diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java | 159 |
1 files changed, 117 insertions, 42 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 2d29f7454..17fc52a8c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion; import java.util.Iterator; +import java.util.List; import org.joda.time.DateTime; import org.opensaml.common.xml.SAMLConstants; @@ -25,9 +26,15 @@ import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.NameIDFormat; import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.w3c.dom.Element; +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -37,11 +44,14 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; public class PVP2AssertionBuilder implements PVPConstants { public static Assertion buildAssertion(AuthnRequest authnRequest, @@ -58,48 +68,64 @@ public class PVP2AssertionBuilder implements PVPConstants { boolean stork_qaa_1_4_found = false; - Iterator<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext - .getAuthnContextClassRefs().iterator(); - - while (reqAuthnContextClassRefIt.hasNext()) { - AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt - .next(); - String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split( - "\\s+"); - for (int i = 0; i < qaa_uris.length; i++) { - if (qaa_uris[i].trim().equals(STORK_QAA_1_4)) { - stork_qaa_1_4_found = true; - break; - } - } - } + AuthnContextClassRef authnContextClassRef = SAML2Utils + .createSAMLObject(AuthnContextClassRef.class); + + List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext + .getAuthnContextClassRefs(); + + if (reqAuthnContextClassRefIt.size() == 0) { + stork_qaa_1_4_found = true; + authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); + + } else { + for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) { + String qaa_uri = authnClassRef.getAuthnContextClassRef(); + if (qaa_uri.trim().equals(STORK_QAA_1_4) + || qaa_uri.trim().equals(STORK_QAA_1_3) + || qaa_uri.trim().equals(STORK_QAA_1_2) + || qaa_uri.trim().equals(STORK_QAA_1_1)) { + + if (authSession.isForeigner()) { + //TODO: insert QAA check + + stork_qaa_1_4_found = false; + + } else { + stork_qaa_1_4_found = true; + authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); + } + break; + } + } + } if (!stork_qaa_1_4_found) { throw new QAANotSupportedException(STORK_QAA_1_4); } - reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs() - .iterator(); - StringBuilder authContextsb = new StringBuilder(); - while (reqAuthnContextClassRefIt.hasNext()) { - AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt - .next(); - String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split( - "\\s+"); - for (int i = 0; i < qaa_uris.length; i++) { - if (qaa_uris[i].trim().equals(STORK_QAA_1_4) - || qaa_uris[i].trim().equals(STORK_QAA_1_3) - || qaa_uris[i].trim().equals(STORK_QAA_1_2) - || qaa_uris[i].trim().equals(STORK_QAA_1_1)) { - authContextsb.append(qaa_uris[i].trim()); - authContextsb.append(" "); - } - } - - } - AuthnContextClassRef authnContextClassRef = SAML2Utils - .createSAMLObject(AuthnContextClassRef.class); - authnContextClassRef.setAuthnContextClassRef(authContextsb.toString()); +// reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs() +// .iterator(); +// +// StringBuilder authContextsb = new StringBuilder(); +// +// while (reqAuthnContextClassRefIt.hasNext()) { +// AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt +// .next(); +// String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split( +// "\\s+"); +// for (int i = 0; i < qaa_uris.length; i++) { +// if (qaa_uris[i].trim().equals(STORK_QAA_1_4) +// || qaa_uris[i].trim().equals(STORK_QAA_1_3) +// || qaa_uris[i].trim().equals(STORK_QAA_1_2) +// || qaa_uris[i].trim().equals(STORK_QAA_1_1)) { +// authContextsb.append(qaa_uris[i].trim()); +// authContextsb.append(" "); +// } +// } +// +// } + AuthnContext authnContext = SAML2Utils .createSAMLObject(AuthnContext.class); authnContext.setAuthnContextClassRef(authnContextClassRef); @@ -199,14 +225,63 @@ public class PVP2AssertionBuilder implements PVPConstants { assertion.getAttributeStatements().add(attributeStatement); } - // TL: getIdentificationValue holds the baseID --> change to pBK - // subjectNameID.setValue(authData.getIdentificationValue()); - subjectNameID.setFormat(NameID.PERSISTENT); //TLenz: set correct bPK Type and Value from AuthData - subjectNameID.setNameQualifier(authData.getBPKType()); - subjectNameID.setValue(authData.getBPK()); + if (authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); + PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson(); + + IdentificationType id; + if(corporation != null && corporation.getIdentification().size() > 0) + id = corporation.getIdentification().get(0); + + + else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0) + id = pysicalperson.getIdentification().get(0); + + else { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + + String bpktype = id.getType(); + String bpk = id.getValue().getValue(); + + if (bpktype.equals(Constants.URN_PREFIX_BASEID)) { + if (authSession.getBusinessService()) { + subjectNameID.setValue(new BPKBuilder().buildWBPK(bpk, oaParam.getIdentityLinkDomainIdentifier())); + if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) + subjectNameID.setNameQualifier(oaParam.getIdentityLinkDomainIdentifier()); + else + subjectNameID.setNameQualifier(Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier()); + + } else { + subjectNameID.setValue(new BPKBuilder().buildBPK(bpk, oaParam.getTarget())); + if (oaParam.getTarget().startsWith(Constants.URN_PREFIX_CDID + "+")) + subjectNameID.setNameQualifier(oaParam.getTarget()); + else + subjectNameID.setNameQualifier(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); + } + + + } else { + subjectNameID.setNameQualifier(bpktype); + subjectNameID.setValue(bpk); + } + + } else { + subjectNameID.setNameQualifier(authData.getBPKType()); + subjectNameID.setValue(authData.getBPK()); + } subject.setNameID(subjectNameID); |