From 8e239b9cb072e62d693f3d54a6a9ad2d9983cc71 Mon Sep 17 00:00:00 2001 From: lalber Date: Mon, 2 Nov 2020 23:29:54 +0100 Subject: AuthDataBuilder and AttributeBuilder --- .../attributes/AuthBlockAttributeBuilder.java | 64 ++++++++++ .../attributes/EidasBindAttributeBuilder.java | 64 ++++++++++ .../builder/AuthenticationDataBuilder.java | 37 +++--- .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder | 2 + .../main/resources/SpringTest_connector.beans.xml | 129 +++++++++++++++++++++ 5 files changed, 281 insertions(+), 15 deletions(-) create mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java create mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java create mode 100644 connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder create mode 100644 connector/src/main/resources/SpringTest_connector.beans.xml (limited to 'connector/src/main') diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java new file mode 100644 index 00000000..ab5db0a6 --- /dev/null +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java @@ -0,0 +1,64 @@ +/* + * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a + * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European + * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in + * compliance with the Licence. You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software distributed under the Licence + * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the Licence for the specific language governing permissions and limitations under + * the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text file for details on the + * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative + * works that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.connector.attributes; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata; + +import java.text.DateFormat; +import java.text.SimpleDateFormat; + +@PvpMetadata +public class AuthBlockAttributeBuilder implements IPvpAttributeBuilder { + + private static final String AUTHBLOCK_FRIENDLY_NAME = "AUTHBLOCK"; + private static final String AUTHBLOCK_NAME = "urn:oid:x.x.x.x"; //TODO set oid + + @Override + public String getName() { + return AUTHBLOCK_NAME; + } + + @Override + public ATT build(final ISpConfiguration oaParam, final IAuthData authData, + final IAttributeGenerator g) throws AttributeBuilderException { + + String authBlock = authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class); + if (authBlock != null) { + return g.buildStringAttribute(AUTHBLOCK_FRIENDLY_NAME, AUTHBLOCK_NAME, authBlock); + + } else { + throw new UnavailableAttributeException(AUTHBLOCK_NAME); + } + + } + + @Override + public ATT buildEmpty(final IAttributeGenerator g) { + return g.buildEmptyAttribute(AUTHBLOCK_FRIENDLY_NAME, AUTHBLOCK_NAME); + } + +} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java new file mode 100644 index 00000000..c6dfed1a --- /dev/null +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java @@ -0,0 +1,64 @@ +/* + * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a + * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European + * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in + * compliance with the Licence. You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software distributed under the Licence + * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the Licence for the specific language governing permissions and limitations under + * the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text file for details on the + * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative + * works that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.connector.attributes; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata; + +import java.text.DateFormat; +import java.text.SimpleDateFormat; + +@PvpMetadata +public class EidasBindAttributeBuilder implements IPvpAttributeBuilder { + + private static final String EIDASBIND_FRIENDLY_NAME = "EIDASBIND"; + private static final String EIDASBIND_NAME = "urn:oid:x.x.x.x"; //TODO set oid + + @Override + public String getName() { + return EIDASBIND_NAME; + } + + @Override + public ATT build(final ISpConfiguration oaParam, final IAuthData authData, + final IAttributeGenerator g) throws AttributeBuilderException { + + String eidasBind = authData.getGenericData(Constants.EIDAS_BIND, String.class); + if (eidasBind != null) { + return