aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java59
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/NlEidProcessor.java54
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml11
3 files changed, 95 insertions, 29 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
index 90be9a7a..4a3218e9 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
@@ -26,6 +26,7 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
import java.util.Base64;
import java.util.Map;
import java.util.regex.Matcher;
@@ -280,7 +281,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
* Set ProviderName and RequestId into eIDAS AuthnRequest.
*
* @param pendingReq Current pendingRequest
- * @param authnRequestBuilder AuthnREquest builer
+ * @param authnRequestBuilder AuthnRequest builder
*/
protected void buildProviderNameAndRequesterIdAttribute(IRequest pendingReq, Builder authnRequestBuilder) {
final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
@@ -330,6 +331,37 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
}
}
+ /**
+ * Build LoA based on Service-Provider configuration.
+ *
+ * @param spConfig Current SP configuration
+ * @param authnRequestBuilder AuthnRequest builder
+ */
+ protected void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) {
+ // TODO: set matching mode if eIDAS ref. impl. support this method
+
+ // TODO: update if eIDAS ref. impl. supports exact matching for non-notified LoA
+ // schemes
+ String loa = EaafConstants.EIDAS_LOA_HIGH;
+ if (spConfig.getRequiredLoA() != null) {
+ if (spConfig.getRequiredLoA().isEmpty()) {
+ log.info("No eIDAS LoA requested. Use LoA HIGH as default");
+ } else {
+ if (spConfig.getRequiredLoA().size() > 1) {
+ log.info(
+ "Currently only ONE requested LoA is supported for service provider. Use first one ... ");
+ }
+
+ loa = spConfig.getRequiredLoA().get(0);
+
+ }
+ }
+
+ log.debug("Request eIdAS node with LoA: " + loa);
+ authnRequestBuilder.levelsOfAssuranceValues(Arrays.asList(loa));
+
+ }
+
private String generateRequesterId(String requesterId) {
if (requesterId != null && basicConfig.getBasicConfigurationBoolean(
Constants.CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION, true)) {
@@ -390,29 +422,4 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
}
- private void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) {
- // TODO: set matching mode if eIDAS ref. impl. support this method
-
- // TODO: update if eIDAS ref. impl. supports exact matching for non-notified LoA
- // schemes
- String loa = EaafConstants.EIDAS_LOA_HIGH;
- if (spConfig.getRequiredLoA() != null) {
- if (spConfig.getRequiredLoA().isEmpty()) {
- log.info("No eIDAS LoA requested. Use LoA HIGH as default");
- } else {
- if (spConfig.getRequiredLoA().size() > 1) {
- log.info(
- "Currently only ONE requested LoA is supported for service provider. Use first one ... ");
- }
-
- loa = spConfig.getRequiredLoA().get(0);
-
- }
- }
-
- log.debug("Request eIdAS node with LoA: " + loa);
- authnRequestBuilder.levelOfAssurance(loa);
-
- }
-
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/NlEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/NlEidProcessor.java
new file mode 100644
index 00000000..2dd22927
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/NlEidProcessor.java
@@ -0,0 +1,54 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class NlEidProcessor extends AbstractEidProcessor {
+
+
+
+ private static final String canHandleCC = "NL";
+
+ @Getter
+ @Setter
+ private int priority = 1;
+
+ @Override
+ public String getName() {
+ return "NL-PostProcessor";
+
+ }
+
+ @Override
+ public boolean canHandle(String countryCode) {
+ return countryCode != null && countryCode.equalsIgnoreCase(canHandleCC);
+
+ }
+
+ protected void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) {
+ super.buildLevelOfAssurance(spConfig, authnRequestBuilder);
+
+ //check requested level
+ if (authnRequestBuilder.build().getLevelOfAssurance().equals(EaafConstants.EIDAS_LOA_LOW)) {
+ log.debug("Upgrade LoA to {}, because NL needs it as minimum.", EaafConstants.EIDAS_LOA_SUBSTANTIAL);
+ authnRequestBuilder.levelsOfAssuranceValues(Arrays.asList(EaafConstants.EIDAS_LOA_SUBSTANTIAL));
+
+ }
+ }
+
+ @Override
+ protected Map<String, Boolean> getCountrySpecificRequestedAttributes() {
+ return new HashMap<>();
+
+ }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
index 3b0cee54..f37516f8 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
@@ -65,17 +65,22 @@
class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.CcSpecificEidProcessingService" />
<bean id="DE-Processor"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.DeEidProcessor">
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.DeEidProcessor">
<property name="priority" value="1" />
</bean>
<bean id="LU-Processor"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.LuEidProcessor">
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.LuEidProcessor">
+ <property name="priority" value="1" />
+ </bean>
+
+ <bean id="NL-Processor"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.NlEidProcessor">
<property name="priority" value="1" />
</bean>
<bean id="Default-Processor"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.GenericEidProcessor">
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.GenericEidProcessor">
<property name="priority" value="0" />
</bean>
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-02 12:51:59 +0000