aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-eIDAS/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java94
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java61
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java25
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java239
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java14
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java4
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java32
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java181
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java5
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java238
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java42
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java11
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java68
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java5
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java3
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java3
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java1
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java5
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java5
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java2
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java3
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java49
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java72
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java49
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java48
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java50
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java51
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java49
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java41
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java70
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java31
49 files changed, 2178 insertions, 111 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java
new file mode 100644
index 000000000..d3aa7b4a0
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequestStorage;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl;
+import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AustrianAuthWitheID4UAuthenticationModulImpl extends DefaultCitizenCardAuthModuleImpl {
+
+ private int priority = 1;
+
+ @Autowired private IRequestStorage requestStore;
+
+
+ @Override
+ public int getPriority() {
+ return priority;
+ }
+
+ /**
+ * Sets the priority of this module. Default value is {@code 0}.
+ * @param priority The priority.
+ */
+ public void setPriority(int priority) {
+ this.priority = priority;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
+ */
+ @Override
+ public String selectProcess(ExecutionContext context) {
+ String selectedProcessID = super.selectProcess(context);
+ if (MiscUtil.isNotEmpty(selectedProcessID)) {
+ String pendingReqId = (String)context.get(EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID);
+
+ if (StringUtils.isEmpty(pendingReqId))
+ Logger.warn("Process execution context contains NO 'pendingReqId'. Looks very suspect!");
+
+ else {
+ IRequest pendingReq = requestStore.getPendingRequest(pendingReqId);
+ if (pendingReq != null && pendingReq instanceof EIDASData) {
+ return "eID4UAttributCollectionAuthentication";
+
+ }
+ }
+ }
+
+ return selectedProcessID;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
+ */
+ @Override
+ public String[] getProcessDefinitions() {
+ return new String[] { "classpath:eid4u.Authentication.process.xml" };
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java
new file mode 100644
index 000000000..c8c65ce76
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java
@@ -0,0 +1,61 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.util.CookieUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+@Controller
+public class eID4UAPSignalServlet extends AbstractProcessEngineSignalController {
+
+ public eID4UAPSignalServlet() {
+ Logger.debug("Registering servlet " + getClass().getName() +
+ " with mappings '"+ eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN + "'.");
+
+ }
+
+ @RequestMapping(value = {eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN },
+ method = {RequestMethod.POST, RequestMethod.GET})
+ public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ signalProcessManagement(req, resp);
+ }
+
+ @Override
+ /**
+ * Protocol specific implementation to get the pending-requestID
+ * from http request object
+ *
+ * @param request The http Servlet-Request object
+ * @return The Pending-request id
+ *
+ */
+ public String getPendingRequestId(HttpServletRequest request) {
+ String pendigReqId = super.getPendingRequestId(request);
+
+ if (MiscUtil.isEmpty(pendigReqId)) {
+ Logger.trace("No 'pendingReqID', seach for 'state' parameter in eID4U use-case ... ");
+ pendigReqId = request.getParameter(OAuth20Constants.PARAM_STATE);
+ if (MiscUtil.isEmpty(pendigReqId)) {
+ Logger.trace("No 'pendingReqID', seach HTTP-Cookie in eID4U use-case ... ");
+ pendigReqId = CookieUtils.getValueFromCookie(request, eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME);
+ if (MiscUtil.isEmpty(pendigReqId))
+ Logger.info("NO eID4U cookie or 'state' parameter with pendingReqId.");
+
+ }
+ }
+
+ return pendigReqId;
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java
new file mode 100644
index 000000000..45eb161d3
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java
@@ -0,0 +1,25 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+public class eID4UConstants {
+
+ //configuration parameter
+ public static final String CONFIG_PROPS_AP_CONSENT_ENTITYID = "moa.id.protocols.eIDAS.eID4U.AP.consent.entityID";
+ public static final String CONFIG_PROPS_AP_CONSENT_URL = "moa.id.protocols.eIDAS.eID4U.AP.consent.url";
+ public static final String CONFIG_PROPS_AP_SCOPES = "moa.id.protocols.eIDAS.eID4U.AP.scopes.full";
+ public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_URL = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.url";
+ public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_PARAM_GRANTTYPE = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.param.granttype";
+ public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_USERNAME = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.username";
+ public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_PASSWORD = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.password";
+ public static final String CONFIG_PROPS_AP_DATASERVICE_URL = "moa.id.protocols.eIDAS.eID4U.AP.dataservice.url";
+
+ //session parameter
+ public static final String HTTP_TRANSACTION_COOKIE_NAME = "eID4APTransactionId";
+ public static final String HTTP_ENDPOINT_AP_CONSENT_RETURN = "/eidas/eid4u/resume";
+
+ //process context
+ public static final String PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS = "collecteID4UAttr";
+ public static final String PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER = "eID4UAttrProvbPK";
+
+
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java
new file mode 100644
index 000000000..69cc131ff
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java
@@ -0,0 +1,239 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import org.apache.commons.lang3.StringUtils;
+
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moaspss.logging.Logger;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
+
+public class AttributeScopeMapper {
+
+ private static AttributeScopeMapper instance = null;
+
+ public static final String Scope_Delimiter = " ";
+
+ public static final String Citizenship = "ANY@tugraz.idm.attr.Citizenship";
+ public static final String CityOfBirth = "ANY@tugraz.idm.attr.CityOfBirth";
+ public static final String CountryOfBirth = "ANY@tugraz.idm.attr.CountryOfBirth";
+ public static final String CurrentDegreeName = "ANY@tugraz.idm.attr.CurrentDegreeName";
+ public static final String CurrentFieldOfStudy = "ANY@tugraz.idm.attr.CurrentFieldOfStudy";
+ public static final String CurrentLevelOfStudy = "ANY@tugraz.idm.attr.CurrentLevelOfStudy";
+ public static final String EmailStud = "ANY@tugraz.idm.attr.EmailStud";
+ public static final String Gender = "ANY@tugraz.idm.attr.Gender";
