diff options
author | Thomas <> | 2021-07-26 13:35:53 +0200 |
---|---|---|
committer | Thomas <> | 2022-03-03 16:31:57 +0100 |
commit | ce516f7e94bc77946dbe12987505870f9fa2e411 (patch) | |
tree | 972ad1f02fedefea290a5b79f39df98b0c974d53 | |
parent | f3e9322070a738f21c479b19d011810724611e22 (diff) | |
download | National_eIDAS_Gateway-ce516f7e94bc77946dbe12987505870f9fa2e411.tar.gz National_eIDAS_Gateway-ce516f7e94bc77946dbe12987505870f9fa2e411.tar.bz2 National_eIDAS_Gateway-ce516f7e94bc77946dbe12987505870f9fa2e411.zip |
add configuration property to disable validation of requested MDS attrbutes on eIDAS Connector level
2 files changed, 23 insertions, 9 deletions
diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java index 72890bad..65fb556a 100644 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java +++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java @@ -39,13 +39,14 @@ public class MsProxyServiceConstants { public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL = Constants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.mandates.profiles.legal.default"; - // specifuc eIDAS-Connector configuration + // specific eIDAS-Connector configuration public static final String CONIG_PROPS_CONNECTOR_PREFIX = "connector"; public static final String CONIG_PROPS_CONNECTOR_UNIQUEID = EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER; public static final String CONIG_PROPS_CONNECTOR_COUNTRYCODE = "countryCode"; public static final String CONIG_PROPS_CONNECTOR_MANDATES_ENABLED = "mandates.enabled"; public static final String CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL = "mandates.natural"; public static final String CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL = "mandates.legal"; + public static final String CONIG_PROPS_CONNECTOR_VALIDATION_ATTR_MDS = "validation.attributes.mds"; //http end-points diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java index 080a910e..a9cc998e 100644 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java +++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java @@ -129,10 +129,6 @@ public class EidasProxyServiceController extends AbstractController implements I revisionsLogger.logEvent(pendingReq.getUniqueSessionIdentifier(), pendingReq.getUniqueTransactionIdentifier(), EventConstants.TRANSACTION_IP, httpReq.getRemoteAddr()); - - - //TODO: map issuer from eIDAS request to countryCode in special cases - // validate eIDAS Authn. request and set into pending-request validateEidasAuthnRequest(eidasRequest); @@ -141,6 +137,9 @@ public class EidasProxyServiceController extends AbstractController implements I // generate Service-Provider configuration from eIDAS request final ISpConfiguration spConfig = generateSpConfigurationFromEidasRequest(eidasRequest); + // validate eIDAS Authn. request by using eIDAS Connector specifc parameters + validateEidasAuthnRequest(spConfig, eidasRequest); + // populate pendingRequest with parameters pendingReq.setOnlineApplicationConfiguration(spConfig); pendingReq.setSpEntityId(spConfig.getUniqueIdentifier()); @@ -236,7 +235,7 @@ public class EidasProxyServiceController extends AbstractController implements I } /** - * Validate incoming eIDAS request. + * Generic validation of incoming eIDAS request. * * @param eidasRequest Incoming eIDAS authentication request * @throws EidasProxyServiceException In case of a validation error @@ -246,9 +245,23 @@ public class EidasProxyServiceController extends AbstractController implements I throw new EidasProxyServiceException(ERROR_05, null); } - + + // TODO: validate some other stuff + + } + + /** + * eIDAS Connector specific validation of incoming eIDAS request. + * + * @param eidasRequest Incoming eIDAS authentication request + * @param spConfig eIDAS Connector configuration + * @throws EidasProxyServiceException In case of a validation error + */ + private void validateEidasAuthnRequest(ISpConfiguration spConfig, ILightRequest eidasRequest) + throws EidasProxyServiceException { // check if natural-person and legal-person attributes requested in parallel - if (isLegalPersonRequested(eidasRequest) && isNaturalPersonRequested(eidasRequest)) { + if (spConfig.isConfigurationValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_VALIDATION_ATTR_MDS, true) + && isLegalPersonRequested(eidasRequest) && isNaturalPersonRequested(eidasRequest)) { throw new EidasProxyServiceException(ERROR_08, null); } @@ -256,7 +269,7 @@ public class EidasProxyServiceController extends AbstractController implements I // TODO: validate some other stuff } - + /** * Generate a dummy Service-Provider configuration for processing. * |