/** * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egovernment.moa.id.data; import java.io.Serializable; import java.util.ArrayList; import java.util.List; import org.w3c.dom.Element; import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.util.LoALevelMapper; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz * */ public class MOAAuthenticationData extends AuthenticationData implements IMOAAuthData, Serializable { private static final long serialVersionUID = 1L; private boolean qualifiedCertificate; private boolean publicAuthority; private String publicAuthorityCode; private String bkuURL; private byte[] signerCertificate = null; private String authBlock = null; private String QAALevel = null; private List encbPKList; //ISA 1.18 attributes private List roles = null; private String pvpAttribute_OU = null; private boolean useMandate = false; private IMISMandate mandate = null; private String mandateReferenceValue = null; private boolean interfederatedSSOSession; private String interfederatedIDP; private LoALevelMapper loaMapper; public MOAAuthenticationData(ILoALevelMapper loaMapper) { if (loaMapper instanceof LoALevelMapper) this.loaMapper = (LoALevelMapper) loaMapper; } /** * @return */ @Override public String getQAALevel() { if (this.QAALevel != null && this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) { if (loaMapper != null) { String mappedQAA = loaMapper.mapeIDASQAAToSTORKQAA(this.QAALevel); if (MiscUtil.isNotEmpty(mappedQAA)) return mappedQAA; else { Logger.error("eIDAS QAA-level:" + this.QAALevel + " can not be mapped to STORK QAA-level! Use " + PVPConstants.STORK_QAA_1_1 + " as default value."); } } else Logger.error("NO LoALevelMapper found. Use " + PVPConstants.STORK_QAA_1_1 + " as default value."); return PVPConstants.STORK_QAA_1_1; } else return this.QAALevel; } @Override public List getEncbPKList() { if (this.encbPKList == null) this.encbPKList = new ArrayList(); return this.encbPKList; } @Override public byte[] getSignerCertificate() { return signerCertificate; } /** * @param signerCertificate the signerCertificate to set */ public void setSignerCertificate(byte[] signerCertificate) { this.signerCertificate = signerCertificate; } @Override public String getAuthBlock() { return authBlock; } /** * @param authBlock the authBlock to set */ public void setAuthBlock(String authBlock) { this.authBlock = authBlock; } @Override public IMISMandate getMISMandate() { return mandate; } @Override public Element getMandate() { if (mandate == null) return null; //parse Element from mandate XML try { byte[] byteMandate = mandate.getMandate(); String stringMandate = new String(byteMandate); return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement(); } catch (Throwable e) { Logger.warn("Mandate content could not be generated from MISMandate."); return null; } } /** * @param mandate the mandate to set */ public void setMISMandate(IMISMandate mandate) { this.mandate = mandate; } @Override public boolean isUseMandate() { return useMandate; } public void setUseMandate(boolean useMandate) { this.useMandate = useMandate; } @Override public boolean isPublicAuthority() { return publicAuthority; } @Override public String getPublicAuthorityCode() { return publicAuthorityCode; } @Override public boolean isQualifiedCertificate() { return qualifiedCertificate; } @Override public String getBkuURL() { return bkuURL; } /** * Sets the bkuURL * @param url The BKU URL to set */ public void setBkuURL(String url) { this.bkuURL = url; } @Override public boolean isInterfederatedSSOSession() { return this.interfederatedSSOSession; } /** * @param interfederatedSSOSession the interfederatedSSOSession to set */ public void setInterfederatedSSOSession(boolean interfederatedSSOSession) { this.interfederatedSSOSession = interfederatedSSOSession; } @Override public String getInterfederatedIDP() { return this.interfederatedIDP; } /** * @param interfederatedIDP the interfederatedIDP to set */ public void setInterfederatedIDP(String interfederatedIDP) { this.interfederatedIDP = interfederatedIDP; } @Override public String getMandateReferenceValue() { return mandateReferenceValue; } /** * @param mandateReferenceValue the mandateReferenceValue to set */ public void setMandateReferenceValue(String mandateReferenceValue) { this.mandateReferenceValue = mandateReferenceValue; } @Override public List getAuthenticationRoles() { return roles; } //ISA 1.18 attributes /** * @param roles the roles to set */ public void addAuthenticationRole(AuthenticationRole role) { if (this.roles == null) this.roles = new ArrayList(); this.roles.add(role); } @Override public String getPvpAttribute_OU() { return pvpAttribute_OU; } /** * @param pvpAttribute_OU the pvpAttribute_OU to set */ public void setPvpAttribute_OU(String pvpAttribute_OU) { this.pvpAttribute_OU = pvpAttribute_OU; } /** * Store QAA level in eIDAS format to authentication Data * * @param qAALevel the qAALevel to set * @throws