aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java157
1 files changed, 118 insertions, 39 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 5f16bcfce..79a1c3e0f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -23,6 +23,7 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion;
import java.security.MessageDigest;
+import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
@@ -30,6 +31,7 @@ import org.joda.time.DateTime;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeQuery;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.Audience;
import org.opensaml.saml2.core.AudienceRestriction;
@@ -61,6 +63,7 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPers
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
@@ -79,13 +82,65 @@ import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.MiscUtil;
public class PVP2AssertionBuilder implements PVPConstants {
+
+ public static Assertion buildAssertion(AttributeQuery attrQuery,
+ List<String> reqAttributes, IAuthData authData, DateTime date, String sessionIndex) throws ConfigurationException {
+
+
+ AuthnContextClassRef authnContextClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
+ authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
+
+ List<Attribute> attrList = new ArrayList<Attribute>();
+ if (reqAttributes != null) {
+ Iterator<String> it = reqAttributes.iterator();
+ while (it.hasNext()) {
+ String reqAttributName = it.next();
+ try {
+ Attribute attr = PVPAttributeBuilder.buildAttribute(
+ reqAttributName, null, authData);
+ if (attr == null) {
+ Logger.error(
+ "Attribute generation failed! for "
+ + reqAttributName);
+
+ } else {
+ attrList.add(attr);
+
+ }
+
+ } catch (PVP2Exception e) {
+ Logger.error(
+ "Attribute generation failed! for "
+ + reqAttributName);
+
+ } catch (Exception e) {
+ Logger.error(
+ "General Attribute generation failed! for "
+ + reqAttributName);
+
+ }
+ }
+ }
+
+
+ NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
+ subjectNameID.setFormat(attrQuery.getSubject().getNameID().getFormat());
+ subjectNameID.setValue(attrQuery.getSubject().getNameID().getValue());
+
+ SubjectConfirmationData subjectConfirmationData = null;
+
+ return buildGenericAssertion(attrQuery.getIssuer().getValue(), date,
+ authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex);
+ }
+
public static Assertion buildAssertion(AuthnRequest authnRequest,
IAuthData authData, EntityDescriptor peerEntity, DateTime date,
AssertionConsumerService assertionConsumerService, SLOInformationImpl sloInformation)
throws MOAIDException {
- Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
+
RequestedAuthnContext reqAuthnContext = authnRequest
.getRequestedAuthnContext();
@@ -149,29 +204,13 @@ public class PVP2AssertionBuilder implements PVPConstants {
}
}
- AuthnContext authnContext = SAML2Utils
- .createSAMLObject(AuthnContext.class);
- authnContext.setAuthnContextClassRef(authnContextClassRef);
-
- AuthnStatement authnStatement = SAML2Utils
- .createSAMLObject(AuthnStatement.class);
-
- String sessionIndex = SAML2Utils.getSecureIdentifier();
- authnStatement.setAuthnInstant(date);
- authnStatement.setSessionIndex(sessionIndex);
- authnStatement.setAuthnContext(authnContext);
- assertion.getAuthnStatements().add(authnStatement);
SPSSODescriptor spSSODescriptor = peerEntity
.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-
- AttributeStatement attributeStatement = SAML2Utils
- .createSAMLObject(AttributeStatement.class);
-
- Subject subject = SAML2Utils.createSAMLObject(Subject.class);
-
+
//add Attributes to Assertion
+ List<Attribute> attrList = new ArrayList<Attribute>();
if (spSSODescriptor.getAttributeConsumingServices() != null &&
spSSODescriptor.getAttributeConsumingServices().size() > 0) {
@@ -192,7 +231,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
attributeConsumingService = el;
}
}
-
+
if (attributeConsumingService != null) {
Iterator<RequestedAttribute> it = attributeConsumingService
.getRequestAttributes().iterator();
@@ -207,7 +246,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
reqAttribut.getName());
}
} else {
- attributeStatement.getAttributes().add(attr);
