1 files changed, 15 insertions, 39 deletions

diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPVP2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPVP2XProtocol.java
index 93ffa789..ee0eee0a 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPVP2XProtocol.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPVP2XProtocol.java
@@ -19,9 +19,7 @@ import org.opensaml.saml2.core.Response;
 import org.opensaml.saml2.core.Status;
 import org.opensaml.saml2.core.StatusCode;
 import org.opensaml.saml2.core.StatusMessage;
-import org.opensaml.saml2.core.impl.AuthnRequestImpl;
 import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.ws.security.SecurityPolicyException;
@@ -35,7 +33,6 @@ import at.gv.egiz.components.eventlog.api.EventConstants;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
@@ -47,6 +44,7 @@ import at.gv.egiz.eaaf.modules.pvp2.PVPEventConstants;
 import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
 import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
 import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator;
 import at.gv.egiz.eaaf.modules.pvp2.exception.InvalidPVPRequestException;
 import at.gv.egiz.eaaf.modules.pvp2.exception.NameIDFormatNotSupportedException;
 import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
@@ -61,7 +59,6 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
 import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
 import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare;
 import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.verification.AuthnRequestValidator;
 import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SAMLVerificationEngine;
  
 public abstract class AbstractPVP2XProtocol extends AbstractAuthProtocolModulController implements IModulInfo {
@@ -70,8 +67,11 @@ public abstract class AbstractPVP2XProtocol extends AbstractAuthProtocolModulCon
 	@Autowired(required=true) protected IPVP2BasicConfiguration pvpBasicConfiguration;
 	@Autowired(required=true) protected IPVPMetadataProvider metadataProvider;
 	@Autowired(required=true) protected SAMLVerificationEngine samlVerificationEngine;
+	@Autowired(required=true) protected IAuthnRequestValidator authRequestValidator;
 	
 	private AbstractCredentialProvider pvpIDPCredentials;
+
+	
 		
 	/**
 	 * Sets a specific credential provider for PVP S-Profile IDP component.
@@ -470,42 +470,14 @@ public abstract class AbstractPVP2XProtocol extends AbstractAuthProtocolModulCon
 			}			
 		}
 		
-		
-		//select AttributeConsumingService from request
-		AttributeConsumingService attributeConsumer = null;		
-		Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
-		int attributeIdx = 0;
-	
-		if(aIdx != null) {
-			attributeIdx = aIdx.intValue();
-		}
-		
-		if (spSSODescriptor.getAttributeConsumingServices() != null  && 
-				spSSODescriptor.getAttributeConsumingServices().size() > 0) {
-			attributeConsumer  = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
-		} 
-		
+				
 		//validate AuthnRequest
-		AuthnRequestImpl authReq = (AuthnRequestImpl) samlReq;
-		AuthnRequestValidator.validate(authReq);
-		
-//		String useMandate = request.getParameter(PARAM_USEMANDATE);
-//		if(useMandate != null) {
-//			if(useMandate.equals("true") && attributeConsumer != null) {
-//				if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
-//					throw new MandateAttributesNotHandleAbleException();
-//				}
-//			}
-//		}
-						
+		AuthnRequest authReq = (AuthnRequest) samlReq;
 		String oaURL = moaRequest.getEntityMetadata(metadataProvider).getEntityID();
-		oaURL = StringEscapeUtils.escapeHtml(oaURL);
-		ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL);
-		
-		log.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());		
-
-		pendingReq.setSPEntityId(oaURL);
-		pendingReq.setOnlineApplicationConfiguration(oa);
+		log.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());
+								
+		pendingReq.setSPEntityId(StringEscapeUtils.escapeHtml(oaURL));
+		pendingReq.setOnlineApplicationConfiguration(authConfig.getServiceProviderConfiguration(pendingReq.getSPEntityId()));
 		pendingReq.setBinding(consumerService.getBinding());
 		pendingReq.setRequest(moaRequest);
 		pendingReq.setConsumerURL(consumerService.getLocation());
@@ -513,13 +485,17 @@ public abstract class AbstractPVP2XProtocol extends AbstractAuthProtocolModulCon
 		//parse AuthRequest
 		pendingReq.setPassiv(authReq.isPassive());
 		pendingReq.setForce(authReq.isForceAuthn());
-		
+
 		//AuthnRequest needs authentication
 		pendingReq.setNeedAuthentication(true);
 
 		//set protocol action, which should be executed after authentication
 		pendingReq.setAction(AuthenticationAction.class.getName());
 		
+		log.trace("Starting extended AuthnRequest validation and processing ... ");
+		authRequestValidator.validate(request, pendingReq, authReq, spSSODescriptor);
+		log.debug("Extended AuthnRequest validation and processing finished");
+				
 		//write revisionslog entry
 		revisionsLogger.logEvent(pendingReq, PVPEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST);