First untested version of refactor eIDAS module, which uses eIDAS SAMLEngine v1.1 from JoinUp

4 files changed, 174 insertions, 121 deletions

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
index 4dffba575..7647b4cab 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
@@ -7,9 +7,9 @@ import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.moduls.RequestImpl;
-import eu.eidas.auth.commons.EIDASAuthnRequest;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.protocol.IAuthenticationRequest;
 
 @Component("EIDASData")
 @Scope(value = BeanDefinition.SCOPE_PROTOTYPE)
@@ -19,10 +19,10 @@ public class EIDASData extends RequestImpl {
 	private static final long serialVersionUID = 8765755670214923910L;
 	
 	/** The attributes requested by the eIDaS. */
-	private MOAPersonalAttributeList attributes;
+	private ImmutableAttributeMap attributes;
 
 	/** The incoming eIDaS SAML2 AuthnRequest. */
-	private EIDASAuthnRequest authnRequest;
+	private IAuthenticationRequest authnRequest;
 
 	/** The ip address of the requester. */
 	private String remoteIPAddress;
@@ -40,17 +40,17 @@ public class EIDASData extends RequestImpl {
 	 *
 	 * @return the requested attributes
 	 */
-	public MOAPersonalAttributeList getEidasRequestedAttributes() {
-		return (MOAPersonalAttributeList) attributes.clone();
+	public ImmutableAttributeMap getEidasRequestedAttributes() {
+		return attributes;
 	}
 
 	/**
 	 * Sets the eidas requested attributes.
 	 *
-	 * @param personalAttributeList the requested attributes
+	 * @param immutableAttributeMap the requested attributes
 	 */
-	public void setEidasRequestedAttributes(MOAPersonalAttributeList personalAttributeList) {
-		attributes = personalAttributeList;
+	public void setEidasRequestedAttributes(ImmutableAttributeMap immutableAttributeMap) {
+		attributes = immutableAttributeMap;
 	}
 
 	/**
@@ -58,7 +58,7 @@ public class EIDASData extends RequestImpl {
 	 *
 	 * @return the eidas request
 	 */
-	public EIDASAuthnRequest getEidasRequest() {
+	public IAuthenticationRequest getEidasRequest() {
 		return authnRequest;
 	}
 	
@@ -67,7 +67,7 @@ public class EIDASData extends RequestImpl {
 	 *
 	 * @param request the new eidas request
 	 */
-	public void setEidasRequest(EIDASAuthnRequest request) {
+	public void setEidasRequest(IAuthenticationRequest request) {
 		authnRequest = request;  
 	}
 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index fc935e2ef..cf9414a3b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -45,10 +45,9 @@ import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
-import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAuthnRequestProcessingException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAuthnRequestValidationException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASAuthnRequestProcessingException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASAuthnRequestValidationException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.IRequest;
@@ -57,10 +56,12 @@ import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
-import eu.eidas.auth.commons.EIDASAuthnRequest;
-import eu.eidas.auth.commons.EIDASAuthnResponse;
-import eu.eidas.auth.commons.EIDASUtil;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.commons.EidasStringUtil;
+import eu.eidas.auth.commons.protocol.IAuthenticationRequest;
+import eu.eidas.auth.commons.protocol.IResponseMessage;
+import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse;
+import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse.Builder;
+import eu.eidas.auth.engine.ProtocolEngineI;
 import eu.eidas.auth.engine.metadata.MetadataUtil;
 import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
 
@@ -82,7 +83,8 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
 		Logger.debug("Registering servlet " + getClass().getName() + 
 				" with mappings '" + Constants.eIDAS_HTTP_ENDPOINT_METADATA + 
 				"' and '" + Constants.eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST + 
-				"' and '" + Constants.eIDAS_HTTP_ENDPOINT_IDP_POST +"'.");
+				//"' and '" + Constants.eIDAS_HTTP_ENDPOINT_IDP_POST + 
+				"'.");
 	
 	}
     
@@ -172,13 +174,15 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
 			
 		try {
 			//decode SAML2 token
-			byte[] decSamlToken = EIDASUtil.decodeSAMLToken(base64SamlToken);
+			byte[] decSamlToken = EidasStringUtil.decodeBytesFromBase64(base64SamlToken);
 			
 			//get eIDAS SAML-engine
-			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
+			ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
 
+			//TODO: change to configurable COUNTRY-CODE
+			String cititzenCountryCode = "AT";
 			//validate SAML token
-			EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken);
+			IAuthenticationRequest samlReq = engine.unmarshallRequestAndValidate(decSamlToken, cititzenCountryCode );
 
 			// - memorize remote ip
 			pendingReq.setRemoteAddress(request.getRemoteAddr());
@@ -189,13 +193,15 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
 
 			// - memorize country code of target country
 			pendingReq.setGenericDataToSession(
-					RequestImpl.eIDAS_GENERIC_REQ_DATA_COUNTRY, samlReq.getCountry());
+					RequestImpl.eIDAS_GENERIC_REQ_DATA_COUNTRY, samlReq.getOriginCountryCode());
 			
-			// - memorize requested attributes
-			pendingReq.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList()));
+			//TODO: store level of assurance
+			
+			
+			// - memorize requested attributes			
+			pendingReq.setEidasRequestedAttributes(samlReq.getRequestedAttributes());
 
-			// - memorize whole request
-			samlReq.setPersonalAttributeList(pendingReq.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list
+			// - memorize whole request			
 			pendingReq.setEidasRequest(samlReq);
 			
 			//validate Destination against MOA-ID-Auth configuration
@@ -203,7 +209,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
 			if (MiscUtil.isEmpty(reqDestination) || 
 					!reqDestination.startsWith(pendingReq.getAuthURL())) {
 				Logger.info("eIDAS AuthnRequest contains a not valid 'Destination' attribute");
-				throw new eIDASAuthnRequestValidationException("stork.01", 
+				throw new EIDASAuthnRequestValidationException("stork.01", 
 						new Object[]{"eIDAS AuthnRequest contains a not valid 'Destination' attribute"});
 				
 			}
@@ -223,7 +229,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
 				
 				if (!isValid) {
 					Logger.info("eIDAS AuthnRequest contains a not valid 'AssertionConsumerServiceURL' attribute");
-					throw new eIDASAuthnRequestValidationException("stork.01", 
+					throw new EIDASAuthnRequestValidationException("stork.01", 
 							new Object[]{"eIDAS AuthnRequest contains a not valid 'AssertionConsumerServiceURL' attribute"});
 				}
 				
@@ -236,18 +242,19 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
 			// - memorize OA config
 			IOAAuthParameters oaConfig = authConfig.getOnlineApplicationParameter(pendingReq.getOAURL());
 			if (oaConfig == null)
-				throw new eIDASAuthnRequestProcessingException("eIDAS.08", new Object[]{pendingReq.getOAURL()});
+				throw new EIDASAuthnRequestProcessingException("eIDAS.08", new Object[]{pendingReq.getOAURL()});
 			
 			pendingReq.setOnlineApplicationConfiguration(oaConfig);
 
-			String spType = samlReq.getSPType();
-			if (MiscUtil.isEmpty(spType)) {
-				Logger.info("Load SPType from metadata ... IS NOT IMPLEMENTED YET!!!");
-				//TODO: maybe implement this if required
-							
-			}
-
-			Logger.debug("eIDAS request has SPType:" + spType);
+			//TODO: is not supported any more ?!?
+//			String spType = samlReq.getSPType();
+//			if (MiscUtil.isEmpty(spType)) {
+//				Logger.info("Load SPType from metadata ... IS NOT IMPLEMENTED YET!!!");
+//				//TODO: maybe implement this if required
+//							
+//			}
+//
+//			Logger.debug("eIDAS request has SPType:" + spType);
 					
 		} catch (MOAIDException e) {
 			Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage());
@@ -255,11 +262,11 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
 					
 		} catch (EIDASSAMLEngineException e) {
 			Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage());
-			throw new eIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
+			throw new EIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
 			
 		} catch(Exception e) {
 			Logger.warn("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage(), e);
-			throw new eIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
+			throw new EIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
 			
 		}
     }
@@ -273,43 +280,50 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
         	}
         	
         	try {
-        		EIDASAuthnResponse eIDASResp = new EIDASAuthnResponse();
-        		eIDASResp.setIssuer(pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
-        	     		
-        		if (e instanceof eIDASException) {
-        			eIDASResp.setStatusCode(((eIDASException) e).getStatusCodeFirstLevel());
-        			eIDASResp.setSubStatusCode(((eIDASException) e).getStatusCodeSecondLevel());
-        			eIDASResp.setMessage(e.getMessage());
+        		Builder  eIDASRespBuilder = new AuthenticationResponse.Builder();        		
+        		eIDASRespBuilder.issuer(pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
+        		        	     		
+        		if (e instanceof EIDASException) {
+        			eIDASRespBuilder.statusCode(((EIDASException) e).getStatusCodeFirstLevel());
+        			eIDASRespBuilder.subStatusCode(((EIDASException) e).getStatusCodeSecondLevel());
+        			eIDASRespBuilder.statusMessage(e.getMessage());
      			