g.buildStringAttribute(EIDASBIND_FRIENDLY_NAME, EIDASBIND_NAME, eidasBind); + + } else { + throw new UnavailableAttributeException(EIDASBIND_NAME); + } + + } + + @Override + public ATT buildEmpty(final IAttributeGenerator g) { + return g.buildEmptyAttribute(EIDASBIND_FRIENDLY_NAME, EIDASBIND_NAME); + } + +} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java index b14faa62..51b89120 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java @@ -19,7 +19,7 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. -*/ + */ package at.asitplus.eidas.specific.connector.builder; @@ -54,30 +54,37 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder public IAuthData buildAuthenticationData(IRequest pendingReq) throws EaafAuthenticationException { final IAuthProcessDataContainer authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); - final AuthenticationData authData = new AuthenticationData(); + AuthenticationData authData = new AuthenticationData(); - try { - generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData); + String eidMode = pendingReq.getServiceProviderConfiguration() + .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old"); - // set specific informations - authData.setSsoSessionValidTo(new Date(new Date().getTime() - + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); + if (eidMode.equals("new")) { - } catch (EaafBuilderException | EaafParserException | EaafConfigurationException - | XPathException | DOMException e) { - log.warn("Can not build authentication data from auth. process information"); - throw new EaafAuthenticationException("builder.11", new Object[] { e.getMessage() }, e); + authData = (AuthenticationData) super.buildAuthenticationData(pendingReq); - } + } else { + try { + generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData); - return authData; + // set specific informations + authData.setSsoSessionValidTo(new Date(new Date().getTime() + + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); + + } catch (EaafBuilderException | EaafParserException | EaafConfigurationException + | XPathException | DOMException e) { + log.warn("Can not build authentication data from auth. process information"); + throw new EaafAuthenticationException("builder.11", new Object[]{e.getMessage()}, e); + } + } + return authData; } @Override protected IAuthData buildDeprecatedAuthData(IRequest arg0) throws EaafException { return new AuthenticationData(); - + } @Override @@ -103,7 +110,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder @Override protected Pair getEncryptedBpkFromPvpAttribute(IAuthProcessDataContainer arg0, - AuthenticationData arg1, ISpConfiguration arg2) throws EaafBuilderException { + AuthenticationData arg1, ISpConfiguration arg2) throws EaafBuilderException { return null; } diff --git a/connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder new file mode 100644 index 00000000..8508cc4b --- /dev/null +++ b/connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -0,0 +1,2 @@ +at.asitplus.eidas.specific.connector.attributes.AuthBlockAttributeBuilder +at.asitplus.eidas.specific.connector.attributes.EidasBindAttributeBuilder diff --git a/connector/src/main/resources/SpringTest_connector.beans.xml b/connector/src/main/resources/SpringTest_connector.beans.xml new file mode 100644 index 00000000..5cf0d5b8 --- /dev/null +++ b/connector/src/main/resources/SpringTest_connector.beans.xml @@ -0,0 +1,129 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file -- cgit v1.2.3 From 578841c3723da27525d5fffb37d4ccc3dffa7bb4 Mon Sep 17 00:00:00 2001 From: lalber Date: Tue, 3 Nov 2020 10:47:11 +0100 Subject: sunfire bug --- .../connector/attributes/AuthBlockAttributeBuilder.java | 14 ++++++++------ .../connector/attributes/EidasBindAttributeBuilder.java | 15 +++++++++------ 2 files changed, 17 insertions(+), 12 deletions(-) (limited to 'connector/src/main') diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java index ab5db0a6..e3e482ef 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java @@ -34,12 +34,14 @@ import java.text.SimpleDateFormat; @PvpMetadata public class AuthBlockAttributeBuilder implements IPvpAttributeBuilder { - private static final String AUTHBLOCK_FRIENDLY_NAME = "AUTHBLOCK"; - private static final String AUTHBLOCK_NAME = "urn:oid:x.x.x.x"; //TODO set oid +// private static final String AUTHBLOCK_FRIENDLY_NAME = "AUTHBLOCK"; +// private static final String AUTHBLOCK_NAME = "urn:oid:x.x.x.x"; //TODO set oid +String EID_AUTHBLOCK_SIGNED_NAME = "urn:eidgvat:attributes.authblock.signed"; +String EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME = "userAuthBlock"; @Override public String getName() { - return AUTHBLOCK_NAME; + return EID_AUTHBLOCK_SIGNED_NAME; } @Override @@ -48,17 +50,17 @@ public class AuthBlockAttributeBuilder implements IPvpAttributeBuilder { String authBlock = authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class); if (authBlock != null) { - return g.buildStringAttribute(AUTHBLOCK_FRIENDLY_NAME, AUTHBLOCK_NAME, authBlock); + return g.buildStringAttribute(EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, EID_AUTHBLOCK_SIGNED_NAME, authBlock); } else { - throw new UnavailableAttributeException(AUTHBLOCK_NAME); + throw new UnavailableAttributeException(EID_AUTHBLOCK_SIGNED_NAME); } } @Override public ATT buildEmpty(final IAttributeGenerator g) { - return g.buildEmptyAttribute(AUTHBLOCK_FRIENDLY_NAME, AUTHBLOCK_NAME); + return g.buildEmptyAttribute(EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, EID_AUTHBLOCK_SIGNED_NAME); } } diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java index c6dfed1a..e43689a1 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java @@ -31,15 +31,18 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata; import java.text.DateFormat; import java.text.SimpleDateFormat; +import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME; +import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME; + @PvpMetadata public class EidasBindAttributeBuilder implements IPvpAttributeBuilder { - private static final String EIDASBIND_FRIENDLY_NAME = "EIDASBIND"; - private static final String EIDASBIND_NAME = "urn:oid:x.x.x.x"; //TODO set oid +// private static final String EIDASBIND_FRIENDLY_NAME = "EIDASBIND"; +// private static final String EIDASBIND_NAME = "urn:oid:x.x.x.x"; //TODO set oid @Override public String getName() { - return EIDASBIND_NAME; + return EID_EIDBIND_NAME; } @Override @@ -48,17 +51,17 @@ public class EidasBindAttributeBuilder implements IPvpAttributeBuilder { String eidasBind = authData.getGenericData(Constants.EIDAS_BIND, String.class); if (eidasBind != null) { - return g.buildStringAttribute(EIDASBIND_FRIENDLY_NAME, EIDASBIND_NAME, eidasBind); + return g.buildStringAttribute(EID_EIDBIND_FRIENDLY_NAME, EID_EIDBIND_NAME, eidasBind); } else { - throw new UnavailableAttributeException(EIDASBIND_NAME); + throw new UnavailableAttributeException(EID_EIDBIND_NAME); } } @Override public ATT buildEmpty(final IAttributeGenerator g) { - return g.buildEmptyAttribute(EIDASBIND_FRIENDLY_NAME, EIDASBIND_NAME); + return g.buildEmptyAttribute(EID_EIDBIND_FRIENDLY_NAME, EID_EIDBIND_NAME); } } -- cgit v1.2.3 From e9a093a8d10dcce01661ef5182633e9a296e737e Mon Sep 17 00:00:00 2001 From: lalber Date: Wed, 4 Nov 2020 14:27:10 +0100 Subject: fix for EvaluateCountrySelectionTaskTest and GenerateCountrySelectionFrameTaskTest --- .../connector/attributes/AuthBlockAttributeBuilder.java | 14 ++++++-------- .../connector/attributes/EidasBindAttributeBuilder.java | 10 ++++------ .../connector/builder/AuthenticationDataBuilder.java | 7 ++++--- 3 files changed, 14 insertions(+), 17 deletions(-) (limited to 'connector/src/main') diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java index e3e482ef..c9cbdb84 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java @@ -15,7 +15,7 @@ * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. -*/ + */ package at.asitplus.eidas.specific.connector.attributes; @@ -28,16 +28,14 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata; -import java.text.DateFormat; -import java.text.SimpleDateFormat; @PvpMetadata public class AuthBlockAttributeBuilder implements IPvpAttributeBuilder { -// private static final String AUTHBLOCK_FRIENDLY_NAME = "AUTHBLOCK"; -// private static final String AUTHBLOCK_NAME = "urn:oid:x.x.x.x"; //TODO set oid -String EID_AUTHBLOCK_SIGNED_NAME = "urn:eidgvat:attributes.authblock.signed"; -String EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME = "userAuthBlock"; + // private static final String AUTHBLOCK_FRIENDLY_NAME = "AUTHBLOCK"; + // private static final String AUTHBLOCK_NAME = "urn:oid:x.x.x.x"; //TODO set oid + private static final String EID_AUTHBLOCK_SIGNED_NAME = "urn:eidgvat:attributes.authblock.signed"; + private static final String EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME = "userAuthBlock"; @Override public String getName() { @@ -46,7 +44,7 @@ String EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME = "userAuthBlock"; @Override public ATT build(final ISpConfiguration oaParam, final IAuthData authData, - final IAttributeGenerator g) throws AttributeBuilderException { + final IAttributeGenerator g) throws AttributeBuilderException { String authBlock = authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class); if (authBlock != null) { diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java index e43689a1..53f52ab3 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java @@ -15,7 +15,7 @@ * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. -*/ + */ package at.asitplus.eidas.specific.connector.attributes; @@ -28,8 +28,6 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata; -import java.text.DateFormat; -import java.text.SimpleDateFormat; import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME; import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME; @@ -37,8 +35,8 @@ import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_ @PvpMetadata public class EidasBindAttributeBuilder implements IPvpAttributeBuilder { -// private static final String EIDASBIND_FRIENDLY_NAME = "EIDASBIND"; -// private static final String EIDASBIND_NAME = "urn:oid:x.x.x.x"; //TODO set oid + // private static final String EIDASBIND_FRIENDLY_NAME = "EIDASBIND"; + // private static final String EIDASBIND_NAME = "urn:oid:x.x.x.x"; //TODO set oid @Override public String getName() { @@ -47,7 +45,7 @@ public class EidasBindAttributeBuilder implements IPvpAttributeBuilder { @Override public ATT build(final ISpConfiguration oaParam, final IAuthData authData, - final IAttributeGenerator g) throws AttributeBuilderException { + final IAttributeGenerator g) throws AttributeBuilderException { String eidasBind = authData.getGenericData(Constants.EIDAS_BIND, String.class); if (eidasBind != null) { diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java index 51b89120..42163097 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java @@ -57,7 +57,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder AuthenticationData authData = new AuthenticationData(); String eidMode = pendingReq.getServiceProviderConfiguration() - .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old"); + .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old"); if (eidMode.equals("new")) { @@ -69,7 +69,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder // set specific informations authData.setSsoSessionValidTo(new Date(new Date().getTime() - + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); + + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); } catch (EaafBuilderException | EaafParserException | EaafConfigurationException | XPathException | DOMException e) { @@ -110,7 +110,8 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder @Override protected Pair getEncryptedBpkFromPvpAttribute(IAuthProcessDataContainer arg0, - AuthenticationData arg1, ISpConfiguration arg2) throws EaafBuilderException { + AuthenticationData arg1, + ISpConfiguration arg2) throws EaafBuilderException { return null; } -- cgit v1.2.3 From 3e422c60952d5892a0e568de8c28ce878610eb2f Mon Sep 17 00:00:00 2001 From: lalber Date: Wed, 4 Nov 2020 18:47:51 +0100 Subject: Attribute builder tests EidasBindAttributeBuilderTest and AuthBlockAttributeBuilderTest --- .../specific/connector/attributes/AuthBlockAttributeBuilder.java | 9 ++++----- .../specific/connector/attributes/EidasBindAttributeBuilder.java | 6 ++---- 2 files changed, 6 insertions(+), 9 deletions(-) (limited to 'connector/src/main') diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java index c9cbdb84..80f91e57 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java @@ -27,15 +27,14 @@ import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata; +import org.apache.commons.lang3.StringUtils; @PvpMetadata public class AuthBlockAttributeBuilder implements IPvpAttributeBuilder { - // private static final String AUTHBLOCK_FRIENDLY_NAME = "AUTHBLOCK"; - // private static final String AUTHBLOCK_NAME = "urn:oid:x.x.x.x"; //TODO set oid - private static final String EID_AUTHBLOCK_SIGNED_NAME = "urn:eidgvat:attributes.authblock.signed"; - private