fix attribute escaping problem in SimpleIdentityLinkAssertionParser1.0.6

this fix can be deactivated by property: 'configuration.bugfix.enable.idl.escaping' to get backward compatibility

4 files changed, 33 insertions, 17 deletions

diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java
index c5c08d87..df71b30a 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java
@@ -58,9 +58,12 @@ public interface IIdentityLink {
 	String getGivenName();
 
 	/**
-	   * Returns the name.
-	   * @return The name.
-	   */
+	 * Return  the name as 'givenName + " " + familyName'<br>
+	 * This method should be used any more. Use getFamilyName() and getGivenName() separately.
+	 * 
+	 * @return The name.
+	*/
+	@Deprecated
 	String getName();
 
 	/**
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
index 3ba2c2cf..f578afd8 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
@@ -60,7 +60,10 @@ import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
  
 
 public abstract class AbstractAuthenticationDataBuilder implements IAuthenticationDataBuilder {
-	private static final Logger log = LoggerFactory.getLogger(AbstractAuthenticationDataBuilder.class);		
+	private static final Logger log = LoggerFactory.getLogger(AbstractAuthenticationDataBuilder.class);
+	
+	public static final String CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING = "configuration.bugfix.enable.idl.escaping";
+	
 	protected Collection<String> includedToGenericAuthData = null;	
 	@Autowired protected IConfiguration basicConfig;
 	
@@ -384,10 +387,25 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
 		authData.setIdentificationValue(identityLink.getIdentificationValue());
 		authData.setIdentificationType(identityLink.getIdentificationType());
 
-		authData.setGivenName(identityLink.getGivenName());
-		authData.setFamilyName(identityLink.getFamilyName());
+		/* GivenNames and FamilyNames with simple Apostrophe were escaped with &#39; 
+		 * in IdentityLinkParser since 5 years. This feature was bug-fix for an SL1.0 AuthBlock problem.
+		 * However, the authentication attributes (SAML2, eIDAS, OpenID-Connect) also includes this escaped values,
+		 * but there it is not neccesary. We fix this problem in 3.4.3, but the fix can be deactivated 
+		 * for dependency reasons. 
+		 */
+		if (basicConfig.getBasicMOAIDConfigurationBoolean(CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING, false)) {
+			authData.setGivenName(identityLink.getGivenName().replaceAll("'", "&#39;"));
+			authData.setFamilyName(identityLink.getFamilyName().replaceAll("'", "&#39;"));
+			
+		} else {
+			authData.setGivenName(identityLink.getGivenName());
+			authData.setFamilyName(identityLink.getFamilyName());
+			
+		}
+		
 		authData.setDateOfBirth(identityLink.getDateOfBirth());
 		
+		
 		//remove corresponding keys from genericSessionData if exists
 		includedGenericSessionData.remove(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME);
 		includedGenericSessionData.remove(PVPAttributeDefinitions.GIVEN_NAME_NAME);
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java
index becd630e..367643ec 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java
@@ -86,10 +86,6 @@ public class IdentityLink implements Serializable, IIdentityLink{
 	 */
 	private String familyName;
   
-  /**
-   * The name as (givenName + familyName)
-   */
-  private String name;
 	/**
 	 * date of birth
 	 */
@@ -157,11 +153,10 @@ public String getGivenName() {
  * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getName()
  */
   @Override
-public String getName() {
-    if (name == null) {
-      name = givenName + " " + familyName;
-    }
-    return name;
+  @Deprecated
+  public String getName() {
+    return givenName + " " + familyName;
+    
   }
   
   /* (non-Javadoc)
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/SimpleIdentityLinkAssertionParser.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/SimpleIdentityLinkAssertionParser.java
index 0aec58a2..658e6a42 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/SimpleIdentityLinkAssertionParser.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/SimpleIdentityLinkAssertionParser.java
@@ -274,8 +274,8 @@ public class SimpleIdentityLinkAssertionParser {
 	  String familyname = XPathUtils.getElementValue(assertionElem, PERSON_FAMILY_NAME_XPATH, "");
 
 	  // replace ' in name with &#39;
-	  givenname = givenname.replaceAll("'", "&#39;");
-	  familyname = familyname.replaceAll("'", "&#39;");			
+//	  givenname = givenname.replaceAll("'", "&#39;");
+//	  familyname = familyname.replaceAll("'", "&#39;");			
 		
       identityLink.setGivenName(givenname);
       identityLink.setFamilyName(familyname);