1 files changed, 132 insertions, 0 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index d684c16c9..bab387b4a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -226,5 +226,137 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
     return assertion;
     
   }
+  
+  /**
+   * Builds the authentication block <code>&lt;saml:Assertion&gt;</code> 
+   * 
+   * @param issuer authentication block issuer; <code>"GivenName FamilyName"</code>
+   * @param issueInstant current timestamp
+   * @param authURL URL of MOA-ID authentication component
+   * @param target "Gesch&auml;ftsbereich"; maybe <code>null</code> if the application
+   *               is a business application
+   * @param identityLinkValue the content of the <code>&lt;pr:Value&gt;</code>
+   *                          child element of the <code>&lt;pr:Identification&gt;</code>
+   *                          element derived from the Identitylink; this is the
+   *                          value of the <code>wbPK</code>;
+   *                          maybe <code>null</code> if the application is a public service
+   * @param identityLinkType  the content of the <code>&lt;pr:Type&gt;</code>
+   *                          child element of the <code>&lt;pr:Identification&gt;</code>
+   *                          element derived from the Identitylink; this includes the
+   *                          URN prefix and the identification number of the business
+   *                          application used as input for wbPK computation;
+   *                          maybe <code>null</code> if the application is a public service
+   * @param oaURL public URL of online application requested
+   * @param gebDat The date of birth from the identity link.
+   * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock.
+   * 
+   * @return String representation of authentication block 
+   *          <code>&lt;saml:Assertion&gt;</code> built
+   *          
+   * @throws BuildException If an error occurs on serializing an extended SAML attribute 
+   *                        to be appended to the AUTH-Block.
+   */
+  public String buildAuthBlockForeignID(
+    String issuer, 
+    String issueInstant, 
+    String authURL, 
+    String target,
+    String identityLinkValue, 
+    String identityLinkType,
+    String oaURL, 
+    String gebDat,
+    List extendedSAMLAttributes,
+    AuthenticationSession session)
+  throws BuildException
+  {
+    session.setSAMLAttributeGebeORwbpk(true);
+    String gebeORwbpk = "";
+    String wbpkNSDeclaration = "";
+    
+    //BZ.., reading OA parameters
+    OAAuthParameter oaParam;
+   try {
+      oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+           session.getPublicOAURLPrefix());
+   } catch (ConfigurationException e) {
+      Logger.error("Error on building AUTH-Block: " + e.getMessage());
+         throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
+   }
+   //..BZ
+    
+    
+    if (target == null) {
+      // OA is a business application
+      if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) {
+        // Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator
+         gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType });
+         wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\"";
+         
+         //BZ.., adding type of wbPK domain identifier        
+        ExtendedSAMLAttribute idLinkDomainIdentifierTypeAttribute = 
+             new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+            
+        extendedSAMLAttributes.add(idLinkDomainIdentifierTypeAttribute);
+        //..BZ
+         
+      } else {
+        // We do not have a wbPK, therefore no SAML-Attribute is provided
+        session.setSAMLAttributeGebeORwbpk(false);
+      }
+    } else {
+      // OA is a govermental application
+      //BZ..
+      String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target);      
+      //gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target });
+      gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target + " (" + sectorName + ")" });
+      //..BZ
+      
+      //BZ.., no business service, adding bPK
+      
+      Element bpkSamlValueElement;
+      try {
+         bpkSamlValueElement = DOMUtils.parseDocument(MessageFormat.format(PR_IDENTIFICATION_ATTRIBUTE, new Object[] { identityLinkValue, Constants.URN_PREFIX_BPK }), false, null, null).getDocumentElement();
+      } catch (Exception e) {
+         Logger.error("Error on building AUTH-Block: " + e.getMessage());
+          throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
+      } 
+      ExtendedSAMLAttribute bpkAttribute = 
+          new ExtendedSAMLAttributeImpl("bPK", bpkSamlValueElement, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+         
+     extendedSAMLAttributes.add(bpkAttribute);
+      //gebeORwbpk = gebeORwbpk  + MessageFormat.format(BPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType });
+     wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\"";
+     //..BZ     
+    }
+    
+    //BZ.., adding friendly name of OA    
+    String oaFriendlyName = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName(); 
+    
+    ExtendedSAMLAttribute oaFriendlyNameAttribute = 
+         new ExtendedSAMLAttributeImpl("oaFriendlyName", oaFriendlyName, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+    
+    extendedSAMLAttributes.add(oaFriendlyNameAttribute);
+    //..BZ
+    
+    String assertion;
+    try {
+      assertion = MessageFormat.format(
+        AUTH_BLOCK, new Object[] { 
+          wbpkNSDeclaration, 
+          issuer, 
+          issueInstant, 
+          authURL, 
+          gebeORwbpk, 
+          oaURL, 
+          gebDat,
+          buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+    } catch (ParseException e) {
+      Logger.error("Error on building AUTH-Block: " + e.getMessage());
+      throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
+    }
+    
+    return assertion;
+    
+  }
 
 }