diff options
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')
49 files changed, 2178 insertions, 111 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java new file mode 100644 index 000000000..d3aa7b4a0 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java @@ -0,0 +1,94 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidas; + + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl; +import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class AustrianAuthWitheID4UAuthenticationModulImpl extends DefaultCitizenCardAuthModuleImpl { + + private int priority = 1; + + @Autowired private IRequestStorage requestStore; + + + @Override + public int getPriority() { + return priority; + } + + /** + * Sets the priority of this module. Default value is {@code 0}. + * @param priority The priority. + */ + public void setPriority(int priority) { + this.priority = priority; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) + */ + @Override + public String selectProcess(ExecutionContext context) { + String selectedProcessID = super.selectProcess(context); + if (MiscUtil.isNotEmpty(selectedProcessID)) { + String pendingReqId = (String)context.get(EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID); + + if (StringUtils.isEmpty(pendingReqId)) + Logger.warn("Process execution context contains NO 'pendingReqId'. Looks very suspect!"); + + else { + IRequest pendingReq = requestStore.getPendingRequest(pendingReqId); + if (pendingReq != null && pendingReq instanceof EIDASData) { + return "eID4UAttributCollectionAuthentication"; + + } + } + } + + return selectedProcessID; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:eid4u.Authentication.process.xml" }; + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java new file mode 100644 index 000000000..c8c65ce76 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UAPSignalServlet.java @@ -0,0 +1,61 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; +import at.gv.egovernment.moa.id.util.CookieUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +@Controller +public class eID4UAPSignalServlet extends AbstractProcessEngineSignalController { + + public eID4UAPSignalServlet() { + Logger.debug("Registering servlet " + getClass().getName() + + " with mappings '"+ eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN + "'."); + + } + + @RequestMapping(value = {eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN }, + method = {RequestMethod.POST, RequestMethod.GET}) + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + signalProcessManagement(req, resp); + } + + @Override + /** + * Protocol specific implementation to get the pending-requestID + * from http request object + * + * @param request The http Servlet-Request object + * @return The Pending-request id + * + */ + public String getPendingRequestId(HttpServletRequest request) { + String pendigReqId = super.getPendingRequestId(request); + + if (MiscUtil.isEmpty(pendigReqId)) { + Logger.trace("No 'pendingReqID', seach for 'state' parameter in eID4U use-case ... "); + pendigReqId = request.getParameter(OAuth20Constants.PARAM_STATE); + if (MiscUtil.isEmpty(pendigReqId)) { + Logger.trace("No 'pendingReqID', seach HTTP-Cookie in eID4U use-case ... "); + pendigReqId = CookieUtils.getValueFromCookie(request, eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME); + if (MiscUtil.isEmpty(pendigReqId)) + Logger.info("NO eID4U cookie or 'state' parameter with pendingReqId."); + + } + } + + return pendigReqId; + + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java new file mode 100644 index 000000000..45eb161d3 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eID4UConstants.java @@ -0,0 +1,25 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas; + +public class eID4UConstants { + + //configuration parameter + public static final String CONFIG_PROPS_AP_CONSENT_ENTITYID = "moa.id.protocols.eIDAS.eID4U.AP.consent.entityID"; + public static final String CONFIG_PROPS_AP_CONSENT_URL = "moa.id.protocols.eIDAS.eID4U.AP.consent.url"; + public static final String CONFIG_PROPS_AP_SCOPES = "moa.id.protocols.eIDAS.eID4U.AP.scopes.full"; + public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_URL = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.url"; + public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_PARAM_GRANTTYPE = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.param.granttype"; + public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_USERNAME = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.username"; + public static final String CONFIG_PROPS_AP_AUTHTOKENSERVICE_PASSWORD = "moa.id.protocols.eIDAS.eID4U.AP.authtokenservice.password"; + public static final String CONFIG_PROPS_AP_DATASERVICE_URL = "moa.id.protocols.eIDAS.eID4U.AP.dataservice.url"; + + //session parameter + public static final String HTTP_TRANSACTION_COOKIE_NAME = "eID4APTransactionId"; + public static final String HTTP_ENDPOINT_AP_CONSENT_RETURN = "/eidas/eid4u/resume"; + + //process context + public static final String PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS = "collecteID4UAttr"; + public static final String PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER = "eID4UAttrProvbPK"; + + + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java new file mode 100644 index 000000000..69cc131ff --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eid4u/utils/AttributeScopeMapper.java @@ -0,0 +1,239 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; + +import org.apache.commons.lang3.StringUtils; + +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; + +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moaspss.logging.Logger; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; + +public class AttributeScopeMapper { + + private static AttributeScopeMapper instance = null; + + public static final String Scope_Delimiter = " "; + + public static final String Citizenship = "ANY@tugraz.idm.attr.Citizenship"; + public static final String CityOfBirth = "ANY@tugraz.idm.attr.CityOfBirth"; + public static final String CountryOfBirth = "ANY@tugraz.idm.attr.CountryOfBirth"; + public static final String CurrentDegreeName = "ANY@tugraz.idm.attr.CurrentDegreeName"; + public static final String CurrentFieldOfStudy = "ANY@tugraz.idm.attr.CurrentFieldOfStudy"; + public static final String CurrentLevelOfStudy = "ANY@tugraz.idm.attr.CurrentLevelOfStudy"; + public static final String EmailStud = "ANY@tugraz.idm.attr.EmailStud"; + public static final String Gender = "ANY@tugraz.idm.attr.Gender"; + public static final String HomeInstitutionName = "ANY@tugraz.idm.attr.HomeInstitutionName"; + public static final String HomeInstitutionCountry = "ANY@tugraz.idm.attr.HomeInstitutionCountry"; + + public static final String HomeInstitutionAddressCountryCode = "ANY@tugraz.idm.attr.HomeInstitutionAddressCountryCode"; + public static final String HomeInstitutionAddressPostalCode = "ANY@tugraz.idm.attr.HomeInstitutionAddressPostalCode"; + public static final String HomeInstitutionAddressStreet = "ANY@tugraz.idm.attr.HomeInstitutionAddressStreet"; + public static final String HomeInstitutionAddressCity = "ANY@tugraz.idm.attr.HomeInstitutionAddressCity"; + + public static final String PermanentAddressCity = "ANY@tugraz.idm.attr.PermanentAddressCity"; + public static final String PermanentAddressCountryCode = "ANY@tugraz.idm.attr.PermanentAddressCountryCode"; + public static final String PermanentAddressPostalCode = "ANY@tugraz.idm.attr.PermanentAddressPostalCode"; + public static final String PermanentAddressStreet = "ANY@tugraz.idm.attr.PermanentAddressStreet"; + + public static final String StudyAddressCity = "ANY@tugraz.idm.attr.StudyAddressCity"; + public static final String StudyAddressCountryCode = "ANY@tugraz.idm.attr.StudyAddressCountryCode"; + public static final String StudyAddressPostalCode = "ANY@tugraz.idm.attr.StudyAddressPostalCode"; + public static final String StudyAddressStreet = "ANY@tugraz.idm.attr.StudyAddressStreet"; + + private static List<String> complexeScopes = new ArrayList<String>(); + + private static final Map<String, String> eIDASToScopes = Collections.unmodifiableMap(new HashMap<String,String>() { + private static final long serialVersionUID = 