diff options
Diffstat (limited to 'id/server/idserverlib/src/main')
21 files changed, 279 insertions, 1517 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java index 8298b082b..9894ffbe9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java @@ -33,11 +33,11 @@ import org.springframework.stereotype.Service;  import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;  import at.gv.egiz.eaaf.core.api.IRequest;  import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;  import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;  import at.gv.egiz.eaaf.modules.pvp2.PVPEventConstants;  import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;  import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;  import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;  import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;  import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 998817b19..b6f78119c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -23,19 +23,14 @@  package at.gv.egovernment.moa.id.auth.builder;  import java.io.IOException; -import java.io.InputStream;  import java.lang.reflect.InvocationTargetException;  import java.security.PrivateKey;  import java.util.ArrayList;  import java.util.Arrays; -import java.util.Collection;  import java.util.Date;  import java.util.Iterator;  import java.util.List; -import javax.naming.ldap.LdapName; -import javax.naming.ldap.Rdn; -  import org.springframework.beans.factory.annotation.Autowired;  import org.springframework.stereotype.Service;  import org.w3c.dom.DOMException; @@ -46,17 +41,24 @@ import org.w3c.dom.NodeList;  import at.gv.egiz.eaaf.core.api.IRequest;  import at.gv.egiz.eaaf.core.api.data.EAAFConstants;  import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;  import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;  import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFParserException;  import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.XPathException;  import at.gv.egiz.eaaf.core.impl.data.Pair;  import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;  import at.gv.egovernment.moa.id.auth.exception.BuildException;  import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException; -import at.gv.egovernment.moa.id.auth.exception.ParseException;  import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;  import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;  import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; @@ -64,7 +66,6 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;  import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;  import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;  import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;  import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;  import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;  import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; @@ -82,24 +83,21 @@ import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.Base64Utils;  import at.gv.egovernment.moa.util.Constants;  import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.egovernment.moa.util.XPathException; -import at.gv.egovernment.moa.util.XPathUtils;  import at.gv.util.client.szr.SZRClient;  import at.gv.util.config.EgovUtilPropertiesConfiguration;  import at.gv.util.wsdl.szr.SZRException;  import at.gv.util.xsd.szr.PersonInfoType; -import iaik.x509.X509Certificate;  /**   * @author tlenz   *   */  @Service("AuthenticationDataBuilder") -public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAuthenticationDataBuilder{ +public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder {  	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;  	@Autowired protected AuthConfiguration authConfig; -	@Autowired private LoALevelMapper loaLevelMapper;  +	@Autowired protected LoALevelMapper loaLevelMapper;   	@Override  	public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException { @@ -108,16 +106,17 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu  					new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()),  					pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class)); -		} catch (ConfigurationException | BuildException | WrongParametersException | DynamicOABuildException e) { +		} catch (ConfigurationException | BuildException | WrongParametersException | DynamicOABuildException | EAAFBuilderException e) {  			Logger.warn("Can not build authentication data from session information");  			throw new EAAFAuthenticationException("TODO", new Object[]{},					  					"Can not build authentication data from session information", e); +			  		}  	}  	private IAuthData buildAuthenticationData(IRequest pendingReq,  -            IAuthenticationSession session,  IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {		 +            IAuthenticationSession session,  IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException, EAAFBuilderException {		  		MOAAuthenticationData authdata = null;		  		//only needed for SAML1 legacy support @@ -181,96 +180,13 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu  	}  	private void buildAuthDataFormMOASession(MOAAuthenticationData authData, IAuthenticationSession session,  -			IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException { - -		Collection<String> includedToGenericAuthData = null; -		if (session.getGenericSessionDataStorage() != null &&   -				!session.getGenericSessionDataStorage().isEmpty()) -			includedToGenericAuthData = session.getGenericSessionDataStorage().keySet(); -		else -			includedToGenericAuthData = new ArrayList<String>(); -		 -		try {		 -			//#################################################### -			//set general authData info's -			authData.setAuthenticationIssuer(protocolRequest.getAuthURL()); -			authData.setSsoSession(protocolRequest.needSingleSignOnFunctionality());			 -			authData.setBaseIDTransferRestrication(oaParam.hasBaseIdTransferRestriction()); -			 -		 -			//#################################################### -			//parse user info's from identityLink -			IIdentityLink idlFromPVPAttr = null; -			IIdentityLink identityLink = session.getIdentityLink();		 -			if (identityLink != null) { -				parseBasicUserInfosFromIDL(authData, identityLink, includedToGenericAuthData); -			 -			} else { -				// identityLink is not direct in MOASession -				String pvpAttrIDL = session.getGenericDataFromSession(PVPConstants.EID_IDENTITY_LINK_NAME, String.class); -					//find PVP-Attr. which contains the IdentityLink -				if (MiscUtil.isNotEmpty(pvpAttrIDL)) { -					Logger.debug("Find PVP-Attr: " + PVPConstants.EID_IDENTITY_LINK_FRIENDLY_NAME -							+ " --> Parse basic user info's from that attribute."); -					InputStream idlStream = null; -					try { -						idlStream = Base64Utils.decodeToStream(pvpAttrIDL, false);				 -						idlFromPVPAttr = new IdentityLinkAssertionParser(idlStream).parseIdentityLink(); -						parseBasicUserInfosFromIDL(authData, idlFromPVPAttr, includedToGenericAuthData); -															 -					} catch (ParseException e) { -						Logger.error("Received IdentityLink is not valid", e); -						 -					} catch (Exception e) { -						Logger.error("Received IdentityLink is not valid", e); -						 -					} finally { -						try { -							includedToGenericAuthData.remove(PVPConstants.EID_IDENTITY_LINK_NAME); -							if (idlStream != null)						 -								idlStream.close(); -							 -						} catch (IOException e) { -							Logger.fatal("Close InputStream FAILED.", e); -							 -						} -						 -					} -					 -				} -				 -				//if no basic user info's are set yet, parse info's single PVP-Attributes -				if (MiscUtil.isEmpty(authData.getFamilyName())) { -					Logger.debug("No IdentityLink found or not parseable --> Parse basic user info's from single PVP-Attributes."); -					authData.setFamilyName(session.getGenericDataFromSession(PVPConstants.PRINCIPAL_NAME_NAME, String.class));		 -					authData.setGivenName(session.getGenericDataFromSession(PVPConstants.GIVEN_NAME_NAME, String.class));		 -					authData.setDateOfBirth(session.getGenericDataFromSession(PVPConstants.BIRTHDATE_NAME, String.class)); -					authData.setIdentificationValue(session.getGenericDataFromSession(PVPConstants.EID_SOURCE_PIN_NAME, String.class));		 -					authData.setIdentificationType(session.getGenericDataFromSession(PVPConstants.EID_SOURCE_PIN_TYPE_NAME, String.class)); -					 -					//remove corresponding keys from genericSessionData if exists -					includedToGenericAuthData.remove(PVPConstants.PRINCIPAL_NAME_NAME); -					includedToGenericAuthData.remove(PVPConstants.GIVEN_NAME_NAME); -					includedToGenericAuthData.remove(PVPConstants.BIRTHDATE_NAME); -					includedToGenericAuthData.remove(PVPConstants.EID_SOURCE_PIN_NAME); -					includedToGenericAuthData.remove(PVPConstants.EID_SOURCE_PIN_TYPE_NAME); -				} -								 -			} -			 -			if (authData.getIdentificationType() != null &&  -					!authData.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { -				Logger.trace("IdentificationType is not a baseID --> clear it. "); -				authData.setBPK(authData.getIdentificationValue()); -				authData.setBPKType(authData.getIdentificationType()); -				 -				authData.setIdentificationValue(null); -				authData.setIdentificationType(null); -								 -			} +			IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException, EAAFBuilderException { +		try { +			//generate basic authentication data +			generateBasicAuthData(authData, protocolRequest, session); -			//#################################################### +			// #### generate MOA-ID specific authentication data ######  			//set BKU URL  			includedToGenericAuthData.remove(PVPConstants.EID_CCS_URL_NAME);  			if (MiscUtil.isNotEmpty(session.getBkuURL())) @@ -282,41 +198,50 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu  			//TODO: fully switch from STORK QAA to eIDAS LoA  			//####################################################  			//set QAA level -			includedToGenericAuthData.remove(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME); -			String currentLoA = null; -			if (MiscUtil.isNotEmpty(session.getQAALevel())) -				currentLoA = session.getQAALevel();			 -			else { -				currentLoA = session.getGenericDataFromSession(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, String.class); -				if (MiscUtil.isNotEmpty(currentLoA)) { -					Logger.debug("Find PVP-Attr '" + PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA -							+ " --> Parse QAA-Level from that attribute."); +			if (MiscUtil.isNotEmpty(authData.getEIDASQAALevel())) { +				Logger.debug("Find eIDAS LoA. Map it to STORK QAA"); +				authData.setQAALevel(loaLevelMapper.mapeIDASQAAToSTORKQAA(authData.getEIDASQAALevel())); +				 +			} else { +				Logger.info("Find NO eIDAS