From b13a7517ea0f625d9b24b8d1ca709c8224e9c4d4 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Mon, 19 Dec 2022 14:28:16 +0100 Subject: feat(core): support not-notified eIDAS LoA --- .../modules/pvp2/impl/utils/QaaLevelVerifier.java | 19 ++++++++++--------- .../pvp2/idp/impl/builder/Pvp2AssertionBuilder.java | 8 ++++++-- 2 files changed, 16 insertions(+), 11 deletions(-) (limited to 'eaaf_modules') diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java index ca6f29e4..7ed2e939 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java @@ -19,15 +19,15 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.utils; -import java.util.List; - -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.modules.pvp2.exception.QaaNotAllowedException; +import java.util.Collection; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.modules.pvp2.exception.QaaNotAllowedException; + /** * EAAF LoA Level verifier checks if requested LoA matchs to LoA of * authentication. @@ -86,17 +86,18 @@ public class QaaLevelVerifier { * @param matchingMode LoA matching mode * @throws QaaNotAllowedException If LoA does not match */ - public static void verifyQaaLevel(final String qaaAuth, final List requiredLoAs, + public static void verifyQaaLevel(final String qaaAuth, final Collection requiredLoAs, final String matchingMode) throws QaaNotAllowedException { - log.trace("Starting LoA verification: authLoA: " + qaaAuth + " requiredLoA: " - + StringUtils.join(requiredLoAs, "|") + " matchingMode: " + matchingMode); - + log.trace("Starting LoA verification with authLoA:{} requiredLoA:{} matchingMode:{} ", + qaaAuth, StringUtils.join(requiredLoAs, "|"), matchingMode); + boolean hasMatch = false; for (final String loa : requiredLoAs) { if (verifyQaaLevel(qaaAuth, loa, matchingMode)) { hasMatch = true; + break; + } - } if (!hasMatch) { diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java index 261f7b2b..bbe1d95f 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java @@ -22,8 +22,10 @@ package at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder; import java.security.MessageDigest; import java.time.Instant; import java.util.ArrayList; +import java.util.HashSet; import java.util.Iterator; import java.util.List; +import java.util.Set; import javax.naming.ConfigurationException; @@ -159,7 +161,7 @@ public class Pvp2AssertionBuilder implements PvpConstants { reqAuthnContext.getAuthnContextClassRefs(); // get matching mode from authn. request - String loaMatchingMode = pendingReq.getServiceProviderConfiguration().getLoAMatchingMode(); + String loaMatchingMode = oaParam.getLoAMatchingMode(); if (StringUtils.isEmpty(loaMatchingMode)) { loaMatchingMode = EaafConstants.EIDAS_LOA_MATCHING_MINIMUM; @@ -172,7 +174,9 @@ public class Pvp2AssertionBuilder implements PvpConstants { authnContextClassRef.setURI(authData.getEidasQaaLevel()); } else { - final List eidasLoaFromRequest = new ArrayList<>(); + final Set eidasLoaFromRequest = new HashSet<>(); + eidasLoaFromRequest.addAll(oaParam.getRequiredLoA()); + for (final AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) { final String qaa_uri = authnClassRef.getURI(); -- cgit v1.2.3