static final String EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME = "userAuthBlock"; + public static final String EID_AUTHBLOCK_SIGNED_NAME = "urn:eidgvat:attributes.authblock.signed"; + public static final String EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME = "userAuthBlock"; @Override public String getName() { @@ -47,7 +46,7 @@ public class AuthBlockAttributeBuilder implements IPvpAttributeBuilder { final IAttributeGenerator g) throws AttributeBuilderException { String authBlock = authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class); - if (authBlock != null) { + if (StringUtils.isNotEmpty(authBlock)) { return g.buildStringAttribute(EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, EID_AUTHBLOCK_SIGNED_NAME, authBlock); } else { diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java index 53f52ab3..a4fe8c6c 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java @@ -27,7 +27,7 @@ import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata; - +import org.apache.commons.lang3.StringUtils; import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME; import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME; @@ -35,8 +35,6 @@ import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_ @PvpMetadata public class EidasBindAttributeBuilder implements IPvpAttributeBuilder { - // private static final String EIDASBIND_FRIENDLY_NAME = "EIDASBIND"; - // private static final String EIDASBIND_NAME = "urn:oid:x.x.x.x"; //TODO set oid @Override public String getName() { @@ -48,7 +46,7 @@ public class EidasBindAttributeBuilder implements IPvpAttributeBuilder { final IAttributeGenerator g) throws AttributeBuilderException { String eidasBind = authData.getGenericData(Constants.EIDAS_BIND, String.class); - if (eidasBind != null) { + if (StringUtils.isNotEmpty(eidasBind)) { return g.buildStringAttribute(EID_EIDBIND_FRIENDLY_NAME, EID_EIDBIND_NAME, eidasBind); } else { -- cgit v1.2.3 From f358f3ba6a24d5e9575b3fd63e3fbfe8848b63c4 Mon Sep 17 00:00:00 2001 From: lalber Date: Fri, 6 Nov 2020 16:28:26 +0100 Subject: some improvements --- .../specific/connector/builder/AuthenticationDataBuilder.java | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'connector/src/main') diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java index 42163097..ef1a1f2b 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java @@ -56,13 +56,11 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder final IAuthProcessDataContainer authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); AuthenticationData authData = new AuthenticationData(); - String eidMode = pendingReq.getServiceProviderConfiguration() - .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old"); - - if (eidMode.equals("new")) { + boolean isEidModeNew = pendingReq.getServiceProviderConfiguration() + .isConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE, false); + if (isEidModeNew) { authData = (AuthenticationData) super.buildAuthenticationData(pendingReq); - } else { try { generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData); -- cgit v1.2.3 From 57d813b9cfbbd231a2e6f9d47169b31435d1d6c0 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Sat, 7 Nov 2020 18:21:49 +0100 Subject: code clean-up and first jUnit test modifications for CreateIdentityLink task --- .../eidas/specific/connector/provider/PvpMetadataProvider.java | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'connector/src/main') diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java index 651b7b78..8dbb74c7 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java @@ -173,4 +173,11 @@ public class PvpMetadataProvider extends AbstractChainingMetadataProvider { return "Service-provider chainging metadata provider"; } + + @Override + public void doDestroy() { + this.fullyDestroy(); + + } + } -- cgit v1.2.3 From 7bbd7935548ee50fd5c70caf5503de1b7a2b025d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 9 Nov 2020 10:00:25 +0100 Subject: switch to next release version of EAAF components to use already defined attribute-name for signed AuthBlock --- .../specific/connector/attributes/AuthBlockAttributeBuilder.java | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'connector/src/main') diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java index 80f91e57..be9f8862 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java @@ -19,6 +19,11 @@ package at.asitplus.eidas.specific.connector.attributes; +import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME; +import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME; + +import org.apache.commons.lang3.StringUtils; + import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; @@ -27,15 +32,11 @@ import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata; -import org.apache.commons.lang3.StringUtils; @PvpMetadata public class AuthBlockAttributeBuilder implements IPvpAttributeBuilder { - public static final String EID_AUTHBLOCK_SIGNED_NAME = "urn:eidgvat:attributes.authblock.signed"; - public static final String EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME = "userAuthBlock"; - @Override public String getName() { return EID_AUTHBLOCK_SIGNED_NAME; -- cgit v1.2.3 From 65baff23786c76746f4b188d3e6e59fd112e3030 Mon Sep 17 00:00:00 2001 From: lalber Date: Fri, 13 Nov 2020 08:39:00 +0100 Subject: improved Junit tests --- .../connector/builder/AuthenticationDataBuilder.java | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'connector/src/main') diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java index ef1a1f2b..13cceafb 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java @@ -57,7 +57,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder AuthenticationData authData = new AuthenticationData(); boolean isEidModeNew = pendingReq.getServiceProviderConfiguration() - .isConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE, false); + .isConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE, false); if (isEidModeNew) { authData = (AuthenticationData) super.buildAuthenticationData(pendingReq); @@ -66,11 +66,11 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData); // set specific informations - authData.setSsoSessionValidTo(new Date(new Date().getTime() - + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); + authData.setSsoSessionValidTo( + new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); - } catch (EaafBuilderException | EaafParserException | EaafConfigurationException - | XPathException | DOMException e) { + } catch (EaafBuilderException | EaafParserException + | EaafConfigurationException | XPathException | DOMException e) { log.warn("Can not build authentication data from auth. process information"); throw new EaafAuthenticationException("builder.11", new Object[]{e.getMessage()}, e); @@ -108,8 +108,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder @Override protected Pair getEncryptedBpkFromPvpAttribute(IAuthProcessDataContainer arg0, - AuthenticationData arg1, - ISpConfiguration arg2) throws EaafBuilderException { + AuthenticationData arg1, ISpConfiguration arg2) throws EaafBuilderException { return null; } -- cgit v1.2.3 From 7a62a84f23b3a1a1027ebda31fb790ee072793cc Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 27 Nov 2020 09:08:10 +0100 Subject: read unique transactionId from AuthnRequest to reuse it for eIDAS authentication --- .../verification/AuthnRequestValidator.java | 247 +++++++++++++-------- 1 file changed, 154 insertions(+), 93 deletions(-) (limited to 'connector/src/main') diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java index 26176c49..a9eb06be 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java @@ -46,11 +46,13 @@ import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor; @@ -107,120 +109,179 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { } // post-process requested LoA - final List reqLoA = extractLoA(authnReq); - log.trace("SP requests LoA with: {}", String.join(", ",reqLoA)); + postprocessLoaLevel(pendingReq, authnReq); + + // post-process requested LoA comparison-level + pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setLoAMachtingMode( + extractComparisonLevel(authnReq)); + + //extract information from requested attributes + extractFromRequestedAttriutes(pendingReq, authnReq); - LevelOfAssurance minimumLoAFromConfig = LevelOfAssurance.fromString(basicConfig.getBasicConfiguration( - MsEidasNodeConstants.PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL, - EaafConstants.EIDAS_LOA_HIGH)); - if (minimumLoAFromConfig == null) { - log.warn("Can not load minimum LoA from configuration. Use LoA: {} as default", - EaafConstants.EIDAS_LOA_HIGH); - minimumLoAFromConfig = LevelOfAssurance.HIGH; + } catch (final EaafStorageException e) { + log.info("Can NOT store Authn. Req. data into pendingRequest.", e); + throw new AuthnRequestValidatorException("internal.02", null, e); - } - - log.trace("Validate requested LoA to connector configuration minimum LoA: {} ...", - minimumLoAFromConfig); - final List allowedLoA = new ArrayList<>(); - for (final String loa : reqLoA) { - try { - final LevelOfAssurance intLoa = LevelOfAssurance.fromString(loa); - String selectedLoA = EaafConstants.EIDAS_LOA_HIGH; - if (intLoa != null - && intLoa.numericValue() <= minimumLoAFromConfig.numericValue()) { - log.info("Client: {} requested LoA: {} will be upgraded to: {}", - pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(), - loa, - minimumLoAFromConfig); - selectedLoA = minimumLoAFromConfig.getValue(); + } - } + } - if (!allowedLoA.contains(selectedLoA)) { - log.debug("Allow LoA: {} for Client: {}", - selectedLoA, - pendingReq.getServiceProviderConfiguration().getUniqueIdentifier()); - allowedLoA.add(selectedLoA); + private void extractFromRequestedAttriutes(IRequest pendingReq, AuthnRequest authnReq) + throws AuthnRequestValidatorException { + // validate and process requested attributes + boolean sectorDetected = false; + + final ServiceProviderConfiguration spConfig = pendingReq.getServiceProviderConfiguration( + ServiceProviderConfiguration.class); + + if (authnReq.getExtensions() != null) { + final List requestedAttributes = authnReq.getExtensions().getUnknownXMLObjects(); + for (final XMLObject reqAttrObj : requestedAttributes) { + if (reqAttrObj instanceof EaafRequestedAttributes) { + final EaafRequestedAttributes reqAttr = (EaafRequestedAttributes) reqAttrObj; + if (reqAttr.getAttributes() != null && reqAttr.getAttributes().size() != 0) { + for (final EaafRequestedAttribute el : reqAttr.getAttributes()) { + log.trace("Processing req. attribute '" + el.getName() + "' ... "); + if (el.getName().equals(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) { + sectorDetected = extractBpkTargetIdentifier(el, spConfig); + + } else if (el.getName().equals(ExtendedPvpAttributeDefinitions.EID_TRANSACTION_ID_NAME)) { + extractUniqueTransactionId(el, pendingReq); + + } else { + log.debug("Ignore req. attribute: " + el.getName()); + + } + } + } else { + log.debug("No requested Attributes in Authn. Request"); + } - } catch (final IllegalArgumentException e) { - log.warn("LoA: {} is currently NOT supported and it will be ignored.", loa); - + } else { + log.info("Ignore unknown requested attribute: " + reqAttrObj.getElementQName().toString()); + } - } + } + + if (!sectorDetected) { + log.warn("Authn.Req validation FAILED. Reason: Contains NO or NO VALID target-sector information."); + throw new AuthnRequestValidatorException("pvp2.22", new Object[] { + "NO or NO VALID target-sector information" }); - pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA( - allowedLoA); + } + + } - // post-process requested LoA comparison-level - final String reqLoAComperison = extractComparisonLevel(authnReq); - pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setLoAMachtingMode( - reqLoAComperison); + /** + * Extract unique transactionId from AuthnRequest. + * + * @param el Requested attribute from AuthnRequest + * @param pendingReq Current pendingRequest object (has to be of type {@link RequestImpl}) + * @return true if transactionId extraction was successful, otherwise false + */ + private boolean extractUniqueTransactionId(EaafRequestedAttribute el, IRequest pendingReq) { + if (!(pendingReq instanceof RequestImpl)) { + log.warn("Can NOT set unique transactionId from AuthnRequest,because 'PendingRequest' is NOT from Type: {}", + RequestImpl.class.getName()); + + } else { + if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) { + final String transactionId = el.getAttributeValues().get(0).getDOM().getTextContent(); + ((RequestImpl)pendingReq).setUniqueTransactionIdentifier(transactionId); + return true; - // validate and process requested attributes - boolean sectorDetected = false; + } else { + log.warn("Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute", + el.getName()); + + } - if (authnReq.getExtensions() != null) { - final List requestedAttributes = authnReq.getExtensions().getUnknownXMLObjects(); - for (final XMLObject reqAttrObj : requestedAttributes) { - if (reqAttrObj instanceof EaafRequestedAttributes) { - final EaafRequestedAttributes