add mandate functionality into eIDAS out-going process

author: Thomas <> 2021-03-30 15:08:07 +0200
committer: Thomas <> 2022-03-03 16:31:56 +0100
commit: 2daed784e006d449de5b6151f6e109ab2a829749 (patch)
tree: 0d5a6b14f690a0237003020f6e48d143eaf7c5d3 /eidas_modules/eidas_proxy-sevice
parent: 1ae77e971928a44dd278eaa473392c35855c4227 (diff)
download: National_eIDAS_Gateway-2daed784e006d449de5b6151f6e109ab2a829749.tar.gz
National_eIDAS_Gateway-2daed784e006d449de5b6151f6e109ab2a829749.tar.bz2
National_eIDAS_Gateway-2daed784e006d449de5b6151f6e109ab2a829749.zip
5 files changed, 414 insertions, 14 deletions
diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java
index e5d4d33e..336e6c05 100644
--- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java
+++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java
@@ -18,12 +18,26 @@ public class MsProxyServiceConstants {
   public static final String ATTR_EIDAS_PERSONAL_IDENTIFIER = 
       AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER + PvpAttributeDefinitions.BPK_NAME;
   
+  public static final String ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER = 
+      AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER + PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME;
+  public static final String ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER = 
+      AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER 
+      + PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME;
+    
   //configuration constants
   public static final String CONIG_PROPS_EIDAS_PROXY_NODE_ENTITYID = Constants.CONIG_PROPS_EIDAS_NODE
       + ".proxy.entityId";
   public static final String CONIG_PROPS_EIDAS_PROXY_NODE_FORWARD_URL = Constants.CONIG_PROPS_EIDAS_NODE
       + ".proxy.forward.endpoint";
-
+  
+  // mandate configuration
+  public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED = Constants.CONIG_PROPS_EIDAS_PREFIX
+      + ".proxy.mandates.enabled";  
+  public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT = Constants.CONIG_PROPS_EIDAS_PREFIX
+      + ".proxy.mandates.profiles.default";
+  public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_SPECIFIC = Constants.CONIG_PROPS_EIDAS_PREFIX
+      + ".proxy.mandates.profiles.specific.";
+  
   
   //http end-points
   public static final String EIDAS_HTTP_ENDPOINT_IDP_POST = "/eidas/light/idp/post";
diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
index aafe57e7..8e417c36 100644
--- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
+++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
@@ -2,7 +2,9 @@ package at.asitplus.eidas.specific.modules.msproxyservice.protocol;
 
 import java.io.IOException;
 import java.text.MessageFormat;
+import java.util.Collections;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.stream.Collectors;
 
@@ -30,6 +32,7 @@ import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
 import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import eu.eidas.auth.commons.EidasParameterKeys;
 import eu.eidas.auth.commons.light.ILightRequest;
 import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames;
@@ -221,7 +224,10 @@ public class EidasProxyServiceController extends AbstractController implements I
           EaafConstants.URN_PREFIX_EIDAS + ccCountry + "+" + spCountry);    
       spConfig.setRequiredLoA(
           eidasRequest.getLevelsOfAssurance().stream().map(el -> el.getValue()).collect(Collectors.toList()));
-            
+           
+      spConfig.setMandateProfiles(buildMandateProfileConfiguration(eidasRequest));
+      
+      
       return spConfig;
       
     } catch (EaafException e) {
@@ -230,4 +236,28 @@ public class EidasProxyServiceController extends AbstractController implements I
     }    
   }
 
+  private List<String> buildMandateProfileConfiguration(ILightRequest eidasRequest) {
+    if (authConfig.getBasicConfigurationBoolean(
+        MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, false)) {
+      log.trace("eIDAS Proxy-Service allows mandates. Selecting profiles ... ");      
+      List<String> spMandateProfiles = authConfig.getBasicConfigurationWithPrefix(
+          MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_SPECIFIC)
+            .entrySet().stream()
+            .filter(el -> el.getKey().endsWith(eidasRequest.getSpCountryCode().toLowerCase()))
+            .findFirst()
+            .map(el -> KeyValueUtils.getListOfCsvValues(el.getValue()))
+            .orElse(KeyValueUtils.getListOfCsvValues(
+                authConfig.getBasicConfiguration(
+                    MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT)));
+          
+      log.debug("Set mandate-profiles: {} to request from country: {}",
+          spMandateProfiles, eidasRequest.getSpCountryCode());
+      return spMandateProfiles;
+      
+    }
+          
+    return Collections.emptyList();
+    
+  }
+
 }
diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
index c51db460..9de2eb79 100644
--- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
+++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
@@ -21,10 +21,12 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRe
 import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants;
 import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException;
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
 import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder;
 import at.gv.egiz.eaaf.core.api.idp.IAction;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.IEidAuthData;
 import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface;
 import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
@@ -143,6 +145,80 @@ public class ProxyServiceAuthenticationAction implements IAction {
   
