From 4f8f303c78b2696a5166c6688310f206f79cc42b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 15 Mar 2021 07:49:19 +0100 Subject: update demo-SP for IDA testing --- .../id/demoOA/servlet/pvp2/DemoApplication.java | 46 +++++++++++++++------- .../moa/id/demoOA/utils/AttributeListBuilder.java | 12 +++--- 2 files changed, 38 insertions(+), 20 deletions(-) (limited to 'id/oa/src/main/java/at/gv/egovernment') diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java index e36a880ba..df58fbc7a 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java @@ -41,6 +41,7 @@ import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder; import org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule; import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule; +import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.core.AttributeStatement; import org.opensaml.saml2.core.EncryptedAssertion; @@ -229,21 +230,20 @@ public class DemoApplication extends HttpServlet { Decrypter samlDecrypter = new Decrypter(null, skicr, encryptedKeyResolver); - for (EncryptedAssertion encAssertion : encryAssertionList) { - saml2assertions.add(samlDecrypter.decrypt(encAssertion)); - - } + for (EncryptedAssertion encAssertion : encryAssertionList) { + Assertion decryptedAssertion = samlDecrypter.decrypt(encAssertion); + samlResponse.getAssertions().add(decryptedAssertion); + log.debug("Decrypted Assertion: " + DOMUtils.serializeNode(SAML2Utils.asDOMDocument(decryptedAssertion))); + + } log.debug("Assertion decryption finished. "); } else { - saml2assertions = samlResponse.getAssertions(); + log.debug("Assertiojn is not encryted. Use it as it is"); } - - samlResponse.getAssertions().clear(); - samlResponse.getAssertions().addAll(saml2assertions); - + //set assertion org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse); String assertion = DOMUtils.serializeNode(doc); @@ -254,7 +254,9 @@ public class DemoApplication extends HttpServlet { String familyName = null; String birthday = null; - for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { + log.debug("Find #" + samlResponse.getAssertions().size() + " assertions after decryption"); + + for (org.opensaml.saml2.core.Assertion saml2assertion : samlResponse.getAssertions()) { try { principleId = saml2assertion.getSubject().getNameID().getValue(); @@ -270,16 +272,32 @@ public class DemoApplication extends HttpServlet { List attributes = attributeStatements.get(i).getAttributes(); for (int x = 0; x < attributes.size(); x++) { - String strAttributeName = attributes.get(x).getDOM().getAttribute("Name"); + + + String strAttributeName = attributes.get(x).getName(); - if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) + log.debug("Find attribute with name: " + strAttributeName + " and value: " + + attributes.get(x).getAttributeValues().get(0).getDOM().getNodeValue()); + + if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) { familyName = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); - if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) + + } + + if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) { givenName = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); + + } if (strAttributeName.equals(PVPConstants.BIRTHDATE_NAME)) { birthday = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); - } + + } + + if (strAttributeName.equals(PVPConstants.BPK_NAME)) { + principleId = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); + + } } } request.getSession().setAttribute(Constants.SESSION_NAMEIDFORMAT, diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java index 1dcc66a56..9dc0d1d6f 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java @@ -47,19 +47,19 @@ public class AttributeListBuilder implements PVPConstants{ //select PVP2 attributes which are needed for this application - requestedAttributes.add(buildReqAttribute(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, false)); requestedAttributes.add(buildReqAttribute(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true)); requestedAttributes.add(buildReqAttribute(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true)); requestedAttributes.add(buildReqAttribute(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, false)); requestedAttributes.add(buildReqAttribute(BPK_NAME, BPK_FRIENDLY_NAME, true)); - requestedAttributes.add(buildReqAttribute(EID_CITIZEN_QAA_LEVEL_NAME, EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, true)); - requestedAttributes.add(buildReqAttribute(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, true)); - requestedAttributes.add(buildReqAttribute(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(EID_CITIZEN_QAA_LEVEL_NAME, EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, false)); + requestedAttributes.add(buildReqAttribute(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, false)); + requestedAttributes.add(buildReqAttribute(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false)); requestedAttributes.add(buildReqAttribute(EID_SIGNER_CERTIFICATE_NAME, EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, false)); - requestedAttributes.add(buildReqAttribute(EID_CCS_URL_NAME, EID_CCS_URL_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(EID_CCS_URL_NAME, EID_CCS_URL_FRIENDLY_NAME, false)); requestedAttributes.add(buildReqAttribute(EID_AUTH_BLOCK_NAME, EID_AUTH_BLOCK_FRIENDLY_NAME, false)); - requestedAttributes.add(buildReqAttribute(EID_IDENTITY_LINK_NAME, EID_IDENTITY_LINK_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(EID_IDENTITY_LINK_NAME, EID_IDENTITY_LINK_FRIENDLY_NAME, false)); requestedAttributes.add(buildReqAttribute(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false)); requestedAttributes.add(buildReqAttribute(MANDATE_FULL_MANDATE_NAME, MANDATE_FULL_MANDATE_FRIENDLY_NAME, false)); -- cgit v1.2.3