From 0fbbb4ab83e8fae8038c14ac8de385540bc38cd2 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 5 Jun 2019 13:10:46 +0200 Subject: flag session as setUseMandate if mandate attributes are received from E-ID --- .../protocols/saml1/SAML1AuthenticationServer.java | 65 ++++++++++++++++++++++ 1 file changed, 65 insertions(+) (limited to 'id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index fc8fb5955..af8211dee 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -70,6 +70,7 @@ import at.gv.egovernment.moa.id.auth.exception.ServiceException; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; @@ -475,6 +476,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { String samlAssertion = null; //add mandate info's if (authData.isUseMandate()) { + //only provide full mandate if it is included. if (saml1parameter.isProvideFullMandatorData() && authData.getMISMandate() != null) { @@ -546,8 +548,12 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } } + //build mandateDate Attribute String mandateDate = generateMandateDate(oaParam, authData); + //build RepresentationType and + generateRepresentationTypeAndOWInfos(oaAttributes, oaParam, authData); + samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate( authData, prPerson, @@ -593,6 +599,65 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } + private void generateRepresentationTypeAndOWInfos(List oaAttributes, + IOAAuthParameters oaParam, SAML1AuthenticationData authData) { + boolean isRepresentationTypeSet = false; + boolean isOWOIDSet = false; + boolean isOWFriendlyNameSet = false; + + for (ExtendedSAMLAttribute el : oaAttributes) { + if (EXT_SAML_MANDATE_REPRESENTATIONTYPE.equals(el.getName())) + isRepresentationTypeSet = true; + + if (EXT_SAML_MANDATE_OID.equals(el.getName())) + isOWOIDSet = true; + + if (EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION.equals(el.getName())) + isOWFriendlyNameSet = true; + } + + + if (!isRepresentationTypeSet) + oaAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_REPRESENTATIONTYPE, + EXT_SAML_MANDATE_REPRESENTATIONTEXT, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + + String oid = null; + String oidDescription = null; + + if (authData.getMISMandate() != null) { + oid = authData.getMISMandate().getProfRep(); + oidDescription = authData.getMISMandate().getTextualDescriptionOfOID(); + + } else { + oid = authData.getGenericData(PVPConstants.MANDATE_PROF_REP_OID_NAME, String.class); + oidDescription = authData.getGenericData(PVPConstants.MANDATE_PROF_REP_DESC_NAME, String.class); + + } + + + + + if (!isOWOIDSet && oid != null) + oaAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_OID, oid, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + if (!isOWFriendlyNameSet && oidDescription != null) + oaAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, + oidDescription, SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + + + } + + private String generateMandateDate(IOAAuthParameters oaParam, MOAAuthenticationData authData ) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, -- cgit v1.2.3