update auth. module for central eIDAS node connection

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2018-07-02 18:08:04 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2018-07-02 18:08:04 +0200
commit: 5acd1d23f3702d8899f531e823da68cd9fccaaa4 (patch)
tree: 0fbf18523b9eb12afd59d6646a6c93ee6e865cb2 /id/server/idserverlib/src/main
parent: 1f17c6819cb036d2cbd91f9d391bd8f6412364ac (diff)
download: moa-id-spss-5acd1d23f3702d8899f531e823da68cd9fccaaa4.tar.gz
moa-id-spss-5acd1d23f3702d8899f531e823da68cd9fccaaa4.tar.bz2
moa-id-spss-5acd1d23f3702d8899f531e823da68cd9fccaaa4.zip
2 files changed, 81 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
new file mode 100644
index 000000000..b42a1de28
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
@@ -0,0 +1,78 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.NameIDPolicy;
+import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator;
+import at.gv.egiz.eaaf.modules.pvp2.exception.NameIDFormatNotSupportedException;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
+import at.gv.egovernment.moa.logging.Logger;
+
+
+/**
+ * @author tlenz
+ *
+ */
+@Service("MOAAuthnRequestValidator")
+public class AuthnRequestValidator implements IAuthnRequestValidator {
+	
+	public void validate(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authnReq, SPSSODescriptor spSSODescriptor) throws AuthnRequestValidatorException{
+
+		//validate NameIDPolicy
+		NameIDPolicy nameIDPolicy = authnReq.getNameIDPolicy();
+		if (nameIDPolicy != null) {
+			String nameIDFormat = nameIDPolicy.getFormat();
+			if (nameIDFormat != null) {
+				if ( !(NameID.TRANSIENT.equals(nameIDFormat) ||
+						NameID.PERSISTENT.equals(nameIDFormat) ||
+						NameID.UNSPECIFIED.equals(nameIDFormat)) ) {
+				 
+					throw new NameIDFormatNotSupportedException(nameIDFormat);
+					
+				}
+				
+			} else
+				Logger.trace("Find NameIDPolicy, but NameIDFormat is 'null'");							
+		} else
+			Logger.trace("AuthnRequest includes no 'NameIDPolicy'");
+
+		//select AttributeConsumingService from request
+		AttributeConsumingService attributeConsumer = null;		
+		Integer aIdx = authnReq.getAttributeConsumingServiceIndex();
+		int attributeIdx = 0;
+	
+		if(aIdx != null) {
+			attributeIdx = aIdx.intValue();
+		}
+		
+		if (spSSODescriptor.getAttributeConsumingServices() != null  && 
+				spSSODescriptor.getAttributeConsumingServices().size() > 0) {
+			attributeConsumer  = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
+		} 
+		
+		String useMandate = httpReq.getParameter(MOAIDAuthConstants.PARAM_USEMANDATE);
+		if(useMandate != null) {
+			if(useMandate.equals("true") && attributeConsumer != null) {
+				if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
+					MandateAttributesNotHandleAbleException e = new MandateAttributesNotHandleAbleException();	
+					throw new AuthnRequestValidatorException(e.getErrorId(), e.getParams(), e.getMessage(), pendingReq, e);
+				}
+			}
+		}
+		
+		
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
index 5ccacf350..a0bf1e86c 100644
--- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
+++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
@@ -46,6 +46,9 @@
 		</property>
  	</bean>
  
+ 	<bean id="MOAAuthnRequestValidator"
+ 			class="at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator" />
+ 
 	<bean id="MOAID_AuthenticationManager" 
 				class="at.gv.egovernment.moa.id.moduls.AuthenticationManager"/>
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2018-07-02 18:08:04 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2018-07-02 18:08:04 +0200
commit	5acd1d23f3702d8899f531e823da68cd9fccaaa4 (patch)
tree	0fbf18523b9eb12afd59d6646a6c93ee6e865cb2 /id/server/idserverlib/src/main
parent	1f17c6819cb036d2cbd91f9d391bd8f6412364ac (diff)
download	moa-id-spss-5acd1d23f3702d8899f531e823da68cd9fccaaa4.tar.gz moa-id-spss-5acd1d23f3702d8899f531e823da68cd9fccaaa4.tar.bz2 moa-id-spss-5acd1d23f3702d8899f531e823da68cd9fccaaa4.zip