aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-11-03 09:37:02 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-11-03 09:37:02 +0100
commitdb040cc2832f845db0919d1c4e2b034b8737ef24 (patch)
treee683e806c2e74358559f62ec43212757e5954fd8 /id/server/idserverlib/src/main/java
parentbc1de58de93532b7f819a7feabc57961baef41ba (diff)
downloadmoa-id-spss-db040cc2832f845db0919d1c4e2b034b8737ef24.tar.gz
moa-id-spss-db040cc2832f845db0919d1c4e2b034b8737ef24.tar.bz2
moa-id-spss-db040cc2832f845db0919d1c4e2b034b8737ef24.zip
add check if requested STORK-QAA level matches auth QAA level
Diffstat (limited to 'id/server/idserverlib/src/main/java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java37
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java6
2 files changed, 36 insertions, 7 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index aa018d5a3..d59191c08 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -33,6 +33,7 @@ import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
@@ -110,8 +111,38 @@ public class AuthenticationRequest implements IAction {
// Get personal attributtes from MOA/IdentityLink
//build STORK attributes from local authentication information
- if (authData != null)
+ if (authData != null) {
+ int reqQaa = -1;
+ int authQaa = -1;
+ try {
+ reqQaa = moaStorkRequest.getStorkAuthnRequest().getQaa();
+ authQaa = Integer.valueOf(
+ authData.getQAALevel().substring(PVPConstants.STORK_QAA_PREFIX.length()));
+
+ if (reqQaa > authQaa) {
+ Logger.warn("Requested QAA level does not match to authenticated QAA level");
+ throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa});
+
+ }
+
+ } catch (MOAIDException e) {
+ throw e;
+
+ } catch (Exception e) {
+ if (Logger.isDebugEnabled())
+ Logger.warn("STORK QAA Level evaluation error", e);
+
+ else
+ Logger.warn("STORK QAA Level evaluation error (ErrorMessage="
+ + e.getMessage() + ")");
+
+ throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa});
+
+ }
+
moaStorkResponse.setPersonalAttributeList(populateAttributes(authData, oaParam));
+
+ }
}
//moaStorkResponse.setCountry(moaStorkRequest.getSpCountry());
@@ -452,7 +483,7 @@ public class AuthenticationRequest implements IAction {
IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList();
Logger.info("Found " + attrLst.size() + " personal attributes in the request.");
-
+
// Define attribute list to be populated
PersonalAttributeList attributeList = new PersonalAttributeList();
MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(authData, moaStorkRequest);
@@ -470,7 +501,7 @@ public class AuthenticationRequest implements IAction {
Logger.error("Exception, attributes: " + e.getMessage());
}
- Logger.debug("AUTHBLOCK " + authData.getAuthBlock());
+ Logger.trace("AUTHBLOCK " + authData.getAuthBlock());
Logger.debug("SESSION IDENTIFIER " + authData.getCcc() + " " + oaParam.getIdentityLinkDomainIdentifier());
return attributeList;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java
index 88c59ccf9..96aa55bcf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/PVPAuthenticationProvider.java
@@ -134,11 +134,9 @@ public class PVPAuthenticationProvider extends AttributeProvider {
authRequest.setPersonalAttributeList(moastorkRequest.getPersonalAttributeList());
authRequest.setCitizenCountryCode("AT");
- authRequest.setQaa(oaParam.getQaaLevel());
+ //authRequest.setQaa(oaParam.getQaaLevel());
+ authRequest.setQaa(moastorkRequest.getStorkAuthnRequest().getQaa());
- if (authRequest.getQaa() == 0 ) {
- authRequest.setQaa(4); // workaround
- }