update auth. module for central eIDAS node connection

1 files changed, 78 insertions, 0 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
new file mode 100644
index 000000000..b42a1de28
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
@@ -0,0 +1,78 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.NameIDPolicy;
+import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator;
+import at.gv.egiz.eaaf.modules.pvp2.exception.NameIDFormatNotSupportedException;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
+import at.gv.egovernment.moa.logging.Logger;
+
+
+/**
+ * @author tlenz
+ *
+ */
+@Service("MOAAuthnRequestValidator")
+public class AuthnRequestValidator implements IAuthnRequestValidator {
+	
+	public void validate(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authnReq, SPSSODescriptor spSSODescriptor) throws AuthnRequestValidatorException{
+
+		//validate NameIDPolicy
+		NameIDPolicy nameIDPolicy = authnReq.getNameIDPolicy();
+		if (nameIDPolicy != null) {
+			String nameIDFormat = nameIDPolicy.getFormat();
+			if (nameIDFormat != null) {
+				if ( !(NameID.TRANSIENT.equals(nameIDFormat) ||
+						NameID.PERSISTENT.equals(nameIDFormat) ||
+						NameID.UNSPECIFIED.equals(nameIDFormat)) ) {
+				 
+					throw new NameIDFormatNotSupportedException(nameIDFormat);
+					
+				}
+				
+			} else
+				Logger.trace("Find NameIDPolicy, but NameIDFormat is 'null'");							
+		} else
+			Logger.trace("AuthnRequest includes no 'NameIDPolicy'");
+
+		//select AttributeConsumingService from request
+		AttributeConsumingService attributeConsumer = null;		
+		Integer aIdx = authnReq.getAttributeConsumingServiceIndex();
+		int attributeIdx = 0;
+	
+		if(aIdx != null) {
+			attributeIdx = aIdx.intValue();
+		}
+		
+		if (spSSODescriptor.getAttributeConsumingServices() != null  && 
+				spSSODescriptor.getAttributeConsumingServices().size() > 0) {
+			attributeConsumer  = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
+		} 
+		
+		String useMandate = httpReq.getParameter(MOAIDAuthConstants.PARAM_USEMANDATE);
+		if(useMandate != null) {
+			if(useMandate.equals("true") && attributeConsumer != null) {
+				if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
+					MandateAttributesNotHandleAbleException e = new MandateAttributesNotHandleAbleException();	
+					throw new AuthnRequestValidatorException(e.getErrorId(), e.getParams(), e.getMessage(), pendingReq, e);
+				}
+			}
+		}
+		
+		
+	}
+
+}