aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/eidas_proxy-sevice/src
diff options
context:
space:
mode:
authorThomas <>2021-07-27 13:41:47 +0200
committerThomas <>2022-03-03 16:31:57 +0100
commit44464bfe90a47e48cd3a76fb30d38c226f0af786 (patch)
tree2e0274a1584f6e66e8fe88c0bfa766628c98dcf4 /eidas_modules/eidas_proxy-sevice/src
parentce516f7e94bc77946dbe12987505870f9fa2e411 (diff)
downloadNational_eIDAS_Gateway-44464bfe90a47e48cd3a76fb30d38c226f0af786.tar.gz
National_eIDAS_Gateway-44464bfe90a47e48cd3a76fb30d38c226f0af786.tar.bz2
National_eIDAS_Gateway-44464bfe90a47e48cd3a76fb30d38c226f0af786.zip
add work-around for representation of legal person in DE4A project. Work-around can be removed in a future version
Diffstat (limited to 'eidas_modules/eidas_proxy-sevice/src')
-rw-r--r--eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java4
-rw-r--r--eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java26
-rw-r--r--eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java73
-rw-r--r--eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/utils/EidasProxyServiceUtils.java45
-rw-r--r--eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java181
5 files changed, 277 insertions, 52 deletions
diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java
index 65fb556a..bf71ba64 100644
--- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java
+++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java
@@ -39,6 +39,10 @@ public class MsProxyServiceConstants {
public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL =
Constants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.mandates.profiles.legal.default";
+
+ public static final String CONIG_PROPS_EIDAS_PROXY_WORKAROUND_MANDATES_LEGAL_PERSON =
+ Constants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.workaround.mandates.legalperson";
+
// specific eIDAS-Connector configuration
public static final String CONIG_PROPS_CONNECTOR_PREFIX = "connector";
public static final String CONIG_PROPS_CONNECTOR_UNIQUEID = EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER;
diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
index a9cc998e..56b34257 100644
--- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
+++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
@@ -29,6 +29,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants;
import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException;
+import at.asitplus.eidas.specific.modules.msproxyservice.utils.EidasProxyServiceUtils;
import at.gv.egiz.components.eventlog.api.EventConstants;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
@@ -261,7 +262,8 @@ public class EidasProxyServiceController extends AbstractController implements I
throws EidasProxyServiceException {
// check if natural-person and legal-person attributes requested in parallel
if (spConfig.isConfigurationValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_VALIDATION_ATTR_MDS, true)
- && isLegalPersonRequested(eidasRequest) && isNaturalPersonRequested(eidasRequest)) {
+ && EidasProxyServiceUtils.isLegalPersonRequested(eidasRequest)
+ && EidasProxyServiceUtils.isNaturalPersonRequested(eidasRequest)) {
throw new EidasProxyServiceException(ERROR_08, null);
}
@@ -382,7 +384,7 @@ public class EidasProxyServiceController extends AbstractController implements I
injectMandateInfosIntoSpConfig(spConfig, eidasRequest);
} else {
- if (isLegalPersonRequested(eidasRequest)) {
+ if (EidasProxyServiceUtils.isLegalPersonRequested(eidasRequest)) {
throw new EidasProxyServiceException(ERROR_09, null);
}
@@ -400,7 +402,7 @@ public class EidasProxyServiceController extends AbstractController implements I
spConfig.getUniqueIdentifier());
//check if legal person is requested
- boolean isLegalPersonRequested = isLegalPersonRequested(eidasRequest);
