fix some minor incompatibilities between AuthHandler and MS-Connector in E-ID mode

3 files changed, 40 insertions, 20 deletions

diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index ba3c46fe..cdc17654 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -76,6 +76,8 @@ public class Constants {
       + ".debug.logfullmessages";
   public static final String CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY = CONIG_PROPS_EIDAS_SZRCLIENT
       + ".debug.useDummySolution";
+  public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SET_MDS_TO_EIDASBIND = CONIG_PROPS_EIDAS_SZRCLIENT
+      + ".eidasbind.mds.inject";
   public static final String CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_CONNECTION = CONIG_PROPS_EIDAS_SZRCLIENT
       + ".timeout.connection";
   public static final String CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_RESPONSE = CONIG_PROPS_EIDAS_SZRCLIENT
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
index 0b8de8a7..1f5837d6 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
@@ -78,8 +78,10 @@ import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.LoggingHandler;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
 import at.gv.egiz.eaaf.core.api.data.XmlNamespaceConstants;
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
@@ -113,7 +115,8 @@ public class SzrClient {
   private static final String KEY_BC_BIND = "bcBindReq";
   private static final String JOSE_HEADER_USERCERTPINNING_TYPE = "urn:at.gv.eid:bindtype";
   private static final String JOSE_HEADER_USERCERTPINNING_EIDASBIND = "urn:at.gv.eid:eidasBind";
-
+  public static final String ATTR_NAME_MDS = "urn:eidgvat:mds";
+  
   @Autowired
   private IConfiguration basicConfig;
 
@@ -244,36 +247,38 @@ public class SzrClient {
 
   }
 
-
   /**
    * Sign an eidasBind data-structure that combines vsz with user's pubKey and E-ID status.
    *
    * @param vsz encryped baseId
    * @param bindingPubKey  binding PublikKey as PKCS1# (ASN.1) container
    * @param eidStatus Status of the E-ID
+   * @param eidData eID information that was used for ERnP registration
    * @return bPK for this person
    * @throws SzrCommunicationException In case of a SZR error
    */
-  public String getEidsaBind(final String vsz, final String bindingPubKey, final String eidStatus)
-      throws SzrCommunicationException {
-
-    final Map<String, Object> bcBindMap = new HashMap<>();
-    bcBindMap.put(ATTR_NAME_VSZ, vsz);
-    bcBindMap.put(ATTR_NAME_STATUS, eidStatus);
-    bcBindMap.put(ATTR_NAME_PUBKEYS, Arrays.asList(bindingPubKey));
-
+  public String getEidsaBind(final String vsz, final String bindingPubKey, final String eidStatus,
+      ErnbEidData eidData)throws SzrCommunicationException {
+
+    final Map<String, Object> eidsaBindMap = new HashMap<>();
+    eidsaBindMap.put(ATTR_NAME_VSZ, vsz);
+    eidsaBindMap.put(ATTR_NAME_STATUS, eidStatus);
+    eidsaBindMap.put(ATTR_NAME_PUBKEYS, Arrays.asList(bindingPubKey));
+    eidsaBindMap.put(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, eidData.getCitizenCountryCode());
+    injectMdsIfAvailableAndActive(eidsaBindMap, eidData);        
+    
     try {
-      final String serializedBcBind = mapper.writeValueAsString(bcBindMap);
+      final String serializedEidasBind = mapper.writeValueAsString(eidsaBindMap);
       final SignContent req = new SignContent();
-      final SignContentEntry bcBindInfo = new SignContentEntry();
-      bcBindInfo.setKey(KEY_BC_BIND);
-      bcBindInfo.setValue(serializedBcBind);
-      req.getIn().add(bcBindInfo);
+      final SignContentEntry eidasBindInfo = new SignContentEntry();
+      eidasBindInfo.setKey(KEY_BC_BIND);
+      eidasBindInfo.setValue(serializedEidasBind);
+      req.getIn().add(eidasBindInfo);
       req.setAppendCert(false);
-      final JwsHeaderParam bcBindJoseHeader = new JwsHeaderParam();
-      bcBindJoseHeader.setKey(JOSE_HEADER_USERCERTPINNING_TYPE);
-      bcBindJoseHeader.setValue(JOSE_HEADER_USERCERTPINNING_EIDASBIND);
-      req.getJWSHeaderParam().add(bcBindJoseHeader);
+      final JwsHeaderParam eidasBindJoseHeader = new JwsHeaderParam();
+      eidasBindJoseHeader.setKey(JOSE_HEADER_USERCERTPINNING_TYPE);
+      eidasBindJoseHeader.setValue(JOSE_HEADER_USERCERTPINNING_EIDASBIND);
+      req.getJWSHeaderParam().add(eidasBindJoseHeader);
 
       log.trace("Requesting SZR to sign bcBind datastructure ... ");
       final SignContentResponseType resp = szr.signContent(req.isAppendCert(), req.getJWSHeaderParam(), req.getIn());
@@ -488,6 +493,19 @@ public class SzrClient {
 
   }
 
+  private void injectMdsIfAvailableAndActive(Map<String, Object> eidsaBindMap, ErnbEidData eidData) {
+    if (basicConfig.getBasicConfigurationBoolean(
+        Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SET_MDS_TO_EIDASBIND, false)) {
+      log.info("Injecting MDS into eidasBind ... ");
+      final Map<String, Object> mds = new HashMap<>();      
+      mds.put(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, eidData.getFamilyName());
+      mds.put(PvpAttributeDefinitions.GIVEN_NAME_NAME, eidData.getGivenName());
+      mds.put(PvpAttributeDefinitions.BIRTHDATE_NAME, eidData.getFormatedDateOfBirth());     
+      eidsaBindMap.put(ATTR_NAME_MDS, mds);
+      
+    }
+  }
+  
   private byte[] sourceToByteArray(Source result) throws TransformerException {
     final TransformerFactory factory = TransformerFactory.newInstance();
     factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index 4ace8cf0..b519354c 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -159,7 +159,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
           // get eIDAS bind
           String signedEidasBind = szrClient.getEidsaBind(vsz, 
               authBlockSigner.getBase64EncodedPublicKey(), 
-              EID_STATUS);
+              EID_STATUS, eidData);
           revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_EIDASBIND_RECEIVED);
           authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind);