diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java')
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java | 174 |
1 files changed, 130 insertions, 44 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index acf59cebf..3a826ed13 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -53,6 +53,7 @@ import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.EAAFParserException; import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egiz.eaaf.core.exceptions.XPathException; @@ -60,6 +61,7 @@ import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator; import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; @@ -84,7 +86,6 @@ import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.data.MOAAuthenticationData; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; @@ -116,7 +117,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder @PostConstruct private void initialize() { - Map<String, String> pubKeyMap = authConfig.getBasicMOAIDConfigurationWithPrefix(CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS); + Map<String, String> pubKeyMap = authConfig.getBasicConfigurationWithPrefix(CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS); for (Entry<String, String> el : pubKeyMap.entrySet()) { try { encKeyMap.put(el.getKey(), new X509Certificate(Base64Utils.decode(el.getValue(), false))); @@ -134,7 +135,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } @Override - public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException { + protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EAAFException { try { return buildAuthenticationData(pendingReq, pendingReq.getSessionData(AuthenticationSessionWrapper.class), @@ -145,7 +146,6 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder throw new EAAFAuthenticationException("builder.11", new Object[]{e.getMessage()}, e); } - } private IAuthData buildAuthenticationData(IRequest pendingReq, @@ -216,13 +216,17 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException, EAAFBuilderException { try { //generate basic authentication data - generateBasicAuthData(authData, protocolRequest, session); + generateDeprecatedBasicAuthData(authData, protocolRequest, session); //set Austrian eID demo-mode flag authData.setIseIDNewDemoMode(Boolean.parseBoolean( oaParam.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, - String.valueOf(false)))); + String.valueOf(false))) || + Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, + String.valueOf(false)))); if (authData.isIseIDNewDemoMode()) { Logger.info("Demo-mode for 'New Austrian eID' is active. Set 'BaseIDTransferRestrication' to true"); @@ -428,6 +432,24 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder authData.setMISMandate(misMandate); authData.setUseMandate(true); + //#################################################### + // set bPK and IdentityLink for Organwalter --> + // Organwalter has a special bPK is received from MIS + if (authData.isUseMandate() && session.isOW() && misMandate != null + && MiscUtil.isNotEmpty(misMandate.getOWbPK())) { + //TODO: if full-mandate is removed in OPB --> OWbPK functionality needs an update!!! + authData.setBPK(misMandate.getOWbPK()); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); + Logger.trace("Authenticated User is OW: " + misMandate.getOWbPK()); + + //set bPK and IdenityLink for all other + Logger.debug("User is an OW. Set original IDL into authdata ... "); + authData.setIdentityLink(session.getIdentityLink()); + + + + } + } catch (IOException e) { Logger.error("Base64 decoding of PVP-Attr:"+ PVPConstants.MANDATE_FULL_MANDATE_FRIENDLY_NAME + " FAILED.", e); @@ -471,24 +493,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } } - //#################################################### - // set bPK and IdentityLink for Organwalter --> - // Organwalter has a special bPK is received from MIS - if (authData.isUseMandate() && session.isOW() && misMandate != null - && MiscUtil.isNotEmpty(misMandate.getOWbPK())) { - //TODO: if full-mandate is removed in OPB --> OWbPK functionality needs an update!!! - authData.setBPK(misMandate.getOWbPK()); - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); - Logger.trace("Authenticated User is OW: " + misMandate.getOWbPK()); - - //set bPK and IdenityLink for all other - Logger.debug("User is an OW. Set original IDL into authdata ... "); - authData.setIdentityLink(session.getIdentityLink()); - - - - } - + //################################################################### //set PVP role attribute (implemented for ISA 1.18 action) includedToGenericAuthData.remove(PVPConstants.ROLES_NAME); @@ -537,18 +542,21 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder //build foreign bPKs generateForeignbPK(oaParam, authData); - + + Logger.debug("Search for additional bPKs"); + generateAdditonalbPK(authData, oaParam.additionalbPKSectorsRequested()); if (Boolean.parseBoolean( oaParam.