HPI Identifikation als Alternative zu wbPK im businessService-Modus

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@805 d688527b-c9ab-4aba-bd8d-4036d912da1d
author: peter.danner <peter.danner@d688527b-c9ab-4aba-bd8d-4036d912da1d> 2007-02-02 00:48:51 +0000
committer: peter.danner <peter.danner@d688527b-c9ab-4aba-bd8d-4036d912da1d> 2007-02-02 00:48:51 +0000
commit: c034f4156169801d44308e8e505bb9c7e0cc33fb (patch)
tree: ea5bd9c3da4e76eb1ca725474a79885f28a4a6e4 /id.server/src/at/gv/egovernment/moa/id/auth
parent: c70b998681967198391c31c576c8feebad767301 (diff)
download: moa-id-spss-c034f4156169801d44308e8e505bb9c7e0cc33fb.tar.gz
moa-id-spss-c034f4156169801d44308e8e505bb9c7e0cc33fb.tar.bz2
moa-id-spss-c034f4156169801d44308e8e505bb9c7e0cc33fb.zip
4 files changed, 103 insertions, 60 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index cd4b26df3..2baa172f1 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -493,7 +493,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       identificationType,
       oaURL, 
       gebDat,
-      extendedSAMLAttributes);
+      extendedSAMLAttributes,
+      session);
       
     return authBlock;
   }
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index ef50acb3f..4493333c2 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -5,6 +5,7 @@ import java.util.List;
 
 import at.gv.egovernment.moa.id.BuildException;
 import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 
@@ -100,19 +101,25 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
     String identityLinkType,
     String oaURL, 
     String gebDat,
-    List extendedSAMLAttributes)
+    List extendedSAMLAttributes,
+    AuthenticationSession session)
   throws BuildException
   {
-    
+    session.setSAMLAttributeGebeORwbpk(true);
     String gebeORwbpk = "";
     String wbpkNSDeclaration = "";
     if (target == null) {
       // OA is a business application
-      gebeORwbpk =  MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType });
-      wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\"";
+      if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) {
+    	  // Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator
+	      gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType });
+	      wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\"";
+      } else {
+    	  // We do not have a wbPK, therefore no SAML-Attribute is provided
+    	  session.setSAMLAttributeGebeORwbpk(false);
+      }
     } else {
-      gebeORwbpk =  MessageFormat.format(
-        GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target });
+      gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target });
     }
     
     String assertion;
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 50d15007e..12d29ba82 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -66,13 +66,19 @@ public class AuthenticationSession {
    * service or not
    */
   private boolean businessService;
-  
+
   /**
    * SAML attributes from an extended infobox validation to be appended
    * to the SAML assertion delivered to the final online application.
    */
   private List extendedSAMLAttributesOA;
   
+  /**
+   * The boolean value for either a target or a wbPK is provided as 
+   * SAML Attribute in the SAML Assertion or not.
+   */
+  private boolean samlAttributeGebeORwbpk;
+  
    /**
    * SAML attributes from an extended infobox validation to be appended
    * to the SAML assertion of the AUTHBlock.
@@ -335,6 +341,28 @@ public class AuthenticationSession {
   }
 
   /**
+   * Returns the boolean value for either a target or a wbPK is
+   * provided as SAML Attribute in the SAML Assertion or not.
+   *
+   * @return true either a target or a wbPK is provided as SAML Attribute 
+   * in the SAML Assertion or false if not.
+   */
+  public boolean getSAMLAttributeGebeORwbpk() {
+    return this.samlAttributeGebeORwbpk;
+  }
+
+  /**
+   * Sets the boolean value for either a target or a wbPK is 
+   * provided as SAML Attribute in the SAML Assertion or not.
+   *
+   * @param samlAttributeGebeORwbpk The boolean for value either a target or 
+   *        wbPK is provided as SAML Attribute in the SAML Assertion or not.
+   */
+  public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) {
+    this.samlAttributeGebeORwbpk = samlAttributeGebeORwbpk;
+  }
+  
+  /**
    * Returns the issuing time of the AUTH-Block SAML assertion.
    *
    * @return The issuing time of the AUTH-Block SAML assertion.
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 78f62de50..efb33ea59 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -87,6 +87,7 @@ public class CreateXMLSignatureResponseValidator {
     boolean foundOA = false;
     boolean foundGB = false;
     boolean foundWBPK = false;
+    int offset = 0;
     
