1 files changed, 82 insertions, 50 deletions

diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
index 42dbfeac..90be9a7a 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
@@ -23,6 +23,10 @@
 
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler;
 
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Base64;
 import java.util.Map;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -66,7 +70,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
   public final void preProcess(IRequest pendingReq, Builder authnRequestBuilder) {
 
     buildLevelOfAssurance(pendingReq.getServiceProviderConfiguration(), authnRequestBuilder);
-    buildProviderNameAttribute(pendingReq, authnRequestBuilder);
+    buildProviderNameAndRequesterIdAttribute(pendingReq, authnRequestBuilder);
     buildRequestedAttributes(authnRequestBuilder);
 
   }
@@ -272,6 +276,83 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
 
   }
 
+  /**
+   * Set ProviderName and RequestId into eIDAS AuthnRequest.
+   * 
+   * @param pendingReq Current pendingRequest
+   * @param authnRequestBuilder AuthnREquest builer
+   */
+  protected void buildProviderNameAndRequesterIdAttribute(IRequest pendingReq, Builder authnRequestBuilder) {
+    final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
+
+    // set correct SPType for requested target sector
+    final String publicSectorTargetSelector = basicConfig.getBasicConfiguration(
+        Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS,
+        Constants.POLICY_DEFAULT_ALLOWED_TARGETS);
+    final Pattern p = Pattern.compile(publicSectorTargetSelector);
+    final Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier());
+    if (m.matches()) {
+      log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PublicSector'");
+      authnRequestBuilder.spType(SpType.PUBLIC.getValue());
+
+      final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
+      if (basicConfig.getBasicConfigurationBoolean(
+              Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME,
+              false)) {
+        //TODO: only for eIDAS ref. node 2.0 and 2.1 because it need 'Providername' for
+        if (StringUtils.isNotEmpty(providerName)) {
+          log.debug("Set 'providername' to: {}", providerName);
+          authnRequestBuilder.providerName(providerName);  
+          
+        } else {
+          authnRequestBuilder.providerName(basicConfig.getBasicConfiguration(
+              Constants.CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP,
+              Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP));
+          
+        }                 
+      }
+
+    } else {
+      log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PrivateSector'");
+      authnRequestBuilder.spType(SpType.PRIVATE.getValue());
+
+      // TODO: switch to RequesterId in further version
+      // set provider name for private sector applications
+      final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
+      if (StringUtils.isNotEmpty(providerName)) {
+        authnRequestBuilder.providerName(providerName);
+                      
+      }
+      
+      authnRequestBuilder.requesterId(
+          generateRequesterId(pendingReq.getRawData(Constants.DATA_REQUESTERID, String.class)));
+            
+    }
+  }
+  
+  private String generateRequesterId(String requesterId) {
+    if (requesterId != null && basicConfig.getBasicConfigurationBoolean(
+        Constants.CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION, true)) {            
+      try {
+        log.trace("Building hashed 'requesterId' for private SP ... ");
+        MessageDigest digest = MessageDigest.getInstance("SHA-256");
+        String encodedRequesterId = Base64.getEncoder().encodeToString(
+            digest.digest(requesterId.getBytes(StandardCharsets.UTF_8)));                
+        log.debug("Set 'requesterId' for: {} to: {}", requesterId, encodedRequesterId);
+        return encodedRequesterId;
+        
+      } catch (NoSuchAlgorithmException e) {
+        log.error("Can NOT generate hashed 'requesterId' from: {}. Use it as it is", requesterId, e);
+        
+      }
+            
+    }
+    
+    return requesterId;
+    
+  }
+
+
   private void buildRequestedAttributes(Builder authnRequestBuilder) {
     // build and add requested attribute set
     final Map<String, Boolean> ccSpecificReqAttr = getCountrySpecificRequestedAttributes();
@@ -308,55 +389,6 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
     return builder.build();
 
   }
-
-  private void buildProviderNameAttribute(IRequest pendingReq, Builder authnRequestBuilder) {
-    final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
-
-    // set correct SPType for requested target sector
-    final String publicSectorTargetSelector = basicConfig.getBasicConfiguration(
-        Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS,
-        Constants.POLICY_DEFAULT_ALLOWED_TARGETS);
-    final Pattern p = Pattern.compile(publicSectorTargetSelector);
-    final Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier());
-    if (m.matches()) {
-      log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PublicSector'");
-      authnRequestBuilder.spType(SpType.PUBLIC.getValue());
-
-      if (basicConfig.getBasicConfigurationBoolean(
-          Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP,
-          true)) {
-        authnRequestBuilder.providerName(basicConfig.getBasicConfiguration(
-            Constants.CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP,
-            Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP));
-
-      } else {
-        // TODO: only for eIDAS ref. node 2.0 and 2.1 because it need 'Providername' for
-        // any SPType
-        final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
-        if (StringUtils.isNotEmpty(providerName)
-            && basicConfig.getBasicConfigurationBoolean(
-                Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME,
-                false)) {
-          authnRequestBuilder.providerName(providerName);
-
-        }
-      }
-
-    } else {
-      log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PrivateSector'");
-      authnRequestBuilder.spType(SpType.PRIVATE.getValue());
-
-      // TODO: switch to RequesterId in further version
-      // set provider name for private sector applications
-      final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
-      if (StringUtils.isNotEmpty(providerName)) {
-        authnRequestBuilder.providerName(providerName);
-        authnRequestBuilder.requesterId(providerName);
-        
-      }
-
-    }
-  }
   
   private void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) {
     // TODO: set matching mode if eIDAS ref. impl. support this method