Loa. Starting STORK QAA processing as backup ... "); +			 +							 +				includedToGenericAuthData.remove(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME); +				String currentLoA = null; +				if (MiscUtil.isNotEmpty(session.getQAALevel())) +					currentLoA = session.getQAALevel();			 +				else { +					currentLoA = session.getGenericDataFromSession(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, String.class); +					if (MiscUtil.isNotEmpty(currentLoA)) { +						Logger.debug("Find PVP-Attr '" + PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA +								+ " --> Parse QAA-Level from that attribute."); +					}  				} -			} -			if (MiscUtil.isNotEmpty(currentLoA)) {					 -				if (currentLoA.startsWith(PVPConstants.STORK_QAA_PREFIX)) { -					authData.setQAALevel(currentLoA); -					authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(currentLoA)); +				if (MiscUtil.isNotEmpty(currentLoA)) {					 +					if (currentLoA.startsWith(PVPConstants.STORK_QAA_PREFIX)) { +						authData.setQAALevel(currentLoA); +						authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(currentLoA)); -				} else if (currentLoA.startsWith(EAAFConstants.EIDAS_QAA_PREFIX)) { -					authData.setQAALevel(loaLevelMapper.mapeIDASQAAToSTORKQAA(currentLoA)); -					authData.seteIDASLoA(currentLoA); +					} else if (currentLoA.startsWith(EAAFConstants.EIDAS_QAA_PREFIX)) { +						authData.setQAALevel(loaLevelMapper.mapeIDASQAAToSTORKQAA(currentLoA)); +						authData.seteIDASLoA(currentLoA); -				} else {  -					Logger.debug("Found PVP SecClass. QAA mapping process starts ... ");				 -					String mappedStorkQAA = loaLevelMapper.mapSecClassToQAALevel(currentLoA); -					if (MiscUtil.isNotEmpty(mappedStorkQAA)) { -						authData.setQAALevel(mappedStorkQAA); -						authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(mappedStorkQAA)); +					} else {  +						Logger.debug("Found PVP SecClass. QAA mapping process starts ... ");				 +						String mappedStorkQAA = loaLevelMapper.mapSecClassToQAALevel(currentLoA); +						if (MiscUtil.isNotEmpty(mappedStorkQAA)) { +							authData.setQAALevel(mappedStorkQAA); +							authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(mappedStorkQAA)); -					}										 -				} -			}		 +						}										 +					} +				}		 +			}  			//if no QAA level is set in MOASession then set default QAA level   -			if (MiscUtil.isEmpty(authData.getQAALevel())) {														 +			if (MiscUtil.isEmpty(authData.getEIDASQAALevel())) {														  				Logger.info("No QAA level found. Set to default level " + EAAFConstants.EIDAS_QAA_LOW);  				authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + "1");  				authData.seteIDASLoA(EAAFConstants.EIDAS_QAA_LOW); @@ -371,65 +296,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu  			} -			 -			//#################################################### -			//set isForeigner flag -			//TODO: change to new eIDAS-token attribute identifier -			if (session.getGenericDataFromSession(PVPConstants.EID_STORK_TOKEN_NAME) != null) { -				Logger.debug("Find PVP-Attr: " + PVPConstants.EID_STORK_TOKEN_FRIENDLY_NAME -						+ " --> Set 'isForeigner' flag to TRUE"); -				authData.setForeigner(true); -				 -			} else {		 -				authData.setForeigner(session.isForeigner()); -				 -			} -					 -			 -			//#################################################### -			//set citizen country-code -			includedToGenericAuthData.remove(PVPConstants.EID_ISSUING_NATION_NAME); -			String pvpCCCAttr = session.getGenericDataFromSession(PVPConstants.EID_ISSUING_NATION_NAME, String.class); -			if (MiscUtil.isNotEmpty(pvpCCCAttr)) { -				authData.setCiticenCountryCode(pvpCCCAttr); -				Logger.debug("Find PVP-Attr: " + PVPConstants.EID_ISSUING_NATION_FRIENDLY_NAME); -				 -			} else { -				if (authData.isForeigner()) { -					try { -						if (authData.getSignerCertificate() != null) {					 -							//TODO: replace with TSL lookup when TSL is ready! -							X509Certificate certificate = new X509Certificate(authData.getSignerCertificate()); -							if (certificate != null) { -								LdapName ln = new LdapName(certificate.getIssuerDN() -										.getName()); -								for (Rdn rdn : ln.getRdns()) { -									if (rdn.getType().equalsIgnoreCase("C")) { -										Logger.info("C is: " + rdn.getValue()); -										authData.setCiticenCountryCode(rdn.getValue().toString()); -										break; -									} -								} -							} -							 -						} else -							Logger.warn("NO PVP-Attr: " + PVPConstants.EID_ISSUING_NATION_NAME  -									+ " and NO SignerCertificate in MOASession -->" -									+ " Can NOT extract citizen-country of foreign person."); -						 -						 -					} catch (Exception e) { -						Logger.error("Failed to extract country code from certificate with message: " + e.getMessage()); -						 -					} -									 -				} else { -					authData.setCiticenCountryCode(COUNTRYCODE_AUSTRIA); -					 -				}			 -			} -			 -			 +											  			//####################################################  			//set max. SSO session time  			includedToGenericAuthData.remove(AuthenticationSessionStorageConstants.FEDERATION_RESPONSE_VALIDE_TO); @@ -558,11 +425,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu  					includedToGenericAuthData.remove(PVPConstants.MANDATE_PROF_REP_OID_NAME);  				}  			} -		 -		 -		 -		 -						 +					  			//####################################################  			// set bPK and IdentityLink for Organwalter -->   			//        Organwalter has a special bPK is received from MIS  @@ -572,111 +435,14 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu  				authData.setBPK(misMandate.getOWbPK());  				authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW");  				Logger.trace("Authenticated User is OW: " + misMandate.getOWbPK()); -				 -				 -				//TODO: check in case of mandates for business services -				if (identityLink != null) -					authData.setIdentityLink(identityLink); -			 -				else if (idlFromPVPAttr != null){ -					authData.setIdentityLink(idlFromPVPAttr); -					Logger.debug("Set IdentityLink received from federated IDP for Organwalter"); -										 -				} else -					Logger.info("Can NOT set Organwalter IdentityLink. Msg: No IdentityLink found");				 - -				 +											  				//set bPK and IdenityLink for all other -			} else { -				//build bPK -				String pvpbPKValue = getbPKValueFromPVPAttribute(session); -				String pvpbPKTypeAttr = getbPKTypeFromPVPAttribute(session);				 -				Pair<String, String> pvpEncbPKAttr = getEncryptedbPKFromPVPAttribute(session, authData, oaParam); - -				//check if a unique ID for this citizen exists -				if (MiscUtil.isEmpty(authData.getIdentificationValue()) &&  -						MiscUtil.isEmpty(pvpbPKValue) && MiscUtil.isEmpty(authData.getBPK()) && -						pvpEncbPKAttr == null) { -					Logger.info("Can not build authData, because moaSession include no bPK, encrypted bPK or baseID"); -					throw new MOAIDException("builder.08", new Object[]{"No " + PVPConstants.BPK_FRIENDLY_NAME -							+ " or " + PVPConstants.EID_SOURCE_PIN_FRIENDLY_NAME  -							+ " or " + PVPConstants.ENC_BPK_LIST_FRIENDLY_NAME}); -					 -				} -								 -				// baseID is in MOASesson --> calculate bPK directly -				if (MiscUtil.isNotEmpty(authData.getIdentificationValue())) { -					Logger.debug("Citizen baseID is in MOASession --> calculate bPK from this."); -					Pair<String, String> result = buildOAspecificbPK(protocolRequest, oaParam, authData); -					authData.setBPK(result.getFirst()); -					authData.setBPKType(result.getSecond()); -					 -					//check if bPK already added to AuthData matches OA					 -				} else if (MiscUtil.isNotEmpty(authData.getBPK())  -						&& matchsReceivedbPKToOnlineApplication(oaParam, authData.getBPKType()) ) {  -					Logger.debug("Correct bPK is already included in AuthData."); - -					//check if bPK received by PVP-Attribute matches OA -				} else if (MiscUtil.isNotEmpty(pvpbPKValue) &&  -						matchsReceivedbPKToOnlineApplication(oaParam, pvpbPKTypeAttr)) { -					Logger.debug("Receive correct bPK from PVP-Attribute"); -					authData.setBPK(pvpbPKValue); -					authData.setBPKType(pvpbPKTypeAttr); -					 -					//check if decrypted bPK exists -				} else if (pvpEncbPKAttr != null) { -					Logger.debug("Receive bPK as encrypted bPK and decryption was possible."); -					authData.setBPK(pvpEncbPKAttr.getFirst()); -					authData.setBPKType(pvpEncbPKAttr.getSecond()); +				Logger.debug("User is an OW. Set original IDL into authdata ... "); +				authData.setIdentityLink(session.getIdentityLink()); -					//ask SZR to get bPK -				} else { -					String notValidbPK = authData.getBPK();   -					String notValidbPKType = authData.getBPKType();					 -					if (MiscUtil.isEmpty(notValidbPK) &&  -							MiscUtil.isEmpty(notValidbPKType)) { -						notValidbPK = pvpbPKValue; -						notValidbPKType = pvpbPKTypeAttr; -						 -						if (MiscUtil.isEmpty(notValidbPK) &&  -								MiscUtil.isEmpty(notValidbPKType)) { -							Logger.fatal("No bPK in MOASession. THIS error should not occur any more."); -							throw new NullPointerException("No bPK in MOASession. THIS error should not occur any more.");							 -						}						 -					}	 -										 -					Pair<String, String> baseIDFromSZR = getbaseIDFromSZR(authData, notValidbPK, notValidbPKType); -					if (baseIDFromSZR != null) { -						Logger.info("Receive citizen baseID from SRZ. Authentication can be completed"); -						authData.setIdentificationValue(baseIDFromSZR.getFirst()); -						authData.setIdentificationType(baseIDFromSZR.getSecond()); -						Pair<String, String> result = buildOAspecificbPK(protocolRequest, oaParam, authData); -						authData.setBPK(result.getFirst()); -						authData.setBPKType(result.getSecond()); -						 -					} else { -						Logger.warn("Can not build authData, because moaSession include no valid bPK, encrypted bPK or baseID"); -						throw new MOAIDException("builder.08", new Object[]{"No valid " + PVPConstants.BPK_FRIENDLY_NAME -								+ " or " + PVPConstants.EID_SOURCE_PIN_FRIENDLY_NAME  -								+ " or " + PVPConstants.ENC_BPK_LIST_FRIENDLY_NAME}); -						 -					}					 -				} -								 -				//build IdentityLink -				if (identityLink != null) -					authData.setIdentityLink(buildOAspecificIdentityLink(oaParam, identityLink, authData.getBPK(), authData.getBPKType())); -				else if (idlFromPVPAttr != null) {					 -					authData.setIdentityLink(buildOAspecificIdentityLink(oaParam, idlFromPVPAttr, authData.getBPK(), authData.getBPKType())); -					Logger.debug("Set IdentityLink received from federated IDP"); -				} else { -					Logger.info("Can NOT set IdentityLink. Msg: No IdentityLink found"); -					 -				}            	                         -			} -			 +			}			  			//###################################################################  			//set PVP role