aboutsummaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authorThomas <>2022-08-17 09:53:46 +0200
committerThomas <>2022-08-17 09:53:46 +0200
commit920d33465e5ab1a71d81cc280e41de10cd8b5247 (patch)
tree1cf2bf2853d604d8579cc3f5bf411d10f80c0207 /modules
parentee60dcbde9210e6ecf417af9fd7e4f13e8d95bbd (diff)
downloadNational_eIDAS_Gateway-920d33465e5ab1a71d81cc280e41de10cd8b5247.tar.gz
National_eIDAS_Gateway-920d33465e5ab1a71d81cc280e41de10cd8b5247.tar.bz2
National_eIDAS_Gateway-920d33465e5ab1a71d81cc280e41de10cd8b5247.zip
feat(eidas): extend EJusticePersonRoleHandler to include additional requested attributes
Diffstat (limited to 'modules')
-rw-r--r--modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java22
-rw-r--r--modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerBorisTest.java197
-rw-r--r--modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java8
-rw-r--r--modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties1
-rw-r--r--modules/eidas_proxy-sevice/src/test/resources/config/junit_config_2.properties18
-rw-r--r--modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_mapConfig2.xml20
6 files changed, 259 insertions, 7 deletions
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
index 87a033eb..6a5e4967 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
@@ -33,6 +33,9 @@ public class EJusticePersonRoleHandler implements IEidasAttributeHandler {
public static final String CONFIG_PROP_IDA_MANDATE_PROFILE = "advanced.attributes.ejusticerole.mandate.profiles";
public static final String CONFIG_PROP_IDA_MANDATE_MODE = "advanced.attributes.ejusticerole.mandate.mode";
+ public static final String CONFIG_PROP_IDA_ADDITIONAL_ATTRIBUTES =
+ "advanced.attributes.ejusticerole.additional.ida.attributes";
+
public static final String CONFIG_PROP_RESULT_PREFIX = "advanced.attributes.ejusticerole.value";
public static final String CONFIG_PROP_RESULT_VALUE_DELIMITER = "=";
@@ -41,14 +44,21 @@ public class EJusticePersonRoleHandler implements IEidasAttributeHandler {
private SpMandateModes mandateMode;
private List<String> mandateProfiles;
+ private List<String> additionalReqAttributes;
private Map<String, String> resultMapper;
@Override
public void performSpConfigPostprocessing(ServiceProviderConfiguration spConfig) {
spConfig.setMandateMode(mandateMode);
- spConfig.setMandateProfiles(mandateProfiles);
+ spConfig.setMandateProfiles(mandateProfiles);
log.info("Enforcing mandate-mode: {} with profile: {}", mandateMode, mandateProfiles);
+ if (!additionalReqAttributes.isEmpty()) {
+ spConfig.getRequestedAttributes().addAll(additionalReqAttributes);
+ log.info("Add additional requested attributes: {}", additionalReqAttributes);
+
+ }
+
}
@Override
@@ -80,8 +90,10 @@ public class EJusticePersonRoleHandler implements IEidasAttributeHandler {
@PostConstruct
private void initialize() throws EaafConfigurationException {
- mandateMode = SpMandateModes.fromString(loadConfigValue(CONFIG_PROP_IDA_MANDATE_MODE));
- mandateProfiles = KeyValueUtils.getListOfCsvValues(loadConfigValue(CONFIG_PROP_IDA_MANDATE_PROFILE));
+ mandateMode = SpMandateModes.fromString(loadConfigValue(CONFIG_PROP_IDA_MANDATE_MODE, true));
+ mandateProfiles = KeyValueUtils.getListOfCsvValues(loadConfigValue(CONFIG_PROP_IDA_MANDATE_PROFILE, true));
+ additionalReqAttributes = KeyValueUtils.getListOfCsvValues(
+ loadConfigValue(CONFIG_PROP_IDA_ADDITIONAL_ATTRIBUTES, false));
resultMapper = config.getBasicConfigurationWithPrefix(CONFIG_PROP_RESULT_PREFIX).values().stream()
.filter(el -> el.contains(CONFIG_PROP_RESULT_VALUE_DELIMITER))
.collect(Collectors.toMap(x -> split(x, 0), x -> split(x, 1)));
@@ -111,9 +123,9 @@ public class EJusticePersonRoleHandler implements IEidasAttributeHandler {
}
- private String loadConfigValue(String configProp) throws EaafConfigurationException {
+ private String loadConfigValue(String configProp, boolean isRequired) throws EaafConfigurationException {
String value = config.getBasicConfiguration(configProp);
- if (StringUtils.isEmpty(value)) {
+ if (StringUtils.isEmpty(value) && isRequired) {
throw new EaafConfigurationException("internal.configuration.00",
new Object[]{configProp});
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerBorisTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerBorisTest.java
new file mode 100644
index 00000000..dfa4e264
--- /dev/null
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerBorisTest.java
@@ -0,0 +1,197 @@
+package at.asitplus.eidas.specific.modules.msproxyservice.test.protocol;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.util.Arrays;
+import java.util.List;
+import java.util.UUID;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
+import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
+import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
+import at.asitplus.eidas.specific.modules.core.eidas.test.dummy.DummySpecificCommunicationService;
