diff options
| author | Thomas <> | 2021-07-27 13:41:47 +0200 |
|---|---|---|
| committer | Thomas <> | 2022-03-03 16:31:57 +0100 |
| commit | 44464bfe90a47e48cd3a76fb30d38c226f0af786 (patch) | |
| tree | 2e0274a1584f6e66e8fe88c0bfa766628c98dcf4 | |
| parent | ce516f7e94bc77946dbe12987505870f9fa2e411 (diff) | |
| download | National_eIDAS_Gateway-44464bfe90a47e48cd3a76fb30d38c226f0af786.tar.gz National_eIDAS_Gateway-44464bfe90a47e48cd3a76fb30d38c226f0af786.tar.bz2 National_eIDAS_Gateway-44464bfe90a47e48cd3a76fb30d38c226f0af786.zip | |
add work-around for representation of legal person in DE4A project. Work-around can be removed in a future version
5 files changed, 277 insertions, 52 deletions
diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java index 65fb556a..bf71ba64 100644 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java +++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java @@ -39,6 +39,10 @@ public class MsProxyServiceConstants { public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL = Constants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.mandates.profiles.legal.default"; + + public static final String CONIG_PROPS_EIDAS_PROXY_WORKAROUND_MANDATES_LEGAL_PERSON = + Constants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.workaround.mandates.legalperson"; + // specific eIDAS-Connector configuration public static final String CONIG_PROPS_CONNECTOR_PREFIX = "connector"; public static final String CONIG_PROPS_CONNECTOR_UNIQUEID = EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER; diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java index a9cc998e..56b34257 100644 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java +++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java @@ -29,6 +29,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException; +import at.asitplus.eidas.specific.modules.msproxyservice.utils.EidasProxyServiceUtils; import at.gv.egiz.components.eventlog.api.EventConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; @@ -261,7 +262,8 @@ public class EidasProxyServiceController extends AbstractController implements I throws EidasProxyServiceException { // check if natural-person and legal-person attributes requested in parallel if (spConfig.isConfigurationValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_VALIDATION_ATTR_MDS, true) - && isLegalPersonRequested(eidasRequest) && isNaturalPersonRequested(eidasRequest)) { + && EidasProxyServiceUtils.isLegalPersonRequested(eidasRequest) + && EidasProxyServiceUtils.isNaturalPersonRequested(eidasRequest)) { throw new EidasProxyServiceException(ERROR_08, null); } @@ -382,7 +384,7 @@ public class EidasProxyServiceController extends AbstractController implements I injectMandateInfosIntoSpConfig(spConfig, eidasRequest); } else { - if (isLegalPersonRequested(eidasRequest)) { + if (EidasProxyServiceUtils.isLegalPersonRequested(eidasRequest)) { throw new EidasProxyServiceException(ERROR_09, null); } @@ -400,7 +402,7 @@ public class EidasProxyServiceController extends AbstractController implements I spConfig.getUniqueIdentifier()); //check if legal person is requested - boolean isLegalPersonRequested = isLegalPersonRequested(eidasRequest); + boolean isLegalPersonRequested = EidasProxyServiceUtils.isLegalPersonRequested(eidasRequest); // set mandate profiles if (isLegalPersonRequested) { @@ -409,7 +411,7 @@ public class EidasProxyServiceController extends AbstractController implements I spConfig.setMandateMode(SpMandateModes.LEGAL_FORCE); - } else if (isNaturalPersonRequested(eidasRequest)) { + } else if (EidasProxyServiceUtils.isNaturalPersonRequested(eidasRequest)) { spConfig.setMandateProfiles(KeyValueUtils.getListOfCsvValues( spConfig.getConfigurationValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL))); @@ -433,20 +435,4 @@ public class EidasProxyServiceController extends AbstractController implements I } } - - private boolean isLegalPersonRequested(ILightRequest eidasRequest) { - return eidasRequest.getRequestedAttributes().entrySet().stream() - .filter(el -> el.getKey().getFriendlyName().equals(Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER)) - .findFirst() - .isPresent(); - - } - - private boolean isNaturalPersonRequested(ILightRequest eidasRequest) { - return eidasRequest.getRequestedAttributes().entrySet().stream() - .filter(el -> el.getKey().getFriendlyName().equals(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)) - .findFirst() - .isPresent(); - - } } diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java index 805bbc42..33d9fdc0 100644 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java +++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java @@ -20,6 +20,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException; +import at.asitplus.eidas.specific.modules.msproxyservice.utils.EidasProxyServiceUtils; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; @@ -94,7 +95,7 @@ public class ProxyServiceAuthenticationAction implements IAction { lightRespBuilder.issuer(basicConfig.getBasicConfiguration( MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_NODE_ENTITYID)); lightRespBuilder.levelOfAssurance(authData.getEidasQaaLevel()); - lightRespBuilder.attributes(buildAttributesFromAuthData(authData)); + lightRespBuilder.attributes(buildAttributesFromAuthData(authData, eidasReq)); // set SLO response object of EAAF framework final SloInformationImpl sloInformation = new SloInformationImpl(); @@ -202,13 +203,18 @@ public class ProxyServiceAuthenticationAction implements IAction { } - private ImmutableAttributeMap buildAttributesFromAuthData(IAuthData authData) { + private ImmutableAttributeMap buildAttributesFromAuthData(IAuthData authData, + ILightRequest eidasReq) { IEidAuthData eidAuthData = (IEidAuthData) authData; if (eidAuthData.isUseMandate()) { log.debug("Building eIDAS Proxy-Service response with mandate ... "); final ImmutableAttributeMap.Builder attributeMap = ImmutableAttributeMap.builder(); injectRepesentativeInformation(attributeMap, eidAuthData); - injectMandatorInformation(attributeMap, eidAuthData); + injectMandatorInformation(attributeMap, eidAuthData); + + // work-around that injects nat. person subject to bypass validation on eIDAS Node + injectJurPersonWorkaroundIfRequired(attributeMap, eidasReq, authData); + return attributeMap.build(); } else { @@ -217,7 +223,7 @@ public class ProxyServiceAuthenticationAction implements IAction { } } - + private void injectMandatorInformation( ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData) { String natMandatorId = eidAuthData.getGenericData( @@ -278,7 +284,39 @@ public class ProxyServiceAuthenticationAction implements IAction { } - private ImmutableAttributeMap buildAttributesWithoutMandate(IEidAuthData eidAuthData) { + /** + * Work-around to inject representative information as nat. person subject to bypass eIDAS Node validation. + * + * <p><b>Injection will only be done if this work-around is enabled by configuration, + * the mandator is a legal person, and both legal and natural person subject's is requested.</b></p> + * + * @param attributeMap Attribute set for eIDAS response + * @param eidasReq Incoming eIDAS request + * @param authData Authentication data + */ + private void injectJurPersonWorkaroundIfRequired( + ImmutableAttributeMap.Builder attributeMap, ILightRequest eidasReq, IAuthData authData) { + if (isLegalPersonWorkaroundActive() && isLegalPersonMandateAvailable(authData) + && EidasProxyServiceUtils.isNaturalPersonRequested(eidasReq) + && EidasProxyServiceUtils.isLegalPersonRequested(eidasReq)) { + log.debug("Injecting representative information as nat. person subject to bypass eIDAS Node validation"); + attributeMap.putAll(buildAttributesWithoutMandate(authData)); + + } + } + + private ImmutableAttributeMap buildAttributesWithoutMandate(IAuthData eidAuthData) { + //TODO: throw an error in case of SZR Date with month or day = "00" + return buildAttributesWithoutMandate( + eidAuthData.getGenericData(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class), + eidAuthData.getFamilyName(), + eidAuthData.getGivenName(), + eidAuthData.getDateOfBirth()); + + } + + private ImmutableAttributeMap buildAttributesWithoutMandate(String personalIdentifier, String familyName, + String givenName, String dateOfBirth) { final AttributeDefinition<?> attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); final AttributeDefinition<?> attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( @@ -290,18 +328,15 @@ public class ProxyServiceAuthenticationAction implements IAction { final ImmutableAttributeMap.Builder attributeMap = ImmutableAttributeMap.builder() - .put(attrDefPersonalId, - eidAuthData.getGenericData(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class)) - .put(attrDefFamilyName, eidAuthData.getFamilyName()) - .put(attrDefGivenName, eidAuthData.getGivenName()) - - //TODO: throw an error in case of SZR Date with month or day = "00" - .put(attrDefDateOfBirth, eidAuthData.getDateOfBirth()); + .put(attrDefPersonalId, personalIdentifier) + .put(attrDefFamilyName, familyName) + .put(attrDefGivenName, givenName) + .put(attrDefDateOfBirth, dateOfBirth); return attributeMap.build(); } - + private BinaryLightToken putResponseInCommunicationCache(ILightResponse lightResponse) throws ServletException { final BinaryLightToken binaryLightToken; @@ -322,5 +357,17 @@ public class ProxyServiceAuthenticationAction implements IAction { return binaryLightToken; } + private boolean isLegalPersonWorkaroundActive() { + return basicConfig.getBasicConfigurationBoolean( + MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_WORKAROUND_MANDATES_LEGAL_PERSON, + false); + + } + + private boolean isLegalPersonMandateAvailable(IAuthData authData) { + return StringUtils.isNoneEmpty(authData.getGenericData( + MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, String.class)); + + } } diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/utils/EidasProxyServiceUtils.