use default AssertionConsumingService from metadata if no specific is requested

2 files changed, 67 insertions, 88 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 51f3cf4a7..9def5d22c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -86,7 +86,7 @@ import at.gv.egovernment.moa.util.Constants;
 
 public class PVP2AssertionBuilder implements PVPConstants {
 	public static Assertion buildAssertion(AuthnRequest authnRequest,
-			AuthenticationSession authSession, EntityDescriptor peerEntity, DateTime date)
+			AuthenticationSession authSession, EntityDescriptor peerEntity, DateTime date, AssertionConsumerService assertionConsumerService)
 			throws MOAIDException {
 		Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
 
@@ -151,28 +151,6 @@ public class PVP2AssertionBuilder implements PVPConstants {
 				throw new QAANotSupportedException(STORK_QAA_1_4);
 			}
 		}
-
-//		reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs()
-//				.iterator();
-//		
-//		StringBuilder authContextsb = new StringBuilder();
-//		
-//		while (reqAuthnContextClassRefIt.hasNext()) {
-//			AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt
-//					.next();
-//			String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split(
-//					"\\s+");
-//			for (int i = 0; i < qaa_uris.length; i++) {
-//				if (qaa_uris[i].trim().equals(STORK_QAA_1_4)
-//						|| qaa_uris[i].trim().equals(STORK_QAA_1_3)
-//						|| qaa_uris[i].trim().equals(STORK_QAA_1_2)
-//						|| qaa_uris[i].trim().equals(STORK_QAA_1_1)) {
-//					authContextsb.append(qaa_uris[i].trim());
-//					authContextsb.append(" ");
-//				}
-//			}
-//
-//		}
 		
 		AuthnContext authnContext = SAML2Utils
 				.createSAMLObject(AuthnContext.class);
@@ -191,14 +169,6 @@ public class PVP2AssertionBuilder implements PVPConstants {
 		SPSSODescriptor spSSODescriptor = peerEntity
 				.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
 		
-		Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
-		int idx = 0;
-
-		if (aIdx != null) {
-			idx = aIdx.intValue();
-			
-		} 
-
 		AttributeStatement attributeStatement = SAML2Utils
 				.createSAMLObject(AttributeStatement.class);
 
@@ -208,34 +178,52 @@ public class PVP2AssertionBuilder implements PVPConstants {
 				.buildAuthenticationData(authSession, oaParam,
 						oaParam.getTarget());
 
+		//add Attributes to Assertion
 		if (spSSODescriptor.getAttributeConsumingServices() != null && 
 				spSSODescriptor.getAttributeConsumingServices().size() > 0) {
 		
-			AttributeConsumingService attributeConsumingService = spSSODescriptor
-					.getAttributeConsumingServices().get(idx);
+			Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
+			int idx = 0;
+
+			AttributeConsumingService attributeConsumingService = null;
 			
-			Iterator<RequestedAttribute> it = attributeConsumingService
-					.getRequestAttributes().iterator();
-			while (it.hasNext()) {
-				RequestedAttribute reqAttribut = it.next();
-				try {
-					Attribute attr = PVPAttributeBuilder.buildAttribute(
-							reqAttribut.getName(), authSession, oaParam, authData);
-					if (attr == null) {
+			if (aIdx != null) {
+				idx = aIdx.intValue();
+				attributeConsumingService = spSSODescriptor
+						.getAttributeConsumingServices().get(idx);
+				
+			} else {
+				List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
+				for (AttributeConsumingService el : attrConsumingServiceList) {
+					if (el.isDefault())
+						attributeConsumingService = el;
+				}				
+			}
+				
+			if (attributeConsumingService != null) {
+				Iterator<RequestedAttribute> it = attributeConsumingService
+						.getRequestAttributes().iterator();
+				while (it.hasNext()) {
+					RequestedAttribute reqAttribut = it.next();
+					try {
+						Attribute attr = PVPAttributeBuilder.buildAttribute(
+								reqAttribut.getName(), authSession, oaParam, authData);
+						if (attr == null) {
+							if (reqAttribut.isRequired()) {
+								throw new UnprovideableAttributeException(
+										reqAttribut.getName());
+							}
+						} else {
+							attributeStatement.getAttributes().add(attr);
+						}
+					} catch (PVP2Exception e) {
+						Logger.error(
+								"Attribute generation failed! for "
+										+ reqAttribut.getFriendlyName(), e);
 						if (reqAttribut.isRequired()) {
 							throw new UnprovideableAttributeException(
 									reqAttribut.getName());
 						}
-					} else {
-						attributeStatement.getAttributes().add(attr);
-					}
-				} catch (PVP2Exception e) {
-					Logger.error(
-							"Attribute generation failed! for "
-									+ reqAttribut.getFriendlyName(), e);
-					if (reqAttribut.isRequired()) {
-						throw new UnprovideableAttributeException(
-								reqAttribut.getName());
 					}
 				}
 			}
@@ -358,16 +346,8 @@ public class PVP2AssertionBuilder implements PVPConstants {
 				.createSAMLObject(SubjectConfirmationData.class);
 		subjectConfirmationData.setInResponseTo(authnRequest.getID());
 		subjectConfirmationData.setNotOnOrAfter(date.plusMinutes(5));
-		
-		//TL: change from entityID to destination URL 
-		AssertionConsumerService consumerService = spSSODescriptor
-				.getAssertionConsumerServices().get(idx);
-
-		if (consumerService == null) {
-			throw new InvalidAssertionConsumerServiceException(idx);
-		}
-		
-		subjectConfirmationData.setRecipient(consumerService.getLocation());
+				
+		subjectConfirmationData.setRecipient(assertionConsumerService.getLocation());
 
 		subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
 
@@ -383,7 +363,6 @@ public class PVP2AssertionBuilder implements PVPConstants {
 		conditions.setNotBefore(date);
 		
 		conditions.setNotOnOrAfter(date.plusMinutes(5));
-//		conditions.setNotOnOrAfter(new DateTime());
 		
 		conditions.getAudienceRestrictions().add(audienceRestriction);
 
@@ -391,8 +370,6 @@ public class PVP2AssertionBuilder implements PVPConstants {
 
 		Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
 		
-		//TODO: check!
-		//change to entity value from entity name to IDP EntityID (URL)
 		issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
 		issuer.setFormat(NameID.ENTITY);
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index b6ab357b8..7bf188e53 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -85,12 +85,35 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
 			throw new MOAIDException("pvp2.13", null);
 		}
 
+		//get basic information
 		AuthnRequest authnRequest = (AuthnRequest) obj.getSamlRequest();
-		EntityDescriptor peerEntity = obj.getEntityMetadata();
+		EntityDescriptor peerEntity = obj.getEntityMetadata();		
+		SPSSODescriptor spSSODescriptor = peerEntity
+				.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+		
+		//get AssertionConsumingService
+		Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
+		int idx = 0;
+
+		if (aIdx != null) {
+			idx = aIdx.intValue();
+			
+		} else {				
+			idx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor);
+		}
+
+		AssertionConsumerService consumerService = spSSODescriptor
+				.getAssertionConsumerServices().get(idx);
+
+		if (consumerService == null) {			
+			throw new InvalidAssertionConsumerServiceException(idx);
+			
+		}
 		
 		DateTime date = new DateTime();
 		
-		Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity, date);
+		//build Assertion
+		Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity, date, consumerService);
 		
 		Response authResponse = SAML2Utils.createSAMLObject(Response.class);
 
@@ -111,28 +134,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
 		authResponse.setIssueInstant(date);
 		
 		authResponse.setStatus(SAML2Utils.getSuccessStatus());
-
-		SPSSODescriptor spSSODescriptor = peerEntity
-				.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-		
-		Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
-		int idx = 0;
-
-		if (aIdx != null) {
-			idx = aIdx.intValue();
-			
-		} else {				
-			idx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor);
-		}
-
-		AssertionConsumerService consumerService = spSSODescriptor
-				.getAssertionConsumerServices().get(idx);
-
-		if (consumerService == null) {			
-			throw new InvalidAssertionConsumerServiceException(idx);
-			
-		}
-		
+				
 		String oaURL = consumerService.getLocation();
 
 		//check, if metadata includes an encryption key