         		} else if (e instanceof MOAIDException ) {
-        			eIDASResp.setStatusCode(StatusCode.RESPONDER_URI);
-        			eIDASResp.setSubStatusCode(StatusCode.AUTHN_FAILED_URI);
-        			eIDASResp.setMessage(e.getMessage());
+        			eIDASRespBuilder.statusCode(StatusCode.RESPONDER_URI);
+        			eIDASRespBuilder.subStatusCode(StatusCode.AUTHN_FAILED_URI);
+        			eIDASRespBuilder.statusMessage(e.getMessage());
      			
         		} else {
-        			eIDASResp.setStatusCode(StatusCode.RESPONDER_URI);
-        			eIDASResp.setSubStatusCode(StatusCode.AUTHN_FAILED_URI);
-        			eIDASResp.setMessage(e.getMessage());
+        			eIDASRespBuilder.statusCode(StatusCode.RESPONDER_URI);
+        			eIDASRespBuilder.subStatusCode(StatusCode.AUTHN_FAILED_URI);
+        			eIDASRespBuilder.statusMessage(e.getMessage());
      			
         		}
-     		
-        		
-        		EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
-        		
+     		        		
         		if(null == eidasReq.getEidasRequest().getAssertionConsumerServiceURL()) {
-    				String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
-    						new MOAeIDASMetadataProviderDecorator(eIDASMetadataProvider), 
-    						engine, 
+    				String assertionConsumerUrl = MetadataUtil.getAssertionConsumerUrlFromMetadata(
+    						SAMLEngineUtils.getMetadataFetcher(),
+    						SAMLEngineUtils.getMetadataSigner(),
     						eidasReq.getEidasRequest());
-    				eidasReq.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
     				
-    			}        		
+    				//TODO: set AssertionConsumerService is required?
+    				
+    			}
+        		
+        		eIDASRespBuilder.id(eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils.generateNCName());
+        		eIDASRespBuilder.inResponseTo(eidasReq.getEidasRequest().getId());
+        		
+        		//build response
+        		AuthenticationResponse eIDASResp = eIDASRespBuilder.build();
+        		
         		//get eIDAS SAML-engine
+        		ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
+        		
+        		//build response message
+        		IResponseMessage eIDASRespMsg = engine.generateResponseErrorMessage(eidasReq.getEidasRequest(),eIDASResp, eidasReq.getRemoteAddress());
         		
-        		eIDASResp = engine.generateEIDASAuthnResponseFail(eidasReq.getEidasRequest(), eIDASResp, 
-        				eidasReq.getRemoteAddress(), true);
         		
-        		String token = EIDASUtil.encodeSAMLToken(eIDASResp.getTokenSaml());
+        		String token = EidasStringUtil.encodeToBase64(eIDASRespMsg.getMessageBytes());
      		
                 VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
                 Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index 3fc13406c..a93dff3b3 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -21,6 +21,7 @@ import java.util.List;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.opensaml.common.xml.SAMLConstants;
 import org.opensaml.saml2.metadata.ContactPerson;
 import org.opensaml.saml2.metadata.Organization;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -39,11 +40,11 @@ import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.ProtocolEngineI;
 import eu.eidas.auth.engine.metadata.Contact;
 import eu.eidas.auth.engine.metadata.MetadataConfigParams;
 import eu.eidas.auth.engine.metadata.MetadataGenerator;
-import eu.eidas.engine.exceptions.SAMLEngineException;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
 
 
 /**
@@ -65,10 +66,10 @@ public class EidasMetaDataRequest implements IAction {
 		try {            
             String pubURLPrefix = req.getAuthURL();
             
-            String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
+            String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;            
+            String sp_return_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_SP_POST;
             
-            String sp_return_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_SP_POST;            
-            String metaData = generateMetadata(metadata_url, sp_return_url);
+            String metaData = generateMetadata(req, metadata_url, sp_return_url);
 
             Logger.trace(metaData);
 
