diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java')
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java | 107 |
1 files changed, 103 insertions, 4 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 3e6308bf6..acf59cebf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -36,6 +36,7 @@ import java.util.Map.Entry; import javax.annotation.PostConstruct; +import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.w3c.dom.DOMException; @@ -75,11 +76,15 @@ import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.data.MOAAuthenticationData; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; @@ -212,6 +217,18 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder try { //generate basic authentication data generateBasicAuthData(authData, protocolRequest, session); + + //set Austrian eID demo-mode flag + authData.setIseIDNewDemoMode(Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, + String.valueOf(false)))); + + if (authData.isIseIDNewDemoMode()) { + Logger.info("Demo-mode for 'New Austrian eID' is active. Set 'BaseIDTransferRestrication' to true"); + authData.setBaseIDTransferRestrication(true); + + } // #### generate MOA-ID specific authentication data ###### @@ -519,7 +536,27 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } //build foreign bPKs - generateForeignbPK(authData, oaParam.foreignbPKSectorsRequested()); + generateForeignbPK(oaParam, authData); + + + if (Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, + String.valueOf(false)))) { + Logger.info("Demo-Mode for Austrian eID is active. Post-Processing authData according the new requirements ... "); + + //build additional bPKs + Logger.debug("Search for additional bPKs"); + generateAdditonalbPK(authData, oaParam.additionalbPKSectorsRequested()); + + Logger.debug("Clearing identitylink ... "); + authData.setIdentityLink(null); + + Logger.debug("Clearing authBlock ... "); + authData.setAuthBlock(null); + + Logger.info("Post-Processing for Austrian eID finished"); + } //#################################################################### //copy all generic authentication information, which are not processed before to authData @@ -773,9 +810,41 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } - private void generateForeignbPK(MOAAuthenticationData authData, List<String> foreignSectors) { + private void generateForeignbPK(IOAAuthParameters oaParam, MOAAuthenticationData authData) { + List<String> foreignSectors = oaParam.foreignbPKSectorsRequested(); + if (foreignSectors != null && !foreignSectors.isEmpty()) { - Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); + Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); + + + String mandatorBaseId = null; + String mandatorBaseIdType = null; + boolean isMandatorBaseIdAvailable = false; + if (authData.isUseMandate()) { + try { + Logger.trace("Mandates are used. Extracting mandators sourceID from mandate to calculate foreign encrypted bPKs... "); + + //TODO: remove this workaround in a further version!!! + boolean flagBak = authData.isBaseIDTransferRestrication(); + authData.setBaseIDTransferRestrication(false); + mandatorBaseId = new MandateNaturalPersonSourcePinAttributeBuilder().build( + oaParam, authData, new SimpleStringAttributeGenerator()); + mandatorBaseIdType = new MandateNaturalPersonSourcePinTypeAttributeBuilder().build( + oaParam, authData, new SimpleStringAttributeGenerator()); + authData.setBaseIDTransferRestrication(flagBak); + + isMandatorBaseIdAvailable = StringUtils.isNotEmpty(mandatorBaseId) && StringUtils.isNotEmpty(mandatorBaseIdType); + if (!isMandatorBaseIdAvailable) + Logger.debug("Can NOT extract mandators sourceId for natural persons from mandate."); + + } catch (Exception e) { + Logger.debug("Can NOT extract mandators sourceId for natural persons from mandate. Reason: " + e.getMessage()); + if (Logger.isTraceEnabled()) + Logger.warn("Detail: ", e); + + } + } + for (String foreignSector : foreignSectors) { Logger.trace("Process sector: " + foreignSector + " ... "); if (encKeyMap.containsKey(foreignSector)) { @@ -805,9 +874,23 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder authData.getIdentificationType(), sector); String foreignbPK = BPKBuilder.encryptBPK(bpk.getFirst(), bpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey()); - authData.getEncbPKList().add("(" + foreignSector + "|" + foreignbPK + ")"); + + authData.getEncbPKList().add(Pair.newInstance(foreignbPK, foreignSector)); Logger.debug("Foreign bPK for sector: " + foreignSector + " created."); + + //calculate foreign bPKs for natural-person mandates + if (isMandatorBaseIdAvailable) { + Pair<String, String> mandatorbpk = new BPKBuilder().generateAreaSpecificPersonIdentifier( + mandatorBaseId, + mandatorBaseIdType, + sector); + String foreignMandatorbPK = BPKBuilder.encryptBPK(mandatorbpk.getFirst(), mandatorbpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey()); + + authData.getEncMandateNaturalPersonbPKList().add(Pair.newInstance(foreignMandatorbPK, foreignSector)); + Logger.debug("Foreign mandator bPK for sector: " + foreignSector + " created."); + + } } } catch (Exception e) { @@ -827,4 +910,20 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } + private void generateAdditonalbPK(MOAAuthenticationData authData, List<String> additionalbPKSectorsRequested) throws EAAFBuilderException { + if (additionalbPKSectorsRequested != null && !additionalbPKSectorsRequested.isEmpty()) { + Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); + for (String sector : additionalbPKSectorsRequested) { + Logger.trace("Process sector: " + sector + " ... "); + Pair<String, String> bpk = new BPKBuilder().generateAreaSpecificPersonIdentifier( + authData.getIdentificationValue(), + authData.getIdentificationType(), + sector); + + Logger.trace("Calculate additional bPK for sector: " + bpk.getSecond() + " with value: " + bpk.getFirst() ); + authData.addAdditionalbPKPair(bpk); + + } + } + } } |