diff options
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java')
| -rw-r--r-- | eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java | 138 |
1 files changed, 85 insertions, 53 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java index 1050f8d9..64c6adeb 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java @@ -24,17 +24,20 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; + import static at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils.processCountryCode; import static at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils.processDateOfBirthToString; +import java.nio.charset.StandardCharsets; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.util.Base64; import java.util.Map; import java.util.regex.Matcher; import java.util.regex.Pattern; import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.lang.NonNull; @@ -55,9 +58,10 @@ import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.light.impl.LightRequest.Builder; import eu.eidas.auth.commons.protocol.eidas.SpType; +import lombok.extern.slf4j.Slf4j; +@Slf4j public abstract class AbstractEidProcessor implements INationalEidProcessor { - private static final Logger log = LoggerFactory.getLogger(AbstractEidProcessor.class); @Autowired protected EidasAttributeRegistry attrRegistry; @@ -68,7 +72,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { public final void preProcess(IRequest pendingReq, Builder authnRequestBuilder) { buildLevelOfAssurance(pendingReq.getServiceProviderConfiguration(), authnRequestBuilder); - buildProviderNameAttribute(pendingReq, authnRequestBuilder); + buildProviderNameAndRequesterIdAttribute(pendingReq, authnRequestBuilder); buildRequestedAttributes(authnRequestBuilder); } @@ -200,6 +204,83 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { return EidasResponseUtils.processPseudonym(personalIdObj); } + /** + * Set ProviderName and RequestId into eIDAS AuthnRequest. + * + * @param pendingReq Current pendingRequest + * @param authnRequestBuilder AuthnREquest builer + */ + protected void buildProviderNameAndRequesterIdAttribute(IRequest pendingReq, Builder authnRequestBuilder) { + final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); + + // set correct SPType for requested target sector + final String publicSectorTargetSelector = basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS, + Constants.POLICY_DEFAULT_ALLOWED_TARGETS); + final Pattern p = Pattern.compile(publicSectorTargetSelector); + final Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier()); + if (m.matches()) { + log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PublicSector'"); + authnRequestBuilder.spType(SpType.PUBLIC.getValue()); + + final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class); + if (basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME, + false)) { + //TODO: only for eIDAS ref. node 2.0 and 2.1 because it need 'Providername' for + if (StringUtils.isNotEmpty(providerName)) { + log.debug("Set 'providername' to: {}", providerName); + authnRequestBuilder.providerName(providerName); + + } else { + authnRequestBuilder.providerName(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, + Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP)); + + } + } + + } else { + log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PrivateSector'"); + authnRequestBuilder.spType(SpType.PRIVATE.getValue()); + + // TODO: switch to RequesterId in further version + // set provider name for private sector applications + final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class); + if (StringUtils.isNotEmpty(providerName)) { + authnRequestBuilder.providerName(providerName); + + } + + authnRequestBuilder.requesterId( + generateRequesterId(pendingReq.getRawData(Constants.DATA_REQUESTERID, String.class))); + + } + } + + private String generateRequesterId(String requesterId) { + if (requesterId != null && basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION, true)) { + try { + log.trace("Building hashed 'requesterId' for private SP ... "); + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + String encodedRequesterId = Base64.getEncoder().encodeToString( + digest.digest(requesterId.getBytes(StandardCharsets.UTF_8))); + log.debug("Set 'requesterId' for: {} to: {}", requesterId, encodedRequesterId); + return encodedRequesterId; + + } catch (NoSuchAlgorithmException e) { + log.error("Can NOT generate hashed 'requesterId' from: {}. Use it as it is", requesterId, e); + + } + + } + + return requesterId; + + } + + private void buildRequestedAttributes(Builder authnRequestBuilder) { // build and add requested attribute set final Map<String, Boolean> ccSpecificReqAttr = getCountrySpecificRequestedAttributes(); @@ -237,55 +318,6 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { } - private void buildProviderNameAttribute(IRequest pendingReq, Builder authnRequestBuilder) { - final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); - - // set correct SPType for requested target sector - final String publicSectorTargetSelector = basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS, - Constants.POLICY_DEFAULT_ALLOWED_TARGETS); - final Pattern p = Pattern.compile(publicSectorTargetSelector); - final Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier()); - if (m.matches()) { - log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PublicSector'"); - authnRequestBuilder.spType(SpType.PUBLIC.getValue()); - - if (basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, - true)) { - authnRequestBuilder.providerName(basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, - Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP)); - - } else { - // TODO: only for eIDAS ref. node 2.0 and 2.1 because it need 'Providername' for - // any SPType - final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class); - if (StringUtils.isNotEmpty(providerName) - && basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME, - false)) { - authnRequestBuilder.providerName(providerName); - - } - } - - } else { - log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PrivateSector'"); - authnRequestBuilder.spType(SpType.PRIVATE.getValue()); - - // TODO: switch to RequesterId in further version - // set provider name for private sector applications - final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class); - if (StringUtils.isNotEmpty(providerName)) { - authnRequestBuilder.providerName(providerName); - authnRequestBuilder.requesterId(providerName); - - } - - } - } - private void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) { // TODO: set matching mode if eIDAS ref. impl. support this method |