/******************************************************************************* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.saml1; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.util.ArrayList; import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBElement; import javax.xml.bind.JAXBException; import javax.xml.bind.Marshaller; import javax.xml.namespace.QName; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.w3c.dom.Element; import org.xml.sax.SAXException; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.exception.ServiceException; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.data.MOAAuthenticationData; import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; import at.gv.util.xsd.persondata.IdentificationType; import at.gv.util.xsd.persondata.IdentificationType.Value; import at.gv.util.xsd.persondata.PersonNameType; import at.gv.util.xsd.persondata.PersonNameType.FamilyName; import at.gv.util.xsd.persondata.PhysicalPersonType; //import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; @Service("SAML1AuthenticationServer") public class SAML1AuthenticationServer extends AuthenticationServer { @Autowired private ITransactionStorage authenticationDataStore; /** * time out in milliseconds used by {@link cleanup} for authentication data * store */ private static final int authDataTimeOut = 2 * 60 * 1000; // default 2 minutes public Throwable getErrorResponse(String samlArtifact) throws AuthenticationException { try { new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); } catch (ParseException ex) { throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString() }); } Throwable error = null; try { error = authenticationDataStore.get(samlArtifact, Throwable.class); if (error == null) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); throw new AuthenticationException("1206", new Object[] { samlArtifact }); } authenticationDataStore.remove(samlArtifact); } catch (EAAFException e) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); throw new AuthenticationException("1206", new Object[] { samlArtifact }); } return error; } //TODO: add eIDAS to SAML1 protocol if it is really necessary // /** // * Transforms additional STORK attributes to MOA Extended attributes // * @param iPersonalAttributeList STORK attribute list // * @return // */ // public List addAdditionalSTORKAttributes(IPersonalAttributeList iPersonalAttributeList) { // List moaExtendedSAMLAttributeList = new Vector(); // // if(null == iPersonalAttributeList) // return moaExtendedSAMLAttributeList; // // Logger.trace("Adding the following attributes to MOA assertion: "); // int count = 0; // // for (PersonalAttribute attribute : iPersonalAttributeList) { // Object attributeValue = attribute.getValue(); // if (null == attributeValue) // attributeValue = attribute.getComplexValue(); // // // escape attributeValue // attributeValue = StringEscapeUtils.escapeXml10(attributeValue.toString()); // // and remove trailing and tailing brackets. Might break something but we never saw an array with more than one entry! // attributeValue = ((String) attributeValue).substring(1, ((String) attributeValue).length() - 1); // // ExtendedSAMLAttribute extendedSAMLAttribute = // new ExtendedSAMLAttributeImpl(attribute.getName(), attributeValue, Constants.STORK_NS_URI, 0); // moaExtendedSAMLAttributeList.add(extendedSAMLAttribute); // count++; // Logger.trace("Additional attribute: " + attribute.getName()); // } // // Logger.debug("Added " + count + " STORK attribute(s) to the MOA assertion."); // // return moaExtendedSAMLAttributeList; // } /** * Retrieves AuthenticationData indexed by the SAML artifact. * The AuthenticationData is deleted from the store upon end of * this call. * * @return AuthenticationData */ public String getSaml1AuthenticationData(String samlArtifact) throws AuthenticationException { try { new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); } catch (ParseException ex) { throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString() }); } String authData = null; try { authData = authenticationDataStore .get(samlArtifact, String.class, authDataTimeOut); if (authData == null) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); throw new AuthenticationException("1206", new Object[] { samlArtifact }); } } catch (EAAFException e) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); throw new AuthenticationException("1206", new Object[] { samlArtifact }); } authenticationDataStore.remove(samlArtifact); Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact); return authData; } public String BuildErrorAssertion(Throwable error, IRequest protocolRequest) throws EAAFException { String samlArtifact = new SAMLArtifactBuilder().build( protocolRequest.getSPEntityId(), protocolRequest.getPendingRequestId(), null); authenticationDataStore.put(samlArtifact, error, authDataTimeOut); return