Changed for compability mode.

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@892 d688527b-c9ab-4aba-bd8d-4036d912da1d

6 files changed, 260 insertions, 62 deletions

diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index a79cba4d7..5f4ec2d29 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -40,6 +40,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
 import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
@@ -589,25 +590,25 @@ public class AuthenticationServer implements MOAIDAuthConstants {
                 InfoboxValidatorParamsBuilder.buildInfoboxValidatorParams(
                   session, verifyInfoboxParameter, infoboxTokenList, hideStammzahl);
               // now validate the infobox
-              boolean infoboxValid = false;
+              InfoboxValidationResult infoboxValidationResult = null;
               try {
-                infoboxValid = infoboxValidator.validate(infoboxValidatorParams);
+                infoboxValidationResult = infoboxValidator.validate(infoboxValidatorParams);
               } catch (ValidateException e) {
                 Logger.error("Error validating "  + identifier + " infobox:" + e.getMessage());
                 throw new ValidateException(
                   "validator.44", new Object[] {friendlyName});
               }
-              if (!infoboxValid) {
+              if (!infoboxValidationResult.isValid()) {
                 Logger.info("Validation of "  + identifier + " infobox failed.");
                 throw new ValidateException(
-                  "validator.40", new Object[] {friendlyName, infoboxValidator.getErrorMessage()});
+                  "validator.40", new Object[] {friendlyName, infoboxValidationResult.getErrorMessage()});
               }
               
               Logger.info(identifier + " infobox successfully validated.");
               
