aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java820
1 files changed, 820 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
new file mode 100644
index 000000000..4b29fef3b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -0,0 +1,820 @@
+/**
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.data;
+
+import java.io.Serializable;
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.commons.collections4.map.HashedMap;
+import org.w3c.dom.Element;
+
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
+import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AuthenticationData implements IAuthData, Serializable {
+
+ private static final long serialVersionUID = -1042697056735596866L;
+ public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
+
+ /**
+ * URL of the MOA-ID Auth component issueing this assertion
+ */
+ private String issuer;
+ /**
+ * time instant of issue of this assertion
+ */
+ private Date issueInstant;
+ /**
+ * user identification value (Stammzahl); <code>null</code>,
+ * if the authentication module is configured not to return this data
+ */
+ private String identificationValue;
+ /**
+ * user identification type
+ */
+ private String identificationType;
+
+ /**
+ * user identityLink specialized to OAParamter
+ */
+ private IIdentityLink identityLink;
+
+ /**
+ * application specific user identifier (bPK/wbPK)
+ */
+ private String bPK;
+
+ /**
+ * application specific user identifier type
+ */
+ private String bPKType;
+
+ /**
+ * given name of the user
+ */
+ private String givenName;
+ /**
+ * family name of the user
+ */
+ private String familyName;
+ /**
+ * date of birth of the user
+ */
+ private Date dateOfBirth;
+ /**
+ * says whether the certificate is a qualified certificate or not
+ */
+ private boolean qualifiedCertificate;
+ /**
+ * says whether the certificate is a public authority or not
+ */
+ private boolean publicAuthority;
+ /**
+ * public authority code (Beh&ouml;rdenkennzeichen - BKZ)
+ */
+ private String publicAuthorityCode;
+
+ /**
+ * URL of the BKU
+ */
+ private String bkuURL;
+ /**
+ * the corresponding <code>lt;saml:Assertion&gt;</code>
+ */
+
+ private boolean isBaseIDTransferRestrication = true;
+
+
+ /**
+ * STORK attributes from response
+ */
+ private String ccc = null;
+
+ private Map<String, Object> genericDataStorate = new HashedMap<String, Object>();
+
+ private byte[] signerCertificate = null;
+
+ private String authBlock = null;
+ private List<String> encbPKList = null;
+
+ //ISA 1.18 attributes
+ private List<AuthenticationRole> roles = null;
+ private String pvpAttribute_OU = null;
+
+ private boolean useMandate = false;
+ private IMISMandate mandate = null;
+ private String mandateReferenceValue = null;
+
+ private boolean foreigner =false;
+ private String QAALevel = null;
+
+ private boolean ssoSession = false;
+ private Date ssoSessionValidTo = null;
+
+// private boolean interfederatedSSOSession = false;
+// private String interfederatedIDP = null;
+
+ private String sessionIndex = null;
+ private String nameID = null;
+ private String nameIDFormat = null;
+
+ public AuthenticationData() {
+ issueInstant = new Date();
+ }
+
+ /**
+ * Returns the publicAuthority.
+ * @return boolean
+ */
+ public boolean isPublicAuthority() {
+ return publicAuthority;
+ }
+
+ /**
+ * Returns the publicAuthorityCode.
+ * @return String
+ */
+ public String getPublicAuthorityCode() {
+ return publicAuthorityCode;
+ }
+
+ /**
+ * Returns the qualifiedCertificate.
+ * @return boolean
+ */
+ public boolean isQualifiedCertificate() {
+ return qualifiedCertificate;
+ }
+
+ /**
+ * Returns the bPK.
+ * @return String
+ */
+ public String getBPK() {
+ return bPK;
+ }
+
+ /**
+ * Sets the publicAuthority.
+ * @param publicAuthority The publicAuthority to set
+ */
+ public void setPublicAuthority(boolean publicAuthority) {
+ this.publicAuthority = publicAuthority;
+ }
+
+ /**
+ * Sets the publicAuthorityCode.
+ * @param publicAuthorityIdentification The publicAuthorityCode to set
+ */
+ public void setPublicAuthorityCode(String publicAuthorityIdentification) {
+ this.publicAuthorityCode = publicAuthorityIdentification;
+ }
+
+ /**
+ * Sets the qualifiedCertificate.
+ * @param qualifiedCertificate The qualifiedCertificate to set
+ */
+ public void setQualifiedCertificate(boolean qualifiedCertificate) {
+ this.qualifiedCertificate = qualifiedCertificate;
+ }
+
+ /**
+ * Sets the bPK.
+ * @param bPK The bPK to set
+ */
+ public void setBPK(String bPK) {
+ this.bPK = bPK;
+ }
+
+ /**
+ * Returns the dateOfBirth.
