diff options
Diffstat (limited to 'id')
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java | 820 | 
1 files changed, 820 insertions, 0 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java new file mode 100644 index 000000000..4b29fef3b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -0,0 +1,820 @@ +/** + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.data; + +import java.io.Serializable; +import java.text.DateFormat; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.Date; +import java.util.List; +import java.util.Map; + +import org.apache.commons.collections4.map.HashedMap; +import org.w3c.dom.Element; + +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; +import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; +import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class AuthenticationData  implements IAuthData, Serializable { + +	private static final long serialVersionUID = -1042697056735596866L; +	public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; +	 +	  /** +	   * URL of the MOA-ID Auth component issueing this assertion +	   */ +	  private String issuer; +	  /** +	   * time instant of issue of this assertion +	   */ +	  private Date issueInstant; +	  /** +	   * user identification value (Stammzahl); <code>null</code>,  +	   * if the authentication module is configured not to return this data +	   */ +	  private String identificationValue; +		/** +		 * user identification type +		 */ +	  private String identificationType; +		 +		/** +		 * user identityLink specialized to OAParamter +		 */ +	  private IIdentityLink identityLink; +		 +	  /** +	   * application specific user identifier (bPK/wbPK) +	   */ +	  private String bPK; +	   +	  /** +	   * application specific user identifier type +	   */ +	  private String bPKType; +	   +	  /** +	   * given name of the user +	   */ +	  private String givenName; +	  /** +	   * family name of the user +	   */ +	  private String familyName; +	  /** +	   * date of birth of the user +	   */ +	  private Date dateOfBirth; +	  /** +	   * says whether the certificate is a qualified certificate or not +	   */ +	  private boolean qualifiedCertificate; +	  /** +	   * says whether the certificate is a public authority or not +	   */ +	  private boolean publicAuthority; +	  /** +	   * public authority code (Behördenkennzeichen - BKZ) +	   */ +	  private String publicAuthorityCode; + +	  /** +	   * URL of the BKU +	   */ +	  private String bkuURL; +	  /** +	   * the corresponding <code>lt;saml:Assertion></code> +	   */ + +	  private boolean isBaseIDTransferRestrication = true; +	   +	   +	 /** +	  * STORK attributes from response +	  */ +	  private String ccc = null; +	   +	  private Map<String, Object> genericDataStorate = new HashedMap<String, Object>(); +	   +	  private byte[] signerCertificate = null; +	  	   +	  private String authBlock = null;  +	  private List<String> encbPKList = null; +	   +	  //ISA 1.18 attributes +	  private List<AuthenticationRole> roles = null; +	  private String pvpAttribute_OU = null; +	   +	  private boolean useMandate = false; +	  private IMISMandate mandate = null; +	  private String mandateReferenceValue = null; +	   +	  private boolean foreigner =false; +	  private String QAALevel = null; +	   +	  private boolean ssoSession = false; +	  private Date ssoSessionValidTo = null; + +//	  private boolean interfederatedSSOSession = false; +//	  private String interfederatedIDP = null; +	   +	  private String sessionIndex = null; +	  private String nameID = null; +	  private String nameIDFormat = null; +	   +	  public AuthenticationData() { +		  issueInstant = new Date(); +	  } +	  	   +	  /** +	   * Returns the publicAuthority. +	   * @return boolean +	   */ +	  public boolean isPublicAuthority() { +	    return publicAuthority; +	  } + +	  /** +	   * Returns the publicAuthorityCode. +	   * @return String +	   */ +	  public String getPublicAuthorityCode() { +	    return publicAuthorityCode; +	  } + +	  /** +	   * Returns the qualifiedCertificate. +	   * @return boolean +	   */ +	  public boolean isQualifiedCertificate() { +	    return qualifiedCertificate; +	  } + +	  /** +	   * Returns the bPK. +	   * @return String +	   */ +	  public String getBPK() { +	    return bPK; +	  } + +	  /** +	   * Sets the publicAuthority. +	   * @param publicAuthority The publicAuthority to set +	   */ +	  public void setPublicAuthority(boolean publicAuthority) { +	    this.publicAuthority = publicAuthority; +	  } + +	  /** +	   * Sets the publicAuthorityCode. +	   * @param publicAuthorityIdentification