inject mandate-profiles into eIDAS MS-Connector request in case of SEMPER mode

1 files changed, 20 insertions, 2 deletions

diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
index c1229e3ff..d3a2d2840 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
@@ -29,6 +29,7 @@ import java.util.List;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang3.StringUtils;
 import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -38,6 +39,7 @@ import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions;
 import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
@@ -55,6 +57,7 @@ import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentral
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.Utils;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -168,15 +171,30 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 	private List<EAAFRequestedAttribute> buildRequestedAttributes() {
 		List<EAAFRequestedAttribute> attributs = new ArrayList<EAAFRequestedAttribute>();
 		
+		OAAuthParameterDecorator spConfig = 
+		    pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class);
+		
 		//build EID sector for identification attribute
 		Attribute attr = PVPAttributeBuilder.buildEmptyAttribute(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME);
 		EAAFRequestedAttribute reqAttr = SAML2Utils.generateReqAuthnAttributeSimple(
 				attr , 
 				true, 
-				pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());	
+				spConfig.getAreaSpecificTargetIdentifier());	
 		attributs.add(reqAttr );		
 		
-		//TODO: add mandate information if mandates are used!!!!
+		 //build MandateProfileAttribute if SEMPER is enabled and mandates are requested
+    if (spConfig.isShowMandateCheckBox()
+        && authConfig.getBasicConfigurationBoolean(
+            EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) {
+      Logger.debug("SEMPER mode is active. Inject MandateProfiles into eIDAS MS-Connector request");
+      final Attribute attrMandateProfiles = PVPAttributeBuilder.buildEmptyAttribute(
+          ExtendedPVPAttributeDefinitions.SP_USESMANDATES_NAME);
+      final EAAFRequestedAttribute mandateProfilesReqAttr = SAML2Utils.generateReqAuthnAttributeSimple(
+          attrMandateProfiles, true,
+          StringUtils.join(spConfig.getMandateProfiles(), ","));
+      attributs.add(mandateProfilesReqAttr);
+
+    }
 		
 		return attributs;
 	}