samlArtifact; } public String BuildSAMLArtifact(IOAAuthParameters oaParam, SAML1AuthenticationData authData, String sourceID) throws ConfigurationException, BuildException, AuthenticationException { //Load SAML1 Parameter from OA config SAML1ConfigurationParameters saml1parameter = oaParam.getSAML1Parameter(); boolean useCondition = saml1parameter.isUseCondition(); int conditionLength = saml1parameter.getConditionLength(); try { //set BASE64 encoded signer certificate String signerCertificateBase64 = ""; if (saml1parameter.isProvideCertificate()) { byte[] signerCertificate = authData.getSignerCertificate(); if (signerCertificate != null) { signerCertificateBase64 = Base64Utils .encode(signerCertificate); } else { Logger.info("\"provideCertificate\" is \"true\", but no signer certificate available"); } } //set prPersion boolean provideStammzahl = saml1parameter.isProvideStammzahl() || oaParam.hasBaseIdTransferRestriction(); String prPerson = ""; String ilAssertion = ""; if (authData.getIdentityLink() != null) { prPerson = new PersonDataBuilder().build(authData.getIdentityLink(), provideStammzahl); //set IdentityLink for assortion if (saml1parameter.isProvideIdentityLink()) { ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion(); if (!provideStammzahl) ilAssertion = StringUtils.replaceAll(ilAssertion, authData.getIdentityLink() .getIdentificationValue(), ""); } } else { Logger.info("No IdentityLink available! Build attribute 'PersonDate' from givenname, familyname and dateofbirth. "); PhysicalPersonType person = new PhysicalPersonType(); PersonNameType name = new PersonNameType(); person.setName(name); FamilyName familyName = new FamilyName(); name.getFamilyName().add(familyName ); IdentificationType id = new IdentificationType(); person.getIdentification().add(id ); Value value = new Value(); id.setValue(value ); if ( MiscUtil.isNotEmpty(authData.getIdentificationValue()) && saml1parameter.isProvideIdentityLink() && !authData.isBaseIDTransferRestrication()) { //add baseID if it is requested and available and SP is publicService value.setValue(authData.getIdentificationValue()); id.setType(authData.getIdentificationType()); } else { //otherwise add bPK value.setValue(authData.getBPK()); id.setType(authData.getBPKType()); } familyName.setValue(authData.getFamilyName()); familyName.setPrimary("undefined"); name.getGivenName().add(authData.getGivenName()); person.setDateOfBirth(authData.getFormatedDateOfBirth()); JAXBContext jc = JAXBContext.newInstance("at.gv.util.xsd.persondata"); Marshaller m = jc.createMarshaller(); m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE); // m.setProperty("com.sun.xml.bind.namespacePrefixMapper", new NamespacePrefixMapper() { // public String getPreferredPrefix(String arg0, String arg1, boolean arg2) { // if (Constants.PD_NS_URI.equals(arg0)) // return Constants.PD_PREFIX; // else // return arg1; // } // }); ByteArrayOutputStream stream = new ByteArrayOutputStream(); m.marshal( new JAXBElement(new QName(Constants.PD_NS_URI,"Person"), PhysicalPersonType.class, person), stream); prPerson = StringUtils.removeXMLDeclaration(new String(stream.toByteArray(), "UTF-8")); stream.close(); } //set Authblock String authBlock = ""; if (authData.getAuthBlock() != null) { authBlock = saml1parameter.isProvideAUTHBlock() ? authData.getAuthBlock() : ""; } else { Logger.info("\"provideAuthBlock\" is \"true\", but no authblock available"); } List oaAttributes = authData.getExtendedSAMLAttributesOA(); //add additional SAML1 attribute that containts the CountryCode in case of foreigners if (authData.isForeigner()) { if (oaAttributes == null) oaAttributes = new ArrayList(); Logger.trace("Entity is marked as foreigner. Adding CountryCode: " + authData.getCiticenCountryCode() + " as attribute into SAML1 assertion ... "); oaAttributes.add(new ExtendedSAMLAttributeImpl( PVPAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME, authData.getCiticenCountryCode(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); } //add additional bPKs and foreign bPKs in case of Austrian eID demo-mode if (Boolean.parseBoolean( oaParam.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, String.valueOf(false)))) { Logger.info("Demo-mode for 'New Austrian eID' is active. Add additonal attributes ... "); if (oaAttributes == null) oaAttributes = new ArrayList(); String additionalBpks = new BPKListAttributeBuilder().build( oaParam, authData, new SimpleStringAttributeGenerator()); Logger.trace("Adding additional bPKs: " + additionalBpks + " as attribute into SAML1 assertion ... "); oaAttributes.add(new ExtendedSAMLAttributeImpl( PVPAttributeDefinitions.BPK_LIST_FRIENDLY_NAME, additionalBpks, Constants.MOA_NS_URI, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); String encryptedBpks = new EncryptedBPKAttributeBuilder().build( oaParam, authData, new