diff options
Diffstat (limited to 'modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java')
| -rw-r--r-- | modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java | 51 |
1 files changed, 50 insertions, 1 deletions
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java index f1cb8f0b..7d01deda 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java @@ -1,8 +1,11 @@ package at.asitplus.eidas.specific.modules.msproxyservice.protocol; import java.io.IOException; +import java.util.Objects; import java.util.Optional; +import java.util.Set; import java.util.UUID; +import java.util.stream.Collectors; import javax.annotation.PostConstruct; import javax.servlet.ServletException; @@ -205,9 +208,14 @@ public class ProxyServiceAuthenticationAction implements IAction { } + + private ImmutableAttributeMap buildAttributesFromAuthData(IAuthData authData, ILightRequest eidasReq) { - final IEidAuthData eidAuthData = (IEidAuthData) authData; + + // eIDAS Out-Going and attribute-specific post-processing of authentication data + final IEidAuthData eidAuthData = performAuthdataPostprocessing(authData, eidasReq); + final ImmutableAttributeMap.Builder attributeMap = ImmutableAttributeMap.builder(); // inject all requested attributres @@ -369,5 +377,46 @@ public class ProxyServiceAuthenticationAction implements IAction { PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class)); } + + /** + * Post-processing of authentication data based on requested attributes. + * + * @param authData Authentication data from ID Austria system. + * @param eidasRequest AuthnRequest from foreign country + * @return AuthnRequest specific modification of authentication data + */ + private IEidAuthData performAuthdataPostprocessing(IAuthData authData, ILightRequest eidasRequest) { + IEidAuthData idaAuthData = (IEidAuthData) authData; + + // select advanced attribute handler + Set<String> requiredHandlers = eidasRequest.getRequestedAttributes().getAttributeMap().keySet().stream() + .map(el -> attrRegistry.mapEidasAttributeToAttributeHandler(el.getNameUri().toString()).orElse(null)) + .filter(Objects::nonNull) + .distinct() + .collect(Collectors.toSet()); + + if (!requiredHandlers.isEmpty()) { + log.info("eIDAS requested attributes requires #{} specific attribute-hander. " + + "Starting advanced post-processing of authentication data ... ", requiredHandlers.size()); + requiredHandlers.forEach(el -> executeAttributeHandler(el, idaAuthData)); + + } + + return idaAuthData; + + } + + private void executeAttributeHandler(String handlerClass, IEidAuthData authData) { + try { + IEidasAttributeHandler handler = context.getBean(handlerClass, IEidasAttributeHandler.class); + + log.trace("Perfom authData post-processing by using: {}", handler.getClass().getName()); + handler.performAuthDataPostprocessing(authData); + + } catch (Exception e) { + log.error("No custom attribute-handler implementation for: {}. Operation can NOT be performed", handlerClass, e); + + } + } } |