1L; + { + put(Definitions.CITIZENSHIP_NAME, Citizenship); + put(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PLACE_OF_BIRTH.getNameUri().toString(), + CityOfBirth); + put(Definitions.COUNTRYOFBIRTH_NAME, CountryOfBirth); + put(Definitions.CURRENTDEGREE_NAME, CurrentDegreeName); + put(Definitions.FIELDOFSTUDY_NAME, CurrentFieldOfStudy); + put(Definitions.CURRENTLEVELOFSTUDY_NAME, CurrentLevelOfStudy); + put(Definitions.EMAIL_NAME, EmailStud); + put(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.GENDER.getNameUri().toString(), + Gender); + put(Definitions.HOMEINSTITUTIONNAME_NAME, HomeInstitutionName); + put(Definitions.HOMEINSTITUTIONCOUNTRY_NAME, HomeInstitutionCountry); + + put(Definitions.HOMEINSTITUTIONADDRESS_NAME, + HomeInstitutionAddressCountryCode + Scope_Delimiter + + HomeInstitutionAddressPostalCode + Scope_Delimiter + + HomeInstitutionAddressStreet + Scope_Delimiter + + HomeInstitutionAddressCity); + put(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString(), + PermanentAddressCity + Scope_Delimiter + + PermanentAddressCountryCode + Scope_Delimiter + + PermanentAddressPostalCode + Scope_Delimiter + + PermanentAddressStreet); + put(Definitions.TEMPORARYADDRESS_NAME, + StudyAddressCity + Scope_Delimiter + + StudyAddressCountryCode + Scope_Delimiter + + StudyAddressPostalCode + Scope_Delimiter + + StudyAddressStreet); + + } + }); + + private static Map<String, String> scopesToeIDAS = Collections.unmodifiableMap(new HashMap<String,String>() { + private static final long serialVersionUID = 1L; + { + Iterator<Entry<String, String>> it = eIDASToScopes.entrySet().iterator(); + while (it.hasNext()) { + Entry<String, String> el = it.next(); + String[] value = el.getValue().split(Scope_Delimiter); + if (value.length == 1) + put(el.getValue(), el.getKey()); + + else { + for (String i : value) { + put(i, el.getKey()); + complexeScopes.add(i); + + } + } + } + } + }); + + + + + public static AttributeScopeMapper getInstance() { + if (instance == null) { + instance = new AttributeScopeMapper(); + + } + + return instance; + } + + /** + * Map a eID4U attribute-name into a TUG Scope + * + * @param eID4UAttributeName eID4U attribute-name + * @return TUG Scope + */ + public String getTUGScopesForAttribute(String eID4UAttributeName) { + if (eIDASToScopes.containsKey(eID4UAttributeName)) + return eIDASToScopes.get(eID4UAttributeName); + + else { + Logger.info("eID4U attribute '" + eID4UAttributeName + "' CAN NOT provides from TUG"); + return StringUtils.EMPTY; + + } + + } + + /** + * Map a TUG Scope into an eID4u attribute-name + * + * @param scope TUG scope + * @return eID4u attribute name + */ + public String geteIDASAttrFromScope(String scope) { + return scopesToeIDAS.get(scope); + + } + + /** + * Check if an TUG scope is part of a complex eID4u attribute + * + * @param scope TUG scope + * @return true if scope is part of a complex attribute, otherwise false + */ + public boolean isComplexeScope(String scope) { + return complexeScopes.contains(scope); + + } + + /** + * Convert the TUG Attribute-provider response into a Map<attributeName, attributeValue> of eID4U attributes + * + * + * @param jsonObject TUG AP response + * @return Map of eID4U attributes, but never null + */ + public Map<String, Object> populateEid4uAttributesFromTugResponse(JsonObject jsonObject) { + Map<String, Object> result = new HashMap<String, Object>(); + Map<String, String> complexAttr = new HashMap<String, String>(); + + Iterator<Entry<String, JsonElement>> it = jsonObject.entrySet().iterator(); + while (it.hasNext()) { + Entry<String, JsonElement> el = it.next(); + String key = el.getKey(); + + Logger.trace("Starting TUG scrope mapping for: " + key + " ... "); + String eIDASAttr = AttributeScopeMapper.getInstance().geteIDASAttrFromScope(key); + if (StringUtils.isNotEmpty(eIDASAttr)) { + if (!AttributeScopeMapper.getInstance().isComplexeScope(key)) { + Logger.debug("Map simple TUG scope: " + key + " to eIDAS attribute: " + eIDASAttr); + result.put(eIDASAttr, el.getValue().getAsString()); + + } else { + Logger.trace("Find complex TUG scope: " + key); + complexAttr.put(eIDASAttr, null); + + } + + } else + Logger.info("Can NOT map TUG scope: " + key + " to any eID4U attribute"); + + } + + //TODO: can only Map address attributes + Iterator<String> complIt = complexAttr.keySet().iterator(); + while(complIt.hasNext()) { + String attr = complIt.next(); + + eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress.Builder address = PostalAddress.builder(); + if (Definitions.HOMEINSTITUTIONADDRESS_NAME.equals(attr)) { + address.postCode(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressPostalCode).getAsString()); + address.postName(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressCity).getAsString()); + address.cvAddressArea(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressStreet).getAsString()); + address.thoroughfare(jsonObject.get(AttributeScopeMapper.HomeInstitutionAddressStreet).getAsString()); + result.put(attr, address.build()); + + } else if (Definitions.TEMPORARYADDRESS_NAME.equals(attr)) { + address.postCode(jsonObject.get(AttributeScopeMapper.StudyAddressPostalCode).getAsString()); + address.postName(jsonObject.get(AttributeScopeMapper.StudyAddressCity).getAsString()); + address.cvAddressArea(jsonObject.get(AttributeScopeMapper.StudyAddressStreet).getAsString()); + address.thoroughfare(jsonObject.get(AttributeScopeMapper.StudyAddressStreet).getAsString()); + result.put(attr, address.build()); + + } else if (eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_ADDRESS.getNameUri().toString().equals(attr)) { + address.postCode(jsonObject.get(AttributeScopeMapper.PermanentAddressPostalCode).getAsString()); + address.postName(jsonObject.get(AttributeScopeMapper.PermanentAddressCity).getAsString()); + address.cvAddressArea(jsonObject.get(AttributeScopeMapper.PermanentAddressStreet).getAsString()); + address.thoroughfare(jsonObject.get(AttributeScopeMapper.PermanentAddressStreet).getAsString()); + result.put(attr, address.build()); + + } else { + Logger.warn("Complexe eID4U attribute: " + attr + " is NOT SUPPORTED yet!"); + + } + + } + + return result; + + } + + + private AttributeScopeMapper() { + + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java index f347022b8..d5b1a9e4e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java @@ -1,5 +1,7 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.engine; +import java.util.Collection; + import org.opensaml.saml2.core.AuthnRequest; import org.opensaml.saml2.core.Response; import org.w3c.dom.Document; @@ -26,9 +28,9 @@ public class MOAProtocolEngine extends ProtocolEngine { * */ @Override - public Correlated unmarshallResponse(byte[] responseBytes) throws EIDASSAMLEngineException { + public Correlated unmarshallResponse(byte[] responseBytes, Collection<String> metadataWhitelist, boolean checkWhitelist) throws EIDASSAMLEngineException { try { - return super.unmarshallResponse(responseBytes); + return super.unmarshallResponse(responseBytes, metadataWhitelist, checkWhitelist); } catch (EIDASSAMLEngineException e) { if (responseBytes != null ) { @@ -45,7 +47,7 @@ public class MOAProtocolEngine extends ProtocolEngine { if (startInternalMetadataRefesh(entityID)) { Logger.debug("Metadata refresh success. Revalidate eIDAS Response ..."); - return super.unmarshallResponse(responseBytes); + return super.unmarshallResponse(responseBytes, metadataWhitelist, checkWhitelist); } Logger.info("eIDAS metadata refresh not possible or not successful."); @@ -61,9 +63,9 @@ public class MOAProtocolEngine extends ProtocolEngine { * */ @Override - public AuthnRequest unmarshallRequest(byte[] requestBytes) throws EIDASSAMLEngineException { + public AuthnRequest unmarshallRequest(byte[] requestBytes, Collection<String> whitelistMetadata, boolean checkWhitelist) throws EIDASSAMLEngineException { try { - return super.unmarshallRequest(requestBytes); + return super.unmarshallRequest(requestBytes, whitelistMetadata, checkWhitelist); } catch (EIDASSAMLEngineException e) { @@ -81,7 +83,7 @@ public class MOAProtocolEngine extends ProtocolEngine { if (startInternalMetadataRefesh(entityID)) { Logger.debug("Metadata refresh success. Revalidate eIDAS Authn. Request ..."); - return super.unmarshallRequest(requestBytes); + return super.unmarshallRequest(requestBytes, whitelistMetadata, checkWhitelist); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java index aca818532..feeff6f84 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java @@ -440,7 +440,9 