aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java59
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/NlEidProcessor.java54
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml11
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java46
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml5
5 files changed, 142 insertions, 33 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
index 90be9a7a..4a3218e9 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
@@ -26,6 +26,7 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
import java.util.Base64;
import java.util.Map;
import java.util.regex.Matcher;
@@ -280,7 +281,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
* Set ProviderName and RequestId into eIDAS AuthnRequest.
*
* @param pendingReq Current pendingRequest
- * @param authnRequestBuilder AuthnREquest builer
+ * @param authnRequestBuilder AuthnRequest builder
*/
protected void buildProviderNameAndRequesterIdAttribute(IRequest pendingReq, Builder authnRequestBuilder) {
final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
@@ -330,6 +331,37 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
}
}
+ /**
+ * Build LoA based on Service-Provider configuration.
+ *
+ * @param spConfig Current SP configuration
+ * @param authnRequestBuilder AuthnRequest builder
+ */
+ protected void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) {
+ // TODO: set matching mode if eIDAS ref. impl. support this method
+
+ // TODO: update if eIDAS ref. impl. supports exact matching for non-notified LoA
+ // schemes
+ String loa = EaafConstants.EIDAS_LOA_HIGH;
+ if (spConfig.getRequiredLoA() != null) {
+ if (spConfig.getRequiredLoA().isEmpty()) {
+ log.info("No eIDAS LoA requested. Use LoA HIGH as default");
+ } else {
+ if (spConfig.getRequiredLoA().size() > 1) {
+ log.info(
+ "Currently only ONE requested LoA is supported for service provider. Use first one ... ");
+ }
+
+ loa = spConfig.getRequiredLoA().get(0);
+
+ }
+ }
+
+ log.debug("Request eIdAS node with LoA: " + loa);
+ authnRequestBuilder.levelsOfAssuranceValues(Arrays.asList(loa));
+
+ }
+
private String generateRequesterId(String requesterId) {
if (requesterId != null && basicConfig.getBasicConfigurationBoolean(
Constants.CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION, true)) {
@@ -390,29 +422,4 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
}
- private void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) {
- // TODO: set matching mode if eIDAS ref. impl. support this method
-
- // TODO: update if eIDAS ref. impl. supports exact matching for non-notified LoA
- // schemes
- String loa = EaafConstants.EIDAS_LOA_HIGH;
- if (spConfig.getRequiredLoA() != null) {
- if (spConfig.getRequiredLoA().isEmpty()) {
- log.info("No eIDAS LoA requested. Use LoA HIGH as default");
- } else {
- if (spConfig.getRequiredLoA().size() > 1) {
- log.info(
- "Currently only ONE requested LoA is supported for service provider. Use first one ... ");
- }
-
- loa = spConfig.getRequiredLoA().get(0);
-
- }
- }
-
- log.debug("Request eIdAS node with LoA: " + loa);
- authnRequestBuilder.levelOfAssurance(loa);
-
- }
-
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/NlEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/NlEidProcessor.java
new file mode 100644
index 00000000..2dd22927
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/NlEidProcessor.java
@@ -0,0 +1,54 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class NlEidProcessor extends AbstractEidProcessor {
+
+
+
+ private static final String canHandleCC = "NL";
+
+ @Getter
+ @Setter
+ private int priority = 1;
+
+ @Override
+ public String getName() {
+ return "NL-PostProcessor";
+
+ }
+
+ @Override
+ public boolean canHandle(String countryCode) {
+ return countryCode != null && countryCode.equalsIgnoreCase(canHandleCC);
+
+ }
+
+ protected void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) {
+ super.buildLevelOfAssurance(spConfig, authnRequestBuilder);
+
+ //check requested level
+ if (authnRequestBuilder.build().getLevelOfAssurance().equals(EaafConstants.EIDAS_LOA_LOW)) {
+ log.debug("Upgrade LoA to {}, because NL needs it as minimum.", EaafConstants.EIDAS_LOA_SUBSTANTIAL);
