diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols')
75 files changed, 2483 insertions, 486 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java new file mode 100644 index 000000000..54c285b96 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java @@ -0,0 +1,51 @@ +package at.gv.egovernment.moa.id.protocols.oauth20; + +import java.util.Properties; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; + +public class OAuth20Configuration { + + private static OAuth20Configuration instance; + + public static OAuth20Configuration getInstance() { + if (instance == null) { + instance = new OAuth20Configuration(); + } + return instance; + } + + public static final String JWT_KEYSTORE = "jwt.ks.file"; + public static final String JWT_KEYSTORE_PASSWORD = "jwt.ks.password"; + public static final String JWT_KEY_NAME = "jwt.ks.key.name"; + public static final String JWT_KEY_PASSWORD = "jwt.ks.key.password"; + + private Properties props; + + private OAuth20Configuration() { + try { + props = AuthConfigurationProvider.getInstance().getGeneralOAuth20ProperiesConfig(); + } + catch (ConfigurationException e) { + e.printStackTrace(); + } + } + + public String getJWTKeyStore() { + return props.getProperty(JWT_KEYSTORE); + } + + public String getJWTKeyStorePassword() { + return props.getProperty(JWT_KEYSTORE_PASSWORD); + } + + public String getJWTKeyName() { + return props.getProperty(JWT_KEY_NAME); + } + + public String getJWTKeyPassword() { + return props.getProperty(JWT_KEY_PASSWORD); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java new file mode 100644 index 000000000..9466c9faf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java @@ -0,0 +1,45 @@ +package at.gv.egovernment.moa.id.protocols.oauth20; + +public final class OAuth20Constants { + + private OAuth20Constants() { + throw new InstantiationError(); + } + + // error parameters and error codes + public static final String PARAM_ERROR = "error"; + public static final String PARAM_ERROR_DESCRIPTION = "error_description"; + public static final String PARAM_ERROR_URI = "error_uri"; + + public static final String ERROR_INVALID_REQUEST = "invalid_request"; + public static final String ERROR_UNSUPPORTED_RESPONSE_TYPE = "unsupported_response_type"; + public static final String ERROR_INVALID_CLIENT = "invalid_client"; + public static final String ERROR_ACCESS_DENIED = "access_denied"; + public static final String ERROR_SERVER_ERROR = "server_error"; + public static final String ERROR_INVALID_GRANT = "invalid_grant"; + public static final String ERROR_UNAUTHORIZED_CLIENT = "unauthorized_client"; + + // request parameters + //public static final String PARAM_OA_URL = "oaURL"; + public static final String PARAM_RESPONSE_TYPE = "response_type"; + public static final String PARAM_REDIRECT_URI = "redirect_uri"; + public static final String PARAM_STATE = "state"; + public static final String PARAM_GRANT_TYPE = "grant_type"; + public static final String PARAM_GRANT_TYPE_VALUE_AUTHORIZATION_CODE = "authorization_code"; + public static final String PARAM_CLIENT_ID = "client_id"; + public static final String PARAM_CLIENT_SECRET = "client_secret"; + public static final String PARAM_SCOPE = "scope"; + public static final String PARAM_MOA_MOD = "mod"; + public static final String PARAM_MOA_ACTION = "action"; + + + // reponse parameters + public static final String RESPONSE_CODE = "code"; + public static final String RESPONSE_TOKEN = "token"; + public static final String RESPONSE_ACCESS_TOKEN = "access_token"; + public static final String RESPONSE_ID_TOKEN = "id_token"; + public static final String RESPONSE_EXPIRES_IN = "expires_in"; + public static final String RESPONSE_TOKEN_TYPE = "token_type"; + public static final String RESPONSE_TOKEN_TYPE_VALUE_BEARER = "Bearer"; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java new file mode 100644 index 000000000..20711373e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java @@ -0,0 +1,51 @@ +package at.gv.egovernment.moa.id.protocols.oauth20; + +import java.io.Serializable; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; + +public class OAuth20SessionObject implements Serializable { + + /** + * + */ + private static final long serialVersionUID = 1L; + + private String scope; + + private String code; + + private AuthenticationSession authDataSession; + + public String getScope() { + return scope; + } + + public void setScope(String scope) { + this.scope = scope; + } + + /** + * @return the code + */ + public String getCode() { + return code; + } + + /** + * @param code + * the code to set + */ + public void setCode(String code) { + this.code = code; + } + + public AuthenticationSession getAuthDataSession() { + return authDataSession; + } + + public void setAuthDataSession(AuthenticationSession authDataSession) { + this.authDataSession = authDataSession; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Util.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Util.java new file mode 100644 index 000000000..11b798d00 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Util.java @@ -0,0 +1,89 @@ +package at.gv.egovernment.moa.id.protocols.oauth20; + +import java.io.UnsupportedEncodingException; +import java.util.Map; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import org.apache.commons.lang.StringUtils; + +import com.google.gson.JsonObject; + +public final class OAuth20Util { + + public static final String REGEX_HTTPS = "^(https?)://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|]"; + public static final String REGEX_FILE = "^(file):/.[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|]"; + + private OAuth20Util() { + throw new InstantiationError(); + } + + /** + * Simple helper function to add parameter to a url + * + * @param url + * @param name + * @param value + * @throws UnsupportedEncodingException + */ + public static void addParameterToURL(final StringBuilder url, final String name, final String value) + throws UnsupportedEncodingException { + if (url.indexOf("?") < 0) { + url.append("?"); + } else { + url.append("&"); + } + // URLEncoder.encode(value, "UTF-8") + url.append(name).append("=").append(value); + } + + public static boolean isUrl(final String url) { + Pattern urlPattern; + if (url.startsWith("file")) { + urlPattern = Pattern.compile(REGEX_FILE, Pattern.CASE_INSENSITIVE); + } else { + urlPattern = Pattern.compile(REGEX_HTTPS, Pattern.CASE_INSENSITIVE); + } + + Matcher matcher = urlPattern.matcher(url); + return matcher.find(); + } + + public static boolean isValidStateValue(String state) { + Pattern urlPattern = Pattern.compile("javascript|<|>|&|;", Pattern.CASE_INSENSITIVE); + Matcher matcher = urlPattern.matcher(state); + return !matcher.find(); + } + + public static void addProperytiesToJsonObject(JsonObject jsonObject, Map<String, Object> params) { + for (Map.Entry<String, Object> param : params.entrySet()) { + + if (!StringUtils.isEmpty(param.getKey()) && param.getValue() != null) { + + // check for integer + try { + int i = Integer.parseInt(String.valueOf(param.getValue())); + jsonObject.addProperty(param.getKey(), i); + continue; + } + catch (NumberFormatException e) { + } + + // check for long + try { + long l = Long.parseLong(String.valueOf(param.getValue())); + jsonObject.addProperty(param.getKey(), l); + continue; + } + catch (NumberFormatException e) { + } + + // string + if (param.getValue() instanceof String) { + jsonObject.addProperty(param.getKey(), String.valueOf(param.getValue())); + } + } + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/Pair.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/Pair.java new file mode 100644 index 000000000..6aeac1247 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/Pair.java @@ -0,0 +1,23 @@ +package at.gv.egovernment.moa.id.protocols.oauth20; + +public class Pair<P1, P2> { + private final P1 first; + private final P2 second; + + private Pair(final P1 newFirst, final P2 newSecond) { + this.first = newFirst; + this.second = newSecond; + } + + public P1 getFirst() { + return this.first; + } + + public P2 getSecond() { + return this.second; + } + + public static <P1, P2> Pair<P1, P2> newInstance(final P1 newFirst, final P2 newSecond) { + return new Pair<P1, P2>(newFirst, newSecond); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java new file mode 100644 index 000000000..a9ef8a19b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java @@ -0,0 +1,161 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.attributes; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.commons.lang.StringUtils; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.oauth20.Pair; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BPKAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDAuthBlock; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDCcsURL; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDCitizenQAALevelAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIdentityLinkBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIssuingNationAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSectorForIDAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSignerCertificate; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSourcePIN; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSourcePINType; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonFullNameAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonBPKAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonBirthDateAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonFamilyNameAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonGivenNameAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateProfRepDescAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateProfRepOIDAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateReferenceValueAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateTypeAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.logging.Logger; + +import com.google.gson.JsonObject; +import com.google.gson.JsonPrimitive; + +public final class OAuth20AttributeBuilder { + + private OAuth20AttributeBuilder() { + throw new InstantiationError(); + } + + private static IAttributeGenerator<Pair<String, JsonPrimitive>> generator = new IAttributeGenerator<Pair<String, JsonPrimitive>>() { + + public Pair<String, JsonPrimitive> buildStringAttribute(final String friendlyName, final String name, final String value) { + return Pair.newInstance(friendlyName, new JsonPrimitive(value)); + } + + public Pair<String, JsonPrimitive> buildIntegerAttribute(final String friendlyName, final String name, final int value) { + return Pair.newInstance(friendlyName, new JsonPrimitive(value)); + } + + public Pair<String, JsonPrimitive> buildLongAttribute(final String friendlyName, final String name, final long value) { + return Pair.newInstance(friendlyName, new JsonPrimitive(value)); + } + + public Pair<String, JsonPrimitive> buildEmptyAttribute(final String friendlyName, final String name) { + return Pair.newInstance(friendlyName, new JsonPrimitive("")); + } + + }; + + private static final List<IAttributeBuilder> buildersOpenId = new ArrayList<IAttributeBuilder>(); + private static final List<IAttributeBuilder> buildersProfile = new ArrayList<IAttributeBuilder>(); + private static final List<IAttributeBuilder> buildersEID = new ArrayList<IAttributeBuilder>(); + private static final List<IAttributeBuilder> buildersEIDGov = new ArrayList<IAttributeBuilder>(); + private static final List<IAttributeBuilder> buildersMandate = new ArrayList<IAttributeBuilder>(); + + static { + // openId + buildersOpenId.add(new OpenIdIssuerAttribute()); + buildersOpenId.add(new OpenIdSubjectIdentifierAttribute()); + buildersOpenId.add(new OpenIdExpirationTimeAttribute()); + buildersOpenId.add(new OpenIdIssueInstantAttribute()); + buildersOpenId.add(new OpenIdAuthenticationTimeAttribute()); + + // profile + buildersProfile.add(new ProfileGivenNameAttribute()); + buildersProfile.add(new ProfileFamilyNameAttribute()); + buildersProfile.add(new ProfileDateOfBirthAttribute()); + + // EID + buildersEID.add(new EIDCcsURL()); + buildersEID.add(new EIDCitizenQAALevelAttributeBuilder()); + buildersEID.add(new EIDIssuingNationAttributeBuilder()); + buildersEID.add(new EIDSectorForIDAttributeBuilder()); + buildersEID.add(new EIDAuthBlock()); + buildersEID.add(new EIDSignerCertificate()); + buildersEID.add(new BPKAttributeBuilder()); + + // eID_gov + buildersEIDGov.add(new EIDSourcePIN()); + buildersEIDGov.add(new EIDSourcePINType()); + buildersEIDGov.add(new EIDIdentityLinkBuilder()); + + // mandate + buildersMandate.add(new MandateTypeAttributeBuilder()); + buildersMandate.add(new MandateReferenceValueAttributeBuilder()); + + buildersMandate.add(new MandateNaturalPersonSourcePinAttributeBuilder()); + buildersMandate.add(new MandateNaturalPersonSourcePinTypeAttributeBuilder()); + buildersMandate.add(new MandateNaturalPersonBPKAttributeBuilder()); + buildersMandate.add(new MandateNaturalPersonFamilyNameAttributeBuilder()); + buildersMandate.add(new MandateNaturalPersonGivenNameAttributeBuilder()); + buildersMandate.add(new MandateNaturalPersonBirthDateAttributeBuilder()); + + buildersMandate.add(new MandateLegalPersonSourcePinAttributeBuilder()); + buildersMandate.add(new MandateLegalPersonSourcePinTypeAttributeBuilder()); + buildersMandate.add(new MandateLegalPersonFullNameAttributeBuilder()); + + buildersMandate.add(new MandateProfRepOIDAttributeBuilder()); + buildersMandate.add(new MandateProfRepDescAttributeBuilder()); + } + + private static void addAttibutes(final List<IAttributeBuilder> builders, final JsonObject jsonObject, + final AuthenticationSession authSession, final OAAuthParameter oaParam, final AuthenticationData authData) { + for (IAttributeBuilder b : builders) { + try { + Pair<String, JsonPrimitive> attribute = b.build(authSession, oaParam, authData, generator); + if (attribute != null && !StringUtils.isEmpty(attribute.getSecond().getAsString())) { + jsonObject.add(attribute.getFirst(), attribute.getSecond()); + } + } + catch (AttributeException e) { + Logger.info("Cannot add attribute " + b.getName()); + } + } + } + + public static void addScopeOpenId(final JsonObject jsonObject, final AuthenticationSession authSession, + final OAAuthParameter oaParam, final AuthenticationData authData) { + addAttibutes(buildersOpenId, jsonObject, authSession, oaParam, authData); + } + + public static void addScopeProfile(final JsonObject