diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-04-18 09:56:19 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-04-18 09:56:19 +0200 |
commit | a184de09bda4327441c214aa84d77e57500b28ca (patch) | |
tree | e7e8129ac11388d3e24dc1d90ce37c5fa0ce35d5 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils | |
parent | e71dc9f4f38fc762dad0ce5e0c0cbb8bd5884685 (diff) | |
download | moa-id-spss-a184de09bda4327441c214aa84d77e57500b28ca.tar.gz moa-id-spss-a184de09bda4327441c214aa84d77e57500b28ca.tar.bz2 moa-id-spss-a184de09bda4327441c214aa84d77e57500b28ca.zip |
Finish PVP21 interfederation assertion preprocessing
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils')
2 files changed, 111 insertions, 85 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java new file mode 100644 index 000000000..61b481447 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java @@ -0,0 +1,111 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.protocols.pvp2x.utils; + +import java.util.List; + +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.AuthnContextClassRef; +import org.opensaml.saml2.core.AuthnStatement; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.Subject; + +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +public class AssertionAttributeExtractor { + + private Assertion assertion = null; + + public AssertionAttributeExtractor(Response samlResponse) throws AssertionAttributeExtractorExeption { + if (samlResponse != null) { + if (samlResponse.getAssertions().size() == 0) + throw new AssertionAttributeExtractorExeption("Assertion"); + + else if (samlResponse.getAssertions().size() > 1) + Logger.warn("Found more then ONE PVP2.1 assertions. Only the First is used."); + + assertion = samlResponse.getAssertions().get(0); + + } else + throw new AssertionAttributeExtractorExeption(); + } + + public String getNameID() throws AssertionAttributeExtractorExeption { + if (assertion.getSubject() != null) { + Subject subject = assertion.getSubject(); + + if (subject.getNameID() != null) { + if (MiscUtil.isNotEmpty(subject.getNameID().getValue())) + return subject.getNameID().getValue(); + + else + Logger.error("SAML2 NameID Element is empty."); + } + } + + throw new AssertionAttributeExtractorExeption("nameID"); + } + + public String getSessionIndex() throws AssertionAttributeExtractorExeption { + AuthnStatement authn = getAuthnStatement(); + + if (MiscUtil.isNotEmpty(authn.getSessionIndex())) + return authn.getSessionIndex(); + + else + throw new AssertionAttributeExtractorExeption("SessionIndex"); + } + + /** + * @return + * @throws AssertionAttributeExtractorExeption + */ + public String getQAALevel() throws AssertionAttributeExtractorExeption { + AuthnStatement authn = getAuthnStatement(); + if (authn.getAuthnContext() != null && authn.getAuthnContext().getAuthnContextClassRef() != null) { + AuthnContextClassRef qaaClass = authn.getAuthnContext().getAuthnContextClassRef(); + + if (MiscUtil.isNotEmpty(qaaClass.getAuthnContextClassRef())) + return qaaClass.getAuthnContextClassRef(); + + else + throw new AssertionAttributeExtractorExeption("AuthnContextClassRef (QAALevel)"); + } + + throw new AssertionAttributeExtractorExeption("AuthnContextClassRef"); + } + + private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption { + List<AuthnStatement> authnList = assertion.getAuthnStatements(); + if (authnList.size() == 0) + throw new AssertionAttributeExtractorExeption("AuthnStatement"); + + else if (authnList.size() > 1) + Logger.warn("Found more then ONE AuthnStatements in PVP2.1 assertions. Only the First is used."); + + return authnList.get(0); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java deleted file mode 100644 index 666bfab3c..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java +++ /dev/null @@ -1,85 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.utils; - -import java.util.Iterator; -import java.util.List; - -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; - -public class AttributeExtractor { - - public static String extractSAMLAttributeOA(String name, - AuthenticationSession authSession) { - List<ExtendedSAMLAttribute> extAttributes = authSession.getExtendedSAMLAttributesOA(); - if(extAttributes == null) { - return null; - } - Iterator<ExtendedSAMLAttribute> extAttributesIt = extAttributes.iterator(); - while(extAttributesIt.hasNext()) { - Object attr = extAttributesIt.next(); - if(attr instanceof ExtendedSAMLAttribute) { - ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr; - if(extAttribute.getName().equals(name)) { - if(extAttribute.getValue() instanceof String) { - return extAttribute.getValue().toString(); - } - break; - } - } - } - return null; - } - - public static String extractSAMLAttributeAUTH(String name, - AuthenticationSession authSession) { - List<ExtendedSAMLAttribute> extAttributes = authSession.getExtendedSAMLAttributesAUTH(); - if(extAttributes == null) { - return null; - } - Iterator<ExtendedSAMLAttribute> extAttributesIt = extAttributes.iterator(); - while(extAttributesIt.hasNext()) { - Object attr = extAttributesIt.next(); - if(attr instanceof ExtendedSAMLAttribute) { - ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr; - if(extAttribute.getName().equals(name)) { - if(extAttribute.getValue() instanceof String) { - return extAttribute.getValue().toString(); - } - break; - } - } - } - return null; - } - - public static String extractSAMLAttributeBOTH(String name, - AuthenticationSession authSession) { - String value = extractSAMLAttributeOA(name, authSession); - if(value == null) { - value = extractSAMLAttributeAUTH(name, authSession); - } - return value; - } -} |