feat(core): support not-notified eIDAS LoA

2 files changed, 16 insertions, 11 deletions

diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java
index ca6f29e4..7ed2e939 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java
@@ -19,15 +19,15 @@
 
 package at.gv.egiz.eaaf.modules.pvp2.impl.utils;
 
-import java.util.List;
-
-import at.gv.egiz.eaaf.core.api.data.EaafConstants;
-import at.gv.egiz.eaaf.modules.pvp2.exception.QaaNotAllowedException;
+import java.util.Collection;
 
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.modules.pvp2.exception.QaaNotAllowedException;
+
 /**
  * EAAF LoA Level verifier checks if requested LoA matchs to LoA of
  * authentication.
@@ -86,17 +86,18 @@ public class QaaLevelVerifier {
    * @param matchingMode LoA matching mode
    * @throws QaaNotAllowedException If LoA does not match
    */
-  public static void verifyQaaLevel(final String qaaAuth, final List<String> requiredLoAs,
+  public static void verifyQaaLevel(final String qaaAuth, final Collection<String> requiredLoAs,
       final String matchingMode) throws QaaNotAllowedException {
-    log.trace("Starting LoA verification: authLoA: " + qaaAuth + " requiredLoA: "
-        + StringUtils.join(requiredLoAs, "|") + " matchingMode: " + matchingMode);
-
+    log.trace("Starting LoA verification with authLoA:{} requiredLoA:{} matchingMode:{} ", 
+        qaaAuth, StringUtils.join(requiredLoAs, "|"), matchingMode);
+       
     boolean hasMatch = false;
     for (final String loa : requiredLoAs) {
       if (verifyQaaLevel(qaaAuth, loa, matchingMode)) {
         hasMatch = true;
+        break;
+        
       }
-
     }
 
     if (!hasMatch) {
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java
index 261f7b2b..bbe1d95f 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java
@@ -22,8 +22,10 @@ package at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder;
 import java.security.MessageDigest;
 import java.time.Instant;
 import java.util.ArrayList;
+import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Set;
 
 import javax.naming.ConfigurationException;
 
@@ -159,7 +161,7 @@ public class Pvp2AssertionBuilder implements PvpConstants {
           reqAuthnContext.getAuthnContextClassRefs();
 
       // get matching mode from authn. request      
-      String loaMatchingMode = pendingReq.getServiceProviderConfiguration().getLoAMatchingMode();
+      String loaMatchingMode = oaParam.getLoAMatchingMode();
       if (StringUtils.isEmpty(loaMatchingMode)) {
         loaMatchingMode = EaafConstants.EIDAS_LOA_MATCHING_MINIMUM;
         
@@ -172,7 +174,9 @@ public class Pvp2AssertionBuilder implements PvpConstants {
         authnContextClassRef.setURI(authData.getEidasQaaLevel());
 
       } else {
-        final List<String> eidasLoaFromRequest = new ArrayList<>();
+        final Set<String> eidasLoaFromRequest = new HashSet<>();
+        eidasLoaFromRequest.addAll(oaParam.getRequiredLoA());
+        
         for (final AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
           final String qaa_uri = authnClassRef.getURI();