jsonObject, final AuthenticationSession authSession, + final OAAuthParameter oaParam, final AuthenticationData authData) { + addAttibutes(buildersProfile, jsonObject, authSession, oaParam, authData); + } + + public static void addScopeEID(final JsonObject jsonObject, final AuthenticationSession authSession, + final OAAuthParameter oaParam, final AuthenticationData authData) { + addAttibutes(buildersEID, jsonObject, authSession, oaParam, authData); + } + + public static void addScopeEIDGov(final JsonObject jsonObject, final AuthenticationSession authSession, + final OAAuthParameter oaParam, final AuthenticationData authData) { + addAttibutes(buildersEIDGov, jsonObject, authSession, oaParam, authData); + } + + public static void addScopeMandate(final JsonObject jsonObject, final AuthenticationSession authSession, + final OAAuthParameter oaParam, final AuthenticationData authData) { + addAttibutes(buildersMandate, jsonObject, authSession, oaParam, authData); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java new file mode 100644 index 000000000..566257122 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java @@ -0,0 +1,25 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.attributes; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; + +public class OpenIdAuthenticationTimeAttribute implements IAttributeBuilder { + + public String getName() { + return "auth_time"; + } + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + return g.buildLongAttribute(this.getName(), "", ((long) (authData.getTimestamp().getTime() / 1000))); + } + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(this.getName(), ""); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java new file mode 100644 index 000000000..bb1a25acc --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java @@ -0,0 +1,29 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.attributes; + +import java.util.Date; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; + +public class OpenIdExpirationTimeAttribute implements IAttributeBuilder { + + public static final int expirationTime = 5 * 60; // in seconds + + public String getName() { + return "exp"; + } + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000 + expirationTime)); + } + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(this.getName(), ""); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java new file mode 100644 index 000000000..f85f1d39c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java @@ -0,0 +1,27 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.attributes; + +import java.util.Date; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; + +public class OpenIdIssueInstantAttribute implements IAttributeBuilder { + + public String getName() { + return "iat"; + } + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000)); + } + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(this.getName(), ""); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java new file mode 100644 index 000000000..e12d2e718 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java @@ -0,0 +1,25 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.attributes; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; + +public class OpenIdIssuerAttribute implements IAttributeBuilder { + + public String getName() { + return "iss"; + } + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + return g.buildStringAttribute(this.getName(), "", authData.getIssuer()); + } + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(this.getName(), ""); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java new file mode 100644 index 000000000..36efb18e9 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java @@ -0,0 +1,25 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.attributes; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; + +public class OpenIdSubjectIdentifierAttribute implements IAttributeBuilder { + + public String getName() { + return "sub"; + } + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + return g.buildStringAttribute(this.getName(), "", authData.getBPK()); + } + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(this.getName(), ""); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java new file mode 100644 index 000000000..b9d7b984e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java @@ -0,0 +1,25 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.attributes; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; + +public class ProfileDateOfBirthAttribute implements IAttributeBuilder { + + public String getName() { + return "birthdate"; + } + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + return g.buildStringAttribute(this.getName(), "", authData.getDateOfBirth()); + } + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(this.getName(), ""); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java new file mode 100644 index 000000000..eef4931bf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java @@ -0,0 +1,25 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.attributes; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; + +public class ProfileFamilyNameAttribute implements IAttributeBuilder { + + public String getName() { + return "family_name"; + } + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + return g.buildStringAttribute(this.getName(), "", authData.getFamilyName()); + } + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(this.getName(), ""); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java new file mode 100644 index 000000000..8cb13b912 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java @@ -0,0 +1,25 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.attributes; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; + +public class ProfileGivenNameAttribute implements IAttributeBuilder { + + public String getName() { + return "given_name"; + } + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + return g.buildStringAttribute(this.getName(), "", authData.getGivenName()); + } + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(this.getName(), ""); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20AccessDeniedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20AccessDeniedException.java new file mode 100644 index 000000000..e4abd5bd1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20AccessDeniedException.java @@ -0,0 +1,12 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.exceptions; + +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; + +public class OAuth20AccessDeniedException extends OAuth20Exception { + private static final long serialVersionUID = 1L; + + public OAuth20AccessDeniedException() { + super(OAuth20Constants.ERROR_ACCESS_DENIED, "oauth20.05", new Object[] {}); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20CertificateErrorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20CertificateErrorException.java new file mode 100644 index 000000000..6f5a41ca5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20CertificateErrorException.java @@ -0,0 +1,12 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.exceptions; + +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; + +public class OAuth20CertificateErrorException extends OAuth20Exception { + private static final long serialVersionUID = 1L; + + public OAuth20CertificateErrorException(final String name) { + super(OAuth20Constants.ERROR_SERVER_ERROR, "oauth20.09", new Object[] { name }); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java new file mode 100644 index 000000000..1c4cb20ac --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java @@ -0,0 +1,49 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.exceptions; + +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; + +public class OAuth20Exception extends RuntimeException { + + private static final long serialVersionUID = 1L; + + private String messageId; + + private String errorCode; + + public OAuth20Exception(final String errorCode, final String messageId, final Object[] parameters) { + super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); + this.errorCode = errorCode; + this.messageId = messageId; + } + + /** + * @return the messageId + */ + public String getMessageId() { + return messageId; + } + + /** + * @param messageId + * the messageId to set + */ + public void setMessageId(String messageId) { + this.messageId = messageId; + } + + /** + * @return the errorCode + */ + public String getErrorCode() { + return errorCode; + } + + /** + * @param errorCode + * the errorCode to set + */ + public void setErrorCode(String errorCode) { + this.errorCode = errorCode; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidClientException.java new file mode 100644 index 000000000..2a2ec4498 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidClientException.java @@ -0,0 +1,12 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.exceptions; + +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; + +public class OAuth20InvalidClientException extends OAuth20Exception { + private static final long serialVersionUID = 1L; + + public OAuth20InvalidClientException() { + super(OAuth20Constants.ERROR_INVALID_CLIENT, "oauth20.05", new Object[] {}); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidGrantException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidGrantException.java new file mode 100644 index 000000000..288667104 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidGrantException.java @@ -0,0 +1,12 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.exceptions; + +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; + +public class OAuth20InvalidGrantException extends OAuth20Exception { + private static final long serialVersionUID = 1L; + + public OAuth20InvalidGrantException() { + super(OAuth20Constants.ERROR_INVALID_GRANT, "oauth20.07", new Object[] {}); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidRequestException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidRequestException.java new file mode 100644 index 000000000..30c1cb1cc --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidRequestException.java @@ -0,0 +1,13 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.exceptions; + +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; + +public class OAuth20InvalidRequestException extends OAuth20Exception { + private static final long serialVersionUID = 1L; + + public OAuth20InvalidRequestException() { + super(OAuth20Constants.ERROR_INVALID_REQUEST, "oauth20.04", new Object[] {}); + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ResponseTypeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ResponseTypeException.java new file mode 100644 index 000000000..5dd0a13c3 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ResponseTypeException.java @@ -0,0 +1,12 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.exceptions; + +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; + +public class OAuth20ResponseTypeException extends OAuth20Exception { + private static final long serialVersionUID = 1L; + + public OAuth20ResponseTypeException() { + super(OAuth20Constants.ERROR_UNSUPPORTED_RESPONSE_TYPE, "oauth20.03", new Object[] {}); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java new file mode 100644 index 000000000..59855d511 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java @@ -0,0 +1,12 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.exceptions; + +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; + +public class OAuth20ServerErrorException extends OAuth20Exception { + private static final long serialVersionUID = 1L; + + public OAuth20ServerErrorException() { + super(OAuth20Constants.ERROR_SERVER_ERROR, "oauth20.06", new Object[] {}); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20UnauthorizedClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20UnauthorizedClientException.java new file mode 100644 index 000000000..28cc44968 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20UnauthorizedClientException.java @@ -0,0 +1,12 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.exceptions; + +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; + +public class OAuth20UnauthorizedClientException extends OAuth20Exception { + private static final long serialVersionUID = 1L; + + public OAuth20UnauthorizedClientException() { + super(OAuth20Constants.ERROR_UNAUTHORIZED_CLIENT, "oauth20.08", new Object[] {}); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20WrongParameterException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20WrongParameterException.java new file mode 100644 index 000000000..24d151869 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20WrongParameterException.java @@ -0,0 +1,12 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.exceptions; + +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; + +public class OAuth20WrongParameterException extends OAuth20Exception { + private static final long serialVersionUID = 1L; + + public OAuth20WrongParameterException(final String name) { + super(OAuth20Constants.ERROR_INVALID_REQUEST, "oauth20.02", new Object[] { name }); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SHA256Signer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SHA256Signer.java new file mode 100644 index 000000000..9755e3c0a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SHA256Signer.java @@ -0,0 +1,99 @@ +/** + * Copyright 2010 Google Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + * + */ +package at.gv.egovernment.moa.id.protocols.oauth20.json; + +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivateKey; +import java.security.Signature; +import java.security.SignatureException; + +import net.oauth.jsontoken.crypto.AbstractSigner; +import net.oauth.jsontoken.crypto.RsaSHA256Signer; +import net.oauth.jsontoken.crypto.SignatureAlgorithm; + +/** + * Signer that can sign byte arrays using a {@link PrivateKey} and SHA-256. <br/> + * This is something like a copy of the {@link RsaSHA256Signer}. + * + */ +public class OAuth20SHA256Signer extends AbstractSigner implements OAuthSigner { + + private final Signature signature; + private final PrivateKey signingKey; + private final OAuthSignatureAlgorithm algorithm; + + /** + * Public constructor. + * + * @param issuer + * The id of this signer, to be included in the JSON Token's envelope. + * @param keyId + * The id of the key used by this signer, to be included in the JSON Token's + * envelope. + * @param key + * the private key to be used for signing. + * @throws InvalidKeyException + * if the key is unsuitable for RSA signing. + */ + public OAuth20SHA256Signer(final String issuer, final String keyId, final PrivateKey key) throws InvalidKeyException { + super(issuer, keyId); + + this.signingKey = key; + this.algorithm = OAuth20SignatureUtil.findSignature(key); + + try { + this.signature = this.algorithm.getSignatureInstance(); + this.signature.initSign(signingKey); + } + catch (NoSuchAlgorithmException e) { + throw new IllegalStateException("Cannot get algorithm for the given private key", e); + } + catch (NoSuchProviderException e) { + throw new IllegalStateException("Cannot get algorithm for the given private key", e); + } + } + + /* + * (non-Javadoc) + * @see net.oauth.jsontoken.crypto.Signer#getSignatureAlgorithm() + */ + public SignatureAlgorithm getSignatureAlgorithm() { + // it is fine to return RS256 because we overwrite the JsonToken for the algorithm name. But + // we need the internal SHA256 which is used. + return SignatureAlgorithm.RS256; + } + + /* + * (non-Javadoc) + * @see net.oauth.jsontoken.crypto.Signer#sign(byte[]) + */ + public byte[] sign(byte[] source) throws SignatureException { + try { + signature.initSign(signingKey); + } + catch (InvalidKeyException e) { + throw new RuntimeException("key somehow became invalid since calling the constructor"); + } + signature.update(source); + return signature.sign(); + } + + public OAuthSignatureAlgorithm getOAuthSignatureAlgorithm() { + return this.algorithm; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SHA256Verifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SHA256Verifier.java new file mode 100644 index 000000000..e7e18cbd9 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SHA256Verifier.java @@ -0,0 +1,62 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.json; + +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PublicKey; +import java.security.Signature; +import java.security.SignatureException; + +import net.oauth.jsontoken.crypto.RsaSHA256Verifier; +import net.oauth.jsontoken.crypto.Verifier; + +/** + * A verifier that can verify signatures on byte arrays using a {@link PublicKey} and SHA-256. <br/> + * This is something like a copy of the {@link RsaSHA256Verifier}. + */ +public class OAuth20SHA256Verifier implements Verifier { + + private final PublicKey verificationKey; + private final Signature signer; + + /** + * Public Constructor. + * + * @param verificationKey + * the key used to verify the signature. + */ + public OAuth20SHA256Verifier(final PublicKey verificationKey) { + this.verificationKey = verificationKey; + + try { + this.signer = OAuth20SignatureUtil.findSignature(verificationKey).getSignatureInstance(); + this.signer.initVerify(verificationKey); + } + catch (InvalidKeyException e) { + throw new IllegalStateException("key is invalid", e); + } + catch (NoSuchAlgorithmException e) { + throw new IllegalStateException("Cannot get algorithm for the given private key", e); + } + catch (NoSuchProviderException e) { + throw new IllegalStateException("Cannot get algorithm for the given private key", e); + } + } + + /* + * (non-Javadoc) + * @see net.oauth.jsontoken.crypto.Verifier#verifySignature(byte[], byte[]) + */ + public void verifySignature(byte[] source, byte[] signature) throws SignatureException { + try { + signer.initVerify(verificationKey); + } + catch (InvalidKeyException e) { + throw new RuntimeException("key someone become invalid since calling the constructor"); + } + signer.update(source); + if (!signer.verify(signature)) { + throw new SignatureException("signature did not verify"); + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java new file mode 100644 index 000000000..78653ceb2 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java @@ -0,0 +1,94 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.json; + +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.cert.X509Certificate; +import java.security.interfaces.ECPrivateKey; +import java.security.interfaces.ECPublicKey; +import java.security.interfaces.RSAPrivateKey; +import java.security.interfaces.RSAPublicKey; + +import org.apache.commons.lang.StringUtils; +import org.opensaml.xml.security.x509.BasicX509Credential; + +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Configuration; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20CertificateErrorException; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.KeyStoreUtils; + +public final class OAuth20SignatureUtil { + + private OAuth20SignatureUtil() { + throw new InstantiationError(); + } + + static OAuthSignatureAlgorithm findSignature(final PrivateKey key) { + Logger.debug("OAuth - Looking for signature for key " + key.getClass()); + if (key instanceof RSAPrivateKey) { + Logger.debug("OAuth - going to uses SHA256withRSA signature"); + return OAuthSignatureAlgorithm.RS256; + } else if (key instanceof ECPrivateKey) { + Logger.debug("OAuth - going to uses SHA256withECDSA signature"); + return OAuthSignatureAlgorithm.ECDSA256; + } else if (key instanceof iaik.security.ecc.ecdsa.ECPrivateKey) { + Logger.debug("OAuth - going to uses SHA256withECDSA signature with iaik"); + return OAuthSignatureAlgorithm.ECDSA256_IAKIK; + } else { + throw new IllegalStateException("Cannot find an alorithm for the given private key"); + } + } + + static OAuthSignatureAlgorithm findSignature(final PublicKey key) { + if (key instanceof RSAPublicKey) { + Logger.debug("OAuth - going to uses SHA256withRSA signature"); + return OAuthSignatureAlgorithm.RS256; + } else if (key instanceof ECPublicKey) { + Logger.debug("OAuth - going to uses SHA256withECDSA signature"); + return OAuthSignatureAlgorithm.ECDSA256; + } else if (key instanceof iaik.security.ecc.ecdsa.ECPublicKey) { + Logger.debug("OAuth - going to uses SHA256withECDSA signature with iaik"); + return OAuthSignatureAlgorithm.ECDSA256_IAKIK; + } else { + throw new IllegalStateException("Cannot find an alorithm for the given private key"); + } + } + + public static OAuthSigner loadSigner(String issuer) throws OAuth20Exception { + OAuth20Configuration globalConfig = OAuth20Configuration.getInstance(); + + if (StringUtils.isEmpty(globalConfig.getJWTKeyStore())) { + throw new OAuth20CertificateErrorException("keystore"); + } + + if (StringUtils.isEmpty(globalConfig.getJWTKeyName())) { + throw new OAuth20CertificateErrorException("key name"); + } + + try { + KeyStore ks = KeyStoreUtils.loadKeyStore(globalConfig.getJWTKeyStore(), globalConfig.getJWTKeyStorePassword()); + + X509Certificate certificate = (X509Certificate) ks.getCertificate(globalConfig.getJWTKeyName()); + + PrivateKey privateKey = (PrivateKey) ks.getKey(globalConfig.getJWTKeyName(), globalConfig.getJWTKeyPassword() + .toCharArray()); + BasicX509Credential credential = new BasicX509Credential(); + credential.setEntityCertificate(certificate); + credential.setPrivateKey(privateKey); + + // Logger.debug("Going to use X509Certificate:"); + // Logger.debug(certificate); + // Logger.debug("Going to use private key:"); + // Logger.debug(privateKey); + + return new OAuth20SHA256Signer(issuer, globalConfig.getJWTKeyName(), credential.getPrivateKey()); + + } + catch (Exception e) { + Logger.error(e.getMessage(), e); + throw new OAuth20CertificateErrorException("keystore"); + } + + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthJsonToken.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthJsonToken.java new file mode 100644 index 000000000..1792ec91e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthJsonToken.java @@ -0,0 +1,27 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.json; + +import net.oauth.jsontoken.JsonToken; + +import com.google.gson.JsonObject; + +public class OAuthJsonToken extends JsonToken { + + private final OAuthSigner signer; + + public OAuthJsonToken(OAuthSigner signer) { + super(signer); + this.signer = signer; + } + + @Override + public JsonObject getHeader() { + JsonObject header = new JsonObject(); + header.addProperty(ALGORITHM_HEADER, signer.getOAuthSignatureAlgorithm().getAlgorithm()); + String keyId = getKeyId(); + if (keyId != null) { + header.addProperty(KEY_ID_HEADER, keyId); + } + return header; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthSignatureAlgorithm.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthSignatureAlgorithm.java new file mode 100644 index 000000000..5e023ff35 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthSignatureAlgorithm.java @@ -0,0 +1,62 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.json; + +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Signature; + +import org.apache.commons.lang.StringUtils; + +/** + * Enum of the signature algorithms supported by this package. + */ +public enum OAuthSignatureAlgorithm { + ECDSA256("SHA256withECDSA", "ECDSA256", null), RS256("SHA256withRSA", "RS256", null), ECDSA256_IAKIK("SHA1withECDSA", "ECDSA256", + "IAIK_ECC"); + + private final String signatureName; + private final String algorithm; + private final String providerName; + + private OAuthSignatureAlgorithm(final String signatureName, final String hashAlg, final String providerName) { + this.signatureName = signatureName; + this.algorithm = hashAlg; + this.providerName = providerName; + } + + /** + * What the signature algorithm is named in the "alg" parameter in a JSON Token's envelope. + */ + public String getAlgorithm() { + return this.algorithm; + } + + /** + * + * @return the signature name like SHA256withECDSA or SHA256withRSA + */ + public String getSignatureName() { + return this.signatureName; + } + + /** + * Calls {@link Signature#getInstance(String)} with the defined signature name + * + * @return + * @throws NoSuchAlgorithmException + * @throws NoSuchProviderException + */ + public Signature getSignatureInstance() throws NoSuchAlgorithmException, NoSuchProviderException { + if (!StringUtils.isEmpty(this.providerName)) { + return Signature.getInstance(this.signatureName, this.providerName); + } else { + return Signature.getInstance(this.signatureName); + } + } + + /** + * Given the name of the algorithm in the envelope, returns the corresponding enum instance. + */ + public static OAuthSignatureAlgorithm getFromJsonName(String name) { + return OAuthSignatureAlgorithm.valueOf(name); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthSigner.java new file mode 100644 index 000000000..265afa7e7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthSigner.java @@ -0,0 +1,7 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.json; + +import net.oauth.jsontoken.crypto.Signer; + +public interface OAuthSigner extends Signer { + public abstract OAuthSignatureAlgorithm getOAuthSignatureAlgorithm(); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java new file mode 100644 index 000000000..68f508103 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -0,0 +1,112 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.protocol; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.logging.Logger; + +class OAuth20AuthAction implements IAction { + + public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, + AuthenticationSession moasession) throws MOAIDException { + + OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req; + + // OAAuthParameter oaParam = + // AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oAuthRequest.getOAURL()); + // AuthenticationData authData = + // AuthenticationServer.buildAuthenticationData(moasession, oaParam, + // oAuthRequest.getTarget()); + + String responseType = oAuthRequest.getResponseType(); + AuthenticationSession session = null; + + try { + session = AuthenticationSessionStoreage.createSession(); + + String code = session.getSessionID();// AuthenticationSessionStoreage.changeSessionID(moasession); + Logger.debug("Stored session with id: " + code); + OAuth20SessionObject o = new OAuth20SessionObject(); + if (responseType.equals(OAuth20Constants.RESPONSE_CODE)) { + o.setScope(oAuthRequest.getScope()); + o.setCode(code); + o.setAuthDataSession(moasession); + + } else if (responseType.equals(OAuth20Constants.RESPONSE_TOKEN)) { + throw new OAuth20ResponseTypeException(); + } + + // store data in oath session + session.setoAuth20SessionObject(o); + AuthenticationSessionStoreage.storeSession(session); + Logger.debug("Saved OAuth20SessionObject in session with id: " + session.getSessionID()); + + // add code and state to redirect url + httpResp.setStatus(HttpServletResponse.SC_FOUND); + String redirectURI = oAuthRequest.getRedirectUri(); + String state = oAuthRequest.getState(); + + redirectURI = this.addURLParameter(redirectURI, OAuth20Constants.RESPONSE_CODE, code); + redirectURI = this.addURLParameter(redirectURI, OAuth20Constants.PARAM_STATE, state); + + String finalUrl = redirectURI; + httpResp.addHeader("Location", finalUrl); + Logger.debug("REDIRECT TO: " + finalUrl.toString()); + } + catch (Exception e) { + try { + if (session != null) { + Logger.debug("Going to destroy session: " + session.getSessionID()); + AuthenticationSessionStoreage.destroySession(session.getSessionID()); + } + } + catch (MOADatabaseException e1) { + } + if (e instanceof OAuth20Exception) { + throw (OAuth20Exception) e; + } + throw new OAuth20ServerErrorException(); + } + + return null; + } + + /* + * (non-Javadoc) + * @see + * at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls + * .IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { + return true; + } + + private String addURLParameter(String url, String name, String value) { + String param = name + "=" + value; + if (url.indexOf("?") < 0) { + return url + "?" + param; + } else { + return url + "&" + param; + } + } + + /* + * (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName() + */ + public String getDefaultActionName() { + return OAuth20Protocol.AUTH_ACTION; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java new file mode 100644 index 000000000..eafc56214 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -0,0 +1,134 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.protocol; + +import javax.servlet.http.HttpServletRequest; + +import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; + +class OAuth20AuthRequest extends OAuth20BaseRequest { + + private static final long serialVersionUID = 1L; + + private String responseType; + private String state; + private String redirectUri; + private String scope; + private String clientID; + + /** + * @return