+ public static final String HomeInstitutionName = "ANY@tugraz.idm.attr.HomeInstitutionName";
+ public static final String HomeInstitutionCountry = "ANY@tugraz.idm.attr.HomeInstitutionCountry";
+
+ public static final String HomeInstitutionAddressCountryCode = "ANY@tugraz.idm.attr.HomeInstitutionAddressCountryCode";
+ public static final String HomeInstitutionAddressPostalCode = "ANY@tugraz.idm.attr.HomeInstitutionAddressPostalCode";
+ public static final String HomeInstitutionAddressStreet = "ANY@tugraz.idm.attr.HomeInstitutionAddressStreet";
+ public static final String HomeInstitutionAddressCity = "ANY@tugraz.idm.attr.HomeInstitutionAddressCity";
+
+ public static final String PermanentAddressCity = "ANY@tugraz.idm.attr.PermanentAddressCity";
+ public static final String PermanentAddressCountryCode = "ANY@tugraz.idm.attr.PermanentAddressCountryCode";
+ public static final String PermanentAddressPostalCode = "ANY@tugraz.idm.attr.PermanentAddressPostalCode";
+ public static final String PermanentAddressStreet = "ANY@tugraz.idm.attr.PermanentAddressStreet";
+
+ public static final String StudyAddressCity = "ANY@tugraz.idm.attr.StudyAddressCity";
+ public static final String StudyAddressCountryCode = "ANY@tugraz.idm.attr.StudyAddressCountryCode";
+ public static final String StudyAddressPostalCode = "ANY@tugraz.idm.attr.StudyAddressPostalCode";
+ public static final String StudyAddressStreet = "ANY@tugraz.idm.attr.StudyAddressStreet";
+
+ private static List<String> complexeScopes = new ArrayList<String>();
+
+ private static final Map<String, String> eIDASToScopes = Collections.unmodifiableMap(new HashMap<String,String>() {
+ private static final long serialVersionUID = 1L;
+ {
+ put(Definitions.CITIZENSHIP_NAME, Citizenship);
+ put(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PLACE_OF_BIRTH.getNameUri().toString(),
+ CityOfBirth);
+ put(Definitions.COUNTRYOFBIRTH_NAME, CountryOfBirth);
+ put(Definitions.CURRENTDEGREE_NAME, CurrentDegreeName);
+ put(Definitions.FIELDOFSTUDY_NAME, CurrentFieldOfStudy);
+ put(Definitions.CURRENTLEVELOFSTUDY_NAME, CurrentLevelOfStudy);
+ put(Definitions.EMAIL_NAME, EmailStud);
+ put(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.GENDER.getNameUri().toString(),
+ Gender);
+ put(Definitions.HOMEINSTITUTIONNAME_NAME, HomeInstitutionName);
+ put(Definitions.HOMEINSTITUTIONCOUNTRY_NAME, HomeInstitutionCountry);
+
+ put(Definitions.HOMEINSTITUTIONADDRESS_NAME,
+ HomeInstitutionAddressCountryCode + Scope_Delimiter
+ + HomeInstitutionAddressPostalCode + Scope_Delimiter
+ + HomeInstitutionAddressStreet + Scope_Delimiter
+ + HomeInstitutionAddressCity);
+ put(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(),
+ PermanentAddressCity + Scope_Delimiter
+ + PermanentAddressCountryCode + Scope_Delimiter
+ + PermanentAddressPostalCode + Scope_Delimiter
+ + PermanentAddressStreet);
+ put(Definitions.TEMPORARYADDRESS_NAME,
+ StudyAddressCity + Scope_Delimiter
+ + StudyAddressCountryCode + Scope_Delimiter
+ + StudyAddressPostalCode + Scope_Delimiter
+ + StudyAddressStreet);
+
+ }
+ });
+
+ private static Map<String, String> scopesToeIDAS = Collections.unmodifiableMap(new HashMap<String,String>() {
+ private static final long serialVersionUID = 1L;
+ {
+ Iterator<Entry<String, String>> it = eIDASToScopes.entrySet().iterator();
+ while (it.hasNext()) {
+ Entry<String, String> el = it.next();
+ String[] value = el.getValue().split(Scope_Delimiter);
+ if (value.length == 1)
+ put(el.getValue(), el.getKey());
+
+ else {
+ for (String i : value) {
+ put(i, el.getKey());
+ complexeScopes.add(i);
+
+ }
+ }
+ }
+ }
+ });
+
+
+
+
+ public static AttributeScopeMapper getInstance() {
+ if (instance == null) {
+ instance = new AttributeScopeMapper();
+
+ }
+
+ return instance;
+ }
+
+ /**
+ * Map a eID4U attribute-name into a TUG Scope
+ *
+ * @param eID4UAttributeName eID4U attribute-name
+ * @return TUG Scope
+ */
+ public String getTUGScopesForAttribute(String eID4UAttributeName) {
+ if (eIDASToScopes.containsKey(eID4UAttributeName))
+ return eIDASToScopes.get(eID4UAttributeName);
+
+ else {
+ Logger.info("eID4U attribute '" + eID4UAttributeName + "' CAN NOT provides from TUG");
+ return StringUtils.EMPTY;
+
+ }
+
+ }
+
+ /**
+ * Map a TUG Scope into an eID4u attribute-name
+ *
+ * @param scope TUG scope
+ * @return eID4u attribute name
+ */
+ public String geteIDASAttrFromScope(String scope) {
+ return scopesToeIDAS.get(scope);
+
+ }
+
+ /**
+ * Check if an TUG scope is part of a complex eID4u attribute
+ *
+ * @param scope TUG scope
+ * @return true if scope is part of a complex attribute, otherwise false
+ */
+ public boolean isComplexeScope(String scope) {
+ return complexeScopes.contains(scope);
+
+ }
+
+ /**
+ * Convert the TUG Attribute-provider response into a Map<attributeName, attributeValue> of eID4U attributes
+ *
+ *
+ * @param jsonObject TUG AP response
+ * @return Map of eID4U attributes, but never null
+ */
+ public Map<String, Object> populateEid4uAttributesFromTugResponse(JsonObject jsonObject) {
+ Map<String, Object> result = new HashMap<String, Object>();
+ Map<String, String> complexAttr = new HashMap<String, String>();
+
+ Iterator<Entry<String, JsonElement>> it = jsonObject.entrySet().iterator();
+ while (it.hasNext()) {
+ Entry<String, JsonElement> el = it.next();
+ String key = el.getKey();
+
+ Logger.trace("Starting TUG scrope mapping for: " + key + " ... ");
+ String eIDASAttr = AttributeScopeMapper.getInstance().geteIDASAttrFromScope(key);
+ if (StringUtils.isNotEmpty(eIDASAttr)) {
+ if (!AttributeScopeMapper.getInstance().isComplexeScope(key)) {
+ Logger.debug("Map simple TUG scope: " + key + " to eIDAS attribute: " + eIDASAttr);
+ result.put(eIDASAttr, el.getValue().getAsString());
+
+ } else {
+ Logger.trace("Find complex TUG scope: " + key);
+ complexAttr.put(eIDASAttr, null);
+
+ }
+
+ } else
+ Logger.info("Can NOT map TUG scope: " + key + " to any eID4U attribute");
+
+ }
+
+ //TODO: can only Map address attributes
+ Iterator<String> complIt = complexAttr.keySet().iterator();
+ while(complIt.hasNext()) {
+ String attr = complIt.next();
+
+ eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress.Builder address = PostalAddress.builder();
+ if (Definitions.HOMEINSTITUTIONADDRESS_NAME.equals(attr)) {
+ address.postCode(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressPostalCode).getAsString());
+ address.postName(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressCity).getAsString());
+ address.cvAddressArea(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressStreet).getAsString());
+ address.thoroughfare(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressStreet).getAsString());
+ result.put(attr, address.build());
+
+ } else if (Definitions.TEMPORARYADDRESS_NAME.equals(attr)) {
+ address.postCode(jsonObject.get(AttributeScopeMapper.StudyAddressPostalCode).getAsString());
+ address.postName(jsonObject.get(AttributeScopeMapper.StudyAddressCity).getAsString());
+ address.cvAddressArea(jsonObject.get(AttributeScopeMapper.StudyAddressStreet).getAsString());
+ address.thoroughfare(jsonObject.get(AttributeScopeMapper.StudyAddressStreet).getAsString());
+ result.put(attr, address.build());
+
+ } else if (eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString().equals(attr)) {
+ address.postCode(jsonObject.get(AttributeScopeMapper.PermanentAddressPostalCode).getAsString());
+ address.postName(jsonObject.get(AttributeScopeMapper.PermanentAddressCity).getAsString());
+ address.cvAddressArea(jsonObject.get(AttributeScopeMapper.PermanentAddressStreet).getAsString());
+ address.thoroughfare(jsonObject.get(AttributeScopeMapper.PermanentAddressStreet).getAsString());
+ result.put(attr, address.build());
+
+ } else {
+ Logger.warn("Complexe eID4U attribute: " + attr + " is NOT SUPPORTED yet!");
+
+ }
+
+ }
+
+ return result;
+
+ }
+
+
+ private AttributeScopeMapper() {
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java
index f347022b8..d5b1a9e4e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java
@@ -1,5 +1,7 @@
package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
+import java.util.Collection;
+
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.Response;
import org.w3c.dom.Document;
@@ -26,9 +28,9 @@ public class MOAProtocolEngine extends ProtocolEngine {