+ * @return String
+ */
+ public Date getDateOfBirth() {
+ return dateOfBirth;
+ }
+
+ public String getFormatedDateOfBirth() {
+ DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
+ if (getDateOfBirth() != null)
+ return pvpDateFormat.format(getDateOfBirth());
+ else
+ return "2999-12-31";
+ }
+
+ /**
+ * Returns the familyName.
+ * @return String
+ */
+ public String getFamilyName() {
+ return familyName;
+ }
+
+ /**
+ * Returns the givenName.
+ * @return String
+ */
+ public String getGivenName() {
+ return givenName;
+ }
+
+ /**
+ * Holds the baseID of a citizen
+ *
+ * @return baseID
+ */
+ public String getIdentificationValue() {
+ return identificationValue;
+ }
+
+ /**
+ * Holds the type of the baseID
+ *
+ * @return baseID-Type
+ */
+ public String getIdentificationType() {
+ return identificationType;
+ }
+
+ /**
+ * Returns the issueInstant.
+ * @return String
+ */
+ public String getIssueInstantString() {
+ return DateTimeUtils.buildDateTimeUTC(issueInstant);
+
+ }
+
+ /**
+ * Returns the issueInstant.
+ * @return String
+ */
+ public Date getIssueInstant() {
+ return issueInstant;
+
+ }
+
+ public void setIssueInstant(Date date) {
+ this.issueInstant = date;
+ }
+
+ /**
+ * Returns the issuer.
+ * @return String
+ */
+ public String getIssuer() {
+ return issuer;
+ }
+
+ /**
+ * Returns the BKU URL.
+ * @return String
+ */
+ public String getBkuURL() {
+ return bkuURL;
+ }
+
+ /**
+ * Sets the dateOfBirth.
+ * @param dateOfBirth The dateOfBirth to set
+ */
+ public void setDateOfBirth(Date dateOfBirth) {
+ this.dateOfBirth = dateOfBirth;
+ }
+
+ public void setDateOfBirth(String dateOfBirth) {
+ try {
+ if (MiscUtil.isNotEmpty(dateOfBirth)) {
+ DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
+ this.dateOfBirth = identityLinkFormat.parse(dateOfBirth);
+ }
+
+ } catch (ParseException e) {
+ Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e);
+
+ }
+ }
+
+ /**
+ * Sets the familyName.
+ * @param familyName The familyName to set
+ */
+ public void setFamilyName(String familyName) {
+ this.familyName = familyName;
+ }
+
+ /**
+ * Sets the givenName.
+ * @param givenName The givenName to set
+ */
+ public void setGivenName(String givenName) {
+ this.givenName = givenName;
+ }
+
+ /**
+ * Sets the identificationValue.
+ * @param identificationValue The identificationValue to set
+ */
+ public void setIdentificationValue(String identificationValue) {
+ this.identificationValue = identificationValue;
+ }
+
+ /**
+ * Sets the identificationType.
+ * @param identificationType The identificationType to set
+ */
+ public void setIdentificationType(String identificationType) {
+ this.identificationType = identificationType;
+ }
+
+ /**
+ * Sets the issuer.
+ * @param issuer The issuer to set
+ */
+ public void setIssuer(String issuer) {
+ this.issuer = issuer;
+ }
+
+ /**
+ * Sets the bkuURL
+ * @param url The BKU URL to set
+ */
+ public void setBkuURL(String url) {
+ this.bkuURL = url;
+ }
+
+ public String getBPKType() {
+ return bPKType;
+ }
+
+ public void setBPKType(String bPKType) {
+ this.bPKType = bPKType;
+ }
+
+ /**
+ * @return the identityLink
+ */
+ public IIdentityLink getIdentityLink() {
+ return identityLink;
+ }
+
+ /**
+ * @param identityLink the identityLink to set
+ */
+ public void setIdentityLink(IIdentityLink identityLink) {
+ this.identityLink = identityLink;
+ }
+
+ /**
+ * @return the signerCertificate
+ */
+ public byte[] getSignerCertificate() {
+ return signerCertificate;
+ }
+
+
+ /**
+ * @param signerCertificate the signerCertificate to set
+ */
+ public void setSignerCertificate(byte[] signerCertificate) {
+ this.signerCertificate = signerCertificate;
+ }
+
+
+ /**
+ * @return the authBlock
+ */
+ public String getAuthBlock() {
+ return authBlock;
+ }
+
+
+ /**
+ * @param authBlock the authBlock to set
+ */
+ public void setAuthBlock(String authBlock) {
+ this.authBlock = authBlock;
+ }
+
+
+ /**
+ * @return the mandate
+ */
+ public IMISMandate getMISMandate() {
+ return mandate;
+ }
+
+ public Element getMandate() {
+ if (mandate == null)
+ return null;