   
   private ImmutableAttributeMap buildAttributesFromAuthData(IAuthData authData) {
+    IEidAuthData eidAuthData = (IEidAuthData) authData;
+    if (eidAuthData.isUseMandate()) {
+      log.debug("Building eIDAS Proxy-Service response with mandate ... ");
+      final ImmutableAttributeMap.Builder attributeMap = ImmutableAttributeMap.builder();
+      injectRepesentativeInformation(attributeMap, eidAuthData);
+      injectMandatorInformation(attributeMap, eidAuthData);  
+      return attributeMap.build();
+            
+    } else {
+      log.debug("Building eIDAS Proxy-Service response without mandates ... ");
+      return buildAttributesWithoutMandate(eidAuthData);
+      
+    }   
+  }
+  
+  private void injectMandatorInformation(
+      ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData) {    
+    String natMandatorId = eidAuthData.getGenericData(
+        MsProxyServiceConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, String.class);
+    
+    if (StringUtils.isNotEmpty(natMandatorId)) {
+      log.debug("Injecting natural mandator informations ... ");
+      final AttributeDefinition<?> attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+          Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
+      final AttributeDefinition<?> attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+          Constants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
+      final AttributeDefinition<?> attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+          Constants.eIDAS_ATTR_CURRENTGIVENNAME).first();
+      final AttributeDefinition<?> attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+          Constants.eIDAS_ATTR_DATEOFBIRTH).first();
+      
+      attributeMap.put(attrDefPersonalId, natMandatorId);
+      attributeMap.put(attrDefFamilyName, eidAuthData.getGenericData(
+          PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class));
+      attributeMap.put(attrDefGivenName, eidAuthData.getGenericData(
+          PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class));
+      attributeMap.put(attrDefDateOfBirth, eidAuthData.getGenericData(
+          PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, String.class));
+      
+    } else {
+      log.debug("Injecting legal mandator informations ... ");
+      final AttributeDefinition<?> commonName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+          Constants.eIDAS_ATTR_LEGALNAME).first();
+      final AttributeDefinition<?> legalPersonId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+          Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first();
+      
+      attributeMap.put(commonName, eidAuthData.getGenericData(
+          PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, String.class));
+      attributeMap.put(legalPersonId, eidAuthData.getGenericData(
+          MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, String.class));
+            
+    }            
+  }
+
+  private void injectRepesentativeInformation(
+      ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData) {
+    final AttributeDefinition<?> attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+        Constants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER).first();
+    final AttributeDefinition<?> attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+        Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME).first();
+    final AttributeDefinition<?> attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+        Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME).first();
+    final AttributeDefinition<?> attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+        Constants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH).first();
+   
+    attributeMap.put(attrDefPersonalId, 
+            eidAuthData.getGenericData(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class));
+    attributeMap.put(attrDefFamilyName, eidAuthData.getFamilyName());
+    attributeMap.put(attrDefGivenName, eidAuthData.getGivenName());
+    attributeMap.put(attrDefDateOfBirth, eidAuthData.getFormatedDateOfBirth());
+    
+  }
+
+  private ImmutableAttributeMap buildAttributesWithoutMandate(IEidAuthData eidAuthData) {
     final AttributeDefinition<?> attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
         Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
     final AttributeDefinition<?> attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
@@ -153,16 +229,17 @@ public class ProxyServiceAuthenticationAction implements IAction {
         Constants.eIDAS_ATTR_DATEOFBIRTH).first();
    
     final ImmutableAttributeMap.Builder attributeMap = 
-        ImmutableAttributeMap.builder().put(attrDefPersonalId, 
-            authData.getGenericData(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class))
-        .put(attrDefFamilyName, authData.getFamilyName())
-        .put(attrDefGivenName, authData.getGivenName())
-        .put(attrDefDateOfBirth, authData.getFormatedDateOfBirth());
+        ImmutableAttributeMap.builder()
+        .put(attrDefPersonalId, 
+            eidAuthData.getGenericData(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class))
+        .put(attrDefFamilyName, eidAuthData.getFamilyName())
+        .put(attrDefGivenName, eidAuthData.getGivenName())
+        .put(attrDefDateOfBirth, eidAuthData.getFormatedDateOfBirth());
     
     return attributeMap.build();
     
