From 29f01a4975f637c26fbcd0b43a9c844d7d3d2e54 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Tue, 12 Jan 2016 15:57:30 +0100
Subject: fetch requested attributes from configuration

---
 .../validation/moaconfig/StorkConfigValidator.java |  5 +--
 .../task/impl/GeneralSTORKConfigurationTask.java   |  3 +-
 .../eidas/tasks/GenerateAuthnRequestTask.java      | 42 ++++++++++++----------
 3 files changed, 29 insertions(+), 21 deletions(-)

(limited to 'id')

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
index b69d37d57..b73859d81 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
@@ -90,12 +90,13 @@ public class StorkConfigValidator {
 		// check attributes
 		if (MiscUtil.isNotEmpty(form.getAttributes())) {
 			for(StorkAttribute check : form.getAttributes()) {
-				if (ValidationHelper.containsPotentialCSSCharacter(check.getName(), true)) {
+				String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come with a "/", we need to exclude them from validation. TODO Or should we require the admin to escape them in the UI?
+				if (ValidationHelper.containsPotentialCSSCharacter(tmp, true)) { 
 					log.warn("default attributes contains potentail XSS characters: " + check);
 					errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
 							new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request ));
 				}
-				if(!check.getName().toLowerCase().matches("^[a-z0-9]*$")) {
+				if(!tmp.toLowerCase().matches("^[A-Za-z]*$")) {
 						log.warn("default attributes do not match the requested format : " + check);
 						errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
 								new Object[] {check}, request ));
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
index c6086583a..1747e2207 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
@@ -210,6 +210,7 @@ public static final List<String> KEYWHITELIST;
 			for(String key : attributeList.keySet()) {
 				if (key.endsWith(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_NAME)) {
 					String value = attributeList.get(key);
+					value = value.replace("eidas/attributes/", ""); // since eIDaS attributes come with a "/", we need to exclude them from validation. TODO Or should we require the admin to escape them in the UI?
 					if (!validatedAttributes.contains(value)) {
 						if (ValidationHelper.containsPotentialCSSCharacter(value, true)) {
 							log.warn("default attributes contains potentail XSS characters: " + value);
@@ -219,7 +220,7 @@ public static final List<String> KEYWHITELIST;
 									LanguageHelper.getErrorString("validation.stork.requestedattributes",
 											new Object[] {ValidationHelper.getPotentialCSSCharacter(true)})));
 						}
-						if(!value.toLowerCase().matches("^[a-z0-9]*$")) {
+						if(!value.toLowerCase().matches("^[A-Za-z]*$")) {
 							log.warn("default attributes do not match the requested format : " + value);
 							errors.add(new ValidationObjectIdentifier(
 									MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 9b289a435..57588287d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -24,10 +24,12 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
 import java.io.IOException;
 import java.io.StringWriter;
+import java.util.Collection;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.velocity.Template;
 import org.apache.velocity.VelocityContext;
@@ -56,6 +58,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.stork.CPEPS;
+import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.RequestStorage;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -111,27 +114,30 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			String destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination
 			String metadataUrl = cpeps.getPepsURL().toString().split(";")[0].trim();
 
-			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+			// assemble requested attributes
+			Collection<StorkAttribute> attributesFromConfig = oaConfig.getRequestedSTORKAttributes();
+
+			// - prepare attribute list
 			IPersonalAttributeList pAttList = new PersonalAttributeList();
 
-			//create template requested attribute
-			//TODO: load required attributes from OA configuration
-			PersonalAttribute attr = new PersonalAttribute();
-			attr.setName("eidas/attributes/CurrentFamilyName");
-			pAttList.add(attr);
+			// - fill container
+			for (StorkAttribute current : attributesFromConfig) {
+				PersonalAttribute newAttribute = new PersonalAttribute();
+				newAttribute.setName(current.getName());
+
+				boolean globallyMandatory = false;
+				for (StorkAttribute currentGlobalAttribute : moaconfig.getStorkConfig().getStorkAttributes())
+					if (current.getName().equals(currentGlobalAttribute.getName())) {
+						globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory());
+						break;
+					}
+
+				newAttribute.setIsRequired(current.getMandatory() || globallyMandatory);
+				pAttList.add(newAttribute);
+			}
+
+			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
 
-			PersonalAttribute attr1 = new PersonalAttribute();
-			attr1.setName("eidas/attributes/CurrentGivenName");
-			pAttList.add(attr1);
-			
-			PersonalAttribute attr2 = new PersonalAttribute();
-			attr2.setName("eidas/attributes/DateOfBirth");
-			pAttList.add(attr2);
-			
-			PersonalAttribute attr3 = new PersonalAttribute();
-			attr3.setName("eidas/attributes/PersonIdentifier");
-			pAttList.add(attr3);
-			
 			//build eIDAS AuthnRequest
 			EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
 			authnRequest.setProviderName(moaconfig.getPublicURLPrefix());
-- 
cgit v1.2.3