+ authnRequestBuilder.levelsOfAssuranceValues(Arrays.asList(EaafConstants.EIDAS_LOA_SUBSTANTIAL));
+
+ }
+ }
+
+ @Override
+ protected Map<String, Boolean> getCountrySpecificRequestedAttributes() {
+ return new HashMap<>();
+
+ }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
index 3b0cee54..f37516f8 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
@@ -65,17 +65,22 @@
class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.CcSpecificEidProcessingService" />
<bean id="DE-Processor"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.DeEidProcessor">
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.DeEidProcessor">
<property name="priority" value="1" />
</bean>
<bean id="LU-Processor"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.LuEidProcessor">
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.LuEidProcessor">
+ <property name="priority" value="1" />
+ </bean>
+
+ <bean id="NL-Processor"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.NlEidProcessor">
<property name="priority" value="1" />
</bean>
<bean id="Default-Processor"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.GenericEidProcessor">
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.GenericEidProcessor">
<property name="priority" value="0" />
</bean>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
index 7ac41500..610801a6 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
@@ -66,8 +66,9 @@ public class EidasRequestPreProcessingFirstTest {
private TestRequestImpl pendingReq;
private DummySpConfiguration oaParam;
- private Builder authnRequestBuilder;
-
+ private Builder authnRequestBuilder;
+ private Map<String, String> spConfig;
+
/**
* jUnit class initializer.
*
@@ -88,9 +89,9 @@ public class EidasRequestPreProcessingFirstTest {
@Before
public void setUp() {
- final Map<String, String> spConfig = new HashMap<>();
+ spConfig = new HashMap<>();
spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp");
- spConfig.put("target", "urn:publicid:gv.at:cdid+XX");
+ spConfig.put("target", "urn:publicid:gv.at:cdid+XX");
oaParam = new DummySpConfiguration(spConfig, basicConfig);
pendingReq = new TestRequestImpl();
@@ -151,5 +152,42 @@ public class EidasRequestPreProcessingFirstTest {
Assert.assertEquals("Requested attribute size not match", 8, lightReq.getRequestedAttributes().size());
}
+
+ @Test
+ public void prePreProcessNlWithUpgrade() throws EidPostProcessingException {
+
+ final String testCountry = "NL";
+ spConfig.put("loa", EaafConstants.EIDAS_LOA_LOW);
+ authnRequestBuilder.citizenCountryCode(testCountry);
+ authnRequestBuilder.levelOfAssurance(EaafConstants.EIDAS_LOA_LOW);
+
+ preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder);
+
+ final LightRequest lightReq = authnRequestBuilder.build();
+
+ Assert.assertNotSame("RequesterId was set", lightReq.getRequesterId());
+ Assert.assertEquals("no PublicSP", "public", lightReq.getSpType());
+ Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size());
+
+ Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_SUBSTANTIAL, lightReq.getLevelOfAssurance());
+ }
+
+ @Test
+ public void prePreProcessNlWithOutUpgrade() throws EidPostProcessingException {
+
+ final String testCountry = "NL";
+ authnRequestBuilder.citizenCountryCode(testCountry);
+ preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder);
+
+ final LightRequest lightReq = authnRequestBuilder.build();
+
+ Assert.assertNotSame("RequesterId was set", lightReq.getRequesterId());
+ Assert.assertEquals("no PublicSP", "public", lightReq.getSpType());
+ Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size());
+
+ Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_HIGH, lightReq.getLevelOfAssurance());
+
+ }
+
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml
index cd2888c1..f31e5063 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml
@@ -55,6 +55,11 @@
<property name="priority" value="1" />
</bean>
+ <bean id="NL-Processor"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.NlEidProcessor">
+ <property name="priority" value="1" />
+ </bean>
+
<bean id="eIDASAuthModule"
class="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasAuthenticationModulImpl">
<property name="priority" value="2" />
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 08:20:51 +0000