diff options
| author | Thomas <> | 2022-05-03 14:47:03 +0200 | 
|---|---|---|
| committer | Thomas <> | 2022-05-03 14:47:03 +0200 | 
| commit | 363e8657cd060f9a585b8e1dbac88aa12457238f (patch) | |
| tree | 002bbc76d9a252fd8ee19b0541c06d3c2659cf72 | |
| parent | d3c76a7cac0e881f91a4ff3a86b40669e9aa1328 (diff) | |
| download | National_eIDAS_Gateway-363e8657cd060f9a585b8e1dbac88aa12457238f.tar.gz National_eIDAS_Gateway-363e8657cd060f9a585b8e1dbac88aa12457238f.tar.bz2 National_eIDAS_Gateway-363e8657cd060f9a585b8e1dbac88aa12457238f.zip | |
fix(eidas): catch IndexOutOfBand exception in case of eIDAS Attribute that has no attribute-value
3 files changed, 73 insertions, 17 deletions
| diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java index ce737526..58ab0c6a 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -445,15 +445,23 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {        } else {          final List<String> natPersonIdObj = EidasResponseUtils              .translateStringListAttribute(el, attributeMap.get(el)); -        final String stringAttr = natPersonIdObj.get(0); -        if (StringUtils.isNotEmpty(stringAttr)) { -          result.put(el.getFriendlyName(), stringAttr); -          log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + stringAttr); - +        if (natPersonIdObj.isEmpty()) { +          log.info("Ignore attribute: {}, because no attributeValue was found", +              el.getNameUri());           +                    } else { -          log.info("Ignore empty 'String' attribute"); -        } +          final String stringAttr = natPersonIdObj.get(0); +          if (StringUtils.isNotEmpty(stringAttr)) { +            result.put(el.getFriendlyName(), stringAttr); +            log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + stringAttr); +          } else { +            log.info("Ignore empty 'String' attributeValue for: {}", +                el.getNameUri()); +             +          } + +        }        }      } diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java index c8c5a069..ced6ffe6 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java @@ -32,8 +32,6 @@ import javax.annotation.Nullable;  import org.apache.commons.lang3.StringUtils;  import org.joda.time.DateTime; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory;  import com.google.common.collect.ImmutableList;  import com.google.common.collect.ImmutableSet; @@ -46,10 +44,10 @@ import eu.eidas.auth.commons.attribute.AttributeValueMarshaller;  import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;  import eu.eidas.auth.commons.attribute.AttributeValueTransliterator;  import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; +import lombok.extern.slf4j.Slf4j; +@Slf4j  public class EidasResponseUtils { -  private static final Logger log = LoggerFactory.getLogger(EidasResponseUtils.class); -    public static final String PERSONALIDENIFIER_VALIDATION_PATTERN = "^[A-Z,a-z]{2}/[A-Z,a-z]{2}/.*";    /** @@ -97,11 +95,11 @@ public class EidasResponseUtils {     * @param attributeValues Attributes from eIDAS response     * @return Set of attribute values. If more then one value than the first value contains the 'Latin' value.      */ -  // TODO: check possible problem with nonLatinCharacters +  // TODO: check possible problem with nonLatinCharacters     public static List<String> translateStringListAttribute(AttributeDefinition<?> attributeDefinition,        ImmutableSet<? extends AttributeValue<?>> attributeValues) {      final List<String> stringListAttribute = new ArrayList<>(); -    if (attributeValues != null) { +    if (attributeValues != null && !attributeValues.isEmpty()) {        final AttributeValueMarshaller<?> attributeValueMarshaller = attributeDefinition            .getAttributeValueMarshaller();        for (final AttributeValue<?> attributeValue : attributeValues.asList()) { @@ -129,12 +127,12 @@ public class EidasResponseUtils {          }        } -        log.trace("Extract values: {} for attr: {}",             StringUtils.join(stringListAttribute, ","), attributeDefinition.getFriendlyName());      } else { -      log.info("Can not extract infos from 'null' attribute value"); +      log.info("Can not extract infos from '{}' attributeValue for attribute: {}", +          attributeValues != null ? "empty" : "null", attributeDefinition.getNameUri());      } diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java index 10595402..f8971705 100644 --- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java @@ -502,6 +502,45 @@ public class CreateIdentityLinkTaskEidNewTest {      }    } +  @Test +  public void checkEmptyStringAttribute() throws Exception { +    //initialize test     +    setSzrResponseIdentityLink("/data/szr/szr_resp_valid_1.xml"); +    String vsz = RandomStringUtils.randomNumeric(10); +    when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(vsz); +    val signContentResp = new SignContentResponseType(); +    final SignContentEntry signContentEntry = new SignContentEntry(); +    signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10)); +    signContentResp.getOut().add(signContentEntry); +    when(szrMock, "signContent", any(), any(), any()).thenReturn(signContentResp); +     +    String randomTestSp = RandomStringUtils.randomAlphabetic(10); +    String bindingPubKey = RandomStringUtils.randomAlphabetic(10); +    pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp); +    pendingReq.setRawDataToTransaction(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, bindingPubKey); +     +         +    response = buildDummyAuthResponse(true, true);     +    pendingReq.getSessionData(AuthProcessDataWrapper.class) +        .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); +     +     +    //perform test +    task.execute(pendingReq, executionContext); + +    //validate state     +    // check if pendingRequest was stored +    IRequest storedPendingReq = requestStorage.getPendingRequest(pendingReq.getPendingRequestId()); +    Assert.assertNotNull("pendingReq not stored", storedPendingReq); +     +    //check data in session +    final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class); +    Assert.assertNotNull("AuthProcessData", authProcessData); +    Assert.assertNotNull("eidasBind", authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class)); +     +  } +   +      private Pair<KeyStore, Provider> getKeyStore() throws EaafException {      // read Connector wide config data TODO connector wide!      String keyStoreName = basicConfig.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_NAME); @@ -537,9 +576,14 @@ public class CreateIdentityLinkTaskEidNewTest {    } -    @Nonnull    private AuthenticationResponse buildDummyAuthResponse(boolean withAll) throws URISyntaxException { +    return buildDummyAuthResponse(withAll, false); +     +  } + +  @Nonnull +  private AuthenticationResponse buildDummyAuthResponse(boolean withAll, boolean withEmpty) throws URISyntaxException {      final AttributeDefinition attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(          Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first();      final AttributeDefinition attributeDef2 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( @@ -559,7 +603,13 @@ public class CreateIdentityLinkTaskEidNewTest {      attributeMap.put(attributeDef3, RandomStringUtils.randomAlphabetic(10));      attributeMap.put(attributeDef4, "2001-01-01");      if (withAll) { -      attributeMap.put(attributeDef5, RandomStringUtils.randomAlphabetic(10)); +      if (withEmpty) {  +        attributeMap.put(attributeDef5, Collections.emptySet()); +         +      } else { +        attributeMap.put(attributeDef5, RandomStringUtils.randomAlphabetic(10)); +         +      }        attributeMap.put(attributeDef6, RandomStringUtils.randomAlphabetic(10));      } | 
