diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder')
27 files changed, 1753 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java new file mode 100644 index 000000000..ab880bb9e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java @@ -0,0 +1,158 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeStatement; +import org.opensaml.saml2.core.AttributeValue; +import org.opensaml.xml.Configuration; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.schema.XSInteger; +import org.opensaml.xml.schema.XSString; +import org.opensaml.xml.schema.impl.XSIntegerBuilder; +import org.opensaml.xml.schema.impl.XSStringBuilder; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; + +public class CitizenTokenBuilder { + + public static XMLObject buildAttributeStringValue(String value) { + XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME); + XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME); + stringValue.setValue(value); + return stringValue; + } + + public static XMLObject buildAttributeIntegerValue(int value) { + XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME); + XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME); + integerValue.setValue(value); + return integerValue; + } + + public static Attribute buildStringAttribute(String friendlyName, + String name, String value) { + Attribute attribute = + SAML2Utils.createSAMLObject(Attribute.class); + attribute.setFriendlyName(friendlyName); + attribute.setName(name); + attribute.getAttributeValues().add(buildAttributeStringValue(value)); + return attribute; + } + + public static Attribute buildIntegerAttribute(String friendlyName, + String name, int value) { + Attribute attribute = + SAML2Utils.createSAMLObject(Attribute.class); + attribute.setFriendlyName(friendlyName); + attribute.setName(name); + attribute.getAttributeValues().add(buildAttributeIntegerValue(value)); + return attribute; + } + + public static Attribute buildPVPVersion(String value) { + return buildStringAttribute("PVP-VERSION", + "urn:oid:1.2.40.0.10.2.1.1.261.10", value); + } + + public static Attribute buildSecClass(int value) { + return buildIntegerAttribute("SECCLASS", + "", value); + } + + public static Attribute buildPrincipalName(String value) { + return buildStringAttribute("PRINCIPAL-NAME", + "urn:oid:1.2.40.0.10.2.1.1.261.20", value); + } + + public static Attribute buildGivenName(String value) { + return buildStringAttribute("GIVEN-NAME", + "urn:oid:2.5.4.42", value); + } + + public static Attribute buildBirthday(String value) { + return buildStringAttribute("BIRTHDATE", + "urn:oid:1.2.40.0.10.2.1.1.55", value); + } + + public static Attribute buildBPK(String value) { + return buildStringAttribute("BPK", + "urn:oid:1.2.40.0.10.2.1.1.149", value); + } + + public static Attribute buildEID_CITIZEN_QAALEVEL(int value) { + return buildIntegerAttribute("EID-CITIZEN-QAA-LEVEL", + "urn:oid:1.2.40.0.10.2.1.1.261.94", value); + } + + public static Attribute buildEID_ISSUING_NATION(String value) { + return buildStringAttribute("EID-ISSUING-NATION", + "urn:oid:1.2.40.0.10.2.1.1.261.32", value); + } + + public static Attribute buildEID_SECTOR_FOR_IDENTIFIER(String value) { + return buildStringAttribute("EID-SECTOR-FOR-IDENTIFIER", + "urn:oid:1.2.40.0.10.2.1.1.261.34", value); + } + + +// public static AttributeStatement buildCitizenToken(MOARequest obj, +// AuthenticationSession authSession) { +// AttributeStatement statement = +// SAML2Utils.createSAMLObject(AttributeStatement.class); +// +// //TL: AuthData generation is moved out from VerifyAuthBlockServlet +// try { +// +// //TODO: LOAD oaParam from request and not from MOASession in case of SSO +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() +// .getOnlineApplicationParameter(authSession.getPublicOAURLPrefix()); +// +// AuthenticationData authData = AuthenticationServer.buildAuthenticationData(authSession, +// oaParam, +// authSession.getTarget()); +// +// Attribute pvpVersion = buildPVPVersion("2.1"); +// Attribute secClass = buildSecClass(3); +// Attribute principalName = buildPrincipalName(authData.getFamilyName()); +// Attribute givenName = buildGivenName(authData.getGivenName()); +// Attribute birthdate = buildBirthday(authData.getDateOfBirth()); +// +// //TL: getIdentificationValue holds the baseID --> change to pBK +// Attribute bpk = buildBPK(authData.getBPK()); +// +// Attribute eid_citizen_qaa = buildEID_CITIZEN_QAALEVEL(3); +// Attribute eid_issuing_nation = buildEID_ISSUING_NATION("AT"); +// Attribute eid_sector_for_id = buildEID_SECTOR_FOR_IDENTIFIER(authData.getIdentificationType()); +// +// statement.getAttributes().add(pvpVersion); +// statement.getAttributes().add(secClass); +// statement.getAttributes().add(principalName); +// statement.getAttributes().add(givenName); +// statement.getAttributes().add(birthdate); +// statement.getAttributes().add(bpk); +// statement.getAttributes().add(eid_citizen_qaa); +// statement.getAttributes().add(eid_issuing_nation); +// statement.getAttributes().add(eid_sector_for_id); +// +// return statement; +// +// } catch (ConfigurationException e) { +// +// // TODO: check Exception Handling +// return null; +// } catch (BuildException e) { +// +// // TODO: check Exception Handling +// return null; +// } +// +// +// } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java new