diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2019-09-10 18:03:27 +0200 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2019-09-10 18:03:27 +0200 |
commit | 04d30c74c92ef519654221ac2485c48df4bb5193 (patch) | |
tree | 5733e8173f47729d01aed863a0786a3e643e23f0 /connector/src | |
parent | 301870b9c728859562c39a78054aa830dc2514a7 (diff) | |
download | National_eIDAS_Gateway-04d30c74c92ef519654221ac2485c48df4bb5193.tar.gz National_eIDAS_Gateway-04d30c74c92ef519654221ac2485c48df4bb5193.tar.bz2 National_eIDAS_Gateway-04d30c74c92ef519654221ac2485c48df4bb5193.zip |
refactor LoA upgrade to use method from eIDAS Ref. implementation
Diffstat (limited to 'connector/src')
-rw-r--r-- | connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java | 31 |
1 files changed, 15 insertions, 16 deletions
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java index bceb9f35..94b0cc02 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java @@ -54,6 +54,7 @@ import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute; import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttributes; import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator; import at.gv.egiz.eaaf.modules.pvp2.exception.NameIDFormatNotSupportedException; +import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance; public class AuthnRequestValidator implements IAuthnRequestValidator { @@ -103,31 +104,29 @@ public class AuthnRequestValidator implements IAuthnRequestValidator { //post-process requested LoA List<String> reqLoA = extractLoA(authnReq); - String minimumLoAFromConfig = basicConfig.getBasicConfiguration( + + LevelOfAssurance minimumLoAFromConfig = LevelOfAssurance.fromString(basicConfig.getBasicConfiguration( MSeIDASNodeConstants.PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL, - EAAFConstants.EIDAS_LOA_HIGH); - String intMinimumLoAFromConfig = minimumLoAFromConfig; - if (minimumLoAFromConfig.startsWith(EAAFConstants.EIDAS_LOA_PREFIX)) - intMinimumLoAFromConfig = minimumLoAFromConfig.substring(EAAFConstants.EIDAS_LOA_PREFIX.length()); + EAAFConstants.EIDAS_LOA_HIGH)); + if (minimumLoAFromConfig == null) { + log.warn("Can not load minimum LoA from configuration. Use LoA: {} as default", EAAFConstants.EIDAS_LOA_HIGH); + minimumLoAFromConfig = LevelOfAssurance.HIGH; + + } log.trace("Validate requested LoA to connector configuration minimum LoA: {} ...", minimumLoAFromConfig); List<String> allowedLoA = new ArrayList<>(); - for (String loa : reqLoA) { - String intLoa = loa; - if (loa.startsWith(EAAFConstants.EIDAS_LOA_PREFIX)) { - intLoa = loa.substring(EAAFConstants.EIDAS_LOA_PREFIX.length()); - - } - + for (String loa : reqLoA) { try { + LevelOfAssurance intLoa = LevelOfAssurance.fromString(loa); String selectedLoA = EAAFConstants.EIDAS_LOA_HIGH; - if (MSeIDASNodeConstants.EIDAS_LOA_LEVEL_ORDER.valueOf(intLoa).ordinal() >= - MSeIDASNodeConstants.EIDAS_LOA_LEVEL_ORDER.valueOf(intMinimumLoAFromConfig).ordinal()) { + if (intLoa != null && + intLoa.numericValue() >= minimumLoAFromConfig.numericValue()) { log.info("Client: {} requested LoA: {} will be upgraded to: {}", pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(), loa, minimumLoAFromConfig); - selectedLoA = loa; + selectedLoA = intLoa.getValue(); } @@ -146,7 +145,7 @@ public class AuthnRequestValidator implements IAuthnRequestValidator { } - pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA(reqLoA); + pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA(allowedLoA); //post-process requested LoA comparison-level String reqLoAComperison = extractComparisonLevel(authnReq); |