aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java58
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java44
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java154
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java83
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java62
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java1
-rw-r--r--id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder2
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java5
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java4
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java8
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java94
15 files changed, 482 insertions, 97 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index c58f19333..acf59cebf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -36,6 +36,7 @@ import java.util.Map.Entry;
import javax.annotation.PostConstruct;
+import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.w3c.dom.DOMException;
@@ -81,6 +82,9 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
@@ -532,7 +536,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
}
//build foreign bPKs
- generateForeignbPK(authData, oaParam.foreignbPKSectorsRequested());
+ generateForeignbPK(oaParam, authData);
if (Boolean.parseBoolean(
@@ -806,9 +810,41 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
}
- private void generateForeignbPK(MOAAuthenticationData authData, List<String> foreignSectors) {
+ private void generateForeignbPK(IOAAuthParameters oaParam, MOAAuthenticationData authData) {
+ List<String> foreignSectors = oaParam.foreignbPKSectorsRequested();
+
if (foreignSectors != null && !foreignSectors.isEmpty()) {
- Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... ");
+ Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... ");
+
+
+ String mandatorBaseId = null;
+ String mandatorBaseIdType = null;
+ boolean isMandatorBaseIdAvailable = false;
+ if (authData.isUseMandate()) {
+ try {
+ Logger.trace("Mandates are used. Extracting mandators sourceID from mandate to calculate foreign encrypted bPKs... ");
+
+ //TODO: remove this workaround in a further version!!!
+ boolean flagBak = authData.isBaseIDTransferRestrication();
+ authData.setBaseIDTransferRestrication(false);
+ mandatorBaseId = new MandateNaturalPersonSourcePinAttributeBuilder().build(
+ oaParam, authData, new SimpleStringAttributeGenerator());
+ mandatorBaseIdType = new MandateNaturalPersonSourcePinTypeAttributeBuilder().build(
+ oaParam, authData, new SimpleStringAttributeGenerator());
+ authData.setBaseIDTransferRestrication(flagBak);
+
+ isMandatorBaseIdAvailable = StringUtils.isNotEmpty(mandatorBaseId) && StringUtils.isNotEmpty(mandatorBaseIdType);
+ if (!isMandatorBaseIdAvailable)
+ Logger.debug("Can NOT extract mandators sourceId for natural persons from mandate.");
+
+ } catch (Exception e) {
+ Logger.debug("Can NOT extract mandators sourceId for natural persons from mandate. Reason: " + e.getMessage());
+ if (Logger.isTraceEnabled())
+ Logger.warn("Detail: ", e);
+
+ }
+ }
+
for (String foreignSector : foreignSectors) {
Logger.trace("Process sector: " + foreignSector + " ... ");
if (encKeyMap.containsKey(foreignSector)) {
@@ -838,9 +874,23 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
authData.getIdentificationType(),
sector);
String foreignbPK = BPKBuilder.encryptBPK(bpk.getFirst(), bpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey());
- authData.getEncbPKList().add("(" + foreignSector + "|" + foreignbPK + ")");
+
+ authData.getEncbPKList().add(Pair.newInstance(foreignbPK, foreignSector));
Logger.debug("Foreign bPK for sector: " + foreignSector + " created.");
+
+ //calculate foreign bPKs for natural-person mandates
+ if (isMandatorBaseIdAvailable) {
+ Pair<String, String> mandatorbpk = new BPKBuilder().generateAreaSpecificPersonIdentifier(
+ mandatorBaseId,
+ mandatorBaseIdType,
+ sector);
+ String foreignMandatorbPK = BPKBuilder.encryptBPK(mandatorbpk.getFirst(), mandatorbpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey());
+
