temporarily commit to save state

1 files changed, 144 insertions, 130 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 8a9999d85..999f289e0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -45,10 +45,6 @@ import javax.xml.bind.Marshaller;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.core.AttributeQuery;
 import org.opensaml.saml2.core.AuthnStatement;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.ws.soap.common.SOAPException;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.w3c.dom.Element;
@@ -82,7 +78,6 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.AuthenticationData;
 import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
 import at.gv.egovernment.moa.id.data.IAuthData;
@@ -91,7 +86,6 @@ import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
@@ -99,7 +93,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
@@ -125,140 +118,62 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
 	@Autowired protected AuthConfiguration authConfig;
-	@Autowired private AttributQueryBuilder attributQueryBuilder;
-	@Autowired private SAMLVerificationEngine samlVerificationEngine;
 	
-	public IAuthData buildAuthenticationData(IRequest protocolRequest, 
-            AuthenticationSession session, List<Attribute> reqAttributes) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {		
-		AuthenticationData authdata = null;		
+	public IAuthData buildAuthenticationDataForAttributQuery(IRequest pendingReq, 
+            AuthenticationSession session, List<Attribute> reqAttributes) {
+		AuthenticationData authdata = new AuthenticationData();
 		
-		//only needed for SAML1 legacy support
 		try {
-			//check if SAML1 authentication module is in Classpath
-			Class<?> saml1RequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl");
-			IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").newInstance();			
-			if (saml1RequstTemplate != null && 
-					saml1RequstTemplate.isInstance(protocolRequest)) {				
-				//request is SAML1  --> invoke SAML1 protocol specific methods 
-				if (session.getExtendedSAMLAttributesOA() == null) {
-					saml1authdata.getClass().getMethod("setExtendedSAMLAttributesOA", List.class).invoke(saml1authdata, new ArrayList<ExtendedSAMLAttribute>());
-					
-				} else {
-					saml1authdata.getClass().getMethod("setExtendedSAMLAttributesOA", List.class).invoke(saml1authdata, session.getExtendedSAMLAttributesOA());
-				}
+			//mark AttributeQuery as used if it exists
+			OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, pendingReq.getOAURL(), pendingReq.requestedModule());
+			if (activeOA != null) {
+				//reuse some parameters if it is a Service-Provider reauthentication
+				authdata.setSessionIndex(activeOA.getAssertionSessionID());
+				authdata.setNameID(activeOA.getUserNameID());
+				authdata.setNameIDFormat(activeOA.getUserNameIDFormat());
 				
-				authdata = (AuthenticationData) saml1authdata;
-							
-			} else {			
-				authdata = new AuthenticationData();
-							
-			}
-						
-		} catch (ClassNotFoundException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) {			
-			authdata = new AuthenticationData();
-			
-		}
-		
-		//reuse some parameters if it is a Service-Provider reauthentication
-		OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, protocolRequest.getOAURL(), protocolRequest.requestedModule());
-		if (activeOA != null) {
-			authdata.setSessionIndex(activeOA.getAssertionSessionID());
-			authdata.setNameID(activeOA.getUserNameID());
-			authdata.setNameIDFormat(activeOA.getUserNameIDFormat());
-			
-			//mark AttributeQuery as used
-			if ( protocolRequest instanceof PVPTargetConfiguration && 
-					((PVPTargetConfiguration) protocolRequest).getRequest() instanceof MOARequest &&
-					((PVPTargetConfiguration) protocolRequest).getRequest().getInboundMessage() instanceof AttributeQuery) {				
-				try {
-					activeOA.setAttributeQueryUsed(true);
-					MOASessionDBUtils.saveOrUpdate(activeOA);
+				//mark 
+				if ( pendingReq instanceof PVPTargetConfiguration && 
+						((PVPTargetConfiguration) pendingReq).getRequest() instanceof MOARequest &&
+						((PVPTargetConfiguration) pendingReq).getRequest().getInboundMessage() instanceof AttributeQuery) {				
+					try {
+						activeOA.setAttributeQueryUsed(true);
+						MOASessionDBUtils.saveOrUpdate(activeOA);
 					
-				} catch (MOADatabaseException e) {
-					Logger.error("MOASession interfederation information can not stored to database.", e);
+					} catch (MOADatabaseException e) {
+						Logger.error("MOASession interfederation information can not stored to database.", e);
 					
-				}				
+					}				
+				}
 			}
-		}
-		
-		//search federated IDP information in MOASession
-		InterfederationSessionStore interfIDP = authenticatedSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session);
 		
-		IOAAuthParameters oaParam = null;				
-		if (reqAttributes == null) {
-			//get OnlineApplication from MOA-ID-Auth configuration
-			oaParam = protocolRequest.getOnlineApplicationConfiguration();
-
-			//build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway			 
-			if (oaParam.isSTORKPVPGateway())
-				oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, protocolRequest);
-						
-		} else {
-			//build OnlineApplication dynamic from requested attributes (AttributeQuerry Request)
-			oaParam = DynamicOAAuthParameterBuilder.buildFromAttributeQuery(reqAttributes, interfIDP);
+			getAuthDataFromInterfederation(authdata, session, spConfig, pendingReq, interfIDP, idp,  reqAttributes);
 			
-		}
-		
-		if (interfIDP != null ) {
-			//authentication by using a federated IDP
-			if (oaParam.isInderfederationIDP() && protocolRequest instanceof PVPTargetConfiguration &&
-					!(((PVPTargetConfiguration)protocolRequest).getRequest() instanceof AttributeQuery)) {
-				//IDP is a chained interfederated IDP and Authentication is requested
-				
-				//only set minimal response attributes
-				authdata.setQAALevel(interfIDP.getQAALevel());
-				authdata.setBPK(interfIDP.getUserNameID());
-
-			} else {						
-				//get attributes from interfederated IDP
-				OAAuthParameter idp = authConfig.getOnlineApplicationParameter(interfIDP.getIdpurlprefix());
-				getAuthDataFromInterfederation(authdata, session, oaParam, protocolRequest, interfIDP, idp,  reqAttributes);
+			
+			
+			
+			
+			
+			//mark attribute request as used 				
+			try {
+				interfIDP.setAttributesRequested(true);
+				MOASessionDBUtils.saveOrUpdate(interfIDP);
+														
+			} catch (MOADatabaseException e) {
+				Logger.error("MOASession interfederation information can not stored to database.", e);
 				
-				//mark attribute request as used 				
-				try {
-					interfIDP.setAttributesRequested(true);
-					MOASessionDBUtils.saveOrUpdate(interfIDP);
-															
-				} catch (MOADatabaseException e) {
-					Logger.error("MOASession interfederation information can not stored to database.", e);
-					
-				}
 			}
 			
-		} else {
-			//build AuthenticationData from MOASession
-			buildAuthDataFormMOASession(authdata, session, oaParam, protocolRequest);
-					
-		}
 		
-		return authdata;								
+			return authdata;
+			
+		} catch (DynamicOABuildException e) {
+			//TODO:
+			
+		}
 	}
 	
-	/**
-	 * @param req
-	 * @param session
-	 * @param reqAttributes
-	 * @return
-	 * @throws WrongParametersException 
-	 * @throws ConfigurationException 
-	 * @throws BuildException 
-	 * @throws DynamicOABuildException 
-	 */
-	public IAuthData buildAuthenticationData(IRequest req,
-			AuthenticationSession session) throws WrongParametersException, ConfigurationException, BuildException, DynamicOABuildException {
-		return buildAuthenticationData(req, session, null);
-	}
 	
-	/**
-	 * @param authdata
-	 * @param session
-	 * @param oaParam
-	 * @param protocolRequest
-	 * @param interfIDP
-	 * @param idp 
-	 * @param reqQueryAttr 
-	 * @throws ConfigurationException 
-	 */
 	private void getAuthDataFromInterfederation(
 			AuthenticationData authdata, AuthenticationSession session,
 			IOAAuthParameters oaParam, IRequest req,
@@ -363,6 +278,76 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 		}
 	}
 	
