aboutsummaryrefslogtreecommitdiff
path: root/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config
diff options
context:
space:
mode:
Diffstat (limited to 'connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config')
-rw-r--r--connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/BasicConfigurationProvider.java122
-rw-r--r--connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java140
2 files changed, 262 insertions, 0 deletions
diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/BasicConfigurationProvider.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/BasicConfigurationProvider.java
new file mode 100644
index 00000000..3bc5c190
--- /dev/null
+++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/BasicConfigurationProvider.java
@@ -0,0 +1,122 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.asitplus.eidas.specific.connector.config;
+
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.idp.conf.AbstractConfigurationImpl;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+
+@Service("BasicMSSpecificNodeConfig")
+public class BasicConfigurationProvider extends AbstractConfigurationImpl{
+ private static final Logger log = LoggerFactory.getLogger(BasicConfigurationProvider.class);
+
+ private Map<String, ISPConfiguration> spConfigCache = new HashMap<String, ISPConfiguration>();
+
+ public BasicConfigurationProvider(String configPath) throws EAAFConfigurationException {
+ super(configPath);
+
+ }
+
+ @Override
+ public ISPConfiguration getServiceProviderConfiguration(String entityId) throws EAAFConfigurationException {
+ if (!spConfigCache.containsKey(entityId)) {
+ log.debug("SP: " + entityId + " is NOT cached. Starting load operation ... ");
+ Map<String, String> allSPs = getBasicMOAIDConfigurationWithPrefix(MSeIDASNodeConstants.PROP_CONFIG_SP_LIST_PREFIX);
+ for (String key : allSPs.keySet()) {
+ if (key.endsWith(MSeIDASNodeConstants.PROP_CONFIG_SP_UNIQUEIDENTIFIER) &&
+ allSPs.get(key).equals(entityId)) {
+ String listId = KeyValueUtils.getParentKey(key);
+ log.trace("Find SP configuration with list-Id: " + listId + ". Extracting configuration elements ... ");
+ Map<String, String> spConfig = KeyValueUtils.getSubSetWithPrefix(allSPs, listId + KeyValueUtils.KEY_DELIMITER);
+ spConfigCache.put(entityId,
+ new ServiceProviderConfiguration(spConfig, this));
+ break;
+ }
+ }
+
+ if (spConfigCache.containsKey(entityId))
+ log.info("SP: " + entityId + " is loaded. Continuing auth. process ... ");
+ else {
+ log.warn("SP: " + entityId + " is NOT found in configuration. Stopping auth. process ... ");
+ return null;
+
+ }
+
+ } else
+ log.trace("SP: " + entityId + " is already cached. Use configuration from there ... ");
+
+
+ return spConfigCache.get(entityId);
+ }
+
+ @Override
+ public <T> T getServiceProviderConfiguration(String entityId, Class<T> decorator) throws EAAFConfigurationException {
+ ISPConfiguration spConfig = getServiceProviderConfiguration(entityId);
+ if (spConfig != null && decorator != null) {
+ if (decorator.isInstance(spConfig))
+ return (T)spConfig;
+ else
+ log.error("SPConfig: " + spConfig.getClass().getName() + " is NOT instance of: " + decorator.getName());
+
+ }
+
+ return null;
+
+ }
+
+ @Override
+ public String validateIDPURL(URL url) throws EAAFException {
+ log.trace("Validate requested URL: " + url);
+ String urlPrefixFromConfig = getBasicConfiguration(MSeIDASNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX);
+ if (StringUtils.isEmpty(urlPrefixFromConfig)) {
+ log.warn("Application config containts NO URL prefix");
+ throw new EAAFConfigurationException("config.27",
+ new Object[] {"Application config containts NO "
+ + getApplicationSpecificKeyPrefix() + MSeIDASNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX });
+
+ }
+
+ //remove last slash
+ if (urlPrefixFromConfig.endsWith("/"))
+ urlPrefixFromConfig = urlPrefixFromConfig.substring(0, urlPrefixFromConfig.length()-1);
+
+ if (getBasicMOAIDConfigurationBoolean(
+ MSeIDASNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_REQUEST_VALIDATION, false)) {
+ if (url != null && url.toExternalForm().startsWith(urlPrefixFromConfig))
+ return urlPrefixFromConfig;
+
+ log.info("URL: " + url + " does NOT match to allowed application prefix: " + urlPrefixFromConfig);
+ return null;
+
+ } else {