+ authData.getEncMandateNaturalPersonbPKList().add(Pair.newInstance(foreignMandatorbPK, foreignSector));
+ Logger.debug("Foreign mandator bPK for sector: " + foreignSector + " created.");
+
+ }
}
} catch (Exception e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
index 415f4db18..af4cf6fa7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
@@ -5,6 +5,7 @@ import java.util.List;
import org.w3c.dom.Element;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
public interface IMOAAuthData extends IAuthData{
@@ -17,7 +18,22 @@ public interface IMOAAuthData extends IAuthData{
*/
String getQAALevel();
- List<String> getEncbPKList();
+ /**
+ * Get a List of Pair<Encrytped bPK, bPKTarget>, where the bPKTarget is formated according
+ * to Section 3.2.7 ENC-BPK-LIST in PVP Attribute-Profile 2.1.3
+ *
+ * @return
+ */
+ List<Pair<String, String>> getEncbPKList();
+
+ /**
+ * Get a List of Pair<Encrytped bPK, bPKTarget> for natural-person mandates, where
+ * the bPKTarget is formated according to Section 3.2.7 ENC-BPK-LIST in PVP Attribute-Profile 2.1.3
+ *
+ * @return
+ */
+ List<Pair<String, String>> getEncMandateNaturalPersonbPKList();
+
byte[] getSignerCertificate();
String getAuthBlock();
boolean isPublicAuthority();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
index c1545f354..897a06e62 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
@@ -29,6 +29,7 @@ import java.util.List;
import org.w3c.dom.Element;
import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
@@ -54,8 +55,10 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
private byte[] signerCertificate = null;
private String authBlock = null;
private String QAALevel = null;
- private List<String> encbPKList;
-
+
+ private List<Pair<String, String>> encbPKList;
+ private List<Pair<String, String>> encMandateNaturalPersonbPKList;
+
//ISA 1.18 attributes
private List<AuthenticationRole> roles = null;
private String pvpAttribute_OU = null;
@@ -106,9 +109,9 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
}
@Override
- public List<String> getEncbPKList() {
+ public List<Pair<String, String>> getEncbPKList() {
if (this.encbPKList == null)
- this.encbPKList = new ArrayList<String>();
+ this.encbPKList = new ArrayList<Pair<String, String>>();
return this.encbPKList;
}
@@ -293,10 +296,27 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
}
/**
+ * Set a List of encrypted bPKs where each List element is formated according
+ * to Section 3.2.7 ENC-BPK-LIST in PVP Attribte-Profile 2.1.3
+ *
* @param encbPKList the encbPKList to set
*/
public void setEncbPKList(List<String> encbPKList) {
- this.encbPKList = encbPKList;
+ if (encbPKList != null) {
+ for (String el : encbPKList) {
+ Logger.trace("Processing foreign bPK string: " + el );
+ int index = el.indexOf("|");
+ if (index >= 0) {
+ String encbPK = el.substring(index+1);
+ String second = el.substring(0, index);
+ getEncbPKList().add(Pair.newInstance(encbPK, second));
+
+ } else
+ Logger.info("Foreign bPK: " + el + " is misformatted. Ignore it");
+
+ }
+
+ }
}
@@ -336,5 +356,19 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
public void setIseIDNewDemoMode(boolean iseIDNewDemoMode) {
this.iseIDNewDemoMode = iseIDNewDemoMode;
}
+
+ public List<Pair<String, String>> getEncMandateNaturalPersonbPKList() {
+ if (this.encMandateNaturalPersonbPKList == null)
+ this.encMandateNaturalPersonbPKList = new ArrayList<Pair<String, String>>();
+
+ return this.encMandateNaturalPersonbPKList;
+
+ }
+
+ public void setEncMandateNaturalPersonbPKList(List<Pair<String, String>> encMandateNaturalPersonbPKList) {
+ this.encMandateNaturalPersonbPKList = encMandateNaturalPersonbPKList;
+ }
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java
index ec8c7629f..c5a8d88b7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java
@@ -18,7 +18,9 @@ public class BPKListAttributeBuilder extends BPKAttributeBuilder implements IPVP
private static final Logger log = LoggerFactory.getLogger(BPKListAttributeBuilder.class);
- protected static final String DELIMITER_BPK_LIST = ";";
+ public static final String DELIMITER_BPK_LIST = ";";
+ public static final String LIST_ELEMENT_START = "(";
+ public static final String LIST_ELEMENT_END = ")";
public String getName() {
return BPK_LIST_NAME;
@@ -26,16 +28,18 @@ public class BPKListAttributeBuilder extends BPKAttributeBuilder implements IPVP
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
- String result = getBpkForSP(authData);
+ String result = LIST_ELEMENT_START + getBpkForSP(authData) + LIST_ELEMENT_END;
//add additional bPKs if someone are available
if (authData.getAdditionalbPKs() != null && !authData.getAdditionalbPKs().isEmpty()) {
log.info("Adding additional bPKs into bPK attribute");
for (Pair<String, String> el : authData.getAdditionalbPKs()) {
result += DELIMITER_BPK_LIST
- + removeBpkTypePrefix(el.getSecond())
- + DELIMITER_BPKTYPE_BPK
- + attrMaxSize(el.getFirst());
+ + LIST_ELEMENT_START
+ + removeBpkTypePrefix(el.getSecond())
+ + DELIMITER_BPKTYPE_BPK
+ + attrMaxSize(el.getFirst())
+ + LIST_ELEMENT_END;
}
log.trace("Authenticate user with bPK-List: " + result);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
index 44043ec40..bf7187e51 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
@@ -28,6 +28,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.logging.Logger;
@@ -35,6 +36,8 @@ import at.gv.egovernment.moa.logging.Logger;
@PVPMETADATA
public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
+ public static final String DELIMITER_ENCBPK_TARGET = "|";
+
public String getName() {
return ENC_BPK_LIST_NAME;
}
@@ -45,12 +48,22 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
if (authData instanceof IMOAAuthData) {
if (((IMOAAuthData)authData).getEncbPKList() != null &&
((IMOAAuthData)authData).getEncbPKList().size() > 0) {
- String value = ((IMOAAuthData)authData).getEncbPKList().get(0);
- for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++)
- value += ";"+((IMOAAuthData)authData).getEncbPKList().get(i);
+ Pair<String, String> value = ((IMOAAuthData)authData).getEncbPKList().get(0);
+ String result = BPKListAttributeBuilder.LIST_ELEMENT_START
+ + value.getSecond() + DELIMITER_ENCBPK_TARGET + value.getFirst()
+ + BPKListAttributeBuilder.LIST_ELEMENT_END;
+
+ for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++) {
+ Pair<String, String> el = ((IMOAAuthData)authData).getEncbPKList().get(i);
+ result += BPKListAttributeBuilder.DELIMITER_BPK_LIST
+ + BPKListAttributeBuilder.LIST_ELEMENT_START
+ + el.getSecond() + DELIMITER_ENCBPK_TARGET + el.getFirst()
+ + BPKListAttributeBuilder.LIST_ELEMENT_END;
+
+ }
return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME,
- value);
+ result);
}
@@ -59,16 +72,6 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
throw new UnavailableAttributeException(ENC_BPK_LIST_NAME);
-// String encbpk = "XXX01234567890XXX";
-// String type = "Bereich";
-// String vkz = "Verfahrenskennzeichen";
-//
-// //TODO: implement encrypted bPK support
-//
-// Logger.trace("Authenticate user with encrypted bPK " + vkz + "+" + type + "|" + encbpk);
-//
-// return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME,
-// vkz + "+" + type + "|" + encbpk);
}
public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index f67f79dcf..4d41cc19b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -22,11 +22,13 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.builder.attributes;
+import org.apache.commons.lang3.StringUtils;
import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
@@ -36,9 +38,9 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
@@ -57,42 +59,10 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
try {
- Pair<String, String> calcResult = internalBPKGenerator((IOAAuthParameters)oaParam, authData);
- if (calcResult != null) {
- String bpk = calcResult.getFirst();
- String type = calcResult.getSecond();
-
- if (MiscUtil.isEmpty(bpk))
- throw new UnavailableAttributeException(BPK_NAME);
-
- if (type != null) {
- if (type.startsWith(Constants.URN_PREFIX_WBPK))
- type = type.substring((Constants.URN_PREFIX_WBPK + "+").length());
-
- else if (type.startsWith(Constants.URN_PREFIX_CDID))