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider imp AuthConfiguration moaAuthConfig = (AuthConfiguration) basicConfig; //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( - PVPConstants.SSLSOCKETFACTORYNAME, + PVPConstants.SSLSOCKETFACTORYNAME, + basicConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), moaAuthConfig.getTrustedCACertificates(), null, AuthConfiguration.DEFAULT_X509_CHAININGMODE, diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java new file mode 100644 index 000000000..b7a9fcba9 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eID4UAPException.java @@ -0,0 +1,32 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class eID4UAPException extends EIDASException { + + /** + * + */ + private static final long serialVersionUID = 1L; + + public eID4UAPException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + public eID4UAPException(String messageId, Object[] parameters, Throwable e) { + super(messageId, parameters, e); + } + + @Override + public String getStatusCodeFirstLevel() { + return StatusCode.RESPONDER_URI; + + } + + @Override + public String getStatusCodeSecondLevel() { + return StatusCode.AUTHN_FAILED_URI; + + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java new file mode 100644 index 000000000..a58bc4f8d --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java @@ -0,0 +1,181 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; + +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import com.google.common.collect.UnmodifiableIterator; + +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants; +import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper; +import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; +import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthAction; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20Protocol; +import at.gv.egovernment.moa.id.util.CookieUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.Builder; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.ImmutableAttributeEntry; + +@Component("CollectAddtionalAttributesTask") +public class CollectAddtionalAttributesTask extends AbstractAuthServletTask { + + @Autowired private OAuth20AuthAction openIDAuthAction; + @Autowired private ITransactionStorage transactionStorage; + @Autowired private AuthenticationDataBuilder authDataBuilder; + + @Override + public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp) + throws TaskExecutionException { + try{ + context.put(eID4UConstants.PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS, false); + + if (pendingReq instanceof EIDASData) { + EIDASData eidasReq = (EIDASData) pendingReq; + Logger.debug("Find eIDAS Auth. Req. Check if eID4U attributes are requested ..."); + + //select all eID4U attributes from requested attributes + Builder reqEid4uAttrListBuilder = ImmutableAttributeMap.builder(); + ImmutableAttributeMap reqAttrList = eidasReq.getEidasRequestedAttributes(); + for (String el : Definitions.EID4UATTRIBUTEELIST) { + if(reqAttrList.getAttributeValuesByNameUri(el) != null) { + Logger.debug("Find eID4U attr: " + el); + reqEid4uAttrListBuilder.put(reqAttrList.getDefinitionByNameUri(el)); + + } + } + + //collect eID4U attributes, if some attributes are selected before + ImmutableAttributeMap reqEid4uAttrList = reqEid4uAttrListBuilder.build(); + if (reqEid4uAttrList != null && reqEid4uAttrList.size() > 0) { + Logger.info("Starting eID4U attribute collection process ... "); + + //mark execution context with eID4U AP flag + context.put(eID4UConstants.PROCESS_CONTEXT_FLAG_EID4U_AP_ACCESS, true); + + //load connection parameters to TUG + String uniqueID = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_CONSENT_ENTITYID); + String redirectURI = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_CONSENT_URL); + String scopes = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_SCOPES); + + if (MiscUtil.isEmpty(scopes)) { + //generate scope from attributes + scopes = mapReqAttributesIntoScopes(reqEid4uAttrList); + + } + + Logger.debug("Load eID4U AP-Config:" + + " EntityID: " + uniqueID + + " RedirectURL:" + redirectURI + + " Scopes: " + scopes); + + + /* + *build openID and set connect token + */ + + //generate fake OpenID_Connect request + OAuth20AuthRequest fakeOpenIDReq = new OAuth20AuthRequest(); + fakeOpenIDReq.initialize(httpReq, authConfig); + fakeOpenIDReq.setSPEntityId(uniqueID); + fakeOpenIDReq.setModule(OAuth20Protocol.NAME); + fakeOpenIDReq.setOnlineApplicationConfiguration(authConfig.getServiceProviderConfiguration(uniqueID)); + fakeOpenIDReq.setScope("openId profile"); + + //populate with SessionData + fakeOpenIDReq.setRawDataToTransaction( + pendingReq.getSessionData(AuthenticationSessionWrapper.class) + .getKeyValueRepresentationFromAuthSession()); + + //generate authData + IAuthData authData = authDataBuilder.buildAuthenticationData(fakeOpenIDReq); + + //generate OpenIDConenct token + String accessToken = Random.nextHexRandom32(); + OAuth20SessionObject o = new OAuth20SessionObject(); + o.setScope(fakeOpenIDReq.getScope()); + o.setCode(accessToken); + Map<String, Object> idToken = openIDAuthAction.generateIDToken(o, fakeOpenIDReq, authData, accessToken); + o.setAuthDataSession(idToken); + transactionStorage.put(accessToken, o, -1); + + //forward to TUG + httpResp.setStatus(HttpServletResponse.SC_FOUND); + redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_OPENID_CODE, accessToken); + redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_SCOPE, scopes); + redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_STATE, + pendingReq.getPendingRequestId()); + redirectURI = addURLParameter(redirectURI, OAuth20Constants.PARAM_REDIRECT_URI, + pendingReq.getAuthURL() + eID4UConstants.HTTP_ENDPOINT_AP_CONSENT_RETURN); + + final String finalUrl = redirectURI; + httpResp.addHeader("Location", finalUrl); + Logger.debug("REDIRECT TO: " + finalUrl.toString()); + + //set session cookie, because eID4U AP from TUG maybe not support pendingReqIds on request level + CookieUtils.setCookie(httpReq, httpResp, + eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME, + pendingReq.getPendingRequestId(), -1); + + //set user's bPK into pendingRequst because TUG AttributeProvider needs it + pendingReq.setRawDataToTransaction( + eID4UConstants.PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER, + new BPKAttributeBuilder().build( + fakeOpenIDReq.getServiceProviderConfiguration(), + authData, + new SimpleStringAttributeGenerator())); + requestStoreage.storePendingRequest(pendingReq); + + } else + Logger.debug("No eID4U attributes found. Skip eID4U attribute collection"); + + } else + Logger.debug("No eIDAS Request found. Skip eID4U attribute collection"); + + } catch (Exception e) { + Logger.error("eID4U AttributeProvider communication FAILED.", e); + throw new TaskExecutionException(pendingReq, "eID4U AttributeProvider communication FAILED", e); + + } + + } + + private String mapReqAttributesIntoScopes(ImmutableAttributeMap reqEid4uAttrList) { + String result = StringUtils.EMPTY; + UnmodifiableIterator<ImmutableAttributeEntry<?>> it = reqEid4uAttrList.entrySet().iterator(); + while (it.hasNext()) { + ImmutableAttributeEntry<?