1 files changed, 36 insertions, 29 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 40c85945f..056e2bba0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -59,23 +59,26 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
 import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.id.util.QAALevelVerifier;
 import at.gv.egovernment.moa.logging.Logger;
@@ -91,7 +94,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
 	 * @param issuerEntityID EnitiyID, which should be used for this IDP response 
 	 * @param attrQuery AttributeQuery request from Service-Provider
 	 * @param attrList List of PVP response attributes
-	 * @param now Current time
+	 * @param now Current time 
 	 * @param validTo ValidTo time of the assertion
 	 * @param qaaLevel QAA level of the authentication
 	 * @param sessionIndex SAML2 SessionIndex, which should be included	 * 
@@ -141,48 +144,51 @@ public class PVP2AssertionBuilder implements PVPConstants {
 		AuthnContextClassRef authnContextClassRef = SAML2Utils
 				.createSAMLObject(AuthnContextClassRef.class);
 		
-		IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+		ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
 		
 		if (reqAuthnContext == null) {
-			 authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
+			 authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
 			
 		} else {
 
-			boolean stork_qaa_1_4_found = false;
+			boolean eIDAS_qaa_found = false;
 	
 			List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
 					.getAuthnContextClassRefs();
 		
-			if (reqAuthnContextClassRefIt.size() == 0) {
-			 
-				QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), 
-						STORK_QAA_1_4);
+			if (reqAuthnContextClassRefIt.size() == 0) {			 
+				QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), EAAFConstants.EIDAS_QAA_HIGH);
 			
-				stork_qaa_1_4_found = true;
-				authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
+				eIDAS_qaa_found = true;
+				authnContextClassRef.setAuthnContextClassRef(EAAFConstants.EIDAS_QAA_HIGH);
 			 
 			} else {
 				for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
 					String qaa_uri = authnClassRef.getAuthnContextClassRef();
-					if (qaa_uri.trim().equals(STORK_QAA_1_4)
-							|| qaa_uri.trim().equals(STORK_QAA_1_3)
-							|| qaa_uri.trim().equals(STORK_QAA_1_2)
-							|| qaa_uri.trim().equals(STORK_QAA_1_1)) {
+					
+					if (qaa_uri.trim().startsWith(STORK_QAA_PREFIX)) {
+						Logger.debug("Find STORK QAA leven in AuthnRequest. Starting mapping to eIDAS level ... ");
+						qaa_uri = LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(qaa_uri.trim());
+						
+					}
+					
+					if (qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_HIGH)
+							|| qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_SUBSTANTIAL)
+							|| qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_LOW)) {
 					
 						 if (authData.isForeigner()) {
-							 QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), 
-									 STORK_QAA_PREFIX + oaParam.getQaaLevel());
+							 QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), oaParam.getMinimumLevelOfAssurence());
 							 
-							 stork_qaa_1_4_found = true;
-							 authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
+							 eIDAS_qaa_found = true;
+							 authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
 							 
 						 } else {
 							 
-							 QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), 
+							 QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), 
 									 qaa_uri.trim());
 							 
-							 stork_qaa_1_4_found = true;
-							 authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
+							 eIDAS_qaa_found = true;
+							 authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
 							 							 
 						 }
 						 break;
@@ -190,9 +196,9 @@ public class PVP2AssertionBuilder implements PVPConstants {
 				 }
 			 }
 	
-			if (!stork_qaa_1_4_found) {
-				throw new QAANotSupportedException(STORK_QAA_1_4);
-			}
+			if (!eIDAS_qaa_found)
+				throw new QAANotSupportedException(EAAFConstants.EIDAS_QAA_HIGH);
+				
 		}
 		
 
@@ -289,11 +295,12 @@ public class PVP2AssertionBuilder implements PVPConstants {
 		
 		//build nameID and nameID Format from moasession
 		//TODO: nameID generation
-		if (authData.isUseMandate()) {
+		if (authData instanceof IMOAAuthData && 
+				((IMOAAuthData)authData).isUseMandate()) {
 			String bpktype = null;
 			String bpk = null;
 			
-			Element mandate = authData.getMandate();
+			Element mandate = ((IMOAAuthData)authData).getMandate();
 			if(mandate != null) {
 				Logger.debug("Read mandator bPK|baseID from full-mandate ... ");
 				Mandate mandateObject = MandateBuilder.buildMandate(mandate);