diff options
Diffstat (limited to 'modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java')
-rw-r--r-- | modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java | 39 |
1 files changed, 36 insertions, 3 deletions
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java index d0e3d1ba..b5f6b6d2 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java @@ -21,6 +21,7 @@ import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang3.StringUtils; import org.opensaml.saml.saml2.core.NameIDType; import org.opensaml.saml.saml2.core.StatusCode; +import org.springframework.beans.BeansException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; @@ -264,7 +265,25 @@ public class EidasProxyServiceController extends AbstractController implements I } - // TODO: validate some other stuff + // perform advanced request validation + Set<String> requiredHandlers = eidasRequest.getRequestedAttributes().getAttributeMap().keySet().stream() + .map(el -> attrRegistry.mapEidasAttributeToAttributeHandler(el.getNameUri().toString()).orElse(null)) + .filter(Objects::nonNull) + .distinct() + .collect(Collectors.toSet()); + + if (!requiredHandlers.isEmpty()) { + log.info("eIDAS requested attributes requires #{} specific attribute-hander. " + + "Starting advanced attribute-validation ... ", requiredHandlers.size()); + for (String el : requiredHandlers) { + executeAdvancedRequestValidation(el, eidasRequest); + + } + + } else { + log.debug("No advanced eIDAS attribute-validation required."); + + } } @@ -283,8 +302,8 @@ public class EidasProxyServiceController extends AbstractController implements I && EidasProxyServiceUtils.isNaturalPersonRequested(eidasRequest)) { throw new EidasProxyServiceException(ERROR_08, null); - } - + } + // TODO: validate some other stuff } @@ -381,6 +400,20 @@ public class EidasProxyServiceController extends AbstractController implements I } } + private void executeAdvancedRequestValidation(String handlerClass, ILightRequest eidasRequest) + throws EidasProxyServiceException { + try { + IEidasAttributeHandler handler = applicationContext.getBean(handlerClass, IEidasAttributeHandler.class); + + log.trace("Perfom request-validastion by using: {}", handler.getClass().getName()); + handler.validateAuthnRequest(eidasRequest); + + } catch (BeansException e) { + log.error("No custom attribute-handler implementation for: {}. Operation can NOT be performed", handlerClass, e); + + } + } + private void buildNationalRequestedAttributes( ServiceProviderConfiguration spConfig, ILightRequest eidasRequest) { final boolean mandatesEnabled = !SpMandateModes.NONE.equals(spConfig.getMandateMode()); |