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/utils/EidasProxyServiceUtils.java new file mode 100644 index 00000000..4cd7ba6c --- /dev/null +++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/utils/EidasProxyServiceUtils.java @@ -0,0 +1,45 @@ +package at.asitplus.eidas.specific.modules.msproxyservice.utils; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import eu.eidas.auth.commons.light.ILightRequest; + +/** + * Common utils for eIDAS Proxy-Service implementation. + * + * @author tlenz + * + */ +public class EidasProxyServiceUtils { + + /** + * Check if legal person subject is requested by eIDAS Connector. + * + * @param eidasRequest Authentication request from eIDAS Connector. + * @return <code>true</code> if <i>LegalPersonIdentifier</i> is requested, otherwise <code>false</code>lse + */ + public static boolean isLegalPersonRequested(ILightRequest eidasRequest) { + return eidasRequest.getRequestedAttributes().entrySet().stream() + .filter(el -> el.getKey().getFriendlyName().equals(Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER)) + .findFirst() + .isPresent(); + + } + + /** + * Check if natural person subject is requested by eIDAS Connector. + * + * @param eidasRequest Authentication request from eIDAS Connector. + * @return <code>true</code> if <i>PersonIdentifier</i> is requested, otherwise <code>false</code>lse + */ + public static boolean isNaturalPersonRequested(ILightRequest eidasRequest) { + return eidasRequest.getRequestedAttributes().entrySet().stream() + .filter(el -> el.getKey().getFriendlyName().equals(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)) + .findFirst() + .isPresent(); + + } + + private EidasProxyServiceUtils() { + //hide constructor for class with static methods only + } +} diff --git a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java index a42b30d4..a5c76773 100644 --- a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java +++ b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java @@ -4,6 +4,7 @@ import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CON import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; import static org.junit.Assert.assertThrows; import static org.junit.Assert.assertTrue; @@ -57,6 +58,7 @@ import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.light.ILightResponse; import eu.eidas.auth.commons.light.impl.LightRequest; +import eu.eidas.auth.commons.light.impl.LightRequest.Builder; import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; import eu.eidas.specificcommunication.exception.SpecificCommunicationException; import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; @@ -93,7 +95,9 @@ public class ProxyServiceAuthenticationActionTest { RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint", - "http://eidas.proxy/endpoint"); + "http://eidas.proxy/endpoint"); + basicConfig.putConfigValue("auth.eIDAS.proxy.workaround.mandates.legalperson", + "false"); final Map<String, String> spConfig = new HashMap<>(); spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); @@ -106,15 +110,7 @@ public class ProxyServiceAuthenticationActionTest { pendingReq.initialize(httpReq, basicConfig); pendingReq.setOnlineApplicationConfiguration(oaParam); - LightRequest.Builder eidasRequestBuilder = LightRequest.builder() - .id(UUID.randomUUID().toString()) - .issuer(RandomStringUtils.randomAlphabetic(10)) - .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) - .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) - .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) - .spType("public") - .requesterId(RandomStringUtils.randomAlphanumeric(10)) - .providerName(RandomStringUtils.randomAlphanumeric(10)); + LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); pendingReq.setEidasRequest(eidasRequestBuilder.build()); @@ -252,6 +248,136 @@ public class ProxyServiceAuthenticationActionTest { checkAttrValue(respAttr, Constants.eIDAS_ATTR_LEGALNAME, (String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME)); + assertNull("find nat. person subject: personalId", + getAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); + assertNull("find nat. person subject: familyName", + getAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME)); + assertNull("find nat. person subject: givenName", + getAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME)); + assertNull("find nat. person subject: dateOfBirth", + getAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH)); + + } + + @Test + public void responseWithNatMandateWithWorkAround() throws EaafException, SpecificCommunicationException { + basicConfig.putConfigValue("auth.eIDAS.proxy.workaround.mandates.legalperson", + "true"); + + //request natural person subject only + LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); + eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder().put( + attrRegistry.getCoreAttributeRegistry().getByFriendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build()); + pendingReq.setEidasRequest(eidasRequestBuilder.build()); + + + Map<String, Object> attr = new HashMap<>(); + attr.put(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, + "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); + + attr.put(MsProxyServiceConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, + "1985-11-15"); + + + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + + //perform test + SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); + + //validate state + Assert.assertNotNull("Result should be not null", result); + + ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); + assertEquals("wrong attr. size", 8, respAttr.size()); + + } + + @Test + public void responseWithJurMandateWithWorkAround() throws EaafException, SpecificCommunicationException { + basicConfig.putConfigValue("auth.eIDAS.proxy.workaround.mandates.legalperson", + "true"); + + //request natural person subject only + LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); + eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) + .build()); + pendingReq.setEidasRequest(eidasRequestBuilder.build()); + + Map<String, Object> attr = new HashMap<>(); + attr.put(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, + "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + + attr.put(MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, + RandomStringUtils.randomAlphabetic(10)); + + //perform test + SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); + + //validate state + Assert.assertNotNull("Result should be not null", result); + + ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); + assertEquals("wrong attr. size", 10, respAttr.size()); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + (String) attr.get(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER)); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName()); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName()); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH, authData.getDateOfBirth()); + + } + + @Test + public void responseWithJurMandateWithWorkAroundNoNatSubject() throws EaafException, SpecificCommunicationException { + basicConfig.putConfigValue("auth.eIDAS.proxy.workaround.mandates.legalperson", + "true"); + + //request natural person subject only + LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); + eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) + .build()); + pendingReq.setEidasRequest(eidasRequestBuilder.build()); + + Map<String, Object> attr = new HashMap<>(); + attr.put(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, + "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + + attr.put(MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, + RandomStringUtils.randomAlphabetic(10)); + + //perform test + SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); + + //validate state + Assert.assertNotNull("Result should be not null", result); + + ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); + assertEquals("wrong attr. size", 6, respAttr.size()); + assertNull("find nat. person subject: personalId", + getAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); + assertNull("find nat. person subject: familyName", + getAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME)); + assertNull("find nat. person subject: givenName", + getAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME)); + assertNull("find nat. person subject: dateOfBirth", + getAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH)); } @@ -271,20 +397,24 @@ public class ProxyServiceAuthenticationActionTest { } - private void checkAttrValue(ImmutableAttributeMap respAttr, String attrName, String expected) { + private Object getAttrValue(ImmutableAttributeMap respAttr, String attrName) { final AttributeDefinition<?> attrDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(attrName).first(); - Object value = respAttr.getFirstValue(attrDef); - assertNotNull("not attr value: " + attrName, value); + return respAttr.getFirstValue(attrDef); + + } + + private void checkAttrValue(ImmutableAttributeMap respAttr, String attrName, String expected) { + Object value = getAttrValue(respAttr, attrName); + assertNotNull("not attr value: " + attrName, value); - if (value instanceof String) { - assertEquals("wrong attr. value: " + attrName, expected, value); + if (value instanceof String) { + assertEquals("wrong attr. value: " + attrName, expected, value); - } else if ( value instanceof DateTime) { - assertEquals("wrong attr. value: " + attrName, expected, ((DateTime)value).toString("yyyy-MM-dd")); + } else if ( value instanceof DateTime) { + assertEquals("wrong attr. value: " + attrName, expected, ((DateTime)value).toString("yyyy-MM-dd")); - } - + } } private ImmutableAttributeMap validateBasicEidasResponse(IAuthData authData) throws SpecificCommunicationException { @@ -308,6 +438,19 @@ public class ProxyServiceAuthenticationActionTest { } + private Builder generateBasicLightRequest() { + return LightRequest.builder() + .id(UUID.randomUUID().toString()) + .issuer(RandomStringUtils.randomAlphabetic(10)) + .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) + .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .spType("public") + .requesterId(RandomStringUtils.randomAlphanumeric(10)) + .providerName(RandomStringUtils.randomAlphanumeric(10)); + + } + private IAuthData generateDummyAuthData(Map<String, Object> attrs, String loa, String familyName, String givenName, String dateOfBirth, boolean useMandates) { return new IEidAuthData() { |