From 13952dddd85fc08115f963b259885b5c9b7f2b57 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 5 Mar 2019 08:53:50 +0100 Subject: fix attribute escaping problem in SimpleIdentityLinkAssertionParser this fix can be deactivated by property: 'configuration.bugfix.enable.idl.escaping' to get backward compatibility --- .../eaaf/core/api/idp/auth/data/IIdentityLink.java | 9 +++++--- .../builder/AbstractAuthenticationDataBuilder.java | 24 +++++++++++++++++++--- .../eaaf/core/impl/idp/auth/data/IdentityLink.java | 13 ++++-------- .../data/SimpleIdentityLinkAssertionParser.java | 4 ++-- 4 files changed, 33 insertions(+), 17 deletions(-) (limited to 'eaaf_core/src/main/java') diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java index c5c08d87..df71b30a 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java @@ -58,9 +58,12 @@ public interface IIdentityLink { String getGivenName(); /** - * Returns the name. - * @return The name. - */ + * Return the name as 'givenName + " " + familyName'
+ * This method should be used any more. Use getFamilyName() and getGivenName() separately. + * + * @return The name. + */ + @Deprecated String getName(); /** diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java index 3ba2c2cf..f578afd8 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java @@ -60,7 +60,10 @@ import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; public abstract class AbstractAuthenticationDataBuilder implements IAuthenticationDataBuilder { - private static final Logger log = LoggerFactory.getLogger(AbstractAuthenticationDataBuilder.class); + private static final Logger log = LoggerFactory.getLogger(AbstractAuthenticationDataBuilder.class); + + public static final String CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING = "configuration.bugfix.enable.idl.escaping"; + protected Collection includedToGenericAuthData = null; @Autowired protected IConfiguration basicConfig; @@ -384,10 +387,25 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati authData.setIdentificationValue(identityLink.getIdentificationValue()); authData.setIdentificationType(identityLink.getIdentificationType()); - authData.setGivenName(identityLink.getGivenName()); - authData.setFamilyName(identityLink.getFamilyName()); + /* GivenNames and FamilyNames with simple Apostrophe were escaped with ' + * in IdentityLinkParser since 5 years. This feature was bug-fix for an SL1.0 AuthBlock problem. + * However, the authentication attributes (SAML2, eIDAS, OpenID-Connect) also includes this escaped values, + * but there it is not neccesary. We fix this problem in 3.4.3, but the fix can be deactivated + * for dependency reasons. + */ + if (basicConfig.getBasicMOAIDConfigurationBoolean(CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING, false)) { + authData.setGivenName(identityLink.getGivenName().replaceAll("'", "'")); + authData.setFamilyName(identityLink.getFamilyName().replaceAll("'", "'")); + + } else { + authData.setGivenName(identityLink.getGivenName()); + authData.setFamilyName(identityLink.getFamilyName()); + + } + authData.setDateOfBirth(identityLink.getDateOfBirth()); + //remove corresponding keys from genericSessionData if exists includedGenericSessionData.remove(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME); includedGenericSessionData.remove(PVPAttributeDefinitions.GIVEN_NAME_NAME); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java index becd630e..367643ec 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java @@ -86,10 +86,6 @@ public class IdentityLink implements Serializable, IIdentityLink{ */ private String familyName; - /** - * The name as (givenName + familyName) - */ - private String name; /** * date of birth */ @@ -157,11 +153,10 @@ public String getGivenName() { * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getName() */ @Override -public String getName() { - if (name == null) { - name = givenName + " " + familyName; - } - return name; + @Deprecated + public String getName() { + return givenName + " " + familyName; + } /* (non-Javadoc) diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/SimpleIdentityLinkAssertionParser.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/SimpleIdentityLinkAssertionParser.java index 0aec58a2..658e6a42 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/SimpleIdentityLinkAssertionParser.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/SimpleIdentityLinkAssertionParser.java @@ -274,8 +274,8 @@ public class SimpleIdentityLinkAssertionParser { String familyname = XPathUtils.getElementValue(assertionElem, PERSON_FAMILY_NAME_XPATH, ""); // replace ' in name with ' - givenname = givenname.replaceAll("'", "'"); - familyname = familyname.replaceAll("'", "'"); +// givenname = givenname.replaceAll("'", "'"); +// familyname = familyname.replaceAll("'", "'"); identityLink.setGivenName(givenname); identityLink.setFamilyName(familyname); -- cgit v1.2.3