     // check number of SAML aatributes
     List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
@@ -96,6 +97,7 @@ public class CreateXMLSignatureResponseValidator {
     }
     int expectedSAMLAttributeNumber = 
       AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + extendedSAMLAttributesNum;
+    if (!session.getSAMLAttributeGebeORwbpk()) expectedSAMLAttributeNumber--;
     int actualSAMLAttributeNumber = samlAttributes.length;
     if (actualSAMLAttributeNumber != expectedSAMLAttributeNumber) {
       Logger.error("Wrong number of SAML attributes in CreateXMLSignatureResponse: expected " + 
@@ -105,58 +107,63 @@ public class CreateXMLSignatureResponseValidator {
         new Object[] {String.valueOf(actualSAMLAttributeNumber), String.valueOf(expectedSAMLAttributeNumber)});
     }
     
-    // check the first attribute ("Geschaeftsbereich" or "wbPK")
-    SAMLAttribute samlAttribute = samlAttributes[0];
-    if (businessService) {
-      if (!samlAttribute.getName().equals("wbPK")) {
-        if (samlAttribute.getName().equals("Geschaeftsbereich")) {
-          throw new ValidateException("validator.26", null);
-        } else {
-          throw new ValidateException(
-          "validator.37", 
-          new Object[] {samlAttribute.getName(), "wbPK", String.valueOf(1)});
-        }
-      }          
-      if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {          
-        foundWBPK = true;
-        try {
-          Element attrValue = (Element)samlAttribute.getValue();
-          String value = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Value").item(0)).getFirstChild().getNodeValue();
-          String type =  ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Type").item(0)).getFirstChild().getNodeValue();
-          if (!value.equals(identityLink.getIdentificationValue())) {
-            throw new ValidateException("validator.28", null); 
-          }
-          if (!type.equals(identityLink.getIdentificationType())) {
-            throw new ValidateException("validator.28", null); 
-          }
-        } catch (Exception ex) {
-          throw new ValidateException("validator.29", null);
-        }
-      } else {
-        throw new ValidateException("validator.30", null);
-      }    
+    SAMLAttribute samlAttribute;
+    if (session.getSAMLAttributeGebeORwbpk()) {
+    	// check the first attribute ("Geschaeftsbereich" or "wbPK")
+		samlAttribute = samlAttributes[0];
+		if (businessService) {
+		  if (!samlAttribute.getName().equals("wbPK")) {
+		    if (samlAttribute.getName().equals("Geschaeftsbereich")) {
+		      throw new ValidateException("validator.26", null);
+		    } else {
+		      throw new ValidateException(
+		      "validator.37", 
+		      new Object[] {samlAttribute.getName(), "wbPK", String.valueOf(1)});
+		    }
+		  }          
+		  if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {          
+		    foundWBPK = true;
+		    try {
+		      Element attrValue = (Element)samlAttribute.getValue();
+		      String value = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Value").item(0)).getFirstChild().getNodeValue();
+		      String type =  ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Type").item(0)).getFirstChild().getNodeValue();
+		      if (!value.equals(identityLink.getIdentificationValue())) {
+		        throw new ValidateException("validator.28", null); 
+		      }
+		      if (!type.equals(identityLink.getIdentificationType())) {
+		        throw new ValidateException("validator.28", null); 
+		      }
+		    } catch (Exception ex) {
+		      throw new ValidateException("validator.29", null);
+		    }
+		  } else {
+		    throw new ValidateException("validator.30", null);
+		  }    
+		} else {
+		  if (!samlAttribute.getName().equals("Geschaeftsbereich")) {
+		    if (samlAttribute.getName().equals("wbPK")) {
+		      throw new ValidateException("validator.26", null);
+		    } else {
+		      throw new ValidateException(
+		      "validator.37", 
+		      new Object[] {samlAttribute.getName(), "Geschaeftsbereich", String.valueOf(1)});
+		    }
+		  }
+		  if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {          
+		    foundGB = true;             
+		    if (!gbTarget.equals((String)samlAttribute.getValue())) {
+		      throw new ValidateException("validator.13", null); 
+		    }             
+		  } else {
+		    throw new ValidateException("validator.12", null);
+		  }
+		}
     } else {
-      if (!samlAttribute.getName().equals("Geschaeftsbereich")) {
-        if (samlAttribute.getName().equals("wbPK")) {
-          throw new ValidateException("validator.26", null);
-        } else {
-          throw new ValidateException(
-          "validator.37", 
-          new Object[] {samlAttribute.getName(), "Geschaeftsbereich", String.valueOf(1)});
-        }
-      }
-      if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {          
-        foundGB = true;             
-        if (!gbTarget.equals((String)samlAttribute.getValue())) {
-          throw new ValidateException("validator.13", null); 
-        }             
-      } else {
-        throw new ValidateException("validator.12", null);
-      }
+		offset--;
     }
-    
+
     // check the second attribute (must be "OA")
-    samlAttribute = samlAttributes[1];
+    samlAttribute = samlAttributes[1 + offset];
     if (!samlAttribute.getName().equals("OA")) {
       throw new ValidateException(
           "validator.37", 
@@ -172,7 +179,7 @@ public class CreateXMLSignatureResponseValidator {
     }
       
