feat(proxy-service): add work-around to support mandates for legal- and natural-persons in parallel

2 files changed, 81 insertions, 3 deletions

diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
index 26cc51ee..9a0331bd 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
@@ -14,6 +14,7 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.collections4.ListUtils;
 import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.opensaml.saml.saml2.core.NameIDType;
@@ -429,8 +430,18 @@ public class EidasProxyServiceController extends AbstractController implements I
     log.trace("eIDAS Proxy-Service allows mandates for Connector: {}. Selecting profiles ... ", 
         spConfig.getUniqueIdentifier());
 
-    //check if legal person is requested 
-    if (EidasProxyServiceUtils.isLegalPersonRequested(eidasRequest)) {
+    if (EidasProxyServiceUtils.isLegalPersonRequested(eidasRequest) 
+        && EidasProxyServiceUtils.isNaturalPersonRequested(eidasRequest)) {
+      log.debug("Find requested attributes for legal and natural persons. Injecting mandate-profiles for both ... ");
+      spConfig.setMandateProfiles(ListUtils.union(       
+            KeyValueUtils.getListOfCsvValues(
+                spConfig.getConfigurationValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL)),
+            KeyValueUtils.getListOfCsvValues(
+                spConfig.getConfigurationValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL))));      
+      spConfig.setMandateMode(SpMandateModes.BOTH);
+      
+    } else if (EidasProxyServiceUtils.isLegalPersonRequested(eidasRequest)) {
+      //check if legal person is requested
       spConfig.setMandateProfiles(KeyValueUtils.getListOfCsvValues(
           spConfig.getConfigurationValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL)));      
       spConfig.setMandateMode(SpMandateModes.LEGAL_FORCE);
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
index b491c2bf..830360e0 100644
--- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
@@ -333,7 +333,7 @@ public class EidasProxyServiceControllerTest {
     
     
   }
-
+  
   @Test
   public void validAuthnRequestWithMandatesDefaultProfilesNat() throws IOException, EaafException {       
     //initialize state
@@ -664,6 +664,73 @@ public class EidasProxyServiceControllerTest {
     
   }
   
+  @Test
+  public void validAuthnRequestWithMandatesProfilesBoth() throws IOException, EaafException {       
+    //initialize state
+    httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));    
+    String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+    String issuer = RandomStringUtils.randomAlphabetic(10);
+    LightRequest.Builder authnReqBuilder = LightRequest.builder()
+        .id(UUID.randomUUID().toString())
+        .issuer(issuer)
+        .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .spCountryCode(spCountryCode)
+        .spType("public")
+        .requestedAttributes(ImmutableAttributeMap.builder()
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+            .build());
+    
+
+    // set default mandate configuration    
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true");
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, 
+        StringUtils.join(Arrays.asList(
+            RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ","));
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, 
+        StringUtils.join(Arrays.asList(
+            RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ","));
+    
+    
+    // add custom SP config to allow both MDS in single request
+    addConnectorConfig(25,  MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_UNIQUEID, issuer);
+    addConnectorConfig(25,  MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_COUNTRYCODE, spCountryCode);
+    addConnectorConfig(25,  MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_ENABLED, "true");
+
+    List<String> mandateProfilesNat = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+    List<String> mandateProfilesJur = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));   
+    addConnectorConfig(25,  MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL, 
+        StringUtils.join(mandateProfilesJur, ","));
+    addConnectorConfig(25,  MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL, 
+        StringUtils.join(mandateProfilesNat, ","));    
+    addConnectorConfig(25,  MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_VALIDATION_ATTR_MDS, "false");
+    
+    proxyService.setiLightRequest(authnReqBuilder.build());
+   
+    
+    //execute
+    controller.receiveEidasAuthnRequest(httpReq, httpResp);
+    
+    //validate state
+    ServiceProviderConfiguration spConfig = 
+        authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class);
+    assertNotNull("mandateprofiles", spConfig.getMandateProfiles());
+    assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty());
+    assertEquals("mandateprofile size", mandateProfilesNat.size() + mandateProfilesJur.size(), spConfig.getMandateProfiles().size());
+    spConfig.getMandateProfiles().stream()
+        .forEach(el -> assertTrue("missing mandateProfile: " + el, 
+            mandateProfilesNat.contains(el) || mandateProfilesJur.contains(el)));
+    assertEquals("MandateMode", SpMandateModes.BOTH, spConfig.getMandateMode());    
+    
+    assertEquals("requested IDA attributes", 10, spConfig.getRequestedAttributes().size());
+    
+  }
+  
   private void addConnectorConfig(int i, String key, String value) {
     config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_PREFIX + String.valueOf(i)  + "." + key, 
         value);