From 7c361d450a97b9d79a1da90961fd727d2808f9c8 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 19 Feb 2020 13:22:40 +0100 Subject: inject mandate-profiles into eIDAS MS-Connector request in case of SEMPER mode --- .../EidSpMandateProfilesAttributeBuilder.java | 50 ++++++++++++++++++++++ .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder | 1 + .../tasks/CreateAuthnRequestTask.java | 22 +++++++++- 3 files changed, 71 insertions(+), 2 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java new file mode 100644 index 000000000..c6eb74dd6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java @@ -0,0 +1,50 @@ +package at.gv.egovernment.moa.id.protocols.builder.attributes; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; + +public class EidSpMandateProfilesAttributeBuilder implements IAttributeBuilder { + private static final Logger log = LoggerFactory.getLogger(EidSpMandateProfilesAttributeBuilder.class); + + @Override + public T build(final ISPConfiguration oaParam, final IAuthData authData, final IAttributeGenerator g) + throws AttributeBuilderException { + if (oaParam instanceof IOAAuthParameters && ((IOAAuthParameters) oaParam).isShowMandateCheckBox()) { + return g.buildStringAttribute(getFriendlyName(), getName(), + StringUtils.join( + ((IOAAuthParameters) oaParam).getMandateProfiles(), ",")); + + } else { + log.info("{} is only available in AuthHandler context", getFriendlyName()); + + } + throw new UnavailableAttributeException(getName()); + + } + + @Override + public T buildEmpty(final IAttributeGenerator g) { + return g.buildEmptyAttribute(getFriendlyName(), getName()); + + } + + @Override + public String getName() { + return ExtendedPVPAttributeDefinitions.SP_USESMANDATES_NAME; + } + + private String getFriendlyName() { + return ExtendedPVPAttributeDefinitions.SP_USESMANDATES_FRIENDLY_NAME; + } + +} diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index a10b9b3e0..408066bf2 100644 --- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder +++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -23,3 +23,4 @@ at.gv.egovernment.moa.id.protocols.builder.attributes.HolderOfKey at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder +at.gv.egovernment.moa.id.protocols.builder.attributes.EidSpMandateProfilesAttributeBuilders diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java index c1229e3ff..d3a2d2840 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java @@ -29,6 +29,7 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang3.StringUtils; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.metadata.EntityDescriptor; @@ -38,6 +39,7 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions; import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; @@ -55,6 +57,7 @@ import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentral import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.Utils; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -168,15 +171,30 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { private List buildRequestedAttributes() { List attributs = new ArrayList(); + OAAuthParameterDecorator spConfig = + pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class); + //build EID sector for identification attribute Attribute attr = PVPAttributeBuilder.buildEmptyAttribute(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME); EAAFRequestedAttribute reqAttr = SAML2Utils.generateReqAuthnAttributeSimple( attr , true, - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + spConfig.getAreaSpecificTargetIdentifier()); attributs.add(reqAttr ); - //TODO: add mandate information if mandates are used!!!! + //build MandateProfileAttribute if SEMPER is enabled and mandates are requested + if (spConfig.isShowMandateCheckBox() + && authConfig.getBasicConfigurationBoolean( + EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) { + Logger.debug("SEMPER mode is active. Inject MandateProfiles into eIDAS MS-Connector request"); + final Attribute attrMandateProfiles = PVPAttributeBuilder.buildEmptyAttribute( + ExtendedPVPAttributeDefinitions.SP_USESMANDATES_NAME); + final EAAFRequestedAttribute mandateProfilesReqAttr = SAML2Utils.generateReqAuthnAttributeSimple( + attrMandateProfiles, true, + StringUtils.join(spConfig.getMandateProfiles(), ",")); + attributs.add(mandateProfilesReqAttr); + + } return attributs; } -- cgit v1.2.3