From c7cd9327bbc4d7e180bab9b6bff2a17028c166dc Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 19 Feb 2019 11:28:24 +0100 Subject: add some more attribute functionality for 'Austrian eID' demo-mode --- .../id/auth/builder/AuthenticationDataBuilder.java | 58 +++++++- .../gv/egovernment/moa/id/data/IMOAAuthData.java | 18 ++- .../moa/id/data/MOAAuthenticationData.java | 44 +++++- .../attributes/BPKListAttributeBuilder.java | 14 +- .../attributes/EncryptedBPKAttributeBuilder.java | 31 +++-- .../MandateNaturalPersonBPKAttributeBuilder.java | 154 +++++++++++++++------ ...andateNaturalPersonBPKListAttributeBuilder.java | 83 +++++++++++ ...ateNaturalPersonEncBPKListAttributeBuilder.java | 62 +++++++++ ...dateNaturalPersonSourcePinAttributeBuilder.java | 1 + ...NaturalPersonSourcePinTypeAttributeBuilder.java | 1 + .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder | 2 + .../auth/data/AuthenticationDataBuilderTest.java | 5 +- 12 files changed, 396 insertions(+), 77 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java (limited to 'id/server/idserverlib/src') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index c58f19333..acf59cebf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -36,6 +36,7 @@ import java.util.Map.Entry; import javax.annotation.PostConstruct; +import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.w3c.dom.DOMException; @@ -81,6 +82,9 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.data.MOAAuthenticationData; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; @@ -532,7 +536,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } //build foreign bPKs - generateForeignbPK(authData, oaParam.foreignbPKSectorsRequested()); + generateForeignbPK(oaParam, authData); if (Boolean.parseBoolean( @@ -806,9 +810,41 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } - private void generateForeignbPK(MOAAuthenticationData authData, List foreignSectors) { + private void generateForeignbPK(IOAAuthParameters oaParam, MOAAuthenticationData authData) { + List foreignSectors = oaParam.foreignbPKSectorsRequested(); + if (foreignSectors != null && !foreignSectors.isEmpty()) { - Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); + Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); + + + String mandatorBaseId = null; + String mandatorBaseIdType = null; + boolean isMandatorBaseIdAvailable = false; + if (authData.isUseMandate()) { + try { + Logger.trace("Mandates are used. Extracting mandators sourceID from mandate to calculate foreign encrypted bPKs... "); + + //TODO: remove this workaround in a further version!!! + boolean flagBak = authData.isBaseIDTransferRestrication(); + authData.setBaseIDTransferRestrication(false); + mandatorBaseId = new MandateNaturalPersonSourcePinAttributeBuilder().build( + oaParam, authData, new SimpleStringAttributeGenerator()); + mandatorBaseIdType = new MandateNaturalPersonSourcePinTypeAttributeBuilder().build( + oaParam, authData, new SimpleStringAttributeGenerator()); + authData.setBaseIDTransferRestrication(flagBak); + + isMandatorBaseIdAvailable = StringUtils.isNotEmpty(mandatorBaseId) && StringUtils.isNotEmpty(mandatorBaseIdType); + if (!isMandatorBaseIdAvailable) + Logger.debug("Can NOT extract mandators sourceId for natural persons from mandate."); + + } catch (Exception e) { + Logger.debug("Can NOT extract mandators sourceId for natural persons from mandate. Reason: " + e.getMessage()); + if (Logger.isTraceEnabled()) + Logger.warn("Detail: ", e); + + } + } + for (String foreignSector : foreignSectors) { Logger.trace("Process sector: " + foreignSector + " ... "); if (encKeyMap.containsKey(foreignSector)) { @@ -838,9 +874,23 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder authData.getIdentificationType(), sector); String foreignbPK = BPKBuilder.encryptBPK(bpk.getFirst(), bpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey()); - authData.getEncbPKList().add("(" + foreignSector + "|" + foreignbPK + ")"); + + authData.getEncbPKList().add(Pair.newInstance(foreignbPK, foreignSector)); Logger.debug("Foreign bPK for sector: " + foreignSector + " created."); + + //calculate foreign bPKs for natural-person mandates + if (isMandatorBaseIdAvailable) { + Pair mandatorbpk = new BPKBuilder().generateAreaSpecificPersonIdentifier( + mandatorBaseId, + mandatorBaseIdType, + sector); + String foreignMandatorbPK = BPKBuilder.encryptBPK(mandatorbpk.getFirst(), mandatorbpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey()); + + authData.getEncMandateNaturalPersonbPKList().add(Pair.newInstance(foreignMandatorbPK, foreignSector)); + Logger.debug("Foreign mandator bPK for sector: " + foreignSector + " created."); + + } } } catch (Exception e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java index 415f4db18..af4cf6fa7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java @@ -5,6 +5,7 @@ import java.util.List; import org.w3c.dom.Element; import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; public interface IMOAAuthData extends IAuthData{ @@ -17,7 +18,22 @@ public interface IMOAAuthData extends IAuthData{ */ String getQAALevel(); - List getEncbPKList(); + /** + * Get a List of Pair, where the bPKTarget is formated according + * to Section 3.2.7 ENC-BPK-LIST in PVP Attribute-Profile 2.1.3 + * + * @return + */ + List> getEncbPKList(); + + /** + * Get a List of Pair for natural-person mandates, where + * the bPKTarget is formated according to Section 3.2.7 ENC-BPK-LIST in PVP Attribute-Profile 2.1.3 + * + * @return + */ + List> getEncMandateNaturalPersonbPKList(); + byte[] getSignerCertificate(); String getAuthBlock(); boolean isPublicAuthority(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java index c1545f354..897a06e62 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java @@ -29,6 +29,7 @@ import java.util.List; import org.w3c.dom.Element; import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; @@ -54,8 +55,10 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut private byte[] signerCertificate = null; private String authBlock = null; private String QAALevel = null; - private List encbPKList; - + + private List> encbPKList; + private List> encMandateNaturalPersonbPKList; + //ISA 1.18 attributes private List roles = null; private String pvpAttribute_OU = null; @@ -106,9 +109,9 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut } @Override - public List getEncbPKList() { + public List> getEncbPKList() { if (this.encbPKList == null) - this.encbPKList = new ArrayList(); + this.encbPKList = new ArrayList>(); return this.encbPKList; } @@ -293,10 +296,27 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut } /** + * Set a List of encrypted bPKs where each List element is formated according + * to Section 3.2.7 ENC-BPK-LIST in PVP Attribte-Profile 2.1.3 + * * @param encbPKList the encbPKList to set */ public void setEncbPKList(List encbPKList) { - this.encbPKList = encbPKList; + if (encbPKList != null) { + for (String el : encbPKList) { + Logger.trace("Processing foreign bPK string: " + el ); + int index = el.indexOf("|"); + if (index >= 0) { + String encbPK = el.substring(index+1); + String second = el.substring(0, index); + getEncbPKList().add(Pair.newInstance(encbPK, second)); + + } else + Logger.info("Foreign bPK: " + el + " is misformatted. Ignore it"); + + } + + } } @@ -336,5 +356,19 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut public void setIseIDNewDemoMode(boolean iseIDNewDemoMode) { this.iseIDNewDemoMode = iseIDNewDemoMode; } + + public List> getEncMandateNaturalPersonbPKList() { + if (this.encMandateNaturalPersonbPKList == null) + this.encMandateNaturalPersonbPKList = new ArrayList>(); + + return this.encMandateNaturalPersonbPKList; + + } + + public void setEncMandateNaturalPersonbPKList(List> encMandateNaturalPersonbPKList) { + this.encMandateNaturalPersonbPKList = encMandateNaturalPersonbPKList; + } + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java index ec8c7629f..c5a8d88b7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java @@ -18,7 +18,9 @@ public class BPKListAttributeBuilder extends BPKAttributeBuilder implements IPVP private static final Logger log = LoggerFactory.getLogger(BPKListAttributeBuilder.class); - protected static final String DELIMITER_BPK_LIST = ";"; + public static final String DELIMITER_BPK_LIST = ";"; + public static final String LIST_ELEMENT_START = "("; + public static final String LIST_ELEMENT_END = ")"; public String getName() { return BPK_LIST_NAME; @@ -26,16 +28,18 @@ public class BPKListAttributeBuilder extends BPKAttributeBuilder implements IPVP public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) throws AttributeBuilderException { - String result = getBpkForSP(authData); + String result = LIST_ELEMENT_START + getBpkForSP(authData) + LIST_ELEMENT_END; //add additional bPKs if someone are available if (authData.getAdditionalbPKs() != null && !authData.getAdditionalbPKs().isEmpty()) { log.info("Adding additional bPKs into bPK attribute"); for (Pair el : authData.getAdditionalbPKs()) { result += DELIMITER_BPK_LIST - + removeBpkTypePrefix(el.getSecond()) - + DELIMITER_BPKTYPE_BPK - + attrMaxSize(el.getFirst()); + + LIST_ELEMENT_START + + removeBpkTypePrefix(el.getSecond()) + + DELIMITER_BPKTYPE_BPK + + attrMaxSize(el.getFirst()) + + LIST_ELEMENT_END; } log.trace("Authenticate user with bPK-List: " + result); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java index 44043ec40..bf7187e51 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java @@ -28,6 +28,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.logging.Logger; @@ -35,6 +36,8 @@ import at.gv.egovernment.moa.logging.Logger; @PVPMETADATA public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder { + public static final String DELIMITER_ENCBPK_TARGET = "|"; + public String getName() { return ENC_BPK_LIST_NAME; } @@ -45,12 +48,22 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder { if (authData instanceof IMOAAuthData) { if (((IMOAAuthData)authData).getEncbPKList() != null && ((IMOAAuthData)authData).getEncbPKList().size() > 0) { - String value = ((IMOAAuthData)authData).getEncbPKList().get(0); - for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++) - value += ";"+((IMOAAuthData)authData).getEncbPKList().get(i); + Pair value = ((IMOAAuthData)authData).getEncbPKList().get(0); + String result = BPKListAttributeBuilder.LIST_ELEMENT_START + + value.getSecond() + DELIMITER_ENCBPK_TARGET + value.getFirst() + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++) { + Pair el = ((IMOAAuthData)authData).getEncbPKList().get(i); + result += BPKListAttributeBuilder.DELIMITER_BPK_LIST + + BPKListAttributeBuilder.LIST_ELEMENT_START + + el.getSecond() + DELIMITER_ENCBPK_TARGET + el.getFirst() + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + } return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, - value); + result); } @@ -59,16 +72,6 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder { throw new UnavailableAttributeException(ENC_BPK_LIST_NAME); -// String encbpk = "XXX01234567890XXX"; -// String type = "Bereich"; -// String vkz = "Verfahrenskennzeichen"; -// -// //TODO: implement encrypted bPK support -// -// Logger.trace("Authenticate user with encrypted bPK " + vkz + "+" + type + "|" + encbpk); -// -// return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, -// vkz + "+" + type + "|" + encbpk); } public ATT buildEmpty(IAttributeGenerator g) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java index f67f79dcf..4d41cc19b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java @@ -22,11 +22,13 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; +import org.apache.commons.lang3.StringUtils; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; @@ -36,9 +38,9 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; @@ -57,42 +59,10 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) throws AttributeBuilderException { try { - Pair calcResult = internalBPKGenerator((IOAAuthParameters)oaParam, authData); - if (calcResult != null) { - String bpk = calcResult.getFirst(); - String type = calcResult.getSecond(); - - if (MiscUtil.isEmpty(bpk)) - throw new UnavailableAttributeException(BPK_NAME); - - if (type != null) { - if (type.startsWith(Constants.URN_PREFIX_WBPK)) - type = type.substring((Constants.URN_PREFIX_WBPK + "+").length()); - - else if (type.startsWith(Constants.URN_PREFIX_CDID)) - type = type.substring((Constants.URN_PREFIX_CDID + "+").length()); - - else if (type.startsWith(Constants.URN_PREFIX_EIDAS)) - type = type.substring((Constants.URN_PREFIX_EIDAS + "+").length()); - - } else { - Logger.debug("bPK type is 'null' --> use it as it is"); - - } - - if (bpk.length() > BPK_MAX_LENGTH) { - bpk = bpk.substring(0, BPK_MAX_LENGTH); - } - - Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type); - - if (type != null) - return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, type + ":" + bpk); - else - return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, bpk); - - } - + String bPKResult = getBpkAttributeStringForSP(oaParam, authData); + if (StringUtils.isNoneEmpty(bPKResult)) + return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, bPKResult); + } catch (BuildException | ConfigurationException | EAAFBuilderException e) { Logger.error("Failed to generate IdentificationType"); @@ -103,12 +73,109 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui return null; } - + public ATT buildEmpty(IAttributeGenerator g) { return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME); } - protected Pair internalBPKGenerator(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException { + protected Pair getBpkForSp(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException { + Pair baseId = getBaseIdFromMandate(oaParam, authData); + Pair bPKResult = null; + + if (baseId != null) { + if (baseId.getSecond() != null && baseId.getSecond().equals(Constants.URN_PREFIX_BASEID)) + bPKResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(baseId.getFirst(), + oaParam.getAreaSpecificTargetIdentifier()); + else { + Logger.debug("No BaseId target in mandate. Use it as it is ... "); + bPKResult = Pair.newInstance(baseId.getFirst(), null); + + } + } + + return bPKResult; + + } + + + /** + * Generate the bPK String for this specific SP + * + * @param oaParam + * @param authData + * @return + * @throws UnavailableAttributeException + * @throws EAAFBuilderException + * @throws ConfigurationException + * @throws BuildException + * @throws NoMandateDataAttributeException + */ + protected String getBpkAttributeStringForSP(ISPConfiguration oaParam, IAuthData authData) throws UnavailableAttributeException, EAAFBuilderException, NoMandateDataAttributeException, BuildException, ConfigurationException { + Pair bPKResult = getBpkForSp(oaParam, authData); + if (bPKResult != null) { + String bpk = bPKResult.getFirst(); + String type = bPKResult.getSecond(); + + if (MiscUtil.isEmpty(bpk)) + throw new UnavailableAttributeException(BPK_NAME); + + if (type != null) + type = removeBpkTypePrefix(type); + else + Logger.debug("bPK type is 'null' --> use it as it is"); + + bpk = attrMaxSize(bpk); + + Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type); + + if (type != null) + return type + BPKAttributeBuilder.DELIMITER_BPKTYPE_BPK + bpk; + else + return bpk; + + } + + return null; + + } + + + /** + * Limit the attribute value to maximum size + * + * @param attr + * @return + */ + protected String attrMaxSize(String attr) { + if (attr != null && attr.length() > BPK_MAX_LENGTH) { + attr = attr.substring(0, BPK_MAX_LENGTH); + } + return attr; + + } + + /** + * Remove bPKType prefix if available + * + * @param type + * @return + */ + protected String removeBpkTypePrefix(String type) { + if (type.startsWith(EAAFConstants.URN_PREFIX_WBPK)) + return type.substring((EAAFConstants.URN_PREFIX_WBPK).length()); + + else if (type.startsWith(EAAFConstants.URN_PREFIX_CDID)) + return type.substring((EAAFConstants.URN_PREFIX_CDID).length()); + + else if (type.startsWith(EAAFConstants.URN_PREFIX_EIDAS)) + return type.substring((EAAFConstants.URN_PREFIX_EIDAS).length()); + + else + return type; + + } + + protected Pair getBaseIdFromMandate(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException { //get PVP attribute directly, if exists Pair calcResult = null; if (authData instanceof IMOAAuthData) { @@ -136,13 +203,8 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui Logger.info("Failed to generate IdentificationType"); throw new NoMandateDataAttributeException(); } - - - if (id.getType().equals(Constants.URN_PREFIX_BASEID)) - calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(), - oaParam.getAreaSpecificTargetIdentifier()); - else - calcResult = Pair.newInstance(id.getValue().getValue(), id.getType()); + + calcResult = Pair.newInstance(id.getValue().getValue(), id.getType()); } else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java new file mode 100644 index 000000000..fd00e2f61 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKListAttributeBuilder.java @@ -0,0 +1,83 @@ + +package at.gv.egovernment.moa.id.protocols.builder.attributes; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; + +@PVPMETADATA +public class MandateNaturalPersonBPKListAttributeBuilder extends MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_BPK_LIST_NAME; + } + + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + + try { + String result = getBpkAttributeStringForSP(oaParam, authData); + + if (result != null) { + result = BPKListAttributeBuilder.LIST_ELEMENT_START + result + BPKListAttributeBuilder.LIST_ELEMENT_END; + + //add additional bPKs if someone are available + if (authData.getAdditionalbPKs() != null && !authData.getAdditionalbPKs().isEmpty()) { + Logger.info("Additional bPKs available. Calculate additional bPKs for mandate ... "); + Pair baseId = getBaseIdFromMandate(oaParam, authData); + if (baseId != null && StringUtils.isNotEmpty(baseId.getSecond()) + && baseId.getSecond().equals(Constants.URN_PREFIX_BASEID)) { + for (Pair el : authData.getAdditionalbPKs()) { + + Pair addBpk = + new BPKBuilder().generateAreaSpecificPersonIdentifier( + baseId.getFirst(), + el.getSecond()); + + Logger.trace("Calculate bPK with " + addBpk.toString()); + + result += BPKListAttributeBuilder.DELIMITER_BPK_LIST + + BPKListAttributeBuilder.LIST_ELEMENT_START + + removeBpkTypePrefix(addBpk.getSecond()) + + BPKAttributeBuilder.DELIMITER_BPKTYPE_BPK + + attrMaxSize(addBpk.getFirst()) + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + } + } + } + + Logger.trace("Authenticate user with List of bPK/wbPK: " + result + " for mandate"); + return g.buildStringAttribute(MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_LIST_NAME, result); + + } + + return null; + + } catch (BuildException | ConfigurationException | EAAFBuilderException e) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAttributeException(); + + } + + } + + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_LIST_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java new file mode 100644 index 000000000..220ccd94e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonEncBPKListAttributeBuilder.java @@ -0,0 +1,62 @@ + +package at.gv.egovernment.moa.id.protocols.builder.attributes; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.data.IMOAAuthData; +import at.gv.egovernment.moa.logging.Logger; + +@PVPMETADATA +public class MandateNaturalPersonEncBPKListAttributeBuilder implements IPVPAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_ENC_BPK_LIST_NAME; + } + + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData) authData).isUseMandate()) { + if (((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList() != null && + ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().size() > 0) { + Pair value = ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().get(0); + String result = BPKListAttributeBuilder.LIST_ELEMENT_START + + value.getSecond() + EncryptedBPKAttributeBuilder.DELIMITER_ENCBPK_TARGET + value.getFirst() + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + for (int i=1; i<((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().size(); i++) { + Pair el = ((IMOAAuthData)authData).getEncMandateNaturalPersonbPKList().get(i); + result += BPKListAttributeBuilder.DELIMITER_BPK_LIST + + BPKListAttributeBuilder.LIST_ELEMENT_START + + el.getSecond() + EncryptedBPKAttributeBuilder.DELIMITER_ENCBPK_TARGET + el.getFirst() + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + } + + return g.buildStringAttribute(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_ENC_BPK_LIST_NAME, + result); + + } + + } else + Logger.trace(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME + " is only availabe if mandates are used"); + + } else + Logger.info(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME + " is only available in MOA-ID context"); + + throw new UnavailableAttributeException(MANDATE_NAT_PER_ENC_BPK_LIST_NAME); + + } + + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, MANDATE_NAT_PER_ENC_BPK_LIST_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java index 32b45a595..88648b56e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java @@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.No import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; +@Deprecated @PVPMETADATA public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttributeBuilder { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java index 90a0d61c9..223994e6e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java @@ -38,6 +38,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.No import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; +@Deprecated @PVPMETADATA public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAttributeBuilder { diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index b4e62a344..a10b9b3e0 100644 --- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder +++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -21,3 +21,5 @@ at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilde at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeOIDAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.HolderOfKey at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder +at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder +at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java index 1ea057186..c3420d833 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java @@ -10,6 +10,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; @@ -72,14 +73,14 @@ public class AuthenticationDataBuilderTest { throw new Exception("bPKType wrong"); - List foreignbPKs = authData.getEncbPKList(); + List> foreignbPKs = authData.getEncbPKList(); if (foreignbPKs.isEmpty()) throw new Exception("NO foreign bPK list is null"); if (foreignbPKs.size() != 1) throw new Exception("NO or MORE THAN ONE foreign bPK"); - if (!foreignbPKs.get(0).startsWith("(wbpk+FN+195738a|") && !(foreignbPKs.get(0).endsWith(")"))) + if (!foreignbPKs.get(0).getSecond().equals("wbpk+FN+195738a") && !(foreignbPKs.get(0).getFirst().isEmpty())) throw new Exception("foreign bPK has wrong prefix"); } -- cgit v1.2.3