aboutsummaryrefslogtreecommitdiff
path: root/modules/eidas_proxy-sevice/src
diff options
context:
space:
mode:
authorThomas <>2022-10-11 16:40:54 +0200
committerThomas <>2022-10-11 16:40:54 +0200
commit6b93c404726457a04cb52430d40abcf23fdd8f31 (patch)
treeb6c21a3cbec8817224a948f2edf05f198e832538 /modules/eidas_proxy-sevice/src
parent1edc816481ac7ee2cbdecbd64f44f367d25fc3bd (diff)
downloadNational_eIDAS_Gateway-6b93c404726457a04cb52430d40abcf23fdd8f31.tar.gz
National_eIDAS_Gateway-6b93c404726457a04cb52430d40abcf23fdd8f31.tar.bz2
National_eIDAS_Gateway-6b93c404726457a04cb52430d40abcf23fdd8f31.zip
feat(ejustic): add work-around to support BORIS eJustice attribute for natural person on IDA system
eJustice attributes are implemented by using mandates on IDA side. However, European Commission only supports authentication without mandates. This work-around integrates both requirements into MS-Proxy-Service
Diffstat (limited to 'modules/eidas_proxy-sevice/src')
-rw-r--r--modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticWorkaroundPersonRoleHandler.java35
-rw-r--r--modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java8
-rw-r--r--modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java9
-rw-r--r--modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java51
-rw-r--r--modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml3
-rw-r--r--modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java312
-rw-r--r--modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml2
-rw-r--r--modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json2
8 files changed, 202 insertions, 220 deletions
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticWorkaroundPersonRoleHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticWorkaroundPersonRoleHandler.java
new file mode 100644
index 00000000..6f855c14
--- /dev/null
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticWorkaroundPersonRoleHandler.java
@@ -0,0 +1,35 @@
+package at.asitplus.eidas.specific.modules.msproxyservice.handler;
+
+import at.gv.egiz.eaaf.core.api.idp.IEidAuthData;
+import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
+import lombok.NonNull;
+import lombok.extern.slf4j.Slf4j;
+
+
+/**
+ * eJustic PersonRole attribute-handler for natural-person use-cases only.
+ *
+ * <p>In that special case, the legal-person mandate will be ignored and
+ * eIDAS response looks like a normal authentication without mandates.</p>
+ *
+ * @author tlenz
+ *
+ */
+@Slf4j
+public class EJusticWorkaroundPersonRoleHandler extends EJusticePersonRoleHandler {
+
+ @Override
+ public void performAuthDataPostprocessing(@NonNull IEidAuthData authData) {
+ if (authData.isUseMandate()) {
+ log.info("eJusticeNaturalPersonRole was requested by SP. "
+ + "Perform work-around and partially ignoring mandate from IDA system ... ");
+ ((EidAuthenticationData)authData).setUseMandate(false);
+
+ } else {
+ log.info("eJustice attribute was requested but no mandate from ID Austria. "
+ + "Something looks wrong, but use it as it is.");
+
+ }
+ }
+
+}
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
index 6a5e4967..f8c14ceb 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
@@ -57,7 +57,13 @@ public class EJusticePersonRoleHandler implements IEidasAttributeHandler {
spConfig.getRequestedAttributes().addAll(additionalReqAttributes);
log.info("Add additional requested attributes: {}", additionalReqAttributes);
- }
+ }
+ }
+
+ @Override
+ public void performAuthDataPostprocessing(@NonNull IEidAuthData authData) {
+ log.trace("{} needs no post processing of authData, because we are in regular mode of operation.",
+ EJusticePersonRoleHandler.class.getName());
}
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java
index 5a9c8d8c..36deba30 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java
@@ -23,6 +23,15 @@ public interface IEidasAttributeHandler {
/**
+ * Perform attribute-specific post-processing of authentication information.
+ *
+ * @param authData authentication information from ID Austria system that should be post processed.
