/******************************************************************************* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; @PVPMETADATA public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_NAT_PER_BPK_NAME; } public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) throws AttributeBuilderException { try { Pair calcResult = internalBPKGenerator((IOAAuthParameters)oaParam, authData); if (calcResult != null) { String bpk = calcResult.getFirst(); String type = calcResult.getSecond(); if (MiscUtil.isEmpty(bpk)) throw new UnavailableAttributeException(BPK_NAME); if (type != null) { if (type.startsWith(Constants.URN_PREFIX_WBPK)) type = type.substring((Constants.URN_PREFIX_WBPK + "+").length()); else if (type.startsWith(Constants.URN_PREFIX_CDID)) type = type.substring((Constants.URN_PREFIX_CDID + "+").length()); else if (type.startsWith(Constants.URN_PREFIX_EIDAS)) type = type.substring((Constants.URN_PREFIX_EIDAS + "+").length()); } else { Logger.debug("bPK type is 'null' --> use it as it is"); } if (bpk.length() > BPK_MAX_LENGTH) { bpk = bpk.substring(0, BPK_MAX_LENGTH); } Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type); if (type != null) return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, type + ":" + bpk); else return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, bpk); } } catch (BuildException | ConfigurationException | EAAFBuilderException e) { Logger.error("Failed to generate IdentificationType"); throw new NoMandateDataAttributeException(); } return null; } public ATT buildEmpty(IAttributeGenerator g) { return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME); } protected Pair internalBPKGenerator(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException { //get PVP attribute directly, if exists Pair calcResult = null; if (authData instanceof IMOAAuthData) { if (((IMOAAuthData)authData).isUseMandate()) { String bpk = authData.getGenericData(MANDATE_NAT_PER_BPK_NAME, String.class); if (MiscUtil.isEmpty(bpk)) { //read bPK from mandate if it is not directly included Element mandate = ((IMOAAuthData)authData).getMandate(); if (mandate == null) { throw new NoMandateDataAttributeException(); } Mandate mandateObject = MandateBuilder.buildMandate(mandate); if (mandateObject == null) { throw new NoMandateDataAttributeException(); } PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); if (physicalPerson == null) { Logger.debug("No physicalPerson mandate"); throw new NoMandateDataAttributeException(); } IdentificationType id = null; id = physicalPerson.getIdentification().get(0); if (id == null) { Logger.info("Failed to generate IdentificationType"); throw new NoMandateDataAttributeException(); } if (id.getType().equals(Constants.URN_PREFIX_BASEID)) calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(), oaParam.getAreaSpecificTargetIdentifier()); else calcResult = Pair.newInstance(id.getValue().getValue(), id.getType()); } else { Logger.info("Find '" + MANDATE_NAT_PER_BPK_NAME + "' in AuthData. Use it what is is."); calcResult = Pair.newInstance(bpk, null); } } } else Logger.info(MANDATE_NAT_PER_BPK_FRIENDLY_NAME + " is only available in MOA-ID context"); return calcResult; } }