reqAttr = (EaafRequestedAttributes) reqAttrObj; - if (reqAttr.getAttributes() != null && reqAttr.getAttributes().size() != 0) { - for (final EaafRequestedAttribute el : reqAttr.getAttributes()) { - log.trace("Processing req. attribute '" + el.getName() + "' ... "); - if (el.getName().equals(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) { - if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) { - final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent(); - final ServiceProviderConfiguration spConfig = pendingReq.getServiceProviderConfiguration( - ServiceProviderConfiguration.class); - - try { - spConfig.setBpkTargetIdentifier(sectorId); - sectorDetected = true; - - } catch (final EaafException e) { - log.info("Requested sector: " + sectorId + " DOES NOT match to allowed sectors for SP: " - + spConfig.getUniqueIdentifier()); - } - - } else { - log.info("Req. attribute '" + el.getName() - + "' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute"); - } - - } else { - log.debug("Ignore req. attribute: " + el.getName()); - } - - } - - } else { - log.debug("No requested Attributes in Authn. Request"); - } - - } else { - log.info("Ignore unknown requested attribute: " + reqAttrObj.getElementQName().toString()); - } + } + + return false; + } + + /** + * Extract the bPK target from requested attribute. + * + * @param el Requested attribute from AuthnRequest + * @param spConfig Service-Provider configuration for current process + * @return true if bPK target extraction was successful, otherwise false + */ + private boolean extractBpkTargetIdentifier(EaafRequestedAttribute el, ServiceProviderConfiguration spConfig) { + if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) { + final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent(); + try { + spConfig.setBpkTargetIdentifier(sectorId); + return true; + + } catch (final EaafException e) { + log.warn("Requested sector: " + sectorId + " DOES NOT match to allowed sectors for SP: " + + spConfig.getUniqueIdentifier()); + } + + } else { + log.warn("Req. attribute '" + el.getName() + + "' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute"); + } + + return false; + + } + private void postprocessLoaLevel(IRequest pendingReq, AuthnRequest authnReq) + throws AuthnRequestValidatorException { + final List reqLoA = extractLoA(authnReq); + log.trace("SP requests LoA with: {}", String.join(", ",reqLoA)); + + LevelOfAssurance minimumLoAFromConfig = LevelOfAssurance.fromString(basicConfig.getBasicConfiguration( + MsEidasNodeConstants.PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL, + EaafConstants.EIDAS_LOA_HIGH)); + if (minimumLoAFromConfig == null) { + log.warn("Can not load minimum LoA from configuration. Use LoA: {} as default", + EaafConstants.EIDAS_LOA_HIGH); + minimumLoAFromConfig = LevelOfAssurance.HIGH; + + } + + log.trace("Validate requested LoA to connector configuration minimum LoA: {} ...", + minimumLoAFromConfig); + final List allowedLoA = new ArrayList<>(); + for (final String loa : reqLoA) { + try { + final LevelOfAssurance intLoa = LevelOfAssurance.fromString(loa); + String selectedLoA = EaafConstants.EIDAS_LOA_HIGH; + if (intLoa != null + && intLoa.numericValue() <= minimumLoAFromConfig.numericValue()) { + log.info("Client: {} requested LoA: {} will be upgraded to: {}", + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(), + loa, + minimumLoAFromConfig); + selectedLoA = minimumLoAFromConfig.getValue(); + } - } - if (!sectorDetected) { - log.info("Authn.Req validation FAILED. Reason: Contains NO or NO VALID target-sector information."); - throw new AuthnRequestValidatorException("pvp2.22", new Object[] { - "NO or NO VALID target-sector information" }); + if (!allowedLoA.contains(selectedLoA)) { + log.debug("Allow LoA: {} for Client: {}", + selectedLoA, + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier()); + allowedLoA.add(selectedLoA); - } + } - } catch (final EaafStorageException e) { - log.info("Can NOT store Authn. Req. data into pendingRequest.", e); - throw new AuthnRequestValidatorException("internal.02", null, e); + } catch (final IllegalArgumentException e) { + log.warn("LoA: {} is currently NOT supported and it will be ignored.", loa); + + } } + pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA( + allowedLoA); + } private String extractComparisonLevel(AuthnRequest authnReq) { -- cgit v1.2.3