package at.gv.egovernment.moa.id.auth.builder; import org.apache.commons.lang3.StringUtils; import org.springframework.stereotype.Service; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; import at.gv.egiz.eaaf.modules.pvp2.PVPConstants; import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; import at.gv.egiz.eaaf.modules.pvp2.idp.api.builder.ISubjectNameIdGenerator; import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException; import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @Service("MOASAML2SubjectNameIDGenerator") public class MOAIDSubjectNameIdGenerator implements ISubjectNameIdGenerator { @Override public Pair generateSubjectNameId(IAuthData authData, ISPConfiguration spConfig) throws PVP2Exception { //build nameID and nameID Format from moasessio if (authData instanceof IMOAAuthData && ((IMOAAuthData)authData).isUseMandate()) { String bpktype = null; String bpk = null; Element mandate = ((IMOAAuthData)authData).getMandate(); if(mandate != null) { Logger.debug("Read mandator bPK|baseID from full-mandate ... "); Mandate mandateObject = MandateBuilder.buildMandate(mandate); if(mandateObject == null) { throw new NoMandateDataAvailableException(); } CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson(); IdentificationType id; if(corporation != null && corporation.getIdentification().size() > 0) id = corporation.getIdentification().get(0); else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0) id = pysicalperson.getIdentification().get(0); else { Logger.error("Failed to generate IdentificationType"); throw new NoMandateDataAvailableException(); } bpktype = id.getType(); bpk = id.getValue().getValue(); } else { Logger.debug("Read mandator bPK|baseID from PVP attributes ... "); bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME, String.class); bpktype = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, String.class); if (StringUtils.isEmpty(bpk)) { //no sourcePin is included --> search for bPK bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_BPK_NAME, String.class); try { if (bpk.contains(":")) bpk = bpk.split(":")[1]; } catch (Exception e) { Logger.warn("Can not split bPK from mandator attribute!", e); } //set bPK-Type from configuration, because it MUST be equal to service-provider type bpktype = spConfig.getAreaSpecificTargetIdentifier(); } else { //sourcePin is include --> check sourcePinType if (StringUtils.isEmpty(bpktype)) bpktype = Constants.URN_PREFIX_BASEID; } } if (StringUtils.isEmpty(bpk) || StringUtils.isEmpty(bpktype)) { throw new NoMandateDataAvailableException(); } if (bpktype.equals(Constants.URN_PREFIX_BASEID)) { try { return new BPKBuilder().generateAreaSpecificPersonIdentifier(bpk, spConfig.getAreaSpecificTargetIdentifier()); } catch (EAAFBuilderException e) { Logger.warn("Can NOT generate SubjectNameId." , e); throw new ResponderErrorException("pvp2.01", null); } } else return Pair.newInstance(bpk, bpktype); } else return Pair.newInstance(authData.getBPK(), authData.getBPKType()); } }