diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-10-13 15:00:25 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-10-13 15:00:25 +0200 |
commit | 154338abc9ba998bf589b9ab12882ddffa78cf53 (patch) | |
tree | e16b9c9b45cf88dc156c03b524d3e2f6dedb53bf /id/server/modules/moa-id-module-eIDAS/src/main | |
parent | 87182edee2d4b4d923802995f1421857034e40c7 (diff) | |
download | moa-id-spss-154338abc9ba998bf589b9ab12882ddffa78cf53.tar.gz moa-id-spss-154338abc9ba998bf589b9ab12882ddffa78cf53.tar.bz2 moa-id-spss-154338abc9ba998bf589b9ab12882ddffa78cf53.zip |
enforce eiDAS legal-person MDS if citizen uses mandates and no legal-person attributes are requested
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src/main')
-rw-r--r-- | id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java | 63 |
1 files changed, 44 insertions, 19 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java index d0cda38c7..b91bbde9e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java @@ -77,6 +77,8 @@ public class eIDASAuthenticationRequest implements IAction { @Autowired protected MOAReversionLogger revisionsLogger; @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider; + + @Override public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { EIDASData eidasRequest; @@ -91,29 +93,32 @@ public class eIDASAuthenticationRequest implements IAction { //gather attributes ImmutableAttributeMap reqAttributeList = (ImmutableAttributeMap) eidasRequest.getEidasRequestedAttributes(); ImmutableAttributeMap.Builder attrMapBuilder = ImmutableAttributeMap.builder(); - - //generate eIDAS attributes - for(AttributeDefinition<?> attr : reqAttributeList.getDefinitions()) { - Pair<AttributeDefinition<?>, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute( - attr, req.getOnlineApplicationConfiguration(), authData); - - if(eIDASAttr == null) { - if (attr.isRequired()) { - Logger.info("eIDAS Attr:" + attr.getNameUri() + " is marked as 'Required' but not available."); - throw new MOAIDException("eIDAS.15", new Object[]{attr.getFriendlyName()}); - - } else - Logger.info("eIDAS Attr:" + attr.getNameUri() + " is not available."); - } else { - //add attribute to Map - attrMapBuilder.put( - (AttributeDefinition)eIDASAttr.getFirst(), - (ImmutableSet)eIDASAttr.getSecond()); + //generate eIDAS attributes + for(AttributeDefinition<?> attr : reqAttributeList.getDefinitions()) + buildAndAddAttribute(attrMapBuilder, attr, eidasRequest, authData); + + + //Check if Mandate attributes are requested if mandates was used + if (authData.isUseMandate()) { + if (reqAttributeList.getDefinitionByNameUri( + eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_PERSON_IDENTIFIER.getNameUri()) == null) { + Logger.info("Citzen perfom authentication with mandates but no mandate attribute are included. --> Add mandate attribute 'LEGAL_PERSON_IDENTIFIER'"); + buildAndAddAttribute(attrMapBuilder, eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_PERSON_IDENTIFIER, eidasRequest, authData); + + } + + if (reqAttributeList.getDefinitionByNameUri( + eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_NAME.getNameUri()) == null) { + Logger.info("Citzen perfom authentication with mandates but no mandate attribute are included. --> Add mandate attribute 'LEGAL_NAME'"); + buildAndAddAttribute(attrMapBuilder, eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_NAME, eidasRequest, authData); } } + //build final attibute set + ImmutableAttributeMap eIDASAttrbutMap = attrMapBuilder.build(); + // construct eIDaS response AuthenticationResponse.Builder responseBuilder = new AuthenticationResponse.Builder(); @@ -127,7 +132,7 @@ public class eIDASAuthenticationRequest implements IAction { responseBuilder.levelOfAssurance(authData.getEIDASQAALevel()); //add attributes - responseBuilder.attributes(attrMapBuilder.build()); + responseBuilder.attributes(eIDASAttrbutMap); //set success statuscode responseBuilder.statusCode(StatusCode.SUCCESS_URI); @@ -221,6 +226,26 @@ public class eIDASAuthenticationRequest implements IAction { return "eIDAS_AuthnRequest"; } + private void buildAndAddAttribute(ImmutableAttributeMap.Builder attrMapBuilder, AttributeDefinition<?> attr, IRequest req, IAuthData authData) throws MOAIDException { + Pair<AttributeDefinition<?>, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute( + attr, req.getOnlineApplicationConfiguration(), authData); + + if(eIDASAttr == null) { + if (attr.isRequired()) { + Logger.info("eIDAS Attr:" + attr.getNameUri() + " is marked as 'Required' but not available."); + throw new MOAIDException("eIDAS.15", new Object[]{attr.getFriendlyName()}); + + } else + Logger.info("eIDAS Attr:" + attr.getNameUri() + " is not available."); + + } else { + //add attribute to Map + attrMapBuilder.put( + (AttributeDefinition)eIDASAttr.getFirst(), + (ImmutableSet)eIDASAttr.getSecond()); + + } + } |