aboutsummaryrefslogtreecommitdiff
path: root/id/oa
diff options
context:
space:
mode:
Diffstat (limited to 'id/oa')
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java46
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java12
2 files changed, 38 insertions, 20 deletions
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
index e36a880ba..df58fbc7a 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
@@ -41,6 +41,7 @@ import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder;
import org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule;
import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule;
+import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.EncryptedAssertion;
@@ -229,21 +230,20 @@ public class DemoApplication extends HttpServlet {
Decrypter samlDecrypter =
new Decrypter(null, skicr, encryptedKeyResolver);
- for (EncryptedAssertion encAssertion : encryAssertionList) {
- saml2assertions.add(samlDecrypter.decrypt(encAssertion));
-
- }
+ for (EncryptedAssertion encAssertion : encryAssertionList) {
+ Assertion decryptedAssertion = samlDecrypter.decrypt(encAssertion);
+ samlResponse.getAssertions().add(decryptedAssertion);
+ log.debug("Decrypted Assertion: " + DOMUtils.serializeNode(SAML2Utils.asDOMDocument(decryptedAssertion)));
+
+ }
log.debug("Assertion decryption finished. ");
} else {
- saml2assertions = samlResponse.getAssertions();
+ log.debug("Assertiojn is not encryted. Use it as it is");
}
-
- samlResponse.getAssertions().clear();
- samlResponse.getAssertions().addAll(saml2assertions);
-
+
//set assertion
org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse);
String assertion = DOMUtils.serializeNode(doc);
@@ -254,7 +254,9 @@ public class DemoApplication extends HttpServlet {
String familyName = null;
String birthday = null;
- for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) {
+ log.debug("Find #" + samlResponse.getAssertions().size() + " assertions after decryption");
+
+ for (org.opensaml.saml2.core.Assertion saml2assertion : samlResponse.getAssertions()) {
try {
principleId = saml2assertion.getSubject().getNameID().getValue();
@@ -270,16 +272,32 @@ public class DemoApplication extends HttpServlet {
List<Attribute> attributes = attributeStatements.get(i).getAttributes();
for (int x = 0; x < attributes.size(); x++)
{
- String strAttributeName = attributes.get(x).getDOM().getAttribute("Name");
+
+
+ String strAttributeName = attributes.get(x).getName();
- if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME))
+ log.debug("Find attribute with name: " + strAttributeName + " and value: "
+ + attributes.get(x).getAttributeValues().get(0).getDOM().getNodeValue());
+
+ if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) {
familyName = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue();
- if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME))
+
+ }
+
+ if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) {
givenName = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue();
+
+ }
if (strAttributeName.equals(PVPConstants.BIRTHDATE_NAME)) {
birthday = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue();
- }
+
+ }
+
+ if (strAttributeName.equals(PVPConstants.BPK_NAME)) {
+ principleId = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue();
+
+ }
}
}
request.getSession().setAttribute(Constants.SESSION_NAMEIDFORMAT,
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java
index 1dcc66a56..9dc0d1d6f 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java
@@ -47,19 +47,19 @@ public class AttributeListBuilder implements PVPConstants{
//select PVP2 attributes which are needed for this application
- requestedAttributes.add(buildReqAttribute(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
+ requestedAttributes.add(buildReqAttribute(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, false));
requestedAttributes.add(buildReqAttribute(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
requestedAttributes.add(buildReqAttribute(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true));
requestedAttributes.add(buildReqAttribute(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, false));
requestedAttributes.add(buildReqAttribute(BPK_NAME, BPK_FRIENDLY_NAME, true));
- requestedAttributes.add(buildReqAttribute(EID_CITIZEN_QAA_LEVEL_NAME, EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, true));
- requestedAttributes.add(buildReqAttribute(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, true));
- requestedAttributes.add(buildReqAttribute(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, true));
+ requestedAttributes.add(buildReqAttribute(EID_CITIZEN_QAA_LEVEL_NAME, EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, false));
+ requestedAttributes.add(buildReqAttribute(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, false));
+ requestedAttributes.add(buildReqAttribute(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false));
requestedAttributes.add(buildReqAttribute(EID_SIGNER_CERTIFICATE_NAME, EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, false));
- requestedAttributes.add(buildReqAttribute(EID_CCS_URL_NAME, EID_CCS_URL_FRIENDLY_NAME, true));
+ requestedAttributes.add(buildReqAttribute(EID_CCS_URL_NAME, EID_CCS_URL_FRIENDLY_NAME, false));
requestedAttributes.add(buildReqAttribute(EID_AUTH_BLOCK_NAME, EID_AUTH_BLOCK_FRIENDLY_NAME, false));
- requestedAttributes.add(buildReqAttribute(EID_IDENTITY_LINK_NAME, EID_IDENTITY_LINK_FRIENDLY_NAME, true));
+ requestedAttributes.add(buildReqAttribute(EID_IDENTITY_LINK_NAME, EID_IDENTITY_LINK_FRIENDLY_NAME, false));
requestedAttributes.add(buildReqAttribute(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false));
requestedAttributes.add(buildReqAttribute(MANDATE_FULL_MANDATE_NAME, MANDATE_FULL_MANDATE_FRIENDLY_NAME, false));