   }
-  
+
   private BinaryLightToken putResponseInCommunicationCache(ILightResponse lightResponse)
       throws ServletException {
     final BinaryLightToken binaryLightToken;
diff --git a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java
index 9ce7115a..1a19b723 100644
--- a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java
+++ b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java
@@ -1,13 +1,20 @@
 package at.asitplus.eidas.specific.modules.auth.idaustria.test.protocol;
 
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertThrows;
+import static org.junit.Assert.assertTrue;
 
 import java.io.IOException;
 import java.net.URISyntaxException;
 import java.text.MessageFormat;
+import java.util.Arrays;
+import java.util.List;
 import java.util.UUID;
 
 import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
@@ -23,6 +30,7 @@ import org.springframework.web.context.request.ServletRequestAttributes;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
 import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration;
+import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService;
 import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants;
@@ -51,6 +59,8 @@ public class EidasProxyServiceControllerTest {
   @Autowired private DummySpecificCommunicationService proxyService;
   @Autowired private DummyProtocolAuthService authService;
   
+  @Autowired MsConnectorDummyConfigMap config;
+  
   private MockHttpServletRequest httpReq;
   private MockHttpServletResponse httpResp;
   
@@ -167,6 +177,91 @@ public class EidasProxyServiceControllerTest {
         EaafConstants.URN_PREFIX_EIDAS + "AT+" + spCountryCode, 
         spConfig.getAreaSpecificTargetIdentifier());
     
+    assertNotNull("mandateprofiles", spConfig.getMandateProfiles());
+    assertTrue("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty());
+    
   }
 
+  @Test
+  public void validAuthnRequestWithMandatesDefaultProfiles() throws IOException, EaafException {       
+    //initialize state
+    httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));    
+    String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+    LightRequest.Builder authnReqBuilder = LightRequest.builder()
+        .id(UUID.randomUUID().toString())
+        .issuer(RandomStringUtils.randomAlphabetic(10))
+        .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .spCountryCode(spCountryCode)
+        .spType("public");
+    
+    proxyService.setiLightRequest(authnReqBuilder.build());
+    
+    List<String> mandateProfiles = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true");
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT, 
+        StringUtils.join(mandateProfiles, ","));
+    
+    //execute
+    controller.receiveEidasAuthnRequest(httpReq, httpResp);
+    
+    //validate state
+    ServiceProviderConfiguration spConfig = 
+        authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class);
+    assertNotNull("mandateprofiles", spConfig.getMandateProfiles());
+    assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty());
+    assertEquals("mandateprofile size", mandateProfiles.size(), spConfig.getMandateProfiles().size());
+    spConfig.getMandateProfiles().stream()
+        .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfiles.contains(el)));
+    
+  }
+  
+  @Test
+  public void validAuthnRequestWithMandatesCountryProfiles() throws IOException, EaafException {       
+    //initialize state
+    httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));    
+    String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+    LightRequest.Builder authnReqBuilder = LightRequest.builder()
+        .id(UUID.randomUUID().toString())
+        .issuer(RandomStringUtils.randomAlphabetic(10))
+        .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .spCountryCode(spCountryCode)
+        .spType("public");
+    
+    proxyService.setiLightRequest(authnReqBuilder.build());
+    
+    List<String> mandateProfiles = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+    List<String> mandateProfilesCc1 = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+    List<String> mandateProfilesCc2 = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true");
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT, 
+        StringUtils.join(mandateProfiles, ","));
+    
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_SPECIFIC 
+        + RandomStringUtils.randomAlphabetic(2).toLowerCase(),
+        StringUtils.join(mandateProfilesCc1, ","));    
+    config.putConfigValue(
+        MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_SPECIFIC + spCountryCode.toLowerCase(),
+        StringUtils.join(mandateProfilesCc2, ","));
+    
+    
+    //execute
+    controller.receiveEidasAuthnRequest(httpReq, httpResp);
+    
+    //validate state
+    ServiceProviderConfiguration spConfig = 
+        authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class);
+    assertNotNull("mandateprofiles", spConfig.getMandateProfiles());
+    assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty());
+    assertEquals("mandateprofile size", mandateProfiles.size(), spConfig.getMandateProfiles().size());
+    spConfig.getMandateProfiles().stream()
+        .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfilesCc2.contains(el)));
+    
+  }
+  
 }
diff --git a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java
index 96429d71..3236bbf0 100644
--- a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java
+++ b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java
@@ -1,9 +1,14 @@
 package at.asitplus.eidas.specific.modules.auth.idaustria.test.protocol;
 