> el = it.next(); + String scope = AttributeScopeMapper.getInstance().getTUGScopesForAttribute( + el.getKey().getNameUri().toString()); + + if (result.isEmpty()) + result = scope; + else + result += " " + scope; + + } + + return result; + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java index 1788facf0..274a23674 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java @@ -57,11 +57,14 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider); //validate SAML token + //TODO: maybe add whitelist IAuthenticationResponse samlResp = engine.unmarshallResponseAndValidate(decSamlToken, request.getRemoteHost(), Constants.CONFIG_PROPS_SKEWTIME_BEFORE, Constants.CONFIG_PROPS_SKEWTIME_AFTER, - pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA); + pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA, + null, + false); if (samlResp.isEncrypted()) { Logger.info("Received encrypted eIDAS SAML-Response."); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java new file mode 100644 index 000000000..e878f8ab1 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java @@ -0,0 +1,238 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; + +import java.io.InputStreamReader; +import java.nio.charset.StandardCharsets; +import java.util.Base64; +import java.util.Map; +import java.util.Map.Entry; + +import javax.net.ssl.SSLSocketFactory; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.io.IOUtils; +import org.apache.http.Header; +import org.apache.http.HttpHeaders; +import org.apache.http.HttpResponse; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.protocol.HttpClientContext; +import org.apache.http.client.utils.URIBuilder; +import org.apache.http.impl.client.CloseableHttpClient; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.modules.eidas.eID4UConstants; +import at.gv.egovernment.moa.id.auth.modules.eidas.eid4u.utils.AttributeScopeMapper; +import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eID4UAPException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport; +import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; +import at.gv.egovernment.moa.id.util.CookieUtils; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +@Component("ReceiveConsentForAddtionalAttributesTask") +public class ReceiveConsentForAddtionalAttributesTask extends AbstractAuthServletTask { + + private static final int HashMap = 0; + @Autowired private AuthConfiguration moaAuthConfig; + + @Override + public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp) + throws TaskExecutionException { + try{ + if (pendingReq instanceof EIDASData) { + EIDASData eidasReq = (EIDASData) pendingReq; + + //delete eID4U http Cookie with pendingRequestId + CookieUtils.deleteCookie(httpReq, httpResp, eID4UConstants.HTTP_TRANSACTION_COOKIE_NAME); + + String authCode = httpReq.getParameter(OAuth20Constants.RESPONSE_CODE); + if (MiscUtil.isEmpty(authCode)) { + Logger.info("Find NO OAuth2 authCode as http parameter 'code'. eID4U AP process stopping ... "); + throw new eID4UAPException("NO OAuth2 'authCode' to access AP", null); + + } + Logger.trace("Find OAuth2 'code' with: " + authCode); + + /* + * access backend service with authCode + * + */ + String tokenServiceURL = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_URL); + String tokenServiceUsername = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_USERNAME); + String tokenServicePassword = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_PASSWORD); + + if (MiscUtil.isEmpty(tokenServiceURL)) { + Logger.info("NO TokenService URL in configuration for eID4U AP. "); + throw new eID4UAPException("NO TokenService URL in configuration for eID4U AP.", null); + + } + + //open http client + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( + moaAuthConfig, + tokenServiceURL); + CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient( + sslFactory, + authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); + + //build request URL + URIBuilder uriBuilderToken = new URIBuilder(tokenServiceURL); + uriBuilderToken.addParameter(OAuth20Constants.PARAM_GRANT_TYPE, + authConfig.getBasicConfiguration( + eID4UConstants.CONFIG_PROPS_AP_AUTHTOKENSERVICE_PARAM_GRANTTYPE, + OAuth20Constants.PARAM_GRANT_TYPE_VALUE_AUTHORIZATION_CODE)); + uriBuilderToken.addParameter(OAuth20Constants.RESPONSE_CODE, authCode); + Logger.trace("Full eID4U Token-Service request URL: " + uriBuilderToken.build()); + + HttpGet httpGetToken = new HttpGet(uriBuilderToken.build()); + + HttpClientContext localContext = HttpClientContext.create(); + if (MiscUtil.isNotEmpty(tokenServiceUsername)) { + Logger.debug("Find AuthCredentials for eID4U AP. Injecting credentials ... "); + + //Raw work-around, because API solution does not work well + String auth = tokenServiceUsername.trim() + ":" + tokenServicePassword.trim(); + byte[] encodedAuth = Base64.getEncoder().encode(auth.getBytes(StandardCharsets.ISO_8859_1)); + String authHeader = "Basic " + new String(encodedAuth); + httpGetToken.setHeader(HttpHeaders.AUTHORIZATION, authHeader); + + //API solutuion +// HttpHost targetHost = new HttpHost(uriBuilderToken.build().toString()); +// AuthCache authCache = new BasicAuthCache(); +// authCache.put(targetHost, new BasicScheme()); +// +// CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); +// credentialsProvider.setCredentials(AuthScope.ANY, +// new UsernamePasswordCredentials(tokenServiceUsername.trim(), tokenServicePassword.trim())); +// localContext.setCredentialsProvider(credentialsProvider); +// localContext.setAuthCache(authCache); + + } + + //request tokenService + HttpResponse httpResultToken = httpClient.execute(httpGetToken, localContext); + + Logger.trace("Receive http StatusCode: " + httpResultToken.getStatusLine().getStatusCode() + + " from eID4U AP TokenService"); + + if (Logger.isTraceEnabled()) { + for (Header el : httpResultToken.getAllHeaders()) + Logger.trace("Resp. Headername:" + el.getName() + " Value:" + el.getValue()); + } + + if (httpResultToken.getStatusLine().getStatusCode() != 200) { + Logger.info("eID4U AP TokenService anwser with StatusCode:" + httpResultToken.getStatusLine().getStatusCode() + + " eID4U AP process stopping ... "); + if (httpResultToken.getEntity().getContent() != null) + Logger.trace("StatusMessage: " + IOUtils.toString(httpResultToken.getEntity().getContent(), "UTF-8")); + throw new eID4UAPException("eID4U AP TokenService return statusCode: " + httpResultToken.getStatusLine().getStatusCode(), null); + + } + + //parse AccessToken from TokenService response + JsonElement fullToken = new JsonParser().parse( + new InputStreamReader(httpResultToken.getEntity().getContent())); + Logger.trace("FullToken: " + fullToken.toString()); + String accessToken = fullToken.getAsJsonObject().get(OAuth20Constants.RESPONSE_ACCESS_TOKEN).getAsString(); + + + //call Attribute Provider to receice eID4U attributes from TUG + String attrProviderServiceURL = authConfig.getBasicConfiguration(eID4UConstants.CONFIG_PROPS_AP_DATASERVICE_URL); + if (MiscUtil.isEmpty(attrProviderServiceURL)) { + Logger.info("NO Attr.Provider Service URL in configuration for eID4U AP. "); + throw new eID4UAPException("NO Attr.Provider URL in configuration for eID4U AP.", null); + + } + + + URIBuilder uriBuilderAttrProv = new URIBuilder(attrProviderServiceURL); + HttpGet httpGetData = new HttpGet(uriBuilderAttrProv.build()); + + //encode and add token as header + String authHeader = "Bearer " + accessToken; + httpGetData.setHeader(HttpHeaders.AUTHORIZATION, authHeader); + + //get and add bPK as header + httpGetData.setHeader( + "X-PVP-BPK", + pendingReq.getRawData(eID4UConstants.PROCESS_CONTEXT_USERS_BPK_EID4U_ATTRPROVIDER, String.class)); + + if (Logger.isTraceEnabled()) { + for (Header el : httpGetData.getAllHeaders()) + Logger.trace("Req. Headername:" + el.getName() + " Value:" + el.getValue()); + } + + //request Attribute Provider + HttpResponse httpResultData = httpClient.execute(httpGetData); + + //parse response + Logger.trace("Receive http StatusCode: " + httpResultData.getStatusLine().getStatusCode() + + " from eID4U Attr.Provider Service"); + + if (Logger.isTraceEnabled()) { + for (Header el : httpResultData.getAllHeaders()) + Logger.trace("Resp. Headername:" + el.getName() + " Value:" + el.getValue()); + } + + if (httpResultData.getStatusLine().getStatusCode() != 200) { + Logger.info("eID4U Attr.Provider Service anwser with StatusCode:" + httpResultData.getStatusLine().getStatusCode() + + " eID4U AP process stopping ... "); + if (httpResultData.getEntity().getContent() != null) + Logger.trace("StatusMessage: " + IOUtils.toString(httpResultData.getEntity().getContent(), "UTF-8")); + + throw new eID4UAPException("eID4U Attr.Provider Service return statusCode: " + httpResultData.getStatusLine().getStatusCode(), null); + + } + + + //parse eID4U attributes from Attr.Provider service response + JsonElement fullAttrSet = new JsonParser().parse( + new InputStreamReader(httpResultData.getEntity().getContent())); + Logger.trace("FullAttrSet: " + fullAttrSet.toString()); + + //populate eID4U attributes + populateEid4uAttributes(fullAttrSet.getAsJsonObject()); + + //store pendingRequest + requestStoreage.storePendingRequest(pendingReq); + + + } else + Logger.debug("No eIDAS Request found. Skip eID4U attribute collection"); + + } catch (Exception e) { + Logger.error("IdentityLink generation for foreign person FAILED.", e); + throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + + } + + } + + private void populateEid4uAttributes(JsonObject jsonObject) throws EAAFStorageException { + try { + AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + Map<String, Object> eID4UAttributes = AttributeScopeMapper.getInstance().populateEid4uAttributesFromTugResponse(jsonObject); + for (Entry<String, Object> el : eID4UAttributes.entrySet()) + session.setGenericDataToSession(el.getKey(), el.getValue()); + + } catch (EAAFStorageException e) { + Logger.warn("Can NOT inject authentication data into user object.", e); + throw e; + } + + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java index bb52d2ffe..44a313885 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java @@ -69,12 +69,11 @@ import org.opensaml.xml.security.credential.UsageType; import org.opensaml.xml.security.keyinfo.KeyInfoGenerator; import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory; import org.opensaml.xml.signature.KeyInfo; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import com.google.common.collect.ImmutableSortedSet; import com.google.common.collect.Ordering; +import at.gv.egovernment.moa.logging.Logger; import eu.eidas.auth.commons.EIDASUtil; import eu.eidas.auth.commons.EidasStringUtil; import eu.eidas.auth.commons.attribute.AttributeDefinition; @@ -108,7 +107,6 @@ import eu.eidas.util.Preconditions; * */ public class NewMoaEidasMetadata { - private static final Logger LOGGER = LoggerFactory.getLogger(EidasMetadata.class.getName()); private final String metadata; private final String entityId; private static final Set<String> DEFAULT_BINDING = new HashSet() { @@ -180,7 +178,7 @@ public class NewMoaEidasMetadata { dm.setAlgorithm(digestMethod); eidasExtensions.getUnknownXMLObjects().add(dm); } else { - NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding DigestMethod extension"); + Logger.info("BUSINESS EXCEPTION error adding DigestMethod extension"); } } } @@ -197,7 +195,7 @@ public class NewMoaEidasMetadata { spTypeObj.setSPType(this.params.getSpType()); eidasExtensions.getUnknownXMLObjects().add(spTypeObj); } else { - NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding SPType extension"); + Logger.info("BUSINESS EXCEPTION error adding SPType extension"); } } generateDigest(eidasExtensions); @@ -212,7 +210,7 @@ public class NewMoaEidasMetadata { sm.setAlgorithm(signMethod); eidasExtensions.getUnknownXMLObjects().add(sm); } else { - NewMoaEidasMetadata.LOGGER.info("BUSINESS EXCEPTION error adding SigningMethod extension"); + Logger.info("BUSINESS EXCEPTION error adding SigningMethod extension"); } } } @@ -378,8 +376,12 @@ public class NewMoaEidasMetadata { new ImmutableSortedSet.Builder<>(Ordering.<AttributeDefinition<?>>natural()); for (String attr : eIDASAttributeBuilder.getAllProvideableeIDASAttributes()) { - AttributeDefinition<?> supAttr = params.getIdpEngine().getProtocolProcessor().getAttributeDefinitionNullable(attr); - builder.add(supAttr); + Logger.trace("Build metadata-attr: " + attr); + AttributeDefinition<?> supAttr = params.getIdpEngine().getProtocolProcessor().getAttributeDefinitionNullable(attr); + if (supAttr == null) + Logger.warn("Suspect eIDAS attribute definition: " + attr); + else + builder.add(supAttr); } return builder.build(); @@ -444,11 +446,11 @@ public class NewMoaEidasMetadata { url.setURL(new LocalizedString(this.params.getOrganization().getUrl(), "en")); organization.getURLs().add(url); } catch (IllegalAccessException iae) { - NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", iae.getMessage()); - NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", iae); + Logger.info("ERROR : error generating the OrganizationData: " + iae.getMessage()); + Logger.warn("ERROR : error generating the OrganizationData:", iae); } catch (NoSuchFieldException nfe) { - NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", nfe.getMessage()); - NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", nfe); + Logger.info("ERROR : error generating the OrganizationData: " + nfe.getMessage()); + Logger.warn("ERROR : error generating the OrganizationData:", nfe); } } return organization; @@ -463,11 +465,11 @@ public class NewMoaEidasMetadata { else if (contactType == ContactPersonTypeEnumeration.TECHNICAL) currentContact = this.params.getTechnicalContact(); else { - NewMoaEidasMetadata.LOGGER.error("ERROR: unsupported contact type"); + Logger.error("ERROR: unsupported contact type"); } contact = (ContactPerson) BuilderFactoryUtil.buildXmlObject(ContactPerson.class); if (currentContact == null) { - NewMoaEidasMetadata.LOGGER.error("ERROR: cannot retrieve contact from the configuration"); + Logger.error("ERROR: cannot retrieve contact from the configuration"); return contact; } @@ -486,11 +488,11 @@ public class NewMoaEidasMetadata { populateContact(contact, currentContact, emailAddressObj, company, givenName, surName, phoneNumber); } catch (IllegalAccessException iae) { - NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", iae.getMessage()); - NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", iae); + Logger.info("ERROR : error generating the OrganizationData: " + iae.getMessage()); + Logger.warn("ERROR : error generating the OrganizationData: ", iae); } catch (NoSuchFieldException nfe) { - NewMoaEidasMetadata.LOGGER.info("ERROR : error generating the OrganizationData: {}", nfe.getMessage()); - NewMoaEidasMetadata.LOGGER.debug("ERROR : error generating the OrganizationData: {}", nfe); + Logger.info("ERROR : error generating the OrganizationData: " + nfe.getMessage()); + Logger.warn("ERROR : error generating the OrganizationData: ", nfe); } return contact; } @@ -546,8 +548,8 @@ public class NewMoaEidasMetadata { } return EidasStringUtil.toString(OpenSamlHelper.marshall(entityDescriptor, false)); } catch (Exception ex) { - NewMoaEidasMetadata.LOGGER.info("ERROR : SAMLException ", ex.getMessage()); - NewMoaEidasMetadata.LOGGER.debug("ERROR : SAMLException ", ex); + Logger.info("ERROR : SAMLException: " + ex.getMessage()); + Logger.warn("ERROR : SAMLException ", ex); throw new IllegalStateException(ex); } } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java index 6d20caa4b..b000c317e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java @@ -33,6 +33,7 @@ import org.opensaml.xml.ConfigurationException; import org.opensaml.xml.XMLConfigurator; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eid4u.api.attributes.Definitions; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAExtendedSWSigner; import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl; @@ -112,6 +113,16 @@ public class SAMLEngineUtils { SAMLSchemaBuilder.addExtensionSchema( at.gv.egovernment.moa.util.Constants.SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION); + //add eID4U schemes + SAMLSchemaBuilder.addExtensionSchema( + Definitions.SAML2_eID4U_CORE_EXTENSIONS_SCHEMA_LOCATION); + SAMLSchemaBuilder.addExtensionSchema( + Definitions.SAML2_eID4U_PERSON_EXTENSIONS_SCHEMA_LOCATION); + SAMLSchemaBuilder.addExtensionSchema( + Definitions.SAML2_eID4U_STUDIES_EXTENSIONS_SCHEMA_LOCATION); + SAMLSchemaBuilder.addExtensionSchema( + Definitions.SAML2_eID4U_EXT_EUROPASS3_EXTENSIONS_SCHEMA_LOCATION); + eIDASEngine = engine; } catch (EIDASSAMLEngineException | ConfigurationException e) { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java deleted file mode 100644 index e3b58d259..000000000 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth.modules.eidas.utils; - -import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; - -/** - * @author tlenz - * - */ -public class SimpleEidasAttributeGenerator implements IAttributeGenerator<String> { - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildStringAttribute(java.lang.String, java.lang.String, java.lang.String) - */ - @Override - public String buildStringAttribute(String friendlyName, String name, String value) { - return value; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildIntegerAttribute(java.lang.String, java.lang.String, int) - */ - @Override - public String buildIntegerAttribute(String friendlyName, String name, int value) { - return String.valueOf(value); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildLongAttribute(java.lang.String, java.lang.String, long) - */ - @Override - public String buildLongAttribute(String friendlyName, String name, long value) { - return String.valueOf(value); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildEmptyAttribute(java.lang.String, java.lang.String) - */ - @Override - public String buildEmptyAttribute(String friendlyName, String name) { - return null; - } - -} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java index 200215308..d2323d161 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java @@ -38,6 +38,7 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.data.IMOAAuthData; +import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; import at.gv.egovernment.moa.logging.Logger; @@ -53,7 +54,7 @@ import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException; * */ public class eIDASAttributeBuilder extends PVPAttributeBuilder { - private static IAttributeGenerator<String> generator = new SimpleEidasAttributeGenerator(); + private static IAttributeGenerator<String> generator = new SimpleStringAttributeGenerator(); private static List<String> listOfSupportedeIDASAttributes; private static ServiceLoader<IeIDASAttribute> eIDASAttributLoader = @@ -105,7 +106,7 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder { * @param authData Authentication data that contains user information for attribute generation * @return eIDAS attribute response {@link Pair} or null if the attribute generation FAILES */ - public static Pair<AttributeDefinition<?