diff options
9 files changed, 203 insertions, 221 deletions
diff --git a/basicConfig/ms-proxyservice/misc/idaAttributeMapping.json b/basicConfig/ms-proxyservice/misc/idaAttributeMapping.json index 3de4b8a9..bc1fe60c 100644 --- a/basicConfig/ms-proxyservice/misc/idaAttributeMapping.json +++ b/basicConfig/ms-proxyservice/misc/idaAttributeMapping.json @@ -128,7 +128,7 @@ }, { "eidasAttribute": "http://e-justice.europa.eu/attributes/naturalperson/eJusticeNaturalPersonRole", - "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticePersonRoleHandler", + "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticWorkaroundPersonRoleHandler", "type": { "mds": false, "autoIncludeWithMandates": false diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticWorkaroundPersonRoleHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticWorkaroundPersonRoleHandler.java new file mode 100644 index 00000000..6f855c14 --- /dev/null +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticWorkaroundPersonRoleHandler.java @@ -0,0 +1,35 @@ +package at.asitplus.eidas.specific.modules.msproxyservice.handler; + +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; +import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData; +import lombok.NonNull; +import lombok.extern.slf4j.Slf4j; + + +/** + * eJustic PersonRole attribute-handler for natural-person use-cases only. + * + * <p>In that special case, the legal-person mandate will be ignored and + * eIDAS response looks like a normal authentication without mandates.</p> + * + * @author tlenz + * + */ +@Slf4j +public class EJusticWorkaroundPersonRoleHandler extends EJusticePersonRoleHandler { + + @Override + public void performAuthDataPostprocessing(@NonNull IEidAuthData authData) { + if (authData.isUseMandate()) { + log.info("eJusticeNaturalPersonRole was requested by SP. " + + "Perform work-around and partially ignoring mandate from IDA system ... "); + ((EidAuthenticationData)authData).setUseMandate(false); + + } else { + log.info("eJustice attribute was requested but no mandate from ID Austria. " + + "Something looks wrong, but use it as it is."); + + } + } + +} diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java index 6a5e4967..f8c14ceb 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java @@ -57,7 +57,13 @@ public class EJusticePersonRoleHandler implements IEidasAttributeHandler { spConfig.getRequestedAttributes().addAll(additionalReqAttributes); log.info("Add additional requested attributes: {}", additionalReqAttributes); - } + } + } + + @Override + public void performAuthDataPostprocessing(@NonNull IEidAuthData authData) { + log.trace("{} needs no post processing of authData, because we are in regular mode of operation.", + EJusticePersonRoleHandler.class.getName()); } diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java index 5a9c8d8c..36deba30 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java @@ -23,6 +23,15 @@ public interface IEidasAttributeHandler { /** + * Perform attribute-specific post-processing of authentication information. + * + * @param authData authentication information from ID Austria system that should be post processed. + */ + @NonNull + void performAuthDataPostprocessing(@NonNull IEidAuthData authData); + + + /** * Build eIDAS attribute-value from authentication data. * * @param eidAuthData Authentication data for current process diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java index f1cb8f0b..7d01deda 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java @@ -1,8 +1,11 @@ package at.asitplus.eidas.specific.modules.msproxyservice.protocol; import java.io.IOException; +import java.util.Objects; import java.util.Optional; +import java.util.Set; import java.util.UUID; +import java.util.stream.Collectors; import javax.annotation.PostConstruct; import javax.servlet.ServletException; @@ -205,9 +208,14 @@ public class ProxyServiceAuthenticationAction implements IAction { } + + private ImmutableAttributeMap buildAttributesFromAuthData(IAuthData authData, ILightRequest eidasReq) { - final IEidAuthData eidAuthData = (IEidAuthData) authData; + + // eIDAS Out-Going and attribute-specific post-processing of authentication data + final IEidAuthData eidAuthData = performAuthdataPostprocessing(authData, eidasReq); + final ImmutableAttributeMap.Builder attributeMap = ImmutableAttributeMap.builder(); // inject all requested attributres @@ -369,5 +377,46 @@ public class ProxyServiceAuthenticationAction implements IAction { PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class)); } + + /** + * Post-processing of authentication data based on requested attributes. + * + * @param authData Authentication data from ID Austria system. + * @param eidasRequest AuthnRequest from foreign country + * @return AuthnRequest specific modification of authentication data + */ + private IEidAuthData performAuthdataPostprocessing(IAuthData authData, ILightRequest eidasRequest) { + IEidAuthData idaAuthData = (IEidAuthData) authData; + + // select advanced attribute handler + Set<String> requiredHandlers = eidasRequest.getRequestedAttributes().getAttributeMap().keySet().stream() + .map(el -> attrRegistry.mapEidasAttributeToAttributeHandler(el.getNameUri().toString()).orElse(null)) + .filter(Objects::nonNull) + .distinct() + .collect(Collectors.toSet()); + + if (!requiredHandlers.isEmpty()) { + log.info("eIDAS requested attributes requires #{} specific attribute-hander. " + + "Starting advanced post-processing of authentication data ... ", requiredHandlers.size()); + requiredHandlers.forEach(el -> executeAttributeHandler(el, idaAuthData)); + + } + + return idaAuthData; + + } + + private void executeAttributeHandler(String handlerClass, IEidAuthData authData) { + try { + IEidasAttributeHandler handler = context.getBean(handlerClass, IEidasAttributeHandler.class); + + log.trace("Perfom authData post-processing by using: {}", handler.getClass().getName()); + handler.performAuthDataPostprocessing(authData); + + } catch (Exception e) { + log.error("No custom attribute-handler implementation for: {}. Operation can NOT be performed", handlerClass, e); + + } + } } diff --git a/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml b/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml index 38bd44da..361802eb 100644 --- a/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml +++ b/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml @@ -38,4 +38,7 @@ <bean id="at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticePersonRoleHandler" class="at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticePersonRoleHandler" /> + <bean id="at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticWorkaroundPersonRoleHandler" + class="at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticWorkaroundPersonRoleHandler" /> + </beans>
\ No newline at end of file diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java index d9bc017c..407da198 100644 --- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java +++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java @@ -10,7 +10,6 @@ import static org.junit.Assert.assertTrue; import java.net.URISyntaxException; import java.net.URLDecoder; -import java.time.Instant; import java.util.Arrays; import java.util.HashMap; import java.util.Map; @@ -43,12 +42,11 @@ import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServicePe import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; -import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues; import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; -import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface; import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData; import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; @@ -58,6 +56,7 @@ import eu.eidas.auth.commons.light.impl.LightRequest.Builder; import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; import eu.eidas.specificcommunication.exception.SpecificCommunicationException; import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; +import lombok.SneakyThrows; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(locations = { @@ -350,15 +349,15 @@ public class ProxyServiceAuthenticationActionTest { public void responseWithJurMandate() throws EaafException, SpecificCommunicationException { Map<String, Object> attr = new HashMap<>(); attr.put(PvpAttributeDefinitions.BPK_NAME, - "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); - + "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, RandomStringUtils.randomAlphabetic(10)); - + + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) @@ -402,8 +401,6 @@ public class ProxyServiceAuthenticationActionTest { Map<String, Object> attr = new HashMap<>(); attr.put(PvpAttributeDefinitions.BPK_NAME, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, RandomStringUtils.randomAlphabetic(10)); @@ -411,13 +408,15 @@ public class ProxyServiceAuthenticationActionTest { RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME, "MUST_BE_UPDATED"); + + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first()) - .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first()) .build()); pendingReq.setEidasRequest(eidasRequestBuilder.build()); @@ -429,7 +428,7 @@ public class ProxyServiceAuthenticationActionTest { Assert.assertNotNull("Result should be not null", result); ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); - assertEquals("wrong attr. size", 8, respAttr.size()); + assertEquals("wrong attr. size", 7, respAttr.size()); checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, (String) attr.get(PvpAttributeDefinitions.BPK_NAME)); checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName()); @@ -442,7 +441,6 @@ public class ProxyServiceAuthenticationActionTest { (String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME)); checkAttrValue(respAttr, "eJusticeLegalPersonRole", "VIP1"); - checkAttrValue(respAttr, "eJusticeNaturalPersonRole", "VIP1"); assertNull("find nat. person subject: personalId", getAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER)); @@ -460,8 +458,6 @@ public class ProxyServiceAuthenticationActionTest { Map<String, Object> attr = new HashMap<>(); attr.put(PvpAttributeDefinitions.BPK_NAME, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, RandomStringUtils.randomAlphabetic(10)); @@ -470,12 +466,14 @@ public class ProxyServiceAuthenticationActionTest { attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME, "SECOND"); + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first()) - .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first()) .build()); pendingReq.setEidasRequest(eidasRequestBuilder.build()); @@ -487,12 +485,52 @@ public class ProxyServiceAuthenticationActionTest { Assert.assertNotNull("Result should be not null", result); ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); - assertEquals("wrong attr. size", 8, respAttr.size()); + assertEquals("wrong attr. size", 7, respAttr.size()); checkAttrValue(respAttr, "eJusticeLegalPersonRole", "VIP2"); - checkAttrValue(respAttr, "eJusticeNaturalPersonRole", "VIP2"); - + + } + + @Test + public void borisModeNatPersonResponse() throws EaafException, SpecificCommunicationException { + Map<String, Object> attr = new HashMap<>(); + attr.put(PvpAttributeDefinitions.BPK_NAME, + "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); + String familyName = RandomStringUtils.randomAlphanumeric(10); + + attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME, + "SECOND"); + + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + familyName, RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + + LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); + eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first()) + .build()); + pendingReq.setEidasRequest(eidasRequestBuilder.build()); + + + //perform test + SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); + + //validate state + Assert.assertNotNull("Result should be not null", result); + ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); + assertEquals("wrong attr. size", 5, respAttr.size()); + + checkAttrValue(respAttr, "eJusticeNaturalPersonRole", "VIP2"); + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, familyName); + } @Test @@ -500,20 +538,21 @@ public class ProxyServiceAuthenticationActionTest { Map<String, Object> attr = new HashMap<>(); attr.put(PvpAttributeDefinitions.BPK_NAME, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, RandomStringUtils.randomAlphabetic(10)); + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + + LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first()) - .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first()) .build()); pendingReq.setEidasRequest(eidasRequestBuilder.build()); @@ -534,8 +573,6 @@ public class ProxyServiceAuthenticationActionTest { Map<String, Object> attr = new HashMap<>(); attr.put(PvpAttributeDefinitions.BPK_NAME, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, RandomStringUtils.randomAlphabetic(10)); @@ -543,12 +580,14 @@ public class ProxyServiceAuthenticationActionTest { RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME, ""); + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first()) - .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first()) .build()); pendingReq.setEidasRequest(eidasRequestBuilder.build()); @@ -568,9 +607,7 @@ public class ProxyServiceAuthenticationActionTest { public void borisModeUnknownMandateType() throws EaafException, SpecificCommunicationException { Map<String, Object> attr = new HashMap<>(); attr.put(PvpAttributeDefinitions.BPK_NAME, - "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, RandomStringUtils.randomAlphabetic(10)); @@ -578,12 +615,14 @@ public class ProxyServiceAuthenticationActionTest { RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME, RandomStringUtils.randomAlphanumeric(10)); + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first()) - .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first()) .build()); pendingReq.setEidasRequest(eidasRequestBuilder.build()); @@ -616,8 +655,7 @@ public class ProxyServiceAuthenticationActionTest { RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, "1985-11-15"); - - + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); @@ -649,14 +687,15 @@ public class ProxyServiceAuthenticationActionTest { Map<String, Object> attr = new HashMap<>(); attr.put(PvpAttributeDefinitions.BPK_NAME, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); - + attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, RandomStringUtils.randomAlphabetic(10)); + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + //perform test SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); @@ -689,13 +728,14 @@ public class ProxyServiceAuthenticationActionTest { Map<String, Object> attr = new HashMap<>(); attr.put(PvpAttributeDefinitions.BPK_NAME, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, - RandomStringUtils.randomAlphabetic(10)); + RandomStringUtils.randomAlphabetic(10)); + + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); //perform test SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); @@ -726,6 +766,7 @@ public class ProxyServiceAuthenticationActionTest { } + @SneakyThrows private IAuthData