attribute (implemented for ISA 1.18 action) @@ -738,7 +504,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu  				}				  			} -		} catch (BuildException e) { +		} catch (EAAFBuilderException e) {  			throw e;          } catch (Throwable ex) { @@ -747,38 +513,6 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu          }  	} - -	/** -	 * Check a bPK-Type against a Service-Provider configuration <br> -	 * If bPK-Type is <code>null</code> the result is <code>false</code>. -	 *  -	 * @param oaParam Service-Provider configuration, never null -	 * @param bPKType bPK-Type to check -	 * @return true, if bPK-Type matchs to Service-Provider configuration, otherwise false -	 * @throws ConfigurationException  -	 */ -	private boolean matchsReceivedbPKToOnlineApplication(IOAAuthParameters oaParam, String bPKType) throws ConfigurationException {						 -		return oaParam.getAreaSpecificTargetIdentifier().equals(bPKType); - -	} - -	private void parseBasicUserInfosFromIDL(AuthenticationData authData, IIdentityLink identityLink, Collection<String> includedGenericSessionData) { -		//baseID or wbpk in case of BusinessService without SSO or BusinessService SSO -		authData.setIdentificationValue(identityLink.getIdentificationValue()); -		authData.setIdentificationType(identityLink.getIdentificationType()); - -		authData.setGivenName(identityLink.getGivenName()); -		authData.setFamilyName(identityLink.getFamilyName()); -		authData.setDateOfBirth(identityLink.getDateOfBirth()); -		 -		//remove corresponding keys from genericSessionData if exists -		includedGenericSessionData.remove(PVPConstants.PRINCIPAL_NAME_NAME); -		includedGenericSessionData.remove(PVPConstants.GIVEN_NAME_NAME); -		includedGenericSessionData.remove(PVPConstants.BIRTHDATE_NAME); -		includedGenericSessionData.remove(PVPConstants.EID_SOURCE_PIN_NAME); -		includedGenericSessionData.remove(PVPConstants.EID_SOURCE_PIN_TYPE_NAME); -		 -	}  	/**  	 * @param authData @@ -786,7 +520,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu  	 * @param notValidbPKType  	 * @return  	 */ -	private Pair<String, String> getbaseIDFromSZR(AuthenticationData authData, String notValidbPK, +	@Override +	protected Pair<String, String> getbaseIDFromSZR(AuthenticationData authData, String notValidbPK,  			String notValidbPKType) {  		try {  			EgovUtilPropertiesConfiguration eGovClientsConfig = authConfig.geteGovUtilsConfig(); @@ -841,7 +576,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu  	 * MOASession as 'GenericData' <br> <pre><code>session.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class)</code></pre>  	 * to <code>authData</code>  	 *   -	 * @param session MOASession, but never null +	 * @param authProcessDataContainer MOASession, but never null  	 * @param authData AuthenticationData DAO  	 * @param spConfig Service-Provider configuration  	 *  @@ -849,194 +584,124 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu  	 *         or <code>null</code> if no attribute exists or can not decrypted  	 * @throws ConfigurationException   	 */ -	private Pair<String, String> getEncryptedbPKFromPVPAttribute(IAuthenticationSession session, -			MOAAuthenticationData authData, IOAAuthParameters spConfig) throws ConfigurationException { -		//set List of encrypted bPKs to authData DAO		 -		String pvpEncbPKListAttr = session.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class); -		if (MiscUtil.isNotEmpty(pvpEncbPKListAttr)) { -			List<String> encbPKList = Arrays.asList(pvpEncbPKListAttr.split(";"));							 -			authData.setEncbPKList(encbPKList);			 -			 -			//check if one of this encrypted bPK could be decrypt for this Service-Provider -			for (String fullEncbPK : encbPKList) { -				int index = fullEncbPK.indexOf("|");								  -				if (index >= 0) { -					String encbPK = fullEncbPK.substring(index+1); -					String second = fullEncbPK.substring(0, index);					 -					int secIndex = second.indexOf("+"); -					if (secIndex >= 0) { -						String oaTargetId = spConfig.getAreaSpecificTargetIdentifier(); -						if (oaTargetId.startsWith(MOAIDAuthConstants.PREFIX_CDID)) {						 -							String publicServiceShortTarget = oaTargetId.substring(MOAIDAuthConstants.PREFIX_CDID.length());						 -							if (publicServiceShortTarget.equals(second.substring(secIndex+1))) { -								Logger.debug("Found encrypted bPK for online-application "  -										+ spConfig.getPublicURLPrefix() -										+ " Start decryption process ..."); -								PrivateKey privKey = spConfig.getBPKDecBpkDecryptionKey(); -								if (privKey != null) { -									try { -										String bPK = BPKBuilder.decryptBPK(encbPK, publicServiceShortTarget, privKey); -										if (MiscUtil.isNotEmpty(bPK)) { -											Logger.info("bPK decryption process finished successfully."); -											return Pair.newInstance(bPK, oaTargetId); -																															 -										} else { -											Logger.error("bPK decryption FAILED."); -										 +	@Override +	protected Pair<String, String> getEncryptedbPKFromPVPAttribute(IAuthProcessDataContainer authProcessDataContainer, +			AuthenticationData authData, ISPConfiguration spConfig) throws EAAFBuilderException { +		//set List of encrypted bPKs to authData DAO +		if (authData instanceof MOAAuthenticationData &&  +				spConfig instanceof IOAAuthParameters) { +		 +			String pvpEncbPKListAttr = authProcessDataContainer.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class); +			if (MiscUtil.isNotEmpty(pvpEncbPKListAttr)) { +				List<String> encbPKList = Arrays.asList(pvpEncbPKListAttr.split(";"));							 +				((MOAAuthenticationData) authData).setEncbPKList(encbPKList);			 +				 +				//check if one of this encrypted bPK could be decrypt for this Service-Provider +				for (String fullEncbPK : encbPKList) { +					int index = fullEncbPK.indexOf("|");								  +					if (index >= 0) { +						String encbPK = fullEncbPK.substring(index+1); +						String second = fullEncbPK.substring(0, index);					 +						int secIndex = second.indexOf("+"); +						if (secIndex >= 0) { +							String oaTargetId = spConfig.getAreaSpecificTargetIdentifier(); +							if (oaTargetId.startsWith(MOAIDAuthConstants.PREFIX_CDID)) {						 +								String publicServiceShortTarget = oaTargetId.substring(MOAIDAuthConstants.PREFIX_CDID.length());						 +								if (publicServiceShortTarget.equals(second.substring(secIndex+1))) { +									Logger.debug("Found encrypted bPK for online-application "  +											+ spConfig.getUniqueIdentifier() +											+ " Start decryption process ..."); +									PrivateKey privKey = ((IOAAuthParameters) spConfig).getBPKDecBpkDecryptionKey(); +									if (privKey != null) { +										try { +											String bPK = BPKBuilder.decryptBPK(encbPK, publicServiceShortTarget, privKey); +											if (MiscUtil.isNotEmpty(bPK)) { +												Logger.info("bPK decryption process finished successfully."); +												return Pair.newInstance(bPK, oaTargetId); +																																 +											} else { +												Logger.error("bPK decryption FAILED."); +											 +											} +										} catch (EAAFBuilderException e) { +											Logger.error("bPK decryption FAILED.", e); +											  										} -									} catch (BuildException e) { -										Logger.error("bPK decryption FAILED.", e); -									} +									} else { +										Logger.info("bPK decryption FAILED, because no valid decryption key is found."); +										 +									}							  								} else { -									Logger.info("bPK decryption FAILED, because no valid decryption key is found."); +									Logger.info("Found encrypted bPK but " + +											"encrypted bPK target does not match to online-application target");  -								}							 +								}  							} else { -								Logger.info("Found encrypted bPK but " + -										"encrypted bPK target does not match to online-application target");  +								Logger.info("Encrypted bPKs are only allowed for public services with prefix: " + MOAIDAuthConstants.PREFIX_CDID  +										+ " BUT oaTarget is " + oaTargetId);  							} -							 -						} else { -							Logger.info("Encrypted bPKs are only allowed for public services with prefix: " + MOAIDAuthConstants.PREFIX_CDID  -									+ " BUT oaTarget is " + oaTargetId); -							 -						} -					}					 -				}							 -			} -		} -		 -		return null; -	} - -	/** -	 * Get bPK from PVP Attribute 'BPK_NAME', which could be exist in -	 * MOASession as 'GenericData' <br> <pre><code>session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class)</code></pre> -	 *  -	 * @param session MOASession, but never null -	 * @return bPK, which was received by PVP-Attribute, or <code>null</code> if no attribute exists -	 */ -	private String getbPKValueFromPVPAttribute(IAuthenticationSession session) { -		String pvpbPKValueAttr = session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class); -		if (MiscUtil.isNotEmpty(pvpbPKValueAttr)) { -			 -			//fix a wrong bPK-value prefix, which was used in some PVP Standardportal implementations -			if (pvpbPKValueAttr.startsWith("bPK:")) { -				Logger.warn("Attribute " + PVPConstants.BPK_NAME  -					+ " contains a not standardize prefix! Staring attribute value correction process ..."); -				pvpbPKValueAttr = pvpbPKValueAttr.substring("bPK:".length()); -				 -			} -			 -			String[] spitted = pvpbPKValueAttr.split(":"); -			if (spitted.length != 2) { -				Logger.warn("Attribute " + PVPConstants.BPK_NAME + " has a wrong encoding and can NOT be USED!" -						+ " Value:" + pvpbPKValueAttr); -				return null; -				 +						}					 +					}							 +				}  			} -			Logger.debug("Find PVP-Attr: " + PVPConstants.BPK_FRIENDLY_NAME); -			return spitted[1]; -		} +		} else +			Logger.warn("AuthData: " + authData.getClass().getName() + " or spConfig: " + spConfig.getClass().getName()  +					+ " are not MOAID data-objects");  		return null;  	} -	/** -	 * Get bPK-Type from PVP Attribute 'EID_SECTOR_FOR_IDENTIFIER_NAME', which could be exist in -	 * MOASession as 'GenericData' <br> <pre><code>session.getGenericDataFromSession(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class)</code></pre> -	 *  -	 * @param session MOASession, but never null -	 * @return bPKType, which was received by PVP-Attribute, or <code>null</code> if no attribute exists -	 */ -	private String getbPKTypeFromPVPAttribute(IAuthenticationSession session) { -		String pvpbPKTypeAttr = session.getGenericDataFromSession(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class);  -		if (MiscUtil.isNotEmpty(pvpbPKTypeAttr)) { -			 -			//fix a wrong bPK-Type encoding, which was used in some PVP Standardportal implementations -			if (pvpbPKTypeAttr.startsWith(Constants.URN_PREFIX_CDID) &&  -					!pvpbPKTypeAttr.substring(Constants.URN_PREFIX_CDID.length(),  -							Constants.URN_PREFIX_CDID.length() + 1).equals("+")) {				 -				Logger.warn("Receive uncorrect encoded bBKType attribute " + pvpbPKTypeAttr + " Starting attribute value correction ... "); -				pvpbPKTypeAttr = Constants.URN_PREFIX_CDID + "+" + pvpbPKTypeAttr.substring(Constants.URN_PREFIX_CDID.length() + 1);  -				 -			} -			Logger.debug("Find PVP-Attr: " + PVPConstants.