package at.gv.egovernment.moa.id.auth.builder;
import java.text.MessageFormat;
import java.util.List;
import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.StringUtils;
/**
* Builder for the authentication data <saml:Assertion>
* to be provided by the MOA ID Auth component.
*
* @author Paul Ivancsics
* @version $Id$
*/
public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionBuilder implements Constants {
/** private static String NL contains the NewLine representation in Java*/
private static final String NL = "\n";
/**
* XML template for the <saml:Assertion>
to be built
*/
private static final String AUTH_DATA =
"" + NL +
"" + NL +
" " + NL +
" " + NL +
" {4}" + NL +
" " + NL +
" " + MOA_NS_URI + "cm" + NL +
" {5}{6}" + NL +
" " + NL +
" " + NL +
" " + NL +
" {7}" + NL +
" " + NL +
" " + NL +
" {8}" + NL +
" " + NL +
" " + NL +
" {9}" + NL +
" " + NL +
"{10}" +
"{11}" +
"{12}" +
" " + NL +
"";
/**
* XML template for the <saml:Attribute>
named "isPublicAuthority"
,
* to be inserted into the <saml:Assertion>
*/
private static final String PUBLIC_AUTHORITY_ATT =
" " + NL +
" {0}" + NL +
" " + NL;
private static final String SIGNER_CERTIFICATE_ATT =
" " + NL +
" {0}" + NL +
" " + NL;
/**
* Constructor for AuthenticationDataAssertionBuilder.
*/
public AuthenticationDataAssertionBuilder() {
super();
}
/**
* Builds the authentication data <saml:Assertion>
.
*
* @param authData the AuthenticationData
to build the
* <saml:Assertion>
from
* @param xmlPersonData lt;pr:Person>
element as a String
* @param xmlAuthBlock authentication block to be included in a
* lt;saml:SubjectConfirmationData>
element; may include
* the "Stammzahl"
or not; may be empty
* @param xmlIdentityLink the IdentityLink
* @param signerCertificateBase64 Base64 encoded certificate of the signer. Maybe
* an empty string if the signer certificate should not be provided.
* Will be ignored if the businessService
parameter is
* set to false
.
* @param businessService true
if the online application is a
* business service, otherwise false
* @return the <saml:Assertion>
* @throws BuildException if an error occurs during the build process
*/
public String build(
AuthenticationData authData,
String xmlPersonData,
String xmlAuthBlock,
String xmlIdentityLink,
String bkuURL,
String signerCertificateBase64,
boolean businessService,
List extendedSAMLAttributes)
throws BuildException
{
String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false";
String publicAuthorityAttribute = "";
if (authData.isPublicAuthority()) {
String publicAuthorityIdentification = authData.getPublicAuthorityCode();
if (publicAuthorityIdentification == null)
publicAuthorityIdentification = "True";
publicAuthorityAttribute = MessageFormat.format(
PUBLIC_AUTHORITY_ATT, new Object[] { publicAuthorityIdentification });
}
String signerCertificateAttribute = "";
if (signerCertificateBase64 != "") {
signerCertificateAttribute = MessageFormat.format(
SIGNER_CERTIFICATE_ATT, new Object[] { signerCertificateBase64 });
}
String pkType;
String pkValue;
if (businessService) {
pkType = authData.getIdentificationType();
pkValue = authData.getWBPK();
} else {
pkType = URN_PREFIX_BPK;
pkValue = authData.getBPK();
}
String assertion;
try {
assertion = MessageFormat.format(AUTH_DATA, new Object[] {
authData.getAssertionID(),
authData.getIssuer(),
authData.getIssueInstant(),
pkType,
pkValue,
StringUtils.removeXMLDeclaration(xmlAuthBlock),
StringUtils.removeXMLDeclaration(xmlIdentityLink),
StringUtils.removeXMLDeclaration(xmlPersonData),
isQualifiedCertificate,
bkuURL,
publicAuthorityAttribute,
signerCertificateAttribute,
buildExtendedSAMLAttributes(extendedSAMLAttributes)});
} catch (ParseException e) {
Logger.error("Error on building Authentication Data Assertion: " + e.getMessage());
throw new BuildException("builder.00", new Object[] { "Authentication Data Assertion", e.toString()});
}
return assertion;
}
}