generateDummyAuthData() { return generateDummyAuthData(new HashMap<>(), EaafConstants.EIDAS_LOA_LOW, RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1940-01-01", false); @@ -792,191 +833,30 @@ public class ProxyServiceAuthenticationActionTest { ); } + @SneakyThrows private IAuthData generateDummyAuthData(Map<String, Object> attrs, String loa, String familyName, String givenName, String dateOfBirth, boolean useMandates) { attrs.put(PvpAttributeDefinitions.BIRTHDATE_NAME, dateOfBirth); attrs.put(PvpAttributeDefinitions.GIVEN_NAME_NAME, givenName); attrs.put(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, familyName); - - return new IEidAuthData() { - - @Override - public boolean isSsoSession() { - // TODO Auto-generated method stub - return false; - } - - @Override - public boolean isForeigner() { - // TODO Auto-generated method stub - return false; - } - - @Override - public boolean isBaseIdTransferRestrication() { - // TODO Auto-generated method stub - return false; - } - - @Override - public Instant getSsoSessionValidTo() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getSessionIndex() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getNameIdFormat() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getNameID() { - // TODO Auto-generated method stub - return null; - } - - @Override - public IIdentityLink getIdentityLink() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getIdentificationValue() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getIdentificationType() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getGivenName() { - return givenName; - } - - @Override - public <T> T getGenericData(String key, Class<T> clazz) { - if (attrs.containsKey(key)) { - return (T) attrs.get(key); - - } else { - return null; - } - - } - - @Override - public String getDateOfBirth() { - return dateOfBirth; - } - - @Override - public String getFamilyName() { - return familyName; - } - - @Override - public String getEncryptedSourceIdType() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getEncryptedSourceId() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getEidasQaaLevel() { - return loa; - - } - - - @Override - public String getCiticenCountryCode() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getBpkType() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getBpk() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getAuthenticationIssuer() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getAuthenticationIssueInstantString() { - // TODO Auto-generated method stub - return null; - } - - @Override - public Instant getAuthenticationIssueInstant() { - // TODO Auto-generated method stub - return null; - } - - @Override - public byte[] getSignerCertificate() { - // TODO Auto-generated method stub - return null; - } - - @Override - public byte[] getEidToken() { - // TODO Auto-generated method stub - return null; - } - - @Override - public EidIdentityStatusLevelValues getEidStatus() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getVdaEndPointUrl() { - // TODO Auto-generated method stub - return null; - } - - @Override - public boolean isUseMandate() { - return useMandates; + + EidAuthenticationData dummyIdaData = new EidAuthenticationData(); + dummyIdaData.setUseMandate(useMandates); + dummyIdaData.setEidasLoa(loa); + dummyIdaData.setGivenName(givenName); + dummyIdaData.setFamilyName(familyName); + dummyIdaData.setDateOfBirth(dateOfBirth); + attrs.entrySet().forEach(el -> { + try { + dummyIdaData.setGenericData(el.getKey(), el.getValue()); + + } catch (EaafStorageException e) { + e.printStackTrace(); } - - @Override - public String getDateOfBirthFormated(String pattern) { - // TODO Auto-generated method stub - return null; - } - }; + }); + + return dummyIdaData; } } diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml b/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml index c7b40d90..a662c1ab 100644 --- a/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml +++ b/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml @@ -55,7 +55,7 @@ <entry key="4.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry> <entry key="5.NameUri">http://e-justice.europa.eu/attributes/legalperson/eJusticePersonRoleNotExist</entry> - <entry key="5.FriendlyName">eJusticeLegalPersonRole</entry> + <entry key="5.FriendlyName">eJusticeLegalPersonRoleNotExist</entry> <entry key="5.PersonType">LegalPerson</entry> <entry key="5.Required">false</entry> <entry key="5.XmlType.NamespaceUri">http://www.w3.org/2001/XMLSchema</entry> diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json index 96034d12..a7014e76 100644 --- a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json +++ b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json @@ -130,7 +130,7 @@ }, { "eidasAttribute": "http://e-justice.europa.eu/attributes/naturalperson/eJusticeNaturalPersonRole", - "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticePersonRoleHandler", + "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticWorkaroundPersonRoleHandler", "type": { "mds": false, "autoIncludeWithMandates": false |