diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java index 88a64bd07..ca71ad946 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java @@ -22,8 +22,9 @@ */ package at.gv.egovernment.moa.id.util; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotAllowedException; +import at.gv.egovernment.moa.logging.Logger; /** * @author tlenz @@ -33,10 +34,23 @@ public class QAALevelVerifier { public static void verifyQAALevel(String qaaAuth, String qaaRequest) throws QAANotAllowedException { - Integer qaaA = Integer.valueOf(qaaAuth.substring(PVPConstants.STORK_QAA_PREFIX.length())); - Integer qaaR = Integer.valueOf(qaaRequest.substring(PVPConstants.STORK_QAA_PREFIX.length())); + if (EAAFConstants.EIDAS_QAA_LOW.equals(qaaRequest) && + (EAAFConstants.EIDAS_QAA_LOW.equals(qaaAuth) || + EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaAuth) || + EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth)) + ) + Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... "); - if (qaaA < qaaR) + else if (EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaRequest) && + (EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaAuth) || + EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth)) + ) + Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... "); + + else if (EAAFConstants.EIDAS_QAA_HIGH.equals(qaaRequest) && EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth)) + Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... "); + + else throw new QAANotAllowedException(qaaAuth, qaaRequest); } |