aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas <>2022-11-17 16:48:29 +0100
committerThomas <>2022-11-17 16:48:29 +0100
commitaacc2545abb12328a09cef2cf20ca80a61374836 (patch)
tree6a05a7e63677748a070f854059ad9962a4edfa7d
parent1a76153176f57ba5d85343e905061db14c523729 (diff)
downloadNational_eIDAS_Gateway-aacc2545abb12328a09cef2cf20ca80a61374836.tar.gz
National_eIDAS_Gateway-aacc2545abb12328a09cef2cf20ca80a61374836.tar.bz2
National_eIDAS_Gateway-aacc2545abb12328a09cef2cf20ca80a61374836.zip
feat(connector): add validation to disable private-SP support for specific countries
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java3
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPostProcessingException.java1
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPreProcessingException.java39
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java49
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/INationalEidProcessor.java7
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java9
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ICcSpecificEidProcessingService.java7
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java4
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties2
-rw-r--r--modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/AlternativeSearchTaskWithRegisterTest.java6
-rw-r--r--modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java6
-rw-r--r--modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskWithRegistersTest.java6
-rw-r--r--modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java8
-rw-r--r--modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java51
-rw-r--r--ms_specific_connector/src/main/resources/application.properties2
15 files changed, 167 insertions, 33 deletions
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index 70a1e69a..a9125849 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -91,6 +91,9 @@ public class Constants {
EidasConstants.CONIG_PROPS_EIDAS_NODE + ".attributes.requested.representation";
+ public static final String CONIG_PROPS_EIDAS_NODE_NOT_SUPPORT_PRIVATE_SP =
+ EidasConstants.CONIG_PROPS_EIDAS_NODE + ".proxyservices.privatesp.notsupported";
+
public static final String CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION =
EidasConstants.CONIG_PROPS_EIDAS_NODE + ".requesterId.useHashedForm";
public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_REQUESTERID_FOR_LUX =
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPostProcessingException.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPostProcessingException.java
index f4c0be67..f1f9a9f6 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPostProcessingException.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPostProcessingException.java
@@ -36,5 +36,4 @@ public class EidPostProcessingException extends EidasSAuthenticationException {
super(internalMsgId, params, e);
}
-
}
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPreProcessingException.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPreProcessingException.java
new file mode 100644
index 00000000..75e03f21
--- /dev/null
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPreProcessingException.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception;
+
+public class EidPreProcessingException extends EidasSAuthenticationException {
+
+ private static final long serialVersionUID = 6780652273831172456L;
+
+ public EidPreProcessingException(String internalMsgId, Object[] params) {
+ super(internalMsgId, params);
+
+ }
+
+ public EidPreProcessingException(String internalMsgId, Object[] params, Throwable e) {
+ super(internalMsgId, params, e);
+
+ }
+}
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
index 61d5ded2..d97ed807 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
@@ -47,6 +47,7 @@ import com.google.common.collect.ImmutableSortedSet;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ConnectorEidasAttributeRegistry;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils;
@@ -56,6 +57,7 @@ import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import eu.eidas.auth.commons.attribute.AttributeDefinition;
import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
@@ -71,14 +73,18 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
protected IConfigurationWithSP basicConfig;
@Override
- public final void preProcess(IRequest pendingReq, Builder authnRequestBuilder) {
+ public final void preProcess(IRequest pendingReq, Builder authnRequestBuilder, String countryCode)
+ throws EidPreProcessingException {
+ // validate current state
+ validateSelectionWithState(pendingReq, countryCode);
+
+ // build country-specific authentication request
buildLevelOfAssurance(pendingReq.getServiceProviderConfiguration(), authnRequestBuilder);
buildProviderNameAndRequesterIdAttribute(pendingReq, authnRequestBuilder);
buildRequestedAttributes(authnRequestBuilder);
}
-
@Override
public final SimpleEidasData postProcess(Map<String, Object> eidasAttrMap) throws EidPostProcessingException,
EidasAttributeException {
@@ -224,15 +230,8 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
*/
protected void buildProviderNameAndRequesterIdAttribute(IRequest pendingReq, Builder authnRequestBuilder) {
final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
-
- // set correct SPType for requested target sector
- final String publicSectorTargetSelector = basicConfig.getBasicConfiguration(
- Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS,
- Constants.POLICY_DEFAULT_ALLOWED_TARGETS);
- final Pattern p = Pattern.compile(publicSectorTargetSelector);
- final Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier());
- if (m.matches()) {
- log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PublicSector'");
+ if (isPublicServiceProvider(pendingReq)) {
+ log.debug("Map {} to 'PublicSector'", spConfig.getAreaSpecificTargetIdentifier());
authnRequestBuilder.spType(SpType.PUBLIC.getValue());
final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
@@ -269,7 +268,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
}
}
-
+
/**
* Build LoA based on Service-Provider configuration.
*
@@ -361,4 +360,30 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
}
+ private void validateSelectionWithState(IRequest pendingReq, String countryCode) throws EidPreProcessingException {
+ boolean psNotSupportPrivate = KeyValueUtils.getListOfCsvValues(
+ basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_NOT_SUPPORT_PRIVATE_SP))
+ .stream()
+ .filter(el-> el.equalsIgnoreCase(countryCode))
+ .findFirst()
+ .isPresent();
+
+ if (!isPublicServiceProvider(pendingReq) && psNotSupportPrivate) {
+ log.warn("Selected country: {} does not support private service providers.", countryCode);
+ throw new EidPreProcessingException("module.eidasauth.07", null);
+
+ }
+ }
+
+ private boolean isPublicServiceProvider(IRequest pendingReq) {
+ final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
+ final String publicSectorTargetSelector = basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS,
+ Constants.POLICY_DEFAULT_ALLOWED_TARGETS);
+ final Pattern p = Pattern.compile(publicSectorTargetSelector);
+ final Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier());
+ return m.matches();
+
+ }
+
}
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/INationalEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/INationalEidProcessor.java
index 79a261fe..b6f67ca8 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/INationalEidProcessor.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/INationalEidProcessor.java
@@ -26,8 +26,9 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler;
import java.util.Map;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
import at.gv.egiz.eaaf.core.api.IRequest;
import eu.eidas.auth.commons.light.ILightRequest;
import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
@@ -76,6 +77,8 @@ public interface INationalEidProcessor {
*
* @param pendingReq current pending request
* @param authnRequestBuilder eIDAS {@link ILightRequest} builder
+ * @param countryCode of the eID data that should be processed
+ * @throws EidPreProcessingException In case of a pre-processing error
*/
- void preProcess(IRequest pendingReq, Builder authnRequestBuilder);
+ void preProcess(IRequest pendingReq, Builder authnRequestBuilder, String countryCode) throws EidPreProcessingException;
}
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java
index bbfcb5ff..620e7a9c 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java
@@ -41,6 +41,7 @@ import org.springframework.stereotype.Service;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.INationalEidProcessor;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils;
@@ -84,7 +85,7 @@ public class CcSpecificEidProcessingService implements ICcSpecificEidProcessingS
@Override
public void preProcess(String selectedCitizenCountry, IRequest pendingReq, Builder authnRequestBuilder)
- throws EidPostProcessingException {
+ throws EidPreProcessingException {
if (StringUtils.isEmpty(selectedCitizenCountry)) {
log.info("No CountryCode for eID Pre-Processor. Default Pre-Processor will be used");
}
@@ -92,14 +93,14 @@ public class CcSpecificEidProcessingService implements ICcSpecificEidProcessingS
for (final INationalEidProcessor el : handlers) {
if (el.canHandle(selectedCitizenCountry)) {
log.debug("Pre-Process eIDAS request for " + selectedCitizenCountry + " by using: " + el.getName());
- el.preProcess(pendingReq, authnRequestBuilder);
+ el.preProcess(pendingReq, authnRequestBuilder, selectedCitizenCountry);
return;
}
}
- log.error("NO eID PostProcessor FOUND. Looks like a depentency problem!");
- throw new EidPostProcessingException("internal.00", null);
+ log.error("NO eID PreProcessor FOUND. Looks like a depentency problem!");
+ throw new EidPreProcessingException("internal.00", null);
}
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ICcSpecificEidProcessingService.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ICcSpecificEidProcessingService.java
index fb9ba318..85255398 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ICcSpecificEidProcessingService.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ICcSpecificEidProcessingService.java
@@ -26,8 +26,9 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.service;
import java.util.Map;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
import at.gv.egiz.eaaf.core.api.IRequest;
import eu.eidas.auth.commons.light.ILightRequest;
import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
@@ -53,9 +54,9 @@ public interface ICcSpecificEidProcessingService {
* @param selectedCC Citizen Country from selection
* @param pendingReq current pending request
* @param authnRequestBuilder eIDAS {@link ILightRequest} builder
- * @throws EidPostProcessingException In case of a pre-processing error
+ * @throws EidPreProcessingException In case of a pre-processing error
*/
void preProcess(String selectedCC, IRequest pendingReq, Builder authnRequestBuilder)
- throws EidPostProcessingException;
+ throws EidPreProcessingException;
}
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
index 535c2958..93e1033d 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
@@ -41,7 +41,7 @@ import at.asitplus.eidas.specific.core.MsConnectorEventCodes;
import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
import at.asitplus.eidas.specific.core.gui.StaticGuiBuilderConfiguration;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService;
import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
@@ -170,7 +170,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
@NotNull
private LightRequest buildEidasAuthnRequest(String citizenCountryCode, String issuer)
- throws EidPostProcessingException {
+ throws EidPreProcessingException {
final LightRequest.Builder builder = LightRequest.builder();
builder.id(UUID.randomUUID().toString());
diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties b/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties
index dafa7ce3..615f5f07 100644
--- a/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties
+++ b/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties
@@ -9,7 +9,7 @@ module.eidasauth.01=eIDAS module has an error in configuration: {0}. Reason: {1}
module.eidasauth.03=eIDAS module has a general error during request pre-processing. Reason: {0}
module.eidasauth.04=eIDAS module has a general error during response post-processing.
module.eidasauth.06=eIDAS module was selected, but eIDAS is NOT enabled for SP: {0}
-
+module.eidasauth.07=Selected country does not allow authentication for service-providers of type private.
module.eidasauth.98=eIDAS module has an internal error. Reason: {0}
module.eidasauth.99=eIDAS module has an generic internal error.
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/AlternativeSearchTaskWithRegisterTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/AlternativeSearchTaskWithRegisterTest.java
index 2506a9b6..305220cf 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/AlternativeSearchTaskWithRegisterTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/AlternativeSearchTaskWithRegisterTest.java
@@ -56,6 +56,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.CountrySpecificDetailSearchProcessor;
@@ -871,8 +872,9 @@ public class AlternativeSearchTaskWithRegisterTest {
}
@Override
- public void preProcess(String selectedCC, IRequest pendingReq, LightRequest.Builder authnRequestBuilder) {
- genericEidProcessor.preProcess(pendingReq, authnRequestBuilder);
+ public void preProcess(String selectedCC, IRequest pendingReq, LightRequest.Builder authnRequestBuilder)
+ throws EidPreProcessingException {
+ genericEidProcessor.preProcess(pendingReq, authnRequestBuilder, selectedCC);
}
};
}
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java
index 6292a0e1..ca78e156 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java
@@ -74,6 +74,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException;
@@ -172,8 +173,9 @@ public class InitialSearchTaskTest {
}
@Override
- public void preProcess(String selectedCC, IRequest pendingReq, LightRequest.Builder authnRequestBuilder) {
- genericEidProcessor.preProcess(pendingReq, authnRequestBuilder);
+ public void preProcess(String selectedCC, IRequest pendingReq, LightRequest.Builder authnRequestBuilder)
+ throws EidPreProcessingException {
+ genericEidProcessor.preProcess(pendingReq, authnRequestBuilder, selectedCC);
}
};
}
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskWithRegistersTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskWithRegistersTest.java
index 4b9e9fe2..ead276f9 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskWithRegistersTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskWithRegistersTest.java
@@ -76,6 +76,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException;
@@ -536,8 +537,9 @@ public class InitialSearchTaskWithRegistersTest {
}
@Override
- public void preProcess(String selectedCC, IRequest pendingReq, LightRequest.Builder authnRequestBuilder) {
- genericEidProcessor.preProcess(pendingReq, authnRequestBuilder);
+ public void preProcess(String selectedCC, IRequest pendingReq, LightRequest.Builder authnRequestBuilder)
+ throws EidPreProcessingException {
+ genericEidProcessor.preProcess(pendingReq, authnRequestBuilder, selectedCC);
}
};
}
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
index ca292d4c..f3863ce0 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
@@ -50,6 +50,7 @@ import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration;
import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
import eu.eidas.auth.commons.light.impl.LightRequest;
import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
+import lombok.SneakyThrows;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = {
@@ -110,7 +111,8 @@ public class EidasRequestPreProcessingFirstTest {
}
@Test
- public void prePreProcessGeneric() throws EidPostProcessingException {
+ @SneakyThrows
+ public void prePreProcessGeneric() {
final String testCountry = "XX";
authnRequestBuilder.citizenCountryCode(testCountry);
preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder);
@@ -125,6 +127,7 @@ public class EidasRequestPreProcessingFirstTest {
}
@Test
+ @SneakyThrows
public void prePreProcessGenericNoCountryCode() throws EidPostProcessingException {
final String testCountry = "XX";
authnRequestBuilder.citizenCountryCode(testCountry);
@@ -140,6 +143,7 @@ public class EidasRequestPreProcessingFirstTest {
}
@Test
+ @SneakyThrows
public void prePreProcessDE() throws EidPostProcessingException {
final String testCountry = "DE";
@@ -157,6 +161,7 @@ public class EidasRequestPreProcessingFirstTest {
}
@Test
+ @SneakyThrows
public void prePreProcessNlWithUpgrade() throws EidPostProcessingException {
final String testCountry = "NL";
