aboutsummaryrefslogtreecommitdiff
path: root/modules/eidas_proxy-sevice
diff options
context:
space:
mode:
authorThomas <>2022-06-08 12:32:16 +0200
committerThomas <>2022-06-08 12:32:16 +0200
commit3d9d419a40b17de1f94d46cbc2f5b345a93bff00 (patch)
treeeccca95fa319ac13b2f6e98fd34b25e266dc489d /modules/eidas_proxy-sevice
parentdb3af28b79296b6f5650a85c5a41ad5015c57222 (diff)
downloadNational_eIDAS_Gateway-3d9d419a40b17de1f94d46cbc2f5b345a93bff00.tar.gz
National_eIDAS_Gateway-3d9d419a40b17de1f94d46cbc2f5b345a93bff00.tar.bz2
National_eIDAS_Gateway-3d9d419a40b17de1f94d46cbc2f5b345a93bff00.zip
feat(eidas): perform mapping between IDA and eIDAS attributes based on external configuration
Diffstat (limited to 'modules/eidas_proxy-sevice')
-rw-r--r--modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java7
-rw-r--r--modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java297
-rw-r--r--modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java34
-rw-r--r--modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java217
-rw-r--r--modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java35
-rw-r--r--modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json56
6 files changed, 430 insertions, 216 deletions
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java
index 86ca49fa..f66bb799 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java
@@ -15,6 +15,7 @@ import lombok.Data;
@JsonInclude(JsonInclude.Include.NON_NULL)
@JsonPropertyOrder({
"mds",
+ "autoIncludeWithMandates",
"mandator"
})
@Data
@@ -28,6 +29,12 @@ public class Type {
private Boolean mds;
/**
+ * <code>true</code> if that attribute has to be included into eIDAS response in case of mandates.
+ */
+ @JsonProperty("autoIncludeWithMandates")
+ private Boolean autoIncludeWithMandates;
+
+ /**
* Classifie that attribute to specific mandate modes.
*/
@JsonProperty("mandator")
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
index 92165412..bf1c5e5f 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
@@ -1,6 +1,7 @@
package at.asitplus.eidas.specific.modules.msproxyservice.protocol;
import java.io.IOException;
+import java.util.Optional;
import java.util.UUID;
import javax.annotation.PostConstruct;
@@ -15,12 +16,11 @@ import org.springframework.context.ApplicationContext;
import org.springframework.core.io.ResourceLoader;
import org.springframework.web.util.UriComponentsBuilder;
-import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
import at.asitplus.eidas.specific.core.gui.StaticGuiBuilderConfiguration;
import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
-import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants;
import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException;
+import at.asitplus.eidas.specific.modules.msproxyservice.service.ProxyEidasAttributeRegistry;
import at.asitplus.eidas.specific.modules.msproxyservice.utils.EidasProxyServiceUtils;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
@@ -69,35 +69,35 @@ public class ProxyServiceAuthenticationAction implements IAction {
@Autowired
ISpringMvcGuiFormBuilder guiBuilder;
@Autowired
- EidasAttributeRegistry attrRegistry;
+ ProxyEidasAttributeRegistry attrRegistry;
@Override
public SloInformationInterface processRequest(IRequest pendingReq, HttpServletRequest httpReq,
HttpServletResponse httpResp, IAuthData authData) throws EaafException {
if (pendingReq instanceof ProxyServicePendingRequest) {
- try {
- ILightRequest eidasReq = ((ProxyServicePendingRequest) pendingReq).getEidasRequest();
-
- //build eIDAS response
- Builder lightRespBuilder = LightResponse.builder();
+ try {
+ final ILightRequest eidasReq = ((ProxyServicePendingRequest) pendingReq).getEidasRequest();
+
+ // build eIDAS response
+ final Builder lightRespBuilder = LightResponse.builder();
lightRespBuilder.id(UUID.randomUUID().toString());
lightRespBuilder.inResponseToId(eidasReq.getId());
lightRespBuilder.relayState(eidasReq.getRelayState());
-
+
lightRespBuilder.status(ResponseStatus.builder()
.statusCode(EidasConstants.SUCCESS_URI)
.build());
-
- //TODO: check if we can use transient subjectNameIds
+
+ // TODO: check if we can use transient subjectNameIds
lightRespBuilder.subject(UUID.randomUUID().toString());
lightRespBuilder.subjectNameIdFormat(NameIDType.TRANSIENT);
-
- //TODO:
+
+ // TODO:
lightRespBuilder.issuer(basicConfig.getBasicConfiguration(
MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_NODE_ENTITYID));
- lightRespBuilder.levelOfAssurance(authData.getEidasQaaLevel());
+ lightRespBuilder.levelOfAssurance(authData.getEidasQaaLevel());
lightRespBuilder.attributes(buildAttributesFromAuthData(authData, eidasReq));
-
+
// set SLO response object of EAAF framework
final SloInformationImpl sloInformation = new SloInformationImpl();
sloInformation.setProtocolType(pendingReq.requestedModule());
@@ -121,7 +121,7 @@ public class ProxyServiceAuthenticationAction implements IAction {
}
}
-
+
@Override
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
return true;
@@ -133,28 +133,29 @@ public class ProxyServiceAuthenticationAction implements IAction {
return PROXYSERVICE_AUTH_ACTION_NAME;
}
-
/**
* Forward eIDAS Light response to eIDAS node.
