From e441bcf4eb1a53e1bb17df34997f17206796af72 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 7 Jun 2018 12:17:40 +0200 Subject: add one file --- .../moa/id/data/AuthenticationData.java | 820 +++++++++++++++++++++ 1 file changed, 820 insertions(+) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java (limited to 'id/server/idserverlib/src') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java new file mode 100644 index 000000000..4b29fef3b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -0,0 +1,820 @@ +/** + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.data; + +import java.io.Serializable; +import java.text.DateFormat; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.Date; +import java.util.List; +import java.util.Map; + +import org.apache.commons.collections4.map.HashedMap; +import org.w3c.dom.Element; + +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; +import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; +import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class AuthenticationData implements IAuthData, Serializable { + + private static final long serialVersionUID = -1042697056735596866L; + public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; + + /** + * URL of the MOA-ID Auth component issueing this assertion + */ + private String issuer; + /** + * time instant of issue of this assertion + */ + private Date issueInstant; + /** + * user identification value (Stammzahl); null, + * if the authentication module is configured not to return this data + */ + private String identificationValue; + /** + * user identification type + */ + private String identificationType; + + /** + * user identityLink specialized to OAParamter + */ + private IIdentityLink identityLink; + + /** + * application specific user identifier (bPK/wbPK) + */ + private String bPK; + + /** + * application specific user identifier type + */ + private String bPKType; + + /** + * given name of the user + */ + private String givenName; + /** + * family name of the user + */ + private String familyName; + /** + * date of birth of the user + */ + private Date dateOfBirth; + /** + * says whether the certificate is a qualified certificate or not + */ + private boolean qualifiedCertificate; + /** + * says whether the certificate is a public authority or not + */ + private boolean publicAuthority; + /** + * public authority code (Behördenkennzeichen - BKZ) + */ + private String publicAuthorityCode; + + /** + * URL of the BKU + */ + private String bkuURL; + /** + * the corresponding lt;saml:Assertion> + */ + + private boolean isBaseIDTransferRestrication = true; + + + /** + * STORK attributes from response + */ + private String ccc = null; + + private Map genericDataStorate = new HashedMap(); + + private byte[] signerCertificate = null; + + private String authBlock = null; + private List encbPKList = null; + + //ISA 1.18 attributes + private List roles = null; + private String pvpAttribute_OU = null; + + private boolean useMandate = false; + private IMISMandate mandate = null; + private String mandateReferenceValue = null; + + private boolean foreigner =false; + private String QAALevel = null; + + private boolean ssoSession = false; + private Date ssoSessionValidTo = null; + +// private boolean interfederatedSSOSession = false; +// private String interfederatedIDP = null; + + private String sessionIndex = null; + private String nameID = null; + private String nameIDFormat = null; + + public AuthenticationData() { + issueInstant = new Date(); + } + + /** + * Returns the publicAuthority. + * @return boolean + */ + public boolean isPublicAuthority() { + return publicAuthority; + } + + /** + * Returns the publicAuthorityCode. + * @return String + */ + public String getPublicAuthorityCode() { + return publicAuthorityCode; + } + + /** + * Returns the qualifiedCertificate. + * @return boolean + */ + public boolean isQualifiedCertificate() { + return qualifiedCertificate; + } + + /** + * Returns the bPK. + * @return String + */ + public String getBPK() { + return bPK; + } + + /** + * Sets the publicAuthority. + * @param publicAuthority The publicAuthority to set + */ + public void setPublicAuthority(boolean publicAuthority) { + this.publicAuthority = publicAuthority; + } + + /** + * Sets