/*
* Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
package at.gv.egovernment.moa.id.data;
import java.io.Serializable;
import java.text.DateFormat;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Map;
import org.apache.commons.collections4.map.HashedMap;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.MiscUtil;
/**
* @author tlenz
*
*/
public class AuthenticationData implements IAuthData, Serializable {
private static final long serialVersionUID = -1042697056735596866L;
public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
/**
* URL of the MOA-ID Auth component issueing this assertion
*/
private String issuer;
/**
* time instant of issue of this assertion
*/
private Date issueInstant;
/**
* user identification value (Stammzahl); null
,
* if the authentication module is configured not to return this data
*/
private String identificationValue;
/**
* user identification type
*/
private String identificationType;
/**
* user identityLink specialized to OAParamter
*/
private IdentityLink identityLink;
/**
* application specific user identifier (bPK/wbPK)
*/
private String bPK;
/**
* application specific user identifier type
*/
private String bPKType;
/**
* given name of the user
*/
private String givenName;
/**
* family name of the user
*/
private String familyName;
/**
* date of birth of the user
*/
private Date dateOfBirth;
/**
* says whether the certificate is a qualified certificate or not
*/
private boolean qualifiedCertificate;
/**
* says whether the certificate is a public authority or not
*/
private boolean publicAuthority;
/**
* public authority code (Behördenkennzeichen - BKZ)
*/
private String publicAuthorityCode;
/**
* URL of the BKU
*/
private String bkuURL;
/**
* the corresponding lt;saml:Assertion>
*/
private boolean businessService;
/**
* STORK attributes from response
*/
private String ccc = null;
private Map genericDataStorate = new HashedMap();
private byte[] signerCertificate = null;
private String authBlock = null;
private List encbPKList = null;
//ISA 1.18 attributes
private List roles = null;
private String pvpAttribute_OU = null;
private boolean useMandate = false;
private MISMandate mandate = null;
private String mandateReferenceValue = null;
private boolean foreigner =false;
private String QAALevel = null;
private boolean ssoSession = false;
private Date ssoSessionValidTo = null;
private boolean interfederatedSSOSession = false;
private String interfederatedIDP = null;
private String sessionIndex = null;
private String nameID = null;
private String nameIDFormat = null;
public AuthenticationData() {
issueInstant = new Date();
}
/**
* Returns the publicAuthority.
* @return boolean
*/
public boolean isPublicAuthority() {
return publicAuthority;
}
/**
* Returns the publicAuthorityCode.
* @return String
*/
public String getPublicAuthorityCode() {
return publicAuthorityCode;
}
/**
* Returns the qualifiedCertificate.
* @return boolean
*/
public boolean isQualifiedCertificate() {
return qualifiedCertificate;
}
/**
* Returns the bPK.
* @return String
*/
public String getBPK() {
return bPK;
}
/**
* Sets the publicAuthority.
* @param publicAuthority The publicAuthority to set
*/
public void setPublicAuthority(boolean publicAuthority) {
this.publicAuthority = publicAuthority;
}
/**
* Sets the publicAuthorityCode.
* @param publicAuthorityIdentification The publicAuthorityCode to set
*/
public void setPublicAuthorityCode(String publicAuthorityIdentification) {
this.publicAuthorityCode = publicAuthorityIdentification;
}
/**
* Sets the qualifiedCertificate.
* @param qualifiedCertificate The qualifiedCertificate to set
*/
public void setQualifiedCertificate(boolean qualifiedCertificate) {
this.qualifiedCertificate = qualifiedCertificate;
}
/**
* Sets the bPK.
* @param bPK The bPK to set
*/
public void setBPK(String bPK) {
this.bPK = bPK;
}
/**
* Returns the dateOfBirth.
* @return String
*/
public Date getDateOfBirth() {
return dateOfBirth;
}
public String getFormatedDateOfBirth() {
DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
if (getDateOfBirth() != null)
return pvpDateFormat.format(getDateOfBirth());
else
return "2999-12-31";
}
/**
* Returns the familyName.
* @return String
*/
public String getFamilyName() {
return familyName;
}
/**
* Returns the givenName.
* @return String
*/
public String getGivenName() {
return givenName;
}
/**
* Returns the identificationValue.
* @return String
*/
public String getIdentificationValue() {
return identificationValue;
}
/**
* Returns the identificationType
* @return String
*/
public String getIdentificationType() {
return identificationType;
}
/**
* Returns the issueInstant.
* @return String
*/
public String getIssueInstantString() {
return DateTimeUtils.buildDateTimeUTC(issueInstant);
}
/**
* Returns the issueInstant.
* @return String
*/
public Date getIssueInstant() {
return issueInstant;
}
public void setIssueInstant(Date date) {
this.issueInstant = date;
}
/**
* Returns the issuer.
* @return String
*/
public String getIssuer() {
return issuer;
}
/**
* Returns the BKU URL.