- *
- * @param pendingReq Current pending request.
- * @param httpReq Current HTTP request
- * @param httpResp Current HTTP response
+ *
+ * @param pendingReq Current pending request.
+ * @param httpReq Current HTTP request
+ * @param httpResp Current HTTP response
* @param lightResponse eIDAS LightResponse
* @throws EaafConfigurationException In case of a configuration error
- * @throws IOException In case of a general error
- * @throws GuiBuildException In case of a GUI rendering error, if http POST binding is used
- * @throws ServletException In case of a general error
+ * @throws IOException In case of a general error
+ * @throws GuiBuildException In case of a GUI rendering error, if http
+ * POST binding is used
+ * @throws ServletException In case of a general error
*/
public void forwardToEidasProxy(IRequest pendingReq, HttpServletRequest httpReq,
- HttpServletResponse httpResp, LightResponse lightResponse) throws EaafConfigurationException, IOException,
+ HttpServletResponse httpResp, LightResponse lightResponse) throws EaafConfigurationException,
+ IOException,
GuiBuildException, ServletException {
// put request into shared cache
final BinaryLightToken token = putResponseInCommunicationCache(lightResponse);
final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token);
-
+
// select forward URL regarding the selected environment
final String forwardUrl = basicConfig.getBasicConfiguration(
MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_NODE_FORWARD_URL);
@@ -196,148 +197,80 @@ public class ProxyServiceAuthenticationAction implements IAction {
}
}
-
- @PostConstruct
+
+ @PostConstruct
private void checkConfiguration() {
- //TODO: validate configuration on start-up
-
+ // TODO: validate configuration on start-up
+
}
-
-
- private ImmutableAttributeMap buildAttributesFromAuthData(IAuthData authData,
+
+ private ImmutableAttributeMap buildAttributesFromAuthData(IAuthData authData,
ILightRequest eidasReq) {
- IEidAuthData eidAuthData = (IEidAuthData) authData;
+ final IEidAuthData eidAuthData = (IEidAuthData) authData;
+ final ImmutableAttributeMap.Builder attributeMap = ImmutableAttributeMap.builder();
+
+ // inject all requested attributres
+ injectRequestedAttributes(attributeMap, eidasReq, eidAuthData);
+
if (eidAuthData.isUseMandate()) {
log.debug("Building eIDAS Proxy-Service response with mandate ... ");
- final ImmutableAttributeMap.Builder attributeMap = ImmutableAttributeMap.builder();
- injectRepesentativeInformation(attributeMap, eidAuthData);
- injectMandatorInformation(attributeMap, eidAuthData);
-
- // work-around that injects nat. person subject to bypass validation on eIDAS Node
+ injectMdsRepesentativeInformation(attributeMap, eidAuthData, eidasReq.getRequestedAttributes());
+
+ // work-around that injects nat. person subject to bypass validation on eIDAS
+ // Node
injectJurPersonWorkaroundIfRequired(attributeMap, eidasReq, authData);
-
- return attributeMap.build();
-
- } else {
- log.debug("Building eIDAS Proxy-Service response without mandates ... ");
- return buildAttributesWithoutMandate(eidAuthData);
-
- }
- }
-
- private void injectMandatorInformation(
- ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData) {
- String natMandatorId = eidAuthData.getGenericData(
- MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, String.class);
-
- if (StringUtils.isNotEmpty(natMandatorId)) {
- log.debug("Injecting natural mandator informations ... ");
- final AttributeDefinition<?> attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
- final AttributeDefinition<?> attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
- final AttributeDefinition<?> attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first();
- final AttributeDefinition<?> attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first();
-
- attributeMap.put(attrDefPersonalId, natMandatorId);
- attributeMap.put(attrDefFamilyName, eidAuthData.getGenericData(
- PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class));
- attributeMap.put(attrDefGivenName, eidAuthData.getGenericData(
- PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class));
- attributeMap.put(attrDefDateOfBirth, eidAuthData.getGenericData(
- PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, String.class));
-
- } else {
- log.debug("Injecting legal mandator informations ... ");
