diff options
Diffstat (limited to 'modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java')
| -rw-r--r-- | modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java | 99 |
1 files changed, 58 insertions, 41 deletions
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java index 60138027..8716f80d 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java @@ -31,6 +31,7 @@ import static at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasRespon import java.nio.charset.StandardCharsets; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import java.util.Arrays; import java.util.Base64; import java.util.Map; import java.util.regex.Matcher; @@ -47,8 +48,9 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ConnectorEidasAttributeRegistry; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants; import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.EaafConstants; @@ -64,7 +66,7 @@ import lombok.extern.slf4j.Slf4j; public abstract class AbstractEidProcessor implements INationalEidProcessor { @Autowired - protected EidasAttributeRegistry attrRegistry; + protected ConnectorEidasAttributeRegistry attrRegistry; @Autowired protected IConfigurationWithSP basicConfig; @@ -80,28 +82,31 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { @Override public final SimpleEidasData postProcess(Map<String, Object> eidasAttrMap) throws EidPostProcessingException, EidasAttributeException { + SimpleEidasData.SimpleEidasDataBuilder builder = SimpleEidasData.builder() .personalIdentifier(EidasResponseUtils.processPersonalIdentifier( - eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))) + eidasAttrMap.get(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER))) // MDS attributes - .citizenCountryCode(processCountryCode(eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))) - .pseudonym(processPseudonym(eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))) - .familyName(processFamilyName(eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME))) - .givenName(processGivenName(eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME))) - .dateOfBirth(processDateOfBirthToString(eidasAttrMap.get(Constants.eIDAS_ATTR_DATEOFBIRTH))) + .citizenCountryCode(processCountryCode(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER))) + .pseudonym(processPseudonym(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER))) + .familyName(processFamilyName(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME))) + .givenName(processGivenName(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME))) + .dateOfBirth(processDateOfBirthToString(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_DATEOFBIRTH))) // additional attributes - .placeOfBirth(processPlaceOfBirth(eidasAttrMap.get(Constants.eIDAS_ATTR_PLACEOFBIRTH))) - .birthName(processBirthName(eidasAttrMap.get(Constants.eIDAS_ATTR_BIRTHNAME))) - .address(processAddress(eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTADDRESS))); + .placeOfBirth(processPlaceOfBirth(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_PLACEOFBIRTH))) + .birthName(processBirthName(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_BIRTHNAME))) + .address(processAddress(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_CURRENTADDRESS))); - if (eidasAttrMap.containsKey(Constants.eIDAS_ATTR_TAXREFERENCE)) { - builder.taxNumber(EidasResponseUtils.processTaxReference(eidasAttrMap.get(Constants.eIDAS_ATTR_TAXREFERENCE))); + if (eidasAttrMap.containsKey(EidasConstants.eIDAS_ATTR_TAXREFERENCE)) { + builder.taxNumber(EidasResponseUtils.processTaxReference( + eidasAttrMap.get(EidasConstants.eIDAS_ATTR_TAXREFERENCE))); } return builder.build(); + } @@ -124,6 +129,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { protected PostalAddressType processAddress(Object currentAddressObj) throws EidPostProcessingException, EidasAttributeException { return EidasResponseUtils.processAddress(currentAddressObj); + } /** @@ -137,6 +143,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { protected String processBirthName(Object birthNameObj) throws EidPostProcessingException, EidasAttributeException { return EidasResponseUtils.processBirthName(birthNameObj); + } /** @@ -150,6 +157,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { protected String processPlaceOfBirth(Object placeOfBirthObj) throws EidPostProcessingException, EidasAttributeException { return EidasResponseUtils.processPlaceOfBirth(placeOfBirthObj); + } /** @@ -163,6 +171,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { protected DateTime processDateOfBirth(Object dateOfBirthObj) throws EidPostProcessingException, EidasAttributeException { return EidasResponseUtils.processDateOfBirth(dateOfBirthObj); + } /** @@ -176,6 +185,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { protected String processGivenName(Object givenNameObj) throws EidPostProcessingException, EidasAttributeException { return EidasResponseUtils.processGivenName(givenNameObj); + } /** @@ -189,6 +199,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { protected String processFamilyName(Object familyNameObj) throws EidPostProcessingException, EidasAttributeException { return EidasResponseUtils.processFamilyName(familyNameObj); + } /** @@ -202,13 +213,14 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { protected String processPseudonym(Object personalIdObj) throws EidPostProcessingException, EidasAttributeException { return EidasResponseUtils.processPseudonym(personalIdObj); + } /** * Set ProviderName and RequestId into eIDAS AuthnRequest. * * @param pendingReq Current pendingRequest - * @param authnRequestBuilder AuthnREquest builer + * @param authnRequestBuilder AuthnRequest builder */ protected void buildProviderNameAndRequesterIdAttribute(IRequest pendingReq, Builder authnRequestBuilder) { final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); @@ -258,6 +270,37 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { } } + /** + * Build LoA based on Service-Provider configuration. + * + * @param spConfig Current SP configuration + * @param authnRequestBuilder AuthnRequest builder + */ + protected void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) { + // TODO: set matching mode if eIDAS ref. impl. support this method + + // TODO: update if eIDAS ref. impl. supports exact matching for non-notified LoA + // schemes + String loa = EaafConstants.EIDAS_LOA_HIGH; + if (spConfig.getRequiredLoA() != null) { + if (spConfig.getRequiredLoA().isEmpty()) { + log.info("No eIDAS LoA requested. Use LoA HIGH as default"); + } else { + if (spConfig.getRequiredLoA().size() > 1) { + log.info( + "Currently only ONE requested LoA is supported for service provider. Use first one ... "); + } + + loa = spConfig.getRequiredLoA().get(0); + + } + } + + log.debug("Request eIdAS node with LoA: " + loa); + authnRequestBuilder.levelsOfAssuranceValues(Arrays.asList(loa)); + + } + private String generateRequesterId(String requesterId) { if (requesterId != null && basicConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION, true)) { @@ -302,7 +345,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { final ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder(); for (final Map.Entry<String, Boolean> attribute : requiredAttributes.entrySet()) { final String name = attribute.getKey(); - final ImmutableSortedSet<AttributeDefinition<?>> byFriendlyName = attrRegistry + final ImmutableSortedSet<AttributeDefinition<?>> byFriendlyName = attrRegistry.getCoreRegistry() .getCoreAttributeRegistry().getByFriendlyName(name); if (!byFriendlyName.isEmpty()) { final AttributeDefinition<?> attributeDefinition = byFriendlyName.first(); @@ -318,30 +361,4 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { } - protected void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) { - - // TODO: set matching mode if eIDAS ref. impl. support this method - - // TODO: update if eIDAS ref. impl. supports exact matching for non-notified LoA - // schemes - String loa = EaafConstants.EIDAS_LOA_HIGH; - if (spConfig.getRequiredLoA() != null) { - if (spConfig.getRequiredLoA().isEmpty()) { - log.info("No eIDAS LoA requested. Use LoA HIGH as default"); - } else { - if (spConfig.getRequiredLoA().size() > 1) { - log.info( - "Currently only ONE requested LoA is supported for service provider. Use first one ... "); - } - - loa = spConfig.getRequiredLoA().get(0); - - } - } - - log.debug("Request eIdAS node with LoA: " + loa); - authnRequestBuilder.levelOfAssurance(loa); - - } - } |