aboutsummaryrefslogtreecommitdiff
path: root/modules/authmodule-eIDAS-v2
diff options
context:
space:
mode:
authorThomas <>2022-05-03 14:47:03 +0200
committerThomas <>2022-05-03 14:47:03 +0200
commit363e8657cd060f9a585b8e1dbac88aa12457238f (patch)
tree002bbc76d9a252fd8ee19b0541c06d3c2659cf72 /modules/authmodule-eIDAS-v2
parentd3c76a7cac0e881f91a4ff3a86b40669e9aa1328 (diff)
downloadNational_eIDAS_Gateway-363e8657cd060f9a585b8e1dbac88aa12457238f.tar.gz
National_eIDAS_Gateway-363e8657cd060f9a585b8e1dbac88aa12457238f.tar.bz2
National_eIDAS_Gateway-363e8657cd060f9a585b8e1dbac88aa12457238f.zip
fix(eidas): catch IndexOutOfBand exception in case of eIDAS Attribute that has no attribute-value
Diffstat (limited to 'modules/authmodule-eIDAS-v2')
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java22
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java14
-rw-r--r--modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java54
3 files changed, 73 insertions, 17 deletions
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index ce737526..58ab0c6a 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -445,15 +445,23 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
} else {
final List<String> natPersonIdObj = EidasResponseUtils
.translateStringListAttribute(el, attributeMap.get(el));
- final String stringAttr = natPersonIdObj.get(0);
- if (StringUtils.isNotEmpty(stringAttr)) {
- result.put(el.getFriendlyName(), stringAttr);
- log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + stringAttr);
-
+ if (natPersonIdObj.isEmpty()) {
+ log.info("Ignore attribute: {}, because no attributeValue was found",
+ el.getNameUri());
+
} else {
- log.info("Ignore empty 'String' attribute");
- }
+ final String stringAttr = natPersonIdObj.get(0);
+ if (StringUtils.isNotEmpty(stringAttr)) {
+ result.put(el.getFriendlyName(), stringAttr);
+ log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + stringAttr);
+ } else {
+ log.info("Ignore empty 'String' attributeValue for: {}",
+ el.getNameUri());
+
+ }
+
+ }
}
}
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java
index c8c5a069..ced6ffe6 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java
@@ -32,8 +32,6 @@ import javax.annotation.Nullable;
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
@@ -46,10 +44,10 @@ import eu.eidas.auth.commons.attribute.AttributeValueMarshaller;
import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
import eu.eidas.auth.commons.attribute.AttributeValueTransliterator;
import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class EidasResponseUtils {
- private static final Logger log = LoggerFactory.getLogger(EidasResponseUtils.class);
-
public static final String PERSONALIDENIFIER_VALIDATION_PATTERN = "^[A-Z,a-z]{2}/[A-Z,a-z]{2}/.*";
/**
@@ -97,11 +95,11 @@ public class EidasResponseUtils {
* @param attributeValues Attributes from eIDAS response
* @return Set of attribute values. If more then one value than the first value contains the 'Latin' value.
*/
- // TODO: check possible problem with nonLatinCharacters
+ // TODO: check possible problem with nonLatinCharacters
public static List<String> translateStringListAttribute(AttributeDefinition<?> attributeDefinition,
ImmutableSet<? extends AttributeValue<?>> attributeValues) {
final List<String> stringListAttribute = new ArrayList<>();
- if (attributeValues != null) {
+ if (attributeValues != null && !attributeValues.isEmpty()) {
final AttributeValueMarshaller<?> attributeValueMarshaller = attributeDefinition
.getAttributeValueMarshaller();
for (final AttributeValue<?> attributeValue : attributeValues.asList()) {
@@ -129,12 +127,12 @@ public class EidasResponseUtils {
}
}
-
log.trace("Extract values: {} for attr: {}",
StringUtils.join(stringListAttribute, ","), attributeDefinition.getFriendlyName());
} else {
- log.info("Can not extract infos from 'null' attribute value");
+ log.info("Can not extract infos from '{}' attributeValue for attribute: {}",
+ attributeValues != null ? "empty" : "null", attributeDefinition.getNameUri());
}
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
index 10595402..f8971705 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
@@ -502,6 +502,45 @@ public class CreateIdentityLinkTaskEidNewTest {
}
}
+ @Test
+ public void checkEmptyStringAttribute() throws Exception {
+ //initialize test
+ setSzrResponseIdentityLink("/data/szr/szr_resp_valid_1.xml");
+ String vsz = RandomStringUtils.randomNumeric(10);
+ when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(vsz);
+ val signContentResp = new SignContentResponseType();
+ final SignContentEntry signContentEntry = new SignContentEntry();
+ signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10));
+ signContentResp.getOut().add(signContentEntry);
+ when(szrMock, "signContent", any(), any(), any()).thenReturn(signContentResp);
+
+ String randomTestSp = RandomStringUtils.randomAlphabetic(10);
+ String bindingPubKey = RandomStringUtils.randomAlphabetic(10);
+ pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp);
+ pendingReq.setRawDataToTransaction(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, bindingPubKey);
+
+
+ response = buildDummyAuthResponse(true, true);
+ pendingReq.getSessionData(AuthProcessDataWrapper.class)
+ .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response);
+
+
+ //perform test
+ task.execute(pendingReq, executionContext);
+
+ //validate state
+ // check if pendingRequest was stored
+ IRequest storedPendingReq = requestStorage.getPendingRequest(pendingReq.getPendingRequestId());
+ Assert.assertNotNull("pendingReq not stored", storedPendingReq);
+
+ //check data in session
+ final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class);
+ Assert.assertNotNull("AuthProcessData", authProcessData);
+ Assert.assertNotNull("eidasBind", authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class));
+
+ }
+
+
private Pair<KeyStore, Provider> getKeyStore() throws EaafException {
// read Connector wide config data TODO connector wide!
String keyStoreName = basicConfig.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_NAME);
@@ -537,9 +576,14 @@ public class CreateIdentityLinkTaskEidNewTest {
}
-
@Nonnull
private AuthenticationResponse buildDummyAuthResponse(boolean withAll) throws URISyntaxException {
+ return buildDummyAuthResponse(withAll, false);
+
+ }
+
+ @Nonnull
+ private AuthenticationResponse buildDummyAuthResponse(boolean withAll, boolean withEmpty) throws URISyntaxException {
final AttributeDefinition attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
final AttributeDefinition attributeDef2 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
@@ -559,7 +603,13 @@ public class CreateIdentityLinkTaskEidNewTest {
attributeMap.put(attributeDef3, RandomStringUtils.randomAlphabetic(10));
attributeMap.put(attributeDef4, "2001-01-01");
if (withAll) {
- attributeMap.put(attributeDef5, RandomStringUtils.randomAlphabetic(10));
+ if (withEmpty) {
+ attributeMap.put(attributeDef5, Collections.emptySet());
+
+ } else {
+ attributeMap.put(attributeDef5, RandomStringUtils.randomAlphabetic(10));
+
+ }
attributeMap.put(attributeDef6, RandomStringUtils.randomAlphabetic(10));
}