+
+ //parse Element from mandate XML
+ try {
+ byte[] byteMandate = mandate.getMandate();
+ String stringMandate = new String(byteMandate);
+ return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();
+
+ }
+ catch (Throwable e) {
+ Logger.warn("Mandate content could not be generated from MISMandate.");
+ return null;
+ }
+ }
+
+
+ /**
+ * @param mandate the mandate to set
+ */
+ public void setMISMandate(IMISMandate mandate) {
+ this.mandate = mandate;
+ }
+
+
+ /**
+ * @return the useMandate
+ */
+ public boolean isUseMandate() {
+ return useMandate;
+ }
+
+
+ /**
+ * @param useMandate the useMandate to set
+ */
+ public void setUseMandate(boolean useMandate) {
+ this.useMandate = useMandate;
+ }
+
+
+ /**
+ * @return
+ */
+ public String getQAALevel() {
+ if (this.QAALevel != null &&
+ this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) {
+ String mappedQAA = PVPtoSTORKMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel);
+ if (MiscUtil.isNotEmpty(mappedQAA))
+ return mappedQAA;
+
+ else {
+ Logger.error("eIDAS QAA-level:" + this.QAALevel
+ + " can not be mapped to STORK QAA-level! Use "
+ + PVPConstants.STORK_QAA_1_1 + " as default value.");
+ return PVPConstants.STORK_QAA_1_1;
+
+ }
+
+
+ } else
+ return this.QAALevel;
+ }
+
+
+ public String getEIDASQAALevel() {
+ if (this.QAALevel != null &&
+ this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
+ String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel);
+ if (MiscUtil.isNotEmpty(mappedQAA))
+ return mappedQAA;
+
+ else {
+ Logger.error("STORK QAA-level:" + this.QAALevel
+ + " can not be mapped to eIDAS QAA-level! Use "
+ + PVPConstants.EIDAS_QAA_LOW + " as default value.");
+ return PVPConstants.EIDAS_QAA_LOW;
+
+ }
+
+
+ } else
+ return this.QAALevel;
+
+ }
+
+
+ /**
+ * @return
+ */
+ public boolean isForeigner() {
+ return this.foreigner;
+ }
+
+
+ /**
+ * @param foreigner the foreigner to set
+ */
+ public void setForeigner(boolean foreigner) {
+ this.foreigner = foreigner;
+ }
+
+
+ /**
+ * Store QAA level in eIDAS format to authentication Data
+ *
+ * @param qAALevel the qAALevel to set
+ * @throws AssertionAttributeExtractorExeption
+ */
+ public void setQAALevel(String qAALevel) {
+ QAALevel = qAALevel;
+
+ }
+
+ /**
+ * @return the ssoSession
+ */
+ public boolean isSsoSession() {
+ return ssoSession;
+ }
+
+
+ /**
+ * @param ssoSession the ssoSession to set
+ */
+ public void setSsoSession(boolean ssoSession) {
+ this.ssoSession = ssoSession;
+ }
+
+ /**
+ * @return the mandateReferenceValue
+ */
+ public String getMandateReferenceValue() {
+ return mandateReferenceValue;
+ }
+
+ /**
+ * @param mandateReferenceValue the mandateReferenceValue to set
+ */
+ public void setMandateReferenceValue(String mandateReferenceValue) {
+ this.mandateReferenceValue = mandateReferenceValue;
+ }
+
+ /**
+ * CountryCode of the citizen which is identified and authenticated
+ *
+ * @return the CountryCode <pre>like. AT, SI, ...</pre>
+ */
+ public String getCcc() {
+ return ccc;
+ }
+
+ /**
+ * @param ccc the ccc to set
+ */
+ public void setCcc(String ccc) {
+ this.ccc = ccc;
+ }
+
+ /**
+ * @return the sessionIndex
+ */
+ public String getSessionIndex() {
+ return sessionIndex;
+ }
+
+ /**
+ * @param sessionIndex the sessionIndex to set
+ */
+ public void setSessionIndex(String sessionIndex) {
+ this.sessionIndex = sessionIndex;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID()
+ */
+ @Override
+ public String getNameID() {
+ return this.nameID;
+ }
+
+ /**
+ * @param nameID the nameID to set
+ */
+ public void setNameID(String nameID) {
+ this.nameID = nameID;
+ }
+
+ /**
+ * @return the nameIDFormat
+ */
+ public String getNameIDFormat() {
+ return nameIDFormat;
+ }
+
+ /**
+ * @param nameIDFormat the nameIDFormat to set
+ */
+ public void setNameIDFormat(String nameIDFormat) {
+ this.nameIDFormat = nameIDFormat;
+ }
+
+// /**
+// * @return the interfederatedSSOSession
+// */
+// public boolean isInterfederatedSSOSession() {
+// return interfederatedSSOSession;
+// }
+//
+// /**
