at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder.java Source code

Java tutorial

  1. HOME
  2. Java
  3. at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder.java

Introduction

Here is the source code for at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder.java

Source

/*
 * Copyright 2014 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 */
package at.gv.egovernment.moa.id.protocols.pvp2x.builder;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;

import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeQuery;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.impl.AttributeQueryBuilder;
import org.opensaml.xml.io.Marshaller;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureConstants;
import org.opensaml.xml.signature.SignatureException;
import org.opensaml.xml.signature.Signer;
import org.w3c.dom.Document;

import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;

/**
 * @author tlenz
 *
 */
public class AttributQueryBuilder {

    public static List<Attribute> buildSAML2AttributeList(IOAAuthParameters oa, Iterator<String> iterator) {

        Logger.debug("Build OA specific Attributes for AttributQuery request");

        List<Attribute> attrList = new ArrayList<Attribute>();

        SamlAttributeGenerator generator = new SamlAttributeGenerator();

        while (iterator.hasNext()) {
            String rA = iterator.next();
            Attribute attr = PVPAttributeBuilder.buildEmptyAttribute(rA);
            if (attr == null) {
                Logger.warn("Attribut " + rA + " has no valid Name");

            } else {
                //add OA specific information
                if (rA.equals(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
                    if (oa.getBusinessService())
                        attr = generator.buildStringAttribute(attr.getFriendlyName(), attr.getName(),
                                oa.getIdentityLinkDomainIdentifier());
                    else
                        attr = generator.buildStringAttribute(attr.getFriendlyName(), attr.getName(),
                                Constants.URN_PREFIX_CDID + "+" + oa.getTarget());
                }

                //TODO: add attribute values for SSO with mandates (ProfileList)

                attrList.add(attr);
            }
        }

        return attrList;
    }

    public static AttributeQuery buildAttributQueryRequest(String nameID, String endpoint,
            List<Attribute> requestedAttributes) throws AttributQueryException {

        try {

            AttributeQuery query = new AttributeQueryBuilder().buildObject();

            //set user nameID
            Subject subject = SAML2Utils.createSAMLObject(Subject.class);
            NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
            subjectNameID.setValue(nameID);
            subjectNameID.setFormat(NameID.TRANSIENT);
            subject.setNameID(subjectNameID);
            query.setSubject(subject);

            //set attributes
            query.getAttributes().addAll(requestedAttributes);

            //set general request parameters
            DateTime now = new DateTime();
            query.setIssueInstant(now);

            Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
            nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
            nissuer.setFormat(NameID.ENTITY);
            query.setIssuer(nissuer);

            String sessionID = SAML2Utils.getSecureIdentifier();
            query.setID(sessionID);

            query.setDestination(endpoint);

            X509Credential idpSigningCredential = CredentialProvider.getIDPAssertionSigningCredential();

            Signature signer = SAML2Utils.createSAMLObject(Signature.class);
            signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
            signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
            signer.setSigningCredential(idpSigningCredential);
            query.setSignature(signer);

            DocumentBuilder builder;
            DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();

            builder = factory.newDocumentBuilder();
            Document document = builder.newDocument();
            Marshaller out = Configuration.getMarshallerFactory().getMarshaller(query);
            out.marshall(query, document);

            Signer.signObject(signer);

            return query;

        } catch (ConfigurationException e) {
            Logger.error("Build AttributQuery Request FAILED.", e);
            throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e);

        } catch (CredentialsNotAvailableException e) {
            Logger.error("Build AttributQuery Request FAILED.", e);
            throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e);

        } catch (ParserConfigurationException e) {
            Logger.error("Build AttributQuery Request FAILED.", e);
            throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e);

        } catch (MarshallingException e) {
            Logger.error("Build AttributQuery Request FAILED.", e);
            throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e);

        } catch (SignatureException e) {
            Logger.error("Build AttributQuery Request FAILED.", e);
            throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e);

        }

    }

}