feat(connector): add validation to disable private-SP support for specific countries

author: Thomas <> 2022-11-17 16:48:29 +0100
committer: Thomas <> 2022-11-17 16:48:29 +0100
commit: aacc2545abb12328a09cef2cf20ca80a61374836 (patch)
tree: 6a05a7e63677748a070f854059ad9962a4edfa7d
parent: 1a76153176f57ba5d85343e905061db14c523729 (diff)
download: National_eIDAS_Gateway-aacc2545abb12328a09cef2cf20ca80a61374836.tar.gz
National_eIDAS_Gateway-aacc2545abb12328a09cef2cf20ca80a61374836.tar.bz2
National_eIDAS_Gateway-aacc2545abb12328a09cef2cf20ca80a61374836.zip
15 files changed, 167 insertions, 33 deletions
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index 70a1e69a..a9125849 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -91,6 +91,9 @@ public class Constants {
       EidasConstants.CONIG_PROPS_EIDAS_NODE + ".attributes.requested.representation";
   
 
+  public static final String CONIG_PROPS_EIDAS_NODE_NOT_SUPPORT_PRIVATE_SP =
+      EidasConstants.CONIG_PROPS_EIDAS_NODE + ".proxyservices.privatesp.notsupported";
+  
   public static final String CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION =
       EidasConstants.CONIG_PROPS_EIDAS_NODE + ".requesterId.useHashedForm";
   public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_REQUESTERID_FOR_LUX =
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPostProcessingException.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPostProcessingException.java
index f4c0be67..f1f9a9f6 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPostProcessingException.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPostProcessingException.java
@@ -36,5 +36,4 @@ public class EidPostProcessingException extends EidasSAuthenticationException {
     super(internalMsgId, params, e);
 
   }
-
 }
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPreProcessingException.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPreProcessingException.java
new file mode 100644
index 00000000..75e03f21
--- /dev/null
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPreProcessingException.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception;
+
+public class EidPreProcessingException extends EidasSAuthenticationException {
+
+  private static final long serialVersionUID = 6780652273831172456L;
+
+  public EidPreProcessingException(String internalMsgId, Object[] params) {
+    super(internalMsgId, params);
+
+  }
+
+  public EidPreProcessingException(String internalMsgId, Object[] params, Throwable e) {
+    super(internalMsgId, params, e);
+
+  }
+}
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
index 61d5ded2..d97ed807 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
@@ -47,6 +47,7 @@ import com.google.common.collect.ImmutableSortedSet;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ConnectorEidasAttributeRegistry;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils;
@@ -56,6 +57,7 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
 import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
 import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import eu.eidas.auth.commons.attribute.AttributeDefinition;
 import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
 import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
@@ -71,14 +73,18 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
   protected IConfigurationWithSP basicConfig;
 
   @Override
-  public final void preProcess(IRequest pendingReq, Builder authnRequestBuilder) {
+  public final void preProcess(IRequest pendingReq, Builder authnRequestBuilder, String countryCode) 
+      throws EidPreProcessingException {
 
+    // validate current state 
+    validateSelectionWithState(pendingReq, countryCode);
+    
+    // build country-specific authentication request
     buildLevelOfAssurance(pendingReq.getServiceProviderConfiguration(), authnRequestBuilder);
     buildProviderNameAndRequesterIdAttribute(pendingReq, authnRequestBuilder);
     buildRequestedAttributes(authnRequestBuilder);
   }
 
-
   @Override
   public final SimpleEidasData postProcess(Map<String, Object> eidasAttrMap) throws EidPostProcessingException,
       EidasAttributeException {
@@ -224,15 +230,8 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
    */
   protected void buildProviderNameAndRequesterIdAttribute(IRequest pendingReq, Builder authnRequestBuilder) {
     final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
-
-    // set correct SPType for requested target sector
-    final String publicSectorTargetSelector = basicConfig.getBasicConfiguration(
-        Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS,
-        Constants.POLICY_DEFAULT_ALLOWED_TARGETS);
-    final Pattern p = Pattern.compile(publicSectorTargetSelector);
-    final Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier());
-    if (m.matches()) {
-      log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PublicSector'");
+    if (isPublicServiceProvider(pendingReq)) {
+      log.debug("Map {} to 'PublicSector'", spConfig.getAreaSpecificTargetIdentifier());
       authnRequestBuilder.spType(SpType.PUBLIC.getValue());
 
       final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
@@ -269,7 +268,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
             
     }
   }
-  
+    
   /**
    * Build LoA based on Service-Provider configuration.
    * 
@@ -361,4 +360,30 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
 