* @return String
*/
public String getBkuURL() {
return bkuURL;
}
/**
* Sets the dateOfBirth.
* @param dateOfBirth The dateOfBirth to set
*/
public void setDateOfBirth(Date dateOfBirth) {
this.dateOfBirth = dateOfBirth;
}
public void setDateOfBirth(String dateOfBirth) {
try {
if (MiscUtil.isNotEmpty(dateOfBirth)) {
DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
this.dateOfBirth = identityLinkFormat.parse(dateOfBirth);
}
} catch (ParseException e) {
Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e);
}
}
/**
* Sets the familyName.
* @param familyName The familyName to set
*/
public void setFamilyName(String familyName) {
this.familyName = familyName;
}
/**
* Sets the givenName.
* @param givenName The givenName to set
*/
public void setGivenName(String givenName) {
this.givenName = givenName;
}
/**
* Sets the identificationValue.
* @param identificationValue The identificationValue to set
*/
public void setIdentificationValue(String identificationValue) {
this.identificationValue = identificationValue;
}
/**
* Sets the identificationType.
* @param identificationType The identificationType to set
*/
public void setIdentificationType(String identificationType) {
this.identificationType = identificationType;
}
/**
* Sets the issuer.
* @param issuer The issuer to set
*/
public void setIssuer(String issuer) {
this.issuer = issuer;
}
/**
* Sets the bkuURL
* @param url The BKU URL to set
*/
public void setBkuURL(String url) {
this.bkuURL = url;
}
public String getBPKType() {
return bPKType;
}
public void setBPKType(String bPKType) {
this.bPKType = bPKType;
}
/**
* @return the identityLink
*/
public IdentityLink getIdentityLink() {
return identityLink;
}
/**
* @param identityLink the identityLink to set
*/
public void setIdentityLink(IdentityLink identityLink) {
this.identityLink = identityLink;
}
/**
* @return the signerCertificate
*/
public byte[] getSignerCertificate() {
return signerCertificate;
}
/**
* @param signerCertificate the signerCertificate to set
*/
public void setSignerCertificate(byte[] signerCertificate) {
this.signerCertificate = signerCertificate;
}
/**
* @return the authBlock
*/
public String getAuthBlock() {
return authBlock;
}
/**
* @param authBlock the authBlock to set
*/
public void setAuthBlock(String authBlock) {
this.authBlock = authBlock;
}
/**
* @return the mandate
*/
public MISMandate getMISMandate() {
return mandate;
}
public Element getMandate() {
try {
byte[] byteMandate = mandate.getMandate();
String stringMandate = new String(byteMandate);
return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();
}
catch (Throwable e) {
Logger.warn("Mandate content could not be generated from MISMandate.");
return null;
}
}
/**
* @param mandate the mandate to set
*/
public void setMISMandate(MISMandate mandate) {
this.mandate = mandate;
}
/**
* @return the useMandate
*/
public boolean isUseMandate() {
return useMandate;
}
/**
* @param useMandate the useMandate to set
*/
public void setUseMandate(boolean useMandate) {
this.useMandate = useMandate;
}
/**
* @return
*/
public String getQAALevel() {
if (this.QAALevel != null &&
this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) {
String mappedQAA = PVPtoSTORKMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel);
if (MiscUtil.isNotEmpty(mappedQAA))
return mappedQAA;
else {
Logger.error("eIDAS QAA-level:" + this.QAALevel
+ " can not be mapped to STORK QAA-level! Use "
+ PVPConstants.STORK_QAA_1_1 + " as default value.");
return PVPConstants.STORK_QAA_1_1;
}
} else
return this.QAALevel;
}
public String getEIDASQAALevel() {
if (this.QAALevel != null &&
this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel);
if (MiscUtil.isNotEmpty(mappedQAA))
return mappedQAA;
else {
Logger.error("STORK QAA-level:" + this.QAALevel
+ " can not be mapped to eIDAS QAA-level! Use "
+ PVPConstants.EIDAS_QAA_LOW + " as default value.");
return PVPConstants.EIDAS_QAA_LOW;
}
} else
return this.QAALevel;
}
/**
* @return
*/
public boolean isForeigner() {
return this.foreigner;
}
/**
* @param foreigner the foreigner to set
*/
public void setForeigner(boolean foreigner) {
this.foreigner = foreigner;
}
/**
* Store QAA level in eIDAS format to authentication Data
*
* @param qAALevel the qAALevel to set
* @throws AssertionAttributeExtractorExeption
*/
public void setQAALevel(String qAALevel) {
QAALevel = qAALevel;
}
/**
* @return the ssoSession
*/
public boolean isSsoSession() {
return ssoSession;
}
/**
* @param ssoSession the ssoSession to set
*/
public void setSsoSession(boolean ssoSession) {
this.ssoSession = ssoSession;
}
/**
* @return the mandateReferenceValue
*/
public String getMandateReferenceValue() {
return mandateReferenceValue;
}
/**
