diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java')
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java | 968 |
1 files changed, 968 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java new file mode 100644 index 000000000..ca0ae0687 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java @@ -0,0 +1,968 @@ +/** + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.data; + +import java.io.Serializable; +import java.util.ArrayList; +import java.util.List; + +import org.w3c.dom.Element; + +import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; +import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.util.LoALevelMapper; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + + + +/** + * @author tlenz + * + */ +public class MOAAuthenticationData extends AuthenticationData implements IMOAAuthData, Serializable { + + private static final long serialVersionUID = 1L; + private boolean qualifiedCertificate; + private boolean publicAuthority; + private String publicAuthorityCode; + private String bkuURL; + private byte[] signerCertificate = null; + private String authBlock = null; + private String QAALevel = null; + private List<String> encbPKList; + + //ISA 1.18 attributes + private List<AuthenticationRole> roles = null; + private String pvpAttribute_OU = null; + + private boolean useMandate = false; + private IMISMandate mandate = null; + private String mandateReferenceValue = null; + + private boolean interfederatedSSOSession; + private String interfederatedIDP; + + private LoALevelMapper loaMapper; + + public MOAAuthenticationData(ILoALevelMapper loaMapper) { + if (loaMapper instanceof LoALevelMapper) + this.loaMapper = (LoALevelMapper) loaMapper; + + } + + /** + * @return + */ + @Override + public String getQAALevel() { + if (this.QAALevel != null && + this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) { + if (loaMapper != null) { + String mappedQAA = loaMapper.mapeIDASQAAToSTORKQAA(this.QAALevel); + if (MiscUtil.isNotEmpty(mappedQAA)) + return mappedQAA; + else { + Logger.error("eIDAS QAA-level:" + this.QAALevel + + " can not be mapped to STORK QAA-level! Use " + + PVPConstants.STORK_QAA_1_1 + " as default value."); + } + + } else + Logger.error("NO LoALevelMapper found. Use " + + PVPConstants.STORK_QAA_1_1 + " as default value."); + + return PVPConstants.STORK_QAA_1_1; + + } else + return this.QAALevel; + + } + + @Override + public List<String> getEncbPKList() { + if (this.encbPKList == null) + this.encbPKList = new ArrayList<String>(); + + return this.encbPKList; + } + + + @Override + public byte[] getSignerCertificate() { + return signerCertificate; + } + + + /** + * @param signerCertificate the signerCertificate to set + */ + public void setSignerCertificate(byte[] signerCertificate) { + this.signerCertificate = signerCertificate; + } + + + @Override + public String getAuthBlock() { + return authBlock; + } + + + /** + * @param authBlock the authBlock to set + */ + public void setAuthBlock(String authBlock) { + this.authBlock = authBlock; + } + + + @Override + public IMISMandate getMISMandate() { + return mandate; + } + + @Override + public Element getMandate() { + if (mandate == null) + return null; + + //parse Element from mandate XML + try { + byte[] byteMandate = mandate.getMandate(); + String stringMandate = new String(byteMandate); + return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement(); + + } + catch (Throwable e) { + Logger.warn("Mandate content could not be generated from MISMandate."); + return null; + } + } + + + /** + * @param mandate the mandate to set + */ + public void setMISMandate(IMISMandate mandate) { + this.mandate = mandate; + } + + + @Override + public boolean isUseMandate() { + return useMandate; + } + + + public void setUseMandate(boolean useMandate) { + this.useMandate = useMandate; + } + + + @Override + public boolean isPublicAuthority() { + return publicAuthority; + } + + @Override + public String getPublicAuthorityCode() { + return publicAuthorityCode; + } + + @Override + public boolean isQualifiedCertificate() { + return qualifiedCertificate; + } + + + @Override + public String getBkuURL() { + return bkuURL; + + } + + /** + * Sets the bkuURL + * @param url The BKU URL to set + */ + public void setBkuURL(String url) { + this.bkuURL = url; + } + + @Override + public boolean