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME); -			return pvpbPKTypeAttr; -		} -		 -		return null; - - -		/* -		 * INFO: This code could be used to extract the bPKType from 'PVPConstants.BPK_NAME', -		 *       because the prefix of BPK_NAME attribute contains the postfix of the bPKType -		 *        -		 *       Now, all PVP Standardportals should be able to send 'EID_SECTOR_FOR_IDENTIFIER' -		 *       PVP attributes   -		 */ -//		String pvpbPKValueAttr = session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class); -//		String[] spitted = pvpbPKValueAttr.split(":"); -//		if (MiscUtil.isEmpty(authData.getBPKType())) { -//			Logger.debug("PVP assertion contains NO bPK/wbPK target attribute. " + -//					"Starting target extraction from bPK/wbPK prefix ..."); -//			//exract bPK/wbPK type from bpk attribute value prefix if type is  -//			//not transmitted as single attribute -//		    Pattern pattern = Pattern.compile("[a-zA-Z]{2}(-[a-zA-Z]+)?"); -//		    Matcher matcher = pattern.matcher(spitted[0]); -//		    if (matcher.matches()) { -//		    	//find public service bPK -//		    	authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + spitted[0]); -//		    	Logger.debug("Found bPK prefix. Set target to " + authData.getBPKType()); -//		    	    -//		    } else { -//		    	//find business service wbPK -//		    	authData.setBPKType(Constants.URN_PREFIX_WBPK+ "+" + spitted[0]); -//		    	Logger.debug("Found wbPK prefix. Set target to " + authData.getBPKType()); -//		    	    -//		    }			    	  				 -//		} -		 -	} +	@Override +	protected IIdentityLink buildOAspecificIdentityLink(ISPConfiguration spConfig, IIdentityLink idl, String bPK, String bPKType) throws EAAFConfigurationException, XPathException, DOMException, EAAFParserException { +		if (spConfig.hasBaseIdTransferRestriction()) { +			try { +				Element idlassertion = idl.getSamlAssertion(); +             +				//set bpk/wpbk; +				Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); +				prIdentification.getFirstChild().setNodeValue(bPK); -	private IIdentityLink buildOAspecificIdentityLink(IOAAuthParameters oaParam, IIdentityLink idl, String bPK, String bPKType) throws MOAIDException, EAAFConfigurationException, XPathException, DOMException { -		if (oaParam.hasBaseIdTransferRestriction()) { -            Element idlassertion = idl.getSamlAssertion(); -            //set bpk/wpbk; -	        Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); -	        prIdentification.getFirstChild().setNodeValue(bPK); -            //set bkp/wpbk type -            Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); -            prIdentificationType.getFirstChild().setNodeValue(bPKType); +				//set bkp/wpbk type +				Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); +				prIdentificationType.getFirstChild().setNodeValue(bPKType); -            IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); -            IIdentityLink businessServiceIdl = idlparser.parseIdentityLink(); +				IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); +				IIdentityLink businessServiceIdl = idlparser.parseIdentityLink(); -            //resign IDL -			IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();					 -			Element resignedilAssertion; - -			if (authConfig.isIdentityLinkResigning()) { -				resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), authConfig.getIdentityLinkResigningKey()); -			} else { -				resignedilAssertion = businessServiceIdl.getSamlAssertion(); +				//resign IDL +				IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();					 +				Element resignedilAssertion; +  +				if (authConfig.isIdentityLinkResigning()) { +					resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), authConfig.getIdentityLinkResigningKey());				 +				} else { +					resignedilAssertion = businessServiceIdl.getSamlAssertion(); +				} +				 +				IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion); +				return resignedIDLParser.parseIdentityLink(); +				 +			} catch (MOAIDException e) { +				Logger.warn("Can not build OA specific IDL. Reason: " + e.getMessage(), e); +				throw new EAAFParserException("TODO", null,  +						"Can not build OA specific IDL. Reason: " + e.getMessage(), e); +				  			} -			IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion); -			return resignedIDLParser.parseIdentityLink();          } else          	return idl; -        	 -		 -	}		 - - -	private Pair<String, String> buildOAspecificbPK(IRequest pendingReq, IOAAuthParameters oaParam, AuthenticationData authData) throws BuildException, ConfigurationException  { +        			 +	} +	 +	 +	@Override +	protected Pair<String, String> buildOAspecificbPK(IRequest pendingReq, AuthenticationData authData) throws EAAFBuilderException { +		ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration();  		String baseID = authData.getIdentificationValue();  		String baseIDType = authData.getIdentificationType();		 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java deleted file mode 100644 index 4bc4a7e81..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ /dev/null @@ -1,359 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.builder; - -import java.security.InvalidKeyException; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.text.SimpleDateFormat; -import java.util.Date; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; - -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.MiscUtil; - -/** - * Builder for the bPK, as defined in - * <code>"Ableitung f¨r die bereichsspezifische Personenkennzeichnung"</code> - * version <code>1.0.1</code> from <code>"reference.e-government.gv.at"</code>. - * - * @author Paul Schamberger - * @version $Id$ - */ -public class BPKBuilder { - -	/** -	 * Calculates an area specific unique person-identifier from a baseID -	 *  -	 * @param baseID baseId from user but never null -	 * @param targetIdentifier target identifier for area specific identifier calculation but never null -	 * @return Pair<unique person identifier for this target, targetArea> but never null -	 * @throws BuildException if some input data are not valid  -	 */ -	public Pair<String, String> generateAreaSpecificPersonIdentifier(String baseID, String targetIdentifier) throws BuildException{ -		return generateAreaSpecificPersonIdentifier(baseID, Constants.URN_PREFIX_BASEID, targetIdentifier); -		 -	} -	 -	/** -	 * Calculates an area specific unique person-identifier from an unique identifier with a specific type -	 *  -	 * @param baseID baseId from user but never null -	 * @param baseIdType Type of the baseID but never null -	 * @param targetIdentifier target identifier for area specific identifier calculation but never null -	 * @return Pair<unique person identifier for this target, targetArea> but never null -	 * @throws BuildException if some input data are not valid  -	 */ -	public Pair<String, String> generateAreaSpecificPersonIdentifier(String baseID, String baseIdType, String targetIdentifier) throws BuildException{ -		if (MiscUtil.isEmpty(baseID)) -			throw new BuildException("builder.00", new Object[]{"baseID is empty or null"}); - -		if (MiscUtil.isEmpty(baseIdType)) -			throw new BuildException("builder.00", new Object[]{"the type of baseID is empty or null"}); -		 -		if (MiscUtil.isEmpty(targetIdentifier))  -			throw new BuildException("builder.00", new Object[]{"OA specific target identifier is empty or null"}); - -		if (baseIdType.equals(Constants.URN_PREFIX_BASEID)) { -			Logger.trace("Find baseID. Starting unique identifier caluclation for this target"); -			 -			if (targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_CDID) ||  -					targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_WPBK) ||  -					targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_STORK)) { -				Logger.trace("Calculate bPK, wbPK, or STORK identifier for target: " + targetIdentifier); -				return Pair.newInstance(calculatebPKwbPK(baseID + "+" + targetIdentifier), targetIdentifier); -													 -			} else if (targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_EIDAS)) { -				Logger.trace("Calculate eIDAS identifier for target: " + targetIdentifier); -				String[] splittedTarget = targetIdentifier.split("\\+"); -				String cititzenCountryCode = splittedTarget[1]; -				String eIDASOutboundCountry = splittedTarget[2];				  -				  -				if (cititzenCountryCode.equalsIgnoreCase(eIDASOutboundCountry)) { -					Logger.warn("Suspect configuration FOUND!!! CitizenCountry equals DestinationCountry"); -					  -				} -				return buildeIDASIdentifer(baseID, baseIdType, cititzenCountryCode, eIDASOutboundCountry); -				 -				 -			} else -				throw new BuildException("builder.00",  -						new Object[]{"Target identifier: " + targetIdentifier + " is NOT allowed or unknown"}); -		 -		} else { -			Logger.trace("BaseID is not of type " + Constants.URN_PREFIX_BASEID + ". Check type against requested target ..."); -			if (baseIdType.equals(targetIdentifier)) { -				Logger.debug("Unique identifier is already area specific. Is nothing todo"); -				return Pair.newInstance(baseID, targetIdentifier); -				 -			} else { -				Logger.warn("Get unique identifier for target: " + baseIdType + " but target: " + targetIdentifier + " is required!"); -				throw new BuildException("builder.00",  -						new Object[]{"Get unique identifier for target: " + baseIdType + " but target: " + targetIdentifier + " is required"}); -				 -			}			 -		}						 -	} -	 -	 -    /** -     * Builds the storkeid from the given parameters. -     * -     * @param baseID baseID of the citizen -     * @param baseIDType Type of the baseID -     * @param sourceCountry CountryCode of that country, which build the eIDAs ID -     * @param destinationCountry CountryCode of that country, which receives the eIDAs ID -     *  -     * @return Pair<eIDAs, bPKType> in a BASE64 encoding -     * @throws BuildException if an error occurs on building the wbPK -     */ -    private Pair<String, String> buildeIDASIdentifer(String baseID, String baseIDType, String sourceCountry, String destinationCountry) -            throws BuildException {         -        String bPK = null; -        String bPKType = null; -         -        // check if we have been called by public sector application -        if (baseIDType.startsWith(Constants.URN_PREFIX_BASEID)) { -        	bPKType = Constants.URN_PREFIX_EIDAS + "+" + sourceCountry + "+" + destinationCountry; -            Logger.debug("Building eIDAS identification from: [identValue]+" + bPKType);          -            bPK = calculatebPKwbPK(baseID + "+"  + bPKType); -             -        } else { // if not, sector identification value is already calculated by BKU -            Logger.debug("eIDAS eIdentifier already provided by BKU"); -            bPK = baseID; -        } - -        if ((MiscUtil.isEmpty(bPK) || -                MiscUtil.isEmpty(sourceCountry) || -                	MiscUtil.isEmpty(destinationCountry))) { -            throw new BuildException("builder.00", -                    new Object[]{"eIDAS-ID", "Unvollständige Parameterangaben: identificationValue=" + -                            bPK + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry}); -        } -         -        Logger.debug("Building eIDAS identification from: " + sourceCountry+"/"+destinationCountry+"/" + "[identValue]"); -        String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bPK; -         -        return Pair.newInstance(eIdentifier, bPKType); -    } -	 -//    /** -//     * Builds the bPK from the given parameters. -//     * -//     * @param identificationValue Base64 encoded "Stammzahl" -//     * @param target              "Bereich lt. Verordnung des BKA" -//     * @return bPK in a BASE64 encoding -//     * @throws BuildException if an error occurs on building the bPK -//     */ -//    private String buildBPK(String identificationValue, String target) -//            throws BuildException { -// -//        if ((identificationValue == null || -//                identificationValue.length() == 0 || -//                target == null || -//                target.length() == 0)) { -//            throw new BuildException("builder.00", -//                    new Object[]{"BPK", "Unvollständige Parameterangaben: identificationValue=" + -//                            identificationValue + ",target=" + target}); -//        } -//        String basisbegriff; -//        if (target.startsWith(Constants.URN_PREFIX_CDID + "+")) -//            basisbegriff = identificationValue + "+" + target; -//        else -//            basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target; -// -//        return calculatebPKwbPK(basisbegriff); -//    } -// -//    /** -//     * Builds the wbPK from the given parameters. -//     * -//     * @param identificationValue Base64 encoded "Stammzahl" -//     * @param registerAndOrdNr    type of register + "+" + number in register. -//     * @return wbPK in a BASE64 encoding -//     * @throws BuildException if an error occurs on building the wbPK -//     */ -//    private String buildWBPK(String identificationValue, String registerAndOrdNr) -//            throws BuildException { -// -//        if ((identificationValue == null || -//                identificationValue.length() == 0 || -//                registerAndOrdNr == null || -//                registerAndOrdNr.length() == 0)) { -//            throw new BuildException("builder.00", -//                    new Object[]{"wbPK", "Unvollständige Parameterangaben: identificationValue=" + -//                            identificationValue + ",Register+Registernummer=" + registerAndOrdNr}); -//        } -// -//        String basisbegriff; -//        if (registerAndOrdNr.startsWith(Constants.URN_PREFIX_WBPK + "+")) -//            basisbegriff = identificationValue + "+" + registerAndOrdNr; -//        else -//            basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; -// -//        return calculatebPKwbPK(basisbegriff); -//    } -// -//    private String buildbPKorwbPK(String baseID, String bPKorwbPKTarget) throws BuildException { -//    	if (MiscUtil.isEmpty(baseID) ||  -//    			!(bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_CDID + "+") ||  -//    					bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_WBPK + "+") ||  -//    					bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_STORK + "+")) ) { -//    		throw new BuildException("builder.00", -//                    new Object[]{"bPK/wbPK", "bPK or wbPK target " + bPKorwbPKTarget  -//    					+ " has an unkown prefix."}); -//    		 -//    	} -//    	 -//    	return calculatebPKwbPK(baseID + "+" + bPKorwbPKTarget); -//    	 -//    } -     -	public static String encryptBPK(String bpk, String target, PublicKey publicKey) throws BuildException { -		MiscUtil.assertNotNull(bpk, "BPK"); -		MiscUtil.assertNotNull(publicKey, "publicKey"); -		 -		SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss"); -		if (target.startsWith(Constants.URN_PREFIX_CDID + "+")) -			target = target.substring((Constants.URN_PREFIX_CDID + "+").length()); -		 -		String input = "V1::urn:publicid:gv.at:cdid+" + target + "::" -		    + bpk + "::" -		    + sdf.format(new Date()); -		System.out.println(input); -		byte[] result; -		try { -			byte[] inputBytes = input.getBytes("ISO-8859-1"); -			result = encrypt(inputBytes, publicKey); -			return new String(Base64Utils.encode(result, "ISO-8859-1")).replaceAll("\r\n", ""); -			 -		} catch (Exception e) { -			throw new BuildException("bPK encryption FAILED", null, e); -		}		 -	} - -	public static String decryptBPK(String encryptedBpk, String target, PrivateKey privateKey) throws BuildException { -		MiscUtil.assertNotEmpty(encryptedBpk, "Encrypted BPK"); -		MiscUtil.assertNotNull(privateKey, "Private key"); -		String decryptedString; -		try { -			byte[] encryptedBytes = Base64Utils.decode(encryptedBpk, false, "ISO-8859-1"); -			byte[] decryptedBytes = decrypt(encryptedBytes, privateKey); -			decryptedString = new String(decryptedBytes, "ISO-8859-1"); -			 -		} catch (Exception e) { -			throw new BuildException("bPK decryption FAILED", null, e); -		} -		String tmp = decryptedString.substring(decryptedString.indexOf('+') + 1); -		String sector = tmp.substring(0, tmp.indexOf("::")); -		tmp = tmp.substring(tmp.indexOf("::") + 2); -		String bPK = tmp.substring(0, tmp.indexOf("::")); - -		if (target.startsWith(Constants.URN_PREFIX_CDID + "+")) -			target = target.substring((Constants.URN_PREFIX_CDID + "+").length()); -		 -		if (target.equals(sector)) -			return bPK; -		 -		else { -			Logger.error("Decrypted bPK does not match to request bPK target."); -			return null; -		}		 -	} -         -    private String calculatebPKwbPK(String basisbegriff) throws BuildException { -    	try { -            MessageDigest md = MessageDigest.getInstance("SHA-1"); -            byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); -            String hashBase64 = Base64Utils.encode(hash); -            return hashBase64; -             -        } catch (Exception ex) { -            throw new BuildException("builder.00", new Object[]{"bPK/wbPK", ex.toString()}, ex); -        } -    	 -    } -     -	private static byte[] encrypt(byte[] inputBytes, PublicKey publicKey) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { -		byte[] result; -		Cipher cipher = null; -		try { -			cipher = Cipher.getInstance("RSA/ECB/OAEPPadding"); // try with bouncycastle -		} catch(NoSuchAlgorithmException e) { -			cipher = Cipher.getInstance("RSA/ECB/OAEP"); // try with iaik provider -		} -		cipher.init(Cipher.ENCRYPT_MODE, publicKey); -		result = cipher.doFinal(inputBytes); -		 -		return result; -	} - -	private static byte[] decrypt(byte[] encryptedBytes, PrivateKey privateKey)  -			throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException{ -		byte[] result; -		Cipher cipher = null; -		try { -			cipher = Cipher.getInstance("RSA/ECB/OAEPPadding"); // try with bouncycastle -		} catch(NoSuchAlgorithmException e) { -			cipher = Cipher.getInstance("RSA/ECB/OAEP"); // try with iaik provider -		} -		cipher.init(Cipher.DECRYPT_MODE, privateKey); -		result = cipher.doFinal(encryptedBytes); -		return result; -	} -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java index aa462c480..3dfba9cca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java @@ -10,12 +10,13 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.Identificati  import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;  import at.gv.egiz.eaaf.core.api.idp.IAuthData;  import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;  import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;  import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;  import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;  import at.gv.egiz.eaaf.modules.pvp2.idp.api.builder.ISubjectNameIdGenerator;  import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException; -import at.gv.egovernment.moa.id.auth.exception.BuildException;  import at.gv.egovernment.moa.id.data.IMOAAuthData;  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;  import at.gv.egovernment.moa.id.util.MandateBuilder; @@ -97,7 +98,7 @@ public class MOAIDSubjectNameIdGenerator implements ISubjectNameIdGenerator {  				try {  					return new BPKBuilder().generateAreaSpecificPersonIdentifier(bpk, spConfig.getAreaSpecificTargetIdentifier()); -				} catch (BuildException e) { +				} catch (EAAFBuilderException e) {  					Logger.warn("Can NOT generate SubjectNameId." , e);  					throw new ResponderErrorException("pvp2.01", null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index d23e32c81..926bfe242 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -48,13 +48,13 @@ import java.util.Map;  import org.apache.commons.collections4.map.HashedMap; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;  import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants;  import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;  import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;  import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;  import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; -import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.Constants;  import at.gv.egovernment.moa.util.MiscUtil; @@ -618,17 +618,17 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi  	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setGenericDataToSession(java.lang.String, java.lang.Object)  	 */  	@Override -	public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException { +	public void setGenericDataToSession(String key, Object object) throws EAAFStorageException {  		if (MiscUtil.isEmpty(key)) {  			Logger.warn("Generic session-data can not be stored with a 'null' key"); -			throw new SessionDataStorageException("Generic session-data can not be stored with a 'null' key", null); +			throw new EAAFStorageException("Generic session-data can not be stored with a 'null' key");  		}  		if (object != null) {  			if (!Serializable.class.isInstance(object)) {  				Logger.warn("Generic session-data can only store objects which implements the 'Seralizable' interface"); -				throw new