From 3c81d3fef06204f2259b6c0377c8a2a00974c614 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 20 Sep 2017 12:15:20 +0200 Subject: make SAML2 http POST-Binding template and mandate-service selection-template configurable for every online application --- .../resources/templates/ParepMinTemplate.html | 193 ----------------- .../resources/templates/ParepTemplate.html | 235 --------------------- .../resources/resources/templates/fetchGender.html | 16 -- .../templates/oasis_dss_webform_binding.vm | 36 ---- .../templates/pvp_postbinding_template.html | 48 ----- .../templates/pvp_postbinding_template.html | 46 ++++ 6 files changed, 46 insertions(+), 528 deletions(-) delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/fetchGender.html delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html create mode 100644 id/server/idserverlib/src/main/resources/templates/pvp_postbinding_template.html (limited to 'id/server/idserverlib/src/main/resources') diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html deleted file mode 100644 index f5bca7f1f..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html +++ /dev/null @@ -1,193 +0,0 @@ - - - - - - Berufsmäßige Parteieinvertretung - - - Berufsmäßige Parteienvertretung einer - natürlichen/juristischen Person -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Vertreter:
Vorname Stern -
Name Stern -
Geburtsdatum Stern - -

Ich bin berufsmäßig - berechtigt für die nachfolgend genannte Person in deren Namen - mit der Bürgerkarte einzuschreiten.		 

Vertretene Person:
 natürliche - Person: 
Vorname Stern Info
Name Stern Info
Geburtsdatum Stern - -  Info
optional: -
Straße  
Hausnummer  Info
Einh. Nr.  Info
Postleitzahl  Info
Gemeinde  Info
 
 juristische - Person: 
Name Stern Info
 Stern Info
-
- -

- Bitte halten Sie Ihre Bürgerkartenumgebung bereit. -

-

- - -

-
- - - diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html deleted file mode 100644 index cffc46981..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html +++ /dev/null @@ -1,235 +0,0 @@ - - - - - - - Berufsmäßige Parteieinvertretung - - - - - - - - - - -
- -   - - -
-
- E-Gov Logo -
-
-

Berufsmäßige Parteienvertretung

-
-
Bitte beachten Sie
-
-
- Stern  Feld muss - ausgefüllt sein -
-
- Info  Ausfüllhilfe -
-
- Rufezeichen  - Fehlerhinweis -
-
 
- -

Berufsmäßige Parteienvertretung einer - natürlichen/juristischen Person

-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Vertreter:
Vorname Stern -
Name Stern -
Geburtsdatum Stern - -

Ich bin berufsmäßig - berechtigt für die nachfolgend genannte Person in deren - Namen mit der Bürgerkarte einzuschreiten.		 

Vertretene Person:
 natürliche - Person: 
Vorname Stern Info
Name Stern Info
Geburtsdatum Stern - -  Info
optional: -
Straße  
Hausnummer  Info -
Einh. Nr.  Info
Postleitzahl  Info
Gemeinde  Info
 
 juristische - Person: 
Name Stern Info
 Stern Info
-
- -

- Bitte halten Sie Ihre Bürgerkartenumgebung bereit. -

-

- - -

-
- -
- - diff --git a/id/server/idserverlib/src/main/resources/resources/templates/fetchGender.html b/id/server/idserverlib/src/main/resources/resources/templates/fetchGender.html deleted file mode 100644 index f47ee53ff..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/fetchGender.html +++ /dev/null @@ -1,16 +0,0 @@ - - - -
-
- -
-

Please indicate the gender of the represented.

