add one method to AssertionAttributeExtractor and add some log messages

1 files changed, 50 insertions, 7 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
index 4a0cec6e4..bdfb11d34 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -34,6 +34,8 @@ import java.util.Set;
 import org.opensaml.saml2.core.Assertion;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.core.AttributeStatement;
+import org.opensaml.saml2.core.Audience;
+import org.opensaml.saml2.core.AudienceRestriction;
 import org.opensaml.saml2.core.AuthnContextClassRef;
 import org.opensaml.saml2.core.AuthnStatement;
 import org.opensaml.saml2.core.Response;
@@ -191,17 +193,22 @@ public class AssertionAttributeExtractor {
 		
 	}
 	
-//	public PersonalAttributeList getSTORKAttributes() {
-//		return storkAttributes;
-//	}
-	
-	
+	/**
+	 * Get the Id attribute from SAML2 assertion
+	 * 
+	 * @return
+	 */
 	public String getAssertionID() {
 		return assertion.getID();
 		
 	}
 	
-	
+	/**
+	 * Get the subjectNameId from SAML2 Assertion
+	 * 
+	 * @return nameId but never null
+	 * @throws AssertionAttributeExtractorExeption
+	 */
 	public String getNameID() throws AssertionAttributeExtractorExeption {		
 		if (assertion.getSubject() != null) {
 			Subject subject = assertion.getSubject();
@@ -218,6 +225,12 @@ public class AssertionAttributeExtractor {
 		throw new AssertionAttributeExtractorExeption("nameID");
 	}
 	
+	/**
+	 * Get get SessionIndex from SAML2 assertion
+	 * 
+	 * @return sessionIndex but never null
+	 * @throws AssertionAttributeExtractorExeption
+	 */
 	public String getSessionIndex() throws AssertionAttributeExtractorExeption {		
 		AuthnStatement authn = getAuthnStatement();
 		
@@ -229,7 +242,9 @@ public class AssertionAttributeExtractor {
 	}
 
 	/**
-	 * @return
+	 * Get the LoA (QAA level) from assertion. This information is extracted from AuthnContext and AuthnContextClassRef
+	 * 
+	 * @return LoA but never null
 	 * @throws AssertionAttributeExtractorExeption 
 	 */
 	public String getQAALevel() throws AssertionAttributeExtractorExeption {
@@ -247,6 +262,11 @@ public class AssertionAttributeExtractor {
 		throw new AssertionAttributeExtractorExeption("AuthnContextClassRef");		
 	}
 	
+	/**
+	 * Get full SAML2 assertion
+	 * 
+	 * @return
+	 */
 	public Assertion getFullAssertion() {
 		return assertion;
 	}
@@ -297,6 +317,29 @@ public class AssertionAttributeExtractor {
 					
 	}
 	
+	/**
+	 * Get the AudienceRestriction from SAML2 Assertion
+	 * 
+	 * @return AudienceRestriction, but never null
+	 * @throws AssertionAttributeExtractorExeption 
+	 */
+	public List<Audience> getAudienceRestriction( ) throws AssertionAttributeExtractorExeption {
+		try {
+			List<AudienceRestriction> rest = getFullAssertion().getConditions().getAudienceRestrictions();
+			if (rest != null && rest.size() != 0) {
+				if (rest.size() == 1 && rest.get(0) != null)
+					return rest.get(0).getAudiences();
+				
+				else
+					Logger.warn("More than one 'AudienceRestriction'! Extraction currently NOT supported");
+			}
+			
+		} catch (NullPointerException e) { }
+		
+		throw new AssertionAttributeExtractorExeption("AudienceRestriction");
+		
+	}
+	
 	private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption {
 		List<AuthnStatement> authnList = assertion.getAuthnStatements();
 		if (authnList.size() == 0)