- final AttributeDefinition<?> commonName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_LEGALNAME).first();
- final AttributeDefinition<?> legalPersonId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first();
-
- attributeMap.put(commonName, eidAuthData.getGenericData(
- PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, String.class));
- attributeMap.put(legalPersonId, eidAuthData.getGenericData(
- MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, String.class));
-
- }
- }
- private void injectRepesentativeInformation(
- ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData) {
- final AttributeDefinition<?> attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER).first();
- final AttributeDefinition<?> attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME).first();
- final AttributeDefinition<?> attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME).first();
- final AttributeDefinition<?> attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH).first();
-
- attributeMap.put(attrDefPersonalId,
- eidAuthData.getGenericData(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class));
- attributeMap.put(attrDefFamilyName, eidAuthData.getFamilyName());
- attributeMap.put(attrDefGivenName, eidAuthData.getGivenName());
-
- //TODO: throw an error in case of SZR Date with month or day = "00"
- attributeMap.put(attrDefDateOfBirth, eidAuthData.getDateOfBirth());
-
+ }
+
+ return attributeMap.build();
+
}
- /**
- * Work-around to inject representative information as nat. person subject to bypass eIDAS Node validation.
- *
- * <p><b>Injection will only be done if this work-around is enabled by configuration,
- * the mandator is a legal person, and both legal and natural person subject's is requested.</b></p>
- *
- * @param attributeMap Attribute set for eIDAS response
- * @param eidasReq Incoming eIDAS request
- * @param authData Authentication data
- */
- private void injectJurPersonWorkaroundIfRequired(
- ImmutableAttributeMap.Builder attributeMap, ILightRequest eidasReq, IAuthData authData) {
- if (isLegalPersonWorkaroundActive() && isLegalPersonMandateAvailable(authData)
- && EidasProxyServiceUtils.isNaturalPersonRequested(eidasReq)
- && EidasProxyServiceUtils.isLegalPersonRequested(eidasReq)) {
- log.debug("Injecting representative information as nat. person subject to bypass eIDAS Node validation");
- attributeMap.putAll(buildAttributesWithoutMandate(authData));
-
- }
+ private void injectRequestedAttributes(ImmutableAttributeMap.Builder attributeMap, ILightRequest eidasReq,
+ IEidAuthData eidAuthData) {
+ eidasReq.getRequestedAttributes().getAttributeMap().keySet().stream()
+ .forEach(el -> injectEidasAttribute(attributeMap, eidAuthData,
+ el.getNameUri().toString(), eidAuthData.isUseMandate()));
+
}
-
- private ImmutableAttributeMap buildAttributesWithoutMandate(IAuthData eidAuthData) {
- //TODO: throw an error in case of SZR Date with month or day = "00"
- return buildAttributesWithoutMandate(
- eidAuthData.getGenericData(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class),
- eidAuthData.getFamilyName(),
- eidAuthData.getGivenName(),
- eidAuthData.getDateOfBirth());
-
+
+ private void injectMdsRepesentativeInformation(
+ ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData,
+ ImmutableAttributeMap requestedAttributes) {
+ attrRegistry.getRepresentativeAttributesToAddByDefault()
+ .filter(el -> requestedAttributes.getAttributeValuesByNameUri(el) == null)
+ .forEach(el -> injectEidasAttribute(attributeMap, eidAuthData, el, true));
+
}
- private ImmutableAttributeMap buildAttributesWithoutMandate(String personalIdentifier, String familyName,
- String givenName, String dateOfBirth) {
- final AttributeDefinition<?> attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
- final AttributeDefinition<?> attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
- final AttributeDefinition<?> attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first();
- final AttributeDefinition<?> attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first();
-
- final ImmutableAttributeMap.Builder attributeMap =
- ImmutableAttributeMap.builder()
- .put(attrDefPersonalId, personalIdentifier)
- .put(attrDefFamilyName, familyName)
- .put(attrDefGivenName, givenName)
- .put(attrDefDateOfBirth, dateOfBirth);
-
