finish first beta-version of ELGA mandate-service client-module

1 files changed, 73 insertions, 19 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
index 8787df82d..106be8a09 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
+import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -53,9 +54,18 @@ public class AssertionAttributeExtractor {
 		
 	private final List<String> minimalAttributeNameList = Arrays.asList(
 			PVPConstants.PRINCIPAL_NAME_NAME, 
-			PVPConstants.GIVEN_NAME_NAME);
-	
-	
+			PVPConstants.GIVEN_NAME_NAME,
+			PVPConstants.ENC_BPK_LIST_NAME,
+			PVPConstants.BPK_NAME);
+		
+	/**
+	 * Parse the SAML2 Response element and extracts included information
+	 * <br><br>
+	 * <b>INFO:</b> Actually, only the first SAML2 Assertion of the SAML2 Response is used!
+	 * 
+	 * @param samlResponse SAML2 Response
+	 * @throws AssertionAttributeExtractorExeption
+	 */
 	public AssertionAttributeExtractor(StatusResponseType samlResponse) throws AssertionAttributeExtractorExeption {
 		if (samlResponse != null && samlResponse instanceof Response) {
 			List<Assertion> assertions = ((Response) samlResponse).getAssertions();			
@@ -97,6 +107,27 @@ public class AssertionAttributeExtractor {
 	}
 
 	/**
+	 * Get all SAML2 attributes from first SAML2 AttributeStatement element
+	 * 
+	 * @return List of SAML2 Attributes
+	 */
+	public List<Attribute> getAllResponseAttributesFromFirstAttributeStatement() {
+		return assertion.getAttributeStatements().get(0).getAttributes();
+		
+	}
+	
+	/**
+	 * Get all SAML2 attributes of specific SAML2 AttributeStatement element
+	 * 
+	 * @param attrStatementID List ID of the AttributeStatement element
+	 * @return List of SAML2 Attributes
+	 */
+	public List<Attribute> getAllResponseAttributes(int attrStatementID) {
+		return assertion.getAttributeStatements().get(attrStatementID).getAttributes();
+		
+	}
+	
+	/**
 	 * check attributes from assertion with minimal required attribute list
 	 * @return
 	 */
@@ -107,7 +138,7 @@ public class AssertionAttributeExtractor {
 	
 	/**
 	 * check attributes from assertion with attributeNameList
-	 * bPK or enc_bPK is always needed
+	 * bPK or enc_bPK are always needed
 	 * 
 	 * @param List of attributes which are required
 	 * 
@@ -116,24 +147,24 @@ public class AssertionAttributeExtractor {
 	public boolean containsAllRequiredAttributes(Collection<String> attributeNameList) {		
 		
 		//first check if a bPK or an encrypted bPK is available
-		if (attributs.containsKey(PVPConstants.ENC_BPK_LIST_NAME) || 
-				(attributs.containsKey(PVPConstants.BPK_NAME))) {			
-			boolean flag = true;
-			for (String attr : attributeNameList) {
-				if (!attributs.containsKey(attr)) {
-					flag = false;
-					Logger.debug("Assertion contains no Attribute " + attr);
-					
-				}
-					
+		boolean flag = true;
+		for (String attr : attributeNameList) {
+			if (!attributs.containsKey(attr)) {
+				flag = false;					
+				Logger.debug("Assertion contains no Attribute " + attr);
+									
 			}
-			
-			return flag;
-			
+					
 		}
-		Logger.debug("Assertion contains no bPK or encryptedbPK.");
-		return false;
 		
+		if (flag)
+			return flag;
+		
+		else {			
+			Logger.debug("Assertion contains no bPK or encryptedbPK.");
+			return false;
+			
+		}		
 	}
 	
 	public boolean containsAttribute(String attributeName) {
@@ -218,6 +249,29 @@ public class AssertionAttributeExtractor {
 		return assertion;
 	}
 	
+	
+	/**
+	 * Get the Assertion validTo period
+	 * 
+	 * Primarily, the 'SessionNotOnOrAfter' attribute in the SAML2 'AuthnStatment' element is used.
+	 * If this is empty, this method returns value of  SAML 'Conditions' element. 
+	 * 
+	 * @return Date, until this SAML2 assertion is valid
+	 */
+	public Date getAssertionNotOnOrAfter() {
+		if (getFullAssertion().getAuthnStatements() != null 
+				&& getFullAssertion().getAuthnStatements().size() > 0) {
+			for (AuthnStatement el : getFullAssertion().getAuthnStatements()) {
+				if (el.getSessionNotOnOrAfter() != null)
+					return (el.getSessionNotOnOrAfter().toDate());
+			}
+			
+		} 
+		
+		return getFullAssertion().getConditions().getNotOnOrAfter().toDate();
+					
+	}
+	
 	private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption {
 		List<AuthnStatement> authnList = assertion.getAuthnStatements();
 		if (authnList.size() == 0)