diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java | 132 |
1 files changed, 132 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index d684c16c9..bab387b4a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -226,5 +226,137 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion return assertion; } + + /** + * Builds the authentication block <code><saml:Assertion></code> + * + * @param issuer authentication block issuer; <code>"GivenName FamilyName"</code> + * @param issueInstant current timestamp + * @param authURL URL of MOA-ID authentication component + * @param target "Geschäftsbereich"; maybe <code>null</code> if the application + * is a business application + * @param identityLinkValue the content of the <code><pr:Value></code> + * child element of the <code><pr:Identification></code> + * element derived from the Identitylink; this is the + * value of the <code>wbPK</code>; + * maybe <code>null</code> if the application is a public service + * @param identityLinkType the content of the <code><pr:Type></code> + * child element of the <code><pr:Identification></code> + * element derived from the Identitylink; this includes the + * URN prefix and the identification number of the business + * application used as input for wbPK computation; + * maybe <code>null</code> if the application is a public service + * @param oaURL public URL of online application requested + * @param gebDat The date of birth from the identity link. + * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock. + * + * @return String representation of authentication block + * <code><saml:Assertion></code> built + * + * @throws BuildException If an error occurs on serializing an extended SAML attribute + * to be appended to the AUTH-Block. + */ + public String buildAuthBlockForeignID( + String issuer, + String issueInstant, + String authURL, + String target, + String identityLinkValue, + String identityLinkType, + String oaURL, + String gebDat, + List extendedSAMLAttributes, + AuthenticationSession session) + throws BuildException + { + session.setSAMLAttributeGebeORwbpk(true); + String gebeORwbpk = ""; + String wbpkNSDeclaration = ""; + + //BZ.., reading OA parameters + OAAuthParameter oaParam; + try { + oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + } catch (ConfigurationException e) { + Logger.error("Error on building AUTH-Block: " + e.getMessage()); + throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); + } + //..BZ + + + if (target == null) { + // OA is a business application + if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) { + // Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator + gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType }); + wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\""; + + //BZ.., adding type of wbPK domain identifier + ExtendedSAMLAttribute idLinkDomainIdentifierTypeAttribute = + new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); + + extendedSAMLAttributes.add(idLinkDomainIdentifierTypeAttribute); + //..BZ + + } else { + // We do not have a wbPK, therefore no SAML-Attribute is provided + session.setSAMLAttributeGebeORwbpk(false); + } + } else { + // OA is a govermental application + //BZ.. + String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); + //gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target }); + gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target + " (" + sectorName + ")" }); + //..BZ + + //BZ.., no business service, adding bPK + + Element bpkSamlValueElement; + try { + bpkSamlValueElement = DOMUtils.parseDocument(MessageFormat.format(PR_IDENTIFICATION_ATTRIBUTE, new Object[] { identityLinkValue, Constants.URN_PREFIX_BPK }), false, null, null).getDocumentElement(); + } catch (Exception e) { + Logger.error("Error on building AUTH-Block: " + e.getMessage()); + throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); + } + ExtendedSAMLAttribute bpkAttribute = + new ExtendedSAMLAttributeImpl("bPK", bpkSamlValueElement, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); + + extendedSAMLAttributes.add(bpkAttribute); + //gebeORwbpk = gebeORwbpk + MessageFormat.format(BPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType }); + wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\""; + //..BZ + } + + //BZ.., adding friendly name of OA + String oaFriendlyName = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName(); + + ExtendedSAMLAttribute oaFriendlyNameAttribute = + new ExtendedSAMLAttributeImpl("oaFriendlyName", oaFriendlyName, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); + + extendedSAMLAttributes.add(oaFriendlyNameAttribute); + //..BZ + + String assertion; + try { + assertion = MessageFormat.format( + AUTH_BLOCK, new Object[] { + wbpkNSDeclaration, + issuer, + issueInstant, + authURL, + gebeORwbpk, + oaURL, + gebDat, + buildExtendedSAMLAttributes(extendedSAMLAttributes)}); + } catch (ParseException e) { + Logger.error("Error on building AUTH-Block: " + e.getMessage()); + throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); + } + + return assertion; + + } } |