/******************************************************************************* *******************************************************************************/ package at.asitplus.eidas.specific.connector.config; import java.util.Arrays; import java.util.List; import java.util.Map; import java.util.regex.Matcher; import java.util.regex.Pattern; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.idp.conf.SPConfigurationImpl; public class ServiceProviderConfiguration extends SPConfigurationImpl { private static final long serialVersionUID = 1L; private static final Logger log = LoggerFactory.getLogger(ServiceProviderConfiguration.class); private List minimumLoA = Arrays.asList(EAAFConstants.EIDAS_LOA_HIGH); private String bPKTargetIdentifier; private String loaMachtingMode = EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM; public ServiceProviderConfiguration(Map spConfig, IConfiguration authConfig) { super(spConfig, authConfig); } @Override public boolean hasBaseIdInternalProcessingRestriction() { return false; } @Override public boolean hasBaseIdTransferRestriction() { Boolean spConfigPolicy = isConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_POLICY_BASEIDTRANSFER_RESTRICTION); if (spConfigPolicy != null) return spConfigPolicy; else { log.trace("SP configuration defines no baseID transfer restriction. Enforce default policy ..."); for (String el : getTargetsWithNoBaseIdTransferRestriction()) { if (this.bPKTargetIdentifier != null && this.bPKTargetIdentifier.startsWith(el)) { log.debug("SP-Target: " + this.bPKTargetIdentifier + " has NO baseID transfer restriction in default policy"); return false; } } } log.debug("Default-policy defines baseID transfer restriction for SP-Target: " + this.bPKTargetIdentifier); return true; } @Override public List getRequiredLoA() { return minimumLoA; } public String getLoAMatchingMode() { return loaMachtingMode; } @Override public String getAreaSpecificTargetIdentifier() { return bPKTargetIdentifier; } @Override public String getFriendlyName() { return getConfigurationValue( MSeIDASNodeConstants.PROP_CONFIG_SP_FRIENDLYNAME, "NO FRIENDLYNAME SET"); } /** * Set the minimum level of eIDAS authentication for this SP *
* Default: http://eidas.europa.eu/LoA/high *
* Info: In case of MINIMUM matching-mode, only one entry is allowed * * @param minimumLoA eIDAS LoA URIs */ public void setRequiredLoA(List minimumLoA) { this.minimumLoA = minimumLoA; } /** * Set the mode of operation for LoA matching for this SP * * Default: minimum *
* Info: Currently only 'minimum' and 'exact' are supported * * @param mode LoA matching mode according to SAML2 core specification */ public void setLoAMachtingMode(String mode) { this.loaMachtingMode = mode; } /** * Set the bPK Target for this service provider * * @param bPKTargetIdentifier * @throws EAAFException If the bPKTargetIdentifier is NOT ALLOWED for this service provider */ public void setbPKTargetIdentifier(String bPKTargetIdentifier) throws EAAFException { String allowedTargetIdentifierRegExPattern = getConfigurationValue( MSeIDASNodeConstants.PROP_CONFIG_SP_POLICY_ALLOWED_TARGETS, MSeIDASNodeConstants.POLICY_DEFAULT_ALLOWED_TARGETS); log.trace("Use bPK-target regex pattern: " + allowedTargetIdentifierRegExPattern); Pattern p = Pattern.compile(allowedTargetIdentifierRegExPattern); Matcher m = p.matcher(bPKTargetIdentifier); if (m.matches()) { log.debug("Requested bPK-target: " + bPKTargetIdentifier + " matches regex pattern"); this.bPKTargetIdentifier = bPKTargetIdentifier; } else { log.warn("Requested bPK-target: " + bPKTargetIdentifier + " does NOT match regex pattern."); throw new EAAFException("auth.37", new Object[] {bPKTargetIdentifier, getUniqueIdentifier()}); } } }