SimpleStringAttributeGenerator()); Logger.trace("Adding foreign bPKs: " + encryptedBpks + " as attribute into SAML1 assertion ... "); oaAttributes.add(new ExtendedSAMLAttributeImpl( PVPAttributeDefinitions.ENC_BPK_LIST_FRIENDLY_NAME, encryptedBpks, Constants.MOA_NS_URI, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); } String samlAssertion = null; //add mandate info's if (authData.isUseMandate()) { //only provide full mandate if it is included. if (saml1parameter.isProvideFullMandatorData() && authData.getMISMandate() != null) { try { ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes( authData.getMISMandate(), oaParam.hasBaseIdTransferRestriction(), saml1parameter.isProvideStammzahl()); if (extendedSAMLAttributes != null) { String identifier = "MISService"; String friendlyName ="MISService"; int length = extendedSAMLAttributes.length; for (int i = 0; i < length; i++) { ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; Object value = verifySAMLAttribute(samlAttribute, i, identifier, friendlyName); if ((value instanceof String) || (value instanceof Element)) { switch (samlAttribute.getAddToAUTHBlock()) { case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK: replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); break; case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK: replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); break; case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY: break; default: Logger .info("Invalid return value from method \"getAddToAUTHBlock()\" (" + samlAttribute.getAddToAUTHBlock() + ") in SAML attribute number " + (i + 1) + " for infobox " + identifier); throw new ValidateException("validator.47", new Object[] { friendlyName, String.valueOf((i + 1)) }); } } else { Logger .info("The type of SAML-Attribute number " + (i + 1) + " returned from " + identifier + "-infobox validator is not valid. Must be either \"java.Lang.String\"" + " or \"org.w3c.dom.Element\""); throw new ValidateException("validator.46", new Object[] { identifier, String.valueOf((i + 1)) }); } } } } catch (SAXException e) { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }, e); } catch (IOException e) { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }, e); } catch (ParserConfigurationException e) { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }, e); } catch (TransformerException e) { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }, e); } } String mandateDate = generateMandateDate(oaParam, authData); samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate( authData, prPerson, mandateDate, authBlock, ilAssertion, authData.getBkuURL(), signerCertificateBase64, oaParam.hasBaseIdTransferRestriction(), oaAttributes, useCondition, conditionLength); } else { samlAssertion = new AuthenticationDataAssertionBuilder().build( authData, prPerson, authBlock, ilAssertion, authData.getBkuURL(), signerCertificateBase64, oaParam.hasBaseIdTransferRestriction(), oaAttributes, useCondition, conditionLength); } //authData.setSamlAssertion(samlAssertion); String samlArtifact = new SAMLArtifactBuilder().build( authData.getAuthenticationIssuer(), Random.nextRandom(), sourceID); storeAuthenticationData(samlArtifact, samlAssertion); Logger.info("Anmeldedaten angelegt, SAML Artifakt " + samlArtifact); return samlArtifact; } catch (Throwable ex) { throw new BuildException("builder.00", new Object[] { "AuthenticationData", ex.toString() }, ex); } } private String generateMandateDate(IOAAuthParameters oaParam, MOAAuthenticationData authData ) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException, EAAFBuilderException { if (authData == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); Element prPerson = null; String identificationType = ""; String identificationValue = ""; Element mandate = authData.getMandate(); if (mandate == null) { //no full-mandate include Logger.info("AuthData contains no full-mandate. Starting 'mandateDate' generation from PVP attributes ..."); mandate = generateMandateDateFromPVPMandateAttributes(authData); } if (mandate != null) { Element mandator = ParepUtils.extractMandator(mandate); String dateOfBirth = ""; String familyName = ""; String givenName = ""; if (mandator != null) { boolean physical = ParepUtils.isPhysicalPerson(mandator); if (physical) { familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); } else { familyName = ParepUtils.extractMandatorFullName(mandator); } identificationType = ParepUtils.getIdentification(mandator, "Type"); identificationValue = ParepUtils.extractMandatorWbpk(mandator); prPerson = ParepUtils.extractPrPersonOfMandate(mandate); if (physical && oaParam.hasBaseIdTransferRestriction() && identificationType != null && Constants.URN_PREFIX_BASEID .equals(identificationType)) { // now we calculate the wbPK and do so if we got it from the // BKU //load IdentityLinkDomainType from OAParam Pair targedId = new