the responseType + */ + public String getResponseType() { + return responseType; + } + + /** + * @param responseType + * the responseType to set + */ + public void setResponseType(String responseType) { + this.responseType = responseType; + } + + /** + * @return the state + */ + public String getState() { + return state; + } + + /** + * @param state + * the state to set + */ + public void setState(String state) { + this.state = state; + } + + /** + * @return the redirectUri + */ + public String getRedirectUri() { + return redirectUri; + } + + /** + * @param redirectUri + * the redirectUri to set + */ + public void setRedirectUri(String redirectUri) { + this.redirectUri = redirectUri; + } + + /** + * @return the scope + */ + public String getScope() { + return scope; + } + + /** + * @param scope + * the scope to set + */ + public void setScope(String scope) { + this.scope = scope; + } + + /** + * @return the clientID + */ + public String getClientID() { + return clientID; + } + + /** + * @param clientID + * the clientID to set + */ + public void setClientID(String clientID) { + this.clientID = clientID; + } + + @Override + protected void populateSpecialParameters(HttpServletRequest request) throws OAuth20Exception { + this.setResponseType(this.getParam(request, OAuth20Constants.PARAM_RESPONSE_TYPE, true)); + this.setState(this.getParam(request, OAuth20Constants.PARAM_STATE, true)); + this.setRedirectUri(this.getParam(request, OAuth20Constants.PARAM_REDIRECT_URI, true)); + this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true)); + this.setScope(this.getParam(request, OAuth20Constants.PARAM_SCOPE, false)); + + // check for response type + if (!this.responseType.equals(OAuth20Constants.RESPONSE_CODE)) { + throw new OAuth20ResponseTypeException(); + } + + // check state for invalid characters (like < > & ; ... javascript ... to prevent xss) + if (!OAuth20Util.isValidStateValue(this.getState())) { + throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_STATE); + } + + // check if client id and redirect uri are ok + try { + // OAOAUTH20 cannot be null at this point. check was done in base request + OAOAUTH20 oAuthConfig = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(this.getOAURL()) + .getoAuth20Config(); + + if (!this.getClientID().equals(oAuthConfig.getOAuthClientId()) + || !this.getRedirectUri().equals(oAuthConfig.getOAuthRedirectUri())) { + throw new OAuth20AccessDeniedException(); + } + } + catch (ConfigurationException e) { + throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); + } + + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java new file mode 100644 index 000000000..e6766ddd5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java @@ -0,0 +1,121 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.protocol; + +import java.util.HashSet; +import java.util.Iterator; +import java.util.Set; + +import javax.servlet.http.HttpServletRequest; + +import org.apache.commons.lang.StringEscapeUtils; +import org.apache.commons.lang.StringUtils; + +import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidRequestException; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; + +abstract class OAuth20BaseRequest extends RequestImpl { + + private static final long serialVersionUID = 1L; + + protected Set<String> allowedParameters = new HashSet<String>(); + + protected OAuth20BaseRequest() { + + } + + protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded) throws OAuth20Exception { + String param = request.getParameter(name); + Logger.debug("Reading param " + name + " from HttpServletRequest with value " + param); + + if (isNeeded && StringUtils.isEmpty(param)) { + throw new OAuth20WrongParameterException(name); + } + + this.allowedParameters.add(name); + + return param; + } + + protected void populateParameters(final HttpServletRequest request) throws OAuth20Exception { + + // moa id - load oa with client id! + try { + String oaURL = StringEscapeUtils.escapeHtml(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true)); + if (!ParamValidatorUtils.isValidOA(oaURL)) { + throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); + } + this.setOAURL(oaURL); + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); + + if (oaParam == null) { + throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); + } + this.setTarget(oaParam.getTarget()); + + OAOAUTH20 config = oaParam.getoAuth20Config(); + if (config == null) { + throw new OAuth20InvalidRequestException(); + } + if (StringUtils.isEmpty(config.getOAuthClientSecret()) || StringUtils.isEmpty(config.getOAuthClientId()) + || StringUtils.isEmpty(config.getOAuthRedirectUri())) { + throw new OAuth20ServerErrorException(); + } + } + catch (ConfigurationException e) { + throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); + } + + // oAuth + this.populateSpecialParameters(request); + + // cleanup parameters + this.checkAllowedParameters(request); + } + + private void checkAllowedParameters(final HttpServletRequest request) { + Logger.debug("Going to check for allowed parameters"); + this.allowedParameters.add(OAuth20Constants.PARAM_MOA_ACTION); + this.allowedParameters.add(OAuth20Constants.PARAM_MOA_MOD); + + @SuppressWarnings("rawtypes") + Iterator iter = request.getParameterMap().keySet().iterator(); + while (iter.hasNext()) { + String name = (String) iter.next(); + if (!this.allowedParameters.contains(name)) { + + Logger.debug("Found wrong parameter: " + name); + throw new OAuth20WrongParameterException(name); + } + } + + } + + protected abstract void populateSpecialParameters(final HttpServletRequest request) throws OAuth20Exception; + + public static OAuth20BaseRequest newInstance(final String action, final HttpServletRequest request) throws OAuth20Exception { + OAuth20BaseRequest res; + + if (action.equals(OAuth20Protocol.AUTH_ACTION)) { + res = new OAuth20AuthRequest(); + } else if (action.equals(OAuth20Protocol.TOKEN_ACTION)) { + res = new OAuth20TokenRequest(); + } else { + throw new OAuth20InvalidRequestException(); + } + + res.setAction(action); + res.setModule(OAuth20Protocol.NAME); + + res.populateParameters(request); + return res; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java new file mode 100644 index 000000000..db18b3a3e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -0,0 +1,167 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.protocol; + +import java.net.URLEncoder; +import java.util.HashMap; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringUtils; + +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IModulInfo; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; +import at.gv.egovernment.moa.logging.Logger; + +import com.google.gson.JsonObject; + +public class OAuth20Protocol implements IModulInfo { + + public static final String NAME = OAuth20Protocol.class.getName(); + public static final String PATH = "id_oauth20"; + + public static final String AUTH_ACTION = "AUTH"; + public static final String TOKEN_ACTION = "TOKEN"; + + private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); + + static { + actions.put(AUTH_ACTION, new OAuth20AuthAction()); + actions.put(TOKEN_ACTION, new OAuth20TokenAction()); + } + + public String getName() { + return NAME; + } + + public String getPath() { + return PATH; + } + + public IAction getAction(String action) { + return actions.get(action); + } + + /* + * (non-Javadoc) + * @see + * at.gv.egovernment.moa.id.moduls.IModulInfo#preProcess(javax.servlet.http.HttpServletRequest, + * javax.servlet.http.HttpServletResponse, java.lang.String) + */ + public IRequest preProcess(HttpServletRequest request, HttpServletResponse resp, String action) throws MOAIDException { + // validation is done inside creation + OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request); + Logger.debug("Created: " + res); + return res; + } + + /* + * (non-Javadoc) + * @see + * at.gv.egovernment.moa.id.moduls.IModulInfo#canHandleRequest(javax.servlet.http.HttpServletRequest + * , javax.servlet.http.HttpServletResponse) + */ + public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) { + if (request.getParameter("action").equals(AUTH_ACTION)) { + return getAction(AUTH_ACTION); + } else if (request.getParameter("action").equals(TOKEN_ACTION)) { + return getAction(TOKEN_ACTION); + } + + return null;// getAction(AUTH_ACTION); + } + + /* + * (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IModulInfo#generateErrorMessage(java.lang.Throwable, + * javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, + * at.gv.egovernment.moa.id.moduls.IRequest) + */ + public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) + throws Throwable { + + StringBuilder url = new StringBuilder(); + + String paramRedirect = request.getParameter(OAuth20Constants.PARAM_REDIRECT_URI); + + if (e instanceof OAuth20Exception) { + + String action = request.getParameter("action"); + + Logger.debug("Going to throw O OAuth20Exception for action: " + action); + OAuth20Exception oAuth20Exception = ((OAuth20Exception) e); + + String errorCode = oAuth20Exception.getErrorCode(); + String errorDescription = oAuth20Exception.getMessage(); + // String errorUri = "http://tools.ietf.org/html/draft-ietf-oauth-v2-11"; + + if (action.equals(AUTH_ACTION)) { + + // check if given redirect url is ok + if (StringUtils.isNotEmpty(paramRedirect) && OAuth20Util.isUrl(paramRedirect)) { + url.append(paramRedirect); + + // otherwise throw an + } else { + throw new MOAIDException("oauth20.01", new Object[] {}); + } + + String state = request.getParameter(OAuth20Constants.PARAM_STATE); + + OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR, errorCode); + OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_DESCRIPTION, + URLEncoder.encode(oAuth20Exception.getMessageId() + ": " + errorDescription, "UTF-8")); + // OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_URI, errorUri); + OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_STATE, state); + + response.setContentType("text/html"); + response.setStatus(HttpServletResponse.SC_FOUND); + response.addHeader("Location", url.toString()); + Logger.debug("REDIRECT TO: " + url.toString()); + return true; + + } else if (action.equals(TOKEN_ACTION)) { + Map<String, Object> params = new HashMap<String, Object>(); + params.put(OAuth20Constants.PARAM_ERROR, errorCode); + params.put(OAuth20Constants.PARAM_ERROR_DESCRIPTION, + URLEncoder.encode(oAuth20Exception.getMessageId() + ": " + errorDescription, "UTF-8")); + // params.put(OAuth20Constants.PARAM_ERROR_URI, errorUri); + + // create response + JsonObject jsonObject = new JsonObject(); + OAuth20Util.addProperytiesToJsonObject(jsonObject, params); + String jsonResponse = jsonObject.toString(); + Logger.debug("JSON Response: " + jsonResponse); + + // write respone to http response + response.setContentType("application/json"); + response.setStatus(HttpServletResponse.SC_BAD_REQUEST); + response.getOutputStream().print(jsonResponse); + response.getOutputStream().close(); + + return true; + } + + } + + return false; + + } + + /* + * (non-Javadoc) + * @see + * at.gv.egovernment.moa.id.moduls.IModulInfo#validate(javax.servlet.http.HttpServletRequest, + * javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest) + */ + public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { + // we validate in the preProcess + return true; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java new file mode 100644 index 000000000..3dceaecdf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java @@ -0,0 +1,164 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.protocol; + +import java.security.SignatureException; +import java.util.HashMap; +import java.util.Map; +import java.util.UUID; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; +import at.gv.egovernment.moa.id.protocols.oauth20.Pair; +import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder; +import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OpenIdExpirationTimeAttribute; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20UnauthorizedClientException; +import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil; +import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthJsonToken; +import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.logging.Logger; + +import com.google.gson.JsonObject; + +class OAuth20TokenAction implements IAction { + + public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, + AuthenticationSession moasession) throws MOAIDException { + + AuthenticationSession session = null; + try { + OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req; + + session = AuthenticationSessionStoreage.getSession(oAuthRequest.getCode()); + if (session == null) { + throw new OAuth20UnauthorizedClientException(); + } + + OAuth20SessionObject auth20SessionObject = session.getoAuth20SessionObject(); + Logger.debug("Loaded OAuth20SessionObject from session: " + session.getSessionID()); + + // do checking for different grant types and code + if (auth20SessionObject == null || !auth20SessionObject.getCode().equals(oAuthRequest.getCode())) { + throw new OAuth20UnauthorizedClientException(); + } else { + Logger.debug("Loaded of OAuth20SessionObject was successful"); + } + + final String accessToken = UUID.randomUUID().toString(); + + // create response + Map<String, Object> params = new HashMap<String, Object>(); + params.put(OAuth20Constants.RESPONSE_ACCESS_TOKEN, accessToken); + params.put(OAuth20Constants.RESPONSE_TOKEN_TYPE, OAuth20Constants.RESPONSE_TOKEN_TYPE_VALUE_BEARER); + params.put(OAuth20Constants.RESPONSE_EXPIRES_IN, OpenIdExpirationTimeAttribute.expirationTime); + + // build id token and scope + Pair<String, String> pair = buildIdToken(auth20SessionObject.getScope(), oAuthRequest, + auth20SessionObject.getAuthDataSession()); + Logger.debug("RESPONSE ID_TOKEN: " + pair.getFirst()); + params.put(OAuth20Constants.RESPONSE_ID_TOKEN, pair.getFirst()); + Logger.debug("RESPONSE SCOPE: " + pair.getSecond()); + params.put(OAuth20Constants.PARAM_SCOPE, pair.getSecond()); + + // create response + JsonObject jsonObject = new JsonObject(); + OAuth20Util.addProperytiesToJsonObject(jsonObject, params); + String jsonResponse = jsonObject.toString(); + Logger.debug("JSON Response: " + jsonResponse); + + // write respone to http response + httpResp.setContentType("application/json"); + httpResp.setStatus(HttpServletResponse.SC_OK); + httpResp.getOutputStream().print(jsonResponse); + httpResp.getOutputStream().close(); + + return