+ attrList.add(attr);
}
} catch (PVP2Exception e) {
Logger.error(
@@ -231,13 +270,10 @@ public class PVP2AssertionBuilder implements PVPConstants {
}
}
}
- if (attributeStatement.getAttributes().size() > 0) {
- assertion.getAttributeStatements().add(attributeStatement);
- }
NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
- //TLenz: set correct bPK Type and Value from AuthData
+ //build nameID and nameID Format from moasession
if (authData.isUseMandate()) {
Element mandate = authData.getMandate();
if(mandate == null) {
@@ -337,21 +373,68 @@ public class PVP2AssertionBuilder implements PVPConstants {
}
} else
- subjectNameID.setFormat(nameIDFormat);
-
-
- subject.setNameID(subjectNameID);
-
- SubjectConfirmation subjectConfirmation = SAML2Utils
- .createSAMLObject(SubjectConfirmation.class);
- subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
+ subjectNameID.setFormat(nameIDFormat);
+
+
+ String sessionIndex = null;
+
+ //if request is a reauthentication and NameIDFormat match reuse old session information
+ if (MiscUtil.isNotEmpty(authData.getNameID()) &&
+ MiscUtil.isNotEmpty(authData.getNameIDFormat()) &&
+ nameIDFormat.equals(authData.getNameIDFormat())) {
+ subjectNameID.setValue(authData.getNameID());
+ sessionIndex = authData.getSessionIndex();
+
+ } else
+ sessionIndex = SAML2Utils.getSecureIdentifier();
+
SubjectConfirmationData subjectConfirmationData = SAML2Utils
.createSAMLObject(SubjectConfirmationData.class);
subjectConfirmationData.setInResponseTo(authnRequest.getID());
subjectConfirmationData.setNotOnOrAfter(date.plusMinutes(5));
subjectConfirmationData.setRecipient(assertionConsumerService.getLocation());
+
+ //set SLO information
+ sloInformation.setUserNameIdentifier(subjectNameID.getValue());
+ sloInformation.setNameIDFormat(subjectNameID.getFormat());
+ sloInformation.setSessionIndex(sessionIndex);
+
+ return buildGenericAssertion(peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex);
+ }
+
+ private static Assertion buildGenericAssertion(String entityID, DateTime date,
+ AuthnContextClassRef authnContextClassRef, List<Attribute> attrList,
+ NameID subjectNameID, SubjectConfirmationData subjectConfirmationData,
+ String sessionIndex) throws ConfigurationException {
+ Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
+
+ AuthnContext authnContext = SAML2Utils
+ .createSAMLObject(AuthnContext.class);
+ authnContext.setAuthnContextClassRef(authnContextClassRef);
+
+ AuthnStatement authnStatement = SAML2Utils
+ .createSAMLObject(AuthnStatement.class);
+
+ authnStatement.setAuthnInstant(date);
+ authnStatement.setSessionIndex(sessionIndex);
+ authnStatement.setAuthnContext(authnContext);
+ assertion.getAuthnStatements().add(authnStatement);
+
+ AttributeStatement attributeStatement = SAML2Utils
+ .createSAMLObject(AttributeStatement.class);
+ attributeStatement.getAttributes().addAll(attrList);
+ if (attributeStatement.getAttributes().size() > 0) {
+ assertion.getAttributeStatements().add(attributeStatement);
+ }
+
+ Subject subject = SAML2Utils.createSAMLObject(Subject.class);
+ subject.setNameID(subjectNameID);
+
+ SubjectConfirmation subjectConfirmation = SAML2Utils
+ .createSAMLObject(SubjectConfirmation.class);
+ subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
subject.getSubjectConfirmations().add(subjectConfirmation);
@@ -361,7 +444,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
.createSAMLObject(AudienceRestriction.class);
Audience audience = SAML2Utils.createSAMLObject(Audience.class);
- audience.setAudienceURI(peerEntity.getEntityID());
+ audience.setAudienceURI(entityID);
audienceRestriction.getAudiences().add(audience);
conditions.setNotBefore(date);
@@ -380,11 +463,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
assertion.setSubject(subject);
assertion.setID(SAML2Utils.getSecureIdentifier());
assertion.setIssueInstant(date);
-
- //set SLO information
- sloInformation.setUserNameIdentifier(subjectNameID.getValue());
- sloInformation.setSessionIndex(sessionIndex);
- return assertion;
+ return assertion;
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-23 00:04:37 +0000