*
*/
@Override
- public Correlated unmarshallResponse(byte[] responseBytes) throws EIDASSAMLEngineException {
+ public Correlated unmarshallResponse(byte[] responseBytes, Collection<String> metadataWhitelist, boolean checkWhitelist) throws EIDASSAMLEngineException {
try {
- return super.unmarshallResponse(responseBytes);
+ return super.unmarshallResponse(responseBytes, metadataWhitelist, checkWhitelist);
} catch (EIDASSAMLEngineException e) {
if (responseBytes != null ) {
@@ -45,7 +47,7 @@ public class MOAProtocolEngine extends ProtocolEngine {
if (startInternalMetadataRefesh(entityID)) {
Logger.debug("Metadata refresh success. Revalidate eIDAS Response ...");
- return super.unmarshallResponse(responseBytes);
+ return super.unmarshallResponse(responseBytes, metadataWhitelist, checkWhitelist);
}
Logger.info("eIDAS metadata refresh not possible or not successful.");
@@ -61,9 +63,9 @@ public class MOAProtocolEngine extends ProtocolEngine {
*
*/
@Override
- public AuthnRequest unmarshallRequest(byte[] requestBytes) throws EIDASSAMLEngineException {
+ public AuthnRequest unmarshallRequest(byte[] requestBytes, Collection<String> whitelistMetadata, boolean checkWhitelist) throws EIDASSAMLEngineException {
try {
- return super.unmarshallRequest(requestBytes);
+ return super.unmarshallRequest(requestBytes, whitelistMetadata, checkWhitelist);
} catch (EIDASSAMLEngineException e) {
@@ -81,7 +83,7 @@ public class MOAProtocolEngine extends ProtocolEngine {
if (startInternalMetadataRefesh(entityID)) {
Logger.debug("Metadata refresh success. Revalidate eIDAS Authn. Request ...");
- return super.unmarshallRequest(requestBytes);
+ return super.unmarshallRequest(requestBytes, whitelistMetadata, checkWhitelist);
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index aca818532..feeff6f84 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -440,7 +440,9 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider imp
AuthConfiguration moaAuthConfig = (AuthConfiguration) basicConfig;
//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
- PVPConstants.SSLSOCKETFACTORYNAME,
+ PVPConstants.SSLSOCKETFACTORYNAME,
+ basicConfig.getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
moaAuthConfig.getTrustedCACertificates(),
null,
AuthConfiguration.DEFAULT_X509_CHAININGMODE,
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java
new file mode 100644
index 000000000..b7a9fcba9
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java
@@ -0,0 +1,32 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class eID4UAPException extends EIDASException {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ public eID4UAPException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ public eID4UAPException(String messageId, Object[] parameters, Throwable e) {
+ super(messageId, parameters, e);
+ }
+
+ @Override
+ public String getStatusCodeFirstLevel() {
+ return StatusCode.RESPONDER_URI;
+
+ }
+
+ @Override
+ public String getStatusCodeSecondLevel() {
+ return StatusCode.AUTHN_FAILED_URI;
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java
new file mode 100644
index 000000000..a58bc4f8d
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java
@@ -0,0 +1,181 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import com.google.common.collect.UnmodifiableIterator;
+
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
+import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthAction;
+import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
+import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20Protocol;
+import at.gv.egovernment.moa.id.util.CookieUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.Builder;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.ImmutableAttributeEntry;
+
+@Component("CollectAddtionalAttributesTask")
+public class CollectAddtionalAttributesTask extends AbstractAuthServletTask {
+
+ @Autowired private OAuth20AuthAction openIDAuthAction;
+ @Autowired private ITransactionStorage transactionStorage;
+ @Autowired private AuthenticationDataBuilder authDataBuilder;
+
+ @Override
+ public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp)
+ throws TaskExecutionException {
+ try{
+ context.put(eID4UConstants.PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS, false);
+
+ if (pendingReq instanceof EIDASData) {
+ EIDASData eidasReq = (EIDASData) pendingReq;
+ Logger.debug("Find eIDAS Auth. Req. Check if eID4U attributes are requested ...");
+
+ //select all eID4U attributes from requested attributes
+ Builder reqEid4uAttrListBuilder = ImmutableAttributeMap.builder();
+ ImmutableAttributeMap reqAttrList = eidasReq.getEidasRequestedAttributes();
+ for (String el : Definitions.EID4UATTRIBUTEELIST) {
+ if(reqAttrList.getAttributeValuesByNameUri(el) != null) {
+ Logger.debug("Find eID4U attr: " + el);
+ reqEid4uAttrListBuilder.put(reqAttrList.getDefinitionByNameUri(el));
+
+ }
+ }
+
+ //collect eID4U attributes, if some attributes are selected before
+ ImmutableAttributeMap reqEid4uAttrList = reqEid4uAttrListBuilder.build();
+ if (reqEid4uAttrList != null && reqEid4uAttrList.size() > 0) {
+ Logger.info("Starting eID4U attribute collection process ... ");
+
+ //mark execution context with eID4U AP flag
+ context.put(eID4UConstants.PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS, true);
+
+ //load connection parameters to TUG
+ String uniqueID = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_CONSENT_ENTITYID);
+ String redirectURI = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_CONSENT_URL);
+ String scopes = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_SCOPES);
+
+ if (MiscUtil.isEmpty(scopes)) {
+ //generate scope from attributes
+ scopes = mapReqAttributesIntoScopes(reqEid4uAttrList);
+
+ }
+
+ Logger.debug("Load eID4U AP-Config:"
+ + " EntityID: " + uniqueID
+ + " RedirectURL:" + redirectURI
+ + " Scopes: " + scopes);
+
+
+ /*
+ *build openID and set connect token
+ */
+
+ //generate fake OpenID_Connect request
+ OAuth20AuthRequest fakeOpenIDReq = new OAuth20AuthRequest();
+ fakeOpenIDReq.initialize(httpReq, authConfig);
+ fakeOpenIDReq.setSPEntityId(uniqueID);
+ fakeOpenIDReq.setModule(OAuth20Protocol.NAME);
+ fakeOpenIDReq.setOnlineApplicationConfiguration(authConfig.getServiceProviderConfiguration(uniqueID));
+ fakeOpenIDReq.setScope("openId profile");
+
+ //populate with SessionData
+ fakeOpenIDReq.setRawDataToTransaction(
+ pendingReq.getSessionData(AuthenticationSessionWrapper.class)
+ .getKeyValueRepresentationFromAuthSession());
+
+ //generate authData
+ IAuthData authData = authDataBuilder.buildAuthenticationData(fakeOpenIDReq);
+
+ //generate OpenIDConenct token
+ String accessToken = Random.nextHexRandom32();
+ OAuth20SessionObject o = new OAuth20SessionObject();
+ o.setScope(fakeOpenIDReq.getScope());
+ o.setCode(accessToken);
+ Map<String, Object> idToken = openIDAuthAction.generateIDToken(o, fakeOpenIDReq, authData, accessToken);
+ o.setAuthDataSession(idToken);
+ transactionStorage.put(accessToken, o, -1);
+
+ //forward to TUG
+ httpResp.setStatus(HttpServletResponse.SC_FOUND);
+ redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_OPENID_CODE, accessToken);
+ redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_SCOPE, scopes);
+ redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_STATE,
+ pendingReq.getPendingRequestId());
+ redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_REDIRECT_URI,
+ pendingReq.getAuthURL() + eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN);
+
+ final String finalUrl = redirectURI;
+ httpResp.addHeader("Location", finalUrl);
+ Logger.debug("REDIRECT TO: " + finalUrl.toString());
+
+ //set session cookie, because eID4U AP from TUG maybe not support pendingReqIds on request level
+ CookieUtils.setCookie(httpReq, httpResp,
+ eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME,
+ pendingReq.getPendingRequestId(), -1);
+
+ //set user's bPK into pendingRequst because TUG AttributeProvider needs it
+ pendingReq.setRawDataToTransaction(
+ eID4UConstants.PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER,
+ new BPKAttributeBuilder().build(
+ fakeOpenIDReq.getServiceProviderConfiguration(),
+ authData,
+ new SimpleStringAttributeGenerator()));
