enable mandates for eIDAS nodes

1 files changed, 51 insertions, 43 deletions

diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 9294f3658..0a2371575 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -65,6 +65,7 @@ import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.util.XMLUtil;
 import at.gv.egovernment.moa.logging.Logger;
@@ -192,8 +193,8 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 			Logger.debug("Non-SSO Login requested or SSO not allowed/possible");
 			//build ReadInfobox request
 			infoboxReadRequest = new InfoboxReadRequestBuilder().build(
-					oaParam.getBusinessService(), oaParam
-					.getIdentityLinkDomainIdentifier());
+					oaParam.hasBaseIdInternalProcessingRestriction(), oaParam
+					.getAreaSpecificTargetIdentifier());
 
 		}
 
@@ -401,9 +402,9 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 		try {
 			// sets the extended SAML attributes for OID (Organwalter)
 			setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam
-					.getBusinessService());
+					.hasBaseIdTransferRestriction());
 
-			validateExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService());
+			validateExtendedSAMLAttributeForMandates(session, mandate, oaParam.hasBaseIdTransferRestriction());
 
 
 		} catch (SAXException e) {
@@ -523,9 +524,10 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 	 * @return <code>&lt;saml:Assertion&gt;</code> as a String
 	 * @throws BuildException If an error occurs on serializing an extended SAML attribute
 	 *                        to be appended to the AUTH-Block.
+	 * @throws ConfigurationException 
 	 */
 	private String buildAuthenticationBlock(IAuthenticationSession session,
-			IOAAuthParameters oaParam, IRequest pendingReq) throws BuildException {
+			IOAAuthParameters oaParam, IRequest pendingReq) throws BuildException, ConfigurationException {
 
 		IIdentityLink identityLink = session.getIdentityLink();
 		String issuer = identityLink.getName();
@@ -533,12 +535,16 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 
 		String identificationValue = null;
 		String identificationType = null;
+		String identificationTypeFriendlyName = null;
 
 		//get processing data from pending-request
 		String authURL = pendingReq.getAuthURL();
-		String requestedTarget = pendingReq.getGenericData(
-				MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class);		
-		String targetFriendlyName = pendingReq.getGenericData(
+		
+		@Deprecated
+		String saml1RequestedTarget = pendingReq.getGenericData(
+				MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class);
+		@Deprecated
+		String saml1RequestedFriendlyName = pendingReq.getGenericData(
 				MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class);
 
 		
@@ -546,45 +552,45 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 		if (session.isOW() || pendingReq.needSingleSignOnFunctionality() || oaParam.isRemovePBKFromAuthBlock()) {
 			identificationType = "";
 			identificationValue = "";
-
+				
 		} else if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
 
-			if (oaParam.getBusinessService()) {
-
-				String bpkBase64 = new BPKBuilder().buildWBPK(identityLink
-						.getIdentificationValue(), oaParam.getIdentityLinkDomainIdentifier());
-				identificationValue = bpkBase64;
-
-				if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK + "+"))
-					identificationType = oaParam.getIdentityLinkDomainIdentifier();
-				else
-					identificationType = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier();
-
-			} else {				
-				String bpkBase64 = new BPKBuilder().buildBPK(identityLink
-						.getIdentificationValue(), requestedTarget);
-				identificationValue = bpkBase64;
-				identificationType = Constants.URN_PREFIX_CDID + "+" + requestedTarget;
+			if (MiscUtil.isNotEmpty(saml1RequestedTarget)) {
+				Logger.debug("Build AuthBlock bPK from SAML1 requested target");
+				Pair<String, String> calcId = new BPKBuilder().generateAreaSpecificPersonIdentifier(
+						identityLink.getIdentificationValue(), identityLink.getIdentificationType(),
+						saml1RequestedTarget);
+				identificationValue = calcId.getFirst();
+				identificationType = calcId.getSecond();
+				identificationTypeFriendlyName = saml1RequestedFriendlyName;
+				
+			} else {
+				Pair<String, String> calcId = new BPKBuilder().generateAreaSpecificPersonIdentifier(
+						identityLink.getIdentificationValue(), identityLink.getIdentificationType(),
+						oaParam.getAreaSpecificTargetIdentifier());
+				identificationValue = calcId.getFirst();
+				identificationType = calcId.getSecond();
+				identificationTypeFriendlyName = oaParam.getAreaSpecificTargetIdentifierFriendlyName();
 			}
 
-
 		} else {
 			identificationValue = identityLink.getIdentificationValue();
 			identificationType = identityLink.getIdentificationType();
+			identificationTypeFriendlyName = oaParam.getAreaSpecificTargetIdentifierFriendlyName();
 
 		}
 
 		//set AuthBlock generation time to session
-		String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar
-				.getInstance());
+		String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar.getInstance());
 		session.setIssueInstant(issueInstant);
 
-		// Bug #485
-		// (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
-		// String oaURL = session.getPublicOAURLPrefix();
-
+		//load extend attributes
 		List<ExtendedSAMLAttribute> extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
 
+		//load special authblock text patterns for replacement
+		Map<String, String> authBlockTextPatterns = AuthenticationBlockAssertionBuilder.
+				generateSpezialAuthBlockPatternMap(pendingReq, issuer, gebDat, issueInstant);
+		
 		String authBlock = null;
 		if (pendingReq.needSingleSignOnFunctionality()) {
 			String oaURL = pendingReq.getAuthURL();
@@ -592,19 +598,20 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 				oaURL = oaURL.replaceAll("&", "&amp;");
 
 			authBlock = new AuthenticationBlockAssertionBuilder()
-					.buildAuthBlockSSO(issuer, issueInstant, authURL, requestedTarget,
-							targetFriendlyName, identificationValue,
-							identificationType, oaURL, gebDat,
-							extendedSAMLAttributes, session, oaParam);
-
+					.buildAuthBlockSSO(issuer, issueInstant, authURL, 
+							oaURL, gebDat,
+							extendedSAMLAttributes, session, oaParam, authBlockTextPatterns);
 
 		} else {			
 			String oaURL = oaParam.getPublicURLPrefix().replaceAll("&", "&amp;");
 			authBlock = new AuthenticationBlockAssertionBuilder()
-					.buildAuthBlock(issuer, issueInstant, authURL, requestedTarget,
-							targetFriendlyName, identificationValue,
-							identificationType, oaURL, gebDat,
-							extendedSAMLAttributes, session, oaParam);
+					.buildAuthBlock(issuer, issueInstant, authURL, 
+							identificationValue,
+							identificationType,
+							gebDat,
+							oaURL, 							
+							identificationTypeFriendlyName, 							 
+							extendedSAMLAttributes, session, oaParam, authBlockTextPatterns);
 			
 		}
 		
@@ -1062,9 +1069,10 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 		Element valueBpK = mandatePerson.getOwnerDocument().createElementNS(
 				Constants.PD_NS_URI, "Value");
 
-		String bpkBase64 = new BPKBuilder().buildBPK(baseid, target);
+		Pair<String, String> targedId  = new BPKBuilder().generateAreaSpecificPersonIdentifier(baseid, target);
+		
 		valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode(
-				bpkBase64));
+				targedId.getFirst()));
 		Element typeBpK = mandatePerson.getOwnerDocument().createElementNS(
 				Constants.PD_NS_URI, "Type");
 		typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode(