aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2017-10-13 15:00:25 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2017-10-13 15:00:25 +0200
commit154338abc9ba998bf589b9ab12882ddffa78cf53 (patch)
treee16b9c9b45cf88dc156c03b524d3e2f6dedb53bf /id/server
parent87182edee2d4b4d923802995f1421857034e40c7 (diff)
downloadmoa-id-spss-154338abc9ba998bf589b9ab12882ddffa78cf53.tar.gz
moa-id-spss-154338abc9ba998bf589b9ab12882ddffa78cf53.tar.bz2
moa-id-spss-154338abc9ba998bf589b9ab12882ddffa78cf53.zip
enforce eiDAS legal-person MDS if citizen uses mandates and no legal-person attributes are requested
Diffstat (limited to 'id/server')
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties1
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties1
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java63
3 files changed, 46 insertions, 19 deletions
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 2ce9fb9e7..05f58d5bc 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -275,6 +275,7 @@ eIDAS.13=Generation of eIDAS Response FAILED. Reason:{0}
eIDAS.14=eIDAS Response validation FAILED: LevelOfAssurance {0} is to low.
eIDAS.15=Generation of eIDAS Response FAILED. Required attribute: {0} is NOT available.
eIDAS.16=eIDAS Response attribute-validation FAILED. Attribute:{0} Reason: {1}.
+eIDAS.17=Generation of eIDAS Response FAILED. Citzen use mandates for authentication but there are no mandate attributes requested
pvp2.01=Fehler beim kodieren der PVP2 Antwort
pvp2.02=Ungueltiges Datumsformat
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index c6d0844ce..0a37fdc91 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -230,6 +230,7 @@ eIDAS.13=1307
eIDAS.14=1301
eIDAS.15=1307
eIDAS.16=1301
+eIDAS.17=1307
pvp2.01=6100
pvp2.06=6100
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index d0cda38c7..b91bbde9e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -77,6 +77,8 @@ public class eIDASAuthenticationRequest implements IAction {
@Autowired protected MOAReversionLogger revisionsLogger;
@Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
+
+
@Override
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
EIDASData eidasRequest;
@@ -91,29 +93,32 @@ public class eIDASAuthenticationRequest implements IAction {
//gather attributes
ImmutableAttributeMap reqAttributeList = (ImmutableAttributeMap) eidasRequest.getEidasRequestedAttributes();
ImmutableAttributeMap.Builder attrMapBuilder = ImmutableAttributeMap.builder();
-
- //generate eIDAS attributes
- for(AttributeDefinition<?> attr : reqAttributeList.getDefinitions()) {
- Pair<AttributeDefinition<?>, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute(
- attr, req.getOnlineApplicationConfiguration(), authData);
-
- if(eIDASAttr == null) {
- if (attr.isRequired()) {
- Logger.info("eIDAS Attr:" + attr.getNameUri() + " is marked as 'Required' but not available.");
- throw new MOAIDException("eIDAS.15", new Object[]{attr.getFriendlyName()});
-
- } else
- Logger.info("eIDAS Attr:" + attr.getNameUri() + " is not available.");
- } else {
- //add attribute to Map
- attrMapBuilder.put(
- (AttributeDefinition)eIDASAttr.getFirst(),
- (ImmutableSet)eIDASAttr.getSecond());
+ //generate eIDAS attributes
+ for(AttributeDefinition<?> attr : reqAttributeList.getDefinitions())
+ buildAndAddAttribute(attrMapBuilder, attr, eidasRequest, authData);
+
+
+ //Check if Mandate attributes are requested if mandates was used
+ if (authData.isUseMandate()) {
+ if (reqAttributeList.getDefinitionByNameUri(
+ eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_PERSON_IDENTIFIER.getNameUri()) == null) {
+ Logger.info("Citzen perfom authentication with mandates but no mandate attribute are included. --> Add mandate attribute 'LEGAL_PERSON_IDENTIFIER'");
+ buildAndAddAttribute(attrMapBuilder, eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_PERSON_IDENTIFIER, eidasRequest, authData);
+
+ }
+
+ if (reqAttributeList.getDefinitionByNameUri(
+ eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_NAME.getNameUri()) == null) {
+ Logger.info("Citzen perfom authentication with mandates but no mandate attribute are included. --> Add mandate attribute 'LEGAL_NAME'");
+ buildAndAddAttribute(attrMapBuilder, eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_NAME, eidasRequest, authData);
}
}
+ //build final attibute set
+ ImmutableAttributeMap eIDASAttrbutMap = attrMapBuilder.build();
+
// construct eIDaS response
AuthenticationResponse.Builder responseBuilder = new AuthenticationResponse.Builder();
@@ -127,7 +132,7 @@ public class eIDASAuthenticationRequest implements IAction {
responseBuilder.levelOfAssurance(authData.getEIDASQAALevel());
//add attributes
- responseBuilder.attributes(attrMapBuilder.build());
+ responseBuilder.attributes(eIDASAttrbutMap);
//set success statuscode
responseBuilder.statusCode(StatusCode.SUCCESS_URI);
@@ -221,6 +226,26 @@ public class eIDASAuthenticationRequest implements IAction {
return "eIDAS_AuthnRequest";
}
+ private void buildAndAddAttribute(ImmutableAttributeMap.Builder attrMapBuilder, AttributeDefinition<?> attr, IRequest req, IAuthData authData) throws MOAIDException {
+ Pair<AttributeDefinition<?>, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute(
+ attr, req.getOnlineApplicationConfiguration(), authData);
+
+ if(eIDASAttr == null) {
+ if (attr.isRequired()) {
+ Logger.info("eIDAS Attr:" + attr.getNameUri() + " is marked as 'Required' but not available.");
+ throw new MOAIDException("eIDAS.15", new Object[]{attr.getFriendlyName()});
+
+ } else
+ Logger.info("eIDAS Attr:" + attr.getNameUri() + " is not available.");
+
+ } else {
+ //add attribute to Map
+ attrMapBuilder.put(
+ (AttributeDefinition)eIDASAttr.getFirst(),
+ (ImmutableSet)eIDASAttr.getSecond());
+
+ }
+ }