package at.gv.egovernment.moa.id.auth.validator.parep; import java.io.File; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Vector; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; import at.gv.egovernment.moa.id.auth.data.InfoboxToken; import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResultImpl; import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateResponse; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; /** * This class implements a MOA-ID Infobox Validator for validating * a standardized XML mandate using the SZR-gateway. * * @author Peter Danner */ public class ParepValidator implements InfoboxValidator { /** activates debug settings */ private boolean PAREP_DEBUG = false; /** contains the parameters the validator initially was called with */ private InfoboxValidatorParams params = null; /** contains the configuration of the validator */ private ParepConfiguration parepConfiguration = null; /** the requested representation ID (currently * or OID) */ private String representationID = null; /** holds the information of the SZR-request */ private CreateMandateRequest request = null; /** List of extended SAML attributes. */ private Vector extendedSamlAttributes = new Vector(); /** the class which processes the user input */ private ParepInputProcessor inputProcessor = null; /** The form if user input is necessary */ private String form = null; /** unspecified error of parep-validator (must not know more about)*/ private final static String COMMON_ERROR = "Es ist ein Fehler bei der Überprüfung für berufsmäßige Parteienvetretung aufgetreten"; /** Default class to gather remaining mandator data. */ public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl"; /** Default template to gather remaining mandator data. */ public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html"; /** kind of representation text in AUTH block*/ public final static String STANDARD_REPRESENTATION_TEXT = "berufsmäßige(r) Parteienvertreter(in)"; /** Names of the produced SAML-attributes. */ public final static String EXT_SAML_MANDATE_RAW = "Mandate"; public final static String EXT_SAML_MANDATE_NAME = "MandatorName"; public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth"; public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk"; public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; /** register and register number for non physical persons - the domain identifier for business applications*/ public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier"; /** * Parses the XML configuration element and creates the validators configuration * Use this function if you want to preconfigure the validator. * * @param configElem * the XML configuration element to parse. * @throws ConfigurationException * if an error occurs during the configuration process */ public void Configure(Element configElem) throws ConfigurationException { if (this.parepConfiguration == null) { Logger.debug("Lade Konfiguration."); parepConfiguration = new ParepConfiguration(configElem); Logger.debug("Konfiguration erfolgreich geladen."); } } /* * (non-Javadoc) * * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams) */ public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException { InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); try { Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung."); this.params = params; Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList()); // ParepUtils.serializeElement(mandate, System.out); this.representationID = ParepUtils.extractRepresentativeID(mandate); if (ParepUtils.isEmpty(representationID)) { validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht"); return validationResult; } // Überprüfen der Identifikation (Type/Value). String identificationType = this.params.getIdentificationType(); String identificationValue = this.params.getIdentificationValue(); if (this.params.getBusinessApplication()) { if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) { validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen."); return validationResult; } else { Logger.debug("Parteienvertreter wird mit wbPK identifiziert"); } } else { if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) { //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) { Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu übermitteln. In der MOA-ID Konfiguration muss die Übermittlung Stammzahl aktiviert sein."); validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert."); return validationResult; } else { Logger.debug("Organwalter wird mit Stammzahl identifiziert"); } } else { if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) { // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist identificationType = Constants.URN_PREFIX_CDID; String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget()); identificationValue = bpkBase64; Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert"); } else { Logger.debug("Parteienvertreter wird mit bPK identifiziert"); } } } Configure(this.params.getApplicationSpecificParams()); // check if we have a configured party representative for that if (!parepConfiguration.isPartyRepresentative(representationID)) { Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert."); validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert."); return validationResult; } // Vertreter this.request = new CreateMandateRequest(); request.setRepresentative(this.params, identificationType, identificationValue); // ParepUtils.serializeElement(request.getRepresentative(), System.out); //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml")); Logger.debug("Prüfe vorausgefüllte Daten..."); boolean physical = true; String familyName = ""; String givenName = ""; String dateOfBirth = ""; String cbFullName = ""; String cbIdentificationType = ""; String cbIdentificationValue = ""; String postalCode = ""; String municipality = ""; String streetName = ""; String buildingNumber = ""; String unit = ""; boolean formNecessary = false; // Vertretener (erstes Vorkommen) Element mandator = ParepUtils.extractMandator(mandate); if (mandator != null) { // ParepUtils.serializeElement(mandator, System.out); // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml")); if (ParepUtils.isPhysicalPerson(mandator)) { familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); } else { physical = false; cbFullName = ParepUtils.extractMandatorFullName(mandator); cbIdentificationType = ParepUtils.getIdentification(mandator, "Type"); cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator); } postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()"); municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()"); streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()"); buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()"); unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()"); } if (physical) { if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) { validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt."); return validationResult; } if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) { formNecessary = true; } } else { if (!parepConfiguration.isRepresentingCorporateParty(representationID)) { validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt."); return validationResult; } if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) { formNecessary = true; } } //Zeigen wir, dass die Daten übernommen wurden: if (parepConfiguration.isAlwaysShowForm()) formNecessary=true; // Input processor this.form = ""; if (formNecessary) { ParepInputProcessor inputProcessor= getInputProcessor(); this.form = inputProcessor.start( physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue); if (this.form == null) { validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); return validationResult; } } else { // Request vorbereiten mit vorgegebenen Daten request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName, cbIdentificationType, cbIdentificationValue); } // ParepUtils.serializeElement(request.getMandator(), System.out); // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml")); addAuthBlockExtendedSamlAttributes(); validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); Logger.debug("Überprüfung der vertretenen Partei erfolgreich beendet"); validationResult.setValid(true); return validationResult; } catch (Exception e) { e.printStackTrace(); Logger.info(e); validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); return validationResult; } } /* * (non-Javadoc) * * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map) */ public InfoboxValidationResult validate(Map parameters) throws ValidateException { InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung"); Logger.debug("Prüfe im Formular ausgefüllte Daten..."); if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString()); // Input processor ParepInputProcessor inputProcessor= getInputProcessor(); this.form = inputProcessor.validate(parameters, null); if (this.form == null) { validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); return validationResult; } addAuthBlockExtendedSamlAttributes(); validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); validationResult.setValid(true); Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet"); return validationResult; } /* * (non-Javadoc) * * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element) */ public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException { InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); Logger.debug("Post processing von Organwalter-/berufsmäßige Parteienvertreterprüfung"); this.form = ""; try { // TODO: Frage ob OID im Zertifikat zu prüfen ist (macht derzeit das SZR-gateway). Dies würde aber zu eine Performanceeinbuße führen. request.setSignature(samlAssertion); //DPO debug // Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1_origin-fixed.xml"))).getDocumentElement(); // String id = representationID; // CreateMandateResponse response; // if (true) { // if (this.params.getHideStammzahl()) { // if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml")); // // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilitätsmodus Personendaten ersetzt werden können. // // Würden die Stammzahlen gelöscht (geblindet) werden, würde der Identifikationswert des Vertretenen gänzlich fehlen. // // Im Falle einen business Anwendung berechnet MOA-ID nach Rückkehr das wbPK // ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false); // } // if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml")); //ParepUtils.serializeElement(request.toElement(), System.out); if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml")); // configure szrgw client Logger.debug("Lade SZR-GW Client."); SZRGWClient client = new SZRGWClient(); // System.out.println("Parameters: " + cfg.getConnectionParameters()); Logger.debug("Initialisiere Verbindung..."); ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID); // Logger.debug("Connection Parameters: " + connectionParameters); Logger.debug("SZR-GW URL: " + connectionParameters.getUrl()); client.setAddress(connectionParameters.getUrl()); if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { Logger.debug("Initialisiere SSL Verbindung"); client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); } Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway..."); CreateMandateResponse response; Element requ = request.toElement(); try { response = client.createMandateResponse(requ); } catch (SZRGWClientException e) { // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. client = new SZRGWClient(connectionParameters.getUrl()); if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); response = client.createMandateResponse(requ); } Logger.debug("SZR-Gateway Response Code: " + response.getResultCode()+ " " + response.getInfo()!=null ? response.getInfo():""); if (response.getResultCode()==2000) { if(response.getMandate()==null) { Logger.error("Keine Vollmacht vom SZR-Gateway erhalten"); validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); return validationResult; } //DPO debug output (2lines) String id = representationID; if (id.equals("*")) id="standardisiert"; Element mandate = response.getMandate(); // Replace Stammzahlen if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml")); if (this.params.getHideStammzahl()) { ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false); if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml")); } extendedSamlAttributes.clear(); // Vollmacht extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); validationResult.setValid(true); Logger.debug("Post processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet"); } else { String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage"; String responseInfo = response.getInfo(); if (response.getResultCode()>=4000 && response.getResultCode()<4999) { if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo; validationResult.setErrorMessage(errorMsg); } else if (response.getResultCode()>=5000 && response.getResultCode()<=5999) { // Person not found ParepInputProcessor inputProcessor= getInputProcessor(); switch (response.getResultCode()) { case 5230: errorMsg = "Keine mit den Eingaben übereinstimmende Person vorhanden. Bitte ergänzen/ändern Sie ihre Angaben."; break; case 5231: errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Es existieren mehrere Personen zu Ihrer Suchanfrage. Bitte ergänzen/ändern Sie ihre Angaben."; break; default: if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo; } this.form = inputProcessor.validate(generateParameters(), errorMsg); if (this.form == null) { validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); return validationResult; } validationResult.setValid(true); } else { // Do not inform the user too much Logger.error(errorMsg); validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); } } return validationResult; } catch (Exception e) { e.printStackTrace(); Logger.info(e); validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); return validationResult; } } /** * provides the primary infobox token of the given list. * * @param infoBoxTokens * the list of infobox tokens. * @return * the XML element of the primary token. * @throws ValidateException * if an error occurs or list is not suitable. */ public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException { if (infoBoxTokens == null || infoBoxTokens.size() == 0) { throw new ValidateException("validator.62", null); } for (int i = 0; i < infoBoxTokens.size(); i++) { InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i); if (token.isPrimary()) { return token.getXMLToken(); } } throw new ValidateException("validator.62", null); } /* * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes() */ public ExtendedSAMLAttribute[] getExtendedSamlAttributes() { ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()]; extendedSamlAttributes.copyInto(ret); Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length); return ret; } /** * @return The next pending user input form, which is "" if no form is to be shown, and null on errors. */ public String getForm() { return this.form; } /** * Gets the user form input processor (class) assigned to the current party representative * If the method is called for the first time it initializes the input processor. * * @return The user form input processor */ private ParepInputProcessor getInputProcessor() { if (this.inputProcessor!=null) return inputProcessor; String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID); ParepInputProcessor inputProcessor = null; try { Class inputProcessorClass = Class.forName(inputProcessorName); inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance(); inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request); } catch (Exception e) { Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage()); } this.inputProcessor = inputProcessor; return inputProcessor; } /** * Generates the parameter list, which is needed to simulate a return from * an user form. * * @return the form parameters */ private Map generateParameters() { Map parameters = new HashMap(); boolean physical = true; String familyName = ""; String givenName = ""; String dateOfBirth = ""; String cbFullName = ""; String cbIdentificationType = ""; String cbIdentificationValue = ""; String postalCode = ""; String municipality = ""; String streetName = ""; String buildingNumber = ""; String unit = ""; try { // Vertretener (erstes Vorkommen) Element mandator = request.getMandator(); if (mandator != null) { if (ParepUtils.isPhysicalPerson(mandator)) { familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); } else { physical = false; cbFullName = ParepUtils.extractMandatorFullName(mandator); cbIdentificationType = ParepUtils.getIdentification(mandator, "Type"); cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator); } postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()"); municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()"); streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()"); buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()"); unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()"); } } catch (Exception e) { Logger.error("Could not extract Mandator form SZR-gateway request"); } parameters.put("familyname_", familyName); parameters.put("givenname_", givenName); parameters.put("dateofbirth_", dateOfBirth); parameters.put("dobyear_", dateOfBirth.substring(0,4)); parameters.put("dobmonth_", dateOfBirth.substring(5,7)); parameters.put("dobday_", dateOfBirth.substring(8,10)); parameters.put("physical_", physical ? "true" : "false"); parameters.put("fullname_", cbFullName); parameters.put("cbidentificationtype_", cbIdentificationType); parameters.put("cbidentificationvalue_", cbIdentificationValue); parameters.put("postalcode_", postalCode); parameters.put("municipality_", municipality); parameters.put("streetname_", streetName); parameters.put("buildingnumber_", buildingNumber); parameters.put("unit_", unit); return parameters; } /** * Adds the AUTH block related SAML attributes to the validation result. * This is needed always before the AUTH block is to be signed, because the * name of the mandator has to be set */ private void addAuthBlockExtendedSamlAttributes() { extendedSamlAttributes.clear(); extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); Element mandator = request.getMandator(); // Name String name = ParepUtils.extractMandatorName(mandator); extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); // Geburtsdatum String dob = ParepUtils.extractMandatorDateOfBirth(mandator); if (dob != null && !"".equals(dob)) { extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); } // (w)bpk String wbpk = ParepUtils.extractMandatorWbpk(mandator); if (!ParepUtils.isEmpty(wbpk)) { if (!ParepUtils.isPhysicalPerson(mandator)){ String idType = ParepUtils.extractMandatorIdentificationType(mandator); if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) { extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); } } else if (this.params.getBusinessApplication()) { extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); } } } // public static void main(String[] args) throws Exception { // } }