-
- - -
-
- - - \ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm b/id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm deleted file mode 100644 index 7fcc1bb36..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm +++ /dev/null @@ -1,36 +0,0 @@ -## -## Velocity Template for OASIS WEBFORM BINDING -## -## Velocity context may contain the following properties -## action - String - the action URL for the form -## signresponse - String - the Base64 encoded SAML Request -## verifyresponse - String - the Base64 encoded SAML Response -## clienturl - String - URL where the USer gets redirected after the signature process - - - - - - -
-
- #if($signrequest)#end - - #if($verifyrequest)#end - #if($clienturl)#end - -
- -
- - - \ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html b/id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html deleted file mode 100644 index 64e88a688..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html +++ /dev/null @@ -1,48 +0,0 @@ -## ## Velocity Template for SAML 2 HTTP-POST binding ## ## Velocity -##context may contain the following properties ## action - String - the -##action URL for the form ## RelayState - String - the relay state for the -##message ## SAMLRequest - String - the Base64 encoded SAML Request ## -##SAMLResponse - String - the Base64 encoded SAML Response - - - - - - - -
Your login is being processed. Thank you for - waiting.
- - - -
-
- #if($RelayState)#end #if($SAMLRequest)#end #if($SAMLResponse)#end - -
- -
- - - \ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/templates/pvp_postbinding_template.html b/id/server/idserverlib/src/main/resources/templates/pvp_postbinding_template.html new file mode 100644 index 000000000..45c183215 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/templates/pvp_postbinding_template.html @@ -0,0 +1,46 @@ +## ## Velocity Template for SAML 2 HTTP-POST binding ## ## Velocity +##context may contain the following properties ## action - String - the +##action URL for the form ## RelayState - String - the relay state for the +##message ## SAMLRequest - String - the Base64 encoded SAML Request ## +##SAMLResponse - String - the Base64 encoded SAML Response + + + + + + + +
Your login is being processed. Thank you for + waiting.
+ + + +
+
+ #if($RelayState) #end + #if($SAMLRequest) #end + #if($SAMLResponse) #end +
+ +
+ + + \ No newline at end of file -- cgit v1.2.3 From 07427ae095618c054f38a519aa49f527bd968294 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 10 Oct 2017 06:34:29 +0200 Subject: update MOAIDTrustManager to implement a better error handling for acceptedServerCertificates --- .../resources/properties/id_messages_de.properties | 1 + .../id/commons/utils/ssl/MOAIDTrustManager.java | 55 +++++++++++++++++----- 2 files changed, 44 insertions(+), 12 deletions(-) (limited to 'id/server/idserverlib/src/main/resources') diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 50b2c5ece..d5c7c812d 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -88,6 +88,7 @@ config.24=MOA-ID-Auth Configfile {1} does not start with {0} prefix. config.25=Der verwendete IDP PublicURLPrefix {0} ist nicht erlaubt. config.26=Federated IDP {0} contains no AttributeQuery URL. config.27=Fehler beim Verarbeiten eines Konfigurationsparameters. Msg:{0} +config.28=Fehler beim initialisieren des SSL-TrustManagers. Zertifikat {0} kann nicht geladen werden; Ursache: {1} parser.00=Leichter Fehler beim Parsen: {0} parser.01=Fehler beim Parsen: {0} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java index 9fc6f799d..beb6cc1c6 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java @@ -57,6 +57,7 @@ import java.util.ArrayList; import java.util.List; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moaspss.logging.LoggingContext; import at.gv.egovernment.moaspss.logging.LoggingContextManager; import iaik.pki.jsse.IAIKX509TrustManager; @@ -72,16 +73,17 @@ import iaik.pki.jsse.IAIKX509TrustManager; public class MOAIDTrustManager extends IAIKX509TrustManager { /** an x509Certificate array containing all accepted server certificates*/ - private X509Certificate[] acceptedServerCertificates; + private X509Certificate[] acceptedServerCertificates = null; /** * Constructor * @param acceptedServerCertificateStoreURL the url leading to the acceptedServer cert store * @throws GeneralSecurityException occurs on security errors * @throws IOException occurs on IO errors + * @throws SSLConfigurationException */ public MOAIDTrustManager(String acceptedServerCertificateStoreURL) - throws IOException, GeneralSecurityException { + throws IOException, GeneralSecurityException, SSLConfigurationException { if (acceptedServerCertificateStoreURL != null) buildAcceptedServerCertificates(acceptedServerCertificateStoreURL); @@ -111,26 +113,55 @@ public class MOAIDTrustManager extends IAIKX509TrustManager { * containing accepted server X509 certificates * @throws GeneralSecurityException on security errors * @throws IOException on any IO errors + * @throws SSLConfigurationException */ private void buildAcceptedServerCertificates(String acceptedServerCertificateStoreURL) - throws IOException, GeneralSecurityException { - + throws IOException, GeneralSecurityException, SSLConfigurationException { List certList = new ArrayList(); URL storeURL = new URL(acceptedServerCertificateStoreURL); File storeDir = new File(storeURL.getFile()); // list certificate files in directory - File[] certFiles = storeDir.listFiles(); + File[] certFiles = storeDir.listFiles(); for (int i = 0; i < certFiles.length; i++) { - // for each: create an X509Certificate and store it in list - File certFile = certFiles[i]; - FileInputStream fis = new FileInputStream(certFile.getPath()); - CertificateFactory certFact = CertificateFactory.getInstance("X.509"); - X509Certificate cert = (X509Certificate)certFact.generateCertificate(fis); - fis.close(); - certList.add(cert); + // for each: create an X509Certificate and store it in list + File certFile = certFiles[i]; + FileInputStream fis = null; + try { + fis = new FileInputStream(certFile.getPath()); + CertificateFactory certFact = CertificateFactory.getInstance("X.509"); + X509Certificate cert = (X509Certificate)certFact.generateCertificate(fis); + certList.add(cert); + + } catch (Exception e) { + Logger.error("Can NOT initialize SSLTrustManager. Certificate: " + certFile.getPath() + + " is not loadable, Reason: " + e.getMessage()); + + if (Logger.isDebugEnabled()) { + try { + if (fis != null) + Logger.debug("Certificate: " + Base64Utils.encode(fis)); + + } catch (Exception e1) { + Logger.warn("Can NOT log content of certificate: " + certFile.getPath() + + ". Reason: " + e.getMessage(), e); + + } + } + + throw new SSLConfigurationException("", new Object[]{certFile.getPath(), e.getMessage()}, e); + + } finally { + if (fis != null) + fis.close(); + + } } + // store acceptedServerCertificates acceptedServerCertificates = (X509Certificate[]) certList.toArray(new X509Certificate[0]); + Logger.debug("Add #" + acceptedServerCertificates.length + + " certificates as 'AcceptedServerCertificates' from: " + acceptedServerCertificateStoreURL ); + } /** -- cgit v1.2.3 From 0815848a43f7040af216b3a909c0c8d06e1db928 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 10 Oct 2017 14:03:10 +0200 Subject: update error handling --- .../resources/properties/id_messages_de.properties | 1 + .../id/commons/utils/ssl/MOAIDTrustManager.java | 37 ++++++++++++++++++---- 2 files changed, 31 insertions(+), 7 deletions(-) (limited to 'id/server/idserverlib/src/main/resources') diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index d5c7c812d..2ce9fb9e7 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -89,6 +89,7 @@ config.25=Der verwendete IDP PublicURLPrefix {0} ist nicht erlaubt. config.26=Federated IDP {0} contains no AttributeQuery URL. config.27=Fehler beim Verarbeiten eines Konfigurationsparameters. Msg:{0} config.28=Fehler beim initialisieren des SSL-TrustManagers. Zertifikat {0} kann nicht geladen werden; Ursache: {1} +config.29=Fehler beim initialisieren des SSL-TrustManagers. TrustStore: {0} | Ursache: {1} parser.00=Leichter Fehler beim Parsen: {0} parser.01=Fehler beim Parsen: {0} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java index beb6cc1c6..dd606ea18 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java @@ -58,6 +58,7 @@ import java.util.List; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moaspss.logging.LoggingContext; import at.gv.egovernment.moaspss.logging.LoggingContextManager; import iaik.pki.jsse.IAIKX509TrustManager; @@ -85,10 +86,15 @@ public class MOAIDTrustManager extends IAIKX509TrustManager { public MOAIDTrustManager(String acceptedServerCertificateStoreURL) throws IOException, GeneralSecurityException, SSLConfigurationException { - if (acceptedServerCertificateStoreURL != null) - buildAcceptedServerCertificates(acceptedServerCertificateStoreURL); - else - acceptedServerCertificates = null; + if (acceptedServerCertificateStoreURL != null && MiscUtil.isNotEmpty(acceptedServerCertificateStoreURL.trim())) { + Logger.info("Initialize SSL-TrustStore with explicit accepted server-certificates"); + buildAcceptedServerCertificates(acceptedServerCertificateStoreURL); + + } else { + Logger.info("Initialize SSL-TrustStore without explicit accepted server-certificates"); + acceptedServerCertificates = null; + + } } @@ -119,9 +125,26 @@ public class MOAIDTrustManager extends IAIKX509TrustManager { throws IOException, GeneralSecurityException, SSLConfigurationException { List certList = new ArrayList(); URL storeURL = new URL(acceptedServerCertificateStoreURL); + + //check URL to TrustStore + if (storeURL.getFile() == null) { + Logger.error("Can NOT initialize SSLTrustManager. TrustStore: " + acceptedServerCertificateStoreURL + + " is NOT found"); + throw new SSLConfigurationException("config.29", new Object[]{acceptedServerCertificateStoreURL, "File or Directory NOT found!"}); + + } File storeDir = new File(storeURL.getFile()); - // list certificate files in directory - File[] certFiles = storeDir.listFiles(); + + //check directory and files + if (storeDir == null || storeDir.listFiles() == null) { + Logger.error("Can NOT initialize SSLTrustManager. TrustStore: " + acceptedServerCertificateStoreURL + + " is NOT found"); + throw new SSLConfigurationException("config.29", new Object[]{acceptedServerCertificateStoreURL, "Files or Directory NOT found!"}); + + } + + // list certificate files in directory + File[] certFiles = storeDir.listFiles(); for (int i = 0; i < certFiles.length; i++) { // for each: create an X509Certificate and store it in list File certFile = certFiles[i]; @@ -148,7 +171,7 @@ public class MOAIDTrustManager extends IAIKX509TrustManager { } } - throw new SSLConfigurationException("", new Object[]{certFile.getPath(), e.getMessage()}, e); + throw new SSLConfigurationException("config.28", new Object[]{certFile.getPath(), e.getMessage()}, e); } finally { if (fis != null) -- cgit v1.2.3 From 154338abc9ba998bf589b9ab12882ddffa78cf53 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 13 Oct 2017 15:00:25 +0200 Subject: enforce eiDAS legal-person MDS if citizen uses mandates and no legal-person attributes are requested --- .../resources/properties/id_messages_de.properties | 1 + .../protocol_response_statuscodes_de.properties | 1 + .../eidas/eIDASAuthenticationRequest.java | 63 +++++++++++++++------- 3 files changed, 46 insertions(+), 19 deletions(-) (limited to 'id/server/idserverlib/src/main/resources') diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 2ce9fb9e7..05f58d5bc 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -275,6 +275,7 @@ eIDAS.13=Generation of eIDAS Response FAILED. Reason:{0} eIDAS.14=eIDAS Response validation FAILED: LevelOfAssurance {0} is to low. eIDAS.15=Generation of eIDAS Response FAILED. Required attribute: {0} is NOT available. eIDAS.16=eIDAS Response attribute-validation FAILED. Attribute:{0} Reason: {1}. +eIDAS.17=Generation of eIDAS Response FAILED. Citzen use mandates for authentication but there are no mandate attributes requested pvp2.01=Fehler beim kodieren der PVP2 Antwort pvp2.02=Ungueltiges Datumsformat diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index c6d0844ce..0a37fdc91 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -230,6 +230,7 @@ eIDAS.13=1307 eIDAS.14=1301 eIDAS.15=1307 eIDAS.16=1301 +eIDAS.17=1307 pvp2.01=6100 pvp2.06=6100 diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java index d0cda38c7..b91bbde9e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java @@ -77,6 +77,8 @@ public class eIDASAuthenticationRequest implements IAction { @Autowired protected MOAReversionLogger revisionsLogger; @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider; + + @Override public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { EIDASData eidasRequest; @@ -91,29 +93,32 @@ public class eIDASAuthenticationRequest implements IAction { //gather attributes ImmutableAttributeMap reqAttributeList = (ImmutableAttributeMap) eidasRequest.getEidasRequestedAttributes(); ImmutableAttributeMap.Builder attrMapBuilder = ImmutableAttributeMap.builder(); - - //generate eIDAS attributes - for(AttributeDefinition attr : reqAttributeList.getDefinitions()) { - Pair, ImmutableSet>> eIDASAttr = eIDASAttributeBuilder.buildAttribute( - attr, req.getOnlineApplicationConfiguration(), authData); - - if(eIDASAttr == null) { - if (attr.isRequired()) { - Logger.info("eIDAS Attr:" + attr.getNameUri() + " is marked as 'Required' but not available."); - throw new MOAIDException("eIDAS.15", new Object[]{attr.getFriendlyName()}); - - } else - Logger.info("eIDAS Attr:" + attr.getNameUri() + " is not available."); - } else { - //add attribute to Map - attrMapBuilder.put( - (AttributeDefinition)eIDASAttr.getFirst(), - (ImmutableSet)eIDASAttr.getSecond()); + //generate eIDAS attributes + for(AttributeDefinition attr : reqAttributeList.getDefinitions()) + buildAndAddAttribute(attrMapBuilder, attr, eidasRequest, authData); + + + //Check if Mandate attributes are requested if mandates was used + if (authData.isUseMandate()) { + if (reqAttributeList.getDefinitionByNameUri( + eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_PERSON_IDENTIFIER.getNameUri()) == null) { + Logger.info("Citzen perfom authentication with mandates but no mandate attribute are included. --> Add mandate attribute 'LEGAL_PERSON_IDENTIFIER'"); + buildAndAddAttribute(attrMapBuilder, eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_PERSON_IDENTIFIER, eidasRequest, authData); + + } + + if (reqAttributeList.getDefinitionByNameUri( + eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_NAME.getNameUri()) == null) { + Logger.info("Citzen perfom authentication with mandates but no mandate attribute are included. --> Add mandate attribute 'LEGAL_NAME'"); + buildAndAddAttribute(attrMapBuilder, eu.eidas.auth.engine.core.eidas.spec.LegalPersonSpec.Definitions.LEGAL_NAME, eidasRequest, authData); } } + //build final attibute set + ImmutableAttributeMap eIDASAttrbutMap = attrMapBuilder.build(); + // construct eIDaS response AuthenticationResponse.Builder responseBuilder = new AuthenticationResponse.Builder(); @@ -127,7 +132,7 @@ public class eIDASAuthenticationRequest implements IAction { responseBuilder.levelOfAssurance(authData.getEIDASQAALevel()); //add attributes - responseBuilder.attributes(attrMapBuilder.build()); + responseBuilder.attributes(eIDASAttrbutMap); //set success statuscode responseBuilder.statusCode(StatusCode.SUCCESS_URI); @@ -221,6 +226,26 @@ public class eIDASAuthenticationRequest implements IAction { return "eIDAS_AuthnRequest"; } + private void buildAndAddAttribute(ImmutableAttributeMap.Builder attrMapBuilder, AttributeDefinition attr, IRequest req, IAuthData authData) throws MOAIDException { + Pair, ImmutableSet>> eIDASAttr = eIDASAttributeBuilder.buildAttribute( + attr, req.getOnlineApplicationConfiguration(), authData); + + if(eIDASAttr == null) { + if (attr.isRequired()) { + Logger.info("eIDAS Attr:" + attr.getNameUri() + " is marked as 'Required' but not available."); + throw new MOAIDException("eIDAS.15", new Object[]{attr.getFriendlyName()}); + + } else + Logger.info("eIDAS Attr:" + attr.getNameUri() + " is not available."); + + } else { + //add attribute to Map + attrMapBuilder.put( + (AttributeDefinition)eIDASAttr.getFirst(), + (ImmutableSet)eIDASAttr.getSecond()); + + } + } -- cgit v1.2.3