+	
+	public IAuthData buildAuthenticationData(IRequest pendingReq, 
+            AuthenticationSession session) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {		
+		AuthenticationData authdata = null;		
+		
+		//only needed for SAML1 legacy support
+		try {
+			//check if SAML1 authentication module is in Classpath
+			Class<?> saml1RequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl");
+			IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").newInstance();			
+			if (saml1RequstTemplate != null && 
+					saml1RequstTemplate.isInstance(pendingReq)) {				
+				//request is SAML1  --> invoke SAML1 protocol specific methods 
+				if (session.getExtendedSAMLAttributesOA() == null) {
+					saml1authdata.getClass().getMethod("setExtendedSAMLAttributesOA", List.class).invoke(saml1authdata, new ArrayList<ExtendedSAMLAttribute>());
+					
+				} else {
+					saml1authdata.getClass().getMethod("setExtendedSAMLAttributesOA", List.class).invoke(saml1authdata, session.getExtendedSAMLAttributesOA());
+				}
+				
+				authdata = (AuthenticationData) saml1authdata;
+							
+			} else {			
+				authdata = new AuthenticationData();
+							
+			}
+						
+		} catch (ClassNotFoundException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) {			
+			authdata = new AuthenticationData();
+			
+		}
+				
+		OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, pendingReq.getOAURL(), pendingReq.requestedModule());
+		//reuse authentication information in case of service-provider reauthentication
+		if (activeOA != null) {
+			authdata.setSessionIndex(activeOA.getAssertionSessionID());
+			authdata.setNameID(activeOA.getUserNameID());
+			authdata.setNameIDFormat(activeOA.getUserNameIDFormat());
+						
+		}
+		
+		//get OnlineApplication from MOA-ID-Auth configuration
+		IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();				
+
+		//TODO: move to eIDAS-Code in case of ISA1.18 action is enabled for eIDAS
+		//build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway			 
+		if (oaParam.isSTORKPVPGateway())
+			oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, pendingReq);
+		
+		//check if minimal response is required
+		
+		//TODO check if really required
+		Boolean isMinimalFrontChannelResp = pendingReq.getGenericData(
+				PVPTargetConfiguration.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, Boolean.class);
+		if (isMinimalFrontChannelResp != null && isMinimalFrontChannelResp) {
+			//only set minimal response attributes			
+			authdata.setQAALevel(
+					pendingReq.getGenericData(PVPTargetConfiguration.DATAID_INTERFEDERATION_QAALEVEL, String.class));
+			authdata.setBPK(
+					pendingReq.getGenericData(PVPTargetConfiguration.DATAID_INTERFEDERATION_NAMEID, String.class));
+						
+		} else {
+			//build AuthenticationData from MOASession
+			buildAuthDataFormMOASession(authdata, session, oaParam, pendingReq);
+			
+		}
+		
+		return authdata;								
+	}
+	
 	private  void buildAuthDataFormInterfederationResponse(
 			AuthenticationData authData, 
 			AuthenticationSession session, 
@@ -982,19 +967,45 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 
 			
 			MISMandate mandate = session.getMISMandate();
-			authData.setMISMandate(mandate);
-			authData.setUseMandate(session.getUseMandate());
+			if (session.getUseMandate() && mandate == null) {
+				Logger.error("Mandate is requested but NO mandate-data is found!.");
+				throw new BuildException("builder.00", new Object[]{
+	                    "Mandate", "Mandate is requested but NO mandate-data is found!"});
+				
+			}
+			
 			authData.setMandateReferenceValue(session.getMandateReferenceValue());
 			
+			if (mandate != null) {
+				//set MIS mandate to authdata
+				authData.setMISMandate(mandate);
+				authData.setUseMandate(session.getUseMandate());				
+				
+			} else {
+				//check if ELGA mandates exists
+				String mandateType = session.getGenericDataFromSession(
+						PVPConstants.MANDATE_TYPE_NAME, String.class);
+				if (MiscUtil.isNotEmpty(mandateType)) {
+					//switch to mandate-mode for authdata generation, because mandate-information
+					// is directly included in MOA-Session as PVP attributes
+					Logger.debug("AuthDataBuilder find directly included 'MandateType' attribute."
+							+ " --> Switch to mandate-mode for authdata generation.");
+					authData.setUseMandate(true);
+					
+				}
+				
+				
+			}
+				
 			if (session.getUseMandate() && session.isOW() 
 					&& mandate != null && MiscUtil.isNotEmpty(mandate.getOWbPK())) {				
 				authData.setBPK(mandate.getOWbPK());
 				authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW");
-				
+					
 				//TODO: check in case of mandates for business services
 				authData.setIdentityLink(identityLink);
 				Logger.trace("Authenticated User is OW: " + mandate.getOWbPK());
-
+	
             } else {
             	buildOAspecificbPK(protocolRequest, oaParam, authData, 
             			identityLink.getIdentificationValue(), 
@@ -1004,7 +1015,10 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
             	                        
             }
 			
-					
+			//TODO
+		} catch (BuildException e) {
+			throw e;
+			
         } catch (Throwable ex) {
             throw new BuildException("builder.00", new Object[]{
                     "AuthenticationData", ex.toString()}, ex);