   }
   
+  private void validateSelectionWithState(IRequest pendingReq, String countryCode) throws EidPreProcessingException {
+    boolean psNotSupportPrivate = KeyValueUtils.getListOfCsvValues(
+        basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_NOT_SUPPORT_PRIVATE_SP))
+        .stream()
+          .filter(el-> el.equalsIgnoreCase(countryCode))
+          .findFirst()
+          .isPresent();
+          
+    if (!isPublicServiceProvider(pendingReq) && psNotSupportPrivate) {
+      log.warn("Selected country: {} does not support private service providers.", countryCode);
+      throw new EidPreProcessingException("module.eidasauth.07", null);
+      
+    }
+  }
+  
+  private boolean isPublicServiceProvider(IRequest pendingReq) {
+    final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
+    final String publicSectorTargetSelector = basicConfig.getBasicConfiguration(
+        Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS,
+        Constants.POLICY_DEFAULT_ALLOWED_TARGETS);
+    final Pattern p = Pattern.compile(publicSectorTargetSelector);
+    final Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier());
+    return m.matches();
+    
+  }
+  
 }
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/INationalEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/INationalEidProcessor.java
index 79a261fe..b6f67ca8 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/INationalEidProcessor.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/INationalEidProcessor.java
@@ -26,8 +26,9 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler;
 import java.util.Map;
 
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import eu.eidas.auth.commons.light.ILightRequest;
 import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
@@ -76,6 +77,8 @@ public interface INationalEidProcessor {
    *
    * @param pendingReq          current pending request
    * @param authnRequestBuilder eIDAS {@link ILightRequest} builder
+   * @param countryCode of the eID data that should be processed
+   * @throws EidPreProcessingException In case of a pre-processing error
    */
-  void preProcess(IRequest pendingReq, Builder authnRequestBuilder);
+  void preProcess(IRequest pendingReq, Builder authnRequestBuilder, String countryCode) throws EidPreProcessingException;
 }
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java
index bbfcb5ff..620e7a9c 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java
@@ -41,6 +41,7 @@ import org.springframework.stereotype.Service;
 
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.INationalEidProcessor;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils;
@@ -84,7 +85,7 @@ public class CcSpecificEidProcessingService implements ICcSpecificEidProcessingS
 
   @Override
   public void preProcess(String selectedCitizenCountry, IRequest pendingReq, Builder authnRequestBuilder)
-      throws EidPostProcessingException {
+      throws EidPreProcessingException {
     if (StringUtils.isEmpty(selectedCitizenCountry)) {
       log.info("No CountryCode for eID Pre-Processor. Default Pre-Processor will be used");
     }
@@ -92,14 +93,14 @@ public class CcSpecificEidProcessingService implements ICcSpecificEidProcessingS
     for (final INationalEidProcessor el : handlers) {
       if (el.canHandle(selectedCitizenCountry)) {
         log.debug("Pre-Process eIDAS request for " + selectedCitizenCountry + " by using:  " + el.getName());
-        el.preProcess(pendingReq, authnRequestBuilder);
+        el.preProcess(pendingReq, authnRequestBuilder, selectedCitizenCountry);
         return;
 
       }
     }
 
-    log.error("NO eID PostProcessor FOUND. Looks like a depentency problem!");
-    throw new EidPostProcessingException("internal.00", null);
+    log.error("NO eID PreProcessor FOUND. Looks like a depentency problem!");
+    throw new EidPreProcessingException("internal.00", null);
 
   }
 
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ICcSpecificEidProcessingService.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ICcSpecificEidProcessingService.java
index fb9ba318..85255398 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ICcSpecificEidProcessingService.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ICcSpecificEidProcessingService.java
@@ -26,8 +26,9 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.service;
 import java.util.Map;
 
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import eu.eidas.auth.commons.light.ILightRequest;
 import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
@@ -53,9 +54,9 @@ public interface ICcSpecificEidProcessingService {
    * @param selectedCC          Citizen Country from selection
    * @param pendingReq          current pending request
    * @param authnRequestBuilder eIDAS {@link ILightRequest} builder
-   * @throws EidPostProcessingException In case of a pre-processing error
+   * @throws EidPreProcessingException In case of a pre-processing error
    */
   void preProcess(String selectedCC, IRequest pendingReq, Builder authnRequestBuilder)
-      throws EidPostProcessingException;
+      throws EidPreProcessingException;
 
