diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java | 63 |
1 files changed, 49 insertions, 14 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 3bd827667..859f4900b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -22,7 +22,6 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.stork2; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -34,10 +33,12 @@ import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; import eu.stork.peps.auth.commons.*; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; @@ -67,14 +68,11 @@ public class AuthenticationRequest implements IAction { private VelocityEngine velocityEngine; - private IAuthData authData = null; private MOASTORKRequest moaStorkRequest = null; public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { - this.authData = authData; - if ((req instanceof MOASTORKRequest)) { // && ( ((MOASTORKRequest) req).getCitizenCountryCode() == null || ((MOASTORKRequest) req).getCitizenCountryCode().equals("AT") )) { this.moaStorkRequest = (MOASTORKRequest) req; @@ -111,7 +109,40 @@ public class AuthenticationRequest implements IAction { // } // Get personal attributtes from MOA/IdentityLink - moaStorkResponse.setPersonalAttributeList(populateAttributes(oaParam)); + + //build STORK attributes from local authentication information + if (authData != null) { + int reqQaa = -1; + int authQaa = -1; + try { + reqQaa = moaStorkRequest.getStorkAuthnRequest().getQaa(); + authQaa = Integer.valueOf( + authData.getQAALevel().substring(PVPConstants.STORK_QAA_PREFIX.length())); + + if (reqQaa > authQaa) { + Logger.warn("Requested QAA level does not match to authenticated QAA level"); + throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa}); + + } + + } catch (MOAIDException e) { + throw e; + + } catch (Exception e) { + if (Logger.isDebugEnabled()) + Logger.warn("STORK QAA Level evaluation error", e); + + else + Logger.warn("STORK QAA Level evaluation error (ErrorMessage=" + + e.getMessage() + ")"); + + throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa}); + + } + + moaStorkResponse.setPersonalAttributeList(populateAttributes(authData, oaParam)); + + } } //moaStorkResponse.setCountry(moaStorkRequest.getSpCountry()); @@ -370,15 +401,15 @@ public class AuthenticationRequest implements IAction { Logger.debug("Putting assertion consumer url as action: " + request.getAssertionConsumerServiceURL()); context.put("action", request.getAssertionConsumerServiceURL()); - Logger.debug("Starting template merge"); + Logger.trace("Starting template merge"); StringWriter writer = new StringWriter(); - Logger.debug("Doing template merge"); + Logger.trace("Doing template merge"); template.merge(context, writer); - Logger.debug("Template merge done"); + Logger.trace("Template merge done"); - Logger.debug("Sending html content: " + writer.getBuffer().toString()); - Logger.debug("Sending html content2 : " + new String(writer.getBuffer())); + Logger.trace("Sending html content: " + writer.getBuffer().toString()); + Logger.trace("Sending html content2 : " + new String(writer.getBuffer())); httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8")); @@ -390,6 +421,10 @@ public class AuthenticationRequest implements IAction { public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { + //redirect to national PVP IDP infrastructure if special attributes are requested + if (MiscUtil.isEmpty(req.getRequestedIDP()) && req instanceof MOASTORKRequest) + return !STORKPVPUtilits.performAuthenticationOnNationalIDP((MOASTORKRequest) req); + // // authentication is not needed if we have authentication request from SP for citizen of configured PEPS country // if (req instanceof MOASTORKRequest) { // MOASTORKRequest moastorkRequest = (MOASTORKRequest) req; @@ -444,14 +479,14 @@ public class AuthenticationRequest implements IAction { } - public PersonalAttributeList populateAttributes(IOAAuthParameters oaParam) { + public PersonalAttributeList populateAttributes(IAuthData authData, IOAAuthParameters oaParam) { IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList(); Logger.info("Found " + attrLst.size() + " personal attributes in the request."); - + // Define attribute list to be populated PersonalAttributeList attributeList = new PersonalAttributeList(); - MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(authData.getIdentityLink(), moaStorkRequest); + MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(authData, moaStorkRequest); try { for (PersonalAttribute personalAttribute : attrLst) { @@ -466,7 +501,7 @@ public class AuthenticationRequest implements IAction { Logger.error("Exception, attributes: " + e.getMessage()); } - Logger.debug("AUTHBLOCK " + authData.getAuthBlock()); + Logger.trace("AUTHBLOCK " + authData.getAuthBlock()); Logger.debug("SESSION IDENTIFIER " + authData.getCcc() + " " + oaParam.getIdentityLinkDomainIdentifier()); return attributeList; |