aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2020-02-19 13:22:40 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2020-02-19 13:22:40 +0100
commit7c361d450a97b9d79a1da90961fd727d2808f9c8 (patch)
treef09f3e97191e2cbc8b123b4758ccfc8d7c5d736b
parentb2a4e40dd5fa0af6e8ecb185c2dce95e9a69019b (diff)
downloadmoa-id-spss-7c361d450a97b9d79a1da90961fd727d2808f9c8.tar.gz
moa-id-spss-7c361d450a97b9d79a1da90961fd727d2808f9c8.tar.bz2
moa-id-spss-7c361d450a97b9d79a1da90961fd727d2808f9c8.zip
inject mandate-profiles into eIDAS MS-Connector request in case of SEMPER mode
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java50
-rw-r--r--id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder1
-rw-r--r--id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java22
3 files changed, 71 insertions, 2 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java
new file mode 100644
index 000000000..c6eb74dd6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java
@@ -0,0 +1,50 @@
+package at.gv.egovernment.moa.id.protocols.builder.attributes;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+
+public class EidSpMandateProfilesAttributeBuilder implements IAttributeBuilder {
+ private static final Logger log = LoggerFactory.getLogger(EidSpMandateProfilesAttributeBuilder.class);
+
+ @Override
+ public <T> T build(final ISPConfiguration oaParam, final IAuthData authData, final IAttributeGenerator<T> g)
+ throws AttributeBuilderException {
+ if (oaParam instanceof IOAAuthParameters && ((IOAAuthParameters) oaParam).isShowMandateCheckBox()) {
+ return g.buildStringAttribute(getFriendlyName(), getName(),
+ StringUtils.join(
+ ((IOAAuthParameters) oaParam).getMandateProfiles(), ","));
+
+ } else {
+ log.info("{} is only available in AuthHandler context", getFriendlyName());
+
+ }
+ throw new UnavailableAttributeException(getName());
+
+ }
+
+ @Override
+ public <T> T buildEmpty(final IAttributeGenerator<T> g) {
+ return g.buildEmptyAttribute(getFriendlyName(), getName());
+
+ }
+
+ @Override
+ public String getName() {
+ return ExtendedPVPAttributeDefinitions.SP_USESMANDATES_NAME;
+ }
+
+ private String getFriendlyName() {
+ return ExtendedPVPAttributeDefinitions.SP_USESMANDATES_FRIENDLY_NAME;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
index a10b9b3e0..408066bf2 100644
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -23,3 +23,4 @@ at.gv.egovernment.moa.id.protocols.builder.attributes.HolderOfKey
at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder
at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder
at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.EidSpMandateProfilesAttributeBuilders
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
index c1229e3ff..d3a2d2840 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
@@ -29,6 +29,7 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang3.StringUtils;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -38,6 +39,7 @@ import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
@@ -55,6 +57,7 @@ import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentral
import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.Utils;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -168,15 +171,30 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
private List<EAAFRequestedAttribute> buildRequestedAttributes() {
List<EAAFRequestedAttribute> attributs = new ArrayList<EAAFRequestedAttribute>();
+ OAAuthParameterDecorator spConfig =
+ pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class);
+
//build EID sector for identification attribute
Attribute attr = PVPAttributeBuilder.buildEmptyAttribute(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME);
EAAFRequestedAttribute reqAttr = SAML2Utils.generateReqAuthnAttributeSimple(
attr ,
true,
- pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+ spConfig.getAreaSpecificTargetIdentifier());
attributs.add(reqAttr );
- //TODO: add mandate information if mandates are used!!!!
+ //build MandateProfileAttribute if SEMPER is enabled and mandates are requested
+ if (spConfig.isShowMandateCheckBox()
+ && authConfig.getBasicConfigurationBoolean(
+ EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) {
+ Logger.debug("SEMPER mode is active. Inject MandateProfiles into eIDAS MS-Connector request");
+ final Attribute attrMandateProfiles = PVPAttributeBuilder.buildEmptyAttribute(
+ ExtendedPVPAttributeDefinitions.SP_USESMANDATES_NAME);
+ final EAAFRequestedAttribute mandateProfilesReqAttr = SAML2Utils.generateReqAuthnAttributeSimple(
+ attrMandateProfiles, true,
+ StringUtils.join(spConfig.getMandateProfiles(), ","));
+ attributs.add(mandateProfilesReqAttr);
+
+ }
return attributs;
}