aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java81
1 files changed, 45 insertions, 36 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 17f76d35a..bc90da8df 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -74,6 +74,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedExcept
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.id.util.QAALevelVerifier;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
@@ -89,45 +90,59 @@ public class PVP2AssertionBuilder implements PVPConstants {
AuthnContextClassRef authnContextClassRef = SAML2Utils
.createSAMLObject(AuthnContextClassRef.class);
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(
+ peerEntity.getEntityID());
+
if (reqAuthnContext == null) {
authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
- } else {
+ }
- boolean stork_qaa_1_4_found = false;
+ boolean stork_qaa_1_4_found = false;
+
+ List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
+ .getAuthnContextClassRefs();
- List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
- .getAuthnContextClassRefs();
+ if (reqAuthnContextClassRefIt.size() == 0) {
+
+ QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(),
+ STORK_QAA_1_4);
- if (reqAuthnContextClassRefIt.size() == 0) {
- stork_qaa_1_4_found = true;
- authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
-
- } else {
- for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
- String qaa_uri = authnClassRef.getAuthnContextClassRef();
- if (qaa_uri.trim().equals(STORK_QAA_1_4)
- || qaa_uri.trim().equals(STORK_QAA_1_3)
- || qaa_uri.trim().equals(STORK_QAA_1_2)
- || qaa_uri.trim().equals(STORK_QAA_1_1)) {
-
- if (authSession.isForeigner()) {
- //TODO: insert QAA check
-
- stork_qaa_1_4_found = false;
-
- } else {
- stork_qaa_1_4_found = true;
- authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
- }
- break;
+ stork_qaa_1_4_found = true;
+ authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
+
+ } else {
+ for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
+ String qaa_uri = authnClassRef.getAuthnContextClassRef();
+ if (qaa_uri.trim().equals(STORK_QAA_1_4)
+ || qaa_uri.trim().equals(STORK_QAA_1_3)
+ || qaa_uri.trim().equals(STORK_QAA_1_2)
+ || qaa_uri.trim().equals(STORK_QAA_1_1)) {
+
+ if (authSession.isForeigner()) {
+ QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(),
+ STORK_QAA_PREFIX + oaParam.getQaaLevel());
+
+ stork_qaa_1_4_found = true;
+ authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel());
+
+ } else {
+
+ QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(),
+ qaa_uri.trim());
+
+ stork_qaa_1_4_found = true;
+ authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel());
+
}
+ break;
}
}
-
- if (!stork_qaa_1_4_found) {
- throw new QAANotSupportedException(STORK_QAA_1_4);
- }
+ }
+
+ if (!stork_qaa_1_4_found) {
+ throw new QAANotSupportedException(STORK_QAA_1_4);
}
// reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs()
@@ -209,12 +224,6 @@ public class PVP2AssertionBuilder implements PVPConstants {
* null, true); } }
*/
- // TODO: LOAD oaParam from request and not from MOASession in case of
- // SSO
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(
- peerEntity.getEntityID());
-
AuthenticationData authData = AuthenticationServer
.buildAuthenticationData(authSession, oaParam,
oaParam.getTarget());
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 00:35:16 +0000