+ requestStoreage.storePendingRequest(pendingReq);
+
+ } else
+ Logger.debug("No eID4U attributes found. Skip eID4U attribute collection");
+
+ } else
+ Logger.debug("No eIDAS Request found. Skip eID4U attribute collection");
+
+ } catch (Exception e) {
+ Logger.error("eID4U AttributeProvider communication FAILED.", e);
+ throw new TaskExecutionException(pendingReq, "eID4U AttributeProvider communication FAILED", e);
+
+ }
+
+ }
+
+ private String mapReqAttributesIntoScopes(ImmutableAttributeMap reqEid4uAttrList) {
+ String result = StringUtils.EMPTY;
+ UnmodifiableIterator<ImmutableAttributeEntry<?>> it = reqEid4uAttrList.entrySet().iterator();
+ while (it.hasNext()) {
+ ImmutableAttributeEntry<?> el = it.next();
+ String scope = AttributeScopeMapper.getInstance().getTUGScopesForAttribute(
+ el.getKey().getNameUri().toString());
+
+ if (result.isEmpty())
+ result = scope;
+ else
+ result += " " + scope;
+
+ }
+
+ return result;
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 1788facf0..274a23674 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -57,11 +57,14 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
//validate SAML token
+ //TODO: maybe add whitelist
IAuthenticationResponse samlResp = engine.unmarshallResponseAndValidate(decSamlToken,
request.getRemoteHost(),
Constants.CONFIG_PROPS_SKEWTIME_BEFORE,
Constants.CONFIG_PROPS_SKEWTIME_AFTER,
- pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
+ pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA,
+ null,
+ false);
if (samlResp.isEncrypted()) {
Logger.info("Received encrypted eIDAS SAML-Response.");
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java
new file mode 100644
index 000000000..e878f8ab1
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java
@@ -0,0 +1,238 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+
+import java.io.InputStreamReader;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.http.Header;
+import org.apache.http.HttpHeaders;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.protocol.HttpClientContext;
+import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eID4UAPException;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport;
+import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.util.CookieUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+@Component("ReceiveConsentForAddtionalAttributesTask")
+public class ReceiveConsentForAddtionalAttributesTask extends AbstractAuthServletTask {
+
+ private static final int HashMap = 0;
+ @Autowired private AuthConfiguration moaAuthConfig;
+
+ @Override
+ public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp)
+ throws TaskExecutionException {
+ try{
+ if (pendingReq instanceof EIDASData) {
+ EIDASData eidasReq = (EIDASData) pendingReq;
+
+ //delete eID4U http Cookie with pendingRequestId
+ CookieUtils.deleteCookie(httpReq, httpResp, eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME);
+
+ String authCode = httpReq.getParameter(OAuth20Constants.RESPONSE_CODE);
+ if (MiscUtil.isEmpty(authCode)) {
+ Logger.info("Find NO OAuth2 authCode as http parameter 'code'. eID4U AP process stopping ... ");
+ throw new eID4UAPException("NO OAuth2 'authCode' to access AP", null);
+
+ }
+ Logger.trace("Find OAuth2 'code' with: " + authCode);
+
+ /*
+ * access backend service with authCode
+ *
+ */
+ String tokenServiceURL = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_URL);
+ String tokenServiceUsername = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_USERNAME);
+ String tokenServicePassword = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_PASSWORD);
+
+ if (MiscUtil.isEmpty(tokenServiceURL)) {
+ Logger.info("NO TokenService URL in configuration for eID4U AP. ");
+ throw new eID4UAPException("NO TokenService URL in configuration for eID4U AP.", null);
+
+ }
+
+ //open http client
+ SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(
+ moaAuthConfig,
+ tokenServiceURL);
+ CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient(
+ sslFactory,
+ authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true));
+
+ //build request URL
+ URIBuilder uriBuilderToken = new URIBuilder(tokenServiceURL);
+ uriBuilderToken.addParameter(OAuth20Constants.PARAM_GRANT_TYPE,
+ authConfig.getBasicConfiguration(
+ eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_PARAM_GRANTTYPE,
+ OAuth20Constants.PARAM_GRANT_TYPE_VALUE_AUTHORIZATION_CODE));
+ uriBuilderToken.addParameter(OAuth20Constants.RESPONSE_CODE, authCode);
+ Logger.trace("Full eID4U Token-Service request URL: " + uriBuilderToken.build());
+
+ HttpGet httpGetToken = new HttpGet(uriBuilderToken.build());
+
+ HttpClientContext localContext = HttpClientContext.create();
+ if (MiscUtil.isNotEmpty(tokenServiceUsername)) {
+ Logger.debug("Find AuthCredentials for eID4U AP. Injecting credentials ... ");
+
+ //Raw work-around, because API solution does not work well
+ String auth = tokenServiceUsername.trim() + ":" + tokenServicePassword.trim();
+ byte[] encodedAuth = Base64.getEncoder().encode(auth.getBytes(StandardCharsets.ISO_8859_1));
+ String authHeader = "Basic " + new String(encodedAuth);
+ httpGetToken.setHeader(HttpHeaders.AUTHORIZATION, authHeader);
+
+ //API solutuion
+// HttpHost targetHost = new HttpHost(uriBuilderToken.build().toString());
+// AuthCache authCache = new BasicAuthCache();
+// authCache.put(targetHost, new BasicScheme());
+//
+// CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
+// credentialsProvider.setCredentials(AuthScope.ANY,
+// new UsernamePasswordCredentials(tokenServiceUsername.trim(), tokenServicePassword.trim()));
+// localContext.setCredentialsProvider(credentialsProvider);
+// localContext.setAuthCache(authCache);
+
+ }
+
+ //request tokenService
+ HttpResponse httpResultToken = httpClient.execute(httpGetToken, localContext);
+
+ Logger.trace("Receive http StatusCode: " + httpResultToken.getStatusLine().getStatusCode()
+ + " from eID4U AP TokenService");
+
+ if (Logger.isTraceEnabled()) {
+ for (Header el : httpResultToken.getAllHeaders())
+ Logger.trace("Resp. Headername:" + el.getName() + " Value:" + el.getValue());
+ }
+
+ if (httpResultToken.getStatusLine().getStatusCode() != 200) {
+ Logger.info("eID4U AP TokenService anwser with StatusCode:" + httpResultToken.getStatusLine().getStatusCode()
+ + " eID4U AP process stopping ... ");
+ if (httpResultToken.getEntity().getContent() != null)
+ Logger.trace("StatusMessage: " + IOUtils.toString(httpResultToken.getEntity().getContent(), "UTF-8"));
+ throw new eID4UAPException("eID4U AP TokenService return statusCode: " + httpResultToken.getStatusLine().getStatusCode(), null);
+
+ }
+
+ //parse AccessToken from TokenService response
+ JsonElement fullToken = new JsonParser().parse(
+ new InputStreamReader(httpResultToken.getEntity().getContent()));
+ Logger.trace("FullToken: " + fullToken.toString());
+ String accessToken = fullToken.getAsJsonObject().get(OAuth20Constants.RESPONSE_ACCESS_TOKEN).getAsString();
+
+
+ //call Attribute Provider to receice eID4U attributes from TUG
+ String attrProviderServiceURL = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_DATASERVICE_URL);
+ if (MiscUtil.isEmpty(attrProviderServiceURL)) {
+ Logger.info("NO Attr.Provider Service URL in configuration for eID4U AP. ");
+ throw new eID4UAPException("NO Attr.Provider URL in configuration for eID4U AP.", null);
+
+ }
+
+
+ URIBuilder uriBuilderAttrProv = new URIBuilder(attrProviderServiceURL);
+ HttpGet httpGetData = new HttpGet(uriBuilderAttrProv.build());
+
+ //encode and add token as header
+ String authHeader = "Bearer " + accessToken;
+ httpGetData.setHeader(HttpHeaders.AUTHORIZATION, authHeader);
+
+ //get and add bPK as header
+ httpGetData.setHeader(
+ "X-PVP-BPK",
+ pendingReq.getRawData(eID4UConstants.PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER, String.class));
+
+ if (Logger.isTraceEnabled()) {
+ for (Header el : httpGetData.getAllHeaders())
+ Logger.trace("Req. Headername:" + el.getName() + " Value:" + el.getValue());
+ }
+
+ //request Attribute Provider
+ HttpResponse httpResultData = httpClient.execute(httpGetData);
+
+ //parse response
+ Logger.trace("Receive http StatusCode: " + httpResultData.getStatusLine().getStatusCode()
+ + " from eID4U Attr.Provider Service");
+
