1 files changed, 109 insertions, 0 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
new file mode 100644
index 000000000..132b6af01
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+
+import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
+import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * @author tlenz
+ *
+ */
+public class DynamicOAAuthParameterBuilder {
+
+	public static IOAAuthParameters buildFromAttributeQuery(List<Attribute> reqAttributes, InterfederationSessionStore interfIDP) throws DynamicOABuildException {
+
+		Logger.debug("Build dynamic OAConfiguration from AttributeQuery and interfederation information");
+		
+		try {
+			DynamicOAAuthParameters dynamicOA = new DynamicOAAuthParameters();
+					
+			for (Attribute attr : reqAttributes) {				
+				//get Target or BusinessService from request 
+				if (attr.getName().equals(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
+					String attrValue = attr.getAttributeValues().get(0).getDOM().getTextContent();
+					if (attrValue.startsWith(Constants.URN_PREFIX_CDID)) {
+						dynamicOA.setBusinessService(false);
+						dynamicOA.setTarget(attrValue.substring((Constants.URN_PREFIX_CDID + "+").length()));
+						
+					} else if( attrValue.startsWith(Constants.URN_PREFIX_WBPK) || 
+							attrValue.startsWith(Constants.URN_PREFIX_STORK) ) {
+						dynamicOA.setBusinessService(true);
+						dynamicOA.setTarget(attrValue);
+						
+					} else {
+						Logger.error("Sector identification " + attrValue + " is not a valid Target or BusinessServiceArea");
+						throw new DynamicOABuildException("Sector identification " + attrValue + " is not a valid Target or BusinessServiceArea", null);
+						
+					}
+					
+				}
+				
+			}
+			
+			if (interfIDP != null) {
+				//load interfederated IDP informations
+				OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(interfIDP.getIdpurlprefix());
+				if (idp == null) {
+					Logger.warn("Interfederated IDP configuration is not loadable.");
+					throw new DynamicOABuildException("Interfederated IDP configuration is not loadable.", null);
+					
+				}
+			
+				dynamicOA.setApplicationID(idp.getPublicURLPrefix());
+				dynamicOA.setInderfederatedIDP(idp.isInderfederationIDP());
+				dynamicOA.setIDPQueryURL(idp.getIDPAttributQueryServiceURL());
+				
+				//check if IDP service area policy. BusinessService IDPs can only request wbPKs 
+				if (!dynamicOA.getBusinessService() && !idp.isIDPPublicService()) {
+					Logger.error("Interfederated IDP " + idp.getPublicURLPrefix() 
+							+ " has a BusinessService-IDP but requests PublicService attributes.");
+					throw new DynamicOABuildException("Interfederated IDP " + idp.getPublicURLPrefix() 
+							+ " has a BusinessService-IDP but requests PublicService attributes.", null);
+					
+				}				
+			}
+			
+			return dynamicOA;
+
+		} catch (ConfigurationException e) {
+			Logger.warn("Internel server errror. Basic configuration load failed.", e);
+			throw new DynamicOABuildException("Basic configuration load failed.", null);
+		}
+
+		
+		
+	}
+}