@@ -177,6 +182,7 @@ public class EidasRequestPreProcessingFirstTest {
}
@Test
+ @SneakyThrows
public void prePreProcessNlWithOutUpgrade() throws EidPostProcessingException {
final String testCountry = "NL";
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
index 9b061b55..0453ca1d 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
@@ -23,6 +23,9 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.validation;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertThrows;
+
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
@@ -39,6 +42,7 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.CcSpecificEidProcessingService;
import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
@@ -46,6 +50,7 @@ import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration;
import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
import eu.eidas.auth.commons.light.impl.LightRequest;
import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
+import lombok.SneakyThrows;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = {
@@ -85,13 +90,55 @@ public class EidasRequestPreProcessingSecondTest {
authnRequestBuilder.id(UUID.randomUUID().toString());
authnRequestBuilder.issuer("Test");
authnRequestBuilder.levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH);
+
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.publicSectorTargets", ".*");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll", "true");
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.proxyservices.privatesp.notsupported", "");
+
+ }
+ @Test
+ @SneakyThrows
+ public void privateSpAllowed() {
basicConfig.putConfigValue(
- "eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll", "true");
+ "eidas.ms.auth.eIDAS.node_v2.proxyservices.privatesp.notsupported", "XX,XY");
+ basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
+
+ oaParam.getFullConfiguration().put("target", "urn:publicid:gv.at:wbpk+XFN+123456a");
+ final String testCountry = "DE";
+ authnRequestBuilder.citizenCountryCode(testCountry);
+ preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder);
+
+ final LightRequest lightReq = authnRequestBuilder.build();
+ Assert.assertEquals("no PublicSP", "private", lightReq.getSpType());
+
}
+
+ @Test
+ @SneakyThrows
+ public void privateSpNotAllowed() {
+ basicConfig.putConfigValue(
+ "eidas.ms.auth.eIDAS.node_v2.proxyservices.privatesp.notsupported", "XX,XY");
+ basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
+
+ oaParam.getFullConfiguration().put("target", "urn:publicid:gv.at:wbpk+XFN+123456a");
+
+ final String testCountry = "XY";
+ authnRequestBuilder.citizenCountryCode(testCountry);
+
+ EidPreProcessingException error = assertThrows("validation error not detected", EidPreProcessingException.class,
+ () -> preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder));
+ assertEquals("wrong errorId", "module.eidasauth.07", error.getErrorId());
+
+ }
+
@Test
+ @SneakyThrows
public void prePreProcessDeUnknownAttribute() throws EidPostProcessingException {
basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs", "myNode");
basicConfig.putConfigValue(
@@ -114,6 +161,7 @@ public class EidasRequestPreProcessingSecondTest {
* Set ProviderName according to general configuration
*/
@Test
+ @SneakyThrows
public void prePreProcessLuPublicSpWithoutRequestId() throws EidPostProcessingException {
basicConfig.putConfigValue(
@@ -136,6 +184,7 @@ public class EidasRequestPreProcessingSecondTest {
* Always set requesterId and providername in case of country LU
*/
@Test
+ @SneakyThrows
public void prePreProcessLuPublicSpWithStaticRequesterId() throws EidPostProcessingException {
diff --git a/ms_specific_connector/src/main/resources/application.properties b/ms_specific_connector/src/main/resources/application.properties
index 64367880..a2a0ca67 100644
--- a/ms_specific_connector/src/main/resources/application.properties
+++ b/ms_specific_connector/src/main/resources/application.properties
@@ -95,6 +95,8 @@ eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm=true
## user static requesterId for all SP's in case of LU
eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll=true
+## List of country-codes as CSV that not support private service-providers
+eidas.ms.auth.eIDAS.node_v2.proxyservices.privatesp.notsupported=
## set provider name for all public SPs
eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=false