From 6d09f43225ba2e0f6d7b0583f843c858a1015807 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Thu, 26 Jul 2018 10:30:14 +0200
Subject: namespace refactoring

---
 .../config/ServiceProviderConfiguration.java       | 140 +++++++++++++++++++++
 1 file changed, 140 insertions(+)
 create mode 100644 connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java

(limited to 'connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java')

diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java
new file mode 100644
index 00000000..b45e723f
--- /dev/null
+++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java
@@ -0,0 +1,140 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.asitplus.eidas.specific.connector.config;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.idp.conf.SPConfigurationImpl;
+
+public class ServiceProviderConfiguration extends SPConfigurationImpl {	
+	private static final long serialVersionUID = 1L;
+	private static final Logger log = LoggerFactory.getLogger(ServiceProviderConfiguration.class);
+
+	private List<String> minimumLoA = Arrays.asList(EAAFConstants.EIDAS_LOA_HIGH);
+	private String bPKTargetIdentifier;
+	private String loaMachtingMode = EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM;
+	
+	public ServiceProviderConfiguration(Map<String, String> spConfig, IConfiguration authConfig) {
+		super(spConfig, authConfig);
+		
+	}
+
+	@Override
+	public boolean hasBaseIdInternalProcessingRestriction() {
+		  return false;
+		  
+	}
+
+	@Override
+	public boolean hasBaseIdTransferRestriction() {	  
+		Boolean spConfigPolicy = isConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_POLICY_BASEIDTRANSFER_RESTRICTION);
+		if (spConfigPolicy != null)
+			return spConfigPolicy;
+		
+		else {
+			log.trace("SP configuration defines no baseID transfer restriction. Enforce default policy ...");
+			for (String el : getTargetsWithNoBaseIdTransferRestriction()) {
+				if (this.bPKTargetIdentifier != null && this.bPKTargetIdentifier.startsWith(el)) {
+					log.debug("SP-Target: " + this.bPKTargetIdentifier + " has NO baseID transfer restriction in default policy");
+					return false;
+					
+				}				
+			}
+		}
+		
+		log.debug("Default-policy defines baseID transfer restriction for SP-Target: " + this.bPKTargetIdentifier);
+		return true;		
+	}
+	
+	@Override
+	public List<String> getRequiredLoA() {
+		return minimumLoA;
+		
+	}
+
+	public String getLoAMatchingMode() {
+		return loaMachtingMode;
+		
+	}
+	
+
+	@Override
+	public String getAreaSpecificTargetIdentifier() {
+		return bPKTargetIdentifier;
+	}
+
+
+	@Override
+	public String getFriendlyName() {
+		return getConfigurationValue(
+				MSeIDASNodeConstants.PROP_CONFIG_SP_FRIENDLYNAME, 
+				"NO FRIENDLYNAME SET");
+		
+	}
+
+	/**
+	 * Set the minimum level of eIDAS authentication for this SP
+	 * <br>
+	 * <b>Default:</b> http://eidas.europa.eu/LoA/high 
+	 * <br>
+	 * <b>Info:</b> In case of MINIMUM matching-mode, only one entry is allowed
+	 *  
+	 * @param minimumLoA eIDAS LoA URIs
+	 */
+	
+	public void setRequiredLoA(List<String> minimumLoA) {
+		this.minimumLoA = minimumLoA;
+	}
+
+	/**
+	 * Set the mode of operation for LoA matching for this SP
+	 * <b>
+	 * <b>Default: minimum</b> 
+	 * <br>
+	 * <b>Info:</b> Currently only 'minimum' and 'exact' are supported
+	 * 
+	 * @param mode LoA matching mode according to SAML2 core specification
+	 */
+	public void setLoAMachtingMode(String mode) {
+		this.loaMachtingMode = mode;
+	}
+	
+	
+	/**
+	 * Set the bPK Target for this service provider
+	 * 
+	 * @param bPKTargetIdentifier
+	 * @throws EAAFException If the bPKTargetIdentifier is NOT ALLOWED for this service provider 
+	 */
+	public void setbPKTargetIdentifier(String bPKTargetIdentifier) throws EAAFException {
+		String allowedTargetIdentifierRegExPattern = getConfigurationValue(
+				MSeIDASNodeConstants.PROP_CONFIG_SP_POLICY_ALLOWED_TARGETS,
+				MSeIDASNodeConstants.POLICY_DEFAULT_ALLOWED_TARGETS);		
+		log.trace("Use bPK-target regex pattern: " + allowedTargetIdentifierRegExPattern);
+		
+		Pattern p = Pattern.compile(allowedTargetIdentifierRegExPattern);
+		Matcher m = p.matcher(bPKTargetIdentifier);
+		if (m.matches()) {
+			log.debug("Requested bPK-target: " + bPKTargetIdentifier + " matches regex pattern");
+			this.bPKTargetIdentifier = bPKTargetIdentifier;
+			
+		} else {
+			log.warn("Requested bPK-target: " + bPKTargetIdentifier + " does NOT match regex pattern.");
+			throw new EAAFException("auth.37", new Object[] {bPKTargetIdentifier, getUniqueIdentifier()});
+			
+		}
+					
+	}
+	
+}
-- 
cgit v1.2.3