+ boolean isLegalPersonRequested = EidasProxyServiceUtils.isLegalPersonRequested(eidasRequest);
// set mandate profiles
if (isLegalPersonRequested) {
@@ -409,7 +411,7 @@ public class EidasProxyServiceController extends AbstractController implements I
spConfig.setMandateMode(SpMandateModes.LEGAL_FORCE);
- } else if (isNaturalPersonRequested(eidasRequest)) {
+ } else if (EidasProxyServiceUtils.isNaturalPersonRequested(eidasRequest)) {
spConfig.setMandateProfiles(KeyValueUtils.getListOfCsvValues(
spConfig.getConfigurationValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL)));
@@ -433,20 +435,4 @@ public class EidasProxyServiceController extends AbstractController implements I
}
}
-
- private boolean isLegalPersonRequested(ILightRequest eidasRequest) {
- return eidasRequest.getRequestedAttributes().entrySet().stream()
- .filter(el -> el.getKey().getFriendlyName().equals(Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER))
- .findFirst()
- .isPresent();
-
- }
-
- private boolean isNaturalPersonRequested(ILightRequest eidasRequest) {
- return eidasRequest.getRequestedAttributes().entrySet().stream()
- .filter(el -> el.getKey().getFriendlyName().equals(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
- .findFirst()
- .isPresent();
-
- }
}
diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
index 805bbc42..33d9fdc0 100644
--- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
+++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
@@ -20,6 +20,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants;
import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException;
+import at.asitplus.eidas.specific.modules.msproxyservice.utils.EidasProxyServiceUtils;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder;
@@ -94,7 +95,7 @@ public class ProxyServiceAuthenticationAction implements IAction {
lightRespBuilder.issuer(basicConfig.getBasicConfiguration(
MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_NODE_ENTITYID));
lightRespBuilder.levelOfAssurance(authData.getEidasQaaLevel());
- lightRespBuilder.attributes(buildAttributesFromAuthData(authData));
+ lightRespBuilder.attributes(buildAttributesFromAuthData(authData, eidasReq));
// set SLO response object of EAAF framework
final SloInformationImpl sloInformation = new SloInformationImpl();
@@ -202,13 +203,18 @@ public class ProxyServiceAuthenticationAction implements IAction {
}
- private ImmutableAttributeMap buildAttributesFromAuthData(IAuthData authData) {
+ private ImmutableAttributeMap buildAttributesFromAuthData(IAuthData authData,
+ ILightRequest eidasReq) {
IEidAuthData eidAuthData = (IEidAuthData) authData;
if (eidAuthData.isUseMandate()) {
log.debug("Building eIDAS Proxy-Service response with mandate ... ");
final ImmutableAttributeMap.Builder attributeMap = ImmutableAttributeMap.builder();
injectRepesentativeInformation(attributeMap, eidAuthData);
- injectMandatorInformation(attributeMap, eidAuthData);
+ injectMandatorInformation(attributeMap, eidAuthData);
+
+ // work-around that injects nat. person subject to bypass validation on eIDAS Node
+ injectJurPersonWorkaroundIfRequired(attributeMap, eidasReq, authData);
+
return attributeMap.build();
} else {
@@ -217,7 +223,7 @@ public class ProxyServiceAuthenticationAction implements IAction {
}
}
-
+
private void injectMandatorInformation(
ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData) {
String natMandatorId = eidAuthData.getGenericData(
@@ -278,7 +284,39 @@ public class ProxyServiceAuthenticationAction implements IAction {
}
- private ImmutableAttributeMap buildAttributesWithoutMandate(IEidAuthData eidAuthData) {
+ /**
+ * Work-around to inject representative information as nat. person subject to bypass eIDAS Node validation.
