String qAALevel) {
+			QAALevel = qAALevel;
+			
+	}
+
+	/**
+	 * @return the ssoSession
+	 */
+	public boolean isSsoSession() {
+		return ssoSession;
+	}
+
+
+	/**
+	 * @param ssoSession the ssoSession to set
+	 */
+	public void setSsoSession(boolean ssoSession) {
+		this.ssoSession = ssoSession;
+	}
+
+	/**
+	 * @return the mandateReferenceValue
+	 */
+	public String getMandateReferenceValue() {
+		return mandateReferenceValue;
+	}
+
+	/**
+	 * @param mandateReferenceValue the mandateReferenceValue to set
+	 */
+	public void setMandateReferenceValue(String mandateReferenceValue) {
+		this.mandateReferenceValue = mandateReferenceValue;
+	}
+
+	/**
+	 * CountryCode of the citizen which is identified and authenticated
+	 * 
+	 * @return the CountryCode <pre>like. AT, SI, ...</pre>
+	 */
+	public String getCcc() {
+		return ccc;
+	}
+
+	/**
+	 * @param ccc the ccc to set
+	 */
+	public void setCcc(String ccc) {
+		this.ccc = ccc;
+	}
+
+	/**
+	 * @return the sessionIndex
+	 */
+	public String getSessionIndex() {
+		return sessionIndex;
+	}
+
+	/**
+	 * @param sessionIndex the sessionIndex to set
+	 */
+	public void setSessionIndex(String sessionIndex) {
+		this.sessionIndex = sessionIndex;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID()
+	 */
+	@Override
+	public String getNameID() {
+		return this.nameID;
+	}
+
+	/**
+	 * @param nameID the nameID to set
+	 */
+	public void setNameID(String nameID) {
+		this.nameID = nameID;
+	}
+
+	/**
+	 * @return the nameIDFormat
+	 */
+	public String getNameIDFormat() {
+		return nameIDFormat;
+	}
+
+	/**
+	 * @param nameIDFormat the nameIDFormat to set
+	 */
+	public void setNameIDFormat(String nameIDFormat) {
+		this.nameIDFormat = nameIDFormat;
+	}
+
+//	/**
+//	 * @return the interfederatedSSOSession
+//	 */
+//	public boolean isInterfederatedSSOSession() {
+//		return interfederatedSSOSession;
+//	}
+//
+//	/**
+//	 * @param interfederatedSSOSession the interfederatedSSOSession to set
+//	 */
+//	public void setInterfederatedSSOSession(boolean interfederatedSSOSession) {
+//		this.interfederatedSSOSession = interfederatedSSOSession;
+//	}
+//
+//	/**
+//	 * @return the interfederatedIDP
+//	 */
+//	public String getInterfederatedIDP() {
+//		return interfederatedIDP;
+//	}
+//
+//	/**
+//	 * @param interfederatedIDP the interfederatedIDP to set
+//	 */
+//	public void setInterfederatedIDP(String interfederatedIDP) {
+//		this.interfederatedIDP = interfederatedIDP;
+//	}
+
+	/**
+	 * @return the ssoSessionValidTo
+	 */
+	public Date getSsoSessionValidTo() {
+		return ssoSessionValidTo;
+	}
+
+	/**
+	 * @param ssoSessionValidTo the ssoSessionValidTo to set
+	 */
+	public void setSsoSessionValidTo(Date ssoSessionValidTo) {
+		this.ssoSessionValidTo = ssoSessionValidTo;
+	}
+
+	/**
+	 * @return the encbPKList
+	 */
+	public List<String> getEncbPKList() {
+		return encbPKList;
+	}
+
+	/**
+	 * @param encbPKList the encbPKList to set
+	 */
+	public void setEncbPKList(List<String> encbPKList) {
+		this.encbPKList = encbPKList;
+	}
+
+	/**
+	 * @return the roles
+	 */
+	public List<AuthenticationRole> getAuthenticationRoles() {
+//		if (this.roles == null) {
+//			this.roles = new ArrayList<AuthenticationRole>();
+//			this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole"));
+//			this.roles.add(new AuthenticationRole("yypvprole", "yypvprole"));
+//		}
+		
+		return roles;
+	}
+
+	//ISA 1.18 attributes
+	/**
+	 * @param roles the roles to set
+	 */
+	public void addAuthenticationRole(AuthenticationRole role) {
+		if (this.roles == null)
+			this.roles = new ArrayList<AuthenticationRole>();
+
+		this.roles.add(role);
+	}
+	
+	/**
+	 * @return the pvpAttribute_OU
+	 */
+	public String getPvpAttribute_OU() {
+		return pvpAttribute_OU;
+	}
+
+	/**
+	 * @param pvpAttribute_OU the pvpAttribute_OU to set
+	 */
+	public void setPvpAttribute_OU(String pvpAttribute_OU) {
+		this.pvpAttribute_OU = pvpAttribute_OU;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService()
+	 */
+	@Override
+	public boolean isBaseIDTransferRestrication() {
+		return isBaseIDTransferRestrication;
+	}
+
+	/**
+	 * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set
+	 */
+	public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) {
+		this.isBaseIDTransferRestrication = isBaseIDTransferRestrication;
+	}
+	
+	/**
+	 * Returns a generic data-object with is stored with a specific identifier 
+	 * 
+	 * @param key The specific identifier of the data object
+	 * @param clazz The class type which is stored with this key
+	 * @return The data object or null if no data is found with this key
+	 */
+	public <T> T getGenericData(String key, final Class<T> clazz) {
+		if (MiscUtil.isNotEmpty(key)) {
+			Object data = genericDataStorate.get(key);			
+			
+			if (data == null)
+				return null;
+			
+			try {
+				@SuppressWarnings("unchecked")
+				T test = (T) data;
+				return test;
+				
+			} catch (Exception e) {
+				Logger.warn("Generic authentication-data object can not be casted to requsted type", e);
+				return null;
+				
+			}
+			
+		} 
+		
+		Logger.warn("Can not load generic session-data with key='null'");
+		return null;
+				
+	}
+	
+	/**
+	 * Store a generic data-object to session with a specific identifier
+	 * 
+	 * @param key Identifier for this data-object
+	 * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
+	 * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
+	 */
+	public void setGenericData(String key, Object object) throws SessionDataStorageException {
+		if (MiscUtil.isEmpty(key)) {
+			Logger.warn("Generic session-data can not be stored with a 'null' key");
+			throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null);
+			
+		}
+		
+		if (object != null) {
+			if (!Serializable.class.isInstance(object)) {
+				Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface");
+				throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null);
+				
+			}						
+		}
+		
+		if (genericDataStorate.containsKey(key))
+			Logger.debug("Overwrite generic data with key:" + key);
+		else
+			Logger.trace("Add generic data with key:" + key + " to session.");
+		
+		genericDataStorate.put(key, object);
+	}
+	
+}