+ if (Logger.isTraceEnabled()) {
+ for (Header el : httpResultData.getAllHeaders())
+ Logger.trace("Resp. Headername:" + el.getName() + " Value:" + el.getValue());
+ }
+
+ if (httpResultData.getStatusLine().getStatusCode() != 200) {
+ Logger.info("eID4U Attr.Provider Service anwser with StatusCode:" + httpResultData.getStatusLine().getStatusCode()
+ + " eID4U AP process stopping ... ");
+ if (httpResultData.getEntity().getContent() != null)
+ Logger.trace("StatusMessage: " + IOUtils.toString(httpResultData.getEntity().getContent(), "UTF-8"));
+
+ throw new eID4UAPException("eID4U Attr.Provider Service return statusCode: " + httpResultData.getStatusLine().getStatusCode(), null);
+
+ }
+
+
+ //parse eID4U attributes from Attr.Provider service response
+ JsonElement fullAttrSet = new JsonParser().parse(
+ new InputStreamReader(httpResultData.getEntity().getContent()));
+ Logger.trace("FullAttrSet: " + fullAttrSet.toString());
+
+ //populate eID4U attributes
+ populateEid4uAttributes(fullAttrSet.getAsJsonObject());
+
+ //store pendingRequest
+ requestStoreage.storePendingRequest(pendingReq);
+
+
+ } else
+ Logger.debug("No eIDAS Request found. Skip eID4U attribute collection");
+
+ } catch (Exception e) {
+ Logger.error("IdentityLink generation for foreign person FAILED.", e);
+ throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
+
+ }
+
+ }
+
+ private void populateEid4uAttributes(JsonObject jsonObject) throws EAAFStorageException {
+ try {
+ AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
+ Map<String, Object> eID4UAttributes = AttributeScopeMapper.getInstance().populateEid4uAttributesFromTugResponse(jsonObject);
+ for (Entry<String, Object> el : eID4UAttributes.entrySet())
+ session.setGenericDataToSession(el.getKey(), el.getValue());
+
+ } catch (EAAFStorageException e) {
+ Logger.warn("Can NOT inject authentication data into user object.", e);
+ throw e;
+ }
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java
index bb52d2ffe..44a313885 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java
@@ -69,12 +69,11 @@ import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
import org.opensaml.xml.signature.KeyInfo;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import com.google.common.collect.ImmutableSortedSet;
import com.google.common.collect.Ordering;
+import at.gv.egovernment.moa.logging.Logger;
import eu.eidas.auth.commons.EIDASUtil;
import eu.eidas.auth.commons.EidasStringUtil;
import eu.eidas.auth.commons.attribute.AttributeDefinition;
@@ -108,7 +107,6 @@ import eu.eidas.util.Preconditions;
*
*/
public class NewMoaEidasMetadata {
- private static final Logger LOGGER = LoggerFactory.getLogger(EidasMetadata.class.getName());
private final String metadata;
private final String entityId;
private static final Set<String> DEFAULT_BINDING = new HashSet() {
@@ -180,7 +178,7 @@ public class NewMoaEidasMetadata {
dm.setAlgorithm(digestMethod);
eidasExtensions.getUnknownXMLObjects().add(dm);
} else {
- NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding DigestMethod extension");
+ Logger.info("BUSINESS EXCEPTION error adding DigestMethod extension");
}
}
}
@@ -197,7 +195,7 @@ public class NewMoaEidasMetadata {
spTypeObj.setSPType(this.params.getSpType());
eidasExtensions.getUnknownXMLObjects().add(spTypeObj);
} else {
- NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding SPType extension");
+ Logger.info("BUSINESS EXCEPTION error adding SPType extension");
}
}
generateDigest(eidasExtensions);
@@ -212,7 +210,7 @@ public class NewMoaEidasMetadata {
sm.setAlgorithm(signMethod);
eidasExtensions.getUnknownXMLObjects().add(sm);
} else {
- NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding SigningMethod extension");
+ Logger.info("BUSINESS EXCEPTION error adding SigningMethod extension");
}
}
}
@@ -378,8 +376,12 @@ public class NewMoaEidasMetadata {
new ImmutableSortedSet.Builder<>(Ordering.<AttributeDefinition<?>>natural());
for (String attr : eIDASAttributeBuilder.getAllProvideableeIDASAttributes()) {
- AttributeDefinition<?> supAttr = params.getIdpEngine().getProtocolProcessor().getAttributeDefinitionNullable(attr);
- builder.add(supAttr);
+ Logger.trace("Build metadata-attr: " + attr);
+ AttributeDefinition<?> supAttr = params.getIdpEngine().getProtocolProcessor().getAttributeDefinitionNullable(attr);
+ if (supAttr == null)
+ Logger.warn("Suspect eIDAS attribute definition: " + attr);
+ else
+ builder.add(supAttr);
}
return builder.build();
@@ -444,11 +446,11 @@ public class NewMoaEidasMetadata {
url.setURL(new LocalizedString(this.params.getOrganization().getUrl(), "en"));
organization.getURLs().add(url);
} catch (IllegalAccessException iae) {
- NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", iae.getMessage());
- NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", iae);
+ Logger.info("ERROR : error generating the OrganizationData: " + iae.getMessage());
+ Logger.warn("ERROR : error generating the OrganizationData:", iae);
} catch (NoSuchFieldException nfe) {
- NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", nfe.getMessage());
- NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", nfe);
+ Logger.info("ERROR : error generating the OrganizationData: " + nfe.getMessage());
+ Logger.warn("ERROR : error generating the OrganizationData:", nfe);
}
}
return organization;
@@ -463,11 +465,11 @@ public class NewMoaEidasMetadata {
else if (contactType == ContactPersonTypeEnumeration.TECHNICAL)
currentContact = this.params.getTechnicalContact();
else {
- NewMoaEidasMetadata.LOGGER.error("ERROR: unsupported contact type");
+ Logger.error("ERROR: unsupported contact type");
}
contact = (ContactPerson) BuilderFactoryUtil.buildXmlObject(ContactPerson.class);
if (currentContact == null) {
- NewMoaEidasMetadata.LOGGER.error("ERROR: cannot retrieve contact from the configuration");
+ Logger.error("ERROR: cannot retrieve contact from the configuration");
return contact;
}
@@ -486,11 +488,11 @@ public class NewMoaEidasMetadata {
populateContact(contact, currentContact, emailAddressObj, company, givenName, surName, phoneNumber);
} catch (IllegalAccessException iae) {
- NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", iae.getMessage());
- NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", iae);
+ Logger.info("ERROR : error generating the OrganizationData: " + iae.getMessage());
+ Logger.warn("ERROR : error generating the OrganizationData: ", iae);
} catch (NoSuchFieldException nfe) {
- NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", nfe.getMessage());
- NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", nfe);
+ Logger.info("ERROR : error generating the OrganizationData: " + nfe.getMessage());
+ Logger.warn("ERROR : error generating the OrganizationData: ", nfe);
}
return contact;
}
@@ -546,8 +548,8 @@ public class NewMoaEidasMetadata {
}
return EidasStringUtil.toString(OpenSamlHelper.marshall(entityDescriptor, false));
} catch (Exception ex) {
- NewMoaEidasMetadata.LOGGER.info("ERROR : SAMLException ", ex.getMessage());
- NewMoaEidasMetadata.LOGGER.debug("ERROR : SAMLException ", ex);
+ Logger.info("ERROR : SAMLException: " + ex.getMessage());
+ Logger.warn("ERROR : SAMLException ", ex);
throw new IllegalStateException(ex);
}
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 6d20caa4b..b000c317e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -33,6 +33,7 @@ import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.XMLConfigurator;
import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAExtendedSWSigner;
import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
@@ -112,6 +113,16 @@ public class SAMLEngineUtils {
SAMLSchemaBuilder.addExtensionSchema(
at.gv.egovernment.moa.util.Constants.SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION);
+ //add eID4U schemes
+ SAMLSchemaBuilder.addExtensionSchema(
+ Definitions.SAML2_eID4U_CORE_EXTENSIONS_SCHEMA_LOCATION);
+ SAMLSchemaBuilder.addExtensionSchema(
+ Definitions.SAML2_eID4U_PERSON_EXTENSIONS_SCHEMA_LOCATION);
+ SAMLSchemaBuilder.addExtensionSchema(
+ Definitions.SAML2_eID4U_STUDIES_EXTENSIONS_SCHEMA_LOCATION);
+ SAMLSchemaBuilder.addExtensionSchema(
+ Definitions.SAML2_eID4U_EXT_EUROPASS3_EXTENSIONS_SCHEMA_LOCATION);
+
eIDASEngine = engine;