* @param mandateReferenceValue the mandateReferenceValue to set
*/
public void setMandateReferenceValue(String mandateReferenceValue) {
this.mandateReferenceValue = mandateReferenceValue;
}
/**
* @return the ccc
*/
public String getCcc() {
return ccc;
}
/**
* @param ccc the ccc to set
*/
public void setCcc(String ccc) {
this.ccc = ccc;
}
/**
* @return the sessionIndex
*/
public String getSessionIndex() {
return sessionIndex;
}
/**
* @param sessionIndex the sessionIndex to set
*/
public void setSessionIndex(String sessionIndex) {
this.sessionIndex = sessionIndex;
}
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.data.IAuthData#getNameID()
*/
@Override
public String getNameID() {
return this.nameID;
}
/**
* @param nameID the nameID to set
*/
public void setNameID(String nameID) {
this.nameID = nameID;
}
/**
* @return the nameIDFormat
*/
public String getNameIDFormat() {
return nameIDFormat;
}
/**
* @param nameIDFormat the nameIDFormat to set
*/
public void setNameIDFormat(String nameIDFormat) {
this.nameIDFormat = nameIDFormat;
}
/**
* @return the interfederatedSSOSession
*/
public boolean isInterfederatedSSOSession() {
return interfederatedSSOSession;
}
/**
* @param interfederatedSSOSession the interfederatedSSOSession to set
*/
public void setInterfederatedSSOSession(boolean interfederatedSSOSession) {
this.interfederatedSSOSession = interfederatedSSOSession;
}
/**
* @return the interfederatedIDP
*/
public String getInterfederatedIDP() {
return interfederatedIDP;
}
/**
* @param interfederatedIDP the interfederatedIDP to set
*/
public void setInterfederatedIDP(String interfederatedIDP) {
this.interfederatedIDP = interfederatedIDP;
}
/**
* @return the ssoSessionValidTo
*/
public Date getSsoSessionValidTo() {
return ssoSessionValidTo;
}
/**
* @param ssoSessionValidTo the ssoSessionValidTo to set
*/
public void setSsoSessionValidTo(Date ssoSessionValidTo) {
this.ssoSessionValidTo = ssoSessionValidTo;
}
/**
* @return the encbPKList
*/
public List getEncbPKList() {
return encbPKList;
}
/**
* @param encbPKList the encbPKList to set
*/
public void setEncbPKList(List encbPKList) {
this.encbPKList = encbPKList;
}
/**
* @return the roles
*/
public List getAuthenticationRoles() {
// if (this.roles == null) {
// this.roles = new ArrayList();
// this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole"));
// this.roles.add(new AuthenticationRole("yypvprole", "yypvprole"));
// }
return roles;
}
//ISA 1.18 attributes
/**
* @param roles the roles to set
*/
public void addAuthenticationRole(AuthenticationRole role) {
if (this.roles == null)
this.roles = new ArrayList();
this.roles.add(role);
}
/**
* @return the pvpAttribute_OU
*/
public String getPvpAttribute_OU() {
return pvpAttribute_OU;
}
/**
* @param pvpAttribute_OU the pvpAttribute_OU to set
*/
public void setPvpAttribute_OU(String pvpAttribute_OU) {
this.pvpAttribute_OU = pvpAttribute_OU;
}
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService()
*/
@Override
public boolean isBusinessService() {
return this.businessService;
}
public void setIsBusinessService(boolean flag) {
this.businessService = flag;
}
/**
* Returns a generic data-object with is stored with a specific identifier
*
* @param key The specific identifier of the data object
* @param clazz The class type which is stored with this key
* @return The data object or null if no data is found with this key
*/
public T getGenericData(String key, final Class clazz) {
if (MiscUtil.isNotEmpty(key)) {
Object data = genericDataStorate.get(key);
if (data == null)
return null;
try {
@SuppressWarnings("unchecked")
T test = (T) data;
return test;
} catch (Exception e) {
Logger.warn("Generic authentication-data object can not be casted to requsted type", e);
return null;
}
}
Logger.warn("Can not load generic session-data with key='null'");
return null;
}
/**
* Store a generic data-object to session with a specific identifier
*
* @param key Identifier for this data-object
* @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
* @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
*/
public void setGenericData(String key, Object object) throws SessionDataStorageException {
if (MiscUtil.isEmpty(key)) {
Logger.warn("Generic session-data can not be stored with a 'null' key");
throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null);
}
if (object != null) {
if (!Serializable.class.isInstance(object)) {
Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface");
throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null);
}
}
if (genericDataStorate.containsKey(key))
Logger.debug("Overwrite generic data with key:" + key);
else
Logger.trace("Add generic data with key:" + key + " to session.");
genericDataStorate.put(key, object);
}
}