@@ -104,10 +105,10 @@ public class EidasMetaDataRequest implements IAction {
 		
 	}
     
-    public String generateMetadata(String metadata_url, String sp_return_url) throws SAMLEngineException, EIDASEngineException{
+    public String generateMetadata(IRequest pendingReq, String metadata_url, String sp_return_url) throws EIDASSAMLEngineException, EIDASEngineException{
         String metadata="invalid metadata";
 
-		EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
+		ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
         
         MetadataGenerator generator = new MetadataGenerator();
         MetadataConfigParams mcp=new MetadataConfigParams();
@@ -116,6 +117,9 @@ public class EidasMetaDataRequest implements IAction {
         
         mcp.setEntityID(metadata_url);        
         mcp.setAssertionConsumerUrl(sp_return_url);
+        mcp.getProtocolBindingLocation().put(
+        		SAMLConstants.SAML2_POST_BINDING_URI, 
+        		pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST);
         
         
         //TODO: make it configurable
@@ -137,11 +141,17 @@ public class EidasMetaDataRequest implements IAction {
 			Contact technicalContact = new Contact();
 			
 			List<ContactPerson> contacts = PVPConfiguration.getInstance().getIDPContacts();
-			if (contacts != null && contacts.size() >= 1) {								
-				technicalContact.setEmail(contacts.get(0).getEmailAddresses().get(0).getAddress());
-				technicalContact.setGivenName(contacts.get(0).getGivenName().getName());
-				technicalContact.setSurName(contacts.get(0).getSurName().getName());
-				technicalContact.setPhone(contacts.get(0).getTelephoneNumbers().get(0).getNumber());
+			if (contacts != null && contacts.size() >= 1) {
+				ContactPerson contact = contacts.get(0);
+				technicalContact.setGivenName(contact.getGivenName().getName());
+				technicalContact.setSurName(contact.getSurName().getName());
+				
+				if (!contact.getEmailAddresses().isEmpty())
+					technicalContact.setEmail(contact.getEmailAddresses().get(0).getAddress());
+								
+				if (!contact.getTelephoneNumbers().isEmpty())
+					technicalContact.setPhone(contact.getTelephoneNumbers().get(0).getNumber());
+				
 				mcp.setTechnicalContact(technicalContact );			
 				
 			}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index 2beb419fb..9e29c01f3 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -24,7 +24,6 @@ package at.gv.egovernment.moa.id.protocols.eidas;
 
 import java.io.StringWriter;
 import java.text.SimpleDateFormat;
-import java.util.Map.Entry;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -36,13 +35,12 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.stereotype.Service;
 
+import com.google.common.collect.ImmutableSet;
+
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
-import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.IAuthData;
@@ -50,12 +48,16 @@ import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
-import eu.eidas.auth.commons.EIDASAuthnResponse;
-import eu.eidas.auth.commons.EIDASStatusCode;
-import eu.eidas.auth.commons.EIDASUtil;
-import eu.eidas.auth.commons.PersonalAttribute;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
-import eu.eidas.auth.engine.metadata.MetadataUtil;
+import eu.eidas.auth.commons.EidasStringUtil;
+import eu.eidas.auth.commons.attribute.AttributeDefinition;
+import eu.eidas.auth.commons.attribute.AttributeValue;
+import eu.eidas.auth.commons.attribute.AttributeValueMarshaller;
+import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.protocol.IResponseMessage;
+import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse;
+import eu.eidas.auth.engine.ProtocolEngineI;
+import eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils;
 
 
 /**
@@ -80,14 +82,16 @@ public class eIDASAuthenticationRequest implements IAction {
 			throw new MOAIDException("got wrong IRequest type. is: {}, should be: {}", new String[] {req.getClass().toString(), EIDASData.class.toString()});
 		
 		
-		// gather attributes
-		MOAPersonalAttributeList resultingAttributeList = (MOAPersonalAttributeList) eidasRequest.getEidasRequestedAttributes().clone();
+		//gather attributes
+		ImmutableAttributeMap reqAttributeList = (ImmutableAttributeMap) eidasRequest.getEidasRequestedAttributes();
+		
+		ImmutableAttributeMap.Builder attrMapBuilder = ImmutableAttributeMap.builder();
 		