+ */
+ @NonNull
+ void performAuthDataPostprocessing(@NonNull IEidAuthData authData);
+
+
+ /**
* Build eIDAS attribute-value from authentication data.
*
* @param eidAuthData Authentication data for current process
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
index f1cb8f0b..7d01deda 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
@@ -1,8 +1,11 @@
package at.asitplus.eidas.specific.modules.msproxyservice.protocol;
import java.io.IOException;
+import java.util.Objects;
import java.util.Optional;
+import java.util.Set;
import java.util.UUID;
+import java.util.stream.Collectors;
import javax.annotation.PostConstruct;
import javax.servlet.ServletException;
@@ -205,9 +208,14 @@ public class ProxyServiceAuthenticationAction implements IAction {
}
+
+
private ImmutableAttributeMap buildAttributesFromAuthData(IAuthData authData,
ILightRequest eidasReq) {
- final IEidAuthData eidAuthData = (IEidAuthData) authData;
+
+ // eIDAS Out-Going and attribute-specific post-processing of authentication data
+ final IEidAuthData eidAuthData = performAuthdataPostprocessing(authData, eidasReq);
+
final ImmutableAttributeMap.Builder attributeMap = ImmutableAttributeMap.builder();
// inject all requested attributres
@@ -369,5 +377,46 @@ public class ProxyServiceAuthenticationAction implements IAction {
PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class));
}
+
+ /**
+ * Post-processing of authentication data based on requested attributes.
+ *
+ * @param authData Authentication data from ID Austria system.
+ * @param eidasRequest AuthnRequest from foreign country
+ * @return AuthnRequest specific modification of authentication data
+ */
+ private IEidAuthData performAuthdataPostprocessing(IAuthData authData, ILightRequest eidasRequest) {
+ IEidAuthData idaAuthData = (IEidAuthData) authData;
+
+ // select advanced attribute handler
+ Set<String> requiredHandlers = eidasRequest.getRequestedAttributes().getAttributeMap().keySet().stream()
+ .map(el -> attrRegistry.mapEidasAttributeToAttributeHandler(el.getNameUri().toString()).orElse(null))
+ .filter(Objects::nonNull)
+ .distinct()
+ .collect(Collectors.toSet());
+
+ if (!requiredHandlers.isEmpty()) {
+ log.info("eIDAS requested attributes requires #{} specific attribute-hander. "
+ + "Starting advanced post-processing of authentication data ... ", requiredHandlers.size());
+ requiredHandlers.forEach(el -> executeAttributeHandler(el, idaAuthData));
+
+ }
+
+ return idaAuthData;
+
+ }
+
+ private void executeAttributeHandler(String handlerClass, IEidAuthData authData) {
+ try {
+ IEidasAttributeHandler handler = context.getBean(handlerClass, IEidasAttributeHandler.class);
+
+ log.trace("Perfom authData post-processing by using: {}", handler.getClass().getName());
+ handler.performAuthDataPostprocessing(authData);
+
+ } catch (Exception e) {
+ log.error("No custom attribute-handler implementation for: {}. Operation can NOT be performed", handlerClass, e);
+
+ }
+ }
}
diff --git a/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml b/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml
index 38bd44da..361802eb 100644
--- a/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml
+++ b/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml
@@ -38,4 +38,7 @@
<bean id="at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticePersonRoleHandler"
class="at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticePersonRoleHandler" />
+ <bean id="at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticWorkaroundPersonRoleHandler"
+ class="at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticWorkaroundPersonRoleHandler" />
+
</beans> \ No newline at end of file
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java
index d9bc017c..407da198 100644
--- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java
@@ -10,7 +10,6 @@ import static org.junit.Assert.assertTrue;
import java.net.URISyntaxException;
import java.net.URLDecoder;
-import java.time.Instant;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
@@ -43,12 +42,11 @@ import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServicePe
import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
-import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.IEidAuthData;
-import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
import eu.eidas.auth.commons.attribute.AttributeDefinition;
import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
@@ -58,6 +56,7 @@ import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames;
import eu.eidas.specificcommunication.exception.SpecificCommunicationException;
import eu.eidas.specificcommunication.protocol.SpecificCommunicationService;
+import lombok.SneakyThrows;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = {
@@ -350,15 +349,15 @@ public class ProxyServiceAuthenticationActionTest {
public void responseWithJurMandate() throws EaafException, SpecificCommunicationException {
Map<String, Object> attr = new HashMap<>();
attr.put(PvpAttributeDefinitions.BPK_NAME,
- "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
- IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
- RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
-
+ "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
RandomStringUtils.randomAlphabetic(10));
attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
RandomStringUtils.randomAlphabetic(10));
-
+
+ IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+ RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+
LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
.put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
@@ -402,8 +401,6 @@ public class ProxyServiceAuthenticationActionTest {
Map<String, Object> attr = new HashMap<>();
attr.put(PvpAttributeDefinitions.BPK_NAME,
"AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
- IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
- RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
RandomStringUtils.randomAlphabetic(10));
@@ -411,13 +408,15 @@ public class ProxyServiceAuthenticationActionTest {
RandomStringUtils.randomAlphabetic(10));
attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME,
"MUST_BE_UPDATED");
+
+ IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+ RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
.put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
.put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first())
.put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first())
- .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first())
.build());
pendingReq.setEidasRequest(eidasRequestBuilder.build());
@@ -429,7 +428,7 @@ public class ProxyServiceAuthenticationActionTest {
Assert.assertNotNull("Result should be not null", result);
ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
- assertEquals("wrong attr. size", 8, respAttr.size());
+ assertEquals("wrong attr. size", 7, respAttr.size());
checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER,
(String) attr.get(PvpAttributeDefinitions.BPK_NAME));
checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName());
@@ -442,7 +441,6 @@ public class ProxyServiceAuthenticationActionTest {
(String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME));
checkAttrValue(respAttr, "eJusticeLegalPersonRole", "VIP1");
- checkAttrValue(respAttr, "eJusticeNaturalPersonRole", "VIP1");
assertNull("find nat. person subject: personalId",
getAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER));
@@ -460,8 +458,6 @@ public class ProxyServiceAuthenticationActionTest {
Map<String, Object> attr = new HashMap<>();
attr.put(PvpAttributeDefinitions.BPK_NAME,
"AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
- IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
- RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
RandomStringUtils.randomAlphabetic(10));
@@ -470,12 +466,14 @@ public class ProxyServiceAuthenticationActionTest {
attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME,
"SECOND");
+ IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+ RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+
LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
.put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
.put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first())
.put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first())
- .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first())
.build());
pendingReq.setEidasRequest(eidasRequestBuilder.build());
@@ -487,12 +485,52 @@ public class ProxyServiceAuthenticationActionTest {
Assert.assertNotNull("Result should be not null", result);
ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
- assertEquals("wrong attr. size", 8, respAttr.size());
+ assertEquals("wrong attr. size", 7, respAttr.size());
checkAttrValue(respAttr, "eJusticeLegalPersonRole", "VIP2");
- checkAttrValue(respAttr, "eJusticeNaturalPersonRole", "VIP2");
-
+
+ }
+
+ @Test
+ public void borisModeNatPersonResponse() throws EaafException, SpecificCommunicationException {
+ Map<String, Object> attr = new HashMap<>();
+ attr.put(PvpAttributeDefinitions.BPK_NAME,
+ "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
+ String familyName = RandomStringUtils.randomAlphanumeric(10);
+
+ attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
+ RandomStringUtils.randomAlphabetic(10));
+ attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
+ RandomStringUtils.randomAlphabetic(10));
+ attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME,
+ "SECOND");
+
+ IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+ familyName, RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+
+ LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+ eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first())
+ .build());
+ pendingReq.setEidasRequest(eidasRequestBuilder.build());
+
+
+ //perform test
+ SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+
+ //validate state
+ Assert.assertNotNull("Result should be not null", result);
+ ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+ assertEquals("wrong attr. size", 5, respAttr.size());
+
+ checkAttrValue(respAttr, "eJusticeNaturalPersonRole", "VIP2");
+ checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, familyName);
+
}
@Test
@@ -500,20 +538,21 @@ public class ProxyServiceAuthenticationActionTest {
Map<String, Object> attr = new HashMap<>();
attr.put(PvpAttributeDefinitions.BPK_NAME,
"AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
- IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
- RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
RandomStringUtils.randomAlphabetic(10));
attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
RandomStringUtils.randomAlphabetic(10));
+ IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+ RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+
+
LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
.put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
.put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first())
.put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first())
- .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first())
.build());
pendingReq.setEidasRequest(eidasRequestBuilder.build());
@@ -534,8 +573,6 @@ public class ProxyServiceAuthenticationActionTest {
Map<String, Object> attr = new HashMap<>();
attr.put(PvpAttributeDefinitions.BPK_NAME,
"AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
- IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
- RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
RandomStringUtils.randomAlphabetic(10));
@@ -543,12 +580,14 @@ public class ProxyServiceAuthenticationActionTest {
RandomStringUtils.randomAlphabetic(10));
attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME, "");
+ IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+ RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+
LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
.put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
.put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first())
.put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first())
- .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first())
.build());
pendingReq.setEidasRequest(eidasRequestBuilder.build());
@@ -568,9 +607,7 @@ public class ProxyServiceAuthenticationActionTest {
public void borisModeUnknownMandateType() throws EaafException, SpecificCommunicationException {
Map<String, Object> attr = new HashMap<>();
attr.put(PvpAttributeDefinitions.BPK_NAME,
- "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
- IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
- RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+ "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
RandomStringUtils.randomAlphabetic(10));
@@ -578,12 +615,14 @@ public class ProxyServiceAuthenticationActionTest {
RandomStringUtils.randomAlphabetic(10));
attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME, RandomStringUtils.randomAlphanumeric(10));
+ IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+ RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+
LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
.put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
.put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first())
.put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first())
- .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first())
.build());
pendingReq.setEidasRequest(eidasRequestBuilder.build());
@@ -616,8 +655,7 @@ public class ProxyServiceAuthenticationActionTest {
RandomStringUtils.randomAlphabetic(10));
attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME,
"1985-11-15");
-
-
+
IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
@@ -649,14 +687,15 @@ public class ProxyServiceAuthenticationActionTest {
Map<String, Object> attr = new HashMap<>();
attr.put(PvpAttributeDefinitions.BPK_NAME,
"AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
- IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
- RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
-
+
attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
RandomStringUtils.randomAlphabetic(10));
attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
RandomStringUtils.randomAlphabetic(10));
+ IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+ RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+
//perform test
SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
@@ -689,13 +728,14 @@ public class ProxyServiceAuthenticationActionTest {
Map<String, Object> attr = new HashMap<>();
attr.put(PvpAttributeDefinitions.BPK_NAME,
"AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
- IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
- RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
RandomStringUtils.randomAlphabetic(10));
attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
- RandomStringUtils.randomAlphabetic(10));
+ RandomStringUtils.randomAlphabetic(10));
+
+ IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+ RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
//perform test
SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
@@ -726,6 +766,7 @@ public class ProxyServiceAuthenticationActionTest {
}
+ @SneakyThrows
private IAuthData generateDummyAuthData() {