- type = type.substring((Constants.URN_PREFIX_CDID + "+").length());
-
- else if (type.startsWith(Constants.URN_PREFIX_EIDAS))
- type = type.substring((Constants.URN_PREFIX_EIDAS + "+").length());
-
- } else {
- Logger.debug("bPK type is 'null' --> use it as it is");
-
- }
-
- if (bpk.length() > BPK_MAX_LENGTH) {
- bpk = bpk.substring(0, BPK_MAX_LENGTH);
- }
-
- Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type);
-
- if (type != null)
- return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, type + ":" + bpk);
- else
- return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, bpk);
-
- }
-
+ String bPKResult = getBpkAttributeStringForSP(oaParam, authData);
+ if (StringUtils.isNoneEmpty(bPKResult))
+ return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, bPKResult);
+
}
catch (BuildException | ConfigurationException | EAAFBuilderException e) {
Logger.error("Failed to generate IdentificationType");
@@ -103,12 +73,109 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
return null;
}
-
+
public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME);
}
- protected Pair<String, String> internalBPKGenerator(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException {
+ protected Pair<String, String> getBpkForSp(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException {
+ Pair<String, String> baseId = getBaseIdFromMandate(oaParam, authData);
+ Pair<String, String> bPKResult = null;
+
+ if (baseId != null) {
+ if (baseId.getSecond() != null && baseId.getSecond().equals(Constants.URN_PREFIX_BASEID))
+ bPKResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(baseId.getFirst(),
+ oaParam.getAreaSpecificTargetIdentifier());
+ else {
+ Logger.debug("No BaseId target in mandate. Use it as it is ... ");
+ bPKResult = Pair.newInstance(baseId.getFirst(), null);
+
+ }
+ }
+
+ return bPKResult;
+
+ }
+
+
+ /**
+ * Generate the bPK String for this specific SP
+ *
+ * @param oaParam
+ * @param authData
+ * @return
+ * @throws UnavailableAttributeException
+ * @throws EAAFBuilderException
+ * @throws ConfigurationException
+ * @throws BuildException
+ * @throws NoMandateDataAttributeException
+ */
+ protected String getBpkAttributeStringForSP(ISPConfiguration oaParam, IAuthData authData) throws UnavailableAttributeException, EAAFBuilderException, NoMandateDataAttributeException, BuildException, ConfigurationException {
+ Pair<String, String> bPKResult = getBpkForSp(oaParam, authData);
+ if (bPKResult != null) {
+ String bpk = bPKResult.getFirst();
+ String type = bPKResult.getSecond();
+
+ if (MiscUtil.isEmpty(bpk))
+ throw new UnavailableAttributeException(BPK_NAME);
+
+ if (type != null)
+ type = removeBpkTypePrefix(type);
+ else
+ Logger.debug("bPK type is 'null' --> use it as it is");
+
+ bpk = attrMaxSize(bpk);
+
+ Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type);
+
+ if (type != null)
+ return type + BPKAttributeBuilder.DELIMITER_BPKTYPE_BPK + bpk;
+ else
+ return bpk;
+
+ }
+
+ return null;
+
+ }
+
+
+ /**
+ * Limit the attribute value to maximum size
+ *
+ * @param attr
+ * @return
+ */
+ protected String attrMaxSize(String attr) {
+ if (attr != null && attr.length() > BPK_MAX_LENGTH) {
+ attr = attr.substring(0, BPK_MAX_LENGTH);
+ }
+ return attr;
+
+ }
+
+ /**
+ * Remove bPKType prefix if available
+ *
+ * @param type
+ * @return
+ */
+ protected String removeBpkTypePrefix(String type) {
+ if (type.startsWith(EAAFConstants.URN_PREFIX_WBPK))
+ return type.substring((EAAFConstants.URN_PREFIX_WBPK).length());
+
+ else if (type.startsWith(EAAFConstants.URN_PREFIX_CDID))
+ return type.substring((EAAFConstants.URN_PREFIX_CDID).length());
+
+ else if (type.startsWith(EAAFConstants.URN_PREFIX_EIDAS))
+ return type.substring((EAAFConstants.URN_PREFIX_EIDAS).length());
+
+ else
+ return type;
+
+ }
+
+ protected Pair<String, String> getBaseIdFromMandate(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException {
//get PVP attribute directly, if exists
Pair<String, String> calcResult = null;
if (authData instanceof IMOAAuthData) {
@@ -136,13 +203,8 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
Logger.info("Failed to generate IdentificationType");
throw new NoMandateDataAttributeException();
}
-
-
- if (id.getType().equals(Constants.URN_PREFIX_BASEID))
- calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(),
- oaParam.getAreaSpecificTargetIdentifier());
- else
- calcResult = Pair.newInstance(id.getValue().getValue(), id.getType());
+
+ calcResult = Pair.newInstance(id.getValue().getValue(), id.getType());
} else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java
new file mode 100644
index 000000000..fd00e2f61
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java
@@ -0,0 +1,83 @@
+
+package at.gv.egovernment.moa.id.protocols.builder.attributes;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+@PVPMETADATA
+public class MandateNaturalPersonBPKListAttributeBuilder extends MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_NAT_PER_BPK_LIST_NAME;
+ }
+
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+
+ try {
+ String result = getBpkAttributeStringForSP(oaParam, authData);
+
+ if (result != null) {
+ result = BPKListAttributeBuilder.LIST_ELEMENT_START + result + BPKListAttributeBuilder.LIST_ELEMENT_END;
+
+ //add additional bPKs if someone are available
+ if (authData.getAdditionalbPKs() != null && !authData.getAdditionalbPKs().isEmpty()) {
+ Logger.info("Additional bPKs available. Calculate additional bPKs for mandate ... ");
+ Pair<String, String> baseId = getBaseIdFromMandate(oaParam, authData);
+ if (baseId != null && StringUtils.isNotEmpty(baseId.getSecond())
+ && baseId.getSecond().equals(Constants.URN_PREFIX_BASEID)) {
+ for (Pair<String, String> el : authData.getAdditionalbPKs()) {
+
+ Pair<String, String> addBpk =
+ new BPKBuilder().generateAreaSpecificPersonIdentifier(
+ baseId.getFirst(),
+ el.getSecond());
+
+ Logger.trace("Calculate bPK with " + addBpk.toString());
+
+ result += BPKListAttributeBuilder.DELIMITER_BPK_LIST
+ + BPKListAttributeBuilder.LIST_ELEMENT_START
+ + removeBpkTypePrefix(addBpk.getSecond())
+ + BPKAttributeBuilder.DELIMITER_BPKTYPE_BPK
+ + attrMaxSize(addBpk.getFirst())
+ + BPKListAttributeBuilder.LIST_ELEMENT_END;
+
+ }
+ }
+ }
+
+ Logger.trace("Authenticate user with List of bPK/wbPK: " + result + " for mandate");
+ return g.buildStringAttribute(MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_LIST_NAME, result);
+
+ }
+
+ return null;
+
+ } catch (BuildException | ConfigurationException | EAAFBuilderException e) {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAttributeException();
+
+ }
+
+ }
+
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_LIST_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java
new file mode 100644
index 000000000..220ccd94e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java
@@ -0,0 +1,62 @@
+
+package at.gv.egovernment.moa.id.protocols.builder.attributes;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.logging.Logger;
+
+@PVPMETADATA
+public class MandateNaturalPersonEncBPKListAttributeBuilder implements IPVPAttributeBuilder {
+
+ public String getName() {
+ return MANDATE_NAT_PER_ENC_BPK_LIST_NAME;
+ }
+
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+
+ if (authData instanceof IMOAAuthData) {
+ if (((IMOAAuthData) authData).isUseMandate()) {
+ if (((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList() != null &&
+ ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().size() > 0) {
+ Pair<String, String> value = ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().get(0);
+ String result = BPKListAttributeBuilder.LIST_ELEMENT_START
+ + value.getSecond() + EncryptedBPKAttributeBuilder.DELIMITER_ENCBPK_TARGET + value.getFirst()
+ + BPKListAttributeBuilder.LIST_ELEMENT_END;
+
+ for (int i=1; i<((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().size(); i++) {
+ Pair<String, String> el = ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().get(i);
+ result += BPKListAttributeBuilder.DELIMITER_BPK_LIST
+ + BPKListAttributeBuilder.LIST_ELEMENT_START
+ + el.getSecond() + EncryptedBPKAttributeBuilder.DELIMITER_ENCBPK_TARGET + el.getFirst()