AssertionAttributeExtractorExeption */ public void setQAALevel(String qAALevel) { this.QAALevel = qAALevel; } /** * @param encbPKList the encbPKList to set */ public void setEncbPKList(List encbPKList) { this.encbPKList = encbPKList; } /** * Sets the publicAuthority. * @param publicAuthority The publicAuthority to set */ public void setPublicAuthority(boolean publicAuthority) { this.publicAuthority = publicAuthority; } /** * Sets the publicAuthorityCode. * @param publicAuthorityIdentification The publicAuthorityCode to set */ public void setPublicAuthorityCode(String publicAuthorityIdentification) { this.publicAuthorityCode = publicAuthorityIdentification; } /** * Sets the qualifiedCertificate. * @param qualifiedCertificate The qualifiedCertificate to set */ public void setQualifiedCertificate(boolean qualifiedCertificate) { this.qualifiedCertificate = qualifiedCertificate; } // private static final long serialVersionUID = -1042697056735596866L; // public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; // // /** // * URL of the MOA-ID Auth component issueing this assertion // */ // private String issuer; // /** // * time instant of issue of this assertion // */ // private Date issueInstant; // /** // * user identification value (Stammzahl); null, // * if the authentication module is configured not to return this data // */ // private String identificationValue; // /** // * user identification type // */ // private String identificationType; // // /** // * user identityLink specialized to OAParamter // */ // private IIdentityLink identityLink; // // /** // * application specific user identifier (bPK/wbPK) // */ // private String bPK; // // /** // * application specific user identifier type // */ // private String bPKType; // // /** // * given name of the user // */ // private String givenName; // /** // * family name of the user // */ // private String familyName; // /** // * date of birth of the user // */ // private Date dateOfBirth; // /** // * says whether the certificate is a qualified certificate or not // */ // // /** // * says whether the certificate is a public authority or not // */ // /** // * public authority code (Behördenkennzeichen - BKZ) // */ // // // /** // * URL of the BKU // */ // // /** // * the corresponding lt;saml:Assertion> // */ // // private boolean isBaseIDTransferRestrication = true; // // // /** // * STORK attributes from response // */ // private String ccc = null; // // private Map genericDataStorate = new HashedMap(); // // // // private String authBlock = null; // private List encbPKList = null; // // //ISA 1.18 attributes // private List roles = null; // private String pvpAttribute_OU = null; // // private boolean useMandate = false; // private IMISMandate mandate = null; // private String mandateReferenceValue = null; // // private boolean foreigner =false; // private String QAALevel = null; // // private boolean ssoSession = false; // private Date ssoSessionValidTo = null; // //// private boolean interfederatedSSOSession = false; //// private String interfederatedIDP = null; // // private String sessionIndex = null; // private String nameID = null; // private String nameIDFormat = null; // // public AuthenticationData() { // issueInstant = new Date(); // } // // /** // * Returns the publicAuthority. // * @return boolean // */ // public boolean isPublicAuthority() { // return publicAuthority; // } // // /** // * Returns the publicAuthorityCode. // * @return String // */ // public String getPublicAuthorityCode() { // return publicAuthorityCode; // } // // /** // * Returns the qualifiedCertificate. // * @return boolean // */ // public boolean isQualifiedCertificate() { // return qualifiedCertificate; // } // // /** // * Returns the bPK. // * @return String // */ // public String getBPK() { // return bPK; // } // // /** // * Sets the publicAuthority. // * @param publicAuthority The publicAuthority to set // */ // public void setPublicAuthority(boolean publicAuthority) { // this.publicAuthority = publicAuthority; // } // // /** // * Sets the publicAuthorityCode. // * @param publicAuthorityIdentification The publicAuthorityCode to set // */ // public void setPublicAuthorityCode(String publicAuthorityIdentification) { // this.publicAuthorityCode = publicAuthorityIdentification; // } // // /** // * Sets the qualifiedCertificate. // * @param qualifiedCertificate The qualifiedCertificate to set // */ // public void setQualifiedCertificate(boolean qualifiedCertificate) { // this.qualifiedCertificate = qualifiedCertificate; // } // // /** // * Sets the bPK. // * @param bPK The bPK to set // */ // public void setBPK(String bPK) { // this.bPK = bPK; // } // // /** // * Returns the dateOfBirth. // * @return String // */ // public Date getDateOfBirth() { // return dateOfBirth; // } // // public String getFormatedDateOfBirth() { // DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); // if (getDateOfBirth() != null) // return