Merge branch 'master' into nightlybuild

# Conflicts: # basicConfig/default_config.properties # connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MSeIDASNodeConstants.java # eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/SZRClientTest.java # eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/eIDASAttributePostProcessingTest.java # pom.xml
author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2019-09-11 08:03:54 +0200
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2019-09-11 08:03:54 +0200
commit: b424e20e6497d6eadb559054d884f9f65d69411d (patch)
tree: 8f9922cd7373b5f9f685a4367a5a42b8e58959fa /connector/src
parent: ab4bba8177a5b4382d9ebe8996b76c5c5200e4a3 (diff)
parent: 5210dd7fef20776084f1106836f0e367654d6549 (diff)
download: National_eIDAS_Gateway-b424e20e6497d6eadb559054d884f9f65d69411d.tar.gz
National_eIDAS_Gateway-b424e20e6497d6eadb559054d884f9f65d69411d.tar.bz2
National_eIDAS_Gateway-b424e20e6497d6eadb559054d884f9f65d69411d.zip
1 files changed, 48 insertions, 1 deletions
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
index 12dffe45..94b0cc02 100644
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
@@ -39,11 +39,14 @@ import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.xml.XMLObject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 
 import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants;
 import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration;
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
@@ -51,11 +54,14 @@ import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
 import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttributes;
 import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator;
 import at.gv.egiz.eaaf.modules.pvp2.exception.NameIDFormatNotSupportedException;
+import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance;
 
 public class AuthnRequestValidator implements IAuthnRequestValidator {
 
 	private static final Logger log = LoggerFactory.getLogger(AuthnRequestValidator.class);
 	
+	@Autowired(required=true) private IConfiguration basicConfig;
+	
 	@Override
 	public void validate(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authnReq,
 			SPSSODescriptor spSSODescriptor) throws AuthnRequestValidatorException {
@@ -98,7 +104,48 @@ public class AuthnRequestValidator implements IAuthnRequestValidator {
 			
 			//post-process requested LoA
 			List<String> reqLoA = extractLoA(authnReq);
-			pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA(reqLoA);
+			
+			LevelOfAssurance minimumLoAFromConfig = LevelOfAssurance.fromString(basicConfig.getBasicConfiguration(
+					MSeIDASNodeConstants.PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL, 
+					EAAFConstants.EIDAS_LOA_HIGH));
+			if (minimumLoAFromConfig == null) {
+				log.warn("Can not load minimum LoA from configuration. Use LoA: {} as default", EAAFConstants.EIDAS_LOA_HIGH);
+				minimumLoAFromConfig = LevelOfAssurance.HIGH;
+				
+			}
+			
+			log.trace("Validate requested LoA to connector configuration minimum LoA: {} ...", minimumLoAFromConfig);
+			List<String> allowedLoA = new ArrayList<>();
+			for (String loa : reqLoA) {				
+				try {
+					LevelOfAssurance intLoa = LevelOfAssurance.fromString(loa);
+					String selectedLoA = EAAFConstants.EIDAS_LOA_HIGH;
+					if (intLoa != null && 
+							intLoa.numericValue() >= minimumLoAFromConfig.numericValue()) {
+						log.info("Client: {} requested LoA: {} will be upgraded to: {}", 
+								pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(),
+								loa,
+								minimumLoAFromConfig);
+						selectedLoA = intLoa.getValue();
+						
+					} 
+					
+					if (!allowedLoA.contains(selectedLoA)) {
+						log.debug("Allow LoA: {} for Client: {}", 
+								selectedLoA, 
+								pendingReq.getServiceProviderConfiguration().getUniqueIdentifier());
+						allowedLoA.add(selectedLoA);
+						
+					}
+										
+				} catch (IllegalArgumentException e) {
+					log.warn("LoA: {} is currently NOT supported and it will be ignored.", loa);
+					
+				}
+					
+			}
+			
+			pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA(allowedLoA);
 						
 			//post-process requested LoA comparison-level
 			String reqLoAComperison = extractComparisonLevel(authnReq);
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2019-09-11 08:03:54 +0200
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2019-09-11 08:03:54 +0200
commit	b424e20e6497d6eadb559054d884f9f65d69411d (patch)
tree	8f9922cd7373b5f9f685a4367a5a42b8e58959fa /connector/src
parent	ab4bba8177a5b4382d9ebe8996b76c5c5200e4a3 (diff)
parent	5210dd7fef20776084f1106836f0e367654d6549 (diff)
download	National_eIDAS_Gateway-b424e20e6497d6eadb559054d884f9f65d69411d.tar.gz National_eIDAS_Gateway-b424e20e6497d6eadb559054d884f9f65d69411d.tar.bz2 National_eIDAS_Gateway-b424e20e6497d6eadb559054d884f9f65d69411d.zip