- return attributeMap.build();
-
+ private void injectEidasAttribute(ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData,
+ String eidasAttrName, boolean mandatesUsed) {
+ final Optional<String> releatedIdaAttribute =
+ attrRegistry.mapEidasAttributeToSpecificIdaAttribute(eidasAttrName, mandatesUsed);
+ if (releatedIdaAttribute.isPresent()) {
+ log.trace("Mapping IDA attribute: {} to eIDAS attribute: {}", releatedIdaAttribute.get(),
+ eidasAttrName);
+ final String idaAttrValue = eidAuthData.getGenericData(releatedIdaAttribute.get(), String.class);
+ if (StringUtils.isNotEmpty(idaAttrValue)) {
+ log.debug("Build eIDAS attribute: {} from IDA attribute: {}", eidasAttrName, releatedIdaAttribute
+ .get());
+ attributeMap.put(
+ attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByName(eidasAttrName),
+ idaAttrValue);
+
+ } else {
+ log.info("No IDA attribute: {}, eIDAS attribute: {} will be ignored", releatedIdaAttribute.get(),
+ eidasAttrName);
+
+ }
+
+ } else {
+ log.warn("Can not build eIDAS attribute: {}, because there is not corresponding IDA attribute defined",
+ eidasAttrName);
+
+ }
}
-
+
private BinaryLightToken putResponseInCommunicationCache(ILightResponse lightResponse)
throws ServletException {
final BinaryLightToken binaryLightToken;
@@ -358,17 +291,61 @@ public class ProxyServiceAuthenticationAction implements IAction {
return binaryLightToken;
}
+ /**
+ * Work-around to inject representative information as nat. person subject to
+ * bypass eIDAS Node validation.
+ *
+ * <p>
+ * <b>Injection will only be done if this work-around is enabled by
+ * configuration, the mandator is a legal person, and both legal and natural
+ * person subject's is requested.</b>
+ * </p>
+ *
+ * @param attributeMap Attribute set for eIDAS response
+ * @param eidasReq Incoming eIDAS request
+ * @param authData Authentication data
+ */
+ private void injectJurPersonWorkaroundIfRequired(
+ ImmutableAttributeMap.Builder attributeMap, ILightRequest eidasReq, IAuthData authData) {
+ if (isLegalPersonWorkaroundActive() && isLegalPersonMandateAvailable(authData)
+ && EidasProxyServiceUtils.isNaturalPersonRequested(eidasReq)
+ && EidasProxyServiceUtils.isLegalPersonRequested(eidasReq)) {
+ log.debug(
+ "Injecting representative information as nat. person subject to bypass eIDAS Node validation");
+
+ final AttributeDefinition<?> attrDefPersonalId =
+ attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName(
+ EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
+ final AttributeDefinition<?> attrDefFamilyName =
+ attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName(
+ EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
+ final AttributeDefinition<?> attrDefGivenName =
+ attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName(
+ EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first();
+ final AttributeDefinition<?> attrDefDateOfBirth =
+ attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName(
+ EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first();
+
+ attributeMap.put(attrDefPersonalId, authData.getGenericData(PvpAttributeDefinitions.BPK_NAME,
+ String.class));
+ attributeMap.put(attrDefFamilyName, authData.getFamilyName());
+ attributeMap.put(attrDefGivenName, authData.getGivenName());
+ attributeMap.put(attrDefDateOfBirth, authData.getDateOfBirth());
+
+ }
+ }
+
private boolean isLegalPersonWorkaroundActive() {
return basicConfig.getBasicConfigurationBoolean(
- MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_WORKAROUND_MANDATES_LEGAL_PERSON,
+ MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_WORKAROUND_MANDATES_LEGAL_PERSON,
false);
-
+
}
-
+
private boolean isLegalPersonMandateAvailable(IAuthData authData) {
return StringUtils.isNoneEmpty(authData.getGenericData(
- MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, String.class));
-
+ PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class));
+
}
}
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java
index b9e0c488..a6a50100 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java
@@ -7,6 +7,7 @@ import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
+import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
@@ -77,6 +78,19 @@ public class ProxyEidasAttributeRegistry {
}
/**
+ * Get all eIDAS attributes that are added by default in case of mandates.