The publicAuthorityCode to set +	   */ +	  public void setPublicAuthorityCode(String publicAuthorityIdentification) { +	    this.publicAuthorityCode = publicAuthorityIdentification; +	  } + +	  /** +	   * Sets the qualifiedCertificate. +	   * @param qualifiedCertificate The qualifiedCertificate to set +	   */ +	  public void setQualifiedCertificate(boolean qualifiedCertificate) { +	    this.qualifiedCertificate = qualifiedCertificate; +	  } + +	  /** +	   * Sets the bPK. +	   * @param bPK The bPK to set +	   */ +	  public void setBPK(String bPK) { +	    this.bPK = bPK; +	  } + +	  /** +	   * Returns the dateOfBirth. +	   * @return String +	   */ +	  public Date getDateOfBirth() { +	    return dateOfBirth; +	  } + +	  public String getFormatedDateOfBirth() { +			DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); +			if (getDateOfBirth() != null) +				return pvpDateFormat.format(getDateOfBirth()); +			else +				return "2999-12-31"; +		} +	   +	  /** +	   * Returns the familyName. +	   * @return String +	   */ +	  public String getFamilyName() { +	    return familyName; +	  } + +	  /** +	   * Returns the givenName. +	   * @return String +	   */ +	  public String getGivenName() { +	    return givenName; +	  } + +	  /** +	   * Holds the baseID of a citizen +	   *  +	   * @return baseID +	   */ +	  public String getIdentificationValue() { +	    return identificationValue; +	  } + +		/** +		 * Holds the type of the baseID +		 *  +		 * @return baseID-Type +		 */ +		public String getIdentificationType() { +			return identificationType; +		} + +	  /** +	   * Returns the issueInstant. +	   * @return String +	   */ +	  public String getIssueInstantString() { +	    return DateTimeUtils.buildDateTimeUTC(issueInstant); +	     +	  } + +	  /** +	   * Returns the issueInstant. +	   * @return String +	   */ +	  public Date getIssueInstant() { +	    return issueInstant; +	     +	  } +	   +	  public void setIssueInstant(Date date) { +		  this.issueInstant = date; +	  } +	   +	  /** +	   * Returns the issuer. +	   * @return String +	   */ +	  public String getIssuer() { +	    return issuer; +	  } +	   +	  /** +	   * Returns the BKU URL. +	   * @return String +	   */ +	  public String getBkuURL() { +	    return bkuURL; +	  } + +	  /** +	   * Sets the dateOfBirth. +	   * @param dateOfBirth The dateOfBirth to set +	   */ +	  public void setDateOfBirth(Date dateOfBirth) { +	    this.dateOfBirth = dateOfBirth; +	  } + +	  public void setDateOfBirth(String dateOfBirth) {		   +		  try {		   +			  if (MiscUtil.isNotEmpty(dateOfBirth)) { +				  DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); +				  this.dateOfBirth = identityLinkFormat.parse(dateOfBirth); +			  } +			   +		  } catch (ParseException e) { +			  Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e); +			   +		  }		   +	  } +	   +	  /** +	   * Sets the familyName. +	   * @param familyName The familyName to set +	   */ +	  public void setFamilyName(String familyName) { +	    this.familyName = familyName; +	  } + +	  /** +	   * Sets the givenName. +	   * @param givenName The givenName to set +	   */ +	  public void setGivenName(String givenName) { +	    this.givenName = givenName; +	  } + +	  /** +	   * Sets the identificationValue. +	   * @param identificationValue The identificationValue to set +	   */ +	  public void setIdentificationValue(String identificationValue) { +	    this.identificationValue = identificationValue; +	  } + +		/** +		 * Sets the identificationType. +		 * @param identificationType The identificationType to set +		 */ +		public void setIdentificationType(String identificationType) { +			this.identificationType = identificationType; +		} + +	  /** +	   * Sets the issuer. +	   * @param issuer The issuer to set +	   */ +	  public void setIssuer(String issuer) { +	    this.issuer = issuer; +	  } +	   +	  /** +	   * Sets the bkuURL +	   * @param url The BKU URL to set +	   */ +	  public void setBkuURL(String url) { +	    this.bkuURL = url; +	  } + +	public String getBPKType() { +		return bPKType; +	} + +	public void setBPKType(String bPKType) { +		this.bPKType = bPKType; +	} + +	/** +	 * @return the identityLink +	 */ +	public IIdentityLink getIdentityLink() { +		return identityLink; +	} + +	/** +	 * @param identityLink the identityLink to set +	 */ +	public void setIdentityLink(IIdentityLink identityLink) { +		this.identityLink = identityLink; +	} + +	/** +	 * @return the signerCertificate +	 */ +	public byte[] getSignerCertificate() { +		return signerCertificate; +	} + + +	/** +	 * @param