aboutsummaryrefslogtreecommitdiff
path: root/id.server
diff options
context:
space:
mode:
Diffstat (limited to 'id.server')
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java11
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java76
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationresultImpl.java122
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java15
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java56
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java42
6 files changed, 260 insertions, 62 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index a79cba4d7..5f4ec2d29 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -40,6 +40,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
@@ -589,25 +590,25 @@ public class AuthenticationServer implements MOAIDAuthConstants {
InfoboxValidatorParamsBuilder.buildInfoboxValidatorParams(
session, verifyInfoboxParameter, infoboxTokenList, hideStammzahl);
// now validate the infobox
- boolean infoboxValid = false;
+ InfoboxValidationResult infoboxValidationResult = null;
try {
- infoboxValid = infoboxValidator.validate(infoboxValidatorParams);
+ infoboxValidationResult = infoboxValidator.validate(infoboxValidatorParams);
} catch (ValidateException e) {
Logger.error("Error validating " + identifier + " infobox:" + e.getMessage());
throw new ValidateException(
"validator.44", new Object[] {friendlyName});
}
- if (!infoboxValid) {
+ if (!infoboxValidationResult.isValid()) {
Logger.info("Validation of " + identifier + " infobox failed.");
throw new ValidateException(
- "validator.40", new Object[] {friendlyName, infoboxValidator.getErrorMessage()});
+ "validator.40", new Object[] {friendlyName, infoboxValidationResult.getErrorMessage()});
}
Logger.info(identifier + " infobox successfully validated.");
// get the SAML attributes to be appended to the AUTHBlock or to the final
// SAML Assertion
- ExtendedSAMLAttribute[] extendedSAMLAttributes = infoboxValidator.getExtendedSamlAttributes();
+ ExtendedSAMLAttribute[] extendedSAMLAttributes = infoboxValidationResult.getExtendedSamlAttributes();
if (extendedSAMLAttributes != null) {
int length = extendedSAMLAttributes.length;
for (int i=0; i<length; i++) {
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java
new file mode 100644
index 000000000..0ee2f21d5
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java
@@ -0,0 +1,76 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+import org.w3c.dom.Element;
+
+/**
+ * Includes the result of an extended infobox validation.
+ *
+ * If validation succeeds, an array of
+ * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute ExtendedSAMLAttributes}
+ * maybe provided. Each of these SAML-Attributes will be either appended to the
+ * final SAML-Assertion passed to the online application or to the AUTH-Block,
+ * or to both.
+ * <br>
+ * If validation fails the implementing class has to provide a short error message.
+ * <br>
+ * If the corresponding infobox validator runs in the so called <code>compatibility mode</code>
+ * a <code>pr:Persondata</code> element to be used in the final <code>saml:Assertion</code>
+ * ({@see #getPersonData()})
+ *
+ * @author Harald Bratko
+ */
+public interface InfoboxValidationResult {
+
+ /**
+ * The method returns <code>true</code> if validation succeeds. In that case
+ * method {@link #getExtendedSamlAttributes()} may provide an array of
+ * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
+ * ExtendedSAMLAttributes} that should be appended to the final SAML-Assertion or the
+ * AUTH-Block or to both.
+ * <br>
+ * The method returns <code>false</code> if validation fails. In that case
+ * method {@link #getErrorMessage()} has to provide a short error description.
+ *
+ * @return <code>True</code> if validation succeeds,
+ * otherwise <code>false</code>.
+ */
+ public boolean isValid();
+
+ /**
+ * Returns an array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
+ * ExtendedSAMLAttributes} that should be added to the SAML-Assertion
+ * provided to the online application.
+ * The SAML-Attributes in that array will be added to the final
+ * SAML-Assertion, the AUTH-Block, or both, exactly in the order as they are arranged
+ * in the array this method returns.
+ *
+ * @return An array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
+ * ExtendedSAMLAttributes} that should be added to the SAML-Assertion
+ * provided to the online application, the AUTH-Block, or both. If no attributes should
+ * be added this array maybe <code>null</code> or empty.
+ */
+ public ExtendedSAMLAttribute[] getExtendedSamlAttributes();
+
+ /**
+ * A short error description that should be displayed by MOA-ID if
+ * validation of the InfoBoxReadResponse fails.
+ *
+ * @return An short error message if validation fails.
+ */
+ public String getErrorMessage();
+
+ /**
+ * Returns a <code>&lt;pr:PersonData&gt;</code> element to be used in the final
+ * <code>&lt;saml:Assertion&gt;</code>.
+ * <br>
+ * If the corresponding infobox validator runs in the so called <code>compatibility mode</code>
+ * the method must return a <code>&lt;pr:PersonData&gt;</code> element to be used within
+ * the final <code>&lt;saml:Assertion&gt;</code> sent to the online application instead of
+ * the original <code>&lt;pr:PersonData&gt;</code> element derived from the <code>&lt;Identitylink&gt;</code>.
+ *
+ * @return A <code>&lt;pr:PersonData&gt;</code> element if the corresponding infobox validator
+ * runs in the <code>compatibility mode</code>, otherwise <code>null</code>.