+ *
+ * @return {@link Stream} of eIDAS attributes
+ */
+ @NonNull
+ public Stream<String> getRepresentativeAttributesToAddByDefault() {
+ return attributeConfiguration.stream()
+ .filter(el -> el.getType() != null && el.getType().getAutoIncludeWithMandates())
+ .map(el -> el.getEidasAttributeName());
+
+ }
+
+ /**
* Get IDA attributes for a specific eIDAS attribute.
*
* @param eidasAttributeName Name of the eIDAS attribute.
@@ -95,8 +109,24 @@ public class ProxyEidasAttributeRegistry {
.collect(Collectors.toSet());
}
-
-
+
+ /**
+ * Get eIDAS related IDA attribute.
+ *
+ * @param eidasAttributeName Name of the eIDAS attribute.
+ * @param withMandates <code>true</code> if mandates are supported, otherwise <code>false</code>
+ * @return Name of the related IDA attribute if available
+ */
+ public Optional<String> mapEidasAttributeToSpecificIdaAttribute(
+ String eidasAttributeName, boolean withMandates) {
+ return attributeConfiguration.stream()
+ .filter(el -> el.getEidasAttributeName().equals(eidasAttributeName))
+ .findFirst()
+ .map(el -> withMandates ? el.getIdaAttribute().getWithMandates() : el.getIdaAttribute().getBasic())
+ .filter(el -> StringUtils.isNotEmpty(el));
+
+ }
+
@PostConstruct
private void initialize() throws EaafConfigurationException {
final String attrConfPath = basicConfig.getBasicConfiguration(
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java
index c41d6c99..d44ffc2d 100644
--- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java
@@ -12,7 +12,6 @@ import java.net.URISyntaxException;
import java.net.URLDecoder;
import java.time.Instant;
import java.util.Arrays;
-import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
@@ -35,7 +34,6 @@ import org.springframework.web.context.request.ServletRequestAttributes;
import com.google.common.collect.ImmutableSortedSet;
-import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummySpConfiguration;
import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
@@ -132,7 +130,7 @@ public class ProxyServiceAuthenticationActionTest {
@Test
public void missingForwardUrl() {
Map<String, Object> attr = new HashMap<>();
- attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER,
+ attr.put(PvpAttributeDefinitions.BPK_NAME,
"AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false);
@@ -147,8 +145,7 @@ public class ProxyServiceAuthenticationActionTest {
@Test
public void responseWithoutMandate() throws EaafException, SpecificCommunicationException {
Map<String, Object> attr = new HashMap<>();
- attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER,
- "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
+ attr.put(PvpAttributeDefinitions.BPK_NAME, RandomStringUtils.randomAlphanumeric(10));
IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false);
@@ -161,7 +158,7 @@ public class ProxyServiceAuthenticationActionTest {
ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
assertEquals("wrong attr. size", 4, respAttr.size());
checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER,
- (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER));
+ (String) attr.get(PvpAttributeDefinitions.BPK_NAME));
checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName());
checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName());
checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH,
@@ -170,12 +167,89 @@ public class ProxyServiceAuthenticationActionTest {
}
@Test
- public void responseWithNatMandate() throws EaafException, SpecificCommunicationException {
+ public void responseWithoutMandateAndOptionalAttributesExist() throws EaafException, SpecificCommunicationException {
+ LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+ eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByName("http://eidas.europa.eu/attributes/naturalperson/BirthName"))
+ .build());
+ pendingReq.setEidasRequest(eidasRequestBuilder.build());
+
+
Map<String, Object> attr = new HashMap<>();
- attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER,
- "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
+ attr.put(PvpAttributeDefinitions.BPK_NAME,
+ "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
+ attr.put("ida_birthname", RandomStringUtils.randomAlphanumeric(10));
+
+ IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+ RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false);
+
+ //perform test
+ SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+
+ //validate state
+ Assert.assertNotNull("Result should be not null", result);
+
+ ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+ assertEquals("wrong attr. size", 5, respAttr.size());
+ checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER,
+ (String) attr.get(PvpAttributeDefinitions.BPK_NAME));
+ checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName());
+ checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName());
+ checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH,
+ authData.getDateOfBirth());
+ checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_BIRTHNAME,
+ (String) attr.get("ida_birthname"));
+
+ }
+
+ @Test
+ public void responseWithoutMandateAndOptionalAttributesNotExist() throws EaafException, SpecificCommunicationException {
+ LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+ eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByName("http://eidas.europa.eu/attributes/naturalperson/BirthName"))
+ .build());
+ pendingReq.setEidasRequest(eidasRequestBuilder.build());
