diff options
author | Thomas <> | 2022-10-11 19:16:17 +0200 |
---|---|---|
committer | Thomas <> | 2022-10-11 19:16:17 +0200 |
commit | 7571d90b2910740424988d0e7e5473dbd2d33cfa (patch) | |
tree | 0ec3dff2328b66831283d53448b3d5425038b2fb /modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java | |
parent | f3f0927a1226b32d1c43a116e3421ded9c181323 (diff) | |
download | National_eIDAS_Gateway-7571d90b2910740424988d0e7e5473dbd2d33cfa.tar.gz National_eIDAS_Gateway-7571d90b2910740424988d0e7e5473dbd2d33cfa.tar.bz2 National_eIDAS_Gateway-7571d90b2910740424988d0e7e5473dbd2d33cfa.zip |
feat(ejustice): add validation to disallow eJusticeRole for legal and natural person in one single request
Diffstat (limited to 'modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java')
-rw-r--r-- | modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java | 39 |
1 files changed, 36 insertions, 3 deletions
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java index d0e3d1ba..b5f6b6d2 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java @@ -21,6 +21,7 @@ import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang3.StringUtils; import org.opensaml.saml.saml2.core.NameIDType; import org.opensaml.saml.saml2.core.StatusCode; +import org.springframework.beans.BeansException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; @@ -264,7 +265,25 @@ public class EidasProxyServiceController extends AbstractController implements I } - // TODO: validate some other stuff + // perform advanced request validation + Set<String> requiredHandlers = eidasRequest.getRequestedAttributes().getAttributeMap().keySet().stream() + .map(el -> attrRegistry.mapEidasAttributeToAttributeHandler(el.getNameUri().toString()).orElse(null)) + .filter(Objects::nonNull) + .distinct() + .collect(Collectors.toSet()); + + if (!requiredHandlers.isEmpty()) { + log.info("eIDAS requested attributes requires #{} specific attribute-hander. " + + "Starting advanced attribute-validation ... ", requiredHandlers.size()); + for (String el : requiredHandlers) { + executeAdvancedRequestValidation(el, eidasRequest); + + } + + } else { + log.debug("No advanced eIDAS attribute-validation required."); + + } } @@ -283,8 +302,8 @@ public class EidasProxyServiceController extends AbstractController implements I && EidasProxyServiceUtils.isNaturalPersonRequested(eidasRequest)) { throw new EidasProxyServiceException(ERROR_08, null); - } - + } + // TODO: validate some other stuff } @@ -381,6 +400,20 @@ public class EidasProxyServiceController extends AbstractController implements I } } + private void executeAdvancedRequestValidation(String handlerClass, ILightRequest eidasRequest) + throws EidasProxyServiceException { + try { + IEidasAttributeHandler handler = applicationContext.getBean(handlerClass, IEidasAttributeHandler.class); + + log.trace("Perfom request-validastion by using: {}", handler.getClass().getName()); + handler.validateAuthnRequest(eidasRequest); + + } catch (BeansException e) { + log.error("No custom attribute-handler implementation for: {}. Operation can NOT be performed", handlerClass, e); + + } + } + private void buildNationalRequestedAttributes( ServiceProviderConfiguration spConfig, ILightRequest eidasRequest) { final boolean mandatesEnabled = !SpMandateModes.NONE.equals(spConfig.getMandateMode()); |