feat(eidas): add advanced SP config post-processing based on requested attributes

5 files changed, 135 insertions, 3 deletions

diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
index 830360e0..4f62b2eb 100644
--- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
@@ -731,6 +731,112 @@ public class EidasProxyServiceControllerTest {
     
   }
   
+  
+  @Test
+  public void validAuthnRequestWithBorisAttributeLegal() throws IOException, EaafException {       
+    //initialize state
+    httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));    
+    String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+    String issuer = RandomStringUtils.randomAlphabetic(10);
+    LightRequest.Builder authnReqBuilder = LightRequest.builder()
+        .id(UUID.randomUUID().toString())
+        .issuer(issuer)
+        .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .spCountryCode(spCountryCode)
+        .spType("public")
+        .requestedAttributes(ImmutableAttributeMap.builder()
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                EidasConstants.eIDAS_ATTR_LEGALNAME).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                "eJusticeLegalPersonRole").first())
+            .build());
+       
+    proxyService.setiLightRequest(authnReqBuilder.build());
+   
+
+    // set default mandate configuration    
+    List<String> mandateProfilesNat = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+    List<String> mandateProfilesJur = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true");
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, 
+        StringUtils.join(mandateProfilesNat, ","));
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, 
+        StringUtils.join(mandateProfilesJur, ","));
+   
+    
+    //execute
+    controller.receiveEidasAuthnRequest(httpReq, httpResp);
+    
+    //validate state
+    ServiceProviderConfiguration spConfig = 
+        authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class);
+    assertNotNull("mandateprofiles", spConfig.getMandateProfiles());
+    assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty());
+    assertEquals("mandateprofile size", 1, spConfig.getMandateProfiles().size());
+    assertEquals("mandateprofile", "MUST_BE_UPDATED", spConfig.getMandateProfiles().get(0));      
+    assertEquals("MandateMode", SpMandateModes.LEGAL, spConfig.getMandateMode());    
+    
+    assertEquals("requested IDA attributes", 10, spConfig.getRequestedAttributes().size());
+    
+  }
+  
+  @Test
+  public void validAuthnRequestWithBorisAttributeNat() throws IOException, EaafException {       
+    //initialize state
+    httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));    
+    String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+    String issuer = RandomStringUtils.randomAlphabetic(10);
+    LightRequest.Builder authnReqBuilder = LightRequest.builder()
+        .id(UUID.randomUUID().toString())
+        .issuer(issuer)
+        .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .spCountryCode(spCountryCode)
+        .spType("public")
+        .requestedAttributes(ImmutableAttributeMap.builder()
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                "eJusticeNaturalPersonRole").first())
+            .build());
+       
+    proxyService.setiLightRequest(authnReqBuilder.build());
+   
+
+    // set default mandate configuration    
+    List<String> mandateProfilesNat = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+    List<String> mandateProfilesJur = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true");
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, 
+        StringUtils.join(mandateProfilesNat, ","));
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, 
+        StringUtils.join(mandateProfilesJur, ","));
+   
+    
+    //execute
+    controller.receiveEidasAuthnRequest(httpReq, httpResp);
+    
+    //validate state
+    ServiceProviderConfiguration spConfig = 
+        authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class);
+    assertNotNull("mandateprofiles", spConfig.getMandateProfiles());
+    assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty());
+    assertEquals("mandateprofile size", 1, spConfig.getMandateProfiles().size());
+    assertEquals("mandateprofile", "MUST_BE_UPDATED", spConfig.getMandateProfiles().get(0));      
+    assertEquals("MandateMode", SpMandateModes.LEGAL, spConfig.getMandateMode());    
+    
+    assertEquals("requested IDA attributes", 6, spConfig.getRequestedAttributes().size());
+    
+  }
+  
+  
   private void addConnectorConfig(int i, String key, String value) {
     config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_PREFIX + String.valueOf(i)  + "." + key, 
         value); 
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java
index d3d1d7b0..b6b8a8df 100644
--- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java
@@ -139,7 +139,7 @@ public class ProxyEidasAttributeRegistryTest {
     
     assertFalse("find wrong attribute", 
         attrRegistry.mapEidasAttributeToAttributeHandler(
-            "http://e-justice.europa.eu/attributes/legalperson/eJusticeLegalPersonRole").isPresent());            
+            "http://e-justice.europa.eu/attributes/legalperson/eJusticePersonRoleNotExist").isPresent());            
     
     Optional<String> attr2 = attrRegistry.mapEidasAttributeToAttributeHandler(
         "http://e-justice.europa.eu/attributes/naturalperson/eJusticeNaturalPersonRole");
diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml b/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml
index e40ebdc4..c7b40d90 100644
--- a/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml
+++ b/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml
@@ -54,5 +54,15 @@
     <entry key="4.XmlType.NamespacePrefix">xs</entry>
     <entry key="4.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
 
+    <entry key="5.NameUri">http://e-justice.europa.eu/attributes/legalperson/eJusticePersonRoleNotExist</entry>
+    <entry key="5.FriendlyName">eJusticeLegalPersonRole</entry>
+    <entry key="5.PersonType">LegalPerson</entry>
+    <entry key="5.Required">false</entry>
+    <entry key="5.XmlType.NamespaceUri">http://www.w3.org/2001/XMLSchema</entry>
+    <entry key="5.XmlType.LocalPart">string</entry>
+    <entry key="5.XmlType.NamespacePrefix">xs</entry>
+    <entry key="5.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+
 
 </properties>
diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json
index a3ff1ead..96034d12 100644
--- a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json
+++ b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json
@@ -138,13 +138,21 @@
   },  
   {
     "eidasAttribute": "http://e-justice.europa.eu/attributes/legalperson/eJusticeLegalPersonRole",
-    "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.notExist",
+    "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticePersonRoleHandler",
     "type": {
       "mds": false,
       "autoIncludeWithMandates": false
     }
   },  
   {
+    "eidasAttribute": "http://e-justice.europa.eu/attributes/legalperson/eJusticePersonRoleNotExist",
+    "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.notExist",
+    "type": {
+      "mds": false,
+      "autoIncludeWithMandates": false
+    }
+  },    
+  {
     "eidasAttribute": "*",
     "idaAttribute": {
       "basic": "urn:oid:1.2.40.0.10.2.1.1.261.32",
diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
index bd4575c3..46e0bb69 100644
--- a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
+++ b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
@@ -5,4 +5,12 @@ eidas.ms.context.url.request.validation=false
 eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy
 eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint=http://eidas.proxy/endpoint
 
-eidas.ms.auth.eIDAS.proxy.attribute.mapping.config=idaAttributeMapping.json
\ No newline at end of file
+eidas.ms.auth.eIDAS.proxy.attribute.mapping.config=idaAttributeMapping.json
+
+
+#############################################################################
+## advanced eIDAS attribute processing
+
+# BORIS attribute for eJustice
+eidas.ms.advanced.atributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED
+eidas.ms.advanced.atributes.ejusticerole.mandate.mode=legal