+
+
+ Map<String, Object> attr = new HashMap<>();
+ attr.put(PvpAttributeDefinitions.BPK_NAME,
+ "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
+
+ IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+ RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false);
+
+ //perform test
+ SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+
+ //validate state
+ Assert.assertNotNull("Result should be not null", result);
- attr.put(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER,
+ ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+ assertEquals("wrong attr. size", 4, respAttr.size());
+ checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER,
+ (String) attr.get(PvpAttributeDefinitions.BPK_NAME));
+ checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName());
+ checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName());
+ checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH,
+ authData.getDateOfBirth());
+
+ }
+
+
+ @Test
+ public void responseWithNatMandate() throws EaafException, SpecificCommunicationException {
+ Map<String, Object> attr = new HashMap<>();
+ attr.put(PvpAttributeDefinitions.BPK_NAME,
+ "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
+ attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME,
RandomStringUtils.randomAlphabetic(10));
attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME,
RandomStringUtils.randomAlphabetic(10));
@@ -197,13 +271,13 @@ public class ProxyServiceAuthenticationActionTest {
ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
assertEquals("wrong attr. size", 8, respAttr.size());
checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER,
- (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER));
+ (String) attr.get(PvpAttributeDefinitions.BPK_NAME));
checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName());
checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName());
checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getDateOfBirth());
checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER,
- (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER));
+ (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME));
checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME,
(String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME));
checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME,
@@ -214,18 +288,85 @@ public class ProxyServiceAuthenticationActionTest {
}
@Test
+ public void responseWithNatMandateOptionalAttribute() throws EaafException, SpecificCommunicationException {
+ LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+ eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByName("http://eidas.europa.eu/attributes/naturalperson/BirthName"))
+ .build());
+ pendingReq.setEidasRequest(eidasRequestBuilder.build());
+
+ Map<String, Object> attr = new HashMap<>();
+ attr.put(PvpAttributeDefinitions.BPK_NAME,
+ "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
+ attr.put("ida_birthName_mandator", RandomStringUtils.randomAlphanumeric(10));
+ attr.put("ida_birthName", RandomStringUtils.randomAlphanumeric(10));
+
+ attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME,
+ RandomStringUtils.randomAlphabetic(10));
+ attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME,
+ RandomStringUtils.randomAlphabetic(10));
+ attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME,
+ RandomStringUtils.randomAlphabetic(10));
+ attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME,
+ "1985-11-15");
+
+
+ IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+ RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+
+ //perform test
+ SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+
+ //validate state
+ Assert.assertNotNull("Result should be not null", result);
+
+ ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+ assertEquals("wrong attr. size", 9, respAttr.size());
+ checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER,
+ (String) attr.get(PvpAttributeDefinitions.BPK_NAME));
+ checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName());
+ checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName());
+ checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getDateOfBirth());
+
+ checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER,
+ (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME));
+ checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME,
+ (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME));
+ checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME,
+ (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME));
+ checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH,
+ (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME));
+
+ checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_BIRTHNAME,
+ (String) attr.get("ida_birthName_mandator"));
+
+ }
+
+ @Test
public void responseWithJurMandate() throws EaafException, SpecificCommunicationException {
Map<String, Object> attr = new HashMap<>();
- attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER,
+ attr.put(PvpAttributeDefinitions.BPK_NAME,
"AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
- attr.put(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER,
+ attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
RandomStringUtils.randomAlphabetic(10));
attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
RandomStringUtils.randomAlphabetic(10));
+ LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+ eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first())
+ .build());
+ pendingReq.setEidasRequest(eidasRequestBuilder.build());
+
+
//perform test
SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
@@ -235,13 +376,13 @@ public class ProxyServiceAuthenticationActionTest {
ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
assertEquals("wrong attr. size", 6, respAttr.size());
checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER,
- (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER));
+ (String) attr.get(PvpAttributeDefinitions.BPK_NAME));
checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName());
checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName());
checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getDateOfBirth());
checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER,
- (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER));
+ (String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME));
checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_LEGALNAME,
(String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME));
@@ -260,19 +401,12 @@ public class ProxyServiceAuthenticationActionTest {
public void responseWithNatMandateWithWorkAround() throws EaafException, SpecificCommunicationException {
basicConfig.putConfigValue("auth.eIDAS.proxy.workaround.mandates.legalperson",
"true");
-
- //request natural person subject only
- LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
- eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder().put(
- attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build());
- pendingReq.setEidasRequest(eidasRequestBuilder.build());
-
-
+
Map<String, Object> attr = new HashMap<>();
- attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER,
+ attr.put(PvpAttributeDefinitions.BPK_NAME,
"AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
- attr.put(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER,
+ attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME,
RandomStringUtils.randomAlphabetic(10));
attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME,
RandomStringUtils.randomAlphabetic(10));
@@ -306,16 +440,17 @@ public class ProxyServiceAuthenticationActionTest {
eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
.put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
.put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first())
.build());
pendingReq.setEidasRequest(eidasRequestBuilder.build());
Map<String, Object> attr = new HashMap<>();
- attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER,
+ attr.put(PvpAttributeDefinitions.BPK_NAME,
"AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
- attr.put(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER,
+ attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
RandomStringUtils.randomAlphabetic(10));
attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
RandomStringUtils.randomAlphabetic(10));
@@ -329,7 +464,7 @@ public class ProxyServiceAuthenticationActionTest {
ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
assertEquals("wrong attr. size", 10, respAttr.size());
checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER,
- (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER));
+ (String) attr.get(PvpAttributeDefinitions.BPK_NAME));
checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName());
checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName());
checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH, authData.getDateOfBirth());
@@ -344,18 +479,18 @@ public class ProxyServiceAuthenticationActionTest {
//request natural person subject only
LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
- .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
- EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first())
.build());
pendingReq.setEidasRequest(eidasRequestBuilder.build());
Map<String, Object> attr = new HashMap<>();
- attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER,
+ attr.put(PvpAttributeDefinitions.BPK_NAME,
"AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
- attr.put(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER,
+ attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
RandomStringUtils.randomAlphabetic(10));
attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
RandomStringUtils.randomAlphabetic(10));
@@ -390,7 +525,7 @@ public class ProxyServiceAuthenticationActionTest {
}
private IAuthData generateDummyAuthData() {
- return generateDummyAuthData(Collections.emptyMap(), EaafConstants.EIDAS_LOA_LOW,
+ return generateDummyAuthData(new HashMap<>(), EaafConstants.EIDAS_LOA_LOW,
RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1940-01-01", false);
}
@@ -445,12 +580,22 @@ public class ProxyServiceAuthenticationActionTest {
.spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
.spType("public")
.requesterId(RandomStringUtils.randomAlphanumeric(10))
- .providerName(RandomStringUtils.randomAlphanumeric(10));
-
+ .providerName(RandomStringUtils.randomAlphanumeric(10))
+ .requestedAttributes(ImmutableAttributeMap.builder()
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first())
+ .build()
+ );
}
private IAuthData generateDummyAuthData(Map<String, Object> attrs, String loa, String familyName, String givenName, String dateOfBirth,
boolean useMandates) {
+ attrs.put(PvpAttributeDefinitions.BIRTHDATE_NAME, dateOfBirth);
+ attrs.put(PvpAttributeDefinitions.GIVEN_NAME_NAME, givenName);
