From 72e6c6c36bcbbedf073758299acca4ad9673ba9e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 3 Nov 2014 09:35:14 +0100 Subject: add PVP SecClass to STORK QAA mapping --- .../id/auth/builder/AuthenticationDataBuilder.java | 37 +++++++- .../id/protocols/stork2/MOAAttributeProvider.java | 10 +- .../egovernment/moa/id/util/PVPtoSTORKMapper.java | 105 +++++++++++++++++++++ .../moa/id/util/PVPtoSTORKRoleMapper.java | 83 ---------------- 4 files changed, 141 insertions(+), 94 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 5c0e497a3..52488c3cb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -96,6 +96,7 @@ import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; +import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; @@ -526,10 +527,40 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { } - if (extractor.containsAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)) - authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + - extractor.getSingleAttributeValue(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)); + try { + String qaaLevel = extractor.getQAALevel(); + if (MiscUtil.isNotEmpty(qaaLevel) && + qaaLevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) { + authData.setQAALevel(qaaLevel); + + } else { + Logger.debug("Found PVP QAA level. QAA mapping process starts ... "); + String mappedQAA = PVPtoSTORKMapper.getInstance().mapQAALevel(qaaLevel); + if (MiscUtil.isNotEmpty(mappedQAA)) + authData.setQAALevel(mappedQAA); + + else + throw new AssertionAttributeExtractorExeption("PVP SecClass not mappable"); + + } + + } catch (AssertionAttributeExtractorExeption e) { + Logger.warn("No QAA level found in element of interfederated assertion. " + + "(ErrorHeader=" + e.getMessage() + ")"); + if (extractor.containsAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)) { + authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + + extractor.getSingleAttributeValue(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)); + + } else { + Logger.info("No QAA level found. Set to default level " + + PVPConstants.STORK_QAA_PREFIX + "1"); + authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + "1"); + + } + + } + if (extractor.containsAttribute(PVPConstants.EID_AUTH_BLOCK_NAME)) { try { byte[] authBlock = Base64Utils.decode(extractor.getSingleAttributeValue(PVPConstants.EID_AUTH_BLOCK_NAME), false); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java index aaded0ce6..993514ec7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -23,11 +23,10 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.data.AuthenticationRole; import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.util.PVPtoSTORKRoleMapper; +import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -44,11 +43,6 @@ import java.util.HashMap; import java.util.List; import java.util.Map; -import org.joda.time.format.DateTimeFormat; -import org.joda.time.format.DateTimeFormatter; - -import javassist.expr.Instanceof; - /** * @author bsuzic * Date: 2/19/14, Time: 4:42 PM @@ -125,7 +119,7 @@ public class MOAAttributeProvider { && authData.getAuthenticationRoles().size() > 0) { storkRoles = new ArrayList(); - PVPtoSTORKRoleMapper mapper = PVPtoSTORKRoleMapper.getInstance(); + PVPtoSTORKMapper mapper = PVPtoSTORKMapper.getInstance(); for (AuthenticationRole el : authData.getAuthenticationRoles()) { String storkRole = mapper.map(el); if (MiscUtil.isNotEmpty(storkRole)) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java new file mode 100644 index 000000000..0ea03e29d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java @@ -0,0 +1,105 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.util; + +import java.io.IOException; +import java.util.Properties; + +import at.gv.egovernment.moa.id.data.AuthenticationRole; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class PVPtoSTORKMapper { + + private static final String PVP_SECCLASS_PREFIX = "http://www.ref.gv.at/ns/names/agiz/pvp/"; + + private static final String MAPPING_RESOURCE = + "resources/properties/pvp-stork_mapping.properties"; + + private Properties mapping = null; + + private static PVPtoSTORKMapper instance = null; + + public static PVPtoSTORKMapper getInstance() { + if (instance == null) { + instance = new PVPtoSTORKMapper(); + } + + return instance; + } + + private PVPtoSTORKMapper() { + try { + mapping = new Properties(); + mapping.load(this.getClass().getClassLoader().getResourceAsStream(MAPPING_RESOURCE)); + Logger.debug("PVP -> STORK Role mapping initialisation finished."); + + } catch (IOException e) { + Logger.error("PVP -> STORK Role mapping initialisation FAILED." , e); + mapping = null; + + } + + + } + + /**Map a PVP SecClass to STORK QAA level + * + * @param PVP SecClass pvpQAALevel + * @return STORK-QAA level + */ + public String mapQAALevel(String pvpQAALevel) { + if (mapping != null) { + String input = pvpQAALevel.substring(PVP_SECCLASS_PREFIX.length()); + String mappedQAA = mapping.getProperty(input); + if (MiscUtil.isNotEmpty(mappedQAA)) { + Logger.info("Map PVP SecClass " + pvpQAALevel + " to STORK-QAA " + mappedQAA); + return mappedQAA; + + } + } + Logger.warn("No mapping for PVP SecClass " + pvpQAALevel +" !"); + return null; + } + + /**Map a PVP Role attribute to STORK ECAuthenticationRole attribute values + * + * @param PVP Role attribute + * @return STORK ECAuthenticationRole attribute value + */ + public String map(AuthenticationRole el) { + if (mapping != null) { + String ecRole = mapping.getProperty(el.getRawRoleString()); + if (MiscUtil.isNotEmpty(ecRole)) { + Logger.info("Map PVPRole " + el.getRawRoleString() + " to ECRole " + ecRole); + return ecRole; + } + } + Logger.warn("NO mapping for PVPRole "+ el.getRawRoleString() + " !"); + return null; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java deleted file mode 100644 index 20f541a1a..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKRoleMapper.java +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.util; - -import java.io.IOException; -import java.util.Properties; - -import at.gv.egovernment.moa.id.data.AuthenticationRole; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -/** - * @author tlenz - * - */ -public class PVPtoSTORKRoleMapper { - - private static final String MAPPING_RESOURCE = - "resources/properties/pvp-stork_role_mapping.properties"; - - private Properties mapping = null; - - private static PVPtoSTORKRoleMapper instance = null; - - public static PVPtoSTORKRoleMapper getInstance() { - if (instance == null) { - instance = new PVPtoSTORKRoleMapper(); - } - - return instance; - } - - private PVPtoSTORKRoleMapper() { - try { - mapping = new Properties(); - mapping.load(this.getClass().getClassLoader().getResourceAsStream(MAPPING_RESOURCE)); - Logger.debug("PVP -> STORK Role mapping initialisation finished."); - - } catch (IOException e) { - Logger.error("PVP -> STORK Role mapping initialisation FAILED." , e); - mapping = null; - - } - - - } - - /** - * @param el - * @return - */ - public String map(AuthenticationRole el) { - if (mapping != null) { - String ecRole = mapping.getProperty(el.getRawRoleString()); - if (MiscUtil.isNotEmpty(ecRole)) { - Logger.info("Map PVPRole " + el.getRawRoleString() + " to ECRole " + ecRole); - return ecRole; - } - } - Logger.warn("NO mapping for PVPRole "+ el.getRawRoleString() + " !"); - return null; - } -} -- cgit v1.2.3