+ return urlPrefixFromConfig;
+
+ }
+ }
+
+ @Override
+ public String getApplicationSpecificKeyPrefix() {
+ return MSeIDASNodeConstants.PROP_CONFIG_APPLICATION_PREFIX;
+
+ }
+
+ @Override
+ protected String getBackupConfigPath() {
+ return null;
+
+ }
+
+
+}
diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java
new file mode 100644
index 00000000..b45e723f
--- /dev/null
+++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java
@@ -0,0 +1,140 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.asitplus.eidas.specific.connector.config;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.idp.conf.SPConfigurationImpl;
+
+public class ServiceProviderConfiguration extends SPConfigurationImpl {
+ private static final long serialVersionUID = 1L;
+ private static final Logger log = LoggerFactory.getLogger(ServiceProviderConfiguration.class);
+
+ private List<String> minimumLoA = Arrays.asList(EAAFConstants.EIDAS_LOA_HIGH);
+ private String bPKTargetIdentifier;
+ private String loaMachtingMode = EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM;
+
+ public ServiceProviderConfiguration(Map<String, String> spConfig, IConfiguration authConfig) {
+ super(spConfig, authConfig);
+
+ }
+
+ @Override
+ public boolean hasBaseIdInternalProcessingRestriction() {
+ return false;
+
+ }
+
+ @Override
+ public boolean hasBaseIdTransferRestriction() {
+ Boolean spConfigPolicy = isConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_POLICY_BASEIDTRANSFER_RESTRICTION);
+ if (spConfigPolicy != null)
+ return spConfigPolicy;
+
+ else {
+ log.trace("SP configuration defines no baseID transfer restriction. Enforce default policy ...");
+ for (String el : getTargetsWithNoBaseIdTransferRestriction()) {
+ if (this.bPKTargetIdentifier != null && this.bPKTargetIdentifier.startsWith(el)) {
+ log.debug("SP-Target: " + this.bPKTargetIdentifier + " has NO baseID transfer restriction in default policy");
+ return false;
+
+ }
+ }
+ }
+
+ log.debug("Default-policy defines baseID transfer restriction for SP-Target: " + this.bPKTargetIdentifier);
+ return true;
+ }
+
+ @Override
+ public List<String> getRequiredLoA() {
+ return minimumLoA;
+
+ }
+
+ public String getLoAMatchingMode() {
+ return loaMachtingMode;
+
+ }
+
+
+ @Override
+ public String getAreaSpecificTargetIdentifier() {
+ return bPKTargetIdentifier;
+ }
+
+
+ @Override
+ public String getFriendlyName() {
+ return getConfigurationValue(
+ MSeIDASNodeConstants.PROP_CONFIG_SP_FRIENDLYNAME,
+ "NO FRIENDLYNAME SET");
+
+ }
+
+ /**
+ * Set the minimum level of eIDAS authentication for this SP
+ * <br>
+ * <b>Default:</b> http://eidas.europa.eu/LoA/high
+ * <br>
+ * <b>Info:</b> In case of MINIMUM matching-mode, only one entry is allowed
+ *
+ * @param minimumLoA eIDAS LoA URIs
+ */
+
+ public void setRequiredLoA(List<String> minimumLoA) {
+ this.minimumLoA = minimumLoA;
+ }
+
+ /**
+ * Set the mode of operation for LoA matching for this SP
+ * <b>
+ * <b>Default: minimum</b>
+ * <br>
+ * <b>Info:</b> Currently only 'minimum' and 'exact' are supported
+ *
+ * @param mode LoA matching mode according to SAML2 core specification
+ */
+ public void setLoAMachtingMode(String mode) {
+ this.loaMachtingMode = mode;
+ }
+
+
+ /**
+ * Set the bPK Target for this service provider
+ *
+ * @param bPKTargetIdentifier
+ * @throws EAAFException If the bPKTargetIdentifier is NOT ALLOWED for this service provider
+ */
+ public void setbPKTargetIdentifier(String bPKTargetIdentifier) throws EAAFException {
+ String allowedTargetIdentifierRegExPattern = getConfigurationValue(
+ MSeIDASNodeConstants.PROP_CONFIG_SP_POLICY_ALLOWED_TARGETS,
+ MSeIDASNodeConstants.POLICY_DEFAULT_ALLOWED_TARGETS);
+ log.trace("Use bPK-target regex pattern: " + allowedTargetIdentifierRegExPattern);
+
+ Pattern p = Pattern.compile(allowedTargetIdentifierRegExPattern);
+ Matcher m = p.matcher(bPKTargetIdentifier);
+ if (m.matches()) {
+ log.debug("Requested bPK-target: " + bPKTargetIdentifier + " matches regex pattern");
+ this.bPKTargetIdentifier = bPKTargetIdentifier;
+
+ } else {
+ log.warn("Requested bPK-target: " + bPKTargetIdentifier + " does NOT match regex pattern.");
+ throw new EAAFException("auth.37", new Object[] {bPKTargetIdentifier, getUniqueIdentifier()});
+
+ }
+
+ }
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-11 06:14:27 +0000