From a34e3cc5ca505149d8de588de8d8a19b9a962845 Mon Sep 17 00:00:00 2001 From: Alexander Marsalek Date: Thu, 29 Jan 2015 15:18:44 +0100 Subject: added qaa check --- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 81 +++++++++++++++++----- 1 file changed, 65 insertions(+), 16 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 1be31ded9..4c587a5f6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -244,7 +244,56 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); throw new MOAIDException("stork.07", null); } - + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() }); + //================== Check QAA level start ==================== + int reqQaa = -1; + int authQaa = -1; + String authQaaStr = null; + try { + reqQaa = storkAuthnRequest.getQaa(); + + //TODO: found better solution, but QAA Level in response could be not supported yet + try { + + authQaaStr = authnResponse.getAssertions().get(0). + getAuthnStatements().get(0).getAuthnContext(). + getAuthnContextClassRef().getAuthnContextClassRef(); + moaSession.setQAALevel(authQaaStr); + + } catch (Throwable e) { + Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level"); + moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel()); + authQaaStr = PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel(); + } + if(authQaaStr != null)//Check value only if set + { + authQaa = Integer.valueOf(authQaaStr.substring(PVPConstants.STORK_QAA_PREFIX.length())); +// authQaa = Integer.valueOf(authQaaStr); + if (reqQaa > authQaa) { + Logger.warn("Requested QAA level does not match to authenticated QAA level"); + throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa}); + + } + } + } catch (MOAIDException e) { + throw e; + + } catch (Exception e) { + if (Logger.isDebugEnabled()) + Logger.warn("STORK QAA Level evaluation error", e); + + else + Logger.warn("STORK QAA Level evaluation error (ErrorMessage=" + + e.getMessage() + ")"); + + throw new MOAIDException("stork.21", new Object[]{reqQaa, authQaa}); + + } + //================== Check QAA level end ==================== + Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); ////////////// incorporate gender from parameters if not in stork response @@ -356,9 +405,9 @@ public class PEPSConnectorServlet extends AuthServlet { // Logger.error("could not retrieve moa session"); // throw new AuthenticationException("auth.01", null); // } - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix()); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() }); +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix()); +// if (oaParam == null) +// throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() }); // retrieve target //TODO: check in case of SSO!!! @@ -437,18 +486,18 @@ public class PEPSConnectorServlet extends AuthServlet { // stork did the authentication step moaSession.setAuthenticated(true); - //TODO: found better solution, but QAA Level in response could be not supported yet - try { - - moaSession.setQAALevel(authnResponse.getAssertions().get(0). - getAuthnStatements().get(0).getAuthnContext(). - getAuthnContextClassRef().getAuthnContextClassRef()); - - } catch (Throwable e) { - Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level"); - moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel()); - - } +// //TODO: found better solution, but QAA Level in response could be not supported yet +// try { +// +// moaSession.setQAALevel(authnResponse.getAssertions().get(0). +// getAuthnStatements().get(0).getAuthnContext(). +// getAuthnContextClassRef().getAuthnContextClassRef()); +// +// } catch (Throwable e) { +// Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level"); +// moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel()); +// +// } //session is implicit stored in changeSessionID!!!! String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession); -- cgit v1.2.3