+ */
+ public Element getPersonData();
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationresultImpl.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationresultImpl.java
new file mode 100644
index 000000000..24eb01e95
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationresultImpl.java
@@ -0,0 +1,122 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+import org.w3c.dom.Element;
+
+/**
+ * Default implementation of the {@link InfoboxValidationresult} interface.
+ *
+ * @author Harald Bratko
+ */
+public class InfoboxValidationresultImpl implements InfoboxValidationResult {
+
+ /**
+ * Indicates whether the validation was successful or not.
+ */
+ protected boolean valid_;
+
+ /**
+ * The error message.
+ */
+ protected String errorMessage_;
+
+ /**
+ * The SAML attributes returned by the infobox validator.
+ */
+ protected ExtendedSAMLAttribute[] extendedSamlAttributes_;
+
+ /**
+ * The <code>&lt;pr:PersonData&gt;</code> element to be used in the final
+ * <code>&lt;saml:Assertion&gt;</code>, if the validator runs in the
+ * <code>compatibility mode</code>.
+ */
+ protected Element personData_;
+
+ /**
+ * Constructor.
+ *
+ * @param valid
+ * @param extendedSamlAttributes
+ * @param errorMessage
+ * @param personData
+ */
+ public InfoboxValidationresultImpl(
+ boolean valid,
+ ExtendedSAMLAttribute[] extendedSamlAttributes,
+ String errorMessage,
+ Element personData)
+ {
+ valid_ = valid;
+ extendedSamlAttributes_ = extendedSamlAttributes;
+ errorMessage_ = errorMessage;
+ personData_ = personData;
+ }
+
+
+
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult#getErrorMessage()
+ */
+ public String getErrorMessage() {
+ return errorMessage_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult#getExtendedSamlAttributes()
+ */
+ public ExtendedSAMLAttribute[] getExtendedSamlAttributes() {
+ return extendedSamlAttributes_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult#getPersonData()
+ */
+ public Element getPersonData() {
+ return personData_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult#isValid()
+ */
+ public boolean isValid() {
+ return valid_;
+ }
+
+ /**
+ * Sets the errorMessage.
+ *
+ * @param errorMessage The errorMessage to set.
+ */
+ public void setErrorMessage(String errorMessage) {
+ errorMessage_ = errorMessage;
+ }
+
+ /**
+ * Sets the extendedSamlAttributes.
+ *
+ * @param extendedSamlAttributes The extendedSamlAttributes to set.
+ */
+ public void setExtendedSamlAttributes(ExtendedSAMLAttribute[] extendedSamlAttributes) {
+ extendedSamlAttributes_ = extendedSamlAttributes;
+ }
+
+ /**
+ * Sets the <code>&lt;pr:PersonData&gt;</code> element.
+ *
+ * @param personData <code>&lt;pr:PersonData&gt;</code> to set.
+ */
+ public void setPersonData(Element personData) {
+ personData_ = personData;
+ }
+
+ /**
+ * Specify whether the result is valid or not.
+ *
+ * @param valid <code>True</code> if the infobox could be validated successfully,
+ * otherwise <code>false</code>.
+ */
+ public void setValid(boolean valid) {
+ valid_ = valid;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java
index 381815258..71d675259 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java
@@ -157,6 +157,21 @@ public interface InfoboxValidatorParams {
public boolean getHideStammzahl();
/**
+ * Indicates if the infobox validator has to run in the so called <code>compatibility mode</code>.
+ * <br>
+ * The <code>compatibility mode</code> is used when the final <code>&lt;saml:Assertion&gt;</code>
+ * sent to the online application should be rather built on the basis of a <code>&lt;pr:PersonData&gt;</code>
+ * structure returned by the infobox validator instead of the original identity link.
+ * This mode is mainly used within the <code>Mandates</code> context
+ * (please refer MOA-ID specification for more details).
+ *
+ * @return <code>True</code> the infobox validator has to run in the so called
+ * <code>compatibility mode</code>, otherwise <code>false</code>. The default value
+ * <i>should</i> be </code>false</code>.
+ */
+ public boolean getCompMode();
+
+ /**
* Returns application specific parameters.
* Each child element of this element contains
* a validating application specific parameter. The
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java
index 123d57157..e524ff5f5 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java
@@ -21,76 +21,80 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams {
* The first token in this list is the one to be validated. Each further token
* maybe needed to validate this first token.
*/
- private List infoboxTokenList_;
+ protected List infoboxTokenList_;
/**
* The ID of the trust profile used for validating certificates.
*/
- private String trustProfileID_;
+ protected String trustProfileID_;
/**
* The locations of schemas that maybe needed for validating infobox tokens.
*/
- private List schemaLocations_;
+ protected List schemaLocations_;
/**
* The URL of the BKU.
*/
- private String bkuURL_;
+ protected String bkuURL_;
/**
* Specifies whether the current online application is a business or a public application.
*/
- private boolean businessApplication_;
+ protected boolean businessApplication_;
/**
* The target parameter.
