1 files changed, 49 insertions, 14 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 3bd827667..859f4900b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -22,7 +22,6 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.stork2;
 
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -34,10 +33,12 @@ import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.storage.AssertionStorage;
 import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
 import eu.stork.peps.auth.commons.*;
 import eu.stork.peps.auth.engine.STORKSAMLEngine;
 import eu.stork.peps.exceptions.STORKSAMLEngineException;
@@ -67,14 +68,11 @@ public class AuthenticationRequest implements IAction {
 
 
     private VelocityEngine velocityEngine;
-    private IAuthData authData = null;
     private MOASTORKRequest moaStorkRequest = null;
 
 
     public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
 
-        this.authData = authData;
-
         if ((req instanceof MOASTORKRequest)) { // && ( ((MOASTORKRequest) req).getCitizenCountryCode() == null || ((MOASTORKRequest) req).getCitizenCountryCode().equals("AT") )) {
 
             this.moaStorkRequest = (MOASTORKRequest) req;
@@ -111,7 +109,40 @@ public class AuthenticationRequest implements IAction {
                // }
 
                 // Get personal attributtes from MOA/IdentityLink
-                moaStorkResponse.setPersonalAttributeList(populateAttributes(oaParam));
+                
+                //build STORK attributes from local authentication information
+                if (authData != null) {
+                	int reqQaa = -1;
+                	int authQaa = -1;
+                	try {
+                		reqQaa = moaStorkRequest.getStorkAuthnRequest().getQaa();
+                		authQaa = Integer.valueOf(
+                				authData.getQAALevel().substring(PVPConstants.STORK_QAA_PREFIX.length()));
+                		
+                		if (reqQaa > authQaa) {
+                			Logger.warn("Requested QAA level does not match to authenticated QAA level");
+                			throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa});
+                			
+                		}
+                	
+                	} catch (MOAIDException e) {
+                		throw e;
+                		
+                	} catch (Exception e) {
+                		if (Logger.isDebugEnabled())
+                			Logger.warn("STORK QAA Level evaluation error", e);
+                		
+                		else
+                			Logger.warn("STORK QAA Level evaluation error (ErrorMessage=" 
+                					+  e.getMessage() + ")");
+                		
+                		throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa});
+                		
+                	}
+                	                	
+                	moaStorkResponse.setPersonalAttributeList(populateAttributes(authData, oaParam));
+                	
+                }
             }
 
             //moaStorkResponse.setCountry(moaStorkRequest.getSpCountry());
@@ -370,15 +401,15 @@ public class AuthenticationRequest implements IAction {
 
             Logger.debug("Putting assertion consumer url as action: " + request.getAssertionConsumerServiceURL());
             context.put("action", request.getAssertionConsumerServiceURL());
-            Logger.debug("Starting template merge");
+            Logger.trace("Starting template merge");
             StringWriter writer = new StringWriter();
 
-            Logger.debug("Doing template merge");
+            Logger.trace("Doing template merge");
             template.merge(context, writer);
-            Logger.debug("Template merge done");
+            Logger.trace("Template merge done");
 
-            Logger.debug("Sending html content: " + writer.getBuffer().toString());
-            Logger.debug("Sending html content2  : " + new String(writer.getBuffer()));
+            Logger.trace("Sending html content: " + writer.getBuffer().toString());
+            Logger.trace("Sending html content2  : " + new String(writer.getBuffer()));
 
             httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
 
@@ -390,6 +421,10 @@ public class AuthenticationRequest implements IAction {
 
     public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
 
+    	//redirect to national PVP IDP infrastructure if special attributes are requested
+    	if (MiscUtil.isEmpty(req.getRequestedIDP()) && req instanceof MOASTORKRequest)
+    		return !STORKPVPUtilits.performAuthenticationOnNationalIDP((MOASTORKRequest) req);
+    	    	
 //        // authentication is not needed if we have authentication request from SP for citizen of configured PEPS country
 //        if (req instanceof MOASTORKRequest) {
 //            MOASTORKRequest moastorkRequest = (MOASTORKRequest) req;
@@ -444,14 +479,14 @@ public class AuthenticationRequest implements IAction {
 
     }
 
-    public PersonalAttributeList populateAttributes(IOAAuthParameters oaParam) {
+    public PersonalAttributeList populateAttributes(IAuthData authData, IOAAuthParameters oaParam) {
 
         IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList();
         Logger.info("Found " + attrLst.size() + " personal attributes in the request.");
-
+        
         // Define attribute list to be populated
         PersonalAttributeList attributeList = new PersonalAttributeList();
-        MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(authData.getIdentityLink(), moaStorkRequest);
+        MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(authData, moaStorkRequest);
 
         try {
             for (PersonalAttribute personalAttribute : attrLst) {
@@ -466,7 +501,7 @@ public class AuthenticationRequest implements IAction {
             Logger.error("Exception, attributes: " + e.getMessage());
         }
 
-        Logger.debug("AUTHBLOCK " + authData.getAuthBlock());
+        Logger.trace("AUTHBLOCK " + authData.getAuthBlock());
         Logger.debug("SESSION IDENTIFIER " + authData.getCcc() + " " + oaParam.getIdentityLinkDomainIdentifier());
 
         return attributeList;