flag session as setUseMandate if mandate attributes are received from E-ID

2 files changed, 85 insertions, 0 deletions

diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java
index 6d8d85f34..9914927c5 100644
--- a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java
@@ -230,6 +230,26 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			else
 				session.setBkuURL("E-ID_Authentication");
 			
+			//check if mandates are included
+			if (extractor.containsAttribute(PVPConstants.MANDATE_TYPE_NAME) 
+					|| extractor.containsAttribute(PVPConstants.MANDATE_TYPE_OID_NAME) 
+					|| extractor.containsAttribute(PVPConstants.MANDATE_REFERENCE_VALUE_NAME) ) {
+						
+				Logger.debug("Find Mandate-Attributes in E-ID response. Switch to mandate-mode ... ");
+				session.setUseMandates(true);
+				
+				//check if mandate was used by ...
+				if (extractor.containsAttribute(PVPConstants.MANDATE_PROF_REP_OID_NAME) || 
+						extractor.containsAttribute(PVPConstants.MANDATE_PROF_REP_DESC_NAME) ) {
+					Logger.debug("Find PROF_REP information in mandate. Switch to 'Organwalter' mode ...");
+					session.setOW(true);
+									
+				}
+								
+			}
+			
+			
+			
 												
 //		} catch (AssertionValidationExeption e) {
 //			throw new BuildException("builder.06", null, e);
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index fc8fb5955..af8211dee 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -70,6 +70,7 @@ import at.gv.egovernment.moa.id.auth.exception.ServiceException;
 import at.gv.egovernment.moa.id.auth.exception.ValidateException;
 import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
 import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
@@ -475,6 +476,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 			String samlAssertion = null;
 			//add mandate info's
 			if (authData.isUseMandate()) {								
+				
 				//only provide full mandate if it is included.  
 				if (saml1parameter.isProvideFullMandatorData() 
 						&& authData.getMISMandate() != null) {
@@ -546,8 +548,12 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 					}				
 				}
 				
+				//build mandateDate Attribute
 				String mandateDate = generateMandateDate(oaParam, authData);
 				
+				//build RepresentationType and
+				generateRepresentationTypeAndOWInfos(oaAttributes, oaParam, authData);
+				
 				samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate(
 						authData, 
 						prPerson, 
@@ -593,6 +599,65 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 
 	}
 
+	private void generateRepresentationTypeAndOWInfos(List<ExtendedSAMLAttribute> oaAttributes,
+			IOAAuthParameters oaParam, SAML1AuthenticationData authData) {
+		boolean isRepresentationTypeSet = false;
+		boolean isOWOIDSet = false;
+		boolean isOWFriendlyNameSet = false;
+		
+		for (ExtendedSAMLAttribute el : oaAttributes) {
+			if (EXT_SAML_MANDATE_REPRESENTATIONTYPE.equals(el.getName()))
+					isRepresentationTypeSet = true;
+			
+			if (EXT_SAML_MANDATE_OID.equals(el.getName()))
+				isOWOIDSet = true;
+			
+			if (EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION.equals(el.getName()))
+				isOWFriendlyNameSet = true;
+		}
+				
+				
+		if (!isRepresentationTypeSet)
+			oaAttributes.add(new ExtendedSAMLAttributeImpl(
+					EXT_SAML_MANDATE_REPRESENTATIONTYPE,
+					EXT_SAML_MANDATE_REPRESENTATIONTEXT,
+					SZRGWConstants.MANDATE_NS,
+					ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+			
+		
+		String oid = null;
+		String oidDescription = null;
+		
+		if (authData.getMISMandate() != null) {
+			oid = authData.getMISMandate().getProfRep();
+			oidDescription = authData.getMISMandate().getTextualDescriptionOfOID();
+			
+		} else {
+			oid = authData.getGenericData(PVPConstants.MANDATE_PROF_REP_OID_NAME, String.class);
+			oidDescription = authData.getGenericData(PVPConstants.MANDATE_PROF_REP_DESC_NAME, String.class);
+			
+		}
+			
+		 
+		
+		
+		if (!isOWOIDSet && oid != null)
+			oaAttributes.add(new ExtendedSAMLAttributeImpl(
+					EXT_SAML_MANDATE_OID, oid,
+					SZRGWConstants.MANDATE_NS,
+					ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+						
+		if (!isOWFriendlyNameSet && oidDescription != null)	
+			oaAttributes.add(new ExtendedSAMLAttributeImpl(
+					EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION,
+					oidDescription, SZRGWConstants.MANDATE_NS,
+					ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+		
+		
+	}
+
+
 	private String generateMandateDate(IOAAuthParameters oaParam, MOAAuthenticationData authData
 			) throws AuthenticationException, BuildException,
 			ParseException, ConfigurationException, ServiceException,