               // get the SAML attributes to be appended to the AUTHBlock or to the final
               // SAML Assertion            
-              ExtendedSAMLAttribute[] extendedSAMLAttributes = infoboxValidator.getExtendedSamlAttributes();
+              ExtendedSAMLAttribute[] extendedSAMLAttributes = infoboxValidationResult.getExtendedSamlAttributes();
               if (extendedSAMLAttributes != null) {
                 int length = extendedSAMLAttributes.length; 
                 for (int i=0; i<length; i++) {                
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java
new file mode 100644
index 000000000..0ee2f21d5
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java
@@ -0,0 +1,76 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+import org.w3c.dom.Element;
+
+/**
+ * Includes the result of an extended infobox validation.
+ * 
+ * If validation succeeds, an array of
+ * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute ExtendedSAMLAttributes}
+ * maybe provided. Each of these SAML-Attributes will be either appended to the  
+ * final SAML-Assertion passed to the online application or to the AUTH-Block,
+ * or to both.
+ * <br>
+ * If validation fails the implementing class has to provide a short error message. 
+ * <br>
+ * If the corresponding infobox validator runs in the so called <code>compatibility mode</code>
+ * a <code>pr:Persondata</code> element to be used in the final <code>saml:Assertion</code>
+ * ({@see #getPersonData()})
+ * 
+ * @author Harald Bratko
+ */
+public interface InfoboxValidationResult {
+  
+  /**
+   * The method returns <code>true</code> if validation succeeds. In that case
+   * method {@link  #getExtendedSamlAttributes()} may provide an array of 
+   * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute 
+   * ExtendedSAMLAttributes} that should be appended to the final SAML-Assertion or the 
+   * AUTH-Block or to both.
+   * <br>
+   * The method returns <code>false</code> if validation fails. In that case
+   * method {@link #getErrorMessage()} has to provide a short error description.               
+   * 
+   * @return <code>True</code> if validation succeeds,
+   *         otherwise <code>false</code>.
+   */
+  public boolean isValid();
+  
+  /**
+   * Returns an array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
+   * ExtendedSAMLAttributes} that should be added to the SAML-Assertion
+   * provided to the online application.
+   * The SAML-Attributes in that array will be added to the final
+   * SAML-Assertion, the AUTH-Block, or both, exactly in the order as they are arranged
+   * in the array this method returns. 
+   * 
+   * @return An array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
+   * ExtendedSAMLAttributes} that should be added to the SAML-Assertion
+   * provided to the online application, the AUTH-Block, or both. If no attributes should 
+   * be added this array maybe <code>null</code> or empty.
+   */
+  public ExtendedSAMLAttribute[] getExtendedSamlAttributes();
+  
+  /**
+   * A short error description that should be displayed by MOA-ID if
+   * validation of the InfoBoxReadResponse fails.
+   * 
+   * @return An short error message if validation fails.
+   */
+  public String getErrorMessage();
+  
+  /**
+   * Returns a <code>&lt;pr:PersonData&gt;</code> element to be used in the final 
+   * <code>&lt;saml:Assertion&gt;</code>.
+   * <br>
+   * If the corresponding infobox validator runs in the so called <code>compatibility mode</code>
+   * the method must return a <code>&lt;pr:PersonData&gt;</code> element to be used within
+   * the final <code>&lt;saml:Assertion&gt;</code> sent to the online application instead of
+   * the original <code>&lt;pr:PersonData&gt;</code> element derived from the <code>&lt;Identitylink&gt;</code>.
+   * 
+   * @return A <code>&lt;pr:PersonData&gt;</code> element if the corresponding infobox validator 
+   * runs in the <code>compatibility mode</code>, otherwise <code>null</code>.
+   */
+  public Element getPersonData();
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationresultImpl.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationresultImpl.java
new file mode 100644
index 000000000..24eb01e95
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationresultImpl.java
@@ -0,0 +1,122 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+import org.w3c.dom.Element;
+
+/**
+ * Default implementation of the {@link InfoboxValidationresult} interface.
+ * 
+ * @author Harald Bratko
+ */
+public class InfoboxValidationresultImpl implements InfoboxValidationResult {
+  
+  /**
+   * Indicates whether the validation was successful or not.
+   */
+  protected boolean valid_;
+  
+  /**
+   * The error message.
+   */
+  protected String errorMessage_;
+  
+  /**
+   * The SAML attributes returned by the infobox validator.
+   */
+  protected ExtendedSAMLAttribute[] extendedSamlAttributes_; 
+  
+  /**
+   * The <code>&lt;pr:PersonData&gt;</code> element to be used in the final 
+   * <code>&lt;saml:Assertion&gt;</code>, if the validator runs in the
+   * <code>compatibility mode</code>.
+   */
+  protected Element personData_;
+  
+  /**
+   * Constructor.
+   * 
+   * @param valid
+   * @param extendedSamlAttributes
+   * @param errorMessage
+   * @param personData
+   */
+  public InfoboxValidationresultImpl(
+    boolean valid, 
+    ExtendedSAMLAttribute[] extendedSamlAttributes,
+    String errorMessage,
+    Element personData)
+  {
+    valid_ = valid;
+    extendedSamlAttributes_ = extendedSamlAttributes;
+    errorMessage_ = errorMessage;
+    personData_ = personData;
+  }
+
+    
+   
+
+  /**
+   * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult#getErrorMessage()
+   */
+  public String getErrorMessage() {
+    return errorMessage_;
+  }
+
+  /**
+   * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult#getExtendedSamlAttributes()
+   */
+  public ExtendedSAMLAttribute[] getExtendedSamlAttributes() {
+    return extendedSamlAttributes_;
+  }
+
+  /**
+   * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult#getPersonData()
+   */
+  public Element getPersonData() {
+    return personData_;
+  }
+
+  /**
+   * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult#isValid()
+   */
+  public boolean isValid() {
+    return valid_;
+  }
+
+  /**
+   * Sets the errorMessage.
+   *
+   * @param errorMessage The errorMessage to set.
+   */
+  public void setErrorMessage(String errorMessage) {
+    errorMessage_ = errorMessage;
+  }
+
+  /**
+   * Sets the extendedSamlAttributes.
+   *
+   * @param extendedSamlAttributes The extendedSamlAttributes to set.
+   */
+  public void setExtendedSamlAttributes(ExtendedSAMLAttribute[] extendedSamlAttributes) {
+    extendedSamlAttributes_ = extendedSamlAttributes;
+  }
+
+  /**
+   * Sets the <code>&lt;pr:PersonData&gt;</code> element.
+   *
+   * @param personData <code>&lt;pr:PersonData&gt;</code> to set.
+   */
+  public void setPersonData(Element personData) {
+    personData_ = personData;
+  }
+
+  /**
+   * Specify whether the result is valid or not.
+   *
+   * @param valid <code>True</code> if the infobox could be validated successfully,
+   * otherwise <code>false</code>.
+   */
+  public void setValid(boolean valid) {
+    valid_ = valid;
+  }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java
index 381815258..71d675259 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java
@@ -157,6 +157,21 @@ public interface InfoboxValidatorParams {
   public boolean getHideStammzahl();
   