 }
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
index 535c2958..93e1033d 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
@@ -41,7 +41,7 @@ import at.asitplus.eidas.specific.core.MsConnectorEventCodes;
 import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.core.gui.StaticGuiBuilderConfiguration;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService;
 import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
@@ -170,7 +170,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 
   @NotNull
   private LightRequest buildEidasAuthnRequest(String citizenCountryCode, String issuer)
-      throws EidPostProcessingException {
+      throws EidPreProcessingException {
     final LightRequest.Builder builder = LightRequest.builder();
     builder.id(UUID.randomUUID().toString());
     
diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties b/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties
index dafa7ce3..615f5f07 100644
--- a/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties
+++ b/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties
@@ -9,7 +9,7 @@ module.eidasauth.01=eIDAS module has an error in configuration: {0}. Reason: {1}
 module.eidasauth.03=eIDAS module has a general error during request pre-processing. Reason: {0}
 module.eidasauth.04=eIDAS module has a general error during response post-processing.
 module.eidasauth.06=eIDAS module was selected, but eIDAS is NOT enabled for SP: {0}
-
+module.eidasauth.07=Selected country does not allow authentication for service-providers of type private.
 
 module.eidasauth.98=eIDAS module has an internal error. Reason: {0}
 module.eidasauth.99=eIDAS module has an generic internal error.
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/AlternativeSearchTaskWithRegisterTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/AlternativeSearchTaskWithRegisterTest.java
index 2506a9b6..305220cf 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/AlternativeSearchTaskWithRegisterTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/AlternativeSearchTaskWithRegisterTest.java
@@ -56,6 +56,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.CountrySpecificDetailSearchProcessor;
@@ -871,8 +872,9 @@ public class AlternativeSearchTaskWithRegisterTest {
       }
 
       @Override
-      public void preProcess(String selectedCC, IRequest pendingReq, LightRequest.Builder authnRequestBuilder) {
-        genericEidProcessor.preProcess(pendingReq, authnRequestBuilder);
+      public void preProcess(String selectedCC, IRequest pendingReq, LightRequest.Builder authnRequestBuilder) 
+          throws EidPreProcessingException {
+        genericEidProcessor.preProcess(pendingReq, authnRequestBuilder, selectedCC);
       }
     };
   }
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java
index 6292a0e1..ca78e156 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java
@@ -74,6 +74,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException;
@@ -172,8 +173,9 @@ public class InitialSearchTaskTest {
       }
 
       @Override
-      public void preProcess(String selectedCC, IRequest pendingReq, LightRequest.Builder authnRequestBuilder) {
-        genericEidProcessor.preProcess(pendingReq, authnRequestBuilder);
+      public void preProcess(String selectedCC, IRequest pendingReq, LightRequest.Builder authnRequestBuilder) 
+          throws EidPreProcessingException {
+        genericEidProcessor.preProcess(pendingReq, authnRequestBuilder, selectedCC);
       }
     };
   }
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskWithRegistersTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskWithRegistersTest.java
index 4b9e9fe2..ead276f9 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskWithRegistersTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskWithRegistersTest.java
@@ -76,6 +76,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException;
@@ -536,8 +537,9 @@ public class InitialSearchTaskWithRegistersTest {
       }
 
       @Override
-      public void preProcess(String selectedCC, IRequest pendingReq, LightRequest.Builder authnRequestBuilder) {
-        genericEidProcessor.preProcess(pendingReq, authnRequestBuilder);
+      public void preProcess(String selectedCC, IRequest pendingReq, LightRequest.Builder authnRequestBuilder) 
+          throws EidPreProcessingException {
+        genericEidProcessor.preProcess(pendingReq, authnRequestBuilder, selectedCC);
       }
     };
   }
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
index ca292d4c..f3863ce0 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
@@ -50,6 +50,7 @@ import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration;
 import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
 import eu.eidas.auth.commons.light.impl.LightRequest;
 import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
+import lombok.SneakyThrows;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(locations = {
@@ -110,7 +111,8 @@ public class EidasRequestPreProcessingFirstTest {
   }
 
   @Test
-  public void prePreProcessGeneric() throws EidPostProcessingException {
+  @SneakyThrows
+  public void prePreProcessGeneric() {
     final String testCountry = "XX";
     authnRequestBuilder.citizenCountryCode(testCountry);
     preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder);
@@ -125,6 +127,7 @@ public class EidasRequestPreProcessingFirstTest {
   }
 
   @Test
+  @SneakyThrows
   public void prePreProcessGenericNoCountryCode() throws EidPostProcessingException {
     final String testCountry = "XX";
     authnRequestBuilder.citizenCountryCode(testCountry);
@@ -140,6 +143,7 @@ public class EidasRequestPreProcessingFirstTest {
   }
 
   @Test
+  @SneakyThrows
   public void prePreProcessDE() throws EidPostProcessingException {
 
     final String testCountry = "DE";
@@ -157,6 +161,7 @@ public class EidasRequestPreProcessingFirstTest {
   }
   