 import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertThrows;
+import static org.junit.Assert.assertTrue;
 
 import java.net.URISyntaxException;
+import java.net.URLDecoder;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.Date;
@@ -12,10 +17,12 @@ import java.util.Map;
 import java.util.UUID;
 
 import org.apache.commons.lang3.RandomStringUtils;
+import org.joda.time.DateTime;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import org.opensaml.saml.saml2.core.NameIDType;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
@@ -26,20 +33,33 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 
+import com.google.common.collect.ImmutableSortedSet;
+
 import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
 import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummySpConfiguration;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask;
 import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants;
 import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServiceAuthenticationAction;
 import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServicePendingRequest;
 import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IEidAuthData;
 import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import eu.eidas.auth.commons.attribute.AttributeDefinition;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.light.ILightResponse;
 import eu.eidas.auth.commons.light.impl.LightRequest;
+import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames;
+import eu.eidas.specificcommunication.exception.SpecificCommunicationException;
+import eu.eidas.specificcommunication.protocol.SpecificCommunicationService;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @PrepareForTest(CreateIdentityLinkTask.class)
@@ -52,11 +72,13 @@ public class ProxyServiceAuthenticationActionTest {
   @Autowired private MsConnectorDummyConfigMap basicConfig;
   @Autowired private ProxyServiceAuthenticationAction action;
   @Autowired private ApplicationContext context;
+  @Autowired EidasAttributeRegistry attrRegistry;
   
   private MockHttpServletRequest httpReq;
   private MockHttpServletResponse httpResp;
   private ProxyServicePendingRequest pendingReq;
   private MsConnectorDummySpConfiguration oaParam;
+  private SpecificCommunicationService springManagedSpecificConnectorCommunicationService;
   
    
   /**
@@ -95,6 +117,12 @@ public class ProxyServiceAuthenticationActionTest {
         .providerName(RandomStringUtils.randomAlphanumeric(10));
     pendingReq.setEidasRequest(eidasRequestBuilder.build());
     
+    
+    springManagedSpecificConnectorCommunicationService =
+        (SpecificCommunicationService) context.getBean(
+            SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE
+                .toString());
+    
   }
   
   @Test
@@ -114,7 +142,7 @@ public class ProxyServiceAuthenticationActionTest {
     attr.put(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
         "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
     IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
-        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18");
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false);
     basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint");
         
     EaafException exception = assertThrows(EaafException.class,
@@ -124,12 +152,86 @@ public class ProxyServiceAuthenticationActionTest {
   }
   
   @Test 
-  public void dummyResponseActionTest() throws EaafException {
+  public void responseWithoutMandate() throws EaafException, SpecificCommunicationException {
+    Map<String, Object> attr = new HashMap<>();
+    attr.put(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
+    IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false);
+    
+    //perform test
+    SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+    
+    //validate state
+    Assert.assertNotNull("Result should be not null", result);
+    
+    ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+    assertEquals("wrong attr. size", 4, respAttr.size());    
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER, 
+        (String) attr.get(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER));
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName());
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName());
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH, 
+        authData.getFormatedDateOfBirth());
+        
+  }
+  
+  @Test 
+  public void responseWithNatMandate() throws EaafException, SpecificCommunicationException {
+    Map<String, Object> attr = new HashMap<>();
+    attr.put(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
+    
+    attr.put(MsProxyServiceConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME,
+        "1985-11-15");
+    
+    
+    IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+    
+    //perform test
+    SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+    
+    //validate state
+    Assert.assertNotNull("Result should be not null", result);
+    
+    ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+    assertEquals("wrong attr. size", 8, respAttr.size());    
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, 
+        (String) attr.get(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER));
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName());
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName());
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getFormatedDateOfBirth());
+
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER, 
+        (String) attr.get(MsProxyServiceConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER));
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME, 
+        (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME));
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME, 
+        (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME));
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH, 
+        (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME));
+           
+  }
+  
+  @Test 
+  public void responseWithJurMandate() throws EaafException, SpecificCommunicationException {
     Map<String, Object> attr = new HashMap<>();
     attr.put(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
         "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
     IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
-        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18");
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+    
+    attr.put(MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
+        RandomStringUtils.randomAlphabetic(10));
     
