1 files changed, 117 insertions, 42 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 2d29f7454..17fc52a8c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -1,6 +1,7 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion;
 
 import java.util.Iterator;
+import java.util.List;
 
 import org.joda.time.DateTime;
 import org.opensaml.common.xml.SAMLConstants;
@@ -25,9 +26,15 @@ import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.NameIDFormat;
 import org.opensaml.saml2.metadata.RequestedAttribute;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.w3c.dom.Element;
 
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
 import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -37,11 +44,14 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
 
 public class PVP2AssertionBuilder implements PVPConstants {
 	public static Assertion buildAssertion(AuthnRequest authnRequest,
@@ -58,48 +68,64 @@ public class PVP2AssertionBuilder implements PVPConstants {
 
 		boolean stork_qaa_1_4_found = false;
 
-		Iterator<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
-				.getAuthnContextClassRefs().iterator();
-
-		while (reqAuthnContextClassRefIt.hasNext()) {
-			AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt
-					.next();
-			String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split(
-					"\\s+");
-			for (int i = 0; i < qaa_uris.length; i++) {
-				if (qaa_uris[i].trim().equals(STORK_QAA_1_4)) {
-					stork_qaa_1_4_found = true;
-					break;
-				}
-			}
-		}
+		AuthnContextClassRef authnContextClassRef = SAML2Utils
+				.createSAMLObject(AuthnContextClassRef.class);
+
+		 List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
+				.getAuthnContextClassRefs();
+		
+		 if (reqAuthnContextClassRefIt.size() == 0) {
+			 stork_qaa_1_4_found = true;
+			 authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
+			 
+		 } else {
+			 for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
+				 String qaa_uri = authnClassRef.getAuthnContextClassRef();
+				 if (qaa_uri.trim().equals(STORK_QAA_1_4)
+						 || qaa_uri.trim().equals(STORK_QAA_1_3)
+						 || qaa_uri.trim().equals(STORK_QAA_1_2)
+						 || qaa_uri.trim().equals(STORK_QAA_1_1)) {
+					
+					 if (authSession.isForeigner()) {
+						 //TODO: insert QAA check
+					
+						 stork_qaa_1_4_found = false;
+					
+					 } else {
+						 stork_qaa_1_4_found = true;
+						 authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
+					 }
+					 break;
+				 }
+			 }
+		 }
 
 		if (!stork_qaa_1_4_found) {
 			throw new QAANotSupportedException(STORK_QAA_1_4);
 		}
 
-		reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs()
-				.iterator();
-		StringBuilder authContextsb = new StringBuilder();
-		while (reqAuthnContextClassRefIt.hasNext()) {
-			AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt
-					.next();
-			String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split(
-					"\\s+");
-			for (int i = 0; i < qaa_uris.length; i++) {
-				if (qaa_uris[i].trim().equals(STORK_QAA_1_4)
-						|| qaa_uris[i].trim().equals(STORK_QAA_1_3)
-						|| qaa_uris[i].trim().equals(STORK_QAA_1_2)
-						|| qaa_uris[i].trim().equals(STORK_QAA_1_1)) {
-					authContextsb.append(qaa_uris[i].trim());
-					authContextsb.append(" ");
-				}
-			}
-
-		}
-		AuthnContextClassRef authnContextClassRef = SAML2Utils
-				.createSAMLObject(AuthnContextClassRef.class);
-		authnContextClassRef.setAuthnContextClassRef(authContextsb.toString());
+//		reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs()
+//				.iterator();
+//		
+//		StringBuilder authContextsb = new StringBuilder();
+//		
+//		while (reqAuthnContextClassRefIt.hasNext()) {
+//			AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt
+//					.next();
+//			String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split(
+//					"\\s+");
+//			for (int i = 0; i < qaa_uris.length; i++) {
+//				if (qaa_uris[i].trim().equals(STORK_QAA_1_4)
+//						|| qaa_uris[i].trim().equals(STORK_QAA_1_3)
+//						|| qaa_uris[i].trim().equals(STORK_QAA_1_2)
+//						|| qaa_uris[i].trim().equals(STORK_QAA_1_1)) {
+//					authContextsb.append(qaa_uris[i].trim());
+//					authContextsb.append(" ");
+//				}
+//			}
+//
+//		}
+		
 		AuthnContext authnContext = SAML2Utils
 				.createSAMLObject(AuthnContext.class);
 		authnContext.setAuthnContextClassRef(authnContextClassRef);
@@ -199,14 +225,63 @@ public class PVP2AssertionBuilder implements PVPConstants {
 			assertion.getAttributeStatements().add(attributeStatement);
 		}
 
-		// TL: getIdentificationValue holds the baseID --> change to pBK
-		// subjectNameID.setValue(authData.getIdentificationValue());
-
 		subjectNameID.setFormat(NameID.PERSISTENT);
 		
 		//TLenz: set correct bPK Type and Value from AuthData
-		subjectNameID.setNameQualifier(authData.getBPKType());
-		subjectNameID.setValue(authData.getBPK());
+		if (authSession.getUseMandate()) {
+			Element mandate = authSession.getMandate();
+			if(mandate == null) {
+				throw new NoMandateDataAvailableException();
+			}
+			Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+			if(mandateObject == null) {
+				throw new NoMandateDataAvailableException();
+			}
+			CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+			PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson();
+			
+			IdentificationType id;
+			if(corporation != null && corporation.getIdentification().size() > 0)
+				id = corporation.getIdentification().get(0);
+
+				
+			else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0)
+				id = pysicalperson.getIdentification().get(0);
+				
+			else {
+				Logger.error("Failed to generate IdentificationType");
+				throw new NoMandateDataAvailableException();		
+			}
+		
+			String bpktype = id.getType();
+			String bpk = id.getValue().getValue();
+			
+			if (bpktype.equals(Constants.URN_PREFIX_BASEID)) {
+				if (authSession.getBusinessService()) {						    
+					subjectNameID.setValue(new BPKBuilder().buildWBPK(bpk, oaParam.getIdentityLinkDomainIdentifier()));
+					if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
+						subjectNameID.setNameQualifier(oaParam.getIdentityLinkDomainIdentifier());
+					else
+						subjectNameID.setNameQualifier(Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier());
+					
+				} else {
+					subjectNameID.setValue(new BPKBuilder().buildBPK(bpk, oaParam.getTarget()));
+					if (oaParam.getTarget().startsWith(Constants.URN_PREFIX_CDID + "+"))
+						subjectNameID.setNameQualifier(oaParam.getTarget());
+					else
+						subjectNameID.setNameQualifier(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
+				}
+				
+				
+			} else {
+				subjectNameID.setNameQualifier(bpktype);
+				subjectNameID.setValue(bpk);
+			}
+			
+		} else {
+			subjectNameID.setNameQualifier(authData.getBPKType());
+			subjectNameID.setValue(authData.getBPK());
+		}
 		
 
 		subject.setNameID(subjectNameID);