} catch (EIDASSAMLEngineException | ConfigurationException e) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java
deleted file mode 100644
index e3b58d259..000000000
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-
-/**
- * @author tlenz
- *
- */
-public class SimpleEidasAttributeGenerator implements IAttributeGenerator<String> {
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildStringAttribute(java.lang.String, java.lang.String, java.lang.String)
- */
- @Override
- public String buildStringAttribute(String friendlyName, String name, String value) {
- return value;
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildIntegerAttribute(java.lang.String, java.lang.String, int)
- */
- @Override
- public String buildIntegerAttribute(String friendlyName, String name, int value) {
- return String.valueOf(value);
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildLongAttribute(java.lang.String, java.lang.String, long)
- */
- @Override
- public String buildLongAttribute(String friendlyName, String name, long value) {
- return String.valueOf(value);
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildEmptyAttribute(java.lang.String, java.lang.String)
- */
- @Override
- public String buildEmptyAttribute(String friendlyName, String name) {
- return null;
- }
-
-}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
index 200215308..d2323d161 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
@@ -38,6 +38,7 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
import at.gv.egovernment.moa.logging.Logger;
@@ -53,7 +54,7 @@ import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
*
*/
public class eIDASAttributeBuilder extends PVPAttributeBuilder {
- private static IAttributeGenerator<String> generator = new SimpleEidasAttributeGenerator();
+ private static IAttributeGenerator<String> generator = new SimpleStringAttributeGenerator();
private static List<String> listOfSupportedeIDASAttributes;
private static ServiceLoader<IeIDASAttribute> eIDASAttributLoader =
@@ -105,7 +106,7 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder {
* @param authData Authentication data that contains user information for attribute generation
* @return eIDAS attribute response {@link Pair} or null if the attribute generation FAILES
*/
- public static Pair<AttributeDefinition<?>,ImmutableSet<AttributeValue<?>>> buildAttribute(AttributeDefinition<?> attr, ISPConfiguration onlineApplicationConfiguration,
+ public static Pair<?, ImmutableSet<AttributeValue<?>>> buildAttribute(AttributeDefinition<?> attr, ISPConfiguration onlineApplicationConfiguration,
IAuthData authData) {
String attrName = attr.getNameUri().toString();
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index d268dd2f6..7c9e66ba0 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -203,7 +203,8 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
//***** validate eIDAS request *********
//****************************************
//validate SAML token
- IAuthenticationRequest samlReq = engine.unmarshallRequestAndValidate(decSamlToken, cititzenCountryCode );
+ //TODO: maybe add whitelist feature
+ IAuthenticationRequest samlReq = engine.unmarshallRequestAndValidate(decSamlToken, cititzenCountryCode, null, false);
//validate internal JAVA class type
if (!(samlReq instanceof IEidasAuthenticationRequest)) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java
index 1ac4560b0..d9232a2f3 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java
@@ -28,7 +28,8 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF
* @author tlenz
*
*/
-@Deprecated
+
+
@eIDASMetadata
public class eIDASAttrLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
index 66359e240..e10f42b37 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
@@ -35,7 +35,6 @@ import at.gv.egovernment.moa.util.MiscUtil;
* @author tlenz
*
*/
-@Deprecated
@eIDASMetadata
public class eIDASAttrLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java
index 638b01bb1..cea28662e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java
@@ -28,7 +28,10 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF
* @author tlenz
*
*/
-@eIDASMetadata
+
+/*
+ * Is not a valid eIDAS attribute at the moment, because representative has to be a natural person
+ */
public class eIDASAttrRepresentativeLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute {
@Override
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
index fd245c3eb..7c527ff67 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
@@ -35,7 +35,10 @@ import at.gv.egovernment.moa.util.MiscUtil;
* @author tlenz
*
*/
-@eIDASMetadata
+
+/*
+ * Is not a valid eIDAS attribute at the moment, because representative has to be a natural person
+ */
public class eIDASAttrRepresentativeLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute {
@Override
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
index f7e135bae..14ba239a1 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
@@ -61,7 +61,7 @@ public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNat
throws AttributeBuilderException {
try {
- Pair<String, String> calcResult = internalBPKGenerator(oaParam, authData);
+ Pair<String, String> calcResult = getBpkForSp(oaParam, authData);
if (calcResult != null) {
String personalID = calcResult.getFirst();
String type = calcResult.getSecond();
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java
index db072203d..9321182da 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java
@@ -1,5 +1,8 @@
package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder;
+import java.lang.annotation.Retention;
+
+@Retention(java.lang.annotation.RetentionPolicy.RUNTIME)
public @interface eIDASMetadata {
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java
new file mode 100644
index 000000000..2f066bc6b
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class CititzenshipAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.CITIZENSHIP_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.CITIZENSHIP_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.CITIZENSHIP_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java
new file mode 100644
index 000000000..8ef79b774
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class CountryOfBirthAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.COUNTRYOFBIRTH_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.COUNTRYOFBIRTH_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.COUNTRYOFBIRTH_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java
new file mode 100644
index 000000000..7b4c16a5a
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class CurrentDegreeAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.CURRENTDEGREE_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.CURRENTDEGREE_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.CURRENTDEGREE_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java
new file mode 100644
index 000000000..5210676c2
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class CurrentLevelOfStudyAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.CURRENTLEVELOFSTUDY_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.CURRENTLEVELOFSTUDY_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.CURRENTLEVELOFSTUDY_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java
new file mode 100644
index 000000000..4b8e6ec29
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java
@@ -0,0 +1,49 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.generic.Document;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class CurrentPhotoAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ Object docObj= authData.getGenericData(getName(), Object.class);
+
+ if (docObj instanceof Document) {
+ return g.buildStringAttribute(Definitions.CURRENTPHOTO_FRIENDLYNAME, getName(), ((Document)docObj).toString());
+
+
+ } else if (docObj instanceof String) {
+ if (StringUtils.isNotEmpty((String)docObj))
+ return g.buildStringAttribute(Definitions.CURRENTPHOTO_FRIENDLYNAME, getName(), (String)docObj);
+
+ }
+
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.CURRENTPHOTO_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.CURRENTPHOTO_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java
new file mode 100644
index 000000000..4f0a0d2fc
