aboutsummaryrefslogtreecommitdiff
path: root/modules/authmodule_id-austria/src/main
diff options
context:
space:
mode:
authorThomas <>2022-06-08 12:32:16 +0200
committerThomas <>2022-06-08 12:32:16 +0200
commit3d9d419a40b17de1f94d46cbc2f5b345a93bff00 (patch)
treeeccca95fa319ac13b2f6e98fd34b25e266dc489d /modules/authmodule_id-austria/src/main
parentdb3af28b79296b6f5650a85c5a41ad5015c57222 (diff)
downloadNational_eIDAS_Gateway-3d9d419a40b17de1f94d46cbc2f5b345a93bff00.tar.gz
National_eIDAS_Gateway-3d9d419a40b17de1f94d46cbc2f5b345a93bff00.tar.bz2
National_eIDAS_Gateway-3d9d419a40b17de1f94d46cbc2f5b345a93bff00.zip
feat(eidas): perform mapping between IDA and eIDAS attributes based on external configuration
Diffstat (limited to 'modules/authmodule_id-austria/src/main')
-rw-r--r--modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/builder/attributes/SpRequiredAttributersAttributeBuilder.java63
-rw-r--r--modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java30
-rw-r--r--modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java6
-rw-r--r--modules/authmodule_id-austria/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder1
4 files changed, 74 insertions, 26 deletions
diff --git a/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/builder/attributes/SpRequiredAttributersAttributeBuilder.java b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/builder/attributes/SpRequiredAttributersAttributeBuilder.java
new file mode 100644
index 00000000..61687088
--- /dev/null
+++ b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/builder/attributes/SpRequiredAttributersAttributeBuilder.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.modules.auth.idaustria.builder.attributes;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class SpRequiredAttributersAttributeBuilder
+ implements IAttributeBuilder, ExtendedPvpAttributeDefinitions {
+
+ @Override
+ public String getName() {
+ return SP_REQUIRED_ATTRIBUTES_NAME;
+ }
+
+ @Override
+ public <ATT> ATT build(final ISpConfiguration oaParam, final IAuthData authData,
+ final IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+ if (oaParam instanceof ServiceProviderConfiguration) {
+ return g.buildStringAttribute(SP_REQUIRED_ATTRIBUTES_FRIENDLY_NAME, SP_REQUIRED_ATTRIBUTES_NAME,
+ StringUtils.join(((ServiceProviderConfiguration)oaParam).getRequestedAttributes(), ","));
+
+ } else {
+ log.warn("Can not build attribute for required IDA attributes, because SP config-implementation does not match.");
+ return null;
+
+ }
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(SP_REQUIRED_ATTRIBUTES_FRIENDLY_NAME, SP_REQUIRED_ATTRIBUTES_NAME);
+
+ }
+
+}
diff --git a/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java
index e486b851..17e0e0d5 100644
--- a/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java
+++ b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java
@@ -16,7 +16,6 @@ import org.opensaml.saml.saml2.core.StatusCode;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.springframework.beans.factory.annotation.Autowired;
-import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants;
import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthCredentialProvider;
import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthMetadataProvider;
@@ -234,8 +233,7 @@ public class ReceiveFromIdAustriaSystemTask extends AbstractAuthServletTask {
// inject all attributes into session
final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
for (final String attrName : includedAttrNames) {
- injectAuthInfosIntoSession(session, attrName,
- extractor.getSingleAttributeValue(attrName));
+ injectAuthInfosIntoSession(session, attrName, extractor.getSingleAttributeValue(attrName));
}
@@ -306,31 +304,11 @@ public class ReceiveFromIdAustriaSystemTask extends AbstractAuthServletTask {
private void injectAuthInfosIntoSession(AuthProcessDataWrapper session,
String attrName, String attrValue) throws EaafStorageException, IOException {
log.trace("Inject attribute: {} with value: {} into AuthSession", attrName, attrValue);
- log.debug("Inject attribute: {} into AuthSession", attrName);
- if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) {
- log.trace("Find bPK attribute. Extract eIDAS identifier ... ");
- session.setGenericDataToSession(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER,
- extractBpkFromResponse(attrValue));
-
- } else {
- session.setGenericDataToSession(attrName, attrValue);
-
- }
-
+ log.debug("Inject attribute: {} into AuthSession", attrName);
+ session.setGenericDataToSession(attrName, attrValue);
+
}
- private String extractBpkFromResponse(String pvpBpkAttrValue) {
- final String[] split = pvpBpkAttrValue.split(":", 2);
- if (split.length == 2) {
- return split[1];
-
- } else {
- log.warn("PVP bPK attribute: {} has wrong format. Use it as it is.", pvpBpkAttrValue);
- return pvpBpkAttrValue;
-
- }
- }
-
private Pair<PvpSProfileResponse, Boolean> preProcessAuthResponse(PvpSProfileResponse msg)
throws IOException, MarshallingException, TransformerException,
CredentialsNotAvailableException, AuthnResponseValidationException, SamlAssertionValidationExeption {
diff --git a/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java
index 66aadde6..bbe9b45f 100644
--- a/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java
+++ b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java
@@ -160,6 +160,12 @@ public class RequestIdAustriaSystemTask extends AbstractAuthServletTask {
injectAttribute(attributs, PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME,
selectHighestLoa(pendingReq.getServiceProviderConfiguration().getRequiredLoA()));
+ // set list of IDA attributes as attribute
+ injectAttribute(attributs, ExtendedPvpAttributeDefinitions.SP_REQUIRED_ATTRIBUTES_NAME,
+ StringUtils.join(
+ pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).getRequestedAttributes(),
+ ","));
+
//set ProviderName if available
String providerName = ((ProxyServicePendingRequest)pendingReq).getEidasRequest().getProviderName();
if (StringUtils.isNotEmpty(providerName)) {
diff --git a/modules/authmodule_id-austria/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/modules/authmodule_id-austria/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
index 65e9482c..3b20d687 100644
--- a/modules/authmodule_id-austria/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
+++ b/modules/authmodule_id-austria/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -1 +1,2 @@
at.asitplus.eidas.specific.modules.auth.idaustria.builder.attributes.EidasConnecorUniqueIdAttributeBuilder
+at.asitplus.eidas.specific.modules.auth.idaustria.builder.attributes.SpRequiredAttributersAttributeBuilder