isInterfederatedSSOSession() { + return this.interfederatedSSOSession; + } + + /** + * @param interfederatedSSOSession the interfederatedSSOSession to set + */ + public void setInterfederatedSSOSession(boolean interfederatedSSOSession) { + this.interfederatedSSOSession = interfederatedSSOSession; + } + + @Override + public String getInterfederatedIDP() { + return this.interfederatedIDP; + } + + /** + * @param interfederatedIDP the interfederatedIDP to set + */ + public void setInterfederatedIDP(String interfederatedIDP) { + this.interfederatedIDP = interfederatedIDP; + } + + + @Override + public String getMandateReferenceValue() { + return mandateReferenceValue; + } + + /** + * @param mandateReferenceValue the mandateReferenceValue to set + */ + public void setMandateReferenceValue(String mandateReferenceValue) { + this.mandateReferenceValue = mandateReferenceValue; + } + + + @Override + public List<AuthenticationRole> getAuthenticationRoles() { + return roles; + } + + //ISA 1.18 attributes + /** + * @param roles the roles to set + */ + public void addAuthenticationRole(AuthenticationRole role) { + if (this.roles == null) + this.roles = new ArrayList<AuthenticationRole>(); + + this.roles.add(role); + } + + @Override + public String getPvpAttribute_OU() { + return pvpAttribute_OU; + } + + /** + * @param pvpAttribute_OU the pvpAttribute_OU to set + */ + public void setPvpAttribute_OU(String pvpAttribute_OU) { + this.pvpAttribute_OU = pvpAttribute_OU; + } + + /** + * Store QAA level in eIDAS format to authentication Data + * + * @param qAALevel the qAALevel to set + * @throws AssertionAttributeExtractorExeption + */ + public void setQAALevel(String qAALevel) { + this.QAALevel = qAALevel; + + } + + /** + * @param encbPKList the encbPKList to set + */ + public void setEncbPKList(List<String> encbPKList) { + this.encbPKList = encbPKList; + } + + + /** + * Sets the publicAuthority. + * @param publicAuthority The publicAuthority to set + */ + public void setPublicAuthority(boolean publicAuthority) { + this.publicAuthority = publicAuthority; + } + + /** + * Sets the publicAuthorityCode. + * @param publicAuthorityIdentification The publicAuthorityCode to set + */ + public void setPublicAuthorityCode(String publicAuthorityIdentification) { + this.publicAuthorityCode = publicAuthorityIdentification; + } + + /** + * Sets the qualifiedCertificate. + * @param qualifiedCertificate The qualifiedCertificate to set + */ + public void setQualifiedCertificate(boolean qualifiedCertificate) { + this.qualifiedCertificate = qualifiedCertificate; + } + + +// private static final long serialVersionUID = -1042697056735596866L; +// public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; +// +// /** +// * URL of the MOA-ID Auth component issueing this assertion +// */ +// private String issuer; +// /** +// * time instant of issue of this assertion +// */ +// private Date issueInstant; +// /** +// * user identification value (Stammzahl); <code>null</code>, +// * if the authentication module is configured not to return this data +// */ +// private String identificationValue; +// /** +// * user identification type +// */ +// private String identificationType; +// +// /** +// * user identityLink specialized to OAParamter +// */ +// private IIdentityLink identityLink; +// +// /** +// * application specific user identifier (bPK/wbPK) +// */ +// private String bPK; +// +// /** +// * application specific user identifier type +// */ +// private String bPKType; +// +// /** +// * given name of the user +// */ +// private String givenName; +// /** +// * family name of the user +// */ +// private String familyName; +// /** +// * date of birth of the user +// */ +// private Date dateOfBirth; +// /** +// * says whether the certificate is a qualified certificate or not +// */ +// +// /** +// * says whether the certificate is a public authority or not +// */ +// /** +// * public authority code (Behördenkennzeichen - BKZ) +// */ +// +// +// /** +// * URL of the BKU +// */ +// +// /** +// * the corresponding <code>lt;saml:Assertion></code> +// */ +// +// private boolean isBaseIDTransferRestrication = true; +// +// +// /** +// * STORK attributes from response +// */ +// private String ccc = null; +// +// private Map<String, Object> genericDataStorate = new HashedMap<String, Object>(); +// +// +// +// private String authBlock = null; +// private List<String> encbPKList = null; +// +// //ISA 1.18 attributes +// private List<AuthenticationRole> roles = null; +// private String pvpAttribute_OU = null; +// +// private boolean useMandate = false; +// private IMISMandate mandate = null; +// private String mandateReferenceValue = null; +// +// private boolean foreigner =false; +// private String QAALevel = null; +// +// private boolean ssoSession = false; +// private Date ssoSessionValidTo = null; +// +//// private boolean interfederatedSSOSession = false; +//// private String interfederatedIDP = null; +// +// private String sessionIndex = null; +// private String nameID = null; +// private String nameIDFormat = null; +// +// public AuthenticationData() { +// issueInstant = new Date(); +// } +// +// /** +// * Returns the publicAuthority. +// * @return boolean +// */ +// public boolean isPublicAuthority() { +// return publicAuthority; +// } +// +// /** +// * Returns the publicAuthorityCode. +// * @return String +// */ +// public String getPublicAuthorityCode() { +// return publicAuthorityCode; +// } +// +// /** +// * Returns the qualifiedCertificate. +// * @return boolean +// */ +// public boolean isQualifiedCertificate() { +// return qualifiedCertificate; +// } +// +// /** +// * Returns the bPK. +// * @return String +// */ +// public String getBPK() { +// return bPK; +// } +// +// /** +// * Sets the publicAuthority. +// * @param publicAuthority The publicAuthority to set +// */ +// public void setPublicAuthority(boolean publicAuthority) { +// this.publicAuthority = publicAuthority; +// } +// +// /** +// * Sets the publicAuthorityCode. +// * @param publicAuthorityIdentification The publicAuthorityCode to set +// */ +// public void setPublicAuthorityCode(String publicAuthorityIdentification) { +// this.publicAuthorityCode = publicAuthorityIdentification; +// } +// +// /** +// * Sets the qualifiedCertificate. +// * @param qualifiedCertificate The qualifiedCertificate to set +// */ +// public void setQualifiedCertificate(boolean qualifiedCertificate) { +// this.qualifiedCertificate = qualifiedCertificate; +// } +// +// /** +// * Sets the bPK. +// * @param bPK The bPK to set +// */ +// public void setBPK(String bPK) { +// this.bPK = bPK; +// } +// +// /** +// * Returns the dateOfBirth. +// * @return String +// */ +// public Date getDateOfBirth() { +// return dateOfBirth; +// } +// +// public String getFormatedDateOfBirth() { +// DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); +// if (getDateOfBirth() != null) +// return pvpDateFormat.format(getDateOfBirth()); +// else +// return "2999-12-31"; +// } +// +// /** +// * Returns the familyName. +// * @return String +// */ +// public String getFamilyName() { +// return familyName; +// } +// +// /** +// * Returns the givenName. +// * @return String +// */ +// public String getGivenName() { +// return givenName; +// } +// +// /** +// * Holds the baseID of a citizen +// * +// * @return baseID +// */ +// public String getIdentificationValue() { +// return identificationValue; +// } +// +// /** +// * Holds the type of the baseID +// * +// * @return baseID-Type +// */ +// public String getIdentificationType() { +// return identificationType; +// } +// +// /** +// * Returns the issueInstant. +// * @return String +// */ +// public String getIssueInstantString() { +// return DateTimeUtils.buildDateTimeUTC(issueInstant); +// +// } +// +// /** +// * Returns the issueInstant. +// * @return String +// */ +// public Date getIssueInstant() { +// return issueInstant; +// +// } +// +// public void setIssueInstant(Date date) { +// this.issueInstant = date; +// } +// +// /** +// * Returns the issuer. +// * @return String +// */ +// public String getIssuer() { +// return issuer; +// } +// +// /** +// * Returns the BKU URL. +// * @return String +// */ +// public String getBkuURL() { +// return bkuURL; +// } +// +// /** +// * Sets the dateOfBirth. +// * @param dateOfBirth The dateOfBirth to set +// */ +// public void setDateOfBirth(Date dateOfBirth) { +// this.dateOfBirth = dateOfBirth; +// } +// +// public void setDateOfBirth(String dateOfBirth) { +// try { +// if (MiscUtil.isNotEmpty(dateOfBirth)) { +// DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); +// this.dateOfBirth = identityLinkFormat.parse(dateOfBirth); +// } +// +// } catch (ParseException e) { +// Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e); +// +// } +// } +// +// /** +// * Sets the familyName. +// * @param familyName The familyName to set +// */ +// public void setFamilyName(String familyName) { +// this.familyName = familyName; +// } +// +// /** +// * Sets the givenName. +// * @param givenName The givenName to set +// */ +// public void setGivenName(String givenName) { +// this.givenName = givenName; +// } +// +// /** +// * Sets the identificationValue. +// * @param identificationValue The identificationValue to set +// */ +// public void setIdentificationValue(String identificationValue) { +// this.identificationValue = identificationValue; +// } +// +// /** +// * Sets the identificationType. +// * @param identificationType The identificationType to set +// */ +// public void setIdentificationType(String identificationType) { +// this.identificationType = identificationType; +// } +// +// /** +// * Sets the issuer. +// * @param issuer The issuer to set +// */ +// public void setIssuer(String issuer) { +// this.issuer = issuer; +// } +// +// /** +// * Sets the bkuURL +// * @param url The BKU URL to set +// */ +// public void setBkuURL(String url) { +// this.bkuURL = url; +// } +// +// public String getBPKType() { +// return bPKType; +// } +// +// public void setBPKType(String bPKType) { +// this.bPKType = bPKType; +// } +// + +// +// + +// +// +// public String getEIDASQAALevel() { +// if (this.QAALevel != null && +// this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) { +// String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel); +// if (MiscUtil.isNotEmpty(mappedQAA)) +// return mappedQAA; +// +// else { +// Logger.error("STORK QAA-level:" + this.QAALevel +// + " can not be mapped to eIDAS QAA-level! Use " +// + PVPConstants.EIDAS_QAA_LOW + " as default value."); +// return PVPConstants.EIDAS_QAA_LOW; +// +// } +// +// +// } else +// return this.QAALevel; +// +// } +// +// +// /** +// * @return +// */ +// public boolean isForeigner() { +// return this.foreigner; +// } +// +// +// /** +// * @param foreigner the foreigner to set +// */ +// public void setForeigner(boolean foreigner) { +// this.foreigner = foreigner; +// } +// +// + +// +// /** +// * @return the ssoSession +// */ +// public boolean isSsoSession() { +// return ssoSession; +// } +// +// +// /** +// * @param ssoSession the ssoSession to set +// */ +// public void setSsoSession(boolean ssoSession) { +// this.ssoSession = ssoSession; +// } +// +// /** +// * @return the mandateReferenceValue +// */ +// public String getMandateReferenceValue() { +// return mandateReferenceValue; +// } +// +// /** +// * @param mandateReferenceValue the mandateReferenceValue to set +// */ +// public void setMandateReferenceValue(String mandateReferenceValue) { +// this.mandateReferenceValue = mandateReferenceValue; +// } +// +// /** +// * CountryCode of the citizen which is identified and authenticated +// * +// * @return the CountryCode <pre>like. AT, SI, ...</pre> +// */ +// public String getCcc() { +// return ccc; +// } +// +// /** +// * @param ccc the ccc to set +// */ +// public void setCcc(String ccc) { +// this.ccc = ccc; +// } +// +// /** +// * @return the sessionIndex +// */ +// public String getSessionIndex() { +// return sessionIndex; +// } +// +// /** +// * @param sessionIndex the sessionIndex to set +// */ +// public void setSessionIndex(String sessionIndex) { +// this.sessionIndex = sessionIndex; +// } +// +// /* (non-Javadoc) +// * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID() +// */ +// @Override +// public String getNameID() { +// return this.nameID; +// } +// +// /** +// * @param nameID the nameID to set +// */ +// public void setNameID(String nameID) { +// this.nameID = nameID; +// } +// +// /** +// * @return the nameIDFormat +// */ +// public String getNameIDFormat() { +// return nameIDFormat; +// } +// +// /** +// * @param nameIDFormat the nameIDFormat to set +// */ +// public void setNameIDFormat(String nameIDFormat) { +// this.nameIDFormat = nameIDFormat; +// } +// +//// /** +//// * @return the interfederatedSSOSession +//// */ +//// public boolean isInterfederatedSSOSession() { +//// return interfederatedSSOSession; +//// } +//// +//// /** +//// * @param interfederatedSSOSession the interfederatedSSOSession to set +//// */ +//// public void setInterfederatedSSOSession(boolean