   /**
+   * Indicates if the infobox validator has to run in the so called <code>compatibility mode</code>.
+   * <br>
+   * The <code>compatibility mode</code> is used when the final <code>&lt;saml:Assertion&gt;</code> 
+   * sent to the online application should be rather built on the basis of a <code>&lt;pr:PersonData&gt;</code>
+   * structure returned by the infobox validator instead of the original identity link.
+   * This mode is mainly used within the <code>Mandates</code> context 
+   * (please refer MOA-ID specification for more details). 
+   * 
+   * @return <code>True</code> the infobox validator has to run in the so called 
+   * <code>compatibility mode</code>, otherwise <code>false</code>. The default value
+   * <i>should</i> be </code>false</code>.
+   */
+  public boolean getCompMode();
+  
+  /**
    * Returns application specific parameters.
    * Each child element of this element contains
    * a validating application specific parameter. The  
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java
index 123d57157..e524ff5f5 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java
@@ -21,76 +21,80 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams {
    * The first token in this list is the one to be validated. Each further token
    * maybe needed to validate this first token. 
    */
-  private List infoboxTokenList_;
+  protected List infoboxTokenList_;
   
   /**
    * The ID of the trust profile used for validating certificates.
    */
-  private String trustProfileID_;
+  protected String trustProfileID_;
   
   /**
    * The locations of schemas that maybe needed for validating infobox tokens.
    */
-  private List schemaLocations_;
+  protected List schemaLocations_;
   
   /**
    * The URL of the BKU.
    */
-  private String bkuURL_;
+  protected String bkuURL_;
   
   /**
    * Specifies whether the current online application is a business or a public application.
    */
-  private boolean businessApplication_;
+  protected boolean businessApplication_;
   
   /**
    * The target parameter.
    */
-  private String target_;
+  protected String target_;
   
   /**
    * The family name from the identity link.
    */
-  private String familyName_;
+  protected String familyName_;
   
   /**
    * The given name from the identity link.
    */
-  private String givenName_;
+  protected String givenName_;
   
   /**
    * The date of birth from the identity link.
    */
-  private String dateOfBirth_;
+  protected String dateOfBirth_;
 
   /**
    * The date of identification value.
    */
-  private String identificationValue_;
+  protected String identificationValue_;
   
   /**
    * The identification type.
    */
-  private String identificationType_;
+  protected String identificationType_;
   
   /**
    * The public keys from the identity link.
    */
-  private PublicKey[] publicKeys_;
+  protected PublicKey[] publicKeys_;
   
   /**
    * The identity link.
    */
-  private Element identityLink_;
+  protected Element identityLink_;
+  /**
+   * Indicates if the infobox validator has to run in the so called <code>compatibility mode</code>.
+   */
+  protected boolean compMode_;
   /**
    * Indicates whether source pins (<code>Stammzahl</code>en) must be hidden or not.
    */
-  private boolean hideStammzahl_;
+  protected boolean hideStammzahl_;
   
   /**
    * Application specific parameters.
    */
-  private Element applicationSpecificParams_;
+  protected Element applicationSpecificParams_;
 
   /**
    * Empty constructor.
@@ -190,6 +194,13 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams {
   }
   