file mode 100644 index 000000000..60e510de2 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java @@ -0,0 +1,98 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BPKAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BirthdateAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDCitizenQAALevelAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIssuingNationAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSectorForIDAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.GivenNameAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateFullMandateAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonFullNameAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonBPKAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonBirthDateAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonFamilyNameAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonGivenNameAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateProfRepDescAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateProfRepOIDAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateReferenceValueAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateTypeAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.PVPVersionAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.PrincipalNameAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; + +public class PVPAttributeBuilder { + + private static HashMap<String, IAttributeBuilder> builders; + + private static void addBuilder(IAttributeBuilder builder) { + builders.put(builder.getName(), builder); + } + + static { + builders = new HashMap<String, IAttributeBuilder>(); + // Citizen Token normal + addBuilder(new PVPVersionAttributeBuilder()); + addBuilder(new PrincipalNameAttributeBuilder()); + addBuilder(new GivenNameAttributeBuilder()); + addBuilder(new BirthdateAttributeBuilder()); + addBuilder(new BPKAttributeBuilder()); + addBuilder(new EIDCitizenQAALevelAttributeBuilder()); + addBuilder(new EIDIssuingNationAttributeBuilder()); + addBuilder(new EIDSectorForIDAttributeBuilder()); + + // Mandate Attributes + addBuilder(new MandateTypeAttributeBuilder()); + addBuilder(new MandateLegalPersonFullNameAttributeBuilder()); + addBuilder(new MandateLegalPersonSourcePinAttributeBuilder()); + addBuilder(new MandateLegalPersonSourcePinTypeAttributeBuilder()); + addBuilder(new MandateNaturalPersonBirthDateAttributeBuilder()); + addBuilder(new MandateNaturalPersonBPKAttributeBuilder()); + addBuilder(new MandateNaturalPersonFamilyNameAttributeBuilder()); + addBuilder(new MandateNaturalPersonGivenNameAttributeBuilder()); + addBuilder(new MandateNaturalPersonSourcePinAttributeBuilder()); + addBuilder(new MandateNaturalPersonSourcePinTypeAttributeBuilder()); + addBuilder(new MandateTypeAttributeBuilder()); + addBuilder(new MandateProfRepOIDAttributeBuilder()); + addBuilder(new MandateProfRepDescAttributeBuilder()); + addBuilder(new MandateReferenceValueAttributeBuilder()); + addBuilder(new MandateFullMandateAttributeBuilder()); + } + + public static Attribute buildAttribute(String name, + AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if (builders.containsKey(name)) { + return builders.get(name).build(authSession, oaParam, authData); + } + return null; + } + + public static List<Attribute> buildSupportedEmptyAttributes() { + List<Attribute> attributes = new ArrayList<Attribute>(); + Iterator<IAttributeBuilder> builderIt = builders.values().iterator(); + while (builderIt.hasNext()) { + IAttributeBuilder builder = builderIt.next(); + Attribute emptyAttribute = builder.buildEmpty(); + if (emptyAttribute != null) { + attributes.add(emptyAttribute); + } + } + return attributes; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java new file mode 100644 index 000000000..17fc52a8c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -0,0 +1,325 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion; + +import java.util.Iterator; +import java.util.List; + +import org.joda.time.DateTime; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeStatement; +import org.opensaml.saml2.core.Audience; +import org.opensaml.saml2.core.AudienceRestriction; +import org.opensaml.saml2.core.AuthnContext; +import org.opensaml.saml2.core.AuthnContextClassRef; +import org.opensaml.saml2.core.AuthnRequest; +import org.opensaml.saml2.core.AuthnStatement; +import org.opensaml.saml2.core.Conditions; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.RequestedAuthnContext; +import org.opensaml.saml2.core.Subject; +import org.opensaml.saml2.core.SubjectConfirmation; +import org.opensaml.saml2.core.SubjectConfirmationData; +import org.opensaml.saml2.metadata.AttributeConsumingService; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.NameIDFormat; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; + +public class PVP2AssertionBuilder implements PVPConstants { + public static Assertion buildAssertion(AuthnRequest authnRequest, + AuthenticationSession authSession, EntityDescriptor peerEntity) + throws MOAIDException { + Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class); + + RequestedAuthnContext reqAuthnContext = authnRequest + .getRequestedAuthnContext(); + + if (reqAuthnContext == null) { + throw new NoAuthContextException(); + } + + boolean stork_qaa_1_4_found = false; + + AuthnContextClassRef authnContextClassRef = SAML2Utils + .createSAMLObject(AuthnContextClassRef.class); + + List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext + .getAuthnContextClassRefs(); + + if (reqAuthnContextClassRefIt.size() == 0) { + stork_qaa_1_4_found = true; + authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); + + } else { + for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) { + String qaa_uri = authnClassRef.getAuthnContextClassRef(); + if (qaa_uri.trim().equals(STORK_QAA_1_4) + || qaa_uri.trim().equals(STORK_QAA_1_3) + || qaa_uri.trim().equals(STORK_QAA_1_2) + || qaa_uri.trim().equals(STORK_QAA_1_1)) { + + if (authSession.isForeigner()) { + //TODO: insert QAA check + + stork_qaa_1_4_found = false; + + } else { + stork_qaa_1_4_found = true; + authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); + } + break; + } + } + } + + if (!stork_qaa_1_4_found) { + throw new QAANotSupportedException(STORK_QAA_1_4); + } + +// reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs() +// .iterator(); +// +// StringBuilder authContextsb = new StringBuilder(); +// +// while (reqAuthnContextClassRefIt.hasNext()) { +// AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt +// .next(); +// String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split( +// "\\s+"); +// for (int i = 0; i < qaa_uris.length; i++) { +// if (qaa_uris[i].trim().equals(STORK_QAA_1_4) +// || qaa_uris[i].trim().equals(STORK_QAA_1_3) +// || qaa_uris[i].trim().equals(STORK_QAA_1_2) +// || qaa_uris[i].trim().equals(STORK_QAA_1_1)) { +// authContextsb.append(qaa_uris[i].trim()); +// authContextsb.append(" "); +// } +// } +// +// } + + AuthnContext authnContext = SAML2Utils + .createSAMLObject(AuthnContext.class); + authnContext.setAuthnContextClassRef(authnContextClassRef); + + AuthnStatement authnStatement = SAML2Utils + .createSAMLObject(AuthnStatement.class); + String remoteSessionID = SAML2Utils.getSecureIdentifier(); + authnStatement.setAuthnInstant(new DateTime()); + // currently dummy id ... + authnStatement.setSessionIndex(remoteSessionID); + authnStatement.setAuthnContext(authnContext); + + assertion.getAuthnStatements().add(authnStatement); + + SPSSODescriptor spSSODescriptor = peerEntity + .getSPSSODescriptor(SAMLConstants.SAML20P_NS); + + Integer aIdx = authnRequest.getAttributeConsumingServiceIndex(); + int idx = 0; + + if (aIdx != null) { + idx = aIdx.intValue(); + } + + AttributeConsumingService attributeConsumingService = spSSODescriptor + .getAttributeConsumingServices().get(idx); + + AttributeStatement attributeStatement = SAML2Utils + .createSAMLObject(AttributeStatement.class); + + Subject subject = SAML2Utils.createSAMLObject(Subject.class); + NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); + boolean foundFormat = false; + + // TL: AuthData generation is moved to Assertion generation. + + Iterator<NameIDFormat> formatIt = spSSODescriptor.getNameIDFormats() + .iterator(); + while (formatIt.hasNext()) { + if (formatIt.next().getFormat().equals(NameID.PERSISTENT)) { + foundFormat = true; + break; + } + } + if (!foundFormat) { + // TODO use correct exception + throw new NameIDFormatNotSupportedException(""); + } + + // TODO: Check if we need to hide source pin + /* + * if(authSession.getUseMandate()) { Element mandate = + * authSession.getMandate(); if(authSession.getBusinessService()) { // + * Hide Source PIN! ParepUtils.HideStammZahlen(mandate, true, null, + * authSession.getDomainIdentifier(), true); } else { + * ParepUtils.HideStammZahlen(mandate, false, authSession.getTarget(), + * null, true); } } + */ + + // TODO: LOAD oaParam from request and not from MOASession in case of + // SSO + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter( + peerEntity.getEntityID()); + + AuthenticationData authData = AuthenticationServer + .buildAuthenticationData(authSession, oaParam, + oaParam.getTarget()); + + Iterator<RequestedAttribute> it = attributeConsumingService + .getRequestAttributes().iterator(); + while (it.hasNext()) { + RequestedAttribute reqAttribut = it.next(); + try { + Attribute attr = PVPAttributeBuilder.buildAttribute( + reqAttribut.getName(), authSession, oaParam, authData); + if (attr == null) { + if (reqAttribut.isRequired()) { + throw new UnprovideableAttributeException( + reqAttribut.getName()); + } + } else { + attributeStatement.getAttributes().add(attr); + } + } catch (PVP2Exception e) { + Logger.error( + "Attribute generation failed! for " + + reqAttribut.getFriendlyName(), e); + if (reqAttribut.isRequired()) { + throw new UnprovideableAttributeException( + reqAttribut.getName()); + } + } + } + + if (attributeStatement.getAttributes().size() > 0) { + assertion.getAttributeStatements().add(attributeStatement); + } + + subjectNameID.setFormat(NameID.PERSISTENT); + + //TLenz: set correct bPK Type and Value from AuthData + if (authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); + PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson(); + + IdentificationType id; + if(corporation != null && corporation.getIdentification().size() > 0) + id = corporation.getIdentification().get(0); + + + else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0) + id = pysicalperson.getIdentification().get(0); + + else { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + + String bpktype = id.getType(); + String bpk = id.getValue().getValue(); + + if (bpktype.equals(Constants.URN_PREFIX_BASEID)) { + if (authSession.getBusinessService()) { + subjectNameID.setValue(new BPKBuilder().buildWBPK(bpk, oaParam.getIdentityLinkDomainIdentifier())); + if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) + subjectNameID.setNameQualifier(oaParam.getIdentityLinkDomainIdentifier()); + else + subjectNameID.setNameQualifier(Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier()); + + } else { + subjectNameID.setValue(new BPKBuilder().buildBPK(bpk, oaParam.getTarget())); + if (oaParam.getTarget().startsWith(Constants.URN_PREFIX_CDID + "+")) + subjectNameID.setNameQualifier(oaParam.getTarget()); + else + subjectNameID.setNameQualifier(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); + } + + + } else { + subjectNameID.setNameQualifier(bpktype); + subjectNameID.setValue(bpk); + } + + } else { + subjectNameID.setNameQualifier(authData.getBPKType()); + subjectNameID.setValue(authData.getBPK()); + } + + + subject.setNameID(subjectNameID); + + SubjectConfirmation subjectConfirmation = SAML2Utils + .createSAMLObject(SubjectConfirmation.class); + subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER); + SubjectConfirmationData subjectConfirmationData = SAML2Utils + .createSAMLObject(SubjectConfirmationData.class); + subjectConfirmationData.setInResponseTo(authnRequest.getID()); + subjectConfirmationData.setNotOnOrAfter(new DateTime().plusMinutes(20)); + subjectConfirmationData.setRecipient(peerEntity.getEntityID()); + + subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData); + + subject.getSubjectConfirmations().add(subjectConfirmation); + + Conditions conditions = SAML2Utils.createSAMLObject(Conditions.class); + AudienceRestriction audienceRestriction = SAML2Utils + .createSAMLObject(AudienceRestriction.class); + Audience audience = SAML2Utils.createSAMLObject(Audience.class); + + audience.setAudienceURI(peerEntity.getEntityID()); + audienceRestriction.getAudiences().add(audience); + conditions.setNotBefore(new DateTime()); + conditions.setNotOnOrAfter(new DateTime().plusMinutes(20)); + conditions.getAudienceRestrictions().add(audienceRestriction); + + assertion.setConditions(conditions); + + Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + issuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName()); + issuer.setFormat(NameID.ENTITY); + assertion.setIssuer(issuer); + assertion.setSubject(subject); + assertion.setID(SAML2Utils.getSecureIdentifier()); + assertion.setIssueInstant(new DateTime()); + + return assertion; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java new file mode 100644 index 000000000..4fb76c377 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java @@ -0,0 +1,37 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.util.Constants; + +public class BPKAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return BPK_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) { + String bpk = authData.getBPK(); + String type = authData.getBPKType(); + + if (type.startsWith(Constants.URN_PREFIX_WBPK)) + type = type.substring((Constants.URN_PREFIX_WBPK+"+").length()); + else if (type.startsWith(Constants.URN_PREFIX_CDID)) + type = type.substring((Constants.URN_PREFIX_CDID+"+").length()); + + if(bpk.length() > BPK_MAX_LENGTH) { + bpk = bpk.substring(0, BPK_MAX_LENGTH); + } + return buildStringAttribute(BPK_FRIENDLY_NAME, BPK_NAME, type + ":" + bpk); + } + + + public Attribute buildEmpty() { + return buildemptyAttribute(BPK_FRIENDLY_NAME, BPK_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java new file mode 100644 index 000000000..d3c79c939 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java @@ -0,0 +1,62 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeValue; +import org.opensaml.xml.Configuration; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.schema.XSInteger; +import org.opensaml.xml.schema.XSString; +import org.opensaml.xml.schema.impl.XSIntegerBuilder; +import org.opensaml.xml.schema.impl.XSStringBuilder; + +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; + +public abstract class BaseAttributeBuilder implements PVPConstants, IAttributeBuilder { + + + protected static XMLObject buildAttributeStringValue(String value) { + XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME); + XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME); + stringValue.setValue(value); + return stringValue; + } + + protected static XMLObject buildAttributeIntegerValue(int value) { + XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME); + XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME); + integerValue.setValue(value); + return integerValue; + } + + protected static Attribute buildStringAttribute(String friendlyName, + String name, String value) { + Attribute attribute = + SAML2Utils.createSAMLObject(Attribute.class); + attribute.setFriendlyName(friendlyName); + attribute.setName(name); + attribute.setNameFormat(Attribute.URI_REFERENCE); + attribute.getAttributeValues().add(buildAttributeStringValue(value)); + return attribute; + } + + protected static Attribute buildIntegerAttribute(String friendlyName, + String name, int value) { + Attribute attribute = + SAML2Utils.createSAMLObject(Attribute.class); + attribute.setFriendlyName(friendlyName); + attribute.setName(name); + attribute.setNameFormat(Attribute.URI_REFERENCE); + attribute.getAttributeValues().add(buildAttributeIntegerValue(value)); + return