diff options
author | Alexander Marsalek <amarsalek@iaik.tugraz.at> | 2015-01-29 15:18:44 +0100 |
---|---|---|
committer | Alexander Marsalek <amarsalek@iaik.tugraz.at> | 2015-01-29 15:18:44 +0100 |
commit | a34e3cc5ca505149d8de588de8d8a19b9a962845 (patch) | |
tree | d23e6c1bf402e2957a0d953431adbe59f413eadf | |
parent | 328e6d233a4854ee0a9d1b5677915c0531f0aa88 (diff) | |
download | moa-id-spss-a34e3cc5ca505149d8de588de8d8a19b9a962845.tar.gz moa-id-spss-a34e3cc5ca505149d8de588de8d8a19b9a962845.tar.bz2 moa-id-spss-a34e3cc5ca505149d8de588de8d8a19b9a962845.zip |
added qaa check
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java | 81 |
1 files changed, 65 insertions, 16 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 1be31ded9..4c587a5f6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -244,7 +244,56 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
throw new MOAIDException("stork.07", null);
}
-
+
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix());
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
+ //================== Check QAA level start ====================
+ int reqQaa = -1;
+ int authQaa = -1;
+ String authQaaStr = null;
+ try {
+ reqQaa = storkAuthnRequest.getQaa();
+
+ //TODO: found better solution, but QAA Level in response could be not supported yet
+ try {
+
+ authQaaStr = authnResponse.getAssertions().get(0).
+ getAuthnStatements().get(0).getAuthnContext().
+ getAuthnContextClassRef().getAuthnContextClassRef();
+ moaSession.setQAALevel(authQaaStr);
+
+ } catch (Throwable e) {
+ Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
+ moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
+ authQaaStr = PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel();
+ }
+ if(authQaaStr != null)//Check value only if set
+ {
+ authQaa = Integer.valueOf(authQaaStr.substring(PVPConstants.STORK_QAA_PREFIX.length()));
+// authQaa = Integer.valueOf(authQaaStr);
+ if (reqQaa > authQaa) {
+ Logger.warn("Requested QAA level does not match to authenticated QAA level");
+ throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa});
+
+ }
+ }
+ } catch (MOAIDException e) {
+ throw e;
+
+ } catch (Exception e) {
+ if (Logger.isDebugEnabled())
+ Logger.warn("STORK QAA Level evaluation error", e);
+
+ else
+ Logger.warn("STORK QAA Level evaluation error (ErrorMessage="
+ + e.getMessage() + ")");
+
+ throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa});
+
+ }
+ //================== Check QAA level end ====================
+
Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
////////////// incorporate gender from parameters if not in stork response
@@ -356,9 +405,9 @@ public class PEPSConnectorServlet extends AuthServlet { // Logger.error("could not retrieve moa session");
// throw new AuthenticationException("auth.01", null);
// }
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix());
- if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
+// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix());
+// if (oaParam == null)
+// throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
// retrieve target
//TODO: check in case of SSO!!!
@@ -437,18 +486,18 @@ public class PEPSConnectorServlet extends AuthServlet { // stork did the authentication step
moaSession.setAuthenticated(true);
- //TODO: found better solution, but QAA Level in response could be not supported yet
- try {
-
- moaSession.setQAALevel(authnResponse.getAssertions().get(0).
- getAuthnStatements().get(0).getAuthnContext().
- getAuthnContextClassRef().getAuthnContextClassRef());
-
- } catch (Throwable e) {
- Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
- moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
-
- }
+// //TODO: found better solution, but QAA Level in response could be not supported yet
+// try {
+//
+// moaSession.setQAALevel(authnResponse.getAssertions().get(0).
+// getAuthnStatements().get(0).getAuthnContext().
+// getAuthnContextClassRef().getAuthnContextClassRef());
+//
+// } catch (Throwable e) {
+// Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
+// moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
+//
+// }
//session is implicit stored in changeSessionID!!!!
String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
|