pvpDateFormat.format(getDateOfBirth()); // else // return "2999-12-31"; // } // // /** // * Returns the familyName. // * @return String // */ // public String getFamilyName() { // return familyName; // } // // /** // * Returns the givenName. // * @return String // */ // public String getGivenName() { // return givenName; // } // // /** // * Holds the baseID of a citizen // * // * @return baseID // */ // public String getIdentificationValue() { // return identificationValue; // } // // /** // * Holds the type of the baseID // * // * @return baseID-Type // */ // public String getIdentificationType() { // return identificationType; // } // // /** // * Returns the issueInstant. // * @return String // */ // public String getIssueInstantString() { // return DateTimeUtils.buildDateTimeUTC(issueInstant); // // } // // /** // * Returns the issueInstant. // * @return String // */ // public Date getIssueInstant() { // return issueInstant; // // } // // public void setIssueInstant(Date date) { // this.issueInstant = date; // } // // /** // * Returns the issuer. // * @return String // */ // public String getIssuer() { // return issuer; // } // // /** // * Returns the BKU URL. // * @return String // */ // public String getBkuURL() { // return bkuURL; // } // // /** // * Sets the dateOfBirth. // * @param dateOfBirth The dateOfBirth to set // */ // public void setDateOfBirth(Date dateOfBirth) { // this.dateOfBirth = dateOfBirth; // } // // public void setDateOfBirth(String dateOfBirth) { // try { // if (MiscUtil.isNotEmpty(dateOfBirth)) { // DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); // this.dateOfBirth = identityLinkFormat.parse(dateOfBirth); // } // // } catch (ParseException e) { // Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e); // // } // } // // /** // * Sets the familyName. // * @param familyName The familyName to set // */ // public void setFamilyName(String familyName) { // this.familyName = familyName; // } // // /** // * Sets the givenName. // * @param givenName The givenName to set // */ // public void setGivenName(String givenName) { // this.givenName = givenName; // } // // /** // * Sets the identificationValue. // * @param identificationValue The identificationValue to set // */ // public void setIdentificationValue(String identificationValue) { // this.identificationValue = identificationValue; // } // // /** // * Sets the identificationType. // * @param identificationType The identificationType to set // */ // public void setIdentificationType(String identificationType) { // this.identificationType = identificationType; // } // // /** // * Sets the issuer. // * @param issuer The issuer to set // */ // public void setIssuer(String issuer) { // this.issuer = issuer; // } // // /** // * Sets the bkuURL // * @param url The BKU URL to set // */ // public void setBkuURL(String url) { // this.bkuURL = url; // } // // public String getBPKType() { // return bPKType; // } // // public void setBPKType(String bPKType) { // this.bPKType = bPKType; // } // // // // // // public String getEIDASQAALevel() { // if (this.QAALevel != null && // this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) { // String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel); // if (MiscUtil.isNotEmpty(mappedQAA)) // return mappedQAA; // // else { // Logger.error("STORK QAA-level:" + this.QAALevel // + " can not be mapped to eIDAS QAA-level! Use " // + PVPConstants.EIDAS_QAA_LOW + " as default value."); // return PVPConstants.EIDAS_QAA_LOW; // // } // // // } else // return this.QAALevel; // // } // // // /** // * @return // */ // public boolean isForeigner() { // return this.foreigner; // } // // // /** // * @param foreigner the foreigner to set // */ // public void setForeigner(boolean foreigner) { // this.foreigner = foreigner; // } // // // // /** // * @return the ssoSession // */ // public boolean isSsoSession() { // return ssoSession; // } // // // /** // * @param ssoSession the ssoSession to set // */ // public void setSsoSession(boolean ssoSession) { // this.ssoSession = ssoSession; // } // // /** // * @return the mandateReferenceValue // */ // public String getMandateReferenceValue() { // return mandateReferenceValue; // } // // /** // * @param mandateReferenceValue the mandateReferenceValue to set // */ // public void setMandateReferenceValue(String mandateReferenceValue) { // this.mandateReferenceValue = mandateReferenceValue; // } // // /** // * CountryCode of the citizen which is identified and authenticated // * // * @return the CountryCode 
like. AT, SI, ...
