From 594e43b44813888950a888ef2716a30422212972 Mon Sep 17 00:00:00 2001
From: Dominik Frantisek Bucik <bucik@ics.muni.cz>
Date: Tue, 19 Mar 2024 13:50:53 +0100
Subject: [PATCH] =?UTF-8?q?feat:=20=F0=9F=8E=B8=20Sync=20blocked=20and=20a?=
 =?UTF-8?q?llowed=20IdPs?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../cz/muni/ics/oidc/ToOidcSynchronizer.java  | 28 +++++++++++++++++++
 .../muni/ics/oidc/models/MitreidClient.java   | 12 ++++++++
 .../cz/muni/ics/oidc/props/AttrsMapping.java  |  6 ++++
 src/main/resources/application.yml            |  2 ++
 4 files changed, 48 insertions(+)

diff --git a/src/main/java/cz/muni/ics/oidc/ToOidcSynchronizer.java b/src/main/java/cz/muni/ics/oidc/ToOidcSynchronizer.java
index f5fc56f..c8aeb1e 100644
--- a/src/main/java/cz/muni/ics/oidc/ToOidcSynchronizer.java
+++ b/src/main/java/cz/muni/ics/oidc/ToOidcSynchronizer.java
@@ -358,6 +358,8 @@ public class ToOidcSynchronizer {
         setJurisdiction(c, attrs);
         setAcceptedTos(c, attrs);
         setResourceIds(c, attrs);
+        setOnlyAllowedIdps(c, attrs);
+        setBlockedIdps(c, attrs);
     }
 
     private void setClientId(MitreidClient c, Map<String, PerunAttributeValue> attrs)
@@ -814,4 +816,30 @@ public class ToOidcSynchronizer {
         }
     }
 
+    private void setOnlyAllowedIdps(MitreidClient c, Map<String, PerunAttributeValue> attrs) {
+        if (attrs == null || !StringUtils.hasText(perunAttrNames.getOnlyAllowedIdps())) {
+            return;
+        }
+
+        PerunAttributeValue attributeValue = attrs.getOrDefault(perunAttrNames.getOnlyAllowedIdps(), null);
+        if (attributeValue == null || PerunAttributeValueAwareModel.isNullValue(attributeValue.getValue())) {
+            c.setOnlyAllowedIdps(new HashSet<>());
+        } else {
+            c.setOnlyAllowedIdps(new HashSet<>(attributeValue.valueAsList()));
+        }
+    }
+
+    private void setBlockedIdps(MitreidClient c, Map<String, PerunAttributeValue> attrs) {
+        if (attrs == null || !StringUtils.hasText(perunAttrNames.getBlockedIdps())) {
+            return;
+        }
+
+        PerunAttributeValue attributeValue = attrs.getOrDefault(perunAttrNames.getBlockedIdps(), null);
+        if (attributeValue == null || PerunAttributeValueAwareModel.isNullValue(attributeValue.getValue())) {
+            c.setBlockedIdps(new HashSet<>());
+        } else {
+            c.setBlockedIdps(new HashSet<>(attributeValue.valueAsList()));
+        }
+    }
+
 }
diff --git a/src/main/java/cz/muni/ics/oidc/models/MitreidClient.java b/src/main/java/cz/muni/ics/oidc/models/MitreidClient.java
index 9b95ee2..4c7fe07 100644
--- a/src/main/java/cz/muni/ics/oidc/models/MitreidClient.java
+++ b/src/main/java/cz/muni/ics/oidc/models/MitreidClient.java
@@ -290,6 +290,18 @@ public class MitreidClient implements ClientDetails {
     @Column(name = "parent_client_id")
     private Long parentClientId;
 
+    @ElementCollection(fetch = FetchType.EAGER)
+    @CollectionTable(name = "client_only_allowed_idps", joinColumns = @JoinColumn(name = "owner_id"))
+    @Column(name = "idp_entity_id")
+    @CascadeOnDelete
+    private Set<String> onlyAllowedIdps;
+
+    @ElementCollection(fetch = FetchType.EAGER)
+    @CollectionTable(name = "client_blocked_idps", joinColumns = @JoinColumn(name = "owner_id"))
+    @Column(name = "idp_entity_id")
+    @CascadeOnDelete
+    private Set<String> blockedIdps;
+
     @Transient
     private Map<String, Object> additionalInformation = new HashMap<>();
 
diff --git a/src/main/java/cz/muni/ics/oidc/props/AttrsMapping.java b/src/main/java/cz/muni/ics/oidc/props/AttrsMapping.java
index e86b2d9..ce28f21 100644
--- a/src/main/java/cz/muni/ics/oidc/props/AttrsMapping.java
+++ b/src/main/java/cz/muni/ics/oidc/props/AttrsMapping.java
@@ -73,6 +73,10 @@ public class AttrsMapping {
 
     private String resourceIds;
 
+    private String blockedIdps;
+
+    private String onlyAllowedIdps;
+
     // MitreID client non-related
 
     @NotBlank private String masterProxyIdentifier;
@@ -115,6 +119,8 @@ public class AttrsMapping {
         addOptionalAttrName(attrNames, jurisdiction);
         addOptionalAttrName(attrNames, acceptedTos);
         addOptionalAttrName(attrNames, resourceIds);
+        addOptionalAttrName(attrNames, onlyAllowedIdps);
+        addOptionalAttrName(attrNames, blockedIdps);
         return attrNames;
     }
 
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index 890506a..2c4e802 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -39,6 +39,8 @@ attributes:
   jurisdiction: "urn:perun:facility:attribute-def:def:rpJurisdiction"
   accepted_tos: "urn:perun:facility:attribute-def:def:rpAcceptedTos"
   resource_ids: "urn:perun:facility:attribute-def:def:rpResourceIds"
+  only_allowed_idps: "urn:perun:facility:attribute-def:def:rpOnlyAllowedIdps"
+  blocked_idps: "urn:perun:facility:attribute-def:def:rpBlockedIdps"
 
 conf:
   langs: ["en", "cs"]
-- 
GitLab