/******************************************************************************* * Copyright 2017 Graz University of Technology * EAAF-Core Components has been developed in a cooperation between EGIZ, * A-SIT+, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * https://joinup.ec.europa.eu/news/understanding-eupl-v12 * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ /******************************************************************************* *******************************************************************************/ /******************************************************************************* *******************************************************************************/ package at.gv.egiz.eaaf.modules.pvp2.impl.utils; import java.util.List; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.modules.pvp2.exception.QAANotAllowedException; /** * @author tlenz * */ public class QAALevelVerifier { private static final Logger log = LoggerFactory.getLogger(QAALevelVerifier.class); private static boolean verifyQAALevel(String qaaAuth, String requiredLoA, String matchingMode) throws QAANotAllowedException { //to MINIMUM machting if (EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM.equals(matchingMode)) { log.trace("Perfom LoA matching in 'MINIMUM' mode ... "); if (EAAFConstants.EIDAS_LOA_LOW.equals(requiredLoA) && (EAAFConstants.EIDAS_LOA_LOW.equals(qaaAuth) || EAAFConstants.EIDAS_LOA_SUBSTANTIAL.equals(qaaAuth) || EAAFConstants.EIDAS_LOA_HIGH.equals(qaaAuth)) ) return true; else if (EAAFConstants.EIDAS_LOA_SUBSTANTIAL.equals(requiredLoA) && (EAAFConstants.EIDAS_LOA_SUBSTANTIAL.equals(qaaAuth) || EAAFConstants.EIDAS_LOA_HIGH.equals(qaaAuth)) ) return true; else if (EAAFConstants.EIDAS_LOA_HIGH.equals(requiredLoA) && EAAFConstants.EIDAS_LOA_HIGH.equals(qaaAuth)) return true; } else if (EAAFConstants.EIDAS_LOA_MATCHING_EXACT.equals(matchingMode)) { //to EXACT matching log.trace("Perfom LoA matching in 'EXACT' mode ... "); if (qaaAuth.equals(requiredLoA)) { log.debug("Required LoA fits LoA from authentication. Continue auth process ... "); return true; } } else { log.warn("LoA matching-mode:" + matchingMode + " is NOT supported by this implementation"); throw new QAANotAllowedException(qaaAuth, requiredLoA, matchingMode); } return false; } public static void verifyQAALevel(String qaaAuth, List requiredLoAs, String matchingMode) throws QAANotAllowedException { boolean hasMatch = false; for (String loa : requiredLoAs) { if (verifyQAALevel(qaaAuth, loa, matchingMode)) hasMatch = true; } if (!hasMatch) throw new QAANotAllowedException(qaaAuth, requiredLoAs.toArray().toString(), matchingMode); else log.debug("Requesed LoA fits LoA from authentication. Continue auth process ... "); } }