// */ // public String getCcc() { // return ccc; // } // // /** // * @param ccc the ccc to set // */ // public void setCcc(String ccc) { // this.ccc = ccc; // } // // /** // * @return the sessionIndex // */ // public String getSessionIndex() { // return sessionIndex; // } // // /** // * @param sessionIndex the sessionIndex to set // */ // public void setSessionIndex(String sessionIndex) { // this.sessionIndex = sessionIndex; // } // // /* (non-Javadoc) // * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID() // */ // @Override // public String getNameID() { // return this.nameID; // } // // /** // * @param nameID the nameID to set // */ // public void setNameID(String nameID) { // this.nameID = nameID; // } // // /** // * @return the nameIDFormat // */ // public String getNameIDFormat() { // return nameIDFormat; // } // // /** // * @param nameIDFormat the nameIDFormat to set // */ // public void setNameIDFormat(String nameIDFormat) { // this.nameIDFormat = nameIDFormat; // } // //// /** //// * @return the interfederatedSSOSession //// */ //// public boolean isInterfederatedSSOSession() { //// return interfederatedSSOSession; //// } //// //// /** //// * @param interfederatedSSOSession the interfederatedSSOSession to set //// */ //// public void setInterfederatedSSOSession(boolean interfederatedSSOSession) { //// this.interfederatedSSOSession = interfederatedSSOSession; //// } //// //// /** //// * @return the interfederatedIDP //// */ //// public String getInterfederatedIDP() { //// return interfederatedIDP; //// } //// //// /** //// * @param interfederatedIDP the interfederatedIDP to set //// */ //// public void setInterfederatedIDP(String interfederatedIDP) { //// this.interfederatedIDP = interfederatedIDP; //// } // // /** // * @return the ssoSessionValidTo // */ // public Date getSsoSessionValidTo() { // return ssoSessionValidTo; // } // // /** // * @param ssoSessionValidTo the ssoSessionValidTo to set // */ // public void setSsoSessionValidTo(Date ssoSessionValidTo) { // this.ssoSessionValidTo = ssoSessionValidTo; // } // // /** // * @return the encbPKList // */ // public List getEncbPKList() { // return encbPKList; // } // // /** // * @param encbPKList the encbPKList to set // */ // public void setEncbPKList(List encbPKList) { // this.encbPKList = encbPKList; // } // // /** // * @return the roles // */ // public List getAuthenticationRoles() { //// if (this.roles == null) { //// this.roles = new ArrayList(); //// this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole")); //// this.roles.add(new AuthenticationRole("yypvprole", "yypvprole")); //// } // // return roles; // } // // //ISA 1.18 attributes // /** // * @param roles the roles to set // */ // public void addAuthenticationRole(AuthenticationRole role) { // if (this.roles == null) // this.roles = new ArrayList(); // // this.roles.add(role); // } // // /** // * @return the pvpAttribute_OU // */ // public String getPvpAttribute_OU() { // return pvpAttribute_OU; // } // // /** // * @param pvpAttribute_OU the pvpAttribute_OU to set // */ // public void setPvpAttribute_OU(String pvpAttribute_OU) { // this.pvpAttribute_OU = pvpAttribute_OU; // } // // /* (non-Javadoc) // * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService() // */ // @Override // public boolean isBaseIDTransferRestrication() { // return isBaseIDTransferRestrication; // } // // /** // * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set // */ // public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) { // this.isBaseIDTransferRestrication = isBaseIDTransferRestrication; // } // // /** // * Returns a generic data-object with is stored with a specific identifier // * // * @param key The specific identifier of the data object // * @param clazz The class type which is stored with this key // * @return The data object or null if no data is found with this key // */ // public T getGenericData(String key, final Class clazz) { // if (MiscUtil.isNotEmpty(key)) { // Object data = genericDataStorate.get(key); // // if (data == null) // return null; // // try { // @SuppressWarnings("unchecked") // T test = (T) data; // return test; // // } catch (Exception e) { // Logger.warn("Generic authentication-data object can not be casted to requsted type", e); // return null; // // } // // } // // Logger.warn("Can not load generic session-data with key='null'"); // return null; // // } // // /** // * Store a generic data-object to session with a specific identifier // * // * @param key Identifier for this data-object // * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface // * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage // */ // public void setGenericData(String key, Object object) throws SessionDataStorageException { // if (MiscUtil.isEmpty(key)) { // Logger.warn("Generic session-data can not be stored with a 'null' key"); // throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null); // // } // // if (object != null) { // if (!Serializable.class.isInstance(object)) { // Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface"); // throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null); // // } // } // // if (genericDataStorate.containsKey(key)) // Logger.debug("Overwrite generic data with key:" + key); // else // Logger.trace("Add generic data with key:" + key + " to session."); // // genericDataStorate.put(key, object); // } }