BPKBuilder().generateAreaSpecificPersonIdentifier( identificationValue, oaParam.getAreaSpecificTargetIdentifier()); identificationValue = targedId.getFirst(); identificationType = targedId.getSecond(); ParepUtils.HideStammZahlen(prPerson, true, null, true); } } } if (prPerson == null) { Logger.warn("Mandates are enabled, but no mandate-information is found in authData."); throw new AuthenticationException("auth.16", new Object[] { "Mandates are enabled, but no mandate information is included" }); } try { boolean provideStammzahl = oaParam.getSAML1Parameter().isProvideStammzahl(); String oatargetType = oaParam.getAreaSpecificTargetIdentifier(); Element prIdentification = (Element) prPerson. getElementsByTagNameNS(Constants.PD_NS_URI,"Identification").item(0); if (!oatargetType.equals(identificationType)) { String isPrPerson = prPerson.getAttribute("xsi:type"); if (!StringUtils.isEmpty(isPrPerson)) { if (isPrPerson.equalsIgnoreCase("pr:PhysicalPerson")) { String baseid = getBaseId(prPerson); Element identificationBpK; if (MiscUtil.isNotEmpty(baseid)) { identificationBpK = createIdentificationBPK(prPerson, baseid, oatargetType); if (!provideStammzahl) { prIdentification.getFirstChild().setTextContent(""); } prPerson.insertBefore(identificationBpK, prIdentification); } else { Logger.info("No baseID included. --> Build 'MandateDate' without baseID"); } } } } else { ; } return DOMUtils.serializeNode(prPerson); } catch (TransformerException e1) { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }); } catch (IOException e1) { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }); } } private Element generateMandateDateFromPVPMandateAttributes(IAuthData authdata) throws BuildException { String legalSourcePin = authdata.getGenericData(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class); String legalSourceType = authdata.getGenericData(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class); String legalCommonName = authdata.getGenericData(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME, String.class); String natSourcePin = authdata.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME, String.class); String natSourcePinType = authdata.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, String.class); String natbPK = authdata.getGenericData(PVPConstants.MANDATE_NAT_PER_BPK_NAME, String.class); String natGivenName = authdata.getGenericData(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class); String natFamilyName = authdata.getGenericData(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class); String natDateOfBirth = authdata.getGenericData(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME, String.class); Mandate mandateObject = new Mandate(); Mandator mandator = new Mandator(); mandateObject.setMandator(mandator); if (MiscUtil.isNotEmpty(legalCommonName) && MiscUtil.isNotEmpty(legalSourceType) && MiscUtil.isNotEmpty(legalSourcePin)) { Logger.debug("Build 'mandateDate' element for legal person ..."); at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType legalperson = new at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType(); at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType legalID = new at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType(); at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType.Value idvalue = new at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType.Value(); legalID.setValue(idvalue ); legalperson.getIdentification().add(legalID ); mandator.setCorporateBody(legalperson); legalperson.setFullName(legalCommonName); legalID.setType(legalSourceType); idvalue.setValue(legalSourcePin); } else if (MiscUtil.isNotEmpty(natFamilyName) && MiscUtil.isNotEmpty(natGivenName) && MiscUtil.isNotEmpty(natDateOfBirth) && (MiscUtil.isNotEmpty(natSourcePin) || MiscUtil.isNotEmpty(natbPK))){ Logger.debug("Build 'mandateDate' element for natural person ..."); at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType physPerson = new at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType(); at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType persName = new at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType(); at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType.FamilyName familyName = new at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType.FamilyName(); at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType persID = new at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType(); at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType.Value idValue = new at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType.Value(); physPerson.setName(persName ); persName.getFamilyName().add(familyName ); physPerson.getIdentification().add(persID ); persID.setValue(idValue ); mandator.setPhysicalPerson(physPerson); String[] pvp2GivenName = natGivenName.split(" "); for(int i=0; i