the publicAuthorityCode. + * @param publicAuthorityIdentification The publicAuthorityCode to set + */ + public void setPublicAuthorityCode(String publicAuthorityIdentification) { + this.publicAuthorityCode = publicAuthorityIdentification; + } + + /** + * Sets the qualifiedCertificate. + * @param qualifiedCertificate The qualifiedCertificate to set + */ + public void setQualifiedCertificate(boolean qualifiedCertificate) { + this.qualifiedCertificate = qualifiedCertificate; + } + + /** + * Sets the bPK. + * @param bPK The bPK to set + */ + public void setBPK(String bPK) { + this.bPK = bPK; + } + + /** + * Returns the dateOfBirth. + * @return String + */ + public Date getDateOfBirth() { + return dateOfBirth; + } + + public String getFormatedDateOfBirth() { + DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); + if (getDateOfBirth() != null) + return pvpDateFormat.format(getDateOfBirth()); + else + return "2999-12-31"; + } + + /** + * Returns the familyName. + * @return String + */ + public String getFamilyName() { + return familyName; + } + + /** + * Returns the givenName. + * @return String + */ + public String getGivenName() { + return givenName; + } + + /** + * Holds the baseID of a citizen + * + * @return baseID + */ + public String getIdentificationValue() { + return identificationValue; + } + + /** + * Holds the type of the baseID + * + * @return baseID-Type + */ + public String getIdentificationType() { + return identificationType; + } + + /** + * Returns the issueInstant. + * @return String + */ + public String getIssueInstantString() { + return DateTimeUtils.buildDateTimeUTC(issueInstant); + + } + + /** + * Returns the issueInstant. + * @return String + */ + public Date getIssueInstant() { + return issueInstant; + + } + + public void setIssueInstant(Date date) { + this.issueInstant = date; + } + + /** + * Returns the issuer. + * @return String + */ + public String getIssuer() { + return issuer; + } + + /** + * Returns the BKU URL. + * @return String + */ + public String getBkuURL() { + return bkuURL; + } + + /** + * Sets the dateOfBirth. + * @param dateOfBirth The dateOfBirth to set + */ + public void setDateOfBirth(Date dateOfBirth) { + this.dateOfBirth = dateOfBirth; + } + + public void setDateOfBirth(String dateOfBirth) { + try { + if (MiscUtil.isNotEmpty(dateOfBirth)) { + DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); + this.dateOfBirth = identityLinkFormat.parse(dateOfBirth); + } + + } catch (ParseException e) { + Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e); + + } + } + + /** + * Sets the familyName. + * @param familyName The familyName to set + */ + public void setFamilyName(String familyName) { + this.familyName = familyName; + } + + /** + * Sets the givenName. + * @param givenName The givenName to set + */ + public void setGivenName(String givenName) { + this.givenName = givenName; + } + + /** + * Sets the identificationValue. + * @param identificationValue The identificationValue to set + */ + public void setIdentificationValue(String identificationValue) { + this.identificationValue = identificationValue; + } + + /** + * Sets the identificationType. + * @param identificationType The identificationType to set + */ + public void setIdentificationType(String identificationType) { + this.identificationType = identificationType; + } + + /** + * Sets the issuer. + * @param issuer The issuer to set + */ + public void setIssuer(String issuer) { + this.issuer = issuer; + } + + /** + * Sets the bkuURL + * @param url The BKU URL to set + */ + public void setBkuURL(String url) { + this.bkuURL = url; + } + + public String getBPKType() { + return bPKType; + } + + public void setBPKType(String bPKType) { + this.bPKType = bPKType; + } + + /** + * @return the identityLink + */ + public IIdentityLink getIdentityLink() { + return identityLink; + } + + /** + * @param identityLink the identityLink to set + */ + public void setIdentityLink(IIdentityLink identityLink) { + this.identityLink = identityLink; + } + + /** + * @return the signerCertificate + */ + public byte[] getSignerCertificate() { + return signerCertificate; + } + + + /** + * @param signerCertificate the signerCertificate to set + */ + public void setSignerCertificate(byte[] signerCertificate) { + this.signerCertificate = signerCertificate; + } + + + /** + * @return the authBlock + */ + public String getAuthBlock() { + return authBlock; + } + + + /** + * @param authBlock the authBlock to set + */ + public void setAuthBlock(String authBlock) { + this.authBlock = authBlock; + } + + + /** + * @return the mandate + */ + public IMISMandate getMISMandate() { + return mandate; + } + + public Element getMandate() { + if (mandate == null) + return null; + + //parse Element from mandate XML + try { + byte[] byteMandate = mandate.getMandate(); + String stringMandate = new String(byteMandate); + return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement(); + + } + catch (Throwable e) { + Logger.warn("Mandate content could not be generated from MISMandate."); + return null; + } + } + + + /** + * @param mandate the mandate to set + */ + public void setMISMandate(IMISMandate mandate) { + this.mandate = mandate; + } + + + /** + * @return the useMandate + */ + public boolean isUseMandate() { + return useMandate; + } + + + /** + * @param useMandate the useMandate to set + */ + public void setUseMandate(boolean useMandate) { + this.useMandate = useMandate; + } + + + /** + * @return + */ + public String getQAALevel() { + if (this.QAALevel != null && + this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) { + String mappedQAA = PVPtoSTORKMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel); + if (MiscUtil.isNotEmpty(mappedQAA)) + return mappedQAA; + + else { + Logger.error("eIDAS QAA-level:" + this.QAALevel + + " can not be mapped to STORK QAA-level! Use " + + PVPConstants.STORK_QAA_1_1 + " as default value."); + return PVPConstants.STORK_QAA_1_1; + + } + + + } else + return this.QAALevel; + } + + + public String getEIDASQAALevel() { + if (this.QAALevel != null && + this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) { + String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel); + if (MiscUtil.isNotEmpty(mappedQAA)) + return mappedQAA; + + else { + Logger.error("STORK QAA-level:" + this.QAALevel + + " can not be mapped to eIDAS QAA-level! Use " + + PVPConstants.EIDAS_QAA_LOW + " as default value."); + return PVPConstants.EIDAS_QAA_LOW; + + } + + + } else + return this.QAALevel; + + } + + + /** + * @return + */ + public boolean isForeigner() { + return this.foreigner; + } + + + /** + * @param foreigner the foreigner to set + */ + public void setForeigner(boolean foreigner) { + this.foreigner = foreigner; + } + + + /** + * Store QAA level in eIDAS format to authentication Data + * + * @param qAALevel the qAALevel to set + * @throws AssertionAttributeExtractorExeption + */ + public void setQAALevel(String qAALevel) { + QAALevel = qAALevel; + + } + + /** + * @return the ssoSession + */ + public boolean isSsoSession() { + return ssoSession; + } + + + /** + * @param ssoSession the ssoSession to set + */ + public void setSsoSession(boolean ssoSession) { + this.ssoSession = ssoSession; + } + + /** + * @return the mandateReferenceValue + */ + public String getMandateReferenceValue() { + return mandateReferenceValue; + } + + /** + * @param mandateReferenceValue the mandateReferenceValue to set + */ + public void setMandateReferenceValue(String mandateReferenceValue) { + this.mandateReferenceValue = mandateReferenceValue; + } + + /** + * CountryCode of the citizen which is identified and authenticated + * + * @return the CountryCode
like. AT, SI, ...
+ */ + public String getCcc() { + return ccc; + } + + /** + * @param ccc the ccc to set + */ + public void setCcc(String ccc) { + this.ccc = ccc; + } + + /** + * @return the sessionIndex + */ + public String getSessionIndex() { + return sessionIndex; + } + + /** + * @param sessionIndex the sessionIndex to set + */ + public void setSessionIndex(String sessionIndex) { + this.sessionIndex = sessionIndex; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID() + */ + @Override + public String getNameID() { + return this.nameID; + } + + /** + * @param nameID the nameID to set + */ + public void setNameID(String nameID) { + this.nameID = nameID; + } + + /** + * @return the nameIDFormat + */ + public String getNameIDFormat() { + return nameIDFormat; + } + + /** + * @param nameIDFormat the nameIDFormat to set + */ + public void setNameIDFormat(String