aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java167
1 files changed, 98 insertions, 69 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 03cfe27d7..7a7044ebf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -66,7 +66,6 @@ import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
@@ -86,45 +85,24 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class PVP2AssertionBuilder implements PVPConstants {
- public static Assertion buildAssertion(IRequest pendingReq, AttributeQuery attrQuery,
- List<String> reqAttributes, IAuthData authData, DateTime date, String sessionIndex) throws ConfigurationException {
-
-
+ /**
+ * Build a PVP assertion as response for a SAML2 AttributeQuery request
+ *
+ * @param issuerEntityID EnitiyID, which should be used for this IDP response
+ * @param attrQuery AttributeQuery request from Service-Provider
+ * @param attrList List of PVP response attributes
+ * @param now Current time
+ * @param validTo ValidTo time of the assertion
+ * @param qaaLevel QAA level of the authentication
+ * @param sessionIndex SAML2 SessionIndex, which should be included *
+ * @return PVP 2.1 Assertion
+ * @throws ConfigurationException
+ */
+ public static Assertion buildAssertion(String issuerEntityID, AttributeQuery attrQuery,
+ List<Attribute> attrList, DateTime now, DateTime validTo, String qaaLevel, String sessionIndex) throws ConfigurationException {
+
AuthnContextClassRef authnContextClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
- authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
-
- List<Attribute> attrList = new ArrayList<Attribute>();
- if (reqAttributes != null) {
- Iterator<String> it = reqAttributes.iterator();
- while (it.hasNext()) {
- String reqAttributName = it.next();
- try {
- Attribute attr = PVPAttributeBuilder.buildAttribute(
- reqAttributName, null, authData);
- if (attr == null) {
- Logger.error(
- "Attribute generation failed! for "
- + reqAttributName);
-
- } else {
- attrList.add(attr);
-
- }
-
- } catch (PVP2Exception e) {
- Logger.error(
- "Attribute generation failed! for "
- + reqAttributName);
-
- } catch (Exception e) {
- Logger.error(
- "General Attribute generation failed! for "
- + reqAttributName, e);
-
- }
- }
- }
-
+ authnContextClassRef.setAuthnContextClassRef(qaaLevel);
NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
subjectNameID.setFormat(attrQuery.getSubject().getNameID().getFormat());
@@ -132,17 +110,31 @@ public class PVP2AssertionBuilder implements PVPConstants {
SubjectConfirmationData subjectConfirmationData = null;
- return buildGenericAssertion(pendingReq.getAuthURL(), attrQuery.getIssuer().getValue(), date,
+ return buildGenericAssertion(issuerEntityID, attrQuery.getIssuer().getValue(), now,
authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex,
- new DateTime(authData.getSsoSessionValidTo().getTime()));
+ validTo);
}
-
- public static Assertion buildAssertion(PVPTargetConfiguration pendingReq, AuthnRequest authnRequest,
+
+
+ /**
+ * Build a PVP 2.1 assertion as response of a SAML2 AuthnRequest
+ *
+ * @param issuerEntityID EnitiyID, which should be used for this IDP response
+ * @param pendingReq Current processed pendingRequest DAO
+ * @param authnRequest Current processed PVP AuthnRequest
+ * @param authData AuthenticationData of the user, which is already authenticated
+ * @param peerEntity SAML2 EntityDescriptor of the service-provider, which receives the response
+ * @param date TimeStamp
+ * @param assertionConsumerService SAML2 endpoint of the service-provider, which should be used
+ * @param sloInformation Single LogOut information DAO
+ * @return
+ * @throws MOAIDException
+ */
+ public static Assertion buildAssertion(String issuerEntityID, PVPTargetConfiguration pendingReq, AuthnRequest authnRequest,
IAuthData authData, EntityDescriptor peerEntity, DateTime date,
AssertionConsumerService assertionConsumerService, SLOInformationImpl sloInformation)
throws MOAIDException {
-
RequestedAuthnContext reqAuthnContext = authnRequest
.getRequestedAuthnContext();
@@ -282,37 +274,74 @@ public class PVP2AssertionBuilder implements PVPConstants {
}
NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
-
+
//build nameID and nameID Format from moasession
//TODO: nameID generation
if (authData.isUseMandate()) {
- Element mandate = authData.getMandate();
- if(mandate == null) {
- throw new NoMandateDataAvailableException();
- }
- Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if(mandateObject == null) {
- throw new NoMandateDataAvailableException();
- }
- CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
- PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson();
+ String bpktype = null;
+ String bpk = null;
- IdentificationType id;
- if(corporation != null && corporation.getIdentification().size() > 0)
- id = corporation.getIdentification().get(0);
-
+ Element mandate = authData.getMandate();
+ if(mandate != null) {
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+ PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson();
- else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0)
- id = pysicalperson.getIdentification().get(0);
+ IdentificationType id;
+ if(corporation != null && corporation.getIdentification().size() > 0)
+ id = corporation.getIdentification().get(0);
+
+
+ else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0)
+ id = pysicalperson.getIdentification().get(0);
+
+ else {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }
+
+ bpktype = id.getType();
+ bpk = id.getValue().getValue();
+
+ } else {
+ Logger.debug("Read mandatpr bPK|baseID from PVP attributes ... ");
+ bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME, String.class);
+ bpktype = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, String.class);
- else {
- Logger.error("Failed to generate IdentificationType");
- throw new NoMandateDataAvailableException();
+ if (MiscUtil.isEmpty(bpk)) {
+ //no sourcePin is included --> search for bPK
+ bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_BPK_NAME, String.class);
+
+ //set bPK-Type from configuration, because it MUST be equal to service-provider type
+ if (oaParam.getBusinessService()) {
+ if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
+ bpktype = oaParam.getIdentityLinkDomainIdentifier();
+ else
+ bpktype = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier();
+
+ } else {
+ if (oaParam.getTarget().startsWith(Constants.URN_PREFIX_CDID + "+"))
+ bpktype = oaParam.getTarget();
+ else
+ bpktype = Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget();
+
+ }
+
+ } else {
+ //sourcePin is include --> check sourcePinType
+ if (MiscUtil.isEmpty(bpktype))
+ bpktype = Constants.URN_PREFIX_BASEID;
+
+ }
}
-
- String bpktype = id.getType();
- String bpk = id.getValue().getValue();
+ if (MiscUtil.isEmpty(bpk) || MiscUtil.isEmpty(bpktype)) {
+ throw new NoMandateDataAvailableException();
+
+ }
if (bpktype.equals(Constants.URN_PREFIX_BASEID)) {
if (oaParam.getBusinessService()) {
@@ -335,7 +364,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
subjectNameID.setNameQualifier(bpktype);
subjectNameID.setValue(bpk);
}
-
+
} else {
subjectNameID.setNameQualifier(authData.getBPKType());
subjectNameID.setValue(authData.getBPK());
@@ -414,7 +443,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
sloInformation.setNameIDFormat(subjectNameID.getFormat());
sloInformation.setSessionIndex(sessionIndex);
- return buildGenericAssertion(pendingReq.getAuthURL(), peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter());
+ return buildGenericAssertion(issuerEntityID, peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter());
}
/**
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 11:55:15 +0000