+import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants;
+import at.asitplus.eidas.specific.modules.msproxyservice.protocol.EidasProxyServiceController;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyProtocolAuthService;
+import eu.eidas.auth.commons.EidasParameterKeys;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.light.impl.LightRequest;
+import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames;
+import eu.eidas.specificcommunication.protocol.SpecificCommunicationService;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(locations = {
+ "/spring/SpringTest-context_basic_test.xml",
+ "/spring/SpringTest-context_basic_mapConfig2.xml",
+ })
+@EnableWebMvc
+public class EidasProxyServiceControllerBorisTest {
+
+ @Autowired private EidasProxyServiceController controller;
+
+ @Autowired private DummySpecificCommunicationService proxyService;
+ @Autowired private DummyProtocolAuthService authService;
+ @Autowired private EidasAttributeRegistry attrRegistry;
+ @Autowired private ApplicationContext context;
+
+ @Autowired MsConnectorDummyConfigMap config;
+
+ private MockHttpServletRequest httpReq;
+ private MockHttpServletResponse httpResp;
+
+ private SpecificCommunicationService springManagedSpecificConnectorCommunicationService;
+
+ /**
+ * jUnit test set-up.
+ */
+ @Before
+ public void setUp() throws EaafStorageException, URISyntaxException {
+ httpReq = new MockHttpServletRequest("POST", "http://localhost/ms_connector/eidas/light/idp/redirect");
+ httpResp = new MockHttpServletResponse();
+ RequestContextHolder.resetRequestAttributes();
+ RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+ proxyService.setiLightRequest(null);
+ proxyService.setError(null);
+
+ config.putConfigValue("eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint",
+ "http://eidas.proxy/endpoint");
+
+ springManagedSpecificConnectorCommunicationService =
+ (SpecificCommunicationService) context.getBean(
+ SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE
+ .toString());
+
+ }
+
+ @Test
+ public void validAuthnRequestWithBorisAttributeLegal() throws IOException, EaafException {
+ //initialize state
+ httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));
+ String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+ String issuer = RandomStringUtils.randomAlphabetic(10);
+ LightRequest.Builder authnReqBuilder = LightRequest.builder()
+ .id(UUID.randomUUID().toString())
+ .issuer(issuer)
+ .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+ .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+ .spCountryCode(spCountryCode)
+ .spType("public")
+ .requestedAttributes(ImmutableAttributeMap.builder()
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+ EidasConstants.eIDAS_ATTR_LEGALNAME).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+ EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+ "eJusticeLegalPersonRole").first())
+ .build());
+
+ proxyService.setiLightRequest(authnReqBuilder.build());
+
+
+ // set default mandate configuration
+ List<String> mandateProfilesNat =
+ Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+ List<String> mandateProfilesJur =
+ Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+ config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true");
+ config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL,
+ StringUtils.join(mandateProfilesNat, ","));
+ config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL,
+ StringUtils.join(mandateProfilesJur, ","));
+
+
+ //execute
+ controller.receiveEidasAuthnRequest(httpReq, httpResp);
+
+ //validate state
+ ServiceProviderConfiguration spConfig =
+ authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class);
+ assertNotNull("mandateprofiles", spConfig.getMandateProfiles());
+ assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty());
+ assertEquals("mandateprofile size", 1, spConfig.getMandateProfiles().size());
+ assertEquals("mandateprofile", "MUST_BE_UPDATED", spConfig.getMandateProfiles().get(0));
+ assertEquals("MandateMode", SpMandateModes.LEGAL, spConfig.getMandateMode());
+
+ assertEquals("requested IDA attributes", 10, spConfig.getRequestedAttributes().size());
+
+ }
+
+ @Test
+ public void validAuthnRequestWithBorisAttributeNat() throws IOException, EaafException {
+ //initialize state
+ httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));
+ String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+ String issuer = RandomStringUtils.randomAlphabetic(10);
+ LightRequest.Builder authnReqBuilder = LightRequest.builder()
+ .id(UUID.randomUUID().toString())
+ .issuer(issuer)
+ .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+ .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+ .spCountryCode(spCountryCode)
+ .spType("public")
+ .requestedAttributes(ImmutableAttributeMap.builder()
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+ EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+ "eJusticeNaturalPersonRole").first())
