From 7c361d450a97b9d79a1da90961fd727d2808f9c8 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 19 Feb 2020 13:22:40 +0100
Subject: inject mandate-profiles into eIDAS MS-Connector request in case of
 SEMPER mode

---
 .../EidSpMandateProfilesAttributeBuilder.java      | 50 ++++++++++++++++++++++
 .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder |  1 +
 .../tasks/CreateAuthnRequestTask.java              | 22 +++++++++-
 3 files changed, 71 insertions(+), 2 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java
new file mode 100644
index 000000000..c6eb74dd6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java
@@ -0,0 +1,50 @@
+package at.gv.egovernment.moa.id.protocols.builder.attributes;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+
+public class EidSpMandateProfilesAttributeBuilder implements IAttributeBuilder {
+  private static final Logger log = LoggerFactory.getLogger(EidSpMandateProfilesAttributeBuilder.class);
+
+  @Override
+  public <T> T build(final ISPConfiguration oaParam, final IAuthData authData, final IAttributeGenerator<T> g)
+      throws AttributeBuilderException {
+    if (oaParam instanceof IOAAuthParameters && ((IOAAuthParameters) oaParam).isShowMandateCheckBox()) {
+      return g.buildStringAttribute(getFriendlyName(), getName(),
+          StringUtils.join(
+              ((IOAAuthParameters) oaParam).getMandateProfiles(), ","));
+
+    } else {
+      log.info("{} is only available in AuthHandler context", getFriendlyName());
+
+    }
+    throw new UnavailableAttributeException(getName());
+
+  }
+
+  @Override
+  public <T> T buildEmpty(final IAttributeGenerator<T> g) {
+    return g.buildEmptyAttribute(getFriendlyName(), getName());
+
+  }
+
+  @Override
+  public String getName() {
+    return ExtendedPVPAttributeDefinitions.SP_USESMANDATES_NAME;
+  }
+
+  private String getFriendlyName() {
+    return ExtendedPVPAttributeDefinitions.SP_USESMANDATES_FRIENDLY_NAME;
+  }
+
+}
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
index a10b9b3e0..408066bf2 100644
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -23,3 +23,4 @@ at.gv.egovernment.moa.id.protocols.builder.attributes.HolderOfKey
 at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.EidSpMandateProfilesAttributeBuilders
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
index c1229e3ff..d3a2d2840 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
@@ -29,6 +29,7 @@ import java.util.List;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang3.StringUtils;
 import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -38,6 +39,7 @@ import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions;
 import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
@@ -55,6 +57,7 @@ import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentral
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.Utils;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -168,15 +171,30 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 	private List<EAAFRequestedAttribute> buildRequestedAttributes() {
 		List<EAAFRequestedAttribute> attributs = new ArrayList<EAAFRequestedAttribute>();
 		
+		OAAuthParameterDecorator spConfig = 
+		    pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class);
+		
 		//build EID sector for identification attribute
 		Attribute attr = PVPAttributeBuilder.buildEmptyAttribute(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME);
 		EAAFRequestedAttribute reqAttr = SAML2Utils.generateReqAuthnAttributeSimple(
 				attr , 
 				true, 
-				pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());	
+				spConfig.getAreaSpecificTargetIdentifier());	
 		attributs.add(reqAttr );		
 		
-		//TODO: add mandate information if mandates are used!!!!
+		 //build MandateProfileAttribute if SEMPER is enabled and mandates are requested
+    if (spConfig.isShowMandateCheckBox()
+        && authConfig.getBasicConfigurationBoolean(
+            EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) {
+      Logger.debug("SEMPER mode is active. Inject MandateProfiles into eIDAS MS-Connector request");
+      final Attribute attrMandateProfiles = PVPAttributeBuilder.buildEmptyAttribute(
+          ExtendedPVPAttributeDefinitions.SP_USESMANDATES_NAME);
+      final EAAFRequestedAttribute mandateProfilesReqAttr = SAML2Utils.generateReqAuthnAttributeSimple(
+          attrMandateProfiles, true,
+          StringUtils.join(spConfig.getMandateProfiles(), ","));
+      attributs.add(mandateProfilesReqAttr);
+
+    }
 		
 		return attributs;
 	}
-- 
cgit v1.2.3