>,ImmutableSet<AttributeValue<?>>> buildAttribute(AttributeDefinition<?> attr, ISPConfiguration onlineApplicationConfiguration, + public static Pair<?, ImmutableSet<AttributeValue<?>>> buildAttribute(AttributeDefinition<?> attr, ISPConfiguration onlineApplicationConfiguration, IAuthData authData) { String attrName = attr.getNameUri().toString(); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index d268dd2f6..7c9e66ba0 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -203,7 +203,8 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement //***** validate eIDAS request ********* //**************************************** //validate SAML token - IAuthenticationRequest samlReq = engine.unmarshallRequestAndValidate(decSamlToken, cititzenCountryCode ); + //TODO: maybe add whitelist feature + IAuthenticationRequest samlReq = engine.unmarshallRequestAndValidate(decSamlToken, cititzenCountryCode, null, false); //validate internal JAVA class type if (!(samlReq instanceof IEidasAuthenticationRequest)) { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java index 1ac4560b0..d9232a2f3 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java @@ -28,7 +28,8 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF * @author tlenz * */ -@Deprecated + + @eIDASMetadata public class eIDASAttrLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java index 66359e240..e10f42b37 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java @@ -35,7 +35,6 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ -@Deprecated @eIDASMetadata public class eIDASAttrLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java index 638b01bb1..cea28662e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java @@ -28,7 +28,10 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF * @author tlenz * */ -@eIDASMetadata + +/* + * Is not a valid eIDAS attribute at the moment, because representative has to be a natural person + */ public class eIDASAttrRepresentativeLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute { @Override diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java index fd245c3eb..7c527ff67 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java @@ -35,7 +35,10 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ -@eIDASMetadata + +/* + * Is not a valid eIDAS attribute at the moment, because representative has to be a natural person + */ public class eIDASAttrRepresentativeLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute { @Override diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java index f7e135bae..14ba239a1 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java @@ -61,7 +61,7 @@ public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNat throws AttributeBuilderException { try { - Pair<String, String> calcResult = internalBPKGenerator(oaParam, authData); + Pair<String, String> calcResult = getBpkForSp(oaParam, authData); if (calcResult != null) { String personalID = calcResult.getFirst(); String type = calcResult.getSecond(); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java index db072203d..9321182da 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java @@ -1,5 +1,8 @@ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; +import java.lang.annotation.Retention; + +@Retention(java.lang.annotation.RetentionPolicy.RUNTIME) public @interface eIDASMetadata { } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java new file mode 100644 index 000000000..2f066bc6b --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CititzenshipAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class CititzenshipAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.CITIZENSHIP_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.CITIZENSHIP_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.CITIZENSHIP_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java new file mode 100644 index 000000000..8ef79b774 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CountryOfBirthAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class CountryOfBirthAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.COUNTRYOFBIRTH_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.COUNTRYOFBIRTH_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.COUNTRYOFBIRTH_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java new file mode 100644 index 000000000..7b4c16a5a --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentDegreeAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class CurrentDegreeAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.CURRENTDEGREE_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.CURRENTDEGREE_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.CURRENTDEGREE_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java new file mode 100644 index 000000000..5210676c2 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentLevelOfStudyAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class CurrentLevelOfStudyAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.CURRENTLEVELOFSTUDY_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.CURRENTLEVELOFSTUDY_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.CURRENTLEVELOFSTUDY_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java new file mode 100644 index 000000000..4b8e6ec29 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/CurrentPhotoAttrBuilder.java @@ -0,0 +1,49 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.generic.Document; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class CurrentPhotoAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + Object docObj= authData.getGenericData(getName(), Object.class); + + if (docObj instanceof Document) { + return g.buildStringAttribute(Definitions.CURRENTPHOTO_FRIENDLYNAME, getName(), ((Document)docObj).toString()); + + + } else if (docObj instanceof String) { + if (StringUtils.isNotEmpty((String)docObj)) + return g.buildStringAttribute(Definitions.CURRENTPHOTO_FRIENDLYNAME, getName(), (String)docObj); + + } + + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.CURRENTPHOTO_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.CURRENTPHOTO_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java new file mode 100644 index 000000000..4f0a0d2fc --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class DegreeAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.DEGREE_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.DEGREE_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.DEGREE_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java new file mode 100644 index 000000000..8b480914b --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeAwardingInstituteAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class DegreeAwardingInstituteAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.DEGREEAWARDINGINSTITUTION_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.DEGREEAWARDINGINSTITUTION_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.DEGREEAWARDINGINSTITUTION_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java new file mode 100644 index 000000000..b3b58c9da --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/DegreeCountryAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class DegreeCountryAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.DEGREECOUNTRY_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.DEGREECOUNTRY_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.DEGREECOUNTRY_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java new file mode 100644 index 000000000..f37b8ea65 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EHICIDAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class EHICIDAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.EHICID_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.EHICID_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.EHICID_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java new file mode 100644 index 000000000..c1dba7eff --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/EMailAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class EMailAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.EMAIL_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.EMAIL_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.EMAIL_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java new file mode 100644 index 000000000..ba486079e --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/FieldOfStudyAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class FieldOfStudyAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.FIELDOFSTUDY_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.FIELDOFSTUDY_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.FIELDOFSTUDY_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java new file mode 100644 index 000000000..cf1bc4b07 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/GraduationYearAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class GraduationYearAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.GRADUATIONYEAR_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.GRADUATIONYEAR_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.GRADUATIONYEAR_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java new file mode 100644 index 000000000..73ab6fdda --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteAddressAttrBuilder.java @@ -0,0 +1,72 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import java.io.IOException; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException; +import eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddressAttributeValue; + +@eIDASMetadata +public class HomeInstituteAddressAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + Object obj= authData.getGenericData(getName(), Object.class); + + if (obj instanceof PostalAddress) { + try { + return g.buildStringAttribute(Definitions.HOMEINSTITUTIONADDRESS_FRIENDLYNAME, getName(), + new CurrentAddressAttributeValueMarshaller().marshal( + new PostalAddressAttributeValue((PostalAddress) obj))); + + } catch (AttributeValueMarshallingException e) { + Logger.warn("Can NOT build attribute: " + getName(), e); + + } + + } else if (obj instanceof String) { + if (StringUtils.isNotEmpty((String)obj)) { + try { + return g.buildStringAttribute(Definitions.HOMEINSTITUTIONADDRESS_FRIENDLYNAME, getName(), + Base64Utils.encode(((String) obj).getBytes())); + + } catch (IOException e) { + Logger.warn("Can NOT build attribute: " + getName(), e); + + } + + } + + } + + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONADDRESS_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.HOMEINSTITUTIONADDRESS_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java new file mode 100644 index 000000000..4b80b53ca --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteCountryAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class HomeInstituteCountryAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.HOMEINSTITUTIONCOUNTRY_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONCOUNTRY_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.HOMEINSTITUTIONCOUNTRY_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java new file mode 100644 index 000000000..e8c7a9169 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteIdentifierAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class HomeInstituteIdentifierAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.HOMEINSTITUTIONIDENTIFIER_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONIDENTIFIER_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.HOMEINSTITUTIONIDENTIFIER_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java new file mode 100644 index 000000000..1f72b9a37 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/HomeInstituteNameAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class HomeInstituteNameAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.HOMEINSTITUTIONNAME_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.HOMEINSTITUTIONNAME_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.HOMEINSTITUTIONNAME_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java new file mode 100644 index 000000000..1983c10d1 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdExpireddateAttrBuilder.java @@ -0,0 +1,49 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import java.text.DateFormat; +import java.text.SimpleDateFormat; +import java.util.Date; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class IdExpireddateAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + Object dateObj= authData.getGenericData(getName(), Object.class); + + if (dateObj instanceof Date) { + DateFormat pvpDateFormat = new SimpleDateFormat(Definitions.DATE_FORMAT_PATTERN); + String dateString = pvpDateFormat.format(dateObj); + return g.buildStringAttribute(Definitions.IDEXPIREDATE_FRIENDLYNAME, getName(), dateString); + + } else if (dateObj instanceof String) { + return g.buildStringAttribute(Definitions.IDEXPIREDATE_FRIENDLYNAME, getName(), (String) dateObj); + + } else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.IDEXPIREDATE_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.IDEXPIREDATE_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java new file mode 100644 index 000000000..7b04069e2 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdIssuerAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class IdIssuerAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.IDISSUER_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.IDISSUER_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.IDISSUER_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java new file mode 100644 index 000000000..956caab68 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdNumberAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class IdNumberAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.IDNUMBER_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.IDNUMBER_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.IDNUMBER_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java new file mode 100644 index 000000000..e2aff59e9 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/IdTypeAttrBuilder.java @@ -0,0 +1,48 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egiz.eid4u.api.attributes.natural.IdType; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class IdTypeAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + Object idTypeObj= authData.getGenericData(getName(), Object.class); + + if (idTypeObj instanceof IdType) + return g.buildStringAttribute(Definitions.IDTYPE_FRIENDLYNAME, getName(), ((IdType)idTypeObj).getValue()); + + else if (idTypeObj instanceof String) { + String idType = (String)idTypeObj; + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.IDTYPE_FRIENDLYNAME, getName(), idType); + } + + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.IDTYPE_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.IDTYPE_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java new file mode 100644 index 000000000..4c88a54c1 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageCertificatesAttrBuilder.java @@ -0,0 +1,50 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.CertificatesType; +import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.generic.Document; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class LanguageCertificatesAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + Object certObj= authData.getGenericData(getName(), Object.class); + + if (certObj instanceof CertificatesType) { + return g.buildStringAttribute(Definitions.LANGUAGECERTIFICATES_FRIENDLYNAME, getName(), ((CertificatesType)certObj).toString()); + + + } else if (certObj instanceof String) { + if (StringUtils.isNotEmpty((String)certObj)) + return g.buildStringAttribute(Definitions.LANGUAGECERTIFICATES_FRIENDLYNAME, getName(), (String) certObj); + + } + + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.LANGUAGECERTIFICATES_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.LANGUAGECERTIFICATES_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java new file mode 100644 index 000000000..b3c30a8a2 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/LanguageProficiencyAttrBuilder.java @@ -0,0 +1,51 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.CertificatesType; +import at.gv.egiz.eid4u.impl.attributes.xjc.eid4u.LanguageLevelType; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class LanguageProficiencyAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + Object certObj= authData.getGenericData(getName(), Object.class); + + if (certObj instanceof LanguageLevelType) { + return g.buildStringAttribute(Definitions.LANGUAGEPROFICIENCY_FRIENDLYNAME, getName(), ((LanguageLevelType)certObj).toString()); + + + } else if (certObj instanceof String) { + if (StringUtils.isNotEmpty((String)certObj)) + + return g.buildStringAttribute(Definitions.LANGUAGEPROFICIENCY_FRIENDLYNAME, getName(), (String) certObj); + + } + + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.LANGUAGEPROFICIENCY_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.LANGUAGEPROFICIENCY_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java new file mode 100644 index 000000000..98410a606 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/MaritalstateAttrBuilder.java @@ -0,0 +1,49 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egiz.eid4u.api.attributes.natural.MaritalState; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class MaritalstateAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + Object valueObj = authData.getGenericData(getName(), Object.class); + + if (valueObj instanceof MaritalState) + return g.buildStringAttribute(Definitions.MARITALSTATE_FRIENDLYNAME, getName(), ((MaritalState)valueObj).getValue()); + + else if (valueObj instanceof String) { + String value = (String)valueObj; + if (StringUtils.isNotEmpty(value)); + return g.buildStringAttribute(Definitions.MARITALSTATE_FRIENDLYNAME, getName(), value); + + } + + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.MARITALSTATE_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.EHICID_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java new file mode 100644 index 000000000..724b2494e --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/NationalityAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class NationalityAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.NATIONALITY_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.NATIONALITY_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.NATIONALITY_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java new file mode 100644 index 000000000..51e78bac2 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/PhoneAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class PhoneAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.PHONE_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.PHONE_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.PHONE_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java new file mode 100644 index 000000000..9888ce3c0 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TaxIdentificationNumberAttrBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; + +@eIDASMetadata +public class TaxIdentificationNumberAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + String idType= authData.getGenericData(getName(), String.class); + if (StringUtils.isNotEmpty(idType)) + return g.buildStringAttribute(Definitions.TAXIDENTIFICATIONNUMBER_FRIENDLYNAME, getName(), idType); + + else + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.TAXIDENTIFICATIONNUMBER_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.TAXIDENTIFICATIONNUMBER_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java new file mode 100644 index 000000000..9a57750cf --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eid4u/TemporaryAddressAttrBuilder.java @@ -0,0 +1,70 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u; + +import java.io.IOException; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eid4u.api.attributes.Definitions; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException; +import eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddressAttributeValue; + +@eIDASMetadata +public class TemporaryAddressAttrBuilder implements IeIDASAttribute { + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + + Object obj= authData.getGenericData(getName(), Object.class); + + if (obj instanceof PostalAddress) { + try { + return g.buildStringAttribute(Definitions.TEMPORARYADDRESS_FRIENDLYNAME, getName(), + new CurrentAddressAttributeValueMarshaller().marshal( + new PostalAddressAttributeValue((PostalAddress) obj))); + + } catch (AttributeValueMarshallingException e) { + Logger.warn("Can NOT build attribute: " + getName(), e); + + } + + } else if (obj instanceof String) { + if (StringUtils.isNotEmpty((String)obj)) + try { + return g.buildStringAttribute(Definitions.TEMPORARYADDRESS_FRIENDLYNAME, getName(), + Base64Utils.encode(((String) obj).getBytes())); + + } catch (IOException e) { + Logger.warn("Can NOT build attribute: " + getName(), e); + + } + + } + + throw new AttributeBuilderException("Attribute '" + getName() + "' is not available"); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(Definitions.TEMPORARYADDRESS_FRIENDLYNAME, getName()); + } + + @Override + public String getName() { + return Definitions.TEMPORARYADDRESS_NAME; + + } + +} +
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java index f6a67db9d..b42d3273f 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java @@ -87,7 +87,9 @@ public class eIDASAuthenticationRequest implements IAction { else throw new MOAIDException("got wrong IRequest type. is: {}, should be: {}", new String[] {req.getClass().toString(), EIDASData.class.toString()}); - + + ProtocolEngineI engine = at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider); + String subjectNameID = null; //gather attributes @@ -129,6 +131,21 @@ public class eIDASAuthenticationRequest implements IAction { Logger.trace("eIDAS requsted attr. update process finished"); } + + + + //TODO: eID4U testcode + //************************************************************************** +// Builder reqAttrWitheID4U = ImmutableAttributeMap.builder(reqAttributeList); +// AttributeDefinition<?> attrDef = +// engine.getProtocolProcessor().getAttributeDefinitionNullable( +// Definitions.IDTYPE_NAME); +// reqAttrWitheID4U.put(AttributeDefinition.builder(attrDef).required(false).build()); +// +// reqAttributeList = reqAttrWitheID4U.build(); + + //************************************************************************** + Logger.trace("Starting eIDAS response generation ...."); @@ -164,9 +181,7 @@ public class eIDASAuthenticationRequest implements IAction { String token = null; IResponseMessage eIDASRespMsg = null; - try { - ProtocolEngineI engine = at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider); - + try { // encryption is done by the SamlEngine, i.e. by the module we provide in the config // but we need to set the appropriate request issuer //engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer()); @@ -247,16 +262,18 @@ public class eIDASAuthenticationRequest implements IAction { } private void buildAndAddAttribute(ImmutableAttributeMap.Builder attrMapBuilder, AttributeDefinition<?> attr, IRequest req, IAuthData authData) throws MOAIDException { - Pair<AttributeDefinition<?>, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute( + Pair<?, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute( attr, req.getServiceProviderConfiguration(), authData); if(eIDASAttr == null) { if (attr.isRequired()) { Logger.info("eIDAS Attr:" + attr.getNameUri() + " is marked as 'Required' but not available."); - throw new MOAIDException("eIDAS.15", new Object[]{attr.getFriendlyName()}); + + //TODO!!!!!!! + //throw new MOAIDException("eIDAS.15", new Object[]{attr.getFriendlyName()}); } else - Logger.info("eIDAS Attr:" + attr.getNameUri() + " is not available."); + Logger.debug("eIDAS Attr:" + attr.getNameUri() + " is not available."); } else { //add attribute to Map |