attribute; + } + + protected static Attribute buildemptyAttribute(String friendlyName, String name) { + Attribute attribute = + SAML2Utils.createSAMLObject(Attribute.class); + attribute.setFriendlyName(friendlyName); + attribute.setName(name); + attribute.setNameFormat(Attribute.URI_REFERENCE); + return attribute; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java new file mode 100644 index 000000000..fa42fc54f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java @@ -0,0 +1,45 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import java.text.DateFormat; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.Date; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; + +public class BirthdateAttributeBuilder extends BaseAttributeBuilder { + + public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; + + public String getName() { + return BIRTHDATE_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) { + try { + DateFormat identityLinkFormat = new SimpleDateFormat( + IDENTITY_LINK_DATE_FORMAT); + Date date = identityLinkFormat.parse(authSession.getIdentityLink() + .getDateOfBirth()); + DateFormat pvpDateFormat = new SimpleDateFormat( + BIRTHDATE_FORMAT_PATTERN); + String dateString = pvpDateFormat.format(date); + return buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, + BIRTHDATE_NAME, dateString); + } catch (ParseException e) { + e.printStackTrace(); + return null; + } + } + + public Attribute buildEmpty() { + return buildemptyAttribute(BIRTHDATE_FRIENDLY_NAME, + BIRTHDATE_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java new file mode 100644 index 000000000..5ddd87c7b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java @@ -0,0 +1,27 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; + +public class EIDCitizenQAALevelAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return EID_CITIZEN_QAA_LEVEL_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) { + return buildIntegerAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, + EID_CITIZEN_QAA_LEVEL_NAME, 4); + } + + + public Attribute buildEmpty() { + return buildemptyAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, + EID_CITIZEN_QAA_LEVEL_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java new file mode 100644 index 000000000..08e4e67b3 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java @@ -0,0 +1,60 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import iaik.x509.X509Certificate; + +import javax.naming.ldap.LdapName; +import javax.naming.ldap.Rdn; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.logging.Logger; + +public class EIDIssuingNationAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return EID_ISSUING_NATION_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) { + String countryCode = "AT"; + + + if (authSession.getStorkAuthnRequest() != null) { + countryCode = authSession.getStorkAuthnRequest() + .getCitizenCountryCode(); + } else { + + //TODO: replace with TSL lookup when TSL is ready! + X509Certificate certificate = authSession.getSignerCertificate(); + + if (certificate != null) { + try { + LdapName ln = new LdapName(certificate.getIssuerDN() + .getName()); + for (Rdn rdn : ln.getRdns()) { + if (rdn.getType().equalsIgnoreCase("C")) { + Logger.info("C is: " + rdn.getValue()); + countryCode = rdn.getValue().toString(); + break; + } + } + } catch (Exception e) { + Logger.error("Failed to extract country code from certificate", e); + } + } + } + + return buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME, + EID_ISSUING_NATION_NAME, countryCode); + } + + public Attribute buildEmpty() { + return buildemptyAttribute(EID_ISSUING_NATION_FRIENDLY_NAME, + EID_ISSUING_NATION_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java new file mode 100644 index 000000000..8cb2b5be6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java @@ -0,0 +1,27 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; + +public class EIDSectorForIDAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return EID_SECTOR_FOR_IDENTIFIER_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) { + String bpktype = authData.getBPKType(); + return buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, + EID_SECTOR_FOR_IDENTIFIER_NAME, bpktype); + } + + public Attribute buildEmpty() { + return buildemptyAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, + EID_SECTOR_FOR_IDENTIFIER_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java new file mode 100644 index 000000000..5c8151c01 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java @@ -0,0 +1,24 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; + +public class GivenNameAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return GIVEN_NAME_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) { + return buildStringAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME, authSession.getIdentityLink().getGivenName()); + } + + public Attribute buildEmpty() { + return buildemptyAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java new file mode 100644 index 000000000..173fbd52f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java @@ -0,0 +1,15 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; + +public interface IAttributeBuilder { + public String