aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java31
-rw-r--r--connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MSeIDASNodeConstants.java6
2 files changed, 15 insertions, 22 deletions
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
index bceb9f35..94b0cc02 100644
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
@@ -54,6 +54,7 @@ import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttributes;
import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator;
import at.gv.egiz.eaaf.modules.pvp2.exception.NameIDFormatNotSupportedException;
+import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance;
public class AuthnRequestValidator implements IAuthnRequestValidator {
@@ -103,31 +104,29 @@ public class AuthnRequestValidator implements IAuthnRequestValidator {
//post-process requested LoA
List<String> reqLoA = extractLoA(authnReq);
- String minimumLoAFromConfig = basicConfig.getBasicConfiguration(
+
+ LevelOfAssurance minimumLoAFromConfig = LevelOfAssurance.fromString(basicConfig.getBasicConfiguration(
MSeIDASNodeConstants.PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL,
- EAAFConstants.EIDAS_LOA_HIGH);
- String intMinimumLoAFromConfig = minimumLoAFromConfig;
- if (minimumLoAFromConfig.startsWith(EAAFConstants.EIDAS_LOA_PREFIX))
- intMinimumLoAFromConfig = minimumLoAFromConfig.substring(EAAFConstants.EIDAS_LOA_PREFIX.length());
+ EAAFConstants.EIDAS_LOA_HIGH));
+ if (minimumLoAFromConfig == null) {
+ log.warn("Can not load minimum LoA from configuration. Use LoA: {} as default", EAAFConstants.EIDAS_LOA_HIGH);
+ minimumLoAFromConfig = LevelOfAssurance.HIGH;
+
+ }
log.trace("Validate requested LoA to connector configuration minimum LoA: {} ...", minimumLoAFromConfig);
List<String> allowedLoA = new ArrayList<>();
- for (String loa : reqLoA) {
- String intLoa = loa;
- if (loa.startsWith(EAAFConstants.EIDAS_LOA_PREFIX)) {
- intLoa = loa.substring(EAAFConstants.EIDAS_LOA_PREFIX.length());
-
- }
-
+ for (String loa : reqLoA) {
try {
+ LevelOfAssurance intLoa = LevelOfAssurance.fromString(loa);
String selectedLoA = EAAFConstants.EIDAS_LOA_HIGH;
- if (MSeIDASNodeConstants.EIDAS_LOA_LEVEL_ORDER.valueOf(intLoa).ordinal() >=
- MSeIDASNodeConstants.EIDAS_LOA_LEVEL_ORDER.valueOf(intMinimumLoAFromConfig).ordinal()) {
+ if (intLoa != null &&
+ intLoa.numericValue() >= minimumLoAFromConfig.numericValue()) {
log.info("Client: {} requested LoA: {} will be upgraded to: {}",
pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(),
loa,
minimumLoAFromConfig);
- selectedLoA = loa;
+ selectedLoA = intLoa.getValue();
}
@@ -146,7 +145,7 @@ public class AuthnRequestValidator implements IAuthnRequestValidator {
}
- pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA(reqLoA);
+ pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA(allowedLoA);
//post-process requested LoA comparison-level
String reqLoAComperison = extractComparisonLevel(authnReq);
diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MSeIDASNodeConstants.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MSeIDASNodeConstants.java
index 7b6aec86..eee1ad62 100644
--- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MSeIDASNodeConstants.java
+++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MSeIDASNodeConstants.java
@@ -117,10 +117,4 @@ public class MSeIDASNodeConstants {
public static final List<String> COUNTRY_SELECTION_PARAM_WHITELIST =
Arrays.asList(REQ_PARAM_SELECTED_COUNTRY, REQ_PARAM_SELECTED_ENVIRONMENT);
- public enum EIDAS_LOA_LEVEL_ORDER {
- low,
- substantial,
- high
- }
-
}