se.idsec.signservice.integration.authentication.impl.AuthnRequirementsValidator Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of signservice-integration-impl Show documentation
SignService Integration API
The newest version!
/*
 * Copyright 2019-2023 IDsec Solutions AB
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package se.idsec.signservice.integration.authentication.impl;

import jakarta.annotation.Nullable;
import org.apache.commons.lang3.StringUtils;
import se.idsec.signservice.integration.authentication.AuthnRequirements;
import se.idsec.signservice.integration.authentication.SignerIdentityAttribute;
import se.idsec.signservice.integration.authentication.SignerIdentityAttributeValue;
import se.idsec.signservice.integration.config.IntegrationServiceConfiguration;
import se.idsec.signservice.integration.core.validation.AbstractInputValidator;
import se.idsec.signservice.integration.core.validation.ValidationResult;

/**
 * Validator for {@link AuthnRequirements} objects.
 *
 * @author Martin Lindström ([email protected])
 * @author Stefan Santesson ([email protected])
 */
public class AuthnRequirementsValidator
    extends AbstractInputValidator {

  /** {@inheritDoc} */
  @Override
  public ValidationResult validate(final AuthnRequirements object, @Nullable final String objectName,
      final IntegrationServiceConfiguration hint) {

    final ValidationResult result = new ValidationResult(objectName);

    if ((object == null || StringUtils.isBlank(object.getAuthnServiceID()))
        && StringUtils.isBlank(hint.getDefaultAuthnServiceID())) {
      result.rejectValue("authnServiceID", String.format(
          "Request does not contain an authnServiceID and policy '%s' has no default value", hint.getPolicy()));
    }
    if ((object == null || object.getAuthnContextClassRefs() == null || object.getAuthnContextClassRefs().isEmpty())
        && StringUtils.isBlank(hint.getDefaultAuthnContextRef())) {
      result.rejectValue("authnContextClassRefs", String.format(
          "Request does not contain an authnContextClassRef and policy '%s' has no default value", hint.getPolicy()));
    }
    if (object != null && object.getRequestedSignerAttributes() != null) {
      int pos = 0;
      for (final SignerIdentityAttributeValue a : object.getRequestedSignerAttributes()) {
        if (a.getType() != null && !SignerIdentityAttribute.SAML_TYPE.equalsIgnoreCase(a.getType())) {
          result.rejectValue("requestedSignerAttributes[" + pos + "].type",
              "The only supported attribute type is 'saml'");
        }
        if (StringUtils.isBlank(a.getName())) {
          result.rejectValue("requestedSignerAttributes[" + pos + "].name", "Missing attribute name");
        }
        if (StringUtils.isBlank(a.getValue())) {
          result.rejectValue("requestedSignerAttributes[" + pos + "].value", "Missing attribute value");
        }
        pos++;
      }
    }

    return result;
  }

}