*/
- private String target_;
+ protected String target_;
/**
* The family name from the identity link.
*/
- private String familyName_;
+ protected String familyName_;
/**
* The given name from the identity link.
*/
- private String givenName_;
+ protected String givenName_;
/**
* The date of birth from the identity link.
*/
- private String dateOfBirth_;
+ protected String dateOfBirth_;
/**
* The date of identification value.
*/
- private String identificationValue_;
+ protected String identificationValue_;
/**
* The identification type.
*/
- private String identificationType_;
+ protected String identificationType_;
/**
* The public keys from the identity link.
*/
- private PublicKey[] publicKeys_;
+ protected PublicKey[] publicKeys_;
/**
* The identity link.
*/
- private Element identityLink_;
+ protected Element identityLink_;
+ /**
+ * Indicates if the infobox validator has to run in the so called <code>compatibility mode</code>.
+ */
+ protected boolean compMode_;
/**
* Indicates whether source pins (<code>Stammzahl</code>en) must be hidden or not.
*/
- private boolean hideStammzahl_;
+ protected boolean hideStammzahl_;
/**
* Application specific parameters.
*/
- private Element applicationSpecificParams_;
+ protected Element applicationSpecificParams_;
/**
* Empty constructor.
@@ -190,6 +194,13 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams {
}
/**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getCompMode()
+ */
+ public boolean getCompMode() {
+ return compMode_;
+ }
+
+ /**
* @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getHideStammzahl()
*/
public boolean getHideStammzahl() {
@@ -332,16 +343,27 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams {
public void setTrustProfileID(String trustProfileID) {
trustProfileID_ = trustProfileID;
}
+
+ /**
+ * Sets the {@link #compMode_} parameter. Indicates whether the infobox
+ * validator has to run in the so called <code>compatibility mode</code>.
+ *
+ * @param compMode <code>True</code> if the infobox validator has to run in the so
+ * called <code>compatibility mode</code>, otherwise <code>false</code>.
+ */
+ public void setCompMode(boolean compMode) {
+ compMode_ = compMode;
+ }
/**
- * Sets the hideStammzahl_ parameter. This indicates whether source pins
+ * Sets the {@link #hideStammzahl_} parameter. This indicates whether source pins
* (<code>Stammzahl</code>en) must be hidden or not.
*
* @param hideStammzahl <code>True</code> if source pins (<code>Stammzahl</code>en) should
* be hidden, otherwise <code>false</code>.
*/
public void setHideStammzahl(boolean hideStammzahl) {
- this.hideStammzahl_ = hideStammzahl;
+ hideStammzahl_ = hideStammzahl;
}
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java
index e17e03a20..2f14eb3c9 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java
@@ -1,5 +1,6 @@
package at.gv.egovernment.moa.id.auth.validator;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
@@ -8,13 +9,6 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
* An implementing class has to validate the content of the InfoboxReadResponse
* according to the type specific rules and guidelines of the underlying
* application.
- * If validation succeeds, the class may provide an array of
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
- * ExtendedSAMLAttributes}. Each of these SAML-Attributes will be either appended to the
- * final SAML-Assertion passed to the online application or to the AUTH-Block,
- * or to both.
- * <br>
- * If validation fails the implementing class has to provide a short error message.
*/
public interface InfoboxValidator {
@@ -23,15 +17,6 @@ public interface InfoboxValidator {
* The method validates the content of the passed <code>infoboxReadResponse</code>
* according to the type specific rules and guidelines of the underlying
* application.
- * <br>
- * The method returns <code>true</code> if validation succeeds. In that case
- * method {@link #getExtendedSamlAttributes()} may provide an array of
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
- * ExtendedSAMLAttributes} that should be appended to the final SAML-Assertion or the
- * AUTH-Block or to both.
- * <br>
- * The method returns <code>false</code> if validation fails. In that case
- * method {@link #getErrorMessage()} has to provide a short error description.
*
* @param params {@link at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams
* Parameters} needed by the validator.
@@ -42,30 +27,7 @@ public interface InfoboxValidator {
* @throws ValidateException If an error occurs on validating the
* InfoboxReadResponse.
*/
- public boolean validate (InfoboxValidatorParams params)
+ public InfoboxValidationResult validate (InfoboxValidatorParams params)
throws ValidateException;
-
- /**
- * Returns an array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
- * ExtendedSAMLAttributes} that should be added to the SAML-Assertion
- * provided to the online application.
- * The SAML-Attributes in that array will be added to the final
- * SAML-Assertion, the AUTH-Block, or both, exactly in the order as they are arranged
- * in the array this method returns.
- *
- * @return An array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
- * ExtendedSAMLAttributes} that should be added to the SAML-Assertion
- * provided to the online application, the AUTH-Block, or both. If no attributes should
- * be added this array maybe <code>null</code> or empty.
- */
- public ExtendedSAMLAttribute[] getExtendedSamlAttributes();
-
- /**
- * A short error description that should be displayed by MOA-ID if
- * validation of the InfoBoxReadResponse fails.
- *
- * @return An short error message if validation fails.
- */
- public String getErrorMessage();
}