aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2018-07-02 18:08:04 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2018-07-02 18:08:04 +0200
commit5acd1d23f3702d8899f531e823da68cd9fccaaa4 (patch)
tree0fbf18523b9eb12afd59d6646a6c93ee6e865cb2 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa
parent1f17c6819cb036d2cbd91f9d391bd8f6412364ac (diff)
downloadmoa-id-spss-5acd1d23f3702d8899f531e823da68cd9fccaaa4.tar.gz
moa-id-spss-5acd1d23f3702d8899f531e823da68cd9fccaaa4.tar.bz2
moa-id-spss-5acd1d23f3702d8899f531e823da68cd9fccaaa4.zip
update auth. module for central eIDAS node connection
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java78
1 files changed, 78 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
new file mode 100644
index 000000000..b42a1de28
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
@@ -0,0 +1,78 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.NameIDPolicy;
+import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator;
+import at.gv.egiz.eaaf.modules.pvp2.exception.NameIDFormatNotSupportedException;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
+import at.gv.egovernment.moa.logging.Logger;
+
+
+/**
+ * @author tlenz
+ *
+ */
+@Service("MOAAuthnRequestValidator")
+public class AuthnRequestValidator implements IAuthnRequestValidator {
+
+ public void validate(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authnReq, SPSSODescriptor spSSODescriptor) throws AuthnRequestValidatorException{
+
+ //validate NameIDPolicy
+ NameIDPolicy nameIDPolicy = authnReq.getNameIDPolicy();
+ if (nameIDPolicy != null) {
+ String nameIDFormat = nameIDPolicy.getFormat();
+ if (nameIDFormat != null) {
+ if ( !(NameID.TRANSIENT.equals(nameIDFormat) ||
+ NameID.PERSISTENT.equals(nameIDFormat) ||
+ NameID.UNSPECIFIED.equals(nameIDFormat)) ) {
+
+ throw new NameIDFormatNotSupportedException(nameIDFormat);
+
+ }
+
+ } else
+ Logger.trace("Find NameIDPolicy, but NameIDFormat is 'null'");
+ } else
+ Logger.trace("AuthnRequest includes no 'NameIDPolicy'");
+
+ //select AttributeConsumingService from request
+ AttributeConsumingService attributeConsumer = null;
+ Integer aIdx = authnReq.getAttributeConsumingServiceIndex();
+ int attributeIdx = 0;
+
+ if(aIdx != null) {
+ attributeIdx = aIdx.intValue();
+ }
+
+ if (spSSODescriptor.getAttributeConsumingServices() != null &&
+ spSSODescriptor.getAttributeConsumingServices().size() > 0) {
+ attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
+ }
+
+ String useMandate = httpReq.getParameter(MOAIDAuthConstants.PARAM_USEMANDATE);
+ if(useMandate != null) {
+ if(useMandate.equals("true") && attributeConsumer != null) {
+ if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
+ MandateAttributesNotHandleAbleException e = new MandateAttributesNotHandleAbleException();
+ throw new AuthnRequestValidatorException(e.getErrorId(), e.getParams(), e.getMessage(), pendingReq, e);
+ }
+ }
+ }
+
+
+ }
+
+}