+ *
+ * <p><b>Injection will only be done if this work-around is enabled by configuration,
+ * the mandator is a legal person, and both legal and natural person subject's is requested.</b></p>
+ *
+ * @param attributeMap Attribute set for eIDAS response
+ * @param eidasReq Incoming eIDAS request
+ * @param authData Authentication data
+ */
+ private void injectJurPersonWorkaroundIfRequired(
+ ImmutableAttributeMap.Builder attributeMap, ILightRequest eidasReq, IAuthData authData) {
+ if (isLegalPersonWorkaroundActive() && isLegalPersonMandateAvailable(authData)
+ && EidasProxyServiceUtils.isNaturalPersonRequested(eidasReq)
+ && EidasProxyServiceUtils.isLegalPersonRequested(eidasReq)) {
+ log.debug("Injecting representative information as nat. person subject to bypass eIDAS Node validation");
+ attributeMap.putAll(buildAttributesWithoutMandate(authData));
+
+ }
+ }
+
+ private ImmutableAttributeMap buildAttributesWithoutMandate(IAuthData eidAuthData) {
+ //TODO: throw an error in case of SZR Date with month or day = "00"
+ return buildAttributesWithoutMandate(
+ eidAuthData.getGenericData(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class),
+ eidAuthData.getFamilyName(),
+ eidAuthData.getGivenName(),
+ eidAuthData.getDateOfBirth());
+
+ }
+
+ private ImmutableAttributeMap buildAttributesWithoutMandate(String personalIdentifier, String familyName,
+ String givenName, String dateOfBirth) {
final AttributeDefinition<?> attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
final AttributeDefinition<?> attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
@@ -290,18 +328,15 @@ public class ProxyServiceAuthenticationAction implements IAction {
final ImmutableAttributeMap.Builder attributeMap =
ImmutableAttributeMap.builder()
- .put(attrDefPersonalId,
- eidAuthData.getGenericData(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class))
- .put(attrDefFamilyName, eidAuthData.getFamilyName())
- .put(attrDefGivenName, eidAuthData.getGivenName())
-
- //TODO: throw an error in case of SZR Date with month or day = "00"
- .put(attrDefDateOfBirth, eidAuthData.getDateOfBirth());
+ .put(attrDefPersonalId, personalIdentifier)
+ .put(attrDefFamilyName, familyName)
+ .put(attrDefGivenName, givenName)
+ .put(attrDefDateOfBirth, dateOfBirth);
return attributeMap.build();
}
-
+
private BinaryLightToken putResponseInCommunicationCache(ILightResponse lightResponse)
throws ServletException {
final BinaryLightToken binaryLightToken;
@@ -322,5 +357,17 @@ public class ProxyServiceAuthenticationAction implements IAction {
return binaryLightToken;
}
+ private boolean isLegalPersonWorkaroundActive() {
+ return basicConfig.getBasicConfigurationBoolean(
+ MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_WORKAROUND_MANDATES_LEGAL_PERSON,
+ false);
+
+ }
+
+ private boolean isLegalPersonMandateAvailable(IAuthData authData) {
+ return StringUtils.isNoneEmpty(authData.getGenericData(
+ MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, String.class));
+
+ }
}
diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/utils/EidasProxyServiceUtils.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/utils/EidasProxyServiceUtils.java
new file mode 100644
index 00000000..4cd7ba6c
--- /dev/null
+++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/utils/EidasProxyServiceUtils.java
@@ -0,0 +1,45 @@
+package at.asitplus.eidas.specific.modules.msproxyservice.utils;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import eu.eidas.auth.commons.light.ILightRequest;
+
+/**
+ * Common utils for eIDAS Proxy-Service implementation.
+ *
+ * @author tlenz
+ *
+ */
+public class EidasProxyServiceUtils {
+
+ /**
+ * Check if legal person subject is requested by eIDAS Connector.
+ *
+ * @param eidasRequest Authentication request from eIDAS Connector.
+ * @return <code>true</code> if <i>LegalPersonIdentifier</i> is requested, otherwise <code>false</code>lse
+ */
+ public static boolean isLegalPersonRequested(ILightRequest eidasRequest) {
+ return eidasRequest.getRequestedAttributes().entrySet().stream()
+ .filter(el -> el.getKey().getFriendlyName().equals(Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER))
+ .findFirst()
+ .isPresent();
+
+ }
+
+ /**
+ * Check if natural person subject is requested by eIDAS Connector.
+ *
+ * @param eidasRequest Authentication request from eIDAS Connector.