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class DegreeAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.DEGREE_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.DEGREE_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.DEGREE_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java
new file mode 100644
index 000000000..8b480914b
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class DegreeAwardingInstituteAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.DEGREEAWARDINGINSTITUTION_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.DEGREEAWARDINGINSTITUTION_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.DEGREEAWARDINGINSTITUTION_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java
new file mode 100644
index 000000000..b3b58c9da
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class DegreeCountryAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.DEGREECOUNTRY_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.DEGREECOUNTRY_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.DEGREECOUNTRY_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java
new file mode 100644
index 000000000..f37b8ea65
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class EHICIDAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.EHICID_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.EHICID_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.EHICID_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java
new file mode 100644
index 000000000..c1dba7eff
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class EMailAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.EMAIL_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.EMAIL_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.EMAIL_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java
new file mode 100644
index 000000000..ba486079e
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class FieldOfStudyAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.FIELDOFSTUDY_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.FIELDOFSTUDY_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.FIELDOFSTUDY_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java
new file mode 100644
index 000000000..cf1bc4b07
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class GraduationYearAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.GRADUATIONYEAR_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.GRADUATIONYEAR_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.GRADUATIONYEAR_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java
new file mode 100644
index 000000000..73ab6fdda
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java
@@ -0,0 +1,72 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import java.io.IOException;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
+import eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddressAttributeValue;
+
+@eIDASMetadata
+public class HomeInstituteAddressAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ Object obj= authData.getGenericData(getName(), Object.class);
+
+ if (obj instanceof PostalAddress) {
+ try {
+ return g.buildStringAttribute(Definitions.HOMEINSTITUTIONADDRESS_FRIENDLYNAME, getName(),
+ new CurrentAddressAttributeValueMarshaller().marshal(
+ new PostalAddressAttributeValue((PostalAddress) obj)));
+
+ } catch (AttributeValueMarshallingException e) {
+ Logger.warn("Can NOT build attribute: " + getName(), e);
+
+ }
+
+ } else if (obj instanceof String) {
+ if (StringUtils.isNotEmpty((String)obj)) {
+ try {
+ return g.buildStringAttribute(Definitions.HOMEINSTITUTIONADDRESS_FRIENDLYNAME, getName(),
+ Base64Utils.encode(((String) obj).getBytes()));
+
+ } catch (IOException e) {
+ Logger.warn("Can NOT build attribute: " + getName(), e);
+
+ }
+
+ }
+
+ }
+
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONADDRESS_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.HOMEINSTITUTIONADDRESS_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java
new file mode 100644
index 000000000..4b80b53ca
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class HomeInstituteCountryAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.HOMEINSTITUTIONCOUNTRY_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONCOUNTRY_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.HOMEINSTITUTIONCOUNTRY_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java
new file mode 100644
index 000000000..e8c7a9169
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class HomeInstituteIdentifierAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.HOMEINSTITUTIONIDENTIFIER_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONIDENTIFIER_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.HOMEINSTITUTIONIDENTIFIER_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java
new file mode 100644
index 000000000..1f72b9a37
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class HomeInstituteNameAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.HOMEINSTITUTIONNAME_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONNAME_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.HOMEINSTITUTIONNAME_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java
new file mode 100644
index 000000000..1983c10d1
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java
@@ -0,0 +1,49 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class IdExpireddateAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ Object dateObj= authData.getGenericData(getName(), Object.class);
+
+ if (dateObj instanceof Date) {
+ DateFormat pvpDateFormat = new SimpleDateFormat(Definitions.DATE_FORMAT_PATTERN);
+ String dateString = pvpDateFormat.format(dateObj);
+ return g.buildStringAttribute(Definitions.IDEXPIREDATE_FRIENDLYNAME, getName(), dateString);
+
+ } else if (dateObj instanceof String) {
+ return g.buildStringAttribute(Definitions.IDEXPIREDATE_FRIENDLYNAME, getName(), (String) dateObj);
+
+ } else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.IDEXPIREDATE_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.IDEXPIREDATE_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java
new file mode 100644
index 000000000..7b04069e2
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class IdIssuerAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.IDISSUER_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.IDISSUER_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.IDISSUER_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java
new file mode 100644
index 000000000..956caab68
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class IdNumberAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.IDNUMBER_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.IDNUMBER_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.IDNUMBER_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java
new file mode 100644
index 000000000..e2aff59e9
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java
@@ -0,0 +1,48 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egiz.eid4u.api.attributes.natural.IdType;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class IdTypeAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ Object idTypeObj= authData.getGenericData(getName(), Object.class);
+
+ if (idTypeObj instanceof IdType)
+ return g.buildStringAttribute(Definitions.IDTYPE_FRIENDLYNAME, getName(), ((IdType)idTypeObj).getValue());
+
+ else if (idTypeObj instanceof String) {
+ String idType = (String)idTypeObj;
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.IDTYPE_FRIENDLYNAME, getName(), idType);
+ }
+
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.IDTYPE_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.IDTYPE_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java
new file mode 100644
index 000000000..4c88a54c1
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java
@@ -0,0 +1,50 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.CertificatesType;
+import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.generic.Document;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class LanguageCertificatesAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ Object certObj= authData.getGenericData(getName(), Object.class);
+