interfederatedSSOSession) { +//// this.interfederatedSSOSession = interfederatedSSOSession; +//// } +//// +//// /** +//// * @return the interfederatedIDP +//// */ +//// public String getInterfederatedIDP() { +//// return interfederatedIDP; +//// } +//// +//// /** +//// * @param interfederatedIDP the interfederatedIDP to set +//// */ +//// public void setInterfederatedIDP(String interfederatedIDP) { +//// this.interfederatedIDP = interfederatedIDP; +//// } +// +// /** +// * @return the ssoSessionValidTo +// */ +// public Date getSsoSessionValidTo() { +// return ssoSessionValidTo; +// } +// +// /** +// * @param ssoSessionValidTo the ssoSessionValidTo to set +// */ +// public void setSsoSessionValidTo(Date ssoSessionValidTo) { +// this.ssoSessionValidTo = ssoSessionValidTo; +// } +// +// /** +// * @return the encbPKList +// */ +// public List<String> getEncbPKList() { +// return encbPKList; +// } +// +// /** +// * @param encbPKList the encbPKList to set +// */ +// public void setEncbPKList(List<String> encbPKList) { +// this.encbPKList = encbPKList; +// } +// +// /** +// * @return the roles +// */ +// public List<AuthenticationRole> getAuthenticationRoles() { +//// if (this.roles == null) { +//// this.roles = new ArrayList<AuthenticationRole>(); +//// this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole")); +//// this.roles.add(new AuthenticationRole("yypvprole", "yypvprole")); +//// } +// +// return roles; +// } +// +// //ISA 1.18 attributes +// /** +// * @param roles the roles to set +// */ +// public void addAuthenticationRole(AuthenticationRole role) { +// if (this.roles == null) +// this.roles = new ArrayList<AuthenticationRole>(); +// +// this.roles.add(role); +// } +// +// /** +// * @return the pvpAttribute_OU +// */ +// public String getPvpAttribute_OU() { +// return pvpAttribute_OU; +// } +// +// /** +// * @param pvpAttribute_OU the pvpAttribute_OU to set +// */ +// public void setPvpAttribute_OU(String pvpAttribute_OU) { +// this.pvpAttribute_OU = pvpAttribute_OU; +// } +// +// /* (non-Javadoc) +// * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService() +// */ +// @Override +// public boolean isBaseIDTransferRestrication() { +// return isBaseIDTransferRestrication; +// } +// +// /** +// * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set +// */ +// public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) { +// this.isBaseIDTransferRestrication = isBaseIDTransferRestrication; +// } +// +// /** +// * Returns a generic data-object with is stored with a specific identifier +// * +// * @param key The specific identifier of the data object +// * @param clazz The class type which is stored with this key +// * @return The data object or null if no data is found with this key +// */ +// public <T> T getGenericData(String key, final Class<T> clazz) { +// if (MiscUtil.isNotEmpty(key)) { +// Object data = genericDataStorate.get(key); +// +// if (data == null) +// return null; +// +// try { +// @SuppressWarnings("unchecked") +// T test = (T) data; +// return test; +// +// } catch (Exception e) { +// Logger.warn("Generic authentication-data object can not be casted to requsted type", e); +// return null; +// +// } +// +// } +// +// Logger.warn("Can not load generic session-data with key='null'"); +// return null; +// +// } +// +// /** +// * Store a generic data-object to session with a specific identifier +// * +// * @param key Identifier for this data-object +// * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface +// * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage +// */ +// public void setGenericData(String key, Object object) throws SessionDataStorageException { +// if (MiscUtil.isEmpty(key)) { +// Logger.warn("Generic session-data can not be stored with a 'null' key"); +// throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null); +// +// } +// +// if (object != null) { +// if (!Serializable.class.isInstance(object)) { +// Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface"); +// throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null); +// +// } +// } +// +// if (genericDataStorate.containsKey(key)) +// Logger.debug("Overwrite generic data with key:" + key); +// else +// Logger.trace("Add generic data with key:" + key + " to session."); +// +// genericDataStorate.put(key, object); +// } + +} |