-		for(Entry<String, PersonalAttribute> current : resultingAttributeList.entrySet()) {
+		for(AttributeDefinition<?> attr : reqAttributeList.getDefinitions()) {
 			String newValue = "";
-			
+						
 			// TODO make use of proper builder
-			switch(current.getKey()) {
+			switch(attr.getFriendlyName()) {
 				case Constants.eIDAS_ATTR_DATEOFBIRTH: newValue = new SimpleDateFormat("YYYY-MM-dd").format(authData.getDateOfBirth()); break;
 				case Constants.eIDAS_ATTR_CURRENTFAMILYNAME: newValue = authData.getFamilyName();break;
 				case Constants.eIDAS_ATTR_CURRENTGIVENNAME: newValue = authData.getGivenName();break;			
@@ -95,50 +99,75 @@ public class eIDASAuthenticationRequest implements IAction {
 				
 			}
 			
-			if(MiscUtil.isEmpty(newValue))
-				current.getValue().setStatus(EIDASStatusCode.STATUS_NOT_AVAILABLE.toString());
-			
-			else {
-				current.getValue().getValue().clear();
-				current.getValue().getValue().add(newValue);
-				current.getValue().setStatus(EIDASStatusCode.STATUS_AVAILABLE.toString());
+			if(MiscUtil.isEmpty(newValue)) {
+//				current.getValue().setStatus(EIDASStatusCode.STATUS_NOT_AVAILABLE.toString());
+				Logger.info("eIDAS Attr:" + attr.getNameUri() + " is not available.");
+				
+			} else {
+				AttributeValueMarshaller<?> attributeValueMarshaller = attr.getAttributeValueMarshaller();
+	            ImmutableSet.Builder<AttributeValue<?>> builder = ImmutableSet.builder();
+				
+	            AttributeValue<?> attributeValue = null;
+	            try {
+                    attributeValue = attributeValueMarshaller.unmarshal(newValue, false);
+                    
+                } catch (AttributeValueMarshallingException e) {
+                    throw new IllegalStateException(e);
+                    
+                }
+
+	            //TODO: check for 'isAvailable flag'!
+	            				
+				attrMapBuilder.put((AttributeDefinition)attr, (ImmutableSet) builder.build());
 				
 			}
+			
+
+			
 		}
 		
 		// construct eIDaS response
-		EIDASAuthnResponse response = new EIDASAuthnResponse();
-		response.setPersonalAttributeList(resultingAttributeList);
+		AuthenticationResponse.Builder responseBuilder = new AuthenticationResponse.Builder();
 		
-		// - create metadata url
-        String pubURLPrefix = req.getAuthURL();
+		responseBuilder.id(SAMLEngineUtils.generateNCName());
+		responseBuilder.inResponseTo(eidasRequest.getEidasRequest().getId());
+		
+		String pubURLPrefix = req.getAuthURL();
         String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
-		response.setIssuer(metadata_url);
-
-		response.setAssuranceLevel(authData.getEIDASQAALevel());
+		responseBuilder.issuer(metadata_url);
+		
+		responseBuilder.levelOfAssurance(authData.getEIDASQAALevel());
+		
+		//add attributes
+		responseBuilder.attributes(attrMapBuilder.build());
+		
+		//build response
+		AuthenticationResponse response = responseBuilder.build();
 		
 		String token = null;
 		try {
-			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
+			ProtocolEngineI engine = at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
 			
 			// encryption is done by the SamlEngine, i.e. by the module we provide in the config
 			// but we need to set the appropriate request issuer
-			engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer());
-
-
-			if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) {
-				String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
-						new MOAeIDASMetadataProviderDecorator(eIDASMetadataProvider), 
-						engine, 
-						eidasRequest.getEidasRequest());
-				eidasRequest.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
-				
-			}
+			//engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer());
+
+			IResponseMessage eIDASRespMsg = engine.generateResponseMessage(eidasRequest.getEidasRequest(), 
+					response, true, eidasRequest.getRemoteAddress());
+
+//			if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) {
+//				String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
+//						new MOAeIDASMetadataProviderDecorator(eIDASMetadataProvider), 
+//						engine, 
+//						eidasRequest.getEidasRequest());
+//				eidasRequest.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
+//				
+//			}
 			
-			response = engine.generateEIDASAuthnResponse(eidasRequest.getEidasRequest(), response, eidasRequest.getRemoteAddress(), true);
+//			response = engine.generateEIDASAuthnResponse(eidasRequest.getEidasRequest(), response, eidasRequest.getRemoteAddress(), true);
 
 			
-			token = EIDASUtil.encodeSAMLToken(response.getTokenSaml());
+			token = EidasStringUtil.encodeToBase64(eIDASRespMsg.getMessageBytes());
 			
 		} catch(Exception e) {			
 			e.printStackTrace();