From ba01e78bf13485ebb4058dd0322c752854f0922b Mon Sep 17 00:00:00 2001 From: "harald.bratko" Date: Wed, 1 Aug 2007 17:20:44 +0000 Subject: Changed for compability mode. git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@892 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 11 +- .../moa/id/auth/data/InfoboxValidationResult.java | 76 +++++++++++++ .../id/auth/data/InfoboxValidationresultImpl.java | 122 +++++++++++++++++++++ .../moa/id/auth/data/InfoboxValidatorParams.java | 15 +++ .../id/auth/data/InfoboxValidatorParamsImpl.java | 56 +++++++--- .../moa/id/auth/validator/InfoboxValidator.java | 42 +------ 6 files changed, 260 insertions(+), 62 deletions(-) create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationresultImpl.java (limited to 'id.server') diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index a79cba4d7..5f4ec2d29 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -40,6 +40,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; @@ -589,25 +590,25 @@ public class AuthenticationServer implements MOAIDAuthConstants { InfoboxValidatorParamsBuilder.buildInfoboxValidatorParams( session, verifyInfoboxParameter, infoboxTokenList, hideStammzahl); // now validate the infobox - boolean infoboxValid = false; + InfoboxValidationResult infoboxValidationResult = null; try { - infoboxValid = infoboxValidator.validate(infoboxValidatorParams); + infoboxValidationResult = infoboxValidator.validate(infoboxValidatorParams); } catch (ValidateException e) { Logger.error("Error validating " + identifier + " infobox:" + e.getMessage()); throw new ValidateException( "validator.44", new Object[] {friendlyName}); } - if (!infoboxValid) { + if (!infoboxValidationResult.isValid()) { Logger.info("Validation of " + identifier + " infobox failed."); throw new ValidateException( - "validator.40", new Object[] {friendlyName, infoboxValidator.getErrorMessage()}); + "validator.40", new Object[] {friendlyName, infoboxValidationResult.getErrorMessage()}); } Logger.info(identifier + " infobox successfully validated."); // get the SAML attributes to be appended to the AUTHBlock or to the final // SAML Assertion - ExtendedSAMLAttribute[] extendedSAMLAttributes = infoboxValidator.getExtendedSamlAttributes(); + ExtendedSAMLAttribute[] extendedSAMLAttributes = infoboxValidationResult.getExtendedSamlAttributes(); if (extendedSAMLAttributes != null) { int length = extendedSAMLAttributes.length; for (int i=0; i + * If validation fails the implementing class has to provide a short error message. + *
+ * If the corresponding infobox validator runs in the so called compatibility mode + * a pr:Persondata element to be used in the final saml:Assertion + * ({@see #getPersonData()}) + * + * @author Harald Bratko + */ +public interface InfoboxValidationResult { + + /** + * The method returns true if validation succeeds. In that case + * method {@link #getExtendedSamlAttributes()} may provide an array of + * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute + * ExtendedSAMLAttributes} that should be appended to the final SAML-Assertion or the + * AUTH-Block or to both. + *
+ * The method returns false if validation fails. In that case + * method {@link #getErrorMessage()} has to provide a short error description. + * + * @return True if validation succeeds, + * otherwise false. + */ + public boolean isValid(); + + /** + * Returns an array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute + * ExtendedSAMLAttributes} that should be added to the SAML-Assertion + * provided to the online application. + * The SAML-Attributes in that array will be added to the final + * SAML-Assertion, the AUTH-Block, or both, exactly in the order as they are arranged + * in the array this method returns. + * + * @return An array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute + * ExtendedSAMLAttributes} that should be added to the SAML-Assertion + * provided to the online application, the AUTH-Block, or both. If no attributes should + * be added this array maybe null or empty. + */ + public ExtendedSAMLAttribute[] getExtendedSamlAttributes(); + + /** + * A short error description that should be displayed by MOA-ID if + * validation of the InfoBoxReadResponse fails. + * + * @return An short error message if validation fails. + */ + public String getErrorMessage(); + + /** + * Returns a <pr:PersonData> element to be used in the final + * <saml:Assertion>. + *
