summaryrefslogtreecommitdiff
path: root/eaaf_modules
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_modules')
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java19
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java8
2 files changed, 16 insertions, 11 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java
index ca6f29e4..7ed2e939 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java
@@ -19,15 +19,15 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.utils;
-import java.util.List;
-
-import at.gv.egiz.eaaf.core.api.data.EaafConstants;
-import at.gv.egiz.eaaf.modules.pvp2.exception.QaaNotAllowedException;
+import java.util.Collection;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.modules.pvp2.exception.QaaNotAllowedException;
+
/**
* EAAF LoA Level verifier checks if requested LoA matchs to LoA of
* authentication.
@@ -86,17 +86,18 @@ public class QaaLevelVerifier {
* @param matchingMode LoA matching mode
* @throws QaaNotAllowedException If LoA does not match
*/
- public static void verifyQaaLevel(final String qaaAuth, final List<String> requiredLoAs,
+ public static void verifyQaaLevel(final String qaaAuth, final Collection<String> requiredLoAs,
final String matchingMode) throws QaaNotAllowedException {
- log.trace("Starting LoA verification: authLoA: " + qaaAuth + " requiredLoA: "
- + StringUtils.join(requiredLoAs, "|") + " matchingMode: " + matchingMode);
-
+ log.trace("Starting LoA verification with authLoA:{} requiredLoA:{} matchingMode:{} ",
+ qaaAuth, StringUtils.join(requiredLoAs, "|"), matchingMode);
+
boolean hasMatch = false;
for (final String loa : requiredLoAs) {
if (verifyQaaLevel(qaaAuth, loa, matchingMode)) {
hasMatch = true;
+ break;
+
}
-
}
if (!hasMatch) {
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java
index 261f7b2b..bbe1d95f 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java
@@ -22,8 +22,10 @@ package at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder;
import java.security.MessageDigest;
import java.time.Instant;
import java.util.ArrayList;
+import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
+import java.util.Set;
import javax.naming.ConfigurationException;
@@ -159,7 +161,7 @@ public class Pvp2AssertionBuilder implements PvpConstants {
reqAuthnContext.getAuthnContextClassRefs();
// get matching mode from authn. request
- String loaMatchingMode = pendingReq.getServiceProviderConfiguration().getLoAMatchingMode();
+ String loaMatchingMode = oaParam.getLoAMatchingMode();
if (StringUtils.isEmpty(loaMatchingMode)) {
loaMatchingMode = EaafConstants.EIDAS_LOA_MATCHING_MINIMUM;
@@ -172,7 +174,9 @@ public class Pvp2AssertionBuilder implements PvpConstants {
authnContextClassRef.setURI(authData.getEidasQaaLevel());
} else {
- final List<String> eidasLoaFromRequest = new ArrayList<>();
+ final Set<String> eidasLoaFromRequest = new HashSet<>();
+ eidasLoaFromRequest.addAll(oaParam.getRequiredLoA());
+
for (final AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
final String qaa_uri = authnClassRef.getURI();