diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java | 65 |
1 files changed, 36 insertions, 29 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 40c85945f..056e2bba0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -59,23 +59,26 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.util.LoALevelMapper; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.id.util.QAALevelVerifier; import at.gv.egovernment.moa.logging.Logger; @@ -91,7 +94,7 @@ public class PVP2AssertionBuilder implements PVPConstants { * @param issuerEntityID EnitiyID, which should be used for this IDP response * @param attrQuery AttributeQuery request from Service-Provider * @param attrList List of PVP response attributes - * @param now Current time + * @param now Current time * @param validTo ValidTo time of the assertion * @param qaaLevel QAA level of the authentication * @param sessionIndex SAML2 SessionIndex, which should be included * @@ -141,48 +144,51 @@ public class PVP2AssertionBuilder implements PVPConstants { AuthnContextClassRef authnContextClassRef = SAML2Utils .createSAMLObject(AuthnContextClassRef.class); - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration(); if (reqAuthnContext == null) { - authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel()); + authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel()); } else { - boolean stork_qaa_1_4_found = false; + boolean eIDAS_qaa_found = false; List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext .getAuthnContextClassRefs(); - if (reqAuthnContextClassRefIt.size() == 0) { - - QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), - STORK_QAA_1_4); + if (reqAuthnContextClassRefIt.size() == 0) { + QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), EAAFConstants.EIDAS_QAA_HIGH); - stork_qaa_1_4_found = true; - authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); + eIDAS_qaa_found = true; + authnContextClassRef.setAuthnContextClassRef(EAAFConstants.EIDAS_QAA_HIGH); } else { for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) { String qaa_uri = authnClassRef.getAuthnContextClassRef(); - if (qaa_uri.trim().equals(STORK_QAA_1_4) - || qaa_uri.trim().equals(STORK_QAA_1_3) - || qaa_uri.trim().equals(STORK_QAA_1_2) - || qaa_uri.trim().equals(STORK_QAA_1_1)) { + + if (qaa_uri.trim().startsWith(STORK_QAA_PREFIX)) { + Logger.debug("Find STORK QAA leven in AuthnRequest. Starting mapping to eIDAS level ... "); + qaa_uri = LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(qaa_uri.trim()); + + } + + if (qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_HIGH) + || qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_SUBSTANTIAL) + || qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_LOW)) { if (authData.isForeigner()) { - QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), - STORK_QAA_PREFIX + oaParam.getQaaLevel()); + QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), oaParam.getMinimumLevelOfAssurence()); - stork_qaa_1_4_found = true; - authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel()); + eIDAS_qaa_found = true; + authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel()); } else { - QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), + QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), qaa_uri.trim()); - stork_qaa_1_4_found = true; - authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel()); + eIDAS_qaa_found = true; + authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel()); } break; @@ -190,9 +196,9 @@ public class PVP2AssertionBuilder implements PVPConstants { } } - if (!stork_qaa_1_4_found) { - throw new QAANotSupportedException(STORK_QAA_1_4); - } + if (!eIDAS_qaa_found) + throw new QAANotSupportedException(EAAFConstants.EIDAS_QAA_HIGH); + } @@ -289,11 +295,12 @@ public class PVP2AssertionBuilder implements PVPConstants { //build nameID and nameID Format from moasession //TODO: nameID generation - if (authData.isUseMandate()) { + if (authData instanceof IMOAAuthData && + ((IMOAAuthData)authData).isUseMandate()) { String bpktype = null; String bpk = null; - Element mandate = authData.getMandate(); + Element mandate = ((IMOAAuthData)authData).getMandate(); if(mandate != null) { Logger.debug("Read mandator bPK|baseID from full-mandate ... "); Mandate mandateObject = MandateBuilder.buildMandate(mandate); |