1 files changed, 34 insertions, 3 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index aa018d5a3..d59191c08 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -33,6 +33,7 @@ import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.storage.AssertionStorage;
 import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
@@ -110,8 +111,38 @@ public class AuthenticationRequest implements IAction {
                 // Get personal attributtes from MOA/IdentityLink
                 
                 //build STORK attributes from local authentication information
-                if (authData != null)
+                if (authData != null) {
+                	int reqQaa = -1;
+                	int authQaa = -1;
+                	try {
+                		reqQaa = moaStorkRequest.getStorkAuthnRequest().getQaa();
+                		authQaa = Integer.valueOf(
+                				authData.getQAALevel().substring(PVPConstants.STORK_QAA_PREFIX.length()));
+                		
+                		if (reqQaa > authQaa) {
+                			Logger.warn("Requested QAA level does not match to authenticated QAA level");
+                			throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa});
+                			
+                		}
+                	
+                	} catch (MOAIDException e) {
+                		throw e;
+                		
+                	} catch (Exception e) {
+                		if (Logger.isDebugEnabled())
+                			Logger.warn("STORK QAA Level evaluation error", e);
+                		
+                		else
+                			Logger.warn("STORK QAA Level evaluation error (ErrorMessage=" 
+                					+  e.getMessage() + ")");
+                		
+                		throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa});
+                		
+                	}
+                	                	
                 	moaStorkResponse.setPersonalAttributeList(populateAttributes(authData, oaParam));
+                	
+                }
             }
 
             //moaStorkResponse.setCountry(moaStorkRequest.getSpCountry());
@@ -452,7 +483,7 @@ public class AuthenticationRequest implements IAction {
 
         IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList();
         Logger.info("Found " + attrLst.size() + " personal attributes in the request.");
-
+        
         // Define attribute list to be populated
         PersonalAttributeList attributeList = new PersonalAttributeList();
         MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(authData, moaStorkRequest);
@@ -470,7 +501,7 @@ public class AuthenticationRequest implements IAction {
             Logger.error("Exception, attributes: " + e.getMessage());
         }
 
-        Logger.debug("AUTHBLOCK " + authData.getAuthBlock());
+        Logger.trace("AUTHBLOCK " + authData.getAuthBlock());
         Logger.debug("SESSION IDENTIFIER " + authData.getCcc() + " " + oaParam.getIdentityLinkDomainIdentifier());
 
         return attributeList;