nameIDFormat) { + this.nameIDFormat = nameIDFormat; + } + +// /** +// * @return the interfederatedSSOSession +// */ +// public boolean isInterfederatedSSOSession() { +// return interfederatedSSOSession; +// } +// +// /** +// * @param interfederatedSSOSession the interfederatedSSOSession to set +// */ +// public void setInterfederatedSSOSession(boolean interfederatedSSOSession) { +// this.interfederatedSSOSession = interfederatedSSOSession; +// } +// +// /** +// * @return the interfederatedIDP +// */ +// public String getInterfederatedIDP() { +// return interfederatedIDP; +// } +// +// /** +// * @param interfederatedIDP the interfederatedIDP to set +// */ +// public void setInterfederatedIDP(String interfederatedIDP) { +// this.interfederatedIDP = interfederatedIDP; +// } + + /** + * @return the ssoSessionValidTo + */ + public Date getSsoSessionValidTo() { + return ssoSessionValidTo; + } + + /** + * @param ssoSessionValidTo the ssoSessionValidTo to set + */ + public void setSsoSessionValidTo(Date ssoSessionValidTo) { + this.ssoSessionValidTo = ssoSessionValidTo; + } + + /** + * @return the encbPKList + */ + public List getEncbPKList() { + return encbPKList; + } + + /** + * @param encbPKList the encbPKList to set + */ + public void setEncbPKList(List encbPKList) { + this.encbPKList = encbPKList; + } + + /** + * @return the roles + */ + public List getAuthenticationRoles() { +// if (this.roles == null) { +// this.roles = new ArrayList(); +// this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole")); +// this.roles.add(new AuthenticationRole("yypvprole", "yypvprole")); +// } + + return roles; + } + + //ISA 1.18 attributes + /** + * @param roles the roles to set + */ + public void addAuthenticationRole(AuthenticationRole role) { + if (this.roles == null) + this.roles = new ArrayList(); + + this.roles.add(role); + } + + /** + * @return the pvpAttribute_OU + */ + public String getPvpAttribute_OU() { + return pvpAttribute_OU; + } + + /** + * @param pvpAttribute_OU the pvpAttribute_OU to set + */ + public void setPvpAttribute_OU(String pvpAttribute_OU) { + this.pvpAttribute_OU = pvpAttribute_OU; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService() + */ + @Override + public boolean isBaseIDTransferRestrication() { + return isBaseIDTransferRestrication; + } + + /** + * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set + */ + public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) { + this.isBaseIDTransferRestrication = isBaseIDTransferRestrication; + } + + /** + * Returns a generic data-object with is stored with a specific identifier + * + * @param key The specific identifier of the data object + * @param clazz The class type which is stored with this key + * @return The data object or null if no data is found with this key + */ + public T getGenericData(String key, final Class clazz) { + if (MiscUtil.isNotEmpty(key)) { + Object data = genericDataStorate.get(key); + + if (data == null) + return null; + + try { + @SuppressWarnings("unchecked") + T test = (T) data; + return test; + + } catch (Exception e) { + Logger.warn("Generic authentication-data object can not be casted to requsted type", e); + return null; + + } + + } + + Logger.warn("Can not load generic session-data with key='null'"); + return null; + + } + + /** + * Store a generic data-object to session with a specific identifier + * + * @param key Identifier for this data-object + * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface + * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage + */ + public void setGenericData(String key, Object object) throws SessionDataStorageException { + if (MiscUtil.isEmpty(key)) { + Logger.warn("Generic session-data can not be stored with a 'null' key"); + throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null); + + } + + if (object != null) { + if (!Serializable.class.isInstance(object)) { + Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface"); + throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null); + + } + } + + if (genericDataStorate.containsKey(key)) + Logger.debug("Overwrite generic data with key:" + key); + else + Logger.trace("Add generic data with key:" + key + " to session."); + + genericDataStorate.put(key, object); + } + +} -- cgit v1.2.3