SessionDataStorageException("Generic session-data can only store objects which implements the 'Seralizable' interface", null); +				throw new EAAFStorageException("Generic session-data can only store objects which implements the 'Seralizable' interface");  			}						  		} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java index fb584047e..aea6f26fb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java @@ -26,79 +26,35 @@ import java.security.cert.CertificateEncodingException;  import java.security.cert.CertificateException;  import java.util.ArrayList;  import java.util.Collections; -import java.util.Date; -import java.util.HashMap;  import java.util.List;  import java.util.Map; -import at.gv.egiz.eaaf.core.api.data.EAAFConstants;  import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;  import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants;  import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;  import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;  import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;  import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; -import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;  import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil;  import iaik.x509.X509Certificate;  /**   * @author tlenz   *    */ -public class AuthenticationSessionWrapper implements IAuthenticationSession, AuthProzessDataConstants { +public class AuthenticationSessionWrapper extends AuthProcessDataWrapper implements IAuthenticationSession, AuthProzessDataConstants { -		 -	private Map<String, Object> sessionData;  	/**  	 * @param genericDataStorage  	 */  	public AuthenticationSessionWrapper(Map<String, Object> genericDataStorage) { -		this.sessionData = genericDataStorage; -	} -	 -	private <T> T wrapStringObject(String key, Object defaultValue, Class<T> clazz) {		 -		if (MiscUtil.isNotEmpty(key)) { -			Object obj = sessionData.get(key); -			if (obj != null && clazz.isInstance(obj)) -				return (T) obj; -		} +		super(genericDataStorage); -		if (defaultValue == null) -			return null; -		 -		else if (clazz.isInstance(defaultValue)) -			return (T)defaultValue; -			 -		else { -			Logger.error("DefaultValue: " + defaultValue.getClass().getName() + " is not of Type:" + clazz.getName()); -			throw new IllegalStateException("DefaultValue: " + defaultValue.getClass().getName() + " is not of Type:" + clazz.getName()); -				 -		}		  	} +		 -	 -	/* (non-Javadoc) -	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isAuthenticated() -	 */ -	@Override -	public boolean isAuthenticated() { -		return wrapStringObject(FLAG_IS_AUTHENTICATED, false, Boolean.class); - -	} - -	/* (non-Javadoc) -	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthenticated(boolean) -	 */ -	@Override -	public void setAuthenticated(boolean authenticated) { -		sessionData.put(FLAG_IS_AUTHENTICATED, authenticated); - -	} -  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSignerCertificate()  	 */ @@ -133,7 +89,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut  	@Override  	public void setSignerCertificate(X509Certificate signerCertificate) {  		try { -			sessionData.put(VALUE_SIGNER_CERT, signerCertificate.getEncoded()); +			authProcessData.put(VALUE_SIGNER_CERT, signerCertificate.getEncoded());  		}catch (CertificateEncodingException e) {  			Logger.warn("Signer certificate can not be stored to session database!", e); @@ -142,15 +98,6 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut  	}  	/* (non-Javadoc) -	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIdentityLink() -	 */ -	@Override -	public IIdentityLink getIdentityLink() { -		return wrapStringObject(VALUE_IDENTITYLINK, null, IIdentityLink.class); -		 -	} - -	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionID()  	 */  	@Override @@ -160,20 +107,11 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut  	}  	/* (non-Javadoc) -	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIdentityLink(at.gv.egovernment.moa.id.auth.data.IdentityLink) -	 */ -	@Override -	public void setIdentityLink(IIdentityLink identityLink) { -		sessionData.put(VALUE_IDENTITYLINK, identityLink); - -	} - -	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSessionID(java.lang.String)  	 */  	@Override  	public void setSSOSessionID(String sessionId) { -		sessionData.put(ISSOManager.AUTH_DATA_SSO_SESSIONID, sessionId); +		authProcessData.put(ISSOManager.AUTH_DATA_SSO_SESSIONID, sessionId);  	} @@ -190,7 +128,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut  	 */  	@Override  	public void setBkuURL(String bkuURL) { -		sessionData.put(VALUE_BKUURL, bkuURL); +		authProcessData.put(VALUE_BKUURL, bkuURL);  	} @@ -207,7 +145,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut  	 */  	@Override  	public void setAuthBlock(String authBlock) { -		sessionData.put(VALUE_AUTHBLOCK, authBlock); +		authProcessData.put(VALUE_AUTHBLOCK, authBlock);  	} @@ -224,7 +162,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut  	 */  	@Override  	public void setExtendedSAMLAttributesAUTH(List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH) { -		sessionData.put(VALUE_EXTENTEDSAMLATTRAUTH, extendedSAMLAttributesAUTH); +		authProcessData.put(VALUE_EXTENTEDSAMLATTRAUTH, extendedSAMLAttributesAUTH);  	} @@ -241,7 +179,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut  	 */  	@Override  	public void setExtendedSAMLAttributesOA(List<ExtendedSAMLAttribute> extendedSAMLAttributesOA) { -		sessionData.put(VALUE_EXTENTEDSAMLATTROA, extendedSAMLAttributesOA); +		authProcessData.put(VALUE_EXTENTEDSAMLATTROA, extendedSAMLAttributesOA);  	} @@ -258,24 +196,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut  	 */  	@Override  	public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) { -		sessionData.put(FLAG_SAMLATTRIBUTEGEBEORWBPK, samlAttributeGebeORwbpk); - -	} - -	/* (non-Javadoc) -	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant() -	 */ -	@Override -	public String getIssueInstant() { -		return wrapStringObject(VALUE_ISSUEINSTANT, null, String.class); -	} - -	/* (non-Javadoc) -	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIssueInstant(java.lang.String) -	 */ -	@Override -	public void setIssueInstant(String issueInstant) { -		sessionData.put(VALUE_ISSUEINSTANT, issueInstant); +		authProcessData.put(FLAG_SAMLATTRIBUTEGEBEORWBPK, samlAttributeGebeORwbpk);  	} @@ -292,28 +213,11 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut  	}  	/* (non-Javadoc) -	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandates(boolean) -	 */ -	@Override -	public void setUseMandates(boolean useMandates) { -		sessionData.put(FLAG_USE_MANDATE, useMandates); - -	} - -	/* (non-Javadoc) -	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isMandateUsed() -	 */ -	@Override -	public boolean isMandateUsed() { -		return wrapStringObject(FLAG_USE_MANDATE, false, Boolean.class); -	} - -	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISSessionID(java.lang.String)  	 */  	@Override  	public void setMISSessionID(String misSessionID) { -		sessionData.put(VALUE_MISSESSIONID, misSessionID); +		authProcessData.put(VALUE_MISSESSIONID, misSessionID);  	} @@ -338,24 +242,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut  	 */  	@Override  	public void setMandateReferenceValue(String mandateReferenceValue) { -		sessionData.put(VALUE_MISREFVALUE, mandateReferenceValue); - -	} - -	/* (non-Javadoc) -	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isForeigner() -	 */ -	@Override -	public boolean isForeigner() { -		return wrapStringObject(FLAG_IS_FOREIGNER, false, Boolean.class); -	} - -	/* (non-Javadoc) -	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setForeigner(boolean) -	 */ -	@Override -	public void setForeigner(boolean isForeigner) { -		sessionData.put(FLAG_IS_FOREIGNER, isForeigner); +		authProcessData.put(VALUE_MISREFVALUE, mandateReferenceValue);  	} @@ -372,7 +259,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut  	 */  	@Override  	public void setXMLVerifySignatureResponse(IVerifiyXMLSignatureResponse xMLVerifySignatureResponse) { -		sessionData.put(VALUE_VERIFYSIGRESP, xMLVerifySignatureResponse); +		authProcessData.put(VALUE_VERIFYSIGRESP, xMLVerifySignatureResponse);  	} @@ -389,27 +276,10 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut  	 */  	@Override  	public void setMISMandate(IMISMandate mandate) { -		sessionData.put(VALUE_MISMANDATE, mandate); - -	} - -	/* (non-Javadoc) -	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isOW() -	 */ -	@Override -	public boolean isOW() { -		return wrapStringObject(FLAG_IS_ORGANWALTER, false, Boolean.class); -	} - -	/* (non-Javadoc) -	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setOW(boolean) -	 */ -	@Override -	public void setOW(boolean isOW) { -		sessionData.put(FLAG_IS_ORGANWALTER, isOW); +		authProcessData.put(VALUE_MISMANDATE, mandate);  	} - +	  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlockTokken()  	 */ @@ -423,78 +293,13 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut  	 */  	@Override  	public void setAuthBlockTokken(String authBlockTokken) { -		sessionData.put(VALUE_AUTNBLOCKTOKKEN, authBlockTokken); - -	} - -	/* (non-Javadoc) -	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getQAALevel() -	 */ -	@Override -	public String getQAALevel() { -		return wrapStringObject(VALUE_QAALEVEL, null, String.class); -	} - -	/* (non-Javadoc) -	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setQAALevel(java.lang.String) -	 */ -	@Override -	public void setQAALevel(String qAALevel) { -		sessionData.put(VALUE_QAALEVEL, qAALevel); - -	} - -	/* (non-Javadoc) -	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionCreated() -	 */ -	@Override -	public Date getSessionCreated() { -		return wrapStringObject(EAAFConstants.AUTH_DATA_CREATED, null, Date.class); -	} - -	/* (non-Javadoc) -	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericSessionDataStorage() -	 */ -	@Override -	public Map<String, Object> getGenericSessionDataStorage() { -		Map<String, Object> result = new HashMap<String, Object>();		 -		for (String el : sessionData.keySet()) { -			if (el.startsWith(GENERIC_PREFIX)) -				result.put(el.substring(GENERIC_PREFIX.length()), sessionData.get(el)); -			 -		} -		 -		return result; -	} - -	/* (non-Javadoc) -	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String) -	 */ -	@Override -	public Object getGenericDataFromSession(String key) { -		return sessionData.get(GENERIC_PREFIX + key);  -	} - -	/* (non-Javadoc) -	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String, java.lang.Class) -	 */ -	@Override -	public <T> T getGenericDataFromSession(String key, Class<T> clazz) { -		return wrapStringObject(GENERIC_PREFIX + key, null, clazz); -	} - -	/* (non-Javadoc) -	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setGenericDataToSession(java.lang.String, java.lang.Object) -	 */ -	@Override -	public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException { -		sessionData.put(GENERIC_PREFIX + key, object); +		authProcessData.put(VALUE_AUTNBLOCKTOKKEN, authBlockTokken);  	}  	@Override  	public Map<String, Object> getKeyValueRepresentationFromAuthSession() { -		return Collections.unmodifiableMap(sessionData); +		return Collections.unmodifiableMap(authProcessData);  	} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java deleted file mode 100644 index 2690bc2cc..