+ * If the corresponding infobox validator runs in the so called compatibility mode + * the method must return a <pr:PersonData> element to be used within + * the final <saml:Assertion> sent to the online application instead of + * the original <pr:PersonData> element derived from the <Identitylink>. + * + * @return A <pr:PersonData> element if the corresponding infobox validator + * runs in the compatibility mode, otherwise null. + */ + public Element getPersonData(); + +} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationresultImpl.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationresultImpl.java new file mode 100644 index 000000000..24eb01e95 --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidationresultImpl.java @@ -0,0 +1,122 @@ +package at.gv.egovernment.moa.id.auth.data; + +import org.w3c.dom.Element; + +/** + * Default implementation of the {@link InfoboxValidationresult} interface. + * + * @author Harald Bratko + */ +public class InfoboxValidationresultImpl implements InfoboxValidationResult { + + /** + * Indicates whether the validation was successful or not. + */ + protected boolean valid_; + + /** + * The error message. + */ + protected String errorMessage_; + + /** + * The SAML attributes returned by the infobox validator. + */ + protected ExtendedSAMLAttribute[] extendedSamlAttributes_; + + /** + * The <pr:PersonData> element to be used in the final + * <saml:Assertion>, if the validator runs in the + * compatibility mode. + */ + protected Element personData_; + + /** + * Constructor. + * + * @param valid + * @param extendedSamlAttributes + * @param errorMessage + * @param personData + */ + public InfoboxValidationresultImpl( + boolean valid, + ExtendedSAMLAttribute[] extendedSamlAttributes, + String errorMessage, + Element personData) + { + valid_ = valid; + extendedSamlAttributes_ = extendedSamlAttributes; + errorMessage_ = errorMessage; + personData_ = personData; + } + + + + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult#getErrorMessage() + */ + public String getErrorMessage() { + return errorMessage_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult#getExtendedSamlAttributes() + */ + public ExtendedSAMLAttribute[] getExtendedSamlAttributes() { + return extendedSamlAttributes_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult#getPersonData() + */ + public Element getPersonData() { + return personData_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult#isValid() + */ + public boolean isValid() { + return valid_; + } + + /** + * Sets the errorMessage. + * + * @param errorMessage The errorMessage to set. + */ + public void setErrorMessage(String errorMessage) { + errorMessage_ = errorMessage; + } + + /** + * Sets the extendedSamlAttributes. + * + * @param extendedSamlAttributes The extendedSamlAttributes to set. + */ + public void setExtendedSamlAttributes(ExtendedSAMLAttribute[] extendedSamlAttributes) { + extendedSamlAttributes_ = extendedSamlAttributes; + } + + /** + * Sets the <pr:PersonData> element. + * + * @param personData <pr:PersonData> to set. + */ + public void setPersonData(Element personData) { + personData_ = personData; + } + + /** + * Specify whether the result is valid or not. + * + * @param valid True if the infobox could be validated successfully, + * otherwise false. + */ + public void setValid(boolean valid) { + valid_ = valid; + } + +} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java index 381815258..71d675259 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java @@ -156,6 +156,21 @@ public interface InfoboxValidatorParams { */ public boolean getHideStammzahl(); + /** + * Indicates if the infobox validator has to run in the so called compatibility mode. + *
+ * The compatibility mode is used when the final <saml:Assertion> + * sent to the online application should be rather built on the basis of a <pr:PersonData> + * structure returned by the infobox validator instead of the original identity link. + * This mode is mainly used within the Mandates context + * (please refer MOA-ID specification for more details). + * + * @return True the infobox validator has to run in the so called + * compatibility mode, otherwise false. The default value + * should be false. + */ + public boolean getCompMode(); + /** * Returns application specific parameters. * Each child element of this element contains diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java index 123d57157..e524ff5f5 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java @@ -21,76 +21,80 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { * The first token in this list is the one to be validated. Each further token * maybe needed to validate this first token. */ - private List infoboxTokenList_; + protected List infoboxTokenList_; /** * The ID of the trust profile used for validating certificates. */ - private String trustProfileID_; + protected String trustProfileID_; /** * The locations of schemas that maybe needed for validating infobox tokens. */ - private List schemaLocations_; + protected List schemaLocations_; /** * The URL of the BKU. */ - private String bkuURL_; + protected String bkuURL_; /** * Specifies whether the current online application is a business or a public application. */ - private boolean businessApplication_; + protected boolean businessApplication_; /** * The target parameter. */ - private String target_; + protected String target_; /** * The family name from the identity link. */ - private String familyName_; + protected String familyName_; /** * The given name from the identity link. */ - private String givenName_; + protected String givenName_; /** * The date of birth from the identity link. */ - private String dateOfBirth_; + protected String dateOfBirth_; /** * The date of identification value. */ - private String identificationValue_; + protected String identificationValue_; /** * The identification type. */ - private String identificationType_; + protected String identificationType_; /** * The public keys from the identity link. */ - private PublicKey[] publicKeys_; + protected PublicKey[] publicKeys_; /** * The identity link. */ - private Element identityLink_; + protected Element identityLink_; + /** + * Indicates if the infobox validator has to run in the so called compatibility mode. + */ + protected boolean compMode_; /** * Indicates whether source pins (Stammzahlen) must be hidden or not. */ - private boolean hideStammzahl_; + protected boolean hideStammzahl_; /** * Application specific parameters. */ - private Element applicationSpecificParams_; + protected Element applicationSpecificParams_; /** * Empty constructor. @@ -189,6 +193,13 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { return identityLink_; } + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getCompMode() + */ + public boolean getCompMode() { + return compMode_; + } + /** * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getHideStammzahl() */ @@ -332,16 +343,27 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { public void setTrustProfileID(String trustProfileID) { trustProfileID_ = trustProfileID; } + + /** + * Sets the {@link #compMode_} parameter. Indicates whether the infobox + * validator has to run in the so called compatibility mode. + * + * @param compMode True if the infobox validator has to run in the so + * called compatibility mode, otherwise false. + */ + public void setCompMode(boolean compMode) { + compMode_ = compMode; + } /** - * Sets the hideStammzahl_ parameter. This indicates whether source pins + * Sets the {@link #hideStammzahl_} parameter. This indicates whether source pins * (Stammzahlen) must be hidden or not. * * @param hideStammzahl True if source pins (Stammzahlen) should * be hidden, otherwise false. */ public void setHideStammzahl(boolean hideStammzahl) { - this.hideStammzahl_ = hideStammzahl; + hideStammzahl_ = hideStammzahl; } } diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java index e17e03a20..2f14eb3c9 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java @@ -1,5 +1,6 @@ package at.gv.egovernment.moa.id.auth.validator; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; @@ -8,13 +9,6 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; * An implementing class has to validate the content of the InfoboxReadResponse * according to the type specific rules and guidelines of the underlying * application. - * If validation succeeds, the class may provide an array of - * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute - * ExtendedSAMLAttributes}. Each of these SAML-Attributes will be either appended to the - * final SAML-Assertion passed to the online application or to the AUTH-Block, - * or to both. - *
- * If validation fails the implementing class has to provide a short error message. */ public interface InfoboxValidator { @@ -23,15 +17,6 @@ public interface InfoboxValidator { * The method validates the content of the passed infoboxReadResponse * according to the type specific rules and guidelines of the underlying * application. - *
- * The method returns true if validation succeeds. In that case - * method {@link #getExtendedSamlAttributes()} may provide an array of - * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute - * ExtendedSAMLAttributes} that should be appended to the final SAML-Assertion or the - * AUTH-Block or to both. - *
- * The method returns false if validation fails. In that case - * method {@link #getErrorMessage()} has to provide a short error description. * * @param params {@link at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams * Parameters} needed by the validator. @@ -42,30 +27,7 @@ public interface InfoboxValidator { * @throws ValidateException If an error occurs on validating the * InfoboxReadResponse. */ - public boolean validate (InfoboxValidatorParams params) + public InfoboxValidationResult validate (InfoboxValidatorParams params) throws ValidateException; - - /** - * Returns an array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute - * ExtendedSAMLAttributes} that should be added to the SAML-Assertion - * provided to the online application. - * The SAML-Attributes in that array will be added to the final - * SAML-Assertion, the AUTH-Block, or both, exactly in the order as they are arranged - * in the array this method returns. - * - * @return An array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute - * ExtendedSAMLAttributes} that should be added to the SAML-Assertion - * provided to the online application, the AUTH-Block, or both. If no attributes should - * be added this array maybe null or empty. - */ - public ExtendedSAMLAttribute[] getExtendedSamlAttributes(); - - /** - * A short error description that should be displayed by MOA-ID if - * validation of the InfoBoxReadResponse fails. - * - * @return An short error message if validation fails. - */ - public String getErrorMessage(); } -- cgit v1.2.3