aboutsummaryrefslogtreecommitdiff
path: root/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java
diff options
context:
space:
mode:
Diffstat (limited to 'connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java')
-rw-r--r--connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java248
1 files changed, 122 insertions, 126 deletions
diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java
index f5b52fa4..6f7eace3 100644
--- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java
+++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java
@@ -1,6 +1,6 @@
-/*******************************************************************************
+/*
* Copyright 2018 A-SIT Plus GmbH
- * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
* A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
@@ -19,9 +19,8 @@
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+*/
+
package at.asitplus.eidas.specific.connector.config;
import java.util.Arrays;
@@ -33,130 +32,127 @@ import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants;
+import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.impl.idp.conf.SpConfigurationImpl;
-public class ServiceProviderConfiguration extends SpConfigurationImpl {
- private static final long serialVersionUID = 1L;
- private static final Logger log = LoggerFactory.getLogger(ServiceProviderConfiguration.class);
-
- private List<String> minimumLoA = Arrays.asList(EaafConstants.EIDAS_LOA_HIGH);
- private String bPKTargetIdentifier;
- private String loaMachtingMode = EaafConstants.EIDAS_LOA_MATCHING_MINIMUM;
-
- public ServiceProviderConfiguration(Map<String, String> spConfig, IConfiguration authConfig) {
- super(spConfig, authConfig);
-
- }
-
- @Override
- public boolean hasBaseIdInternalProcessingRestriction() {
- return false;
-
- }
-
- @Override
- public boolean hasBaseIdTransferRestriction() {
- Boolean spConfigPolicy = isConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_POLICY_BASEIDTRANSFER_RESTRICTION);
- if (spConfigPolicy != null)
- return spConfigPolicy;
-
- else {
- log.trace("SP configuration defines no baseID transfer restriction. Enforce default policy ...");
- for (String el : getTargetsWithNoBaseIdTransferRestriction()) {
- if (this.bPKTargetIdentifier != null && this.bPKTargetIdentifier.startsWith(el)) {
- log.debug("SP-Target: " + this.bPKTargetIdentifier + " has NO baseID transfer restriction in default policy");
- return false;
-
- }
- }
- }
-
- log.debug("Default-policy defines baseID transfer restriction for SP-Target: " + this.bPKTargetIdentifier);
- return true;
- }
-
- @Override
- public List<String> getRequiredLoA() {
- return minimumLoA;
-
- }
-
- public String getLoAMatchingMode() {
- return loaMachtingMode;
-
- }
-
-
- @Override
- public String getAreaSpecificTargetIdentifier() {
- return bPKTargetIdentifier;
- }
-
-
- @Override
- public String getFriendlyName() {
- return getConfigurationValue(
- MSeIDASNodeConstants.PROP_CONFIG_SP_FRIENDLYNAME,
- "NO FRIENDLYNAME SET");
-
- }
-
- /**
- * Set the minimum level of eIDAS authentication for this SP
- * <br>
- * <b>Default:</b> http://eidas.europa.eu/LoA/high
- * <br>
- * <b>Info:</b> In case of MINIMUM matching-mode, only one entry is allowed
- *
- * @param minimumLoA eIDAS LoA URIs
- */
-
- public void setRequiredLoA(List<String> minimumLoA) {
- this.minimumLoA = minimumLoA;
- }
-
- /**
- * Set the mode of operation for LoA matching for this SP
- * <b>
- * <b>Default: minimum</b>
- * <br>
- * <b>Info:</b> Currently only 'minimum' and 'exact' are supported
- *
- * @param mode LoA matching mode according to SAML2 core specification
- */
- public void setLoAMachtingMode(String mode) {
- this.loaMachtingMode = mode;
- }
-
-
- /**
- * Set the bPK Target for this service provider
- *
- * @param bPKTargetIdentifier
- * @throws EAAFException If the bPKTargetIdentifier is NOT ALLOWED for this service provider
- */
- public void setbPKTargetIdentifier(String bPKTargetIdentifier) throws EaafException {
- String allowedTargetIdentifierRegExPattern = getConfigurationValue(
- MSeIDASNodeConstants.PROP_CONFIG_SP_POLICY_ALLOWED_TARGETS,
- MSeIDASNodeConstants.POLICY_DEFAULT_ALLOWED_TARGETS);
- log.trace("Use bPK-target regex pattern: " + allowedTargetIdentifierRegExPattern);
