/******************************************************************************* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; import org.apache.commons.lang3.StringUtils; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; @PVPMETADATA public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_NAT_PER_BPK_NAME; } public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) throws AttributeBuilderException { try { String bPKResult = getBpkAttributeStringForSP(oaParam, authData); if (StringUtils.isNoneEmpty(bPKResult)) return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, bPKResult); } catch (BuildException | ConfigurationException | EAAFBuilderException e) { Logger.error("Failed to generate IdentificationType"); throw new NoMandateDataAttributeException(); } return null; } public ATT buildEmpty(IAttributeGenerator g) { return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME); } protected Pair getBpkForSp(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException { Pair baseId = getBaseIdFromMandate(oaParam, authData); Pair bPKResult = null; if (baseId != null) { if (baseId.getSecond() != null && baseId.getSecond().equals(Constants.URN_PREFIX_BASEID)) bPKResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(baseId.getFirst(), oaParam.getAreaSpecificTargetIdentifier()); else { Logger.debug("No BaseId target in mandate. Use it as it is ... "); bPKResult = Pair.newInstance(baseId.getFirst(), null); } } return bPKResult; } /** * Generate the bPK String for this specific SP * * @param oaParam * @param authData * @return * @throws UnavailableAttributeException * @throws EAAFBuilderException * @throws ConfigurationException * @throws BuildException * @throws NoMandateDataAttributeException */ protected String getBpkAttributeStringForSP(ISPConfiguration oaParam, IAuthData authData) throws UnavailableAttributeException, EAAFBuilderException, NoMandateDataAttributeException, BuildException, ConfigurationException { Pair bPKResult = getBpkForSp(oaParam, authData); if (bPKResult != null) { String bpk = bPKResult.getFirst(); String type = bPKResult.getSecond(); if (MiscUtil.isEmpty(bpk)) throw new UnavailableAttributeException(BPK_NAME); if (type != null) type = removeBpkTypePrefix(type); else Logger.debug("bPK type is 'null' --> use it as it is"); bpk = attrMaxSize(bpk); Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type); if (type != null) return type + BPKAttributeBuilder.DELIMITER_BPKTYPE_BPK + bpk; else return bpk; } return null; } /** * Limit the attribute value to maximum size * * @param attr * @return */ protected String attrMaxSize(String attr) { if (attr != null && attr.length() > BPK_MAX_LENGTH) { attr = attr.substring(0, BPK_MAX_LENGTH); } return attr; } /** * Remove bPKType prefix if available * * @param type * @return */ protected String removeBpkTypePrefix(String type) { if (type.startsWith(EAAFConstants.URN_PREFIX_WBPK)) return type.substring((EAAFConstants.URN_PREFIX_WBPK).length()); else if (type.startsWith(EAAFConstants.URN_PREFIX_CDID)) return type.substring((EAAFConstants.URN_PREFIX_CDID).length()); else if (type.startsWith(EAAFConstants.URN_PREFIX_EIDAS)) return type.substring((EAAFConstants.URN_PREFIX_EIDAS).length()); else return type; } protected Pair getBaseIdFromMandate(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException { //get PVP attribute directly, if exists Pair calcResult = null; if (authData instanceof IMOAAuthData) { if (((IMOAAuthData)authData).isUseMandate()) { String bpk = authData.getGenericData(MANDATE_NAT_PER_BPK_NAME, String.class); if (MiscUtil.isEmpty(bpk)) { //read bPK from mandate if it is not directly included Element mandate = ((IMOAAuthData)authData).getMandate(); if (mandate == null) { throw new NoMandateDataAttributeException(); } Mandate mandateObject = MandateBuilder.buildMandate(mandate); if (mandateObject == null) { throw new NoMandateDataAttributeException(); } PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); if (physicalPerson == null) { Logger.debug("No physicalPerson mandate"); throw new NoMandateDataAttributeException(); } IdentificationType id = null; id = physicalPerson.getIdentification().get(0); if (id == null) { Logger.info("Failed to generate IdentificationType"); throw new NoMandateDataAttributeException(); } calcResult = Pair.newInstance(id.getValue().getValue(), id.getType()); } else { Logger.info("Find '" + MANDATE_NAT_PER_BPK_NAME + "' in AuthData. Use it what is is."); calcResult = Pair.newInstance(bpk, null); } } } else Logger.info(MANDATE_NAT_PER_BPK_FRIENDLY_NAME + " is only available in MOA-ID context"); return calcResult; } }