+ .build());
+
+ proxyService.setiLightRequest(authnReqBuilder.build());
+
+
+ // set default mandate configuration
+ List<String> mandateProfilesNat =
+ Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+ List<String> mandateProfilesJur =
+ Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+ config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true");
+ config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL,
+ StringUtils.join(mandateProfilesNat, ","));
+ config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL,
+ StringUtils.join(mandateProfilesJur, ","));
+
+
+ //execute
+ controller.receiveEidasAuthnRequest(httpReq, httpResp);
+
+ //validate state
+ ServiceProviderConfiguration spConfig =
+ authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class);
+ assertNotNull("mandateprofiles", spConfig.getMandateProfiles());
+ assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty());
+ assertEquals("mandateprofile size", 1, spConfig.getMandateProfiles().size());
+ assertEquals("mandateprofile", "MUST_BE_UPDATED", spConfig.getMandateProfiles().get(0));
+ assertEquals("MandateMode", SpMandateModes.LEGAL, spConfig.getMandateMode());
+
+ assertEquals("requested IDA attributes", 6, spConfig.getRequestedAttributes().size());
+
+ }
+
+}
+
+
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
index 4f62b2eb..5894ea45 100644
--- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
@@ -781,7 +781,7 @@ public class EidasProxyServiceControllerTest {
assertEquals("mandateprofile", "MUST_BE_UPDATED", spConfig.getMandateProfiles().get(0));
assertEquals("MandateMode", SpMandateModes.LEGAL, spConfig.getMandateMode());
- assertEquals("requested IDA attributes", 10, spConfig.getRequestedAttributes().size());
+ assertEquals("requested IDA attributes", 11, spConfig.getRequestedAttributes().size());
}
@@ -832,7 +832,11 @@ public class EidasProxyServiceControllerTest {
assertEquals("mandateprofile", "MUST_BE_UPDATED", spConfig.getMandateProfiles().get(0));
assertEquals("MandateMode", SpMandateModes.LEGAL, spConfig.getMandateMode());
- assertEquals("requested IDA attributes", 6, spConfig.getRequestedAttributes().size());
+ assertEquals("requested IDA attributes", 7, spConfig.getRequestedAttributes().size());
+ assertTrue("missing additional attribute", spConfig.getRequestedAttributes().stream()
+ .filter(el -> el.equals("testAttribute"))
+ .findFirst()
+ .isPresent());
}
diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
index 8963129e..90b44868 100644
--- a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
+++ b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
@@ -14,5 +14,6 @@ eidas.ms.auth.eIDAS.proxy.attribute.mapping.config=idaAttributeMapping.json
# BORIS attribute for eJustice
eidas.ms.advanced.attributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED
eidas.ms.advanced.attributes.ejusticerole.mandate.mode=legal
+eidas.ms.advanced.attributes.ejusticerole.additional.ida.attributes=testAttribute
eidas.ms.advanced.attributes.ejusticerole.value.1=MUST_BE_UPDATED=VIP1
eidas.ms.advanced.attributes.ejusticerole.value.2=SECOND=VIP2
diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_2.properties b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_2.properties
new file mode 100644
index 00000000..8963129e
--- /dev/null
+++ b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_2.properties
@@ -0,0 +1,18 @@
+## Basic service configuration
+eidas.ms.context.url.prefix=http://localhost
+eidas.ms.context.url.request.validation=false
+
+eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy
+eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint=http://eidas.proxy/endpoint
+
+eidas.ms.auth.eIDAS.proxy.attribute.mapping.config=idaAttributeMapping.json
+
+
+#############################################################################
+## advanced eIDAS attribute processing
+
+# BORIS attribute for eJustice
+eidas.ms.advanced.attributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED
+eidas.ms.advanced.attributes.ejusticerole.mandate.mode=legal
+eidas.ms.advanced.attributes.ejusticerole.value.1=MUST_BE_UPDATED=VIP1
+eidas.ms.advanced.attributes.ejusticerole.value.2=SECOND=VIP2
diff --git a/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_mapConfig2.xml b/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_mapConfig2.xml
new file mode 100644
index 00000000..dfe98ea5
--- /dev/null
+++ b/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_mapConfig2.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <context:annotation-config />
+
+ <bean id="dummyMapBasedConfiguration"
+ class="at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap">
+ <constructor-arg value="/config/junit_config_2.properties" />
+ <property name="configRootDirSufix" value="src/test/resources/config" />
+ </bean>
+
+</beans> \ No newline at end of file