-
- Pattern p = Pattern.compile(allowedTargetIdentifierRegExPattern);
- Matcher m = p.matcher(bPKTargetIdentifier);
- if (m.matches()) {
- log.debug("Requested bPK-target: " + bPKTargetIdentifier + " matches regex pattern");
- this.bPKTargetIdentifier = bPKTargetIdentifier;
-
- } else {
- log.warn("Requested bPK-target: " + bPKTargetIdentifier + " does NOT match regex pattern.");
- throw new EaafException("auth.37", new Object[] {bPKTargetIdentifier, getUniqueIdentifier()});
-
- }
-
- }
-
+public class ServiceProviderConfiguration extends SpConfigurationImpl {
+ private static final long serialVersionUID = 1L;
+ private static final Logger log = LoggerFactory.getLogger(ServiceProviderConfiguration.class);
+
+ private List<String> minimumLoA = Arrays.asList(EaafConstants.EIDAS_LOA_HIGH);
+ private String bpkTargetIdentifier;
+ private String loaMachtingMode = EaafConstants.EIDAS_LOA_MATCHING_MINIMUM;
+
+ public ServiceProviderConfiguration(Map<String, String> spConfig, IConfiguration authConfig) {
+ super(spConfig, authConfig);
+
+ }
+
+ @Override
+ public boolean hasBaseIdInternalProcessingRestriction() {
+ return false;
+
+ }
+
+ @Override
+ public boolean hasBaseIdTransferRestriction() {
+ final Boolean spConfigPolicy = isConfigurationValue(
+ MsEidasNodeConstants.PROP_CONFIG_SP_POLICY_BASEIDTRANSFER_RESTRICTION);
+ if (spConfigPolicy != null) {
+ return spConfigPolicy;
+ } else {
+ log.trace("SP configuration defines no baseID transfer restriction. Enforce default policy ...");
+ for (final String el : getTargetsWithNoBaseIdTransferRestriction()) {
+ if (this.bpkTargetIdentifier != null && this.bpkTargetIdentifier.startsWith(el)) {
+ log.debug("SP-Target: " + this.bpkTargetIdentifier
+ + " has NO baseID transfer restriction in default policy");
+ return false;
+
+ }
+ }
+ }
+
+ log.debug("Default-policy defines baseID transfer restriction for SP-Target: "
+ + this.bpkTargetIdentifier);
+ return true;
+ }
+
+ @Override
+ public List<String> getRequiredLoA() {
+ return minimumLoA;
+
+ }
+
+ @Override
+ public String getLoAMatchingMode() {
+ return loaMachtingMode;
+
+ }
+
+ @Override
+ public String getAreaSpecificTargetIdentifier() {
+ return bpkTargetIdentifier;
+ }
+
+ @Override
+ public String getFriendlyName() {
+ return getConfigurationValue(
+ MsEidasNodeConstants.PROP_CONFIG_SP_FRIENDLYNAME,
+ "NO FRIENDLYNAME SET");
+
+ }
+
+ /**
+ * Set the minimum level of eIDAS authentication for this SP <br>
+ * <b>Default:</b> http://eidas.europa.eu/LoA/high <br>
+ * <b>Info:</b> In case of MINIMUM matching-mode, only one entry is allowed
+ *
+ * @param minimumLoA eIDAS LoA URIs
+ */
+
+ public void setRequiredLoA(List<String> minimumLoA) {
+ this.minimumLoA = minimumLoA;
+ }
+
+ /**
+ * Set the mode of operation for LoA matching for this SP. <b>Default:
+ * minimum</b> <br>
+ * <b>Info:</b> Currently only 'minimum' and 'exact' are supported
+ *
+ * @param mode LoA matching mode according to SAML2 core specification
+ */
+ public void setLoAMachtingMode(String mode) {
+ this.loaMachtingMode = mode;
+ }
+
+ /**
+ * Set the bPK Target for this service provider.
+ *
+ * @param bpkTargetIdentifier Set the bPK sector
+ * @throws EAAFException If the bPKTargetIdentifier is NOT ALLOWED for this
+ * service provider
+ */
+ public void setBpkTargetIdentifier(String bpkTargetIdentifier) throws EaafException {
+ final String allowedTargetIdentifierRegExPattern = getConfigurationValue(
+ MsEidasNodeConstants.PROP_CONFIG_SP_POLICY_ALLOWED_TARGETS,
+ MsEidasNodeConstants.POLICY_DEFAULT_ALLOWED_TARGETS);
+ log.trace("Use bPK-target regex pattern: " + allowedTargetIdentifierRegExPattern);
+
+ final Pattern p = Pattern.compile(allowedTargetIdentifierRegExPattern);
+ final Matcher m = p.matcher(bpkTargetIdentifier);
+ if (m.matches()) {
+ log.debug("Requested bPK-target: " + bpkTargetIdentifier + " matches regex pattern");
+ this.bpkTargetIdentifier = bpkTargetIdentifier;
+
+ } else {
+ log.warn("Requested bPK-target: " + bpkTargetIdentifier + " does NOT match regex pattern.");
+ throw new EaafException("auth.37", new Object[] { bpkTargetIdentifier, getUniqueIdentifier() });
+
+ }
+
+ }
+
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-01 00:47:32 +0000