+ if (certObj instanceof CertificatesType) {
+ return g.buildStringAttribute(Definitions.LANGUAGECERTIFICATES_FRIENDLYNAME, getName(), ((CertificatesType)certObj).toString());
+
+
+ } else if (certObj instanceof String) {
+ if (StringUtils.isNotEmpty((String)certObj))
+ return g.buildStringAttribute(Definitions.LANGUAGECERTIFICATES_FRIENDLYNAME, getName(), (String) certObj);
+
+ }
+
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.LANGUAGECERTIFICATES_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.LANGUAGECERTIFICATES_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java
new file mode 100644
index 000000000..b3c30a8a2
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java
@@ -0,0 +1,51 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.CertificatesType;
+import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.LanguageLevelType;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class LanguageProficiencyAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ Object certObj= authData.getGenericData(getName(), Object.class);
+
+ if (certObj instanceof LanguageLevelType) {
+ return g.buildStringAttribute(Definitions.LANGUAGEPROFICIENCY_FRIENDLYNAME, getName(), ((LanguageLevelType)certObj).toString());
+
+
+ } else if (certObj instanceof String) {
+ if (StringUtils.isNotEmpty((String)certObj))
+
+ return g.buildStringAttribute(Definitions.LANGUAGEPROFICIENCY_FRIENDLYNAME, getName(), (String) certObj);
+
+ }
+
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.LANGUAGEPROFICIENCY_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.LANGUAGEPROFICIENCY_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java
new file mode 100644
index 000000000..98410a606
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java
@@ -0,0 +1,49 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egiz.eid4u.api.attributes.natural.MaritalState;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class MaritalstateAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ Object valueObj = authData.getGenericData(getName(), Object.class);
+
+ if (valueObj instanceof MaritalState)
+ return g.buildStringAttribute(Definitions.MARITALSTATE_FRIENDLYNAME, getName(), ((MaritalState)valueObj).getValue());
+
+ else if (valueObj instanceof String) {
+ String value = (String)valueObj;
+ if (StringUtils.isNotEmpty(value));
+ return g.buildStringAttribute(Definitions.MARITALSTATE_FRIENDLYNAME, getName(), value);
+
+ }
+
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.MARITALSTATE_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.EHICID_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java
new file mode 100644
index 000000000..724b2494e
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class NationalityAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.NATIONALITY_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.NATIONALITY_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.NATIONALITY_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java
new file mode 100644
index 000000000..51e78bac2
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class PhoneAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.PHONE_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.PHONE_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.PHONE_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java
new file mode 100644
index 000000000..9888ce3c0
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+
+@eIDASMetadata
+public class TaxIdentificationNumberAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ String idType= authData.getGenericData(getName(), String.class);
+ if (StringUtils.isNotEmpty(idType))
+ return g.buildStringAttribute(Definitions.TAXIDENTIFICATIONNUMBER_FRIENDLYNAME, getName(), idType);
+
+ else
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.TAXIDENTIFICATIONNUMBER_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.TAXIDENTIFICATIONNUMBER_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java
new file mode 100644
index 000000000..9a57750cf
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java
@@ -0,0 +1,70 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u;
+
+import java.io.IOException;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
+import eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
+import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddressAttributeValue;
+
+@eIDASMetadata
+public class TemporaryAddressAttrBuilder implements IeIDASAttribute {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+
+ Object obj= authData.getGenericData(getName(), Object.class);
+
+ if (obj instanceof PostalAddress) {
+ try {
+ return g.buildStringAttribute(Definitions.TEMPORARYADDRESS_FRIENDLYNAME, getName(),
+ new CurrentAddressAttributeValueMarshaller().marshal(
+ new PostalAddressAttributeValue((PostalAddress) obj)));
+
+ } catch (AttributeValueMarshallingException e) {
+ Logger.warn("Can NOT build attribute: " + getName(), e);
+
+ }
+
+ } else if (obj instanceof String) {
+ if (StringUtils.isNotEmpty((String)obj))
+ try {
+ return g.buildStringAttribute(Definitions.TEMPORARYADDRESS_FRIENDLYNAME, getName(),
+ Base64Utils.encode(((String) obj).getBytes()));
+
+ } catch (IOException e) {
+ Logger.warn("Can NOT build attribute: " + getName(), e);
+
+ }
+
+ }
+
+ throw new AttributeBuilderException("Attribute '" + getName() + "' is not available");
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(Definitions.TEMPORARYADDRESS_FRIENDLYNAME, getName());
+ }
+
+ @Override
+ public String getName() {
+ return Definitions.TEMPORARYADDRESS_NAME;
+
+ }
+
+}
+ \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index f6a67db9d..b42d3273f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -87,7 +87,9 @@ public class eIDASAuthenticationRequest implements IAction {
else
throw new MOAIDException("got wrong IRequest type. is: {}, should be: {}", new String[] {req.getClass().toString(), EIDASData.class.toString()});
-
+
+ ProtocolEngineI engine = at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
+
String subjectNameID = null;
//gather attributes
@@ -129,6 +131,21 @@ public class eIDASAuthenticationRequest implements IAction {
Logger.trace("eIDAS requsted attr. update process finished");
}
+
+
+
+ //TODO: eID4U testcode
+ //**************************************************************************
+// Builder reqAttrWitheID4U = ImmutableAttributeMap.builder(reqAttributeList);
+// AttributeDefinition<?> attrDef =
+// engine.getProtocolProcessor().getAttributeDefinitionNullable(
+// Definitions.IDTYPE_NAME);
+// reqAttrWitheID4U.put(AttributeDefinition.builder(attrDef).required(false).build());
+//
+// reqAttributeList = reqAttrWitheID4U.build();
+
+ //**************************************************************************
+
Logger.trace("Starting eIDAS response generation ....");
@@ -164,9 +181,7 @@ public class eIDASAuthenticationRequest implements IAction {
String token = null;
IResponseMessage eIDASRespMsg = null;
- try {
- ProtocolEngineI engine = at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
-
+ try {
// encryption is done by the SamlEngine, i.e. by the module we provide in the config
// but we need to set the appropriate request issuer
//engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer());
@@ -247,16 +262,18 @@ public class eIDASAuthenticationRequest implements IAction {
}
private void buildAndAddAttribute(ImmutableAttributeMap.Builder attrMapBuilder, AttributeDefinition<?> attr, IRequest req, IAuthData authData) throws MOAIDException {
- Pair<AttributeDefinition<?>, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute(
+ Pair<?, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute(
attr, req.getServiceProviderConfiguration(), authData);
if(eIDASAttr == null) {
if (attr.isRequired()) {
Logger.info("eIDAS Attr:" + attr.getNameUri() + " is marked as 'Required' but not available.");
- throw new MOAIDException("eIDAS.15", new Object[]{attr.getFriendlyName()});
+
+ //TODO!!!!!!!
+ //throw new MOAIDException("eIDAS.15", new Object[]{attr.getFriendlyName()});
} else
- Logger.info("eIDAS Attr:" + attr.getNameUri() + " is not available.");
+ Logger.debug("eIDAS Attr:" + attr.getNameUri() + " is not available.");
} else {
//add attribute to Map