diff options
Diffstat (limited to 'eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java')
| -rw-r--r-- | eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java | 453 |
1 files changed, 261 insertions, 192 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java index 367643ec..a1faa0a4 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java @@ -1,306 +1,375 @@ /******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. + * Copyright 2014 Federal Chancellery Austria MOA-ID has been developed in a cooperation between + * BRZ, the Federal Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by the European + * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in + * compliance with the Licence. You may obtain a copy of the Licence at: http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software distributed under the Licence + * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the Licence for the specific language governing permissions and limitations under + * the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text file for details on the + * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative + * works that you distribute must include a readable copy of the "NOTICE" text file. ******************************************************************************/ /* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * Copyright 2003 Federal Chancellery Austria MOA-ID has been developed in a cooperation between + * BRZ, the Federal Chancellery Austria - ICT staff unit, and Graz University of Technology. * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by the European + * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in + * compliance with the Licence. You may obtain a copy of the Licence at: http://www.osor.eu/eupl/ * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. + * Unless required by applicable law or agreed to in writing, software distributed under the Licence + * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the Licence for the specific language governing permissions and limitations under + * the Licence. * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. + * This product combines work with different licenses. See the "NOTICE" text file for details on the + * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative + * works that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egiz.eaaf.core.impl.idp.auth.data; +import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.Serializable; import java.security.PublicKey; - import javax.xml.transform.TransformerException; - -import org.w3c.dom.Element; - import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; -import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; +import org.w3c.dom.Element; /** - * Data contained in an identity link issued by BMI, relevant to the MOA ID component. - * <br><code>"IdentityLink"</code> is the translation of <code>"Personenbindung"</code>. - * + * Data contained in an identity link issued by BMI, relevant to the MOA ID component. <br> + * <code>"IdentityLink"</code> is the translation of <code>"Personenbindung"</code>. + * * @author Paul Ivancsics * @version $Id$ */ -public class IdentityLink implements Serializable, IIdentityLink{ - - private static final long serialVersionUID = 1L; - - /** - * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>. - */ - private String identificationValue; - /** - * <code>"identificationType"</code> type of the identificationValue in the IdentityLink. - */ - private String identificationType; - /** - * first name - */ - private String givenName; - /** - * family name - */ - private String familyName; - - /** - * date of birth - */ - private String dateOfBirth; +public class IdentityLink implements Serializable, IIdentityLink { + + private static final long serialVersionUID = 1L; + + /** + * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>. + */ + private String identificationValue; + /** + * <code>"identificationType"</code> type of the identificationValue in the IdentityLink. + */ + private String identificationType; + /** + * first name + */ + private String givenName; + /** + * family name + */ + private String familyName; + + /** + * date of birth + */ + private String dateOfBirth; /** * the original saml:Assertion-Element */ - private Element samlAssertion; + private transient Element samlAssertion; /** * the serializes saml:Assertion */ private String serializedSamlAssertion; - /** - * Element /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person - */ - private Element prPerson; /** - * we need for each dsig:Reference Element all - * transformation elements + * Element + * /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person + */ + private transient Element prPerson = null; + /** + * we need for each dsig:Reference Element all transformation elements */ - private Element[] dsigReferenceTransforms; - + private transient Element[] dsigReferenceTransforms = null; + /** * The issuing time of the identity link SAML assertion. */ private String issueInstant; /** - * we need all public keys stored in - * the identity link + * we need all public keys stored in the identity link */ private PublicKey[] publicKey; - /** - * Constructor for IdentityLink - */ - public IdentityLink() { - } + /** + * Constructor for IdentityLink + */ + public IdentityLink() {} - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDateOfBirth() - */ + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDateOfBirth() + */ @Override -public String getDateOfBirth() { + public String getDateOfBirth() { return dateOfBirth; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getFamilyName() - */ + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getFamilyName() + */ @Override -public String getFamilyName() { + public String getFamilyName() { return familyName; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getGivenName() - */ + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getGivenName() + */ @Override -public String getGivenName() { + public String getGivenName() { return givenName; } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getName() - */ + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getName() + */ @Override @Deprecated public String getName() { return givenName + " " + familyName; - + } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationValue() - */ + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationValue() + */ @Override -public String getIdentificationValue() { + public String getIdentificationValue() { return identificationValue; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationType() - */ - @Override - public String getIdentificationType() { - return identificationType; - } + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationType() + */ + @Override + public String getIdentificationType() { + return identificationType; + } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDateOfBirth(java.lang.String) - */ + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDateOfBirth(java.lang.String) + */ @Override -public void setDateOfBirth(String dateOfBirth) { + public void setDateOfBirth(final String dateOfBirth) { this.dateOfBirth = dateOfBirth; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setFamilyName(java.lang.String) - */ + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setFamilyName(java.lang.String) + */ @Override -public void setFamilyName(String familyName) { + public void setFamilyName(final String familyName) { this.familyName = familyName; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setGivenName(java.lang.String) - */ + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setGivenName(java.lang.String) + */ @Override -public void setGivenName(String givenName) { + public void setGivenName(final String givenName) { this.givenName = givenName; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationValue(java.lang.String) - */ + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationValue(java.lang.String) + */ @Override -public void setIdentificationValue(String identificationValue) { + public void setIdentificationValue(final String identificationValue) { this.identificationValue = identificationValue; } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationType(java.lang.String) - */ - @Override - public void setIdentificationType(String identificationType) { - this.identificationType = identificationType; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSamlAssertion() - */ + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationType(java.lang.String) + */ @Override -public Element getSamlAssertion() { - return samlAssertion; + public void setIdentificationType(final String identificationType) { + this.identificationType = identificationType; } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSerializedSamlAssertion() - */ + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSamlAssertion() + */ @Override -public String getSerializedSamlAssertion() { + public Element getSamlAssertion() { + if (this.samlAssertion == null) { + try { + this.samlAssertion = DomUtils.parseXmlNonValidating( + new ByteArrayInputStream(serializedSamlAssertion.getBytes("UTF-8"))); + + } catch (final Exception e) { + throw new RuntimeException(e); + + } + } + + return this.samlAssertion; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSerializedSamlAssertion() + */ + @Override + public String getSerializedSamlAssertion() { return serializedSamlAssertion; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setSamlAssertion(org.w3c.dom.Element) - */ + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setSamlAssertion(org.w3c.dom.Element) + */ @Override -public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException { + public void setSamlAssertion(final Element samlAssertion) + throws TransformerException, IOException { this.samlAssertion = samlAssertion; - this.serializedSamlAssertion = DOMUtils.serializeNode(samlAssertion); + this.serializedSamlAssertion = DomUtils.serializeNode(samlAssertion); } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDsigReferenceTransforms() - */ + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDsigReferenceTransforms() + */ @Override -public Element[] getDsigReferenceTransforms() { - return dsigReferenceTransforms; + public Element[] getDsigReferenceTransforms() { + if (dsigReferenceTransforms != null) { + return dsigReferenceTransforms.clone(); + + } else { + return null; + + } } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDsigReferenceTransforms(org.w3c.dom.Element[]) - */ + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDsigReferenceTransforms(org.w3c.dom.Element + * []) + */ @Override -public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) { - this.dsigReferenceTransforms = dsigReferenceTransforms; + public void setDsigReferenceTransforms(final Element[] dsigReferenceTransforms) { + if (dsigReferenceTransforms != null) { + this.dsigReferenceTransforms = dsigReferenceTransforms.clone(); + + } } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPublicKey() - */ + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPublicKey() + */ @Override -public PublicKey[] getPublicKey() { - return publicKey; + public PublicKey[] getPublicKey() { + if (publicKey != null) { + return publicKey.clone(); + + } else { + return null; + + } } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPublicKey(java.security.PublicKey[]) - */ + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPublicKey(java.security.PublicKey[]) + */ @Override -public void setPublicKey(PublicKey[] publicKey) { - this.publicKey = publicKey; + public void setPublicKey(final PublicKey[] publicKey) { + if (publicKey != null) { + this.publicKey = publicKey.clone(); + + } } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPrPerson() - */ + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPrPerson() + */ @Override -public Element getPrPerson() { + public Element getPrPerson() { + if (prPerson == null) { + prPerson = (Element) XPathUtils.selectSingleNode( + getSamlAssertion(), SimpleIdentityLinkAssertionParser.PERSON_XPATH); + + } + return prPerson; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPrPerson(org.w3c.dom.Element) - */ + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPrPerson(org.w3c.dom.Element) + */ @Override -public void setPrPerson(Element prPerson) { + public void setPrPerson(final Element prPerson) { this.prPerson = prPerson; } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIssueInstant() - */ + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIssueInstant() + */ @Override -public String getIssueInstant() { + public String getIssueInstant() { return issueInstant; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIssueInstant(java.lang.String) - */ + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIssueInstant(java.lang.String) + */ @Override -public void setIssueInstant(String issueInstant) { + public void setIssueInstant(final String issueInstant) { this.issueInstant = issueInstant; } |