     //perform test
     SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
@@ -137,6 +239,20 @@ public class ProxyServiceAuthenticationActionTest {
     //validate state
     Assert.assertNotNull("Result should be not null", result);
     
+    ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+    assertEquals("wrong attr. size", 6, respAttr.size());  
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, 
+        (String) attr.get(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER));
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName());
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName());
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getFormatedDateOfBirth());
+   
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER, 
+        (String) attr.get(MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER));
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_LEGALNAME, 
+        (String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME));
+    
+    
   }
   
   @Test
@@ -151,12 +267,50 @@ public class ProxyServiceAuthenticationActionTest {
   
   private IAuthData generateDummyAuthData() {
     return generateDummyAuthData(Collections.emptyMap(), EaafConstants.EIDAS_LOA_LOW, 
-        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1940-01-01");
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1940-01-01", false);
     
   }
   
-  private IAuthData generateDummyAuthData(Map<String, Object> attrs, String loa, String familyName, String givenName, String dateOfBirth) {
-    return new IAuthData() {
+  private void checkAttrValue(ImmutableAttributeMap respAttr, String attrName, String expected) {
+    final AttributeDefinition<?> attrDef = 
+        attrRegistry.getCoreAttributeRegistry().getByFriendlyName(attrName).first();
+    Object value = respAttr.getFirstValue(attrDef);  
+   assertNotNull("not attr value: " + attrName, value);
+   
+   if (value instanceof String) {
+     assertEquals("wrong attr. value: " + attrName, expected, value);
+     
+   } else if ( value instanceof DateTime) {
+     assertEquals("wrong attr. value: " + attrName, expected, ((DateTime)value).toString("yyyy-MM-dd"));
+          
+   }
+        
+  }
+  
+  private ImmutableAttributeMap validateBasicEidasResponse(IAuthData authData) throws SpecificCommunicationException {
+    assertNotNull("not redirct Header", httpResp.getHeader("Location"));
+    assertTrue("wrong redirect URL", httpResp.getHeader("Location").startsWith("http://eidas.proxy/endpoint?token="));    
+    String token = httpResp.getHeader("Location").substring("http://eidas.proxy/endpoint?token=".length());
+    
+    ILightResponse resp = springManagedSpecificConnectorCommunicationService.getAndRemoveResponse(URLDecoder.decode(token), 
+        ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes()));    
+    
+    assertNotNull("responseId", resp.getId());
+    assertEquals("inResponseTo", pendingReq.getEidasRequest().getId(), resp.getInResponseToId());
+    assertEquals("relayState", pendingReq.getEidasRequest().getRelayState(), resp.getRelayState());
+    assertEquals("LoA", authData.getEidasQaaLevel(), resp.getLevelOfAssurance());
+    
+    assertNotNull("subjectNameId", resp.getSubject());
+    assertEquals("subjectNameIdFormat", NameIDType.TRANSIENT, resp.getSubjectNameIdFormat());
+    
+    assertFalse("not attributes", resp.getAttributes().isEmpty());    
+    return resp.getAttributes();
+    
+  }
+  
+  private IAuthData generateDummyAuthData(Map<String, Object> attrs, String loa, String familyName, String givenName, String dateOfBirth, 
+      boolean useMandates) {
+    return new IEidAuthData() {
       
       @Override
       public boolean isSsoSession() {
@@ -303,6 +457,36 @@ public class ProxyServiceAuthenticationActionTest {
         // TODO Auto-generated method stub
         return null;
       }
+
+      @Override
+      public byte[] getSignerCertificate() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+
+      @Override
+      public byte[] getEidToken() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+
+      @Override
+      public EidIdentityStatusLevelValues getEidStatus() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+
+      @Override
+      public String getVdaEndPointUrl() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+
+      @Override
+      public boolean isUseMandate() {
+        return useMandates;
+        
+      }
     };
     
   }
author	Thomas <>	2021-03-30 15:08:07 +0200
committer	Thomas <>	2022-03-03 16:31:56 +0100
commit	2daed784e006d449de5b6151f6e109ab2a829749 (patch)
tree	0d5a6b14f690a0237003020f6e48d143eaf7c5d3 /eidas_modules/eidas_proxy-sevice
parent	1ae77e971928a44dd278eaa473392c35855c4227 (diff)
download	National_eIDAS_Gateway-2daed784e006d449de5b6151f6e109ab2a829749.tar.gz National_eIDAS_Gateway-2daed784e006d449de5b6151f6e109ab2a829749.tar.bz2 National_eIDAS_Gateway-2daed784e006d449de5b6151f6e109ab2a829749.zip