aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas <>2021-07-26 13:35:53 +0200
committerThomas <>2022-03-03 16:31:57 +0100
commitce516f7e94bc77946dbe12987505870f9fa2e411 (patch)
tree972ad1f02fedefea290a5b79f39df98b0c974d53
parentf3e9322070a738f21c479b19d011810724611e22 (diff)
downloadNational_eIDAS_Gateway-ce516f7e94bc77946dbe12987505870f9fa2e411.tar.gz
National_eIDAS_Gateway-ce516f7e94bc77946dbe12987505870f9fa2e411.tar.bz2
National_eIDAS_Gateway-ce516f7e94bc77946dbe12987505870f9fa2e411.zip
add configuration property to disable validation of requested MDS attrbutes on eIDAS Connector level
-rw-r--r--eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java3
-rw-r--r--eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java29
2 files changed, 23 insertions, 9 deletions
diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java
index 72890bad..65fb556a 100644
--- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java
+++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java
@@ -39,13 +39,14 @@ public class MsProxyServiceConstants {
public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL =
Constants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.mandates.profiles.legal.default";
- // specifuc eIDAS-Connector configuration
+ // specific eIDAS-Connector configuration
public static final String CONIG_PROPS_CONNECTOR_PREFIX = "connector";
public static final String CONIG_PROPS_CONNECTOR_UNIQUEID = EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER;
public static final String CONIG_PROPS_CONNECTOR_COUNTRYCODE = "countryCode";
public static final String CONIG_PROPS_CONNECTOR_MANDATES_ENABLED = "mandates.enabled";
public static final String CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL = "mandates.natural";
public static final String CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL = "mandates.legal";
+ public static final String CONIG_PROPS_CONNECTOR_VALIDATION_ATTR_MDS = "validation.attributes.mds";
//http end-points
diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
index 080a910e..a9cc998e 100644
--- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
+++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
@@ -129,10 +129,6 @@ public class EidasProxyServiceController extends AbstractController implements I
revisionsLogger.logEvent(pendingReq.getUniqueSessionIdentifier(),
pendingReq.getUniqueTransactionIdentifier(), EventConstants.TRANSACTION_IP,
httpReq.getRemoteAddr());
-
-
- //TODO: map issuer from eIDAS request to countryCode in special cases
-
// validate eIDAS Authn. request and set into pending-request
validateEidasAuthnRequest(eidasRequest);
@@ -141,6 +137,9 @@ public class EidasProxyServiceController extends AbstractController implements I
// generate Service-Provider configuration from eIDAS request
final ISpConfiguration spConfig = generateSpConfigurationFromEidasRequest(eidasRequest);
+ // validate eIDAS Authn. request by using eIDAS Connector specifc parameters
+ validateEidasAuthnRequest(spConfig, eidasRequest);
+
// populate pendingRequest with parameters
pendingReq.setOnlineApplicationConfiguration(spConfig);
pendingReq.setSpEntityId(spConfig.getUniqueIdentifier());
@@ -236,7 +235,7 @@ public class EidasProxyServiceController extends AbstractController implements I
}
/**
- * Validate incoming eIDAS request.
+ * Generic validation of incoming eIDAS request.
*
* @param eidasRequest Incoming eIDAS authentication request
* @throws EidasProxyServiceException In case of a validation error
@@ -246,9 +245,23 @@ public class EidasProxyServiceController extends AbstractController implements I
throw new EidasProxyServiceException(ERROR_05, null);
}
-
+
+ // TODO: validate some other stuff
+
+ }
+
+ /**
+ * eIDAS Connector specific validation of incoming eIDAS request.
+ *
+ * @param eidasRequest Incoming eIDAS authentication request
+ * @param spConfig eIDAS Connector configuration
+ * @throws EidasProxyServiceException In case of a validation error
+ */
+ private void validateEidasAuthnRequest(ISpConfiguration spConfig, ILightRequest eidasRequest)
+ throws EidasProxyServiceException {
// check if natural-person and legal-person attributes requested in parallel
- if (isLegalPersonRequested(eidasRequest) && isNaturalPersonRequested(eidasRequest)) {
+ if (spConfig.isConfigurationValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_VALIDATION_ATTR_MDS, true)
+ && isLegalPersonRequested(eidasRequest) && isNaturalPersonRequested(eidasRequest)) {
throw new EidasProxyServiceException(ERROR_08, null);
}
@@ -256,7 +269,7 @@ public class EidasProxyServiceController extends AbstractController implements I
// TODO: validate some other stuff
}
-
+
/**
* Generate a dummy Service-Provider configuration for processing.
*