add some TODO's for eIDAS Proxy-Service with mandates and fix some rebase errors

5 files changed, 103 insertions, 93 deletions

diff --git a/connector/src/main/resources/specific_eIDAS_connector.beans.xml b/connector/src/main/resources/specific_eIDAS_connector.beans.xml
index 0372edcf..34fd088b 100644
--- a/connector/src/main/resources/specific_eIDAS_connector.beans.xml
+++ b/connector/src/main/resources/specific_eIDAS_connector.beans.xml
@@ -71,9 +71,6 @@
     <property name="guiBuilder" ref="mvcGUIBuilderImpl" />
   </bean>
 
-  <bean id="defaultErrorHandler"
-        class="at.gv.egiz.eaaf.core.impl.idp.auth.services.DefaultErrorService"/>
-
   <bean id="securePendingRequestIdGeneration"
         class="at.gv.egiz.eaaf.core.impl.utils.SecurePendingRequestIdGenerationStrategy" />
 
diff --git a/connector/src/test/resources/spring/SpringTest_connector.beans.xml b/connector/src/test/resources/spring/SpringTest_connector.beans.xml
index 818fd00c..5a1e3f36 100644
--- a/connector/src/test/resources/spring/SpringTest_connector.beans.xml
+++ b/connector/src/test/resources/spring/SpringTest_connector.beans.xml
@@ -67,9 +67,6 @@
     <property name="guiBuilder" ref="mvcGUIBuilderImpl" />
   </bean>
 
-  <bean id="defaultErrorHandler"
-        class="at.gv.egiz.eaaf.core.impl.idp.auth.services.DefaultErrorService"/>
-
   <bean id="securePendingRequestIdGeneration"
     class="at.gv.egiz.eaaf.core.impl.utils.SecurePendingRequestIdGenerationStrategy" />
 
diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java
index 0f72203b..e11545b0 100644
--- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java
+++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java
@@ -52,6 +52,8 @@ public class ServiceProviderConfiguration extends SpConfigurationImpl {
   @Getter
   private List<String> mandateProfiles;  
   
+  
+  
   public ServiceProviderConfiguration(Map<String, String> spConfig, IConfiguration authConfig) {
     super(spConfig, authConfig);
 
diff --git a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java
index 8151b429..555f4e47 100644
--- a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java
+++ b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java
@@ -182,7 +182,9 @@ public class RequestIdAustriaSystemTask extends AbstractAuthServletTask {
           StringUtils.join(mandateProfiles, ","));
       
     }
-        
+     
+    //TODO: set force-mandates flag
+    
     return attributs;
   }
 
diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
index 8e417c36..fda1652e 100644
--- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
+++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
@@ -41,44 +41,46 @@ import eu.eidas.specificcommunication.protocol.SpecificCommunicationService;
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * End-point implementation for authentication requests from eIDAS Proxy-Service 
+ * End-point implementation for authentication requests from eIDAS Proxy-Service
  * to MS-specific eIDAS Proxy-Service.
- * 
+ *
  * @author tlenz
  *
  */
 @Slf4j
 @Controller
 public class EidasProxyServiceController extends AbstractController implements IModulInfo {
-  
+
   private static final String ERROR_01 = "eidas.proxyservice.01";
   private static final String ERROR_02 = "eidas.proxyservice.02";
   private static final String ERROR_03 = "eidas.proxyservice.03";
   private static final String ERROR_04 = "eidas.proxyservice.04";
   private static final String ERROR_05 = "eidas.proxyservice.05";
-  
+
   public static final String PROTOCOL_ID = "eidasProxy";
-   
-  @Autowired private EidasAttributeRegistry attrRegistry;
-  
+
+  @Autowired
+  private EidasAttributeRegistry attrRegistry;
+
   /**
-   * End-point that receives authentication requests from eIDAS Node. 
-   * 
-   * @param httpReq Http request
+   * End-point that receives authentication requests from eIDAS Node.
+   *
+   * @param httpReq  Http request
    * @param httpResp Http response
-   * @throws IOException In case of general error
+   * @throws IOException   In case of general error
    * @throws EaafException In case of a validation or processing error
    */
-  @RequestMapping(value = { 
-      MsProxyServiceConstants.EIDAS_HTTP_ENDPOINT_IDP_POST,
-      MsProxyServiceConstants.EIDAS_HTTP_ENDPOINT_IDP_REDIRECT
+  @RequestMapping(value = {
+        MsProxyServiceConstants.EIDAS_HTTP_ENDPOINT_IDP_POST,
+        MsProxyServiceConstants.EIDAS_HTTP_ENDPOINT_IDP_REDIRECT
       },
       method = { RequestMethod.POST, RequestMethod.GET })
-  public void receiveEidasAuthnRequest(HttpServletRequest httpReq, HttpServletResponse httpResp) throws IOException,
+  public void receiveEidasAuthnRequest(HttpServletRequest httpReq, HttpServletResponse httpResp)
+      throws IOException,
       EaafException {
     log.trace("Receive request on eidas proxy-service end-points");
-    ProxyServicePendingRequest pendingReq = null;    
-    try {      
+    ProxyServicePendingRequest pendingReq = null;
+    try {
       // get token from Request
       final String tokenBase64 = httpReq.getParameter(EidasParameterKeys.TOKEN.toString());
       if (StringUtils.isEmpty(tokenBase64)) {
@@ -89,57 +91,58 @@ public class EidasProxyServiceController extends AbstractController implements I
       log.trace("Receive eIDAS-node token: {}. Searching authentication request from eIDAS Proxy-Service ...",
           tokenBase64);
 