   /**
+   * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getCompMode()
+   */
+  public boolean getCompMode() {
+    return compMode_;
+  }
+  
+  /**
    * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getHideStammzahl()
    */
   public boolean getHideStammzahl() {
@@ -332,16 +343,27 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams {
   public void setTrustProfileID(String trustProfileID) {
     trustProfileID_ = trustProfileID;
   }
+  
+  /**
+   * Sets the {@link #compMode_} parameter. Indicates whether the infobox 
+   * validator has to run in the so called <code>compatibility mode</code>.
+   *
+   * @param compMode <code>True</code> if the infobox validator has to run in the so 
+   *                 called <code>compatibility mode</code>, otherwise <code>false</code>.
+   */
+  public void setCompMode(boolean compMode) {
+    compMode_ = compMode;
+  }
 
   /**
-   * Sets the hideStammzahl_ parameter. This indicates whether source pins 
+   * Sets the {@link #hideStammzahl_} parameter. This indicates whether source pins 
    * (<code>Stammzahl</code>en) must be hidden or not.
    *
    * @param hideStammzahl <code>True</code> if source pins (<code>Stammzahl</code>en) should
    *                      be hidden, otherwise <code>false</code>.
    */
   public void setHideStammzahl(boolean hideStammzahl) {
-    this.hideStammzahl_ = hideStammzahl;
+    hideStammzahl_ = hideStammzahl;
   }
 
 }
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java
index e17e03a20..2f14eb3c9 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java
@@ -1,5 +1,6 @@
 package at.gv.egovernment.moa.id.auth.validator;
 
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
 import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
 import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
 
@@ -8,13 +9,6 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
  * An implementing class has to validate the content of the InfoboxReadResponse  
  * according to the type specific rules and guidelines of the underlying 
  * application.
- * If validation succeeds, the class may provide an array of
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute 
- * ExtendedSAMLAttributes}. Each of these SAML-Attributes will be either appended to the  
- * final SAML-Assertion passed to the online application or to the AUTH-Block,
- * or to both.
- * <br>
- * If validation fails the implementing class has to provide a short error message. 
  */
 public interface InfoboxValidator {
   
@@ -23,15 +17,6 @@ public interface InfoboxValidator {
    * The method validates the content of the passed <code>infoboxReadResponse</code>
    * according to the type specific rules and guidelines of the underlying
    * application.
-   * <br>
-   * The method returns <code>true</code> if validation succeeds. In that case
-   * method {@link  #getExtendedSamlAttributes()} may provide an array of 
-   * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute 
-   * ExtendedSAMLAttributes} that should be appended to the final SAML-Assertion or the 
-   * AUTH-Block or to both.
-   * <br>
-   * The method returns <code>false</code> if validation fails. In that case
-   * method {@link #getErrorMessage()} has to provide a short error description.
    *
    * @param params {@link at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams
    *                Parameters} needed by the validator.                
@@ -42,30 +27,7 @@ public interface InfoboxValidator {
    * @throws ValidateException  If an error occurs on validating the 
    *                            InfoboxReadResponse.
    */
-  public boolean validate (InfoboxValidatorParams params)
+  public InfoboxValidationResult validate (InfoboxValidatorParams params)
     throws ValidateException;
-  
-  /**
-   * Returns an array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
-   * ExtendedSAMLAttributes} that should be added to the SAML-Assertion
-   * provided to the online application.
-   * The SAML-Attributes in that array will be added to the final
-   * SAML-Assertion, the AUTH-Block, or both, exactly in the order as they are arranged
-   * in the array this method returns. 
-   * 
-   * @return An array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
-   * ExtendedSAMLAttributes} that should be added to the SAML-Assertion
-   * provided to the online application, the AUTH-Block, or both. If no attributes should 
-   * be added this array maybe <code>null</code> or empty.
-   */
-  public ExtendedSAMLAttribute[] getExtendedSamlAttributes();
-  
-  /**
-   * A short error description that should be displayed by MOA-ID if
-   * validation of the InfoBoxReadResponse fails.
-   * 
-   * @return An short error message if validation fails.
-   */
-  public String getErrorMessage();
 
 }