getName(); + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception; + public Attribute buildEmpty(); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java new file mode 100644 index 000000000..cecd90448 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java @@ -0,0 +1,49 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import java.io.IOException; + +import javax.xml.transform.TransformerException; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; + +public class MandateFullMandateAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_FULL_MANDATE_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) + throws PVP2Exception { + if (authSession.getUseMandate()) { + if (authSession.getMandate() != null) { + String fullMandate; + try { + fullMandate = DOMUtils.serializeNode(authSession + .getMandate()); + return buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME, + MANDATE_FULL_MANDATE_NAME, fullMandate); + } catch (TransformerException e) { + Logger.error("Failed to generate Full Mandate", e); + } catch (IOException e) { + Logger.error("Failed to generate Full Mandate", e); + } + } + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME, + MANDATE_FULL_MANDATE_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java new file mode 100644 index 000000000..15059c036 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java @@ -0,0 +1,51 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateLegalPersonFullNameAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_LEG_PER_FULL_NAME_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); + if(corporation == null) { + Logger.error("No corporation mandate"); + throw new NoMandateDataAvailableException(); + } + + return buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, + MANDATE_LEG_PER_FULL_NAME_NAME, corporation.getFullName()); + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, + MANDATE_LEG_PER_FULL_NAME_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java new file mode 100644 index 000000000..820efb209 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java @@ -0,0 +1,64 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateLegalPersonSourcePinAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_LEG_PER_SOURCE_PIN_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); + if(corporation == null) { + Logger.error("No corporation mandate"); + throw new NoMandateDataAvailableException(); + } + IdentificationType id = null; + if(corporation.getIdentification().size() == 0) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + id = corporation.getIdentification().get(0); + /*if(authSession.getBusinessService()) { + id = MandateBuilder.getWBPKIdentification(corporation); + } else { + id = MandateBuilder.getBPKIdentification(corporation); + }*/ + /*if(id == null) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + }*/ + return buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_LEG_PER_SOURCE_PIN_NAME, id.getValue().getValue()); + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_NAME); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java new file mode 100644 index 000000000..44b58d04f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java @@ -0,0 +1,67 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateLegalPersonSourcePinTypeAttributeBuilder extends + BaseAttributeBuilder { + + public String getName() { + return MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) + throws PVP2Exception { + if (authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if (mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if (mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + CorporateBodyType corporation = mandateObject.getMandator() + .getCorporateBody(); + if (corporation == null) { + Logger.error("No corporate mandate"); + throw new NoMandateDataAvailableException(); + } + IdentificationType id = null; + if(corporation.getIdentification().size() == 0) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + id = corporation.getIdentification().get(0); + /*id = MandateBuilder.getBPKIdentification(corporate); + if (id == null) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + }*/ + return buildStringAttribute( + MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, + MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, id.getType()); + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute( + MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, + MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java new file mode 100644 index 000000000..49e013fe0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java @@ -0,0 +1,90 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; + +public class MandateNaturalPersonBPKAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_BPK_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator() + .getPhysicalPerson(); + if (physicalPerson == null) { + Logger.error("No physicalPerson mandate"); + throw new NoMandateDataAvailableException(); + } + IdentificationType id = null; + id = physicalPerson.getIdentification().get(0); +// if(authSession.getBusinessService()) { +// id = MandateBuilder.getWBPKIdentification(physicalPerson); +// } else { +// id = MandateBuilder.getBPKIdentification(physicalPerson); +// } + if(id == null) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + + String bpk; + try { + + if (id.getType().equals(Constants.URN_PREFIX_BASEID)) { + if (authSession.getBusinessService()) { + bpk = new BPKBuilder().buildWBPK(id.getValue().getValue(), oaParam.getIdentityLinkDomainIdentifier()); + + } + + else { + bpk = new BPKBuilder().buildBPK(id.getValue().getValue(), oaParam.getTarget()); + + } + + } else + bpk = id.getValue().getValue(); + + } catch (BuildException e ){ + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + + return buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, + MANDATE_NAT_PER_BPK_NAME, bpk); + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, + MANDATE_NAT_PER_BPK_NAME); + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java new file mode 100644 index 000000000..a87d4d25c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java @@ -0,0 +1,74 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import java.text.DateFormat; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.Date; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateNaturalPersonBirthDateAttributeBuilder extends + BaseAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_BIRTHDATE_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) + throws PVP2Exception { + if (authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if (mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if (mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator() + .getPhysicalPerson(); + if (physicalPerson == null) { + Logger.error("No physicalPerson mandate"); + throw new NoMandateDataAvailableException(); + } + + String dateOfBirth = physicalPerson.getDateOfBirth(); + try { + DateFormat mandateFormat = new SimpleDateFormat( + MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT); + Date date = mandateFormat.parse(dateOfBirth); + DateFormat pvpDateFormat = new SimpleDateFormat( + MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN); + String dateString = pvpDateFormat.format(date); + + return buildStringAttribute( + MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, + MANDATE_NAT_PER_BIRTHDATE_NAME, dateString); + } catch (ParseException e) { + e.printStackTrace(); + throw new InvalidDateFormatException(); + } + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, + MANDATE_NAT_PER_BIRTHDATE_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java new file mode 100644 index 000000000..6744e5d20 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java @@ -0,0 +1,61 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import java.util.Iterator; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType.FamilyName; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateNaturalPersonFamilyNameAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_FAMILY_NAME_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); + if(physicalPerson == null) { + Logger.error("No physicalPerson mandate"); + throw new NoMandateDataAvailableException(); + } + + StringBuilder sb = new StringBuilder(); + Iterator<FamilyName> fNamesit = physicalPerson.getName().getFamilyName().iterator(); + + while(fNamesit.hasNext()) { + sb.append(" " + fNamesit.next().getValue()); + } + + return buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, + MANDATE_NAT_PER_FAMILY_NAME_NAME, sb.toString()); + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, + MANDATE_NAT_PER_FAMILY_NAME_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java new file mode 100644 index 000000000..67aa8df0e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java @@ -0,0 +1,60 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import java.util.Iterator; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateNaturalPersonGivenNameAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_GIVEN_NAME_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); + if(physicalPerson == null) { + Logger.error("No physicalPerson mandate"); + throw new NoMandateDataAvailableException(); + } + + StringBuilder sb = new StringBuilder(); + Iterator<String> gNamesit = physicalPerson.getName().getGivenName().iterator(); + + while(gNamesit.hasNext()) { + sb.append(" " + gNamesit.next()); + } + + return buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, + MANDATE_NAT_PER_GIVEN_NAME_NAME, sb.toString()); + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, + MANDATE_NAT_PER_GIVEN_NAME_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java new file mode 100644 index 000000000..eaa7e88af --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java @@ -0,0 +1,65 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateNaturalPersonSourcePinAttributeBuilder extends + BaseAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_SOURCE_PIN_OID; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) + throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator() + .getPhysicalPerson(); + if (physicalPerson == null) { + Logger.error("No physicalPerson mandate"); + throw new NoMandateDataAvailableException(); + } + IdentificationType id = null; + id = physicalPerson.getIdentification().get(0); + /*if(authSession.getBusinessService()) { + id = MandateBuilder.getWBPKIdentification(physicalPerson); + } else { + id = MandateBuilder.getBPKIdentification(physicalPerson); + }*/ + if(id == null) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + + return buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_NAT_PER_SOURCE_PIN_NAME, id.getValue().getValue()); + } + return null; + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_NAT_PER_SOURCE_PIN_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java new file mode 100644 index 000000000..7b8f59dd2 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java @@ -0,0 +1,65 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateNaturalPersonSourcePinTypeAttributeBuilder extends + BaseAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) + throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator() + .getPhysicalPerson(); + if (physicalPerson == null) { + Logger.error("No physicalPerson mandate"); + throw new NoMandateDataAvailableException(); + } + IdentificationType id = null; + id = physicalPerson.getIdentification().get(0); + /*if(authSession.getBusinessService()) { + id = MandateBuilder.getWBPKIdentification(physicalPerson); + } else { + id = MandateBuilder.getBPKIdentification(physicalPerson); + }*/ + if(id == null) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + + return buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, + MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, id.getType()); + } + return null; + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, + MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java new file mode 100644 index 000000000..b7c356112 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java @@ -0,0 +1,48 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor; + +public class MandateProfRepDescAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_PROF_REP_DESC_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + + String text = AttributeExtractor.extractSAMLAttributeOA( + ParepValidator.EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, + authSession); + + if(text == null) { + return null; + } + + return buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, + MANDATE_PROF_REP_DESC_NAME, text); + + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, + MANDATE_PROF_REP_DESC_NAME); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java new file mode 100644 index 000000000..740a99649 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java @@ -0,0 +1,49 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor; + +public class MandateProfRepOIDAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_PROF_REP_OID_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + + String oid = AttributeExtractor.extractSAMLAttributeOA( + ParepValidator.EXT_SAML_MANDATE_OID, + authSession); + + if(oid == null) { + return null; + } + + return buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, + MANDATE_PROF_REP_OID_NAME, oid); + + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, + MANDATE_PROF_REP_OID_NAME); + } +} +
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java new file mode 100644 index 000000000..5a50473d3 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java @@ -0,0 +1,43 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; + +public class MandateReferenceValueAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_REFERENCE_VALUE_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + + return buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, + MANDATE_REFERENCE_VALUE_NAME, mandateObject.getMandateID()); + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, + MANDATE_REFERENCE_VALUE_NAME); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java new file mode 100644 index 000000000..bc7fdaf73 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.ResponderErrorException; +import at.gv.egovernment.moa.id.util.MandateBuilder; + +public class MandateTypeAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_TYPE_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws ResponderErrorException { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new ResponderErrorException("No mandate data available", null); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new ResponderErrorException("No mandate data available", null); + } + + return buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateObject.getAnnotation()); + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java new file mode 100644 index 000000000..545d70d76 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java @@ -0,0 +1,24 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; + +public class PVPVersionAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return PVP_VERSION_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) { + return buildStringAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME, PVP_VERSION_2_1); + } + + public Attribute buildEmpty() { + return buildemptyAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java new file mode 100644 index 000000000..7ca7eb829 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java @@ -0,0 +1,24 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; + +public class PrincipalNameAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return PRINCIPAL_NAME_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) { + return buildStringAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME, authSession.getIdentityLink().getFamilyName()); + } + + public Attribute buildEmpty() { + return buildemptyAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME); + } + +} |