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java +++ /dev/null @@ -1,312 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - *  - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - *  - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - *  - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.data; - -import java.io.IOException; -import java.io.Serializable; -import java.security.PublicKey; - -import javax.xml.transform.TransformerException; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; -import at.gv.egovernment.moa.util.DOMUtils; - - -/** - * Data contained in an identity link issued by BMI, relevant to the MOA ID component. - * <br><code>"IdentityLink"</code> is the translation of <code>"Personenbindung"</code>. - *  - * @author Paul Ivancsics - * @version $Id$ - */ -public class IdentityLink implements Serializable, IIdentityLink{ - -	private static final long serialVersionUID = 1L; -	 -	/** -	 * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>. -	 */ -	private String identificationValue; -	/** -	* <code>"identificationType"</code> type of the identificationValue in the IdentityLink. -	*/ -	private String identificationType; -	/** -	 * first name -	 */ -	private String givenName; -	/** -	 * family name -	 */ -	private String familyName; -   -  /** -   * The name as (givenName + familyName) -   */ -  private String name; -	/** -	 * date of birth -	 */ -	private String dateOfBirth; -  /** -   * the original saml:Assertion-Element -   */ -	private Element samlAssertion; -  /** -   * the serializes saml:Assertion -   */ -  private String serializedSamlAssertion; -	/** -	 * Element /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person -	 */ -	private Element prPerson; -  /** -   * we need for each dsig:Reference Element all -   * transformation elements -   */ -  private Element[] dsigReferenceTransforms; -   -  /** -   * The issuing time of the identity link SAML assertion. -   */ -  private String issueInstant; - -  /** -   * we need all public keys stored in  -   * the identity link -   */ -  private PublicKey[] publicKey; - -	/** -	 * Constructor for IdentityLink -	 */ -	public IdentityLink() { -	} - -  /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDateOfBirth() - */ -  @Override -public String getDateOfBirth() { -    return dateOfBirth; -  } - -  /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getFamilyName() - */ -  @Override -public String getFamilyName() { -    return familyName; -  } - -  /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getGivenName() - */ -  @Override -public String getGivenName() { -    return givenName; -  } -   -  /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getName() - */ -  @Override -public String getName() { -    if (name == null) { -      name = givenName + " " + familyName; -    } -    return name; -  } -   -  /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationValue() - */ -  @Override -public String getIdentificationValue() { -    return identificationValue; -  } - -	/* (non-Javadoc) -	 * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationType() -	 */ -	@Override -	public String getIdentificationType() { -		return identificationType; -	} - -  /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDateOfBirth(java.lang.String) - */ -  @Override -public void setDateOfBirth(String dateOfBirth) { -    this.dateOfBirth = dateOfBirth; -  } - -  /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setFamilyName(java.lang.String) - */ -  @Override -public void setFamilyName(String familyName) { -    this.familyName = familyName; -  } - -  /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setGivenName(java.lang.String) - */ -  @Override -public void setGivenName(String givenName) { -    this.givenName = givenName; -  } - -  /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationValue(java.lang.String) - */ -  @Override -public void setIdentificationValue(String identificationValue) { -    this.identificationValue = identificationValue; -  } -   -	/* (non-Javadoc) -	 * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationType(java.lang.String) -	 */ -	@Override -	public void setIdentificationType(String identificationType) { -		this.identificationType = identificationType; -	} - -  /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSamlAssertion() - */ -  @Override -public Element getSamlAssertion() { -    return samlAssertion; -  } -   -  /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSerializedSamlAssertion() - */ -  @Override -public String getSerializedSamlAssertion() { -    return serializedSamlAssertion; -  } - -  /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setSamlAssertion(org.w3c.dom.Element) - */ -  @Override -public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException { -    this.samlAssertion = samlAssertion; -    this.serializedSamlAssertion = DOMUtils.serializeNode(samlAssertion);     -  } - -  /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDsigReferenceTransforms() - */ -  @Override -public Element[] getDsigReferenceTransforms() { -    return dsigReferenceTransforms; -  } - -  /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDsigReferenceTransforms(org.w3c.dom.Element[]) - */ -  @Override -public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) { -    this.dsigReferenceTransforms = dsigReferenceTransforms; -  } - -  /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPublicKey() - */ -  @Override -public PublicKey[] getPublicKey() { -    return publicKey; -  } - -  /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPublicKey(java.security.PublicKey[]) - */ -  @Override -public void setPublicKey(PublicKey[] publicKey) { -    this.publicKey = publicKey; -  } - -  /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPrPerson() - */ -  @Override -public Element getPrPerson() { -    return prPerson; -  } - -  /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPrPerson(org.w3c.dom.Element) - */ -  @Override -public void setPrPerson(Element prPerson) { -    this.prPerson = prPerson; -  } -   -   /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIssueInstant() - */ -  @Override -public String getIssueInstant() { -    return issueInstant; -  } - -  /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIssueInstant(java.lang.String) - */ -  @Override -public void setIssueInstant(String issueInstant) { -    this.issueInstant = issueInstant; -  } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java index 8f7364f62..3ff22b84d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java @@ -58,15 +58,15 @@ import java.util.List;  import org.w3c.dom.Element;  import org.w3c.dom.traversal.NodeIterator; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.IdentityLink; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;  import at.gv.egovernment.moa.id.auth.exception.ECDSAConverterException;  import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;  import at.gv.egovernment.moa.id.util.ECDSAKeyValueConverter;  import at.gv.egovernment.moa.util.Base64Utils;  import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils;  /**   * Parses an identity link <code><saml:Assertion></code> @@ -259,7 +259,7 @@ public class IdentityLinkAssertionParser {    public IIdentityLink parseIdentityLink() throws ParseException {      IIdentityLink identityLink; -    try { +    try {         identityLink = new IdentityLink();        identityLink.setSamlAssertion(assertionElem);        identityLink.setIssueInstant(assertionElem.getAttribute(ISSUE_INSTANT_ATTR)); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java index b54a43fff..e6b4e9bb8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java @@ -54,12 +54,12 @@ import java.io.InputStream;  import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;  import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;  import at.gv.egovernment.moa.id.auth.exception.ParseException;  import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;  import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils;  /**   * Parses a <code><VerifyXMLSignatureResponse></code> returned by diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java index 89e543209..97d1e7132 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java @@ -910,12 +910,6 @@ public boolean containsConfigurationKey(String arg0) {  @Override -public String getConfigurationValue(String arg0) { -	return spConfiguration.getConfigurationValue(arg0); -} - - -@Override  public Map<String, String> getFullConfiguration() {  	return spConfiguration.getFullConfiguration();  } @@ -951,4 +945,41 @@ public String getMinimumLevelOfAssurence() {  } +@Override +public String getConfigurationValue(String key) { +	return spConfiguration.getConfigurationValue(key); +} + +@Override +public String getConfigurationValue(String key, String defaultValue) { +	String value = getConfigurationValue(key); +	if (value == null) +		return defaultValue; +	else +		return value; +} + + +@Override +public Boolean isConfigurationValue(String key) { +	String value = getConfigurationValue(key); +	if (value == null) +		return Boolean.parseBoolean(value); + +	return null; +	 +} + + +@Override +public boolean isConfigurationValue(String key, boolean defaultValue) { +	String value = getConfigurationValue(key); +	if (value == null) +		return Boolean.parseBoolean(value); +	else +		return defaultValue; +	 +} + +  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java index 11932f52a..76a53ee40 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java @@ -559,5 +559,23 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{  		return getQaaLevel();  	} +	@Override +	public String getConfigurationValue(String arg0, String arg1) { +		// TODO Auto-generated method stub +		return null; +	} + +	@Override +	public Boolean isConfigurationValue(String arg0) { +		// TODO Auto-generated method stub +		return null; +	} + +	@Override +	public boolean isConfigurationValue(String arg0, boolean arg1) { +		// TODO Auto-generated method stub +		return false; +	} +  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java index