From 729500a159c61a697c528e0c86abd132f4380b0d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 12 Jul 2018 16:10:53 +0200 Subject: some more updates --- .../modules/pvp2/impl/utils/QAALevelVerifier.java | 92 ++++++++++++++++++---- 1 file changed, 75 insertions(+), 17 deletions(-) (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java') diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java index 707f12e2..1621aa84 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java @@ -1,7 +1,33 @@ +/******************************************************************************* + * Copyright 2017 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT+, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ /******************************************************************************* *******************************************************************************/ package at.gv.egiz.eaaf.modules.pvp2.impl.utils; +import java.util.List; + import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -16,26 +42,58 @@ public class QAALevelVerifier { private static final Logger log = LoggerFactory.getLogger(QAALevelVerifier.class); - public static void verifyQAALevel(String qaaAuth, String qaaRequest) throws QAANotAllowedException { - - if (EAAFConstants.EIDAS_QAA_LOW.equals(qaaRequest) && - (EAAFConstants.EIDAS_QAA_LOW.equals(qaaAuth) || - EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaAuth) || - EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth)) - ) - log.debug("Requesed LoA fits LoA from authentication. Continue auth process ... "); + private static boolean verifyQAALevel(String qaaAuth, String requiredLoA, String matchingMode) throws QAANotAllowedException { + //to MINIMUM machting + if (EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM.equals(matchingMode)) { + log.trace("Perfom LoA matching in 'MINIMUM' mode ... "); + if (EAAFConstants.EIDAS_LOA_LOW.equals(requiredLoA) && + (EAAFConstants.EIDAS_LOA_LOW.equals(qaaAuth) || + EAAFConstants.EIDAS_LOA_SUBSTANTIAL.equals(qaaAuth) || + EAAFConstants.EIDAS_LOA_HIGH.equals(qaaAuth)) + ) + return true; + + else if (EAAFConstants.EIDAS_LOA_SUBSTANTIAL.equals(requiredLoA) && + (EAAFConstants.EIDAS_LOA_SUBSTANTIAL.equals(qaaAuth) || + EAAFConstants.EIDAS_LOA_HIGH.equals(qaaAuth)) + ) + return true; + + else if (EAAFConstants.EIDAS_LOA_HIGH.equals(requiredLoA) && EAAFConstants.EIDAS_LOA_HIGH.equals(qaaAuth)) + return true; + + } else if (EAAFConstants.EIDAS_LOA_MATCHING_EXACT.equals(matchingMode)) { + //to EXACT matching + log.trace("Perfom LoA matching in 'EXACT' mode ... "); + if (qaaAuth.equals(requiredLoA)) { + log.debug("Required LoA fits LoA from authentication. Continue auth process ... "); + return true; + + } + + } else { + log.warn("LoA matching-mode:" + matchingMode + " is NOT supported by this implementation"); + throw new QAANotAllowedException(qaaAuth, requiredLoA, matchingMode); + + } - else if (EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaRequest) && - (EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaAuth) || - EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth)) - ) - log.debug("Requesed LoA fits LoA from authentication. Continue auth process ... "); + return false; + + } + + public static void verifyQAALevel(String qaaAuth, List requiredLoAs, String matchingMode) throws QAANotAllowedException { + boolean hasMatch = false; + for (String loa : requiredLoAs) { + if (verifyQAALevel(qaaAuth, loa, matchingMode)) + hasMatch = true; + + } - else if (EAAFConstants.EIDAS_QAA_HIGH.equals(qaaRequest) && EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth)) - log.debug("Requesed LoA fits LoA from authentication. Continue auth process ... "); + if (!hasMatch) + throw new QAANotAllowedException(qaaAuth, requiredLoAs.toArray().toString(), matchingMode); - else - throw new QAANotAllowedException(qaaAuth, qaaRequest); + else + log.debug("Requesed LoA fits LoA from authentication. Continue auth process ... "); } } -- cgit v1.2.3