return generateDummyAuthData(new HashMap<>(), EaafConstants.EIDAS_LOA_LOW,
RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1940-01-01", false);
@@ -792,191 +833,30 @@ public class ProxyServiceAuthenticationActionTest {
);
}
+ @SneakyThrows
private IAuthData generateDummyAuthData(Map<String, Object> attrs, String loa, String familyName, String givenName, String dateOfBirth,
boolean useMandates) {
attrs.put(PvpAttributeDefinitions.BIRTHDATE_NAME, dateOfBirth);
attrs.put(PvpAttributeDefinitions.GIVEN_NAME_NAME, givenName);
attrs.put(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, familyName);
-
- return new IEidAuthData() {
-
- @Override
- public boolean isSsoSession() {
- // TODO Auto-generated method stub
- return false;
- }
-
- @Override
- public boolean isForeigner() {
- // TODO Auto-generated method stub
- return false;
- }
-
- @Override
- public boolean isBaseIdTransferRestrication() {
- // TODO Auto-generated method stub
- return false;
- }
-
- @Override
- public Instant getSsoSessionValidTo() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public String getSessionIndex() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public String getNameIdFormat() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public String getNameID() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public IIdentityLink getIdentityLink() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public String getIdentificationValue() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public String getIdentificationType() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public String getGivenName() {
- return givenName;
- }
-
- @Override
- public <T> T getGenericData(String key, Class<T> clazz) {
- if (attrs.containsKey(key)) {
- return (T) attrs.get(key);
-
- } else {
- return null;
- }
-
- }
-
- @Override
- public String getDateOfBirth() {
- return dateOfBirth;
- }
-
- @Override
- public String getFamilyName() {
- return familyName;
- }
-
- @Override
- public String getEncryptedSourceIdType() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public String getEncryptedSourceId() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public String getEidasQaaLevel() {
- return loa;
-
- }
-
-
- @Override
- public String getCiticenCountryCode() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public String getBpkType() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public String getBpk() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public String getAuthenticationIssuer() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public String getAuthenticationIssueInstantString() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public Instant getAuthenticationIssueInstant() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public byte[] getSignerCertificate() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public byte[] getEidToken() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public EidIdentityStatusLevelValues getEidStatus() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public String getVdaEndPointUrl() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public boolean isUseMandate() {
- return useMandates;
+
+ EidAuthenticationData dummyIdaData = new EidAuthenticationData();
+ dummyIdaData.setUseMandate(useMandates);
+ dummyIdaData.setEidasLoa(loa);
+ dummyIdaData.setGivenName(givenName);
+ dummyIdaData.setFamilyName(familyName);
+ dummyIdaData.setDateOfBirth(dateOfBirth);
+ attrs.entrySet().forEach(el -> {
+ try {
+ dummyIdaData.setGenericData(el.getKey(), el.getValue());
+
+ } catch (EaafStorageException e) {
+ e.printStackTrace();
}
-
- @Override
- public String getDateOfBirthFormated(String pattern) {
- // TODO Auto-generated method stub
- return null;
- }
- };
+ });
+
+ return dummyIdaData;
}
}
diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml b/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml
index c7b40d90..a662c1ab 100644
--- a/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml
+++ b/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml
@@ -55,7 +55,7 @@
<entry key="4.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
<entry key="5.NameUri">http://e-justice.europa.eu/attributes/legalperson/eJusticePersonRoleNotExist</entry>
- <entry key="5.FriendlyName">eJusticeLegalPersonRole</entry>
+ <entry key="5.FriendlyName">eJusticeLegalPersonRoleNotExist</entry>
<entry key="5.PersonType">LegalPerson</entry>
<entry key="5.Required">false</entry>
<entry key="5.XmlType.NamespaceUri">http://www.w3.org/2001/XMLSchema</entry>
diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json
index 96034d12..a7014e76 100644
--- a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json
+++ b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json
@@ -130,7 +130,7 @@
},
{
"eidasAttribute": "http://e-justice.europa.eu/attributes/naturalperson/eJusticeNaturalPersonRole",
- "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticePersonRoleHandler",
+ "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticWorkaroundPersonRoleHandler",
"type": {
"mds": false,
"autoIncludeWithMandates": false