signerCertificate the signerCertificate to set +	 */ +	public void setSignerCertificate(byte[] signerCertificate) { +		this.signerCertificate = signerCertificate; +	} + + +	/** +	 * @return the authBlock +	 */ +	public String getAuthBlock() { +		return authBlock; +	} + + +	/** +	 * @param authBlock the authBlock to set +	 */ +	public void setAuthBlock(String authBlock) { +		this.authBlock = authBlock; +	} + + +	/** +	 * @return the mandate +	 */ +	public IMISMandate getMISMandate() { +		return mandate; +	} + +	public Element getMandate() { +		if (mandate == null) +			return null; +		 +		//parse Element from mandate XML +		try { +			byte[] byteMandate = mandate.getMandate(); +			String stringMandate = new String(byteMandate); +			return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement(); +			 +		} +		catch (Throwable e) { +			Logger.warn("Mandate content could not be generated from MISMandate."); +			return null; +		} +	} +	 + +	/** +	 * @param mandate the mandate to set +	 */ +	public void setMISMandate(IMISMandate mandate) { +		this.mandate = mandate; +	} + + +	/** +	 * @return the useMandate +	 */ +	public boolean isUseMandate() { +		return useMandate; +	} + + +	/** +	 * @param useMandate the useMandate to set +	 */ +	public void setUseMandate(boolean useMandate) { +		this.useMandate = useMandate; +	} + + +	/** +	 * @return +	 */ +	public String getQAALevel() { +		if (this.QAALevel != null &&  +				this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) { +			String mappedQAA = PVPtoSTORKMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel); +			if (MiscUtil.isNotEmpty(mappedQAA)) +				return mappedQAA; +			 +			else { +				Logger.error("eIDAS QAA-level:" + this.QAALevel  +						+ " can not be mapped to STORK QAA-level! Use " +						+ PVPConstants.STORK_QAA_1_1 + " as default value."); +				return PVPConstants.STORK_QAA_1_1; +				 +			} +			 +			 +		} else +			return this.QAALevel; +	} + +	 +	public String getEIDASQAALevel() { +		if (this.QAALevel != null &&  +				this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) { +			String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel); +			if (MiscUtil.isNotEmpty(mappedQAA)) +				return mappedQAA; +			 +			else { +				Logger.error("STORK QAA-level:" + this.QAALevel  +						+ " can not be mapped to eIDAS QAA-level! Use " +						+ PVPConstants.EIDAS_QAA_LOW + " as default value."); +				return PVPConstants.EIDAS_QAA_LOW; +				 +			} +			 +			 +		} else +			return this.QAALevel; +		 +	} +	 + +	/** +	 * @return +	 */ +	public boolean isForeigner() { +		return this.foreigner; +	} + + +	/** +	 * @param foreigner the foreigner to set +	 */ +	public void setForeigner(boolean foreigner) { +		this.foreigner = foreigner; +	} + + +	/** +	 * Store QAA level in eIDAS format to authentication Data +	 *  +	 * @param qAALevel the qAALevel to set +	 * @throws AssertionAttributeExtractorExeption  +	 */ +	public void setQAALevel(String qAALevel) { +			QAALevel = qAALevel; +			 +	} + +	/** +	 * @return the ssoSession +	 */ +	public boolean isSsoSession() { +		return ssoSession; +	} + + +	/** +	 * @param ssoSession the ssoSession to set +	 */ +	public void setSsoSession(boolean ssoSession) { +		this.ssoSession = ssoSession; +	} + +	/** +	 * @return the mandateReferenceValue +	 */ +	public String getMandateReferenceValue() { +		return mandateReferenceValue; +	} + +	/** +	 * @param mandateReferenceValue the mandateReferenceValue to set +	 */ +	public void setMandateReferenceValue(String mandateReferenceValue) { +		this.mandateReferenceValue = mandateReferenceValue; +	} + +	/** +	 * CountryCode of the citizen which is identified and authenticated +	 *  +	 * @return the CountryCode <pre>like. AT, SI, ...</pre> +	 */ +	public String getCcc() { +		return ccc; +	} + +	/** +	 * @param ccc the ccc to set +	 */ +	public void setCcc(String ccc) { +		this.ccc = ccc; +	} + +	/** +	 * @return the sessionIndex +	 */ +	public String getSessionIndex() { +		return sessionIndex; +	} + +	/** +	 * @param sessionIndex the sessionIndex to set +	 */ +	public void setSessionIndex(String sessionIndex) { +		this.sessionIndex = sessionIndex; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID() +	 */ +	@Override +	public String getNameID() { +		return this.nameID; +	} + +	/** +	 * @param nameID the nameID to set +	 */ +	public void setNameID(String nameID) { +		this.nameID = nameID; +	} + +	/** +	 * @return the nameIDFormat +	 */ +	public String getNameIDFormat() { +		return nameIDFormat; +	} + +	/** +	 * @param nameIDFormat the nameIDFormat to set +	 */ +	public void setNameIDFormat(String nameIDFormat) { +		this.nameIDFormat = nameIDFormat; +	} + +//	/** +//	 * @return the interfederatedSSOSession +//	 */ +//	public boolean isInterfederatedSSOSession() { +//		return interfederatedSSOSession; +//	} +// +//	/** +//	 * @param interfederatedSSOSession the interfederatedSSOSession to set +//	 */ +//	public void setInterfederatedSSOSession(boolean interfederatedSSOSession) { +//		this.interfederatedSSOSession = interfederatedSSOSession; +//	} +// +//	/** +//	 * @return the interfederatedIDP +//	 */ +//	public String getInterfederatedIDP() { +//		return interfederatedIDP; +//	} +// +//	/** +//	 * @param interfederatedIDP the interfederatedIDP to set +//	 */ +//	public void setInterfederatedIDP(String interfederatedIDP) { +//		this.interfederatedIDP = interfederatedIDP; +//	} + +	/** +	 * @return the ssoSessionValidTo +	 */ +	public Date getSsoSessionValidTo() { +		return ssoSessionValidTo; +	} + +	/** +	 * @param ssoSessionValidTo the ssoSessionValidTo to set +	 */ +	public void setSsoSessionValidTo(Date ssoSessionValidTo) { +		this.ssoSessionValidTo = ssoSessionValidTo; +	} + +	/** +	 * @return the encbPKList +	 */ +	public List<String> getEncbPKList() { +		return encbPKList; +	} + +	/** +	 * @param encbPKList the encbPKList to set +	 */ +	public void setEncbPKList(List<String> encbPKList) { +		this.encbPKList = encbPKList; +	} + +	/** +	 * @return the roles +	 */ +	public List<AuthenticationRole> getAuthenticationRoles() { +//		if (this.roles == null) { +//			this.roles = new ArrayList<AuthenticationRole>(); +//			this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole")); +//			this.roles.add(new AuthenticationRole("yypvprole", "yypvprole")); +//		} +		 +		return roles; +	} + +	//ISA 1.18 attributes +	/** +	 * @param roles the roles to set +	 */ +	public void addAuthenticationRole(AuthenticationRole role) { +		if (this.roles == null) +			this.roles = new ArrayList<AuthenticationRole>(); + +		this.roles.add(role); +	} +	 +	/** +	 * @return the pvpAttribute_OU +	 */ +	public String getPvpAttribute_OU() { +		return pvpAttribute_OU; +	} + +	/** +	 * @param pvpAttribute_OU the pvpAttribute_OU to set +	 */ +	public void setPvpAttribute_OU(String pvpAttribute_OU) { +		this.pvpAttribute_OU = pvpAttribute_OU; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService() +	 */ +	@Override +	public boolean isBaseIDTransferRestrication() { +		return isBaseIDTransferRestrication; +	} + +	/** +	 * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set +	 */ +	public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) { +		this.isBaseIDTransferRestrication = isBaseIDTransferRestrication; +	} +	 +	/** +	 * Returns a generic data-object with is stored with a specific identifier  +	 *  +	 * @param key The specific identifier of the data object +	 * @param clazz The class type which is stored with this key +	 * @return The data object or null if no data is found with this key +	 */ +	public <T> T getGenericData(String key, final Class<T> clazz) { +		if (MiscUtil.isNotEmpty(key)) { +			Object data = genericDataStorate.get(key);			 +			 +			if (data == null) +				return null; +			 +			try { +				@SuppressWarnings("unchecked") +				T test = (T) data; +				return test; +				 +			} catch (Exception e) { +				Logger.warn("Generic authentication-data object can not be casted to requsted type", e); +				return null; +				 +			} +			 +		}  +		 +		Logger.warn("Can not load generic session-data with key='null'"); +		return null; +				 +	} +	 +	/** +	 * Store a generic data-object to session with a specific identifier +	 *  +	 * @param key Identifier for this data-object +	 * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface +	 * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage +	 */ +	public void setGenericData(String key, Object object) throws SessionDataStorageException { +		if (MiscUtil.isEmpty(key)) { +			Logger.warn("Generic session-data can not be stored with a 'null' key"); +			throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null); +			 +		} +		 +		if (object != null) { +			if (!Serializable.class.isInstance(object)) { +				Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface"); +				throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null); +				 +			}						 +		} +		 +		if (genericDataStorate.containsKey(key)) +			Logger.debug("Overwrite generic data with key:" + key); +		else +			Logger.trace("Add generic data with key:" + key + " to session."); +		 +		genericDataStorate.put(key, object); +	} +	 +} | 
