aboutsummaryrefslogtreecommitdiff
path: root/modules/eidas_proxy-sevice
diff options
context:
space:
mode:
authorThomas <>2022-08-05 13:10:37 +0200
committerThomas <>2022-08-05 13:10:37 +0200
commit669e1d6571b4bddcf5955597bcfe90e1523a6714 (patch)
treea562cfce16a1736fbf11d8d0ba69a189bdcb79e9 /modules/eidas_proxy-sevice
parentf381c610acdecb06a8561389a4d1598738559948 (diff)
downloadNational_eIDAS_Gateway-669e1d6571b4bddcf5955597bcfe90e1523a6714.tar.gz
National_eIDAS_Gateway-669e1d6571b4bddcf5955597bcfe90e1523a6714.tar.bz2
National_eIDAS_Gateway-669e1d6571b4bddcf5955597bcfe90e1523a6714.zip
feat(proxy-service): add work-around to support mandates for legal- and natural-persons in parallel
Diffstat (limited to 'modules/eidas_proxy-sevice')
-rw-r--r--modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java15
-rw-r--r--modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java69
2 files changed, 81 insertions, 3 deletions
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
index 26cc51ee..9a0331bd 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
@@ -14,6 +14,7 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.collections4.ListUtils;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang3.StringUtils;
import org.opensaml.saml.saml2.core.NameIDType;
@@ -429,8 +430,18 @@ public class EidasProxyServiceController extends AbstractController implements I
log.trace("eIDAS Proxy-Service allows mandates for Connector: {}. Selecting profiles ... ",
spConfig.getUniqueIdentifier());
- //check if legal person is requested
- if (EidasProxyServiceUtils.isLegalPersonRequested(eidasRequest)) {
+ if (EidasProxyServiceUtils.isLegalPersonRequested(eidasRequest)
+ && EidasProxyServiceUtils.isNaturalPersonRequested(eidasRequest)) {
+ log.debug("Find requested attributes for legal and natural persons. Injecting mandate-profiles for both ... ");
+ spConfig.setMandateProfiles(ListUtils.union(
+ KeyValueUtils.getListOfCsvValues(
+ spConfig.getConfigurationValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL)),
+ KeyValueUtils.getListOfCsvValues(
+ spConfig.getConfigurationValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL))));
+ spConfig.setMandateMode(SpMandateModes.BOTH);
+
+ } else if (EidasProxyServiceUtils.isLegalPersonRequested(eidasRequest)) {
+ //check if legal person is requested
spConfig.setMandateProfiles(KeyValueUtils.getListOfCsvValues(
spConfig.getConfigurationValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL)));
spConfig.setMandateMode(SpMandateModes.LEGAL_FORCE);
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
index b491c2bf..830360e0 100644
--- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
@@ -333,7 +333,7 @@ public class EidasProxyServiceControllerTest {
}
-
+
@Test
public void validAuthnRequestWithMandatesDefaultProfilesNat() throws IOException, EaafException {
//initialize state
@@ -664,6 +664,73 @@ public class EidasProxyServiceControllerTest {
}
+ @Test
+ public void validAuthnRequestWithMandatesProfilesBoth() throws IOException, EaafException {
+ //initialize state
+ httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));
+ String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+ String issuer = RandomStringUtils.randomAlphabetic(10);
+ LightRequest.Builder authnReqBuilder = LightRequest.builder()
+ .id(UUID.randomUUID().toString())
+ .issuer(issuer)
+ .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+ .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+ .spCountryCode(spCountryCode)
+ .spType("public")
+ .requestedAttributes(ImmutableAttributeMap.builder()
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+ EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+ EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+ .build());
+
+
+ // set default mandate configuration
+ config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true");
+ config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL,
+ StringUtils.join(Arrays.asList(
+ RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ","));
+ config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL,
+ StringUtils.join(Arrays.asList(
+ RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ","));
+
+
+ // add custom SP config to allow both MDS in single request
+ addConnectorConfig(25, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_UNIQUEID, issuer);
+ addConnectorConfig(25, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_COUNTRYCODE, spCountryCode);
+ addConnectorConfig(25, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_ENABLED, "true");
+
+ List<String> mandateProfilesNat =
+ Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+ List<String> mandateProfilesJur =
+ Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+ addConnectorConfig(25, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL,
+ StringUtils.join(mandateProfilesJur, ","));
+ addConnectorConfig(25, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL,
+ StringUtils.join(mandateProfilesNat, ","));
+ addConnectorConfig(25, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_VALIDATION_ATTR_MDS, "false");
+
+ proxyService.setiLightRequest(authnReqBuilder.build());
+
+
+ //execute
+ controller.receiveEidasAuthnRequest(httpReq, httpResp);
+
+ //validate state
+ ServiceProviderConfiguration spConfig =
+ authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class);
+ assertNotNull("mandateprofiles", spConfig.getMandateProfiles());
+ assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty());
+ assertEquals("mandateprofile size", mandateProfilesNat.size() + mandateProfilesJur.size(), spConfig.getMandateProfiles().size());
+ spConfig.getMandateProfiles().stream()
+ .forEach(el -> assertTrue("missing mandateProfile: " + el,
+ mandateProfilesNat.contains(el) || mandateProfilesJur.contains(el)));
+ assertEquals("MandateMode", SpMandateModes.BOTH, spConfig.getMandateMode());
+
+ assertEquals("requested IDA attributes", 10, spConfig.getRequestedAttributes().size());
+
+ }
+
private void addConnectorConfig(int i, String key, String value) {
config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_PREFIX + String.valueOf(i) + "." + key,
value);