null; + } + catch (Exception e) { + Logger.error(e.getMessage(), e); + throw new OAuth20ServerErrorException(); + } + + finally { + if (session != null) { + // destroy session for clean up + try { + Logger.debug("Going to destroy session: " + session.getSessionID()); + AuthenticationSessionStoreage.destroySession(session.getSessionID()); + } + catch (MOADatabaseException e) { + } + } + } + } + + /* + * (non-Javadoc) + * @see + * at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls + * .IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { + return false; + } + + /* + * (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName() + */ + public String getDefaultActionName() { + return OAuth20Protocol.TOKEN_ACTION; + } + + private Pair<String, String> buildIdToken(String scope, OAuth20TokenRequest oAuthRequest, AuthenticationSession session) + throws MOAIDException, SignatureException { + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oAuthRequest.getOAURL()); + AuthenticationData authData = AuthenticationServer.buildAuthenticationData(session, oaParam, oAuthRequest.getTarget()); + + OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer()); + OAuthJsonToken token = new OAuthJsonToken(signer); + + StringBuilder resultScopes = new StringBuilder(); + // always fill with open id + OAuth20AttributeBuilder.addScopeOpenId(token.getPayloadAsJsonObject(), session, oaParam, authData); + resultScopes.append("openId"); + + for (String s : scope.split(" ")) { + if (s.equalsIgnoreCase("profile")) { + OAuth20AttributeBuilder.addScopeProfile(token.getPayloadAsJsonObject(), session, oaParam, authData); + resultScopes.append(" profile"); + } else if (s.equalsIgnoreCase("eID")) { + OAuth20AttributeBuilder.addScopeEID(token.getPayloadAsJsonObject(), session, oaParam, authData); + resultScopes.append(" eID"); + } else if (s.equalsIgnoreCase("eID_gov")) { + OAuth20AttributeBuilder.addScopeEIDGov(token.getPayloadAsJsonObject(), session, oaParam, authData); + resultScopes.append(" eID_gov"); + } else if (s.equalsIgnoreCase("mandate")) { + OAuth20AttributeBuilder.addScopeMandate(token.getPayloadAsJsonObject(), session, oaParam, authData); + resultScopes.append(" mandate"); + } + // TODO parser STORK + } + + // add properties and sign + // HmacSHA256Signer signer = new HmacSHA256Signer("testSigner", "key_id", + // "super_secure_pwd".getBytes()); + // Signer signer = OAuth20Util.loadSigner(authData.getIssuer(), oaParam.getoAuth20Config()); + + return Pair.newInstance(token.serializeAndSign(), resultScopes.toString()); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java new file mode 100644 index 000000000..99682076d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java @@ -0,0 +1,118 @@ +package at.gv.egovernment.moa.id.protocols.oauth20.protocol; + +import javax.servlet.http.HttpServletRequest; + +import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidGrantException; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; + +class OAuth20TokenRequest extends OAuth20BaseRequest { + + private static final long serialVersionUID = 1L; + + private String code; + private String grantType; + private String clientID; + private String clientSecret; + + /** + * @return the code + */ + public String getCode() { + return code; + } + + /** + * @param code + * the code to set + */ + public void setCode(String code) { + this.code = code; + } + + /** + * @return the grantType + */ + public String getGrantType() { + return grantType; + } + + /** + * @param grantType + * the grantType to set + */ + public void setGrantType(String grantType) { + this.grantType = grantType; + } + + /** + * @return the clientID + */ + public String getClientID() { + return clientID; + } + + /** + * @param clientID + * the clientID to set + */ + public void setClientID(String clientID) { + this.clientID = clientID; + } + + /** + * @return the clientSecret + */ + public String getClientSecret() { + return clientSecret; + } + + /** + * @param clientSecret + * the clientSecret to set + */ + public void setClientSecret(String clientSecret) { + this.clientSecret = clientSecret; + } + + @Override + protected void populateSpecialParameters(HttpServletRequest request) throws OAuth20Exception { + this.setCode(this.getParam(request, OAuth20Constants.RESPONSE_CODE, true)); + this.setGrantType(this.getParam(request, OAuth20Constants.PARAM_GRANT_TYPE, true)); + this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true)); + this.setClientSecret(this.getParam(request, OAuth20Constants.PARAM_CLIENT_SECRET, true)); + + // check for grant type + if (!this.getGrantType().equals(OAuth20Constants.PARAM_GRANT_TYPE_VALUE_AUTHORIZATION_CODE)) { + throw new OAuth20InvalidGrantException(); + } + + // check if client id and secret are ok + try { + // OAOAUTH20 cannot be null at this point. check was done in base request + OAOAUTH20 oAuthConfig = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(this.getOAURL()) + .getoAuth20Config(); + + if (!this.getClientID().equals(oAuthConfig.getOAuthClientId())) { + throw new OAuth20AccessDeniedException(); + } + + if (!this.getClientSecret().equals(oAuthConfig.getOAuthClientSecret())) { + throw new OAuth20AccessDeniedException(); + } + + } + catch (ConfigurationException e) { + throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); + } + + //add valid parameters + this.allowedParameters.add(OAuth20Constants.PARAM_SCOPE); + this.allowedParameters.add(OAuth20Constants.PARAM_REDIRECT_URI); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java index 9403cb205..054f87e18 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java @@ -23,6 +23,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSourcePIN; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSourcePINType; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.GivenNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateFullMandateAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonFullNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; @@ -39,16 +40,26 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateRefere import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateTypeAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.PVPVersionAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.PrincipalNameAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.InvalidDateFormatAttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; public class PVPAttributeBuilder { - + + private static IAttributeGenerator<Attribute> generator = new SamlAttributeGenerator(); + private static HashMap<String, IAttributeBuilder> builders; - + private static void addBuilder(IAttributeBuilder builder) { builders.put(builder.getName(), builder); } - + static { builders = new HashMap<String, IAttributeBuilder>(); // Citizen Token normal @@ -84,27 +95,39 @@ public class PVPAttributeBuilder { addBuilder(new MandateReferenceValueAttributeBuilder()); addBuilder(new MandateFullMandateAttributeBuilder()); } - - public static Attribute buildAttribute(String name, - AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + + public static Attribute buildAttribute(String name, AuthenticationSession authSession, OAAuthParameter oaParam, + AuthenticationData authData) throws PVP2Exception { if (builders.containsKey(name)) { - return builders.get(name).build(authSession, oaParam, authData); + try { + return builders.get(name).build(authSession, oaParam, authData, generator); + } + catch (AttributeException e) { + if (e instanceof UnavailableAttributeException) { + throw new UnprovideableAttributeException(((UnavailableAttributeException) e).getAttributeName()); + } else if (e instanceof InvalidDateFormatAttributeException) { + throw new InvalidDateFormatException(); + } else if (e instanceof NoMandateDataAttributeException) { + throw new NoMandateDataAvailableException(); + } else { + throw new UnprovideableAttributeException(name); + } + } } return null; } - + public static List<Attribute> buildSupportedEmptyAttributes() { List<Attribute> attributes = new ArrayList<Attribute>(); Iterator<IAttributeBuilder> builderIt = builders.values().iterator(); while (builderIt.hasNext()) { IAttributeBuilder builder = builderIt.next(); - Attribute emptyAttribute = builder.buildEmpty(); + Attribute emptyAttribute = builder.buildEmpty(generator); if (emptyAttribute != null) { attributes.add(emptyAttribute); } } return attributes; } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java index bb568cd90..f5f84a322 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java @@ -1,41 +1,38 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; -public class BPKAttributeBuilder extends BaseAttributeBuilder { - +public class BPKAttributeBuilder implements IPVPAttributeBuilder { + public String getName() { return BPK_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) { + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { String bpk = authData.getBPK(); String type = authData.getBPKType(); if (type.startsWith(Constants.URN_PREFIX_WBPK)) - type = type.substring((Constants.URN_PREFIX_WBPK+"+").length()); - else if (type.startsWith(Constants.URN_PREFIX_CDID)) - type = type.substring((Constants.URN_PREFIX_CDID+"+").length()); - - if(bpk.length() > BPK_MAX_LENGTH) { + type = type.substring((Constants.URN_PREFIX_WBPK + "+").length()); + else if (type.startsWith(Constants.URN_PREFIX_CDID)) type = type.substring((Constants.URN_PREFIX_CDID + "+").length()); + + if (bpk.length() > BPK_MAX_LENGTH) { bpk = bpk.substring(0, BPK_MAX_LENGTH); } Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type); - return buildStringAttribute(BPK_FRIENDLY_NAME, BPK_NAME, type + ":" + bpk); + return g.buildStringAttribute(BPK_FRIENDLY_NAME, BPK_NAME, type + ":" + bpk); } - - public Attribute buildEmpty() { - return buildemptyAttribute(BPK_FRIENDLY_NAME, BPK_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(BPK_FRIENDLY_NAME, BPK_NAME); } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java index fa42fc54f..ef594b91c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java @@ -5,41 +5,39 @@ import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Date; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -public class BirthdateAttributeBuilder extends BaseAttributeBuilder { - +public class BirthdateAttributeBuilder implements IPVPAttributeBuilder { + public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; - + public String getName() { return BIRTHDATE_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) { + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { try { - DateFormat identityLinkFormat = new SimpleDateFormat( - IDENTITY_LINK_DATE_FORMAT); - Date date = identityLinkFormat.parse(authSession.getIdentityLink() - .getDateOfBirth()); - DateFormat pvpDateFormat = new SimpleDateFormat( - BIRTHDATE_FORMAT_PATTERN); + DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); + Date date = identityLinkFormat.parse(authSession.getIdentityLink().getDateOfBirth()); + DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN); String dateString = pvpDateFormat.format(date); - return buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, - BIRTHDATE_NAME, dateString); - } catch (ParseException e) { + + return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString); + + //return buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString); + } + catch (ParseException e) { e.printStackTrace(); return null; } } - public Attribute buildEmpty() { - return buildemptyAttribute(BIRTHDATE_FRIENDLY_NAME, - BIRTHDATE_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME); } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java index 16d05842a..d2532fc28 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java @@ -4,42 +4,40 @@ import iaik.util.logging.Log; import java.io.IOException; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; -public class EIDAuthBlock extends BaseAttributeBuilder { - +public class EIDAuthBlock implements IPVPAttributeBuilder { + public String getName() { return EID_AUTH_BLOCK_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) - throws PVP2Exception { + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { try { String authblock = authSession.getAuthBlock(); if (MiscUtil.isNotEmpty(authblock)) { - return buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, - EID_AUTH_BLOCK_NAME, Base64Utils.encode(authblock.getBytes())); + return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME, + Base64Utils.encode(authblock.getBytes())); } - } catch (IOException e) { + } + catch (IOException e) { Log.info("Encode AuthBlock BASE64 failed."); } - throw new UnprovideableAttributeException(EID_AUTH_BLOCK_NAME); - + throw new UnavailableAttributeException(EID_AUTH_BLOCK_NAME); + } - - public Attribute buildEmpty() { - return buildemptyAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME); + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME); } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java index 0d96d4817..470dc11fa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java @@ -1,33 +1,30 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.util.MiscUtil; -public class EIDCcsURL extends BaseAttributeBuilder{ +public class EIDCcsURL implements IPVPAttributeBuilder { public String getName() { return EID_CCS_URL_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) - throws PVP2Exception { + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { String bkuurl = authSession.getBkuURL(); if (MiscUtil.isNotEmpty(bkuurl)) - return buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl); + return g.buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl); else - throw new UnprovideableAttributeException(EID_CCS_URL_NAME); + throw new UnavailableAttributeException(EID_CCS_URL_NAME); } - public Attribute buildEmpty() { - return buildemptyAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java index 5ddd87c7b..770609e7a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java @@ -1,26 +1,25 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -public class EIDCitizenQAALevelAttributeBuilder extends BaseAttributeBuilder { +public class EIDCitizenQAALevelAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return EID_CITIZEN_QAA_LEVEL_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) { - return buildIntegerAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + return g.buildIntegerAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, EID_CITIZEN_QAA_LEVEL_NAME, 