From e443168b481bb88fecbad73084147e7e8c882908 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 10 Dec 2019 07:39:27 +0100 Subject: refactoring to new EGIZ code requirements --- .../config/ServiceProviderConfiguration.java | 248 ++++++++++----------- 1 file changed, 122 insertions(+), 126 deletions(-) (limited to 'connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java') diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java index f5b52fa4..6f7eace3 100644 --- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java +++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,9 +19,8 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ +*/ + package at.asitplus.eidas.specific.connector.config; import java.util.Arrays; @@ -33,130 +32,127 @@ import java.util.regex.Pattern; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.idp.conf.SpConfigurationImpl; -public class ServiceProviderConfiguration extends SpConfigurationImpl { - private static final long serialVersionUID = 1L; - private static final Logger log = LoggerFactory.getLogger(ServiceProviderConfiguration.class); - - private List minimumLoA = Arrays.asList(EaafConstants.EIDAS_LOA_HIGH); - private String bPKTargetIdentifier; - private String loaMachtingMode = EaafConstants.EIDAS_LOA_MATCHING_MINIMUM; - - public ServiceProviderConfiguration(Map spConfig, IConfiguration authConfig) { - super(spConfig, authConfig); - - } - - @Override - public boolean hasBaseIdInternalProcessingRestriction() { - return false; - - } - - @Override - public boolean hasBaseIdTransferRestriction() { - Boolean spConfigPolicy = isConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_POLICY_BASEIDTRANSFER_RESTRICTION); - if (spConfigPolicy != null) - return spConfigPolicy; - - else { - log.trace("SP configuration defines no baseID transfer restriction. Enforce default policy ..."); - for (String el : getTargetsWithNoBaseIdTransferRestriction()) { - if (this.bPKTargetIdentifier != null && this.bPKTargetIdentifier.startsWith(el)) { - log.debug("SP-Target: " + this.bPKTargetIdentifier + " has NO baseID transfer restriction in default policy"); - return false; - - } - } - } - - log.debug("Default-policy defines baseID transfer restriction for SP-Target: " + this.bPKTargetIdentifier); - return true; - } - - @Override - public List getRequiredLoA() { - return minimumLoA; - - } - - public String getLoAMatchingMode() { - return loaMachtingMode; - - } - - - @Override - public String getAreaSpecificTargetIdentifier() { - return bPKTargetIdentifier; - } - - - @Override - public String getFriendlyName() { - return getConfigurationValue( - MSeIDASNodeConstants.PROP_CONFIG_SP_FRIENDLYNAME, - "NO FRIENDLYNAME SET"); - - } - - /** - * Set the minimum level of eIDAS authentication for this SP - *
- * Default: http://eidas.europa.eu/LoA/high - *
- * Info: In case of MINIMUM matching-mode, only one entry is allowed - * - * @param minimumLoA eIDAS LoA URIs - */ - - public void setRequiredLoA(List minimumLoA) { - this.minimumLoA = minimumLoA; - } - - /** - * Set the mode of operation for LoA matching for this SP - * - * Default: minimum - *
- * Info: Currently only 'minimum' and 'exact' are supported - * - * @param mode LoA matching mode according to SAML2 core specification - */ - public void setLoAMachtingMode(String mode) { - this.loaMachtingMode = mode; - } - - - /** - * Set the bPK Target for this service provider - * - * @param bPKTargetIdentifier - * @throws EAAFException If the bPKTargetIdentifier is NOT ALLOWED for this service provider - */ - public void setbPKTargetIdentifier(String bPKTargetIdentifier) throws EaafException { - String allowedTargetIdentifierRegExPattern = getConfigurationValue( - MSeIDASNodeConstants.PROP_CONFIG_SP_POLICY_ALLOWED_TARGETS, - MSeIDASNodeConstants.POLICY_DEFAULT_ALLOWED_TARGETS); - log.trace("Use bPK-target regex pattern: " + allowedTargetIdentifierRegExPattern); - - Pattern p = Pattern.compile(allowedTargetIdentifierRegExPattern); - Matcher m = p.matcher(bPKTargetIdentifier); - if (m.matches()) { - log.debug("Requested bPK-target: " + bPKTargetIdentifier + " matches regex pattern"); - this.bPKTargetIdentifier = bPKTargetIdentifier; - - } else { - log.warn("Requested bPK-target: " + bPKTargetIdentifier + " does NOT match regex pattern."); - throw new EaafException("auth.37", new Object[] {bPKTargetIdentifier, getUniqueIdentifier()}); - - } - - } - +public class ServiceProviderConfiguration extends SpConfigurationImpl { + private static final long serialVersionUID = 1L; + private static final Logger log = LoggerFactory.getLogger(ServiceProviderConfiguration.class); + + private List minimumLoA = Arrays.asList(EaafConstants.EIDAS_LOA_HIGH); + private String bpkTargetIdentifier; + private String loaMachtingMode = EaafConstants.EIDAS_LOA_MATCHING_MINIMUM; + + public ServiceProviderConfiguration(Map spConfig, IConfiguration authConfig) { + super(spConfig, authConfig); + + } + + @Override + public boolean hasBaseIdInternalProcessingRestriction() { + return false; + + } + + @Override + public boolean hasBaseIdTransferRestriction() { + final Boolean spConfigPolicy = isConfigurationValue( + MsEidasNodeConstants.PROP_CONFIG_SP_POLICY_BASEIDTRANSFER_RESTRICTION); + if (spConfigPolicy != null) { + return spConfigPolicy; + } else { + log.trace("SP configuration defines no baseID transfer restriction. Enforce default policy ..."); + for (final String el : getTargetsWithNoBaseIdTransferRestriction()) { + if (this.bpkTargetIdentifier != null && this.bpkTargetIdentifier.startsWith(el)) { + log.debug("SP-Target: " + this.bpkTargetIdentifier + + " has NO baseID transfer restriction in default policy"); + return false; + + } + } + } + + log.debug("Default-policy defines baseID transfer restriction for SP-Target: " + + this.bpkTargetIdentifier); + return true; + } + + @Override + public List getRequiredLoA() { + return minimumLoA; + + } + + @Override + public String getLoAMatchingMode() { + return loaMachtingMode; + + } + + @Override + public String getAreaSpecificTargetIdentifier() { + return bpkTargetIdentifier; + } + + @Override + public String getFriendlyName() { + return getConfigurationValue( + MsEidasNodeConstants.PROP_CONFIG_SP_FRIENDLYNAME, + "NO FRIENDLYNAME SET"); + + } + + /** + * Set the minimum level of eIDAS authentication for this SP
+ * Default: http://eidas.europa.eu/LoA/high
+ * Info: In case of MINIMUM matching-mode, only one entry is allowed + * + * @param minimumLoA eIDAS LoA URIs + */ + + public void setRequiredLoA(List minimumLoA) { + this.minimumLoA = minimumLoA; + } + + /** + * Set the mode of operation for LoA matching for this SP. Default: + * minimum
+ * Info: Currently only 'minimum' and 'exact' are supported + * + * @param mode LoA matching mode according to SAML2 core specification + */ + public void setLoAMachtingMode(String mode) { + this.loaMachtingMode = mode; + } + + /** + * Set the bPK Target for this service provider. + * + * @param bpkTargetIdentifier Set the bPK sector + * @throws EAAFException If the bPKTargetIdentifier is NOT ALLOWED for this + * service provider + */ + public void setBpkTargetIdentifier(String bpkTargetIdentifier) throws EaafException { + final String allowedTargetIdentifierRegExPattern = getConfigurationValue( + MsEidasNodeConstants.PROP_CONFIG_SP_POLICY_ALLOWED_TARGETS, + MsEidasNodeConstants.POLICY_DEFAULT_ALLOWED_TARGETS); + log.trace("Use bPK-target regex pattern: " + allowedTargetIdentifierRegExPattern); + + final Pattern p = Pattern.compile(allowedTargetIdentifierRegExPattern); + final Matcher m = p.matcher(bpkTargetIdentifier); + if (m.matches()) { + log.debug("Requested bPK-target: " + bpkTargetIdentifier + " matches regex pattern"); + this.bpkTargetIdentifier = bpkTargetIdentifier; + + } else { + log.warn("Requested bPK-target: " + bpkTargetIdentifier + " does NOT match regex pattern."); + throw new EaafException("auth.37", new Object[] { bpkTargetIdentifier, getUniqueIdentifier() }); + + } + + } + } -- cgit v1.2.3