enable mandates for eIDAS nodes

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2017-10-13 13:18:11 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2017-10-13 13:18:11 +0200
commit: d703b4201def4ea55bc865da87010972d13a434e (patch)
tree: d9be30af066c7cf6281a15954318d40bf37131b5 /id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
parent: 1a80e310ed77110a8757b78b750a6a000495b16f (diff)
download: moa-id-spss-d703b4201def4ea55bc865da87010972d13a434e.tar.gz
moa-id-spss-d703b4201def4ea55bc865da87010972d13a434e.tar.bz2
moa-id-spss-d703b4201def4ea55bc865da87010972d13a434e.zip
1 files changed, 16 insertions, 34 deletions
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index df8f13544..bf4a55e46 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -48,7 +48,6 @@ import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
 import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
@@ -65,6 +64,7 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.data.AuthenticationData;
 import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.storage.ITransactionStorage;
 import at.gv.egovernment.moa.id.util.Random;
@@ -239,7 +239,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 			
 			//set prPersion
 			boolean provideStammzahl = saml1parameter.isProvideStammzahl() 
-					|| oaParam.getBusinessService();
+					|| oaParam.hasBaseIdTransferRestriction();
 			
 			String prPerson = "";
 			String ilAssertion = "";
@@ -268,7 +268,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 				id.setValue(value  );
 								
 				if ( MiscUtil.isNotEmpty(authData.getIdentificationValue()) &&  
-						saml1parameter.isProvideIdentityLink() && !authData.isBusinessService()) {					
+						saml1parameter.isProvideIdentityLink() && !authData.isBaseIDTransferRestrication()) {					
 					//add baseID if it is requested and available and SP is publicService 
 					value.setValue(authData.getIdentificationValue());
 					id.setType(authData.getIdentificationType());
@@ -332,7 +332,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 					try {
 															
 						ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes(
-								authData.getMISMandate(), oaParam.getBusinessService(), 
+								authData.getMISMandate(), oaParam.hasBaseIdTransferRestriction(), 
 								saml1parameter.isProvideStammzahl());
 						
 						if (extendedSAMLAttributes != null) {
@@ -406,7 +406,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 						ilAssertion, 
 						authData.getBkuURL(), 
 						signerCertificateBase64, 
-						oaParam.getBusinessService(),  
+						oaParam.hasBaseIdTransferRestriction(),  
 						oaAttributes, 
 						useCondition, 
 						conditionLength);
@@ -419,7 +419,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 					ilAssertion, 
 					authData.getBkuURL(),
 					signerCertificateBase64,
-					oaParam.getBusinessService(),
+					oaParam.hasBaseIdTransferRestriction(),
 					authData.getExtendedSAMLAttributesOA(), 
 					useCondition,
 					conditionLength);
@@ -486,27 +486,20 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 				
 				prPerson = ParepUtils.extractPrPersonOfMandate(mandate);
 				if (physical
-						&& oaParam.getBusinessService()
+						&& oaParam.hasBaseIdTransferRestriction()
 						&& identificationType != null
 						&& Constants.URN_PREFIX_BASEID
 								.equals(identificationType)) {
 					// now we calculate the wbPK and do so if we got it from the
 					// BKU
 					
-
-					//load IdentityLinkDomainType from OAParam 
-					String type = oaParam.getIdentityLinkDomainIdentifier();	
-					if (type.startsWith(Constants.URN_PREFIX_WBPK + "+"))
-						identificationType = type;
-					else
-						identificationType = Constants.URN_PREFIX_WBPK + "+"
-								+ type;
-					
-					
-					identificationValue = new BPKBuilder().buildWBPK(
-							identificationValue, identificationType);
-					ParepUtils
-							.HideStammZahlen(prPerson, true, null, null, true);
+					//load IdentityLinkDomainType from OAParam 					
+					Pair<String, String> targedId = new BPKBuilder().generateAreaSpecificPersonIdentifier(
+							identificationValue, oaParam.getAreaSpecificTargetIdentifier());					
+					identificationValue = targedId.getFirst();
+					identificationType = targedId.getSecond();
+					 																	
+					ParepUtils.HideStammZahlen(prPerson, true, null, true);
 				}
 			}
 			
@@ -520,18 +513,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 		
 		try {						
 			boolean provideStammzahl = oaParam.getSAML1Parameter().isProvideStammzahl();
-			String oatargetType;			
-	        if(oaParam.getBusinessService()) {
-	        	if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
-	        		oatargetType = oaParam.getIdentityLinkDomainIdentifier();
-	        	else
-	        		oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+oaParam.getIdentityLinkDomainIdentifier();
-	        	
-	        } else {
-	        	oatargetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
-	        	
-	        }
-			
+			String oatargetType = oaParam.getAreaSpecificTargetIdentifier();			
 			Element prIdentification = (Element) prPerson.
 					getElementsByTagNameNS(Constants.PD_NS_URI,"Identification").item(0);
 	        
@@ -544,7 +526,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 						String baseid = getBaseId(prPerson);
 						Element identificationBpK;
 						if (MiscUtil.isNotEmpty(baseid)) {
-							identificationBpK = createIdentificationBPK(prPerson, baseid, oaParam.getTarget());
+							identificationBpK = createIdentificationBPK(prPerson, baseid, oatargetType);
 							
 							if (!provideStammzahl) {
 								prIdentification.getFirstChild().setTextContent("");
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2017-10-13 13:18:11 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2017-10-13 13:18:11 +0200
commit	d703b4201def4ea55bc865da87010972d13a434e (patch)
tree	d9be30af066c7cf6281a15954318d40bf37131b5 /id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
parent	1a80e310ed77110a8757b78b750a6a000495b16f (diff)
download	moa-id-spss-d703b4201def4ea55bc865da87010972d13a434e.tar.gz moa-id-spss-d703b4201def4ea55bc865da87010972d13a434e.tar.bz2 moa-id-spss-d703b4201def4ea55bc865da87010972d13a434e.zip