4); } - public Attribute buildEmpty() { - return buildemptyAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, EID_CITIZEN_QAA_LEVEL_NAME); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java index d8be65f53..ea1ed0470 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java @@ -4,28 +4,26 @@ import java.io.IOException; import javax.xml.transform.TransformerException; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.DOMUtils; -public class EIDIdentityLinkBuilder extends BaseAttributeBuilder { +public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder { public String getName() { return EID_IDENTITY_LINK_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) - throws PVP2Exception { + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { try { String ilAssertion = null; if (oaParam.getBusinessService()) { @@ -43,27 +41,27 @@ public class EIDIdentityLinkBuilder extends BaseAttributeBuilder { ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion(); - return buildStringAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, + return g.buildStringAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, EID_IDENTITY_LINK_NAME, Base64Utils.encode(ilAssertion.getBytes())); } catch (MOAIDException e) { Logger.warn("IdentityLink serialization error.", e); - return buildemptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, + return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, EID_IDENTITY_LINK_NAME); } catch (TransformerException e) { Logger.warn("IdentityLink serialization error.", e); - return buildemptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, + return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, EID_IDENTITY_LINK_NAME); } catch (IOException e) { Logger.warn("IdentityLink serialization error.", e); - return buildemptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, + return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, EID_IDENTITY_LINK_NAME); } } - public Attribute buildEmpty() { - return buildemptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, EID_IDENTITY_LINK_NAME); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java index 08e4e67b3..7d6173ee2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java @@ -5,21 +5,20 @@ import iaik.x509.X509Certificate; import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; -public class EIDIssuingNationAttributeBuilder extends BaseAttributeBuilder { +public class EIDIssuingNationAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return EID_ISSUING_NATION_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) { + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { String countryCode = "AT"; @@ -48,12 +47,12 @@ public class EIDIssuingNationAttributeBuilder extends BaseAttributeBuilder { } } - return buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME, + return g.buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME, EID_ISSUING_NATION_NAME, countryCode); } - public Attribute buildEmpty() { - return buildemptyAttribute(EID_ISSUING_NATION_FRIENDLY_NAME, + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(EID_ISSUING_NATION_FRIENDLY_NAME, EID_ISSUING_NATION_NAME); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java index 8cb2b5be6..43e052644 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java @@ -1,26 +1,25 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -public class EIDSectorForIDAttributeBuilder extends BaseAttributeBuilder { +public class EIDSectorForIDAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return EID_SECTOR_FOR_IDENTIFIER_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) { + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { String bpktype = authData.getBPKType(); - return buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, + return g.buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, EID_SECTOR_FOR_IDENTIFIER_NAME, bpktype); } - public Attribute buildEmpty() { - return buildemptyAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, EID_SECTOR_FOR_IDENTIFIER_NAME); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java index f5cb51228..93ddd3506 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java @@ -4,29 +4,26 @@ import iaik.util.logging.Log; import java.io.IOException; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.util.Base64Utils; -public class EIDSignerCertificate extends BaseAttributeBuilder { +public class EIDSignerCertificate implements IPVPAttributeBuilder { public String getName() { return EID_SIGNER_CERTIFICATE_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) - throws PVP2Exception { + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { try { byte[] signerCertificate = authSession.getEncodedSignerCertificate(); if (signerCertificate != null) { - return buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, Base64Utils + return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, Base64Utils .encode(signerCertificate)); } @@ -34,12 +31,12 @@ public class EIDSignerCertificate extends BaseAttributeBuilder { Log.info("Signer certificate BASE64 encoding error"); } - throw new UnprovideableAttributeException(EID_SIGNER_CERTIFICATE_NAME); + throw new UnavailableAttributeException(EID_SIGNER_CERTIFICATE_NAME); } - public Attribute buildEmpty() { - return buildemptyAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java index d21d264f6..a8ec0bfb4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java @@ -1,33 +1,30 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; -public class EIDSourcePIN extends BaseAttributeBuilder { +public class EIDSourcePIN implements IPVPAttributeBuilder { public String getName() { return EID_SOURCE_PIN_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) - throws PVP2Exception { + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { if (oaParam.getBusinessService()) - throw new UnprovideableAttributeException(EID_SOURCE_PIN_NAME); + throw new UnavailableAttributeException(EID_SOURCE_PIN_NAME); else { - return buildStringAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME, authData.getIdentificationValue()); + return g.buildStringAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME, authData.getIdentificationValue()); } } - public Attribute buildEmpty() { - return buildemptyAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java index 9bc9716cf..858a53bed 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java @@ -1,33 +1,30 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; -public class EIDSourcePINType extends BaseAttributeBuilder { +public class EIDSourcePINType implements IPVPAttributeBuilder { public String getName() { return EID_SOURCE_PIN_TYPE_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) - throws PVP2Exception { + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { if (oaParam.getBusinessService()) - throw new UnprovideableAttributeException(EID_SOURCE_PIN_TYPE_NAME); + throw new UnavailableAttributeException(EID_SOURCE_PIN_TYPE_NAME); else { - return buildStringAttribute(EID_SOURCE_PIN_TYPE_FRIENDLY_NAME, EID_SOURCE_PIN_TYPE_NAME, authData.getIdentificationType()); + return g.buildStringAttribute(EID_SOURCE_PIN_TYPE_FRIENDLY_NAME, EID_SOURCE_PIN_TYPE_NAME, authData.getIdentificationType()); } } - public Attribute buildEmpty() { - return buildemptyAttribute(EID_SOURCE_PIN_TYPE_FRIENDLY_NAME, EID_SOURCE_PIN_TYPE_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(EID_SOURCE_PIN_TYPE_FRIENDLY_NAME, EID_SOURCE_PIN_TYPE_NAME); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java index 5c8151c01..648ea6d25 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java @@ -1,24 +1,23 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -public class GivenNameAttributeBuilder extends BaseAttributeBuilder { +public class GivenNameAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return GIVEN_NAME_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) { - return buildStringAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME, authSession.getIdentityLink().getGivenName()); + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + return g.buildStringAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME, authSession.getIdentityLink().getGivenName()); } - public Attribute buildEmpty() { - return buildemptyAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java index 173fbd52f..29f612961 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java @@ -1,15 +1,15 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public interface IAttributeBuilder { public String getName(); - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception; - public Attribute buildEmpty(); + + public <ATT> ATT build(final AuthenticationSession authSession, final OAAuthParameter oaParam, final AuthenticationData authData, + final IAttributeGenerator<ATT> g) throws AttributeException; + + public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeGenerator.java new file mode 100644 index 000000000..48502b77b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeGenerator.java @@ -0,0 +1,11 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +public interface IAttributeGenerator<ATT> { + public abstract ATT buildStringAttribute(final String friendlyName, final String name, final String value); + + public abstract ATT buildIntegerAttribute(final String friendlyName, final String name, final int value); + + public abstract ATT buildLongAttribute(final String friendlyName, final String name, final long value); + + public abstract ATT buildEmptyAttribute(final String friendlyName, final String name); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IPVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IPVPAttributeBuilder.java new file mode 100644 index 000000000..cf40f96f4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IPVPAttributeBuilder.java @@ -0,0 +1,8 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; + +interface IPVPAttributeBuilder extends PVPConstants, MOAIDAuthConstants, IAttributeBuilder { + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java index 0afd71bc1..7d5f1d998 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java @@ -4,32 +4,29 @@ import java.io.IOException; import javax.xml.transform.TransformerException; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.DOMUtils; -public class MandateFullMandateAttributeBuilder extends BaseAttributeBuilder { +public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_FULL_MANDATE_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) - throws PVP2Exception { + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { if (authSession.getUseMandate()) { if (authSession.getMandate() != null) { String fullMandate; try { fullMandate = DOMUtils.serializeNode(authSession .getMandate()); - return buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME, + return g.buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME, MANDATE_FULL_MANDATE_NAME, Base64Utils.encode(fullMandate.getBytes())); } catch (TransformerException e) { Logger.error("Failed to generate Full Mandate", e); @@ -42,8 +39,8 @@ public class MandateFullMandateAttributeBuilder extends BaseAttributeBuilder { } - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME, + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME, MANDATE_FULL_MANDATE_NAME); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java index 15059c036..c49f72315 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; @@ -8,44 +7,43 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBod import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; -public class MandateLegalPersonFullNameAttributeBuilder extends BaseAttributeBuilder { - +public class MandateLegalPersonFullNameAttributeBuilder implements IPVPAttributeBuilder { + public String getName() { return MANDATE_LEG_PER_FULL_NAME_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { - if(authSession.getUseMandate()) { + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + if (authSession.getUseMandate()) { Element mandate = authSession.getMandate(); - if(mandate == null) { - throw new NoMandateDataAvailableException(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); } Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if(mandateObject == null) { - throw new NoMandateDataAvailableException(); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); } CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); - if(corporation == null) { + if (corporation == null) { Logger.error("No corporation mandate"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } - return buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, - MANDATE_LEG_PER_FULL_NAME_NAME, corporation.getFullName()); + return g.buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, MANDATE_LEG_PER_FULL_NAME_NAME, + corporation.getFullName()); } return null; } - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, - MANDATE_LEG_PER_FULL_NAME_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, MANDATE_LEG_PER_FULL_NAME_NAME); } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java index 820efb209..9b1ed0520 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; @@ -9,37 +8,37 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.Identificati import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; -public class MandateLegalPersonSourcePinAttributeBuilder extends BaseAttributeBuilder { +public class MandateLegalPersonSourcePinAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_LEG_PER_SOURCE_PIN_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { if(authSession.getUseMandate()) { Element mandate = authSession.getMandate(); if(mandate == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } Mandate mandateObject = MandateBuilder.buildMandate(mandate); if(mandateObject == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); if(corporation == null) { Logger.error("No corporation mandate"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } IdentificationType id = null; if(corporation.getIdentification().size() == 0) { Logger.error("Failed to generate IdentificationType"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } id = corporation.getIdentification().get(0); /*if(authSession.getBusinessService()) { @@ -49,16 +48,16 @@ public class MandateLegalPersonSourcePinAttributeBuilder extends BaseAttributeBu }*/ /*if(id == null) { Logger.error("Failed to generate IdentificationType"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); }*/ - return buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, + return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_NAME, id.getValue().getValue()); } return null; } - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_NAME); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java index 44b58d04f..d40cb2f99 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; @@ -9,59 +8,53 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.Identificati import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; -public class MandateLegalPersonSourcePinTypeAttributeBuilder extends - BaseAttributeBuilder { - +public class MandateLegalPersonSourcePinTypeAttributeBuilder implements IPVPAttributeBuilder { + public String getName() { return MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) - throws PVP2Exception { + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { if (authSession.getUseMandate()) { Element mandate = authSession.getMandate(); if (mandate == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } Mandate mandateObject = MandateBuilder.buildMandate(mandate); if (mandateObject == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } - CorporateBodyType corporation = mandateObject.getMandator() - .getCorporateBody(); + CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); if (corporation == null) { Logger.error("No corporate mandate"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } IdentificationType id = null; - if(corporation.getIdentification().size() == 0) { + if (corporation.getIdentification().size() == 0) { Logger.error("Failed to generate IdentificationType"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } - id = corporation.getIdentification().get(0); - /*id = MandateBuilder.getBPKIdentification(corporate); - if (id == null) { - Logger.error("Failed to generate IdentificationType"); - throw new NoMandateDataAvailableException(); - }*/ - return buildStringAttribute( - MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, - MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, id.getType()); + id = corporation.getIdentification().get(0); + /* + * id = MandateBuilder.getBPKIdentification(corporate); if (id == null) { + * Logger.error("Failed to generate IdentificationType"); throw new + * NoMandateDataAttributeException(); } + */ + return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, + id.getType()); } return null; - + } - - public Attribute buildEmpty() { - return buildemptyAttribute( - MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, - MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME); + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME); } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java index dc4e9dd49..b6c7389e0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; @@ -11,52 +10,51 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; -public class MandateNaturalPersonBPKAttributeBuilder extends BaseAttributeBuilder { - +public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBuilder { + public String getName() { return MANDATE_NAT_PER_BPK_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { - if(authSession.getUseMandate()) { + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + if (authSession.getUseMandate()) { Element mandate = authSession.getMandate(); - if(mandate == null) { - throw new NoMandateDataAvailableException(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); } Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if(mandateObject == null) { - throw new NoMandateDataAvailableException(); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); } - PhysicalPersonType physicalPerson = mandateObject.getMandator() - .getPhysicalPerson(); + PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); if (physicalPerson == null) { Logger.error("No physicalPerson mandate"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } IdentificationType id = null; id = physicalPerson.getIdentification().get(0); -// if(authSession.getBusinessService()) { -// id = MandateBuilder.getWBPKIdentification(physicalPerson); -// } else { -// id = MandateBuilder.getBPKIdentification(physicalPerson); -// } - if(id == null) { + // if(authSession.getBusinessService()) { + // id = MandateBuilder.getWBPKIdentification(physicalPerson); + // } else { + // id = MandateBuilder.getBPKIdentification(physicalPerson); + // } + if (id == null) { Logger.error("Failed to generate IdentificationType"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } String bpk; try { - + if (id.getType().equals(Constants.URN_PREFIX_BASEID)) { - if (authSession.getBusinessService()) { + if (authSession.getBusinessService()) { bpk = new BPKBuilder().buildWBPK(id.getValue().getValue(), oaParam.getIdentityLinkDomainIdentifier()); } @@ -65,26 +63,24 @@ public class MandateNaturalPersonBPKAttributeBuilder extends BaseAttributeBuilde bpk = new BPKBuilder().buildBPK(id.getValue().getValue(), oaParam.getTarget()); } - - } else + + } else bpk = id.getValue().getValue(); - } catch (BuildException e ){ + } + catch (BuildException e) { Logger.error("Failed to generate IdentificationType"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } - - return buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, - MANDATE_NAT_PER_BPK_NAME, bpk); + + return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, bpk); } return null; } - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, - MANDATE_NAT_PER_BPK_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME); } - - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java index a87d4d25c..bc719afeb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java @@ -5,7 +5,6 @@ import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Date; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; @@ -13,62 +12,55 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPers import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.InvalidDateFormatAttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; -public class MandateNaturalPersonBirthDateAttributeBuilder extends - BaseAttributeBuilder { - +public class MandateNaturalPersonBirthDateAttributeBuilder implements IPVPAttributeBuilder { + public String getName() { return MANDATE_NAT_PER_BIRTHDATE_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) - throws PVP2Exception { + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { if (authSession.getUseMandate()) { Element mandate = authSession.getMandate(); if (mandate == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } Mandate mandateObject = MandateBuilder.buildMandate(mandate); if (mandateObject == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } - PhysicalPersonType physicalPerson = mandateObject.getMandator() - .getPhysicalPerson(); + PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); if (physicalPerson == null) { Logger.error("No physicalPerson mandate"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } - + String dateOfBirth = physicalPerson.getDateOfBirth(); try { - DateFormat mandateFormat = new SimpleDateFormat( - MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT); + DateFormat mandateFormat = new SimpleDateFormat(MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT); Date date = mandateFormat.parse(dateOfBirth); - DateFormat pvpDateFormat = new SimpleDateFormat( - MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN); + DateFormat pvpDateFormat = new SimpleDateFormat(MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN); String dateString = pvpDateFormat.format(date); - - return buildStringAttribute( - MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, - MANDATE_NAT_PER_BIRTHDATE_NAME, dateString); - } catch (ParseException e) { + + return g.buildStringAttribute(MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, MANDATE_NAT_PER_BIRTHDATE_NAME, dateString); + } + catch (ParseException e) { e.printStackTrace(); - throw new InvalidDateFormatException(); + throw new InvalidDateFormatAttributeException(); } } return null; - + } - - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, - MANDATE_NAT_PER_BIRTHDATE_NAME); + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, MANDATE_NAT_PER_BIRTHDATE_NAME); } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java index 6744e5d20..0e40f9e04 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java @@ -2,7 +2,6 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; import java.util.Iterator; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; @@ -11,32 +10,32 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPers import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; -public class MandateNaturalPersonFamilyNameAttributeBuilder extends BaseAttributeBuilder { +public class MandateNaturalPersonFamilyNameAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_NAT_PER_FAMILY_NAME_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { if(authSession.getUseMandate()) { Element mandate = authSession.getMandate(); if(mandate == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } Mandate mandateObject = MandateBuilder.buildMandate(mandate); if(mandateObject == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); if(physicalPerson == null) { Logger.error("No physicalPerson mandate"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } StringBuilder sb = new StringBuilder(); @@ -46,15 +45,15 @@ public class MandateNaturalPersonFamilyNameAttributeBuilder extends BaseAttribu sb.append(" " + fNamesit.next().getValue()); } - return buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, + return g.buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, MANDATE_NAT_PER_FAMILY_NAME_NAME, sb.toString()); } return null; } - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, MANDATE_NAT_PER_FAMILY_NAME_NAME); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java index 67aa8df0e..88efc3717 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java @@ -2,7 +2,6 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; import java.util.Iterator; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; @@ -10,51 +9,49 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPers import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; -public class MandateNaturalPersonGivenNameAttributeBuilder extends BaseAttributeBuilder { - +public class MandateNaturalPersonGivenNameAttributeBuilder implements IPVPAttributeBuilder { + public String getName() { return MANDATE_NAT_PER_GIVEN_NAME_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { - if(authSession.getUseMandate()) { + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + if (authSession.getUseMandate()) { Element mandate = authSession.getMandate(); - if(mandate == null) { - throw new NoMandateDataAvailableException(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); } Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if(mandateObject == null) { - throw new NoMandateDataAvailableException(); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); } PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); - if(physicalPerson == null) { + if (physicalPerson == null) { Logger.error("No physicalPerson mandate"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } StringBuilder sb = new StringBuilder(); Iterator<String> gNamesit = physicalPerson.getName().getGivenName().iterator(); - while(gNamesit.hasNext()) { + while (gNamesit.hasNext()) { sb.append(" " + gNamesit.next()); } - return buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, - MANDATE_NAT_PER_GIVEN_NAME_NAME, sb.toString()); + return g.buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, MANDATE_NAT_PER_GIVEN_NAME_NAME, sb.toString()); } return null; } - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, - MANDATE_NAT_PER_GIVEN_NAME_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, MANDATE_NAT_PER_GIVEN_NAME_NAME); } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java index aa8061506..7c59faeb2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; @@ -9,56 +8,56 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPers import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; -public class MandateNaturalPersonSourcePinAttributeBuilder extends - BaseAttributeBuilder { +public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_NAT_PER_SOURCE_PIN_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) - throws PVP2Exception { + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { if(authSession.getUseMandate()) { Element mandate = authSession.getMandate(); if(mandate == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } Mandate mandateObject = MandateBuilder.buildMandate(mandate); if(mandateObject == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } PhysicalPersonType physicalPerson = mandateObject.getMandator() .getPhysicalPerson(); if (physicalPerson == null) { Logger.error("No physicalPerson mandate"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } IdentificationType id = null; id = physicalPerson.getIdentification().get(0); - /*if(authSession.getBusinessService()) { + + if(authSession.getBusinessService()) { id = MandateBuilder.getWBPKIdentification(physicalPerson); - } else { - id = MandateBuilder.getBPKIdentification(physicalPerson); - }*/ + +// } else { +// id = MandateBuilder.getBPKIdentification(physicalPerson); + } if(id == null) { Logger.error("Failed to generate IdentificationType"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } - return buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME, + return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME, MANDATE_NAT_PER_SOURCE_PIN_NAME, id.getValue().getValue()); } return null; } - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME, + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME, MANDATE_NAT_PER_SOURCE_PIN_NAME); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java index 6ef2f5fa5..54b0b8d74 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; @@ -9,35 +8,33 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPers import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; -public class MandateNaturalPersonSourcePinTypeAttributeBuilder extends - BaseAttributeBuilder { +public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) - throws PVP2Exception { + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { if(authSession.getUseMandate()) { Element mandate = authSession.getMandate(); if(mandate == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } Mandate mandateObject = MandateBuilder.buildMandate(mandate); if(mandateObject == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } PhysicalPersonType physicalPerson = mandateObject.getMandator() .getPhysicalPerson(); if (physicalPerson == null) { Logger.error("No physicalPerson mandate"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } IdentificationType id = null; id = physicalPerson.getIdentification().get(0); @@ -48,17 +45,17 @@ public class MandateNaturalPersonSourcePinTypeAttributeBuilder extends }*/ if(id == null) { Logger.error("Failed to generate IdentificationType"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } - return buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, + return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, id.getType()); } return null; } - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java index 66ac56d00..80393fb50 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java @@ -1,27 +1,26 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor; -public class MandateProfRepDescAttributeBuilder extends BaseAttributeBuilder { +public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_PROF_REP_DESC_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { if(authSession.getUseMandate()) { Element mandate = authSession.getMandate(); if(mandate == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } String text = AttributeExtractor.extractSAMLAttributeOA( @@ -32,7 +31,7 @@ public class MandateProfRepDescAttributeBuilder extends BaseAttributeBuilder { return null; } - return buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, + return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, MANDATE_PROF_REP_DESC_NAME, text); } @@ -40,8 +39,8 @@ public class MandateProfRepDescAttributeBuilder extends BaseAttributeBuilder { } - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, MANDATE_PROF_REP_DESC_NAME); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java index d708cba95..e3bfda252 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java @@ -1,48 +1,42 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor; -public class MandateProfRepOIDAttributeBuilder extends BaseAttributeBuilder { - +public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder { + public String getName() { return MANDATE_PROF_REP_OID_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { - if(authSession.getUseMandate()) { + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + if (authSession.getUseMandate()) { Element mandate = authSession.getMandate(); - if(mandate == null) { - throw new NoMandateDataAvailableException(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); } - String oid = AttributeExtractor.extractSAMLAttributeOA( - EXT_SAML_MANDATE_OID, - authSession); + String oid = AttributeExtractor.extractSAMLAttributeOA(EXT_SAML_MANDATE_OID, authSession); - if(oid == null) { + if (oid == null) { return null; } - return buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, - MANDATE_PROF_REP_OID_NAME, oid); + return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, oid); } return null; } - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, - MANDATE_PROF_REP_OID_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME); } } -
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java index 46c6ffb78..2c4eb15de 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java @@ -1,21 +1,45 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; -public class MandateReferenceValueAttributeBuilder extends BaseAttributeBuilder { - +public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuilder { + public String getName() { return MANDATE_REFERENCE_VALUE_NAME; } + public Attribute build(AuthenticationSession authSession, + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + if (authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); + } + + return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME, + mandateObject.getMandateID()); + } + return null; + + } + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME); + } +} public Attribute build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java index bc7fdaf73..76dc1cb83 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java @@ -1,41 +1,41 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.ResponderErrorException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; -public class MandateTypeAttributeBuilder extends BaseAttributeBuilder { - +public class MandateTypeAttributeBuilder implements IPVPAttributeBuilder { + public String getName() { return MANDATE_TYPE_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) throws ResponderErrorException { - if(authSession.getUseMandate()) { + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + if (authSession.getUseMandate()) { Element mandate = authSession.getMandate(); - if(mandate == null) { - throw new ResponderErrorException("No mandate data available", null); + if (mandate == null) { + throw new NoMandateDataAttributeException(); } Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if(mandateObject == null) { - throw new ResponderErrorException("No mandate data available", null); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); } - return buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateObject.getAnnotation()); + return g.buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateObject.getAnnotation()); } return null; } - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME); } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java index 545d70d76..149513764 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java @@ -1,24 +1,23 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -public class PVPVersionAttributeBuilder extends BaseAttributeBuilder { - +public class PVPVersionAttributeBuilder implements IPVPAttributeBuilder { + public String getName() { return PVP_VERSION_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) { - return buildStringAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME, PVP_VERSION_2_1); + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + return g.buildStringAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME, PVP_VERSION_2_1); } - - public Attribute buildEmpty() { - return buildemptyAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME); + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java index 7ca7eb829..2de5ae79a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java @@ -1,24 +1,23 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -public class PrincipalNameAttributeBuilder extends BaseAttributeBuilder { - +public class PrincipalNameAttributeBuilder implements IPVPAttributeBuilder { + public String getName() { return PRINCIPAL_NAME_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) { - return buildStringAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME, authSession.getIdentityLink().getFamilyName()); + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + return g.buildStringAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME, authSession.getIdentityLink().getFamilyName()); } - - public Attribute buildEmpty() { - return buildemptyAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME); + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME); } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java index 4accca580..170c72fb4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java @@ -9,31 +9,26 @@ import org.opensaml.xml.schema.XSString; import org.opensaml.xml.schema.impl.XSIntegerBuilder; import org.opensaml.xml.schema.impl.XSStringBuilder; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; -public abstract class BaseAttributeBuilder implements PVPConstants, MOAIDAuthConstants, IAttributeBuilder { - +public class SamlAttributeGenerator implements IAttributeGenerator<Attribute> { - protected static XMLObject buildAttributeStringValue(String value) { + private XMLObject buildAttributeStringValue(String value) { XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME); XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME); stringValue.setValue(value); return stringValue; } - protected static XMLObject buildAttributeIntegerValue(int value) { + private XMLObject buildAttributeIntegerValue(int value) { XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME); XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME); integerValue.setValue(value); return integerValue; } - protected static Attribute buildStringAttribute(String friendlyName, - String name, String value) { - Attribute attribute = - SAML2Utils.createSAMLObject(Attribute.class); + public Attribute buildStringAttribute(final String friendlyName, final String name, final String value) { + Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class); attribute.setFriendlyName(friendlyName); attribute.setName(name); attribute.setNameFormat(Attribute.URI_REFERENCE); @@ -41,10 +36,8 @@ public abstract class BaseAttributeBuilder implements PVPConstants, MOAIDAuthCon return attribute; } - protected static Attribute buildIntegerAttribute(String friendlyName, - String name, int value) { - Attribute attribute = - SAML2Utils.createSAMLObject(Attribute.class); + public Attribute buildIntegerAttribute(final String friendlyName, final String name, final int value) { + Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class); attribute.setFriendlyName(friendlyName); attribute.setName(name); attribute.setNameFormat(Attribute.URI_REFERENCE); @@ -52,12 +45,21 @@ public abstract class BaseAttributeBuilder implements PVPConstants, MOAIDAuthCon return attribute; } - protected static Attribute buildemptyAttribute(String friendlyName, String name) { - Attribute attribute = - SAML2Utils.createSAMLObject(Attribute.class); + public Attribute buildEmptyAttribute(final String friendlyName, final String name) { + Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class); + attribute.setFriendlyName(friendlyName); + attribute.setName(name); + attribute.setNameFormat(Attribute.URI_REFERENCE); + return attribute; + } + + public Attribute buildLongAttribute(String friendlyName, String name, long value) { + Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class); attribute.setFriendlyName(friendlyName); attribute.setName(name); attribute.setNameFormat(Attribute.URI_REFERENCE); + attribute.getAttributeValues().add(buildAttributeIntegerValue((int) value)); return attribute; } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributeException.java new file mode 100644 index 000000000..245858ad1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributeException.java @@ -0,0 +1,11 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions; + +public class AttributeException extends Exception { + + private static final long serialVersionUID = 1L; + + public AttributeException(String message) { + super(message); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/InvalidDateFormatAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/InvalidDateFormatAttributeException.java new file mode 100644 index 000000000..61540d53f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/InvalidDateFormatAttributeException.java @@ -0,0 +1,13 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions; + +public class InvalidDateFormatAttributeException extends AttributeException { + + private static final long serialVersionUID = 1L; + + public InvalidDateFormatAttributeException() { + super("Date format is invalid."); + } + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/NoMandateDataAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/NoMandateDataAttributeException.java new file mode 100644 index 000000000..7bb09fd85 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/NoMandateDataAttributeException.java @@ -0,0 +1,10 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions; + +public class NoMandateDataAttributeException extends AttributeException { + + private static final long serialVersionUID = 1L; + + public NoMandateDataAttributeException() { + super("Mandate data is not available."); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/UnavailableAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/UnavailableAttributeException.java new file mode 100644 index 000000000..df3933774 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/UnavailableAttributeException.java @@ -0,0 +1,18 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions; + +public class UnavailableAttributeException extends AttributeException { + + private static final long serialVersionUID = 1L; + + private String attributeName; + + public UnavailableAttributeException(String attributeName) { + super("Attribute " + attributeName + " is not available."); + this.attributeName = attributeName; + } + + public String getAttributeName() { + return attributeName; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index 89285bad1..0c7dea3c8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -9,7 +9,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.transform.TransformerException; -import org.joda.time.DateTime; import org.opensaml.Configuration; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.Assertion; @@ -84,15 +83,11 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { Response authResponse = SAML2Utils.createSAMLObject(Response.class); Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); - - //TODO: check! - //change to entity value from entity name to IDP EntityID (URL) - nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); - //nissuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName()); + nissuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName()); nissuer.setFormat(NameID.ENTITY); - authResponse.setIssuer(nissuer); authResponse.setInResponseTo(authnRequest.getID()); + //SAML2 response required IssueInstant authResponse.setIssueInstant(date); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java index e85d87aa3..e9d41b7ee 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java @@ -91,12 +91,10 @@ public class MetadataSignatureFilter implements MetadataFilter { throw new MOAIDException("Root element of metadata file has to be signed", null); } processEntitiesDescriptor(entitiesDescriptor); - - } else if (metadata instanceof EntityDescriptor) { + } /*else if (metadata instanceof EntityDescriptor) { EntityDescriptor entityDescriptor = (EntityDescriptor) metadata; processEntityDescriptorr(entityDescriptor); - - } else { + } */else { throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null); } |