diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2020-02-19 13:22:40 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2020-02-19 13:22:40 +0100 |
commit | 7c361d450a97b9d79a1da90961fd727d2808f9c8 (patch) | |
tree | f09f3e97191e2cbc8b123b4758ccfc8d7c5d736b | |
parent | b2a4e40dd5fa0af6e8ecb185c2dce95e9a69019b (diff) | |
download | moa-id-spss-7c361d450a97b9d79a1da90961fd727d2808f9c8.tar.gz moa-id-spss-7c361d450a97b9d79a1da90961fd727d2808f9c8.tar.bz2 moa-id-spss-7c361d450a97b9d79a1da90961fd727d2808f9c8.zip |
inject mandate-profiles into eIDAS MS-Connector request in case of SEMPER mode
3 files changed, 71 insertions, 2 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java new file mode 100644 index 000000000..c6eb74dd6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java @@ -0,0 +1,50 @@ +package at.gv.egovernment.moa.id.protocols.builder.attributes; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; + +public class EidSpMandateProfilesAttributeBuilder implements IAttributeBuilder { + private static final Logger log = LoggerFactory.getLogger(EidSpMandateProfilesAttributeBuilder.class); + + @Override + public <T> T build(final ISPConfiguration oaParam, final IAuthData authData, final IAttributeGenerator<T> g) + throws AttributeBuilderException { + if (oaParam instanceof IOAAuthParameters && ((IOAAuthParameters) oaParam).isShowMandateCheckBox()) { + return g.buildStringAttribute(getFriendlyName(), getName(), + StringUtils.join( + ((IOAAuthParameters) oaParam).getMandateProfiles(), ",")); + + } else { + log.info("{} is only available in AuthHandler context", getFriendlyName()); + + } + throw new UnavailableAttributeException(getName()); + + } + + @Override + public <T> T buildEmpty(final IAttributeGenerator<T> g) { + return g.buildEmptyAttribute(getFriendlyName(), getName()); + + } + + @Override + public String getName() { + return ExtendedPVPAttributeDefinitions.SP_USESMANDATES_NAME; + } + + private String getFriendlyName() { + return ExtendedPVPAttributeDefinitions.SP_USESMANDATES_FRIENDLY_NAME; + } + +} diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index a10b9b3e0..408066bf2 100644 --- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder +++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -23,3 +23,4 @@ at.gv.egovernment.moa.id.protocols.builder.attributes.HolderOfKey at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder +at.gv.egovernment.moa.id.protocols.builder.attributes.EidSpMandateProfilesAttributeBuilders diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java index c1229e3ff..d3a2d2840 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java @@ -29,6 +29,7 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang3.StringUtils; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.metadata.EntityDescriptor; @@ -38,6 +39,7 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions; import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; @@ -55,6 +57,7 @@ import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentral import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.Utils; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -168,15 +171,30 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { private List<EAAFRequestedAttribute> buildRequestedAttributes() { List<EAAFRequestedAttribute> attributs = new ArrayList<EAAFRequestedAttribute>(); + OAAuthParameterDecorator spConfig = + pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class); + //build EID sector for identification attribute Attribute attr = PVPAttributeBuilder.buildEmptyAttribute(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME); EAAFRequestedAttribute reqAttr = SAML2Utils.generateReqAuthnAttributeSimple( attr , true, - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + spConfig.getAreaSpecificTargetIdentifier()); attributs.add(reqAttr ); - //TODO: add mandate information if mandates are used!!!! + //build MandateProfileAttribute if SEMPER is enabled and mandates are requested + if (spConfig.isShowMandateCheckBox() + && authConfig.getBasicConfigurationBoolean( + EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) { + Logger.debug("SEMPER mode is active. Inject MandateProfiles into eIDAS MS-Connector request"); + final Attribute attrMandateProfiles = PVPAttributeBuilder.buildEmptyAttribute( + ExtendedPVPAttributeDefinitions.SP_USESMANDATES_NAME); + final EAAFRequestedAttribute mandateProfilesReqAttr = SAML2Utils.generateReqAuthnAttributeSimple( + attrMandateProfiles, true, + StringUtils.join(spConfig.getMandateProfiles(), ",")); + attributs.add(mandateProfilesReqAttr); + + } return attributs; } |