+ + BPKListAttributeBuilder.LIST_ELEMENT_END;
+
+ }
+
+ return g.buildStringAttribute(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_ENC_BPK_LIST_NAME,
+ result);
+
+ }
+
+ } else
+ Logger.trace(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME + " is only availabe if mandates are used");
+
+ } else
+ Logger.info(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME + " is only available in MOA-ID context");
+
+ throw new UnavailableAttributeException(MANDATE_NAT_PER_ENC_BPK_LIST_NAME);
+
+ }
+
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_ENC_BPK_LIST_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
index 32b45a595..88648b56e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
@@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.No
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
+@Deprecated
@PVPMETADATA
public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttributeBuilder {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
index 90a0d61c9..223994e6e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
@@ -38,6 +38,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.No
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
+@Deprecated
@PVPMETADATA
public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAttributeBuilder {
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
index b4e62a344..a10b9b3e0 100644
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -21,3 +21,5 @@ at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilde
at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeOIDAttributeBuilder
at.gv.egovernment.moa.id.protocols.builder.attributes.HolderOfKey
at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
index 1ea057186..c3420d833 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
@@ -10,6 +10,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
@@ -72,14 +73,14 @@ public class AuthenticationDataBuilderTest {
throw new Exception("bPKType wrong");
- List<String> foreignbPKs = authData.getEncbPKList();
+ List<Pair<String, String>> foreignbPKs = authData.getEncbPKList();
if (foreignbPKs.isEmpty())
throw new Exception("NO foreign bPK list is null");
if (foreignbPKs.size() != 1)
throw new Exception("NO or MORE THAN ONE foreign bPK");
- if (!foreignbPKs.get(0).startsWith("(wbpk+FN+195738a|") && !(foreignbPKs.get(0).endsWith(")")))
+ if (!foreignbPKs.get(0).getSecond().equals("wbpk+FN+195738a") && !(foreignbPKs.get(0).getFirst().isEmpty()))
throw new Exception("foreign bPK has wrong prefix");
}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index 8e9d1e4f5..9779b0cf4 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -55,7 +55,9 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBirthDateAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonFamilyNameAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonGivenNameAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder;
@@ -139,6 +141,8 @@ public final class OAuth20AttributeBuilder {
buildersMandate.add(new MandateNaturalPersonSourcePinAttributeBuilder());
buildersMandate.add(new MandateNaturalPersonSourcePinTypeAttributeBuilder());
buildersMandate.add(new MandateNaturalPersonBPKAttributeBuilder());
+ buildersMandate.add(new MandateNaturalPersonBPKListAttributeBuilder());
+ buildersMandate.add(new MandateNaturalPersonEncBPKListAttributeBuilder());
buildersMandate.add(new MandateNaturalPersonFamilyNameAttributeBuilder());
buildersMandate.add(new MandateNaturalPersonGivenNameAttributeBuilder());
buildersMandate.add(new MandateNaturalPersonBirthDateAttributeBuilder());
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
index 02577c110..e7280f847 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
@@ -198,7 +198,7 @@ public class SSOTransferAuthenticationData implements IMOAAuthData {
* @see at.gv.egovernment.moa.id.data.IAuthData#getEncbPKList()
*/
@Override
- public List<String> getEncbPKList() {
+ public List<Pair<String, String>> getEncbPKList() {
// TODO Auto-generated method stub
return null;
}
@@ -387,5 +387,11 @@ public class SSOTransferAuthenticationData implements IMOAAuthData {