     // check the third attribute (must be "Geburtsdatum")
-    samlAttribute = samlAttributes[2];
+    samlAttribute = samlAttributes[2 + offset];
     if (!samlAttribute.getName().equals("Geburtsdatum")) {
       throw new ValidateException(
           "validator.37", 
@@ -189,7 +196,7 @@ public class CreateXMLSignatureResponseValidator {
     }
       
     // now check the extended SAML attributes
-    int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES;
+    int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + offset;
     if (extendedSAMLAttributes != null) {
       Iterator it = extendedSAMLAttributes.iterator();
       while (it.hasNext()) {
@@ -250,7 +257,7 @@ public class CreateXMLSignatureResponseValidator {
     
     if (!foundOA) throw new ValidateException("validator.14", null); 
     if (businessService) {
-      if (!foundWBPK) throw new ValidateException("validator.31", null);
+      if (session.getSAMLAttributeGebeORwbpk() && !foundWBPK) throw new ValidateException("validator.31", null);
     } else {
       if (!foundGB) throw new ValidateException("validator.11", null);
     }
author	peter.danner <peter.danner@d688527b-c9ab-4aba-bd8d-4036d912da1d>	2007-02-02 00:48:51 +0000
committer	peter.danner <peter.danner@d688527b-c9ab-4aba-bd8d-4036d912da1d>	2007-02-02 00:48:51 +0000
commit	c034f4156169801d44308e8e505bb9c7e0cc33fb (patch)
tree	ea5bd9c3da4e76eb1ca725474a79885f28a4a6e4 /id.server/src/at/gv/egovernment/moa/id/auth
parent	c70b998681967198391c31c576c8feebad767301 (diff)
download	moa-id-spss-c034f4156169801d44308e8e505bb9c7e0cc33fb.tar.gz moa-id-spss-c034f4156169801d44308e8e505bb9c7e0cc33fb.tar.bz2 moa-id-spss-c034f4156169801d44308e8e505bb9c7e0cc33fb.zip