diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-10-13 15:00:25 +0200 | 
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-10-13 15:00:25 +0200 | 
| commit | 154338abc9ba998bf589b9ab12882ddffa78cf53 (patch) | |
| tree | e16b9c9b45cf88dc156c03b524d3e2f6dedb53bf | |
| parent | 87182edee2d4b4d923802995f1421857034e40c7 (diff) | |
| download | moa-id-spss-154338abc9ba998bf589b9ab12882ddffa78cf53.tar.gz moa-id-spss-154338abc9ba998bf589b9ab12882ddffa78cf53.tar.bz2 moa-id-spss-154338abc9ba998bf589b9ab12882ddffa78cf53.zip | |
enforce eiDAS legal-person MDS if citizen uses mandates and no legal-person attributes are requested
3 files changed, 46 insertions, 19 deletions
| diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 2ce9fb9e7..05f58d5bc 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -275,6 +275,7 @@ eIDAS.13=Generation of eIDAS Response FAILED. Reason:{0}  eIDAS.14=eIDAS Response validation FAILED: LevelOfAssurance {0} is to low.
  eIDAS.15=Generation of eIDAS Response FAILED. Required attribute: {0} is NOT available.
  eIDAS.16=eIDAS Response attribute-validation FAILED. Attribute:{0} Reason: {1}.
 +eIDAS.17=Generation of eIDAS Response FAILED. Citzen use mandates for authentication but there are no mandate attributes requested
  pvp2.01=Fehler beim kodieren der PVP2 Antwort
  pvp2.02=Ungueltiges Datumsformat
 diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index c6d0844ce..0a37fdc91 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -230,6 +230,7 @@ eIDAS.13=1307  eIDAS.14=1301  eIDAS.15=1307  eIDAS.16=1301 +eIDAS.17=1307  pvp2.01=6100  pvp2.06=6100 diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java index d0cda38c7..b91bbde9e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java @@ -77,6 +77,8 @@ public class eIDASAuthenticationRequest implements IAction {  	@Autowired protected MOAReversionLogger revisionsLogger;  	@Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider; + +	  	@Override  	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {  		EIDASData eidasRequest; @@ -91,29 +93,32 @@ public class eIDASAuthenticationRequest implements IAction {  		//gather attributes  		ImmutableAttributeMap reqAttributeList = (ImmutableAttributeMap) eidasRequest.getEidasRequestedAttributes();		  		ImmutableAttributeMap.Builder attrMapBuilder = ImmutableAttributeMap.builder(); - -		//generate eIDAS attributes -		for(AttributeDefinition<?> attr : reqAttributeList.getDefinitions()) { -			Pair<AttributeDefinition<?>, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute( -					attr, req.getOnlineApplicationConfiguration(), authData); -						 -			if(eIDASAttr == null) {				 -				if (attr.isRequired()) { -					Logger.info("eIDAS Attr:" + attr.getNameUri() + " is marked as 'Required' but not available."); -					throw new MOAIDException("eIDAS.15", new Object[]{attr.getFriendlyName()}); -										 -				} else -					Logger.info("eIDAS Attr:" + attr.getNameUri() + " is not available.");	 -			} else { -				//add attribute to Map -				attrMapBuilder.put( -						(AttributeDefinition)eIDASAttr.getFirst(),  -						(ImmutableSet)eIDASAttr.getSecond()); +		//generate eIDAS attributes +		for(AttributeDefinition<?> attr : reqAttributeList.getDefinitions()) +			buildAndAddAttribute(attrMapBuilder, attr, eidasRequest, authData); + +		 +		//Check if Mandate attributes are requested if mandates was used +		if (authData.isUseMandate()) {  +			if (reqAttributeList.getDefinitionByNameUri( +						eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_PERSON_IDENTIFIER.getNameUri()) == null) { +			Logger.info("Citzen perfom authentication with mandates but no mandate attribute are included. --> Add mandate attribute 'LEGAL_PERSON_IDENTIFIER'"); +			buildAndAddAttribute(attrMapBuilder, eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_PERSON_IDENTIFIER, eidasRequest, authData); +					 +			} +			 +			if (reqAttributeList.getDefinitionByNameUri( +					eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_NAME.getNameUri()) == null) { +				Logger.info("Citzen perfom authentication with mandates but no mandate attribute are included. --> Add mandate attribute 'LEGAL_NAME'"); +				buildAndAddAttribute(attrMapBuilder, eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_NAME, eidasRequest, authData);  			}  		} +		//build final attibute set +		ImmutableAttributeMap eIDASAttrbutMap = attrMapBuilder.build(); +		  		// construct eIDaS response  		AuthenticationResponse.Builder responseBuilder = new AuthenticationResponse.Builder(); @@ -127,7 +132,7 @@ public class eIDASAuthenticationRequest implements IAction {  		responseBuilder.levelOfAssurance(authData.getEIDASQAALevel());  		//add attributes -		responseBuilder.attributes(attrMapBuilder.build()); +		responseBuilder.attributes(eIDASAttrbutMap);  		//set success statuscode  		responseBuilder.statusCode(StatusCode.SUCCESS_URI); @@ -221,6 +226,26 @@ public class eIDASAuthenticationRequest implements IAction {  		return "eIDAS_AuthnRequest";  	} +	private void buildAndAddAttribute(ImmutableAttributeMap.Builder attrMapBuilder, AttributeDefinition<?> attr, IRequest req, IAuthData authData) throws MOAIDException { +		Pair<AttributeDefinition<?>, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute( +				attr, req.getOnlineApplicationConfiguration(), authData); +					 +		if(eIDASAttr == null) {				 +			if (attr.isRequired()) { +				Logger.info("eIDAS Attr:" + attr.getNameUri() + " is marked as 'Required' but not available."); +				throw new MOAIDException("eIDAS.15", new Object[]{attr.getFriendlyName()}); +									 +			} else +				Logger.info("eIDAS Attr:" + attr.getNameUri() + " is not available.");	 +			 +		} else { +			//add attribute to Map +			attrMapBuilder.put( +					(AttributeDefinition)eIDASAttr.getFirst(),  +					(ImmutableSet)eIDASAttr.getSecond()); +			 +		}			 +	} | 