return false;
}
+ @Override
+ public List<Pair<String, String>> getEncMandateNaturalPersonbPKList() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
}
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 23d214d3e..64a4bae63 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -48,6 +48,7 @@ import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
@@ -75,6 +76,8 @@ import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.logging.Logger;
@@ -352,26 +355,79 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
if (oaAttributes == null)
oaAttributes = new ArrayList<ExtendedSAMLAttribute>();
-
- String additionalBpks = new BPKListAttributeBuilder().build(
- oaParam,
- authData,
- new SimpleStringAttributeGenerator());
- Logger.trace("Adding additional bPKs: " + additionalBpks + " as attribute into SAML1 assertion ... ");
- oaAttributes.add(new ExtendedSAMLAttributeImpl(
- PVPAttributeDefinitions.BPK_LIST_FRIENDLY_NAME, additionalBpks,
- Constants.MOA_NS_URI,
- ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ try {
+ String additionalBpks = new BPKListAttributeBuilder().build(
+ oaParam,
+ authData,
+ new SimpleStringAttributeGenerator());
+ if (MiscUtil.isNotEmpty(additionalBpks)) {
+ Logger.trace("Adding additional bPKs: " + additionalBpks + " as attribute into SAML1 assertion ... ");
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ PVPAttributeDefinitions.BPK_LIST_FRIENDLY_NAME, additionalBpks,
+ Constants.MOA_NS_URI,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ }
+ } catch (AttributeBuilderException e) {
+ Logger.info("Can NOT build additional bPKs. Reason: " + e.getMessage());
+
+ }
- String encryptedBpks = new EncryptedBPKAttributeBuilder().build(
- oaParam,
- authData,
- new SimpleStringAttributeGenerator());
- Logger.trace("Adding foreign bPKs: " + encryptedBpks + " as attribute into SAML1 assertion ... ");
- oaAttributes.add(new ExtendedSAMLAttributeImpl(
- PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME, encryptedBpks,
- Constants.MOA_NS_URI,
- ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+ try {
+ String encryptedBpks = new EncryptedBPKAttributeBuilder().build(
+ oaParam,
+ authData,
+ new SimpleStringAttributeGenerator());
+ if (MiscUtil.isNotEmpty(encryptedBpks)) {
+ Logger.trace("Adding foreign bPKs: " + encryptedBpks + " as attribute into SAML1 assertion ... ");
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME, encryptedBpks,
+ Constants.MOA_NS_URI,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ }
+ } catch (AttributeBuilderException e) {
+ Logger.info("Can NOT build additional foreign bPKs. Reason: " + e.getMessage());
+
+ }
+
+ //for mandates
+ try {
+ String additionalMandatorBpks = new MandateNaturalPersonBPKListAttributeBuilder().build(
+ oaParam,
+ authData,
+ new SimpleStringAttributeGenerator());
+ if (MiscUtil.isNotEmpty(additionalMandatorBpks)) {
+ Logger.trace("Adding additional Mandator bPKs: " + additionalMandatorBpks + " as attribute into SAML1 assertion ... ");
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ PVPAttributeDefinitions.MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, additionalMandatorBpks,
+ Constants.MOA_NS_URI,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ }
+ } catch (AttributeBuilderException e) {
+ Logger.info("Can NOT build additional Mandator bPKs. Reason: " + e.getMessage());
+
+ }
+
+ try {
+ String encryptedMandatorBpks = new MandateNaturalPersonEncBPKListAttributeBuilder().build(
+ oaParam,
+ authData,
+ new SimpleStringAttributeGenerator());
+ if (MiscUtil.isNotEmpty(encryptedMandatorBpks)) {
+ Logger.trace("Adding foreign Mandator bPKs: " + encryptedMandatorBpks + " as attribute into SAML1 assertion ... ");
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ PVPAttributeDefinitions.MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, encryptedMandatorBpks,
+ Constants.MOA_NS_URI,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ }
+ } catch (AttributeBuilderException e) {
+ Logger.info("Can NOT build foreign Mandator bPKs. Reason: " + e.getMessage());
+
+ }
}