+ attrs.put(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, familyName);
+
return new IEidAuthData() {
@Override
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java
index d3e787bb..8d417c1a 100644
--- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java
@@ -1,11 +1,13 @@
package at.asitplus.eidas.specific.modules.msproxyservice.test.services;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
+import java.util.Optional;
import java.util.Set;
import org.apache.commons.lang3.RandomStringUtils;
@@ -92,6 +94,39 @@ public class ProxyEidasAttributeRegistryTest {
}
+ @Test
+ public void attributeResponseMapping() {
+ assertFalse("find wrong IDA mapping", attrRegistry.mapEidasAttributeToSpecificIdaAttribute(
+ "http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth", false).isPresent());
+ assertFalse("find wrong IDA mapping", attrRegistry.mapEidasAttributeToSpecificIdaAttribute(
+ "http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth", true).isPresent());
+
+
+ Optional<String> attr1 = attrRegistry.mapEidasAttributeToSpecificIdaAttribute(
+ "http://eidas.europa.eu/attributes/naturalperson/BirthName", false);
+ assertTrue("find wrong IDA mapping", attr1.isPresent());
+ assertEquals("find wrong IDA mapping value", "ida_birthname", attr1.get());
+
+ Optional<String> attr2 = attrRegistry.mapEidasAttributeToSpecificIdaAttribute(
+ "http://eidas.europa.eu/attributes/naturalperson/BirthName", true);
+ assertTrue("find wrong IDA mapping", attr2.isPresent());
+ assertEquals("find wrong IDA mapping value", "ida_birthName_mandator", attr2.get());
+
+
+ assertTrue("find wrong IDA mapping", attrRegistry.mapEidasAttributeToSpecificIdaAttribute(
+ "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", false).isPresent());
+ assertTrue("find wrong IDA mapping", attrRegistry.mapEidasAttributeToSpecificIdaAttribute(
+ "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", true).isPresent());
+
+ }
+
+ @Test
+ public void defaultRepresentativeAttributes() {
+ assertEquals("wrong number of rep. attributes", 4,
+ attrRegistry.getRepresentativeAttributesToAddByDefault().count());
+
+ }
+
private void checkAttributeMapping(String eidasAttr, boolean withMandates, List<String> idaAttributes) {
@NonNull
Set<String> idaAttrResult = attrRegistry.getIdaAttributesForEidasAttribute(eidasAttr, withMandates);
diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json
index 2d375acb..7e41d8f6 100644
--- a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json
+++ b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json
@@ -6,7 +6,8 @@
"withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.98"
},
"type": {
- "mds": true
+ "mds": true,
+ "autoIncludeWithMandates": false
}
},
{
@@ -16,7 +17,8 @@
"withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.78"
},
"type": {
- "mds": true
+ "mds": true,
+ "autoIncludeWithMandates": false
}
},
{
@@ -26,7 +28,8 @@
"withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.80"
},
"type": {
- "mds": true
+ "mds": true,
+ "autoIncludeWithMandates": false
}
},
{
@@ -36,21 +39,27 @@
"withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.82"
},
"type": {
- "mds": true
+ "mds": true,
+ "autoIncludeWithMandates": false
}
},
{
"eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth",
"idaAttribute": {},
"type": {
- "mds": false
+ "mds": false,
+ "autoIncludeWithMandates": false
}
},
{
"eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/BirthName",
- "idaAttribute": {},
+ "idaAttribute": {
+ "basic": "ida_birthname",
+ "withMandates": "ida_birthName_mandator"
+ },
"type": {
- "mds": false
+ "mds": false,
+ "autoIncludeWithMandates": false
}
},
{
@@ -65,7 +74,8 @@
"urn:oid:1.2.40.0.10.2.1.1.55"
],
"type": {
- "mds": true
+ "mds": true,
+ "autoIncludeWithMandates": false
}
},
{
@@ -74,7 +84,8 @@
"withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.84"
},
"type": {
- "mds": true
+ "mds": true,
+ "autoIncludeWithMandates": false
}
},
{
@@ -83,7 +94,8 @@
"withMandates": "urn:oid:1.2.40.0.10.2.1.1.149"
},
"type": {
- "mds": true
+ "mds": true,
+ "autoIncludeWithMandates": true
}
},
{
@@ -92,7 +104,8 @@
"withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.20"
},
"type": {
- "mds": true
+ "mds": true,
+ "autoIncludeWithMandates": true
}
},
{
@@ -101,7 +114,8 @@
"withMandates": "urn:oid:2.5.4.42"
},
"type": {
- "mds": true
+ "mds": true,
+ "autoIncludeWithMandates": true
}
},
{
@@ -110,7 +124,8 @@
"withMandates": "urn:oid:1.2.40.0.10.2.1.1.55"
},
"type": {
- "mds": true
+ "mds": true,
+ "autoIncludeWithMandates": true
}
},
{
@@ -120,7 +135,8 @@
"withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.32"
},
"type": {
- "mds": false
+ "mds": false,
+ "autoIncludeWithMandates": false
}
},
{
@@ -130,7 +146,8 @@
"withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.108"
},
"type": {
- "mds": false
+ "mds": false,
+ "autoIncludeWithMandates": false
}
},
{
@@ -139,7 +156,8 @@
"withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.68"
},
"type": {
- "mds": false
+ "mds": false,
+ "autoIncludeWithMandates": false
}
},
{
@@ -148,7 +166,8 @@
"withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.106"
},
"type": {
- "mds": false
+ "mds": false,
+ "autoIncludeWithMandates": false
}
},
{
@@ -157,7 +176,8 @@
"withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.106"
},
"type": {
- "mds": false
+ "mds": false,
+ "autoIncludeWithMandates": false
}
}
] \ No newline at end of file