aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java78
1 files changed, 53 insertions, 25 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index 8322f0cea..42e9bf25d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -26,12 +26,8 @@ import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
-import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute;
-import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -54,7 +50,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
- * the AttributeCollector Action tries to get all requested attributes from a set of {@link AttributeProvider} Plugins.
+ * The AttributeCollector Action tries to get all requested attributes from a set of {@link AttributeProvider} Plugins.
* The class is called whenever the {@link AuthenticationRequest} Action is invoked and checks for missing attributes.
* Furthermore, the class can handle direct posts. That is when the class triggers an attribute query which needs user
* interaction, redirect to another portal, etc. The redirect will hit here and the class can continue to fetch attributes.
@@ -84,8 +80,6 @@ public class AttributeCollector implements IAction {
}
- // TODO extract attribute response and check if it corresponds to the container
-
if (httpReq.getParameter("SAMLResponse") != null) {
Logger.info("Got SAML response from external attribute provider.");
@@ -110,7 +104,7 @@ public class AttributeCollector implements IAction {
STORKAuthnResponse authnResponse = null;
- // check if valid authn request is contained
+ // check if valid authn response is contained
try {
authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, httpReq.getRemoteAddr());
} catch (STORKSAMLEngineException ex) {
@@ -119,9 +113,25 @@ public class AttributeCollector implements IAction {
STORK2Response.setSTORKAuthnResponseToken(decSamlToken);
+ // check if the attributes are provided for the same person from request
+ // requires presence of eIdentifier for unambigious correlation
+ Logger.debug("Checking if the attribute relates to the correct person..");
+ try {
+ String remoteEIdentifier= authnResponse.getPersonalAttributeList().get("eIdentifier").getValue().get(0);
+ String localEidentifier= container.getResponse().getStorkAuthnResponse().getPersonalAttributeList().get("eIdentifier").getValue().get(0);
+ if (!remoteEIdentifier.equals(localEidentifier)) {
+ Logger.error("The attribute is not provided for the same person!");
+ throw new MOAIDException("stork.25", null);
+ }
+ } catch (NullPointerException ex) {
+ Logger.warn("Could not check the correlation of attributes from external provider. Ignoring the check.");
+ //Logger.debug(ex);
+ //throw new MOAIDException("stork.04", null); // TODO revise message, raise exception when ehvd checked
+ }
+
if (authnResponse.getPersonalAttributeList().size() > 0) {
Logger.info("Response from external attribute provider contains " + authnResponse.getPersonalAttributeList().size() + " attributes.");
- addOrUpdateAll(container.getResponse().getPersonalAttributeList(), authnResponse.getPersonalAttributeList());
+ container.getResponse().setPersonalAttributeList(addOrUpdateAll(container.getResponse().getPersonalAttributeList(), authnResponse.getPersonalAttributeList()));
}
}
@@ -157,7 +167,7 @@ public class AttributeCollector implements IAction {
// - insert the embedded attribute(s) into the container
if (null != newAttributes)
- addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes);
+ container.getResponse().setPersonalAttributeList(addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes));
// see if we need some more attributes
SLOInformationImpl sloInfo = (SLOInformationImpl) processRequest(container, httpReq, httpResp, authData, oaParam);
@@ -184,9 +194,21 @@ public class AttributeCollector implements IAction {
IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList();
IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList();
List<PersonalAttribute> missingAttributes = new ArrayList<PersonalAttribute>();
+ Logger.debug("aquire list of missing attributes");
for (PersonalAttribute current : requestAttributeList)
- if (!responseAttributeList.containsKey(current.getName()))
- missingAttributes.add(current);
+ if (!responseAttributeList.containsKey(current.getName())) {
+ if(null == current.getStatus() || (null != current.getStatus() && !current.getStatus().equals(AttributeStatusType.WITHHELD.value()))) {
+ // add the ones we need
+ missingAttributes.add(current);
+ Logger.debug("add " + current.getName() + " to the list of missing attributes");
+ }
+ } else {
+ // remove the ones we do not want to share from the response list
+ if(null != current.getStatus() && current.getStatus().equals(AttributeStatusType.WITHHELD.value())) {
+ responseAttributeList.remove(current.getName());
+ Logger.debug("remove " + current.getName() + " from the list of resulting attributes because the user does not want to disclose the data");
+ }
+ }
Logger.info("collecting attributes...");
Logger.debug("found " + missingAttributes.size() + " missing attributes");
@@ -203,7 +225,8 @@ public class AttributeCollector implements IAction {
IPersonalAttributeList aquiredAttributes = new PersonalAttributeList();
currentAttribute.setStatus(AttributeStatusType.NOT_AVAILABLE.value());
aquiredAttributes.add((PersonalAttribute) currentAttribute.clone());
- addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes);
+ container.getResponse().setPersonalAttributeList(
+ addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes));
// - check if we can find a suitable AttributeProvider Plugin
Iterator<AttributeProvider> attibuteProvidersInterator = AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs());
@@ -247,15 +270,12 @@ public class AttributeCollector implements IAction {
Logger.error("We have no suitable plugin for obtaining the attribute '" + currentAttribute.getName() + "'");
} else
// else, update any existing attributes
- addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes);
+ container.getResponse().setPersonalAttributeList(addOrUpdateAll(container.getResponse().getPersonalAttributeList(), aquiredAttributes));
}
Logger.info("collecting attributes done");
// ask for consent if necessary
- if(oaParam.isRequireConsentForStorkAttributes())
- new ConsentEvaluator().requestConsent(container, response, oaParam);
- else
- new ConsentEvaluator().generateSTORKResponse(response, container);
+ new ConsentEvaluator().generateSTORKResponse(response, container);
return null; // AssertionId
// TODO
@@ -296,15 +316,21 @@ public class AttributeCollector implements IAction {
*
* @param target the target
* @param source the source
+ * @return
* @throws MOAIDException
*/
- private void addOrUpdateAll(IPersonalAttributeList target, IPersonalAttributeList source) throws MOAIDException {
+ private PersonalAttributeList addOrUpdateAll(IPersonalAttributeList target, IPersonalAttributeList source) throws MOAIDException {
+
+ PersonalAttributeList updatedList = new PersonalAttributeList();
+ for (PersonalAttribute el : target)
+ updatedList.add(el);
+
Logger.debug("Updating " + source.size() + " attributes...");
for (PersonalAttribute current : source) {
Logger.debug("treating " + current.getName());
// check if we need to update the current pa
- if (target.containsKey(current.getName())) {
+ if (updatedList.containsKey(current.getName())) {
PersonalAttribute existing = target.get(current.getName());
if(!(existing.isEmptyValue() && existing.isEmptyComplexValue()))
if(!(existing.getValue().equals(current.getValue()) || existing.getComplexValue().equals(current.getComplexValue()))) {
@@ -312,14 +338,16 @@ public class AttributeCollector implements IAction {
throw new MOAIDException("stork.16", new Object[] {existing.getName()});
}
- target.get(current.getName()).setStatus(current.getStatus());
- target.get(current.getName()).setValue(current.getValue());
- target.get(current.getName()).setComplexValue(current.getComplexValue());
+ updatedList.get(current.getName()).setStatus(current.getStatus());
+ updatedList.get(current.getName()).setValue(current.getValue());
+ updatedList.get(current.getName()).setComplexValue(current.getComplexValue());
} else
- target.add(current);
+ updatedList.add(current);
- Logger.debug("...successfully treated " + current.getName());
+ Logger.debug("...successfully treated " + current.getName());
}
+
+ return updatedList;
}
/* (non-Javadoc)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-17 23:06:24 +0000