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, - String.valueOf(false)))) { + String.valueOf(false))) || + Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, + String.valueOf(false)))) { Logger.info("Demo-Mode for Austrian eID is active. Post-Processing authData according the new requirements ... "); - //build additional bPKs - Logger.debug("Search for additional bPKs"); - generateAdditonalbPK(authData, oaParam.additionalbPKSectorsRequested()); - + //build additional bPKs Logger.debug("Clearing identitylink ... "); authData.setIdentityLink(null); @@ -558,6 +566,10 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder Logger.info("Post-Processing for Austrian eID finished"); } + + injectNewEidAttributes(authData, session); + + //#################################################################### //copy all generic authentication information, which are not processed before to authData Iterator<String> copyInterator = includedToGenericAuthData.iterator(); @@ -582,7 +594,33 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } - /** + private void injectNewEidAttributes(MOAAuthenticationData authData, IAuthenticationSession session) { + try { + String onlineIdl = session.getGenericDataFromSession(PVPConstants.EID_E_ID_TOKEN_NAME, String.class); + if (StringUtils.isNoneEmpty(onlineIdl)) { + authData.seteIDToken(Base64Utils.decode(onlineIdl, true)); + } + + } catch (IOException e) { + Logger.warn("Attribute: " + PVPConstants.EID_E_ID_TOKEN_NAME + " found, but injection failed: " + e.getMessage()); + + } + +// try { +// String eidStatusLevel = session.getGenericDataFromSession(PVPConstants.EID_IDENTITY_STATUS_LEVEL_NAME, String.class); +// if (StringUtils.isNotEmpty(eidStatusLevel)) { +// authData.setEidStatus(PVPConstants.EID_IDENTITY_STATUS_LEVEL_VALUES.); +// } +// } catch (Exception e) { +// Logger.warn("Attribute: " + PVPConstants.EID_IDENTITY_STATUS_LEVEL_NAME + " found, but injection failed: " + e.getMessage()); +// +// } + + } + + + + /** * @param authData * @param notValidbPK * @param notValidbPKType @@ -894,7 +932,12 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } } catch (Exception e) { - Logger.warn("Foreign bPK generation FAILED for sector: " + foreignSector, e); + Logger.info("Foreign bPK generation FAILED for sector: " + foreignSector); + if (Logger.isDebugEnabled()) { + Logger.warn("Details: ", e); + + } + } @@ -912,18 +955,61 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder private void generateAdditonalbPK(MOAAuthenticationData authData, List<String> additionalbPKSectorsRequested) throws EAAFBuilderException { if (additionalbPKSectorsRequested != null && !additionalbPKSectorsRequested.isEmpty()) { - Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); - for (String sector : additionalbPKSectorsRequested) { - Logger.trace("Process sector: " + sector + " ... "); - Pair<String, String> bpk = new BPKBuilder().generateAreaSpecificPersonIdentifier( - authData.getIdentificationValue(), - authData.getIdentificationType(), - sector); - - Logger.trace("Calculate additional bPK for sector: " + bpk.getSecond() + " with value: " + bpk.getFirst() ); - authData.addAdditionalbPKPair(bpk); - - } + Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); + + try { + for (String sector : additionalbPKSectorsRequested) { + Logger.trace("Process sector: " + sector + " ... "); + Pair<String, String> bpk = new BPKBuilder().generateAreaSpecificPersonIdentifier( + authData.getIdentificationValue(), + authData.getIdentificationType(), + sector); + + Logger.trace("Calculate additional bPK for sector: " + bpk.getSecond() + " with value: " + bpk.getFirst() ); + authData.addAdditionalbPKPair(bpk); + + } + + } catch (Exception e) { + Logger.info("Can NOT generate additional bPKs. Reason: " + e.getMessage()); + + if (Logger.isDebugEnabled()) { + Logger.warn("StackTrace: ", e); + + } + + } } } + @Override + protected boolean matchsReceivedbPKToOnlineApplication(ISPConfiguration oaParam, String bPKType) { + boolean bPKTypeMatch = oaParam.getAreaSpecificTargetIdentifier().equals(bPKType); + if (!bPKTypeMatch) { + Logger.trace("bPKType does not match to Online-Application. Checking if it is Prof.Rep. bPK ... "); + if (EAAFConstants.URN_PREFIX_OW_BPK.equals(bPKType)) { + Logger.debug("Find Prof.Rep. bPKType. This matchs on every SP-Target"); + bPKTypeMatch = true; + + } else + Logger.trace("bPKType is not of type: " + EAAFConstants.URN_PREFIX_OW_BPK + " Matching failed."); + + } + + return bPKTypeMatch; + + } + + @Override + protected IAuthData getAuthDataInstance(IRequest pendingReq) throws EAAFException { + throw new RuntimeException("This method is NOT supported by MOA-ID"); + + } + + @Override + protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) + throws EAAFException { + throw new RuntimeException("This method is NOT supported by MOA-ID"); + + } + } |