+ * @return <code>true</code> if <i>PersonIdentifier</i> is requested, otherwise <code>false</code>lse
+ */
+ public static boolean isNaturalPersonRequested(ILightRequest eidasRequest) {
+ return eidasRequest.getRequestedAttributes().entrySet().stream()
+ .filter(el -> el.getKey().getFriendlyName().equals(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
+ .findFirst()
+ .isPresent();
+
+ }
+
+ private EidasProxyServiceUtils() {
+ //hide constructor for class with static methods only
+ }
+}
diff --git a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java
index a42b30d4..a5c76773 100644
--- a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java
+++ b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java
@@ -4,6 +4,7 @@ import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CON
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertThrows;
import static org.junit.Assert.assertTrue;
@@ -57,6 +58,7 @@ import eu.eidas.auth.commons.attribute.AttributeDefinition;
import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
import eu.eidas.auth.commons.light.ILightResponse;
import eu.eidas.auth.commons.light.impl.LightRequest;
+import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames;
import eu.eidas.specificcommunication.exception.SpecificCommunicationException;
import eu.eidas.specificcommunication.protocol.SpecificCommunicationService;
@@ -93,7 +95,9 @@ public class ProxyServiceAuthenticationActionTest {
RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint",
- "http://eidas.proxy/endpoint");
+ "http://eidas.proxy/endpoint");
+ basicConfig.putConfigValue("auth.eIDAS.proxy.workaround.mandates.legalperson",
+ "false");
final Map<String, String> spConfig = new HashMap<>();
spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp");
@@ -106,15 +110,7 @@ public class ProxyServiceAuthenticationActionTest {
pendingReq.initialize(httpReq, basicConfig);
pendingReq.setOnlineApplicationConfiguration(oaParam);
- LightRequest.Builder eidasRequestBuilder = LightRequest.builder()
- .id(UUID.randomUUID().toString())
- .issuer(RandomStringUtils.randomAlphabetic(10))
- .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
- .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
- .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
- .spType("public")
- .requesterId(RandomStringUtils.randomAlphanumeric(10))
- .providerName(RandomStringUtils.randomAlphanumeric(10));
+ LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
pendingReq.setEidasRequest(eidasRequestBuilder.build());
@@ -252,6 +248,136 @@ public class ProxyServiceAuthenticationActionTest {
checkAttrValue(respAttr, Constants.eIDAS_ATTR_LEGALNAME,
(String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME));
+ assertNull("find nat. person subject: personalId",
+ getAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER));
+ assertNull("find nat. person subject: familyName",
+ getAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME));
+ assertNull("find nat. person subject: givenName",
+ getAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME));
+ assertNull("find nat. person subject: dateOfBirth",
+ getAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH));
+
+ }
+
+ @Test
+ public void responseWithNatMandateWithWorkAround() throws EaafException, SpecificCommunicationException {
+ basicConfig.putConfigValue("auth.eIDAS.proxy.workaround.mandates.legalperson",
+ "true");
+
+ //request natural person subject only
+ LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+ eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder().put(
+ attrRegistry.getCoreAttributeRegistry().getByFriendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build());
+ pendingReq.setEidasRequest(eidasRequestBuilder.build());
+
+
+ Map<String, Object> attr = new HashMap<>();
+ attr.put(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER,
+ "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
+
+ attr.put(MsProxyServiceConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER,
+ RandomStringUtils.randomAlphabetic(10));
+ attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME,
+ RandomStringUtils.randomAlphabetic(10));
+ attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME,
+ RandomStringUtils.randomAlphabetic(10));
+ attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME,
+ "1985-11-15");
+
+
+ IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+ RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+
+ //perform test
+ SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+
+ //validate state
+ Assert.assertNotNull("Result should be not null", result);
+
+ ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+ assertEquals("wrong attr. size", 8, respAttr.size());
+
+ }
+
+ @Test
+ public void responseWithJurMandateWithWorkAround() throws EaafException, SpecificCommunicationException {
+ basicConfig.putConfigValue("auth.eIDAS.proxy.workaround.mandates.legalperson",
+ "true");
+
+ //request natural person subject only
+ LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+ eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+ .build());
+ pendingReq.setEidasRequest(eidasRequestBuilder.build());
+
+ Map<String, Object> attr = new HashMap<>();
+ attr.put(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER,
+ "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
+ IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+ RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+
+ attr.put(MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER,
+ RandomStringUtils.randomAlphabetic(10));
+ attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
+ RandomStringUtils.randomAlphabetic(10));
+
+ //perform test
+ SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+
+ //validate state
+ Assert.assertNotNull("Result should be not null", result);
+
+ ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+ assertEquals("wrong attr. size", 10, respAttr.size());
+ checkAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER,
+ (String) attr.get(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER));
+ checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName());
+ checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName());
+ checkAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH, authData.getDateOfBirth());
+
+ }
+
+ @Test
+ public void responseWithJurMandateWithWorkAroundNoNatSubject() throws EaafException, SpecificCommunicationException {
+ basicConfig.putConfigValue("auth.eIDAS.proxy.workaround.mandates.legalperson",
+ "true");
+
+ //request natural person subject only
+ LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+ eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+ .build());
+ pendingReq.setEidasRequest(eidasRequestBuilder.build());
+
+ Map<String, Object> attr = new HashMap<>();
+ attr.put(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER,
+ "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
+ IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+ RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+
+ attr.put(MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER,
+ RandomStringUtils.randomAlphabetic(10));
+ attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
+ RandomStringUtils.randomAlphabetic(10));
+
+ //perform test
+ SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+
+ //validate state
+ Assert.assertNotNull("Result should be not null", result);
+
+ ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+ assertEquals("wrong attr. size", 6, respAttr.size());
+ assertNull("find nat. person subject: personalId",
+ getAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER));
+ assertNull("find nat. person subject: familyName",
+ getAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME));
+ assertNull("find nat. person subject: givenName",
+ getAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME));
+ assertNull("find nat. person subject: dateOfBirth",
+ getAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH));
}
@@ -271,20 +397,24 @@ public class ProxyServiceAuthenticationActionTest {
}
- private void checkAttrValue(ImmutableAttributeMap respAttr, String attrName, String expected) {
+ private Object getAttrValue(ImmutableAttributeMap respAttr, String attrName) {
final AttributeDefinition<?> attrDef =
attrRegistry.getCoreAttributeRegistry().getByFriendlyName(attrName).first();
- Object value = respAttr.getFirstValue(attrDef);
- assertNotNull("not attr value: " + attrName, value);
+ return respAttr.getFirstValue(attrDef);
+
+ }
+
+ private void checkAttrValue(ImmutableAttributeMap respAttr, String attrName, String expected) {
+ Object value = getAttrValue(respAttr, attrName);
+ assertNotNull("not attr value: " + attrName, value);
- if (value instanceof String) {
- assertEquals("wrong attr. value: " + attrName, expected, value);
+ if (value instanceof String) {
+ assertEquals("wrong attr. value: " + attrName, expected, value);
- } else if ( value instanceof DateTime) {
- assertEquals("wrong attr. value: " + attrName, expected, ((DateTime)value).toString("yyyy-MM-dd"));
+ } else if ( value instanceof DateTime) {
+ assertEquals("wrong attr. value: " + attrName, expected, ((DateTime)value).toString("yyyy-MM-dd"));
- }
-
+ }
}
private ImmutableAttributeMap validateBasicEidasResponse(IAuthData authData) throws SpecificCommunicationException {
@@ -308,6 +438,19 @@ public class ProxyServiceAuthenticationActionTest {
}
+ private Builder generateBasicLightRequest() {
+ return LightRequest.builder()
+ .id(UUID.randomUUID().toString())
+ .issuer(RandomStringUtils.randomAlphabetic(10))
+ .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+ .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+ .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+ .spType("public")
+ .requesterId(RandomStringUtils.randomAlphanumeric(10))
+ .providerName(RandomStringUtils.randomAlphanumeric(10));
+
+ }
+
private IAuthData generateDummyAuthData(Map<String, Object> attrs, String loa, String familyName, String givenName, String dateOfBirth,
boolean useMandates) {
return new IEidAuthData() {