-      //read authentication request from shared cache
+      // read authentication request from shared cache
       final SpecificCommunicationService specificProxyCommunicationService =
           (SpecificCommunicationService) applicationContext.getBean(
-              SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE.toString());
+              SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE
+                  .toString());
       final ILightRequest eidasRequest = specificProxyCommunicationService.getAndRemoveRequest(
           tokenBase64,
           ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes()));
-      log.debug("Received eIDAS auth. request from: {}, Initializing authentication environment ... ", 
+      log.debug("Received eIDAS auth. request from: {}, Initializing authentication environment ... ",
           eidasRequest.getSpCountryCode() != null ? eidasRequest.getSpCountryCode() : "'missing SP-country'");
-                  
+
       // create pendingRequest object
       pendingReq = applicationContext.getBean(ProxyServicePendingRequest.class);
       pendingReq.initialize(httpReq, authConfig);
       pendingReq.setModule(getName());
-  
+
       // log 'transaction created' event
       revisionsLogger.logEvent(EventConstants.TRANSACTION_CREATED,
           pendingReq.getUniqueTransactionIdentifier());
       revisionsLogger.logEvent(pendingReq.getUniqueSessionIdentifier(),
           pendingReq.getUniqueTransactionIdentifier(), EventConstants.TRANSACTION_IP,
           httpReq.getRemoteAddr());
-  
-      //validate eIDAS Authn. request and set into pending-request
+
+      // validate eIDAS Authn. request and set into pending-request
       validateEidasAuthnRequest(eidasRequest);
       pendingReq.setEidasRequest(eidasRequest);
-      
-      //generate Service-Provider configuration from eIDAS request
-      ISpConfiguration spConfig = generateSpConfigurationFromEidasRequest(eidasRequest);
-      
-      // populate pendingRequest with parameters      
+
+      // generate Service-Provider configuration from eIDAS request
+      final ISpConfiguration spConfig = generateSpConfigurationFromEidasRequest(eidasRequest);
+
+      // populate pendingRequest with parameters
       pendingReq.setOnlineApplicationConfiguration(spConfig);
       pendingReq.setSpEntityId(spConfig.getUniqueIdentifier());
       pendingReq.setPassiv(false);
       pendingReq.setForce(true);
-  
+
       // AuthnRequest needs authentication
       pendingReq.setNeedAuthentication(true);
-  
+
       // set protocol action, which should be executed after authentication
       pendingReq.setAction(ProxyServiceAuthenticationAction.class.getName());
-      
+
       // switch to session authentication
       protAuthService.performAuthentication(httpReq, httpResp, pendingReq);
-      
-    } catch (EidasProxyServiceException e) {
+
+    } catch (final EidasProxyServiceException e) {
       throw e;
-      
+
     } catch (final SpecificCommunicationException e) {
       log.error("Can not read eIDAS Authn request from shared cache. Reason: {}", e.getMessage());
-      throw new EidasProxyServiceException(ERROR_03, new Object[] {e.getMessage()}, e);
-      
+      throw new EidasProxyServiceException(ERROR_03, new Object[] { e.getMessage() }, e);
+
     } catch (final Throwable e) {
       // write revision log entries
       if (pendingReq != null) {
@@ -149,115 +152,124 @@ public class EidasProxyServiceController extends AbstractController implements I
 
       throw new EidasProxyServiceException(ERROR_01, new Object[] { e.getMessage() }, e);
     }
-    
+
   }
 
   @Override
   public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response,
       IRequest protocolRequest) throws Throwable {
-    
-    //TODO: implement error handling for eIDAS Node communication    
+
+    // TODO: implement error handling for eIDAS Node communication
     return false;
-    
+
   }
-  
+
   @Override
   public String getName() {
     return EidasProxyServiceController.class.getName();
-    
+
   }
 
   @Override
   public String getAuthProtocolIdentifier() {
     return PROTOCOL_ID;
-    
+
   }
 
   @Override
   public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) {
     return true;
-    
+
   }
-  
+
   /**
    * Validate incoming eIDAS request.
-   * 
+   *
    * @param eidasRequest Incoming eIDAS authentication request
    * @throws EidasProxyServiceException In case of a validation error
    */
   private void validateEidasAuthnRequest(ILightRequest eidasRequest) throws EidasProxyServiceException {
     if (StringUtils.isEmpty(eidasRequest.getSpCountryCode())) {
       throw new EidasProxyServiceException(ERROR_05, null);
-      
+
     }
-    
-    //TODO: validate requested attributes
-    
-    //TODO: validate some other stuff
-    
+
+    /*
+     * TODO: validate requested attributes --> check if natural-person and
+     * legal-person attributes requested in parallel
+     */
+
+    // TODO: validate some other stuff
+
   }
 
   /**
    * Generate a dummy Service-Provider configuration for processing.
-   * 
+   *
    * @param eidasRequest Incoming eIDAS authentication request
    * @return Service-Provider configuration that can be used for authentication
    * @throws EidasProxyServiceException In case of a configuration error
    */
-  private ISpConfiguration generateSpConfigurationFromEidasRequest(ILightRequest eidasRequest) 
-      throws EidasProxyServiceException {    
+  private ISpConfiguration generateSpConfigurationFromEidasRequest(ILightRequest eidasRequest)
+      throws EidasProxyServiceException {
     try {
-      String spCountry = eidasRequest.getSpCountryCode();                  
-      Map<String, String> spConfigMap = new HashMap<>();
+      final String spCountry = eidasRequest.getSpCountryCode();
+      final Map<String, String> spConfigMap = new HashMap<>();
 
-      //TODO: how we get the EntityId from eIDAS connector?
+      // TODO: how we get the EntityId from eIDAS connector?
       spConfigMap.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER,
-          MessageFormat.format(MsProxyServiceConstants.TEMPLATE_SP_UNIQUE_ID, 
+          MessageFormat.format(MsProxyServiceConstants.TEMPLATE_SP_UNIQUE_ID,
               spCountry, eidasRequest.getSpType()));
-      
-      ServiceProviderConfiguration spConfig = new ServiceProviderConfiguration(spConfigMap, authConfig);
-    
+
+      final ServiceProviderConfiguration spConfig = new ServiceProviderConfiguration(spConfigMap, authConfig);
+
       final String ccCountry = authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE,
           Constants.DEFAULT_MS_NODE_COUNTRY_CODE);
-    
+
       spConfig.setBpkTargetIdentifier(
-          EaafConstants.URN_PREFIX_EIDAS + ccCountry + "+" + spCountry);    
+          EaafConstants.URN_PREFIX_EIDAS + ccCountry + "+" + spCountry);
       spConfig.setRequiredLoA(
           eidasRequest.getLevelsOfAssurance().stream().map(el -> el.getValue()).collect(Collectors.toList()));
-           
+
+      // TODO: check if only mandates are allowed in case of legal person requested
+      // --> set force-mandate flag
       spConfig.setMandateProfiles(buildMandateProfileConfiguration(eidasRequest));
-      
-      
+
       return spConfig;
-      
-    } catch (EaafException e) {
-      throw new EidasProxyServiceException(ERROR_04, new Object[] {e.getMessage()}, e);
-      
-    }    
+
+    } catch (final EaafException e) {
+      throw new EidasProxyServiceException(ERROR_04, new Object[] { e.getMessage() }, e);
+
+    }
   }
 
   private List<String> buildMandateProfileConfiguration(ILightRequest eidasRequest) {
     if (authConfig.getBasicConfigurationBoolean(
         MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, false)) {
-      log.trace("eIDAS Proxy-Service allows mandates. Selecting profiles ... ");      
-      List<String> spMandateProfiles = authConfig.getBasicConfigurationWithPrefix(
+      log.trace("eIDAS Proxy-Service allows mandates. Selecting profiles ... ");
+
+      /*
+       * TODO: split profiles in natural-person and legal-person profiles and select
+       * correct one based on requested attributes
+       */
+      final List<String> spMandateProfiles = authConfig.getBasicConfigurationWithPrefix(
           MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_SPECIFIC)
-            .entrySet().stream()
-            .filter(el -> el.getKey().endsWith(eidasRequest.getSpCountryCode().toLowerCase()))
-            .findFirst()
-            .map(el -> KeyValueUtils.getListOfCsvValues(el.getValue()))
-            .orElse(KeyValueUtils.getListOfCsvValues(
-                authConfig.getBasicConfiguration(
-                    MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT)));
-          
+          .entrySet().stream()
+          .filter(el -> el.getKey().endsWith(eidasRequest.getSpCountryCode().toLowerCase()))
+          .findFirst()
+          .map(el -> KeyValueUtils.getListOfCsvValues(el.getValue()))
+          .orElse(KeyValueUtils.getListOfCsvValues(
+              authConfig.getBasicConfiguration(
+                  MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT)));
+
       log.debug("Set mandate-profiles: {} to request from country: {}",
           spMandateProfiles, eidasRequest.getSpCountryCode());
       return spMandateProfiles;
-      
+
     }
-          
+
     return Collections.emptyList();
-    
+
   }
 
 }