From 300bd1b44f521a2b33c259be1f8d21eba58c1a31 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Tue, 8 Mar 2022 13:41:31 +0100
Subject: refactor(core): split 'ms-connector' WebApp into 'core' and
 'ms-connector' to reuse some code for 'ms-proxy' WebApp

---
 .../core/config/ServiceProviderConfiguration.java  | 171 +++++++++++++++++++++
 1 file changed, 171 insertions(+)
 create mode 100644 core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/ServiceProviderConfiguration.java

(limited to 'core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/ServiceProviderConfiguration.java')

diff --git a/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/ServiceProviderConfiguration.java b/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/ServiceProviderConfiguration.java
new file mode 100644
index 00000000..5ca1c8c5
--- /dev/null
+++ b/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/ServiceProviderConfiguration.java
@@ -0,0 +1,171 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.core.config;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.idp.conf.SpConfigurationImpl;
+import lombok.Getter;
+import lombok.Setter;
+
+public class ServiceProviderConfiguration extends SpConfigurationImpl {
+  private static final long serialVersionUID = 1L;
+  private static final Logger log = LoggerFactory.getLogger(ServiceProviderConfiguration.class);
+
+  private List<String> minimumLoA = Arrays.asList(EaafConstants.EIDAS_LOA_HIGH);
+  private String bpkTargetIdentifier;
+  private String loaMachtingMode = EaafConstants.EIDAS_LOA_MATCHING_MINIMUM;
+
+  @Setter
+  @Getter
+  private List<String> mandateProfiles;  
+  
+  @Getter
+  @Setter
+  private SpMandateModes mandateMode = SpMandateModes.NONE;
+  
+  public ServiceProviderConfiguration(Map<String, String> spConfig, IConfiguration authConfig) {
+    super(spConfig, authConfig);
+
+  }
+
+  @Override
+  public boolean hasBaseIdInternalProcessingRestriction() {
+    return false;
+
+  }
+
+  
+  @Override
+  public boolean hasBaseIdTransferRestriction() {
+    final Boolean spConfigPolicy = isConfigurationValue(
+        MsEidasNodeConstants.PROP_CONFIG_SP_POLICY_BASEIDTRANSFER_RESTRICTION);
+    if (spConfigPolicy) {
+      return spConfigPolicy;
+
+    } else {
+      log.trace("SP configuration defines no baseID transfer restriction. Enforce default policy ...");
+      for (final String el : getTargetsWithNoBaseIdTransferRestriction()) {
+        if (this.bpkTargetIdentifier != null && this.bpkTargetIdentifier.startsWith(el)) {
+          log.debug("SP-Target: " + this.bpkTargetIdentifier
+              + " has NO baseID transfer restriction in default policy");
+          return false;
+
+        }
+      }
+    }
+
+    log.debug("Default-policy defines baseID transfer restriction for SP-Target: "
+        + this.bpkTargetIdentifier);
+    return true;
+  }
+
+  @Override
+  public List<String> getRequiredLoA() {
+    return minimumLoA;
+
+  }
+
+  @Override
+  public String getLoAMatchingMode() {
+    return loaMachtingMode;
+
+  }
+
+  @Override
+  public String getAreaSpecificTargetIdentifier() {
+    return bpkTargetIdentifier;
+  }
+
+  @Override
+  public String getFriendlyName() {
+    return getConfigurationValue(
+        MsEidasNodeConstants.PROP_CONFIG_SP_FRIENDLYNAME,
+        "NO FRIENDLYNAME SET");
+
+  }
+
+  /**
+   * Set the minimum level of eIDAS authentication for this SP <br>
+   * <b>Default:</b> http://eidas.europa.eu/LoA/high <br>
+   * <b>Info:</b> In case of MINIMUM matching-mode, only one entry is allowed
+   * 
+   * @param minimumLoA eIDAS LoA URIs
+   */
+
+  public void setRequiredLoA(List<String> minimumLoA) {
+    this.minimumLoA = minimumLoA;
+  }
+
+  /**
+   * Set the mode of operation for LoA matching for this SP. <b>Default:
+   * minimum</b> <br>
+   * <b>Info:</b> Currently only 'minimum' and 'exact' are supported
+   * 
+   * @param mode LoA matching mode according to SAML2 core specification
+   */
+  public void setLoAMachtingMode(String mode) {
+    this.loaMachtingMode = mode;
+  }
+
+  /**
+   * Set the bPK Target for this service provider.
+   * 
+   * @param bpkTargetIdentifier Set the bPK sector
+   * @throws EAAFException If the bPKTargetIdentifier is NOT ALLOWED for this
+   *                       service provider
+   */
+  public void setBpkTargetIdentifier(String bpkTargetIdentifier) throws EaafException {
+    final String allowedTargetIdentifierRegExPattern = getConfigurationValue(
+        MsEidasNodeConstants.PROP_CONFIG_SP_POLICY_ALLOWED_TARGETS,
+        MsEidasNodeConstants.POLICY_DEFAULT_ALLOWED_TARGETS);
+    log.trace("Use bPK-target regex pattern: " + allowedTargetIdentifierRegExPattern);
+
+    final Pattern p = Pattern.compile(allowedTargetIdentifierRegExPattern);
+    final Matcher m = p.matcher(bpkTargetIdentifier);
+    if (m.matches()) {
+      log.debug("Requested bPK-target: " + bpkTargetIdentifier + " matches regex pattern");
+      this.bpkTargetIdentifier = bpkTargetIdentifier;
+
+    } else {
+      log.warn("Requested bPK-target: " + bpkTargetIdentifier + " does NOT match regex pattern.");
+      throw new EaafException("auth.37", new Object[] { bpkTargetIdentifier, getUniqueIdentifier() });
+
+    }
+
+  }
+
+}
-- 
cgit v1.2.3