aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler
diff options
context:
space:
mode:
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/AbstracteIDProcessor.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/AbstracteIDPostProcessor.java)122
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/DEeIDProcessor.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/DEeIDPostProcessor.java)11
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/GenericeIDProcessor.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/GenericeIDPostProcessor.java)13
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/INationaleIDProcessor.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/INationaleIDPostProcessor.java)17
4 files changed, 153 insertions, 10 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/AbstracteIDPostProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/AbstracteIDProcessor.java
index 9c252d1d..34b3017f 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/AbstracteIDPostProcessor.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/AbstracteIDProcessor.java
@@ -23,26 +23,52 @@
package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.handler;
import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import com.google.common.collect.ImmutableSortedSet;
import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants;
import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.DAO.ERnBeIDData;
import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAttributeException;
import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDPostProcessingException;
+import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry;
import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils;
import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.impl.data.Trible;
+import edu.umd.cs.findbugs.annotations.NonNull;
+import eu.eidas.auth.commons.attribute.AttributeDefinition;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
+import eu.eidas.auth.commons.protocol.eidas.SpType;
import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
-public abstract class AbstracteIDPostProcessor implements INationaleIDPostProcessor {
- private static final Logger log = LoggerFactory.getLogger(AbstracteIDPostProcessor.class);
+public abstract class AbstracteIDProcessor implements INationaleIDProcessor {
+ private static final Logger log = LoggerFactory.getLogger(AbstracteIDProcessor.class);
+ @Autowired protected eIDASAttributeRegistry attrRegistry;
+ @Autowired protected IConfigurationWithSP basicConfig;
@Override
- public ERnBeIDData postProcess(Map<String, Object> eIDASAttrMap) throws eIDPostProcessingException, eIDASAttributeException{
+ public final void preProcess(IRequest pendingReq, Builder authnRequestBuilder) {
+
+ buildProviderNameAttribute(pendingReq, authnRequestBuilder);
+ buildRequestedAttributes(pendingReq, authnRequestBuilder);
+
+
+ }
+
+ @Override
+ public final ERnBeIDData postProcess(Map<String, Object> eIDASAttrMap) throws eIDPostProcessingException, eIDASAttributeException{
ERnBeIDData result = new ERnBeIDData();
Object eIdentifierObj = eIDASAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
@@ -65,6 +91,14 @@ public abstract class AbstracteIDPostProcessor implements INationaleIDPostProces
}
+ @NonNull
+ /**
+ * Get a Map of country-specific requested attributes
+ *
+ * @return
+ */
+ protected abstract Map<String, Boolean> getCountrySpecificRequestedAttributes();
+
/**
* Post-Process the eIDAS CurrentAddress attribute
*
@@ -218,4 +252,86 @@ public abstract class AbstracteIDPostProcessor implements INationaleIDPostProces
}
+ private void buildRequestedAttributes(IRequest pendingReq, Builder authnRequestBuilder) {
+ //build and add requested attribute set
+ Map<String, Boolean> ccSpecificReqAttr = getCountrySpecificRequestedAttributes();
+ log.debug("Get #{} country-specific requested attributes", ccSpecificReqAttr.size());
+
+ Map<String, Boolean> mdsReqAttr = attrRegistry.getDefaultAttributeSetFromConfiguration();
+ log.trace("Get #{} default requested attributes", mdsReqAttr.size());
+
+ //put it together
+ ccSpecificReqAttr.putAll(mdsReqAttr);
+
+ //convert it to eIDAS attributes
+ ImmutableAttributeMap reqAttrMap = translateToEidasAttributes(ccSpecificReqAttr);
+ authnRequestBuilder.requestedAttributes(reqAttrMap);
+
+ }
+
+ private ImmutableAttributeMap translateToEidasAttributes(final Map<String, Boolean> requiredAttributes) {
+ ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder();
+ for (Map.Entry<String,Boolean> attribute : requiredAttributes.entrySet()) {
+ final String name = attribute.getKey();
+ final ImmutableSortedSet<AttributeDefinition<?>> byFriendlyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(name);
+ if (!byFriendlyName.isEmpty()) {
+ final AttributeDefinition<?> attributeDefinition = byFriendlyName.first();
+ builder.put(AttributeDefinition.builder(attributeDefinition).required(attribute.getValue()).build());
+
+ } else
+ log.warn("Can NOT request UNKNOWN attribute: " + attribute.getKey() + " Ignore it!");
+
+ }
+
+ return builder.build();
+
+ }
+
+ private void buildProviderNameAttribute(IRequest pendingReq, Builder authnRequestBuilder) {
+ ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
+
+ //set correct SPType for requested target sector
+ String publicSectorTargetSelector = basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS,
+ Constants.POLICY_DEFAULT_ALLOWED_TARGETS);
+ Pattern p = Pattern.compile(publicSectorTargetSelector);
+ Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier());
+ if (m.matches()) {
+ log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PublicSector'");
+ authnRequestBuilder.spType(SpType.PUBLIC.getValue());
+
+ if ( basicConfig.getBasicConfigurationBoolean(
+ Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP,
+ false) ) {
+ authnRequestBuilder.providerName(basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP,
+ Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP));
+
+ } else {
+ //TODO: only for eIDAS ref. node 2.0 and 2.1 because it need 'Providername' for any SPType
+ String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
+ if ( StringUtils.isNotEmpty(providerName)
+ && basicConfig.getBasicConfigurationBoolean(
+ Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME,
+ false)
+ ) {
+ authnRequestBuilder.providerName(providerName);
+
+ }
+ }
+
+ } else {
+ log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PrivateSector'");
+ authnRequestBuilder.spType(SpType.PRIVATE.getValue());
+
+ //TODO: switch to RequesterId in further version
+ //set provider name for private sector applications
+ String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
+ if (StringUtils.isNotEmpty(providerName))
+ authnRequestBuilder.providerName(providerName);
+
+ }
+
+ }
+
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/DEeIDPostProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/DEeIDProcessor.java
index e017e3a4..a3880b3f 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/DEeIDPostProcessor.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/DEeIDProcessor.java
@@ -23,6 +23,7 @@
package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.handler;
import java.util.Base64;
+import java.util.Map;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;
@@ -35,8 +36,8 @@ import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDPostPr
import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils;
import at.gv.egiz.eaaf.core.impl.data.Trible;
-public class DEeIDPostProcessor extends AbstracteIDPostProcessor {
- private static final Logger log = LoggerFactory.getLogger(DEeIDPostProcessor.class);
+public class DEeIDProcessor extends AbstracteIDProcessor {
+ private static final Logger log = LoggerFactory.getLogger(DEeIDProcessor.class);
private static final String canHandleCC = "DE";
private int priority = 1;
@@ -98,4 +99,10 @@ public class DEeIDPostProcessor extends AbstracteIDPostProcessor {
return new String(encoded);
}
+ @Override
+ protected Map<String, Boolean> getCountrySpecificRequestedAttributes() {
+ return attrRegistry.getAttributeSetFromConfiguration(canHandleCC);
+
+ }
+
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/GenericeIDPostProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/GenericeIDProcessor.java
index 026965fc..110635d9 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/GenericeIDPostProcessor.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/GenericeIDProcessor.java
@@ -22,7 +22,10 @@
*******************************************************************************/
package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.handler;
-public class GenericeIDPostProcessor extends AbstracteIDPostProcessor {
+import java.util.HashMap;
+import java.util.Map;
+
+public class GenericeIDProcessor extends AbstracteIDProcessor {
private int priority = 0;
@@ -47,7 +50,11 @@ public class GenericeIDPostProcessor extends AbstracteIDPostProcessor {
return "Default-PostProcessor";
}
-
-
+ @Override
+ protected Map<String, Boolean> getCountrySpecificRequestedAttributes() {
+ return new HashMap<>();
+
+ }
+
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/INationaleIDPostProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/INationaleIDProcessor.java
index b34e9c41..46cfcb2b 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/INationaleIDPostProcessor.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/INationaleIDProcessor.java
@@ -27,8 +27,11 @@ import java.util.Map;
import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.DAO.ERnBeIDData;
import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAttributeException;
import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDPostProcessingException;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import eu.eidas.auth.commons.light.ILightRequest;
+import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
-public interface INationaleIDPostProcessor {
+public interface INationaleIDProcessor {
/**
* Get a friendlyName of this post-processor implementation
@@ -57,6 +60,8 @@ public interface INationaleIDPostProcessor {
public boolean canHandle(String countryCode);
+
+
/**
* Post-Process eIDAS eID data into national format
* @param eIDASAttrMap Map of eIDAS attributes in format friendlyName and attribute
@@ -64,5 +69,13 @@ public interface INationaleIDPostProcessor {
* @throws eIDASAttributeException
*
*/
- public ERnBeIDData postProcess(Map<String, Object> eIDASAttrMap) throws eIDPostProcessingException, eIDASAttributeException;
+ public ERnBeIDData postProcess(Map<String, Object> eIDASAttrMap) throws eIDPostProcessingException, eIDASAttributeException;
+
+ /**
+ * Pre-Process eIDAS Request to national requirements
+ *
+ * @param pendingReq current pending request
+ * @param authnRequestBuilder eIDAS {@link ILightRequest} builder
+ */
+ public void preProcess(IRequest pendingReq, Builder authnRequestBuilder);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-17 17:25:02 +0000