aboutsummaryrefslogtreecommitdiff
path: root/modules/eidas_proxy-sevice/src/main
diff options
context:
space:
mode:
authorThomas <>2022-08-16 13:20:02 +0200
committerThomas <>2022-08-16 13:20:02 +0200
commit68c46a22406af910838b3ee6bbea5a4e9807ddaa (patch)
tree6db8f17f513d3a9ae176513e357abc79b768b272 /modules/eidas_proxy-sevice/src/main
parent72e8da84f3ff8cd36d6f62d0d0690ad3f9a19efd (diff)
downloadNational_eIDAS_Gateway-68c46a22406af910838b3ee6bbea5a4e9807ddaa.tar.gz
National_eIDAS_Gateway-68c46a22406af910838b3ee6bbea5a4e9807ddaa.tar.bz2
National_eIDAS_Gateway-68c46a22406af910838b3ee6bbea5a4e9807ddaa.zip
feat(eidas): add advanced SP config post-processing based on requested attributes
Diffstat (limited to 'modules/eidas_proxy-sevice/src/main')
-rw-r--r--modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java53
-rw-r--r--modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java9
-rw-r--r--modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java38
3 files changed, 99 insertions, 1 deletions
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
index f42a7172..52a69944 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
@@ -1,5 +1,17 @@
package at.asitplus.eidas.specific.modules.msproxyservice.handler;
+import javax.annotation.PostConstruct;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import lombok.extern.slf4j.Slf4j;
+
/**
* Attribute handling to integrate BORIS attributes without full IDA support for sector-specific attributes.
*
@@ -8,6 +20,47 @@ package at.asitplus.eidas.specific.modules.msproxyservice.handler;
* @author tlenz
*
*/
+@Slf4j
public class EJusticePersonRoleHandler implements IEidasAttributeHandler {
+ public static final String CONFIG_PROP_IDA_MANDATE_PROFILE = "advanced.atributes.ejusticerole.mandate.profiles";
+ public static final String CONFIG_PROP_IDA_MANDATE_MODE = "advanced.atributes.ejusticerole.mandate.mode";
+
+ @Autowired IConfiguration config;
+
+ private SpMandateModes mandateMode;
+ private String mandateProfiles;
+
+ @Override
+ public void performSpConfigPostprocessing(ServiceProviderConfiguration spConfig) {
+ spConfig.setMandateMode(mandateMode);
+ spConfig.setMandateProfiles(KeyValueUtils.getListOfCsvValues(mandateProfiles));
+ log.info("Enforcing mandate-mode: {} with profile: {}", mandateMode, mandateProfiles);
+
+ }
+
+
+
+ @PostConstruct
+ private void initialize() throws EaafConfigurationException {
+ mandateMode = SpMandateModes.fromString(loadConfigValue(CONFIG_PROP_IDA_MANDATE_MODE));
+ mandateProfiles = loadConfigValue(CONFIG_PROP_IDA_MANDATE_PROFILE);
+
+ log.info("Initialize: {} with mandate-profile: {} mandate-mode: {}",
+ EJusticePersonRoleHandler.class.getSimpleName(), mandateProfiles, mandateMode);
+
+ }
+
+ private String loadConfigValue(String configProp) throws EaafConfigurationException {
+ String value = config.getBasicConfiguration(configProp);
+ if (StringUtils.isEmpty(value)) {
+ throw new EaafConfigurationException("internal.configuration.00",
+ new Object[]{configProp});
+
+ }
+
+ return value;
+
+ }
+
}
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java
index 153cf262..02e091ef 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java
@@ -1,5 +1,7 @@
package at.asitplus.eidas.specific.modules.msproxyservice.handler;
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
+
/**
* Handlers for attribute-processing that requires more features than a simple mapping.
*
@@ -8,6 +10,13 @@ package at.asitplus.eidas.specific.modules.msproxyservice.handler;
*/
public interface IEidasAttributeHandler {
+ /**
+ * Perform attribute-releated post-processing of internal Service-Provider configuration.
+ *
+ * @param spConfig SP configuration that was build from incoming eIDAS Authn. request.
+ */
+ void performSpConfigPostprocessing(ServiceProviderConfiguration spConfig);
+
}
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
index 32be0e22..d0e3d1ba 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
@@ -8,6 +8,7 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
+import java.util.Set;
import java.util.UUID;
import java.util.stream.Collectors;
@@ -33,6 +34,7 @@ import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants;
import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException;
+import at.asitplus.eidas.specific.modules.msproxyservice.handler.IEidasAttributeHandler;
import at.asitplus.eidas.specific.modules.msproxyservice.service.ProxyEidasAttributeRegistry;
import at.asitplus.eidas.specific.modules.msproxyservice.utils.EidasProxyServiceUtils;
import at.gv.egiz.components.eventlog.api.EventConstants;
@@ -333,7 +335,10 @@ public class EidasProxyServiceController extends AbstractController implements I
// map eIDAS attributes to national attributes
buildNationalRequestedAttributes(spConfig, eidasRequest);
-
+
+ // execute custom attribute-handler
+ advancedAttributeHandler(spConfig, eidasRequest);
+
return spConfig;
} catch (final EidasProxyServiceException e) {
@@ -344,6 +349,37 @@ public class EidasProxyServiceController extends AbstractController implements I
}
}
+
+ private void advancedAttributeHandler(ServiceProviderConfiguration spConfig, ILightRequest eidasRequest) {
+ Set<String> requiredHandlers = eidasRequest.getRequestedAttributes().getAttributeMap().keySet().stream()
+ .map(el -> attrRegistry.mapEidasAttributeToAttributeHandler(el.getNameUri().toString()).orElse(null))
+ .filter(Objects::nonNull)
+ .distinct()
+ .collect(Collectors.toSet());
+
+ if (!requiredHandlers.isEmpty()) {
+ log.info("eIDAS requested attributes requires #{} specific attribute-hander. "
+ + "Starting advanced attribute-handling ... ", requiredHandlers.size());
+ requiredHandlers.forEach(el -> executeAttributeHandler(el, spConfig));
+
+ } else {
+ log.debug("No advanced eIDAS attribute-handling required.");
+
+ }
+ }
+
+ private void executeAttributeHandler(String handlerClass, ServiceProviderConfiguration spConfig) {
+ try {
+ IEidasAttributeHandler handler = applicationContext.getBean(handlerClass, IEidasAttributeHandler.class);
+
+ log.trace("Perfom SP config post-processing by using: {}", handler.getClass().getName());
+ handler.performSpConfigPostprocessing(spConfig);
+
+ } catch (Exception e) {
+ log.error("No custom attribute-handler implementation for: {}. Operation can NOT be performed", handlerClass, e);
+
+ }
+ }
private void buildNationalRequestedAttributes(
ServiceProviderConfiguration spConfig, ILightRequest eidasRequest) {