Finish PVP21 interfederation assertion preprocessing

2 files changed, 111 insertions, 85 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
new file mode 100644
index 000000000..61b481447
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -0,0 +1,111 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
+
+import java.util.List;
+
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml2.core.AuthnStatement;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.Subject;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class AssertionAttributeExtractor {
+	
+	private Assertion assertion = null;
+	
+	public AssertionAttributeExtractor(Response samlResponse) throws AssertionAttributeExtractorExeption {
+		if (samlResponse != null) {
+			if (samlResponse.getAssertions().size() == 0) 
+				throw new AssertionAttributeExtractorExeption("Assertion");
+				
+			else if (samlResponse.getAssertions().size() > 1)
+				Logger.warn("Found more then ONE PVP2.1 assertions. Only the First is used.");
+			
+			assertion = samlResponse.getAssertions().get(0);			
+					
+		} else 
+			throw new AssertionAttributeExtractorExeption();		
+	}
+
+	public String getNameID() throws AssertionAttributeExtractorExeption {		
+		if (assertion.getSubject() != null) {
+			Subject subject = assertion.getSubject();
+			
+			if (subject.getNameID() != null) {
+				if (MiscUtil.isNotEmpty(subject.getNameID().getValue()))					
+					return subject.getNameID().getValue();			
+				
+				else
+					Logger.error("SAML2 NameID Element is empty.");
+			}
+		}
+			
+		throw new AssertionAttributeExtractorExeption("nameID");
+	}
+	
+	public String getSessionIndex() throws AssertionAttributeExtractorExeption {		
+		AuthnStatement authn = getAuthnStatement();
+		
+		if (MiscUtil.isNotEmpty(authn.getSessionIndex()))
+			return authn.getSessionIndex();
+		
+		else
+			throw new AssertionAttributeExtractorExeption("SessionIndex");		
+	}
+
+	/**
+	 * @return
+	 * @throws AssertionAttributeExtractorExeption 
+	 */
+	public String getQAALevel() throws AssertionAttributeExtractorExeption {
+		AuthnStatement authn = getAuthnStatement();
+		if (authn.getAuthnContext() != null && authn.getAuthnContext().getAuthnContextClassRef() != null) {
+			AuthnContextClassRef qaaClass = authn.getAuthnContext().getAuthnContextClassRef();
+			
+			if (MiscUtil.isNotEmpty(qaaClass.getAuthnContextClassRef()))
+				return qaaClass.getAuthnContextClassRef();
+			
+			else
+				throw new AssertionAttributeExtractorExeption("AuthnContextClassRef (QAALevel)");			
+		}
+		
+		throw new AssertionAttributeExtractorExeption("AuthnContextClassRef");		
+	}
+	
+	private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption {
+		List<AuthnStatement> authnList = assertion.getAuthnStatements();
+		if (authnList.size() == 0)
+			throw new AssertionAttributeExtractorExeption("AuthnStatement");
+		
+		else if (authnList.size() > 1)
+			Logger.warn("Found more then ONE AuthnStatements in PVP2.1 assertions. Only the First is used.");
+		
+		return authnList.get(0);
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java
deleted file mode 100644
index 666bfab3c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java
+++ /dev/null
@@ -1,85 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
-
-import java.util.Iterator;
-import java.util.List;
-
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
-
-public class AttributeExtractor {
-	
-	public static String extractSAMLAttributeOA(String name, 
-			AuthenticationSession authSession) {
-		List<ExtendedSAMLAttribute> extAttributes = authSession.getExtendedSAMLAttributesOA();
-		if(extAttributes == null) {
-			return null;
-		}
-		Iterator<ExtendedSAMLAttribute> extAttributesIt = extAttributes.iterator();
-		while(extAttributesIt.hasNext()) {
-			Object attr = extAttributesIt.next();
-			if(attr instanceof ExtendedSAMLAttribute) {
-				ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr;
-				if(extAttribute.getName().equals(name)) {
-					if(extAttribute.getValue() instanceof String) {
-						return extAttribute.getValue().toString();
-					}
-					break;
-				}
-			}
-		}
-		return null;
-	}
-	
-	public static String extractSAMLAttributeAUTH(String name, 
-			AuthenticationSession authSession) {
-		List<ExtendedSAMLAttribute> extAttributes = authSession.getExtendedSAMLAttributesAUTH();
-		if(extAttributes == null) {
-			return null;
-		}
-		Iterator<ExtendedSAMLAttribute> extAttributesIt = extAttributes.iterator();
-		while(extAttributesIt.hasNext()) {
-			Object attr = extAttributesIt.next();
-			if(attr instanceof ExtendedSAMLAttribute) {
-				ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr;
-				if(extAttribute.getName().equals(name)) {
-					if(extAttribute.getValue() instanceof String) {
-						return extAttribute.getValue().toString();
-					}
-					break;
-				}
-			}
-		}
-		return null;
-	}
-	
-	public static String extractSAMLAttributeBOTH(String name, 
-			AuthenticationSession authSession) {
-		String value = extractSAMLAttributeOA(name, authSession);
-		if(value == null) {
-			value = extractSAMLAttributeAUTH(name, authSession);
-		}
-		return value;
-	}
-}