   @Test
+  @SneakyThrows
   public void prePreProcessNlWithUpgrade() throws EidPostProcessingException {
 
     final String testCountry = "NL";
@@ -177,6 +182,7 @@ public class EidasRequestPreProcessingFirstTest {
   }
    
   @Test
+  @SneakyThrows
   public void prePreProcessNlWithOutUpgrade() throws EidPostProcessingException {
 
     final String testCountry = "NL";
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
index 9b061b55..0453ca1d 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
@@ -23,6 +23,9 @@
 
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.validation;
 
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertThrows;
+
 import java.util.HashMap;
 import java.util.Map;
 import java.util.UUID;
@@ -39,6 +42,7 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
 import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.CcSpecificEidProcessingService;
 import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
@@ -46,6 +50,7 @@ import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration;
 import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
 import eu.eidas.auth.commons.light.impl.LightRequest;
 import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
+import lombok.SneakyThrows;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(locations = {
@@ -85,13 +90,55 @@ public class EidasRequestPreProcessingSecondTest {
     authnRequestBuilder.id(UUID.randomUUID().toString());
     authnRequestBuilder.issuer("Test");
     authnRequestBuilder.levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH);
+    
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.publicSectorTargets", ".*");    
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll", "true");    
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.proxyservices.privatesp.notsupported", "");        
+    
+  }
 
+  @Test
+  @SneakyThrows
+  public void privateSpAllowed() {
     basicConfig.putConfigValue(
-        "eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll", "true");
+        "eidas.ms.auth.eIDAS.node_v2.proxyservices.privatesp.notsupported", "XX,XY");          
+    basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
+    
+    oaParam.getFullConfiguration().put("target", "urn:publicid:gv.at:wbpk+XFN+123456a");
     
+    final String testCountry = "DE";
+    authnRequestBuilder.citizenCountryCode(testCountry);
+    preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder);
+
+    final LightRequest lightReq = authnRequestBuilder.build();
+    Assert.assertEquals("no PublicSP", "private", lightReq.getSpType());
+        
   }
+  
+  @Test
+  @SneakyThrows
+  public void privateSpNotAllowed() {
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.proxyservices.privatesp.notsupported", "XX,XY");          
+    basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
+    
+    oaParam.getFullConfiguration().put("target", "urn:publicid:gv.at:wbpk+XFN+123456a");
+    
+    final String testCountry = "XY";
+    authnRequestBuilder.citizenCountryCode(testCountry);
+
+    EidPreProcessingException error = assertThrows("validation error not detected", EidPreProcessingException.class, 
+        () -> preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder));
+    assertEquals("wrong errorId", "module.eidasauth.07", error.getErrorId());
 
+        
+  }
+  
   @Test
+  @SneakyThrows
   public void prePreProcessDeUnknownAttribute() throws EidPostProcessingException {
     basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs", "myNode");
     basicConfig.putConfigValue(
@@ -114,6 +161,7 @@ public class EidasRequestPreProcessingSecondTest {
    * Set ProviderName according to general configuration
    */
   @Test
+  @SneakyThrows
   public void prePreProcessLuPublicSpWithoutRequestId() throws EidPostProcessingException {
 
     basicConfig.putConfigValue(
@@ -136,6 +184,7 @@ public class EidasRequestPreProcessingSecondTest {
    * Always set requesterId and providername in case of country LU
    */
   @Test
+  @SneakyThrows
   public void prePreProcessLuPublicSpWithStaticRequesterId() throws EidPostProcessingException {
 
     
diff --git a/ms_specific_connector/src/main/resources/application.properties b/ms_specific_connector/src/main/resources/application.properties
index 64367880..a2a0ca67 100644
--- a/ms_specific_connector/src/main/resources/application.properties
+++ b/ms_specific_connector/src/main/resources/application.properties
@@ -95,6 +95,8 @@ eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm=true
 ## user static requesterId for all SP's in case of LU
 eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll=true
 
+## List of country-codes as CSV that not support private service-providers
+eidas.ms.auth.eIDAS.node_v2.proxyservices.privatesp.notsupported=
  
 ## set provider name for all public SPs
 eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=false
author	Thomas <>	2022-11-17 16:48:29 +0100
committer	Thomas <>	2022-11-17 16:48:29 +0100
commit	aacc2545abb12328a09cef2cf20ca80a61374836 (patch)
tree	6a05a7e63677748a070f854059ad9962a4edfa7d
parent	1a76153176f57ba5d85343e905061db14c523729 (diff)
download	National_eIDAS_Gateway-aacc2545abb12328a09cef2cf20ca80a61374836.tar.gz National_eIDAS_Gateway-aacc2545abb12328a09cef2cf20ca80a61374836.tar.bz2 National_eIDAS_Gateway-aacc2545abb12328a09cef2cf20ca80a61374836.zip