b8dccfa65..ff4b96aab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java @@ -5,7 +5,6 @@ import java.util.List;  import org.w3c.dom.Element;  import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;  import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;  public interface IMOAAuthData extends IAuthData{ @@ -18,8 +17,7 @@ public interface IMOAAuthData extends IAuthData{  	  */  	 String getQAALevel(); -	 List<String> getEncbPKList();	  -	 IIdentityLink getIdentityLink();	  +	 List<String> getEncbPKList();	 	        byte[] getSignerCertificate();  	 String getAuthBlock();	   	 boolean isPublicAuthority(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java index 25d50f57a..d1e1e5c60 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java @@ -51,10 +51,10 @@ import java.io.Serializable;  import org.w3c.dom.Element;  import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;  import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;  import at.gv.egovernment.moa.id.util.MandateBuilder;  import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils;  import at.gv.egovernment.moa.util.MiscUtil;  public class MISMandate implements Serializable, IMISMandate{ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java index e0dd30db3..b5d46fea3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java @@ -28,14 +28,14 @@ import java.util.List;  import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;  import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;  import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;  import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;  import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;  import at.gv.egovernment.moa.id.util.LoALevelMapper;  import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils;  import at.gv.egovernment.moa.util.MiscUtil; @@ -47,7 +47,6 @@ import at.gv.egovernment.moa.util.MiscUtil;  public class MOAAuthenticationData extends AuthenticationData implements IMOAAuthData, Serializable {  	private static final long serialVersionUID = 1L; -	private IIdentityLink identityLink;  	private boolean qualifiedCertificate;  	private boolean publicAuthority;  	private String publicAuthorityCode; @@ -70,8 +69,9 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut  	private LoALevelMapper loaMapper; -	public MOAAuthenticationData(LoALevelMapper loaMapper) {	 -		this.loaMapper = loaMapper; +	public MOAAuthenticationData(ILoALevelMapper loaMapper) { +		if (loaMapper instanceof LoALevelMapper) +			this.loaMapper = (LoALevelMapper) loaMapper;  	} @@ -82,19 +82,22 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut  	public String getQAALevel() {  		if (this.QAALevel != null &&   				this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) { -			String mappedQAA = loaMapper.mapeIDASQAAToSTORKQAA(this.QAALevel); -			if (MiscUtil.isNotEmpty(mappedQAA)) -				return mappedQAA; -			 -			else { -				Logger.error("eIDAS QAA-level:" + this.QAALevel  -						+ " can not be mapped to STORK QAA-level! Use " +			if (loaMapper != null) { +				String mappedQAA = loaMapper.mapeIDASQAAToSTORKQAA(this.QAALevel); +				if (MiscUtil.isNotEmpty(mappedQAA)) +					return mappedQAA; +				else { +					Logger.error("eIDAS QAA-level:" + this.QAALevel  +							+ " can not be mapped to STORK QAA-level! Use " +							+ PVPConstants.STORK_QAA_1_1 + " as default value.");					 +				} +							 +			} else +				Logger.error("NO LoALevelMapper found. Use "  						+ PVPConstants.STORK_QAA_1_1 + " as default value."); -				return PVPConstants.STORK_QAA_1_1; -				 -			} -			 +			return PVPConstants.STORK_QAA_1_1; +										  		} else  			return this.QAALevel; @@ -107,18 +110,6 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut  	@Override -	public IIdentityLink getIdentityLink() { -		return identityLink; -	} - -	/** -	 * @param identityLink the identityLink to set -	 */ -	public void setIdentityLink(IIdentityLink identityLink) { -		this.identityLink = identityLink; -	} - -	@Override  	public byte[] getSignerCertificate() {  		return signerCertificate;  	} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java deleted file mode 100644 index 2c0a9fe74..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java +++ /dev/null @@ -1,76 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import java.io.IOException; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.util.Base64Utils; - -import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; -import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; -import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; -import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; -import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; -import at.gv.egovernment.moa.id.data.IMOAAuthData; - - - -public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder { -	private static final Logger log = LoggerFactory.getLogger(EIDIdentityLinkBuilder.class); -	 -	 -	public String getName() { -		return EID_IDENTITY_LINK_NAME; -	} - -	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, -			IAttributeGenerator<ATT> g) throws AttributeBuilderException { -		try { -			String ilAssertion = null;			 -			if (authData instanceof IMOAAuthData  -					&&  ((IMOAAuthData)authData).getIdentityLink() == null) -				throw new UnavailableAttributeException(EID_IDENTITY_LINK_NAME); -			 -			ilAssertion = ((IMOAAuthData)authData).getIdentityLink().getSerializedSamlAssertion(); -			 -			return g.buildStringAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, -					EID_IDENTITY_LINK_NAME, Base64Utils.encodeToString(ilAssertion.getBytes("UTF-8"))); -			 -			 -		} catch (IOException e) { -			log.warn("IdentityLink serialization error.", e); -			return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, -					EID_IDENTITY_LINK_NAME); -		} -		 -	} - -	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { -		return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, -				EID_IDENTITY_LINK_NAME); -	} - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java index 171dfe2d9..af96a9459 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java @@ -33,10 +33,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;  import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;  import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;  import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;  import at.gv.egovernment.moa.id.data.IMOAAuthData;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;  import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils;  public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java index b2a2aad88..af64ffe64 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java @@ -32,9 +32,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;  import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;  import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;  import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;  import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;  import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;  import at.gv.egovernment.moa.id.auth.exception.BuildException;  import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;  import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; @@ -91,7 +92,7 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui  			}  		} -		catch (BuildException | ConfigurationException e) { +		catch (BuildException | ConfigurationException | EAAFBuilderException e) {  			Logger.error("Failed to generate IdentificationType");  			throw new NoMandateDataAttributeException(); @@ -105,7 +106,7 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui  		return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME);  	} -	protected Pair<String, String> internalBPKGenerator(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException {		 +	protected Pair<String, String> internalBPKGenerator(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException {		  		//get PVP attribute directly, if exists   		Pair<String, String> calcResult = null;  		if (authData instanceof IMOAAuthData) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java index 16b179d89..75ca2ccdf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java @@ -33,11 +33,11 @@ import org.opensaml.saml2.metadata.provider.FilterException;  import org.opensaml.saml2.metadata.provider.MetadataFilter;  import org.opensaml.xml.XMLObject; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;  import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils;  import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;  import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;  import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils;  import at.gv.egovernment.moa.util.MiscUtil;  /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java index 81041260c..d8114f19d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java @@ -35,6 +35,7 @@ import org.w3c.dom.Element;  import org.w3c.dom.Node;  import org.w3c.dom.NodeList; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;  import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;  import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; @@ -57,7 +58,6 @@ import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;  import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse;  import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo;  import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils;  import at.gv.egovernment.moa.util.MiscUtil;  public class IdentityLinkReSigner { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index 885d03fd8..397e28bc2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -62,13 +62,13 @@ import javax.xml.parsers.ParserConfigurationException;  import org.xml.sax.SAXException;
 +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
  import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
  import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
  import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
  import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
  import at.gv.egovernment.moa.logging.Logger;
 -import at.gv.egovernment.moa.util.DOMUtils;
  import at.gv.egovernment.moa.util.MiscUtil;
  import at.gv.egovernment.moa.util.StringUtils;
 diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index a1fd81eb2..14d4d9fb6 100644 --- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder +++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -1,4 +1,3 @@ -at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIdentityLinkBuilder  at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock  at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL  at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder | 