+// * @param interfederatedSSOSession the interfederatedSSOSession to set
+// */
+// public void setInterfederatedSSOSession(boolean interfederatedSSOSession) {
+// this.interfederatedSSOSession = interfederatedSSOSession;
+// }
+//
+// /**
+// * @return the interfederatedIDP
+// */
+// public String getInterfederatedIDP() {
+// return interfederatedIDP;
+// }
+//
+// /**
+// * @param interfederatedIDP the interfederatedIDP to set
+// */
+// public void setInterfederatedIDP(String interfederatedIDP) {
+// this.interfederatedIDP = interfederatedIDP;
+// }
+
+ /**
+ * @return the ssoSessionValidTo
+ */
+ public Date getSsoSessionValidTo() {
+ return ssoSessionValidTo;
+ }
+
+ /**
+ * @param ssoSessionValidTo the ssoSessionValidTo to set
+ */
+ public void setSsoSessionValidTo(Date ssoSessionValidTo) {
+ this.ssoSessionValidTo = ssoSessionValidTo;
+ }
+
+ /**
+ * @return the encbPKList
+ */
+ public List<String> getEncbPKList() {
+ return encbPKList;
+ }
+
+ /**
+ * @param encbPKList the encbPKList to set
+ */
+ public void setEncbPKList(List<String> encbPKList) {
+ this.encbPKList = encbPKList;
+ }
+
+ /**
+ * @return the roles
+ */
+ public List<AuthenticationRole> getAuthenticationRoles() {
+// if (this.roles == null) {
+// this.roles = new ArrayList<AuthenticationRole>();
+// this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole"));
+// this.roles.add(new AuthenticationRole("yypvprole", "yypvprole"));
+// }
+
+ return roles;
+ }
+
+ //ISA 1.18 attributes
+ /**
+ * @param roles the roles to set
+ */
+ public void addAuthenticationRole(AuthenticationRole role) {
+ if (this.roles == null)
+ this.roles = new ArrayList<AuthenticationRole>();
+
+ this.roles.add(role);
+ }
+
+ /**
+ * @return the pvpAttribute_OU
+ */
+ public String getPvpAttribute_OU() {
+ return pvpAttribute_OU;
+ }
+
+ /**
+ * @param pvpAttribute_OU the pvpAttribute_OU to set
+ */
+ public void setPvpAttribute_OU(String pvpAttribute_OU) {
+ this.pvpAttribute_OU = pvpAttribute_OU;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService()
+ */
+ @Override
+ public boolean isBaseIDTransferRestrication() {
+ return isBaseIDTransferRestrication;
+ }
+
+ /**
+ * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set
+ */
+ public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) {
+ this.isBaseIDTransferRestrication = isBaseIDTransferRestrication;
+ }
+
+ /**
+ * Returns a generic data-object with is stored with a specific identifier
+ *
+ * @param key The specific identifier of the data object
+ * @param clazz The class type which is stored with this key
+ * @return The data object or null if no data is found with this key
+ */
+ public <T> T getGenericData(String key, final Class<T> clazz) {
+ if (MiscUtil.isNotEmpty(key)) {
+ Object data = genericDataStorate.get(key);
+
+ if (data == null)
+ return null;
+
+ try {
+ @SuppressWarnings("unchecked")
+ T test = (T) data;
+ return test;
+
+ } catch (Exception e) {
+ Logger.warn("Generic authentication-data object can not be casted to requsted type", e);
+ return null;
+
+ }
+
+ }
+
+ Logger.warn("Can not load generic session-data with key='null'");
+ return null;
+
+ }
+
+ /**
+ * Store a generic data-object to session with a specific identifier
+ *
+ * @param key Identifier for this data-object
+ * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
+ * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
+ */
+ public void setGenericData(String key, Object object) throws SessionDataStorageException {
+ if (MiscUtil.isEmpty(key)) {
+ Logger.warn("Generic session-data can not be stored with a 'null' key");
+ throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null);
+
+ }
+
+ if (object != null) {
+ if (!Serializable.class.isInstance(object)) {
+ Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface");
+ throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null);
+
+ }
+ }
+
+ if (genericDataStorate.containsKey(key))
+ Logger.debug("Overwrite generic data with key:" + key);
+ else
+ Logger.trace("Add generic data with key:" + key + " to session.");
+
+ genericDataStorate.put(key, object);
+ }
+
+}