aboutsummaryrefslogtreecommitdiff
path: root/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/config/ServiceProviderConfiguration.java
diff options
context:
space:
mode:
Diffstat (limited to 'connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/config/ServiceProviderConfiguration.java')
-rw-r--r--connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/config/ServiceProviderConfiguration.java140
1 files changed, 140 insertions, 0 deletions
diff --git a/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/config/ServiceProviderConfiguration.java b/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/config/ServiceProviderConfiguration.java
new file mode 100644
index 00000000..a742db6a
--- /dev/null
+++ b/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/config/ServiceProviderConfiguration.java
@@ -0,0 +1,140 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eidas.specific.connector.config;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.idp.conf.SPConfigurationImpl;
+import at.gv.egiz.eidas.specific.connector.MSeIDASNodeConstants;
+
+public class ServiceProviderConfiguration extends SPConfigurationImpl {
+ private static final long serialVersionUID = 1L;
+ private static final Logger log = LoggerFactory.getLogger(ServiceProviderConfiguration.class);
+
+ private List<String> minimumLoA = Arrays.asList(EAAFConstants.EIDAS_LOA_HIGH);
+ private String bPKTargetIdentifier;
+ private String loaMachtingMode = EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM;
+
+ public ServiceProviderConfiguration(Map<String, String> spConfig, IConfiguration authConfig) {
+ super(spConfig, authConfig);
+
+ }
+
+ @Override
+ public boolean hasBaseIdInternalProcessingRestriction() {
+ return false;
+
+ }
+
+ @Override
+ public boolean hasBaseIdTransferRestriction() {
+ Boolean spConfigPolicy = isConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_POLICY_BASEIDTRANSFER_RESTRICTION);
+ if (spConfigPolicy != null)
+ return spConfigPolicy;
+
+ else {
+ log.trace("SP configuration defines no baseID transfer restriction. Enforce default policy ...");
+ for (String el : getTargetsWithNoBaseIdTransferRestriction()) {
+ if (this.bPKTargetIdentifier != null && this.bPKTargetIdentifier.startsWith(el)) {
+ log.debug("SP-Target: " + this.bPKTargetIdentifier + " has NO baseID transfer restriction in default policy");
+ return false;
+
+ }
+ }
+ }
+
+ log.debug("Default-policy defines baseID transfer restriction for SP-Target: " + this.bPKTargetIdentifier);
+ return true;
+ }
+
+ @Override
+ public List<String> getRequiredLoA() {
+ return minimumLoA;
+
+ }
+
+ public String getLoAMatchingMode() {
+ return loaMachtingMode;
+
+ }
+
+
+ @Override
+ public String getAreaSpecificTargetIdentifier() {
+ return bPKTargetIdentifier;
+ }
+
+
+ @Override
+ public String getFriendlyName() {
+ return getConfigurationValue(
+ MSeIDASNodeConstants.PROP_CONFIG_SP_FRIENDLYNAME,
+ "NO FRIENDLYNAME SET");
+
+ }
+
+ /**
+ * Set the minimum level of eIDAS authentication for this SP
+ * <br>
+ * <b>Default:</b> http://eidas.europa.eu/LoA/high
+ * <br>
+ * <b>Info:</b> In case of MINIMUM matching-mode, only one entry is allowed
+ *
+ * @param minimumLoA eIDAS LoA URIs
+ */
+
+ public void setRequiredLoA(List<String> minimumLoA) {
+ this.minimumLoA = minimumLoA;
+ }
+
+ /**
+ * Set the mode of operation for LoA matching for this SP
+ * <b>
+ * <b>Default: minimum</b>
+ * <br>
+ * <b>Info:</b> Currently only 'minimum' and 'exact' are supported
+ *
+ * @param mode LoA matching mode according to SAML2 core specification
+ */
+ public void setLoAMachtingMode(String mode) {
+ this.loaMachtingMode = mode;
+ }
+
+
+ /**
+ * Set the bPK Target for this service provider
+ *
+ * @param bPKTargetIdentifier
+ * @throws EAAFException If the bPKTargetIdentifier is NOT ALLOWED for this service provider
+ */
+ public void setbPKTargetIdentifier(String bPKTargetIdentifier) throws EAAFException {
+ String allowedTargetIdentifierRegExPattern = getConfigurationValue(
+ MSeIDASNodeConstants.PROP_CONFIG_SP_POLICY_ALLOWED_TARGETS,
+ MSeIDASNodeConstants.POLICY_DEFAULT_ALLOWED_TARGETS);
+ log.trace("Use bPK-target regex pattern: " + allowedTargetIdentifierRegExPattern);
+
+ Pattern p = Pattern.compile(allowedTargetIdentifierRegExPattern);
+ Matcher m = p.matcher(bPKTargetIdentifier);
+ if (m.matches()) {
+ log.debug("Requested bPK-target: " + bPKTargetIdentifier + " matches regex pattern");
+ this.bPKTargetIdentifier = bPKTargetIdentifier;
+
+ } else {
+ log.warn("Requested bPK-target: " + bPKTargetIdentifier + " does NOT match regex pattern.");
+ throw new EAAFException("auth.37", new Object[] {bPKTargetIdentifier, getUniqueIdentifier()});
+
+ }
+
+ }
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-06 10:01:03 +0000