diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java | 103 |
1 files changed, 67 insertions, 36 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 9e2c89583..bc90da8df 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion; import java.util.Iterator; @@ -52,6 +74,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedExcept import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.id.util.QAALevelVerifier; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -67,45 +90,59 @@ public class PVP2AssertionBuilder implements PVPConstants { AuthnContextClassRef authnContextClassRef = SAML2Utils .createSAMLObject(AuthnContextClassRef.class); + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter( + peerEntity.getEntityID()); + if (reqAuthnContext == null) { authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); - } else { + } - boolean stork_qaa_1_4_found = false; + boolean stork_qaa_1_4_found = false; + + List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext + .getAuthnContextClassRefs(); - List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext - .getAuthnContextClassRefs(); + if (reqAuthnContextClassRefIt.size() == 0) { + + QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(), + STORK_QAA_1_4); - if (reqAuthnContextClassRefIt.size() == 0) { - stork_qaa_1_4_found = true; - authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); - - } else { - for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) { - String qaa_uri = authnClassRef.getAuthnContextClassRef(); - if (qaa_uri.trim().equals(STORK_QAA_1_4) - || qaa_uri.trim().equals(STORK_QAA_1_3) - || qaa_uri.trim().equals(STORK_QAA_1_2) - || qaa_uri.trim().equals(STORK_QAA_1_1)) { - - if (authSession.isForeigner()) { - //TODO: insert QAA check - - stork_qaa_1_4_found = false; - - } else { - stork_qaa_1_4_found = true; - authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); - } - break; + stork_qaa_1_4_found = true; + authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); + + } else { + for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) { + String qaa_uri = authnClassRef.getAuthnContextClassRef(); + if (qaa_uri.trim().equals(STORK_QAA_1_4) + || qaa_uri.trim().equals(STORK_QAA_1_3) + || qaa_uri.trim().equals(STORK_QAA_1_2) + || qaa_uri.trim().equals(STORK_QAA_1_1)) { + + if (authSession.isForeigner()) { + QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(), + STORK_QAA_PREFIX + oaParam.getQaaLevel()); + + stork_qaa_1_4_found = true; + authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); + + } else { + + QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(), + qaa_uri.trim()); + + stork_qaa_1_4_found = true; + authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); + } + break; } } - - if (!stork_qaa_1_4_found) { - throw new QAANotSupportedException(STORK_QAA_1_4); - } + } + + if (!stork_qaa_1_4_found) { + throw new QAANotSupportedException(STORK_QAA_1_4); } // reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs() @@ -187,12 +224,6 @@ public class PVP2AssertionBuilder implements PVPConstants { * null, true); } } */ - // TODO: LOAD oaParam from request and not from MOASession in case of - // SSO - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter( - peerEntity.getEntityID()); - AuthenticationData authData = AuthenticationServer .buildAuthenticationData(authSession, oaParam, oaParam.getTarget()); |