aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule_id-austria/src
diff options
context:
space:
mode:
Diffstat (limited to 'eidas_modules/authmodule_id-austria/src')
-rw-r--r--eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/IdAustriaAuthConstants.java58
-rw-r--r--eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java29
-rw-r--r--eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java68
-rw-r--r--eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/controller/IdAustriaAuthMetadataControllerFirstTest.java4
-rw-r--r--eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java102
-rw-r--r--eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java45
-rw-r--r--eidas_modules/authmodule_id-austria/src/test/resources/data/Response_with_EID_with_mandate_jur.xml63
-rw-r--r--eidas_modules/authmodule_id-austria/src/test/resources/data/Response_with_EID_with_mandate_nat.xml66
8 files changed, 375 insertions, 60 deletions
diff --git a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/IdAustriaAuthConstants.java b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/IdAustriaAuthConstants.java
index 18eaee4b..982bfb4f 100644
--- a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/IdAustriaAuthConstants.java
+++ b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/IdAustriaAuthConstants.java
@@ -3,6 +3,8 @@ package at.asitplus.eidas.specific.modules.auth.idaustria;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
+import java.util.Set;
+import java.util.stream.Collectors;
import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.impl.data.Triple;
@@ -69,6 +71,36 @@ public class IdAustriaAuthConstants {
public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX
+ "required.additional.attributes";
+ public static final List<Triple<String, String, Boolean>> DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES =
+ Collections.unmodifiableList(new ArrayList<Triple<String, String, Boolean>>() {
+ private static final long serialVersionUID = 1L;
+ {
+ add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME,
+ PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false));
+ add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME,
+ PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false));
+ add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME,
+ PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false));
+ add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME,
+ PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false));
+
+ }
+ });
+
+ public static final List<Triple<String, String, Boolean>> DEFAULT_REQUIRED_MANDATE_JUR_PVP_ATTRIBUTES =
+ Collections.unmodifiableList(new ArrayList<Triple<String, String, Boolean>>() {
+ private static final long serialVersionUID = 1L;
+ {
+ add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
+ PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false));
+ add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
+ PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false));
+ add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME,
+ PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false));
+
+ }
+ });
+
public static final List<Triple<String, String, Boolean>> DEFAULT_REQUIRED_PVP_ATTRIBUTES =
Collections.unmodifiableList(new ArrayList<Triple<String, String, Boolean>>() {
private static final long serialVersionUID = 1L;
@@ -93,19 +125,21 @@ public class IdAustriaAuthConstants {
add(Triple.newInstance(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME,
PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, false));
+ // mandate attributes
+ add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_TYPE_NAME,
+ PvpAttributeDefinitions.MANDATE_TYPE_FRIENDLY_NAME, false));
+ add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_TYPE_OID_NAME,
+ PvpAttributeDefinitions.MANDATE_TYPE_OID_FRIENDLY_NAME, false));
+ addAll(DEFAULT_REQUIRED_MANDATE_JUR_PVP_ATTRIBUTES);
+ addAll(DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES);
+
}
});
- public static final List<String> DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES =
- Collections.unmodifiableList(new ArrayList<String>() {
- private static final long serialVersionUID = 1L;
- {
- for (final Triple<String, String, Boolean> el : DEFAULT_REQUIRED_PVP_ATTRIBUTES) {
- if (el.getThird()) {
- add(el.getFirst());
-
- }
- }
- }
- });
+ public static final Set<String> DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES =
+ DEFAULT_REQUIRED_PVP_ATTRIBUTES.stream()
+ .filter(el -> el.getThird())
+ .map(el -> el.getFirst())
+ .collect(Collectors.toSet());
+
}
diff --git a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java
index 5dc04800..2141fee8 100644
--- a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java
+++ b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java
@@ -1,7 +1,6 @@
package at.asitplus.eidas.specific.modules.auth.idaustria.tasks;
import java.io.IOException;
-import java.util.List;
import java.util.Set;
import javax.naming.ConfigurationException;
@@ -211,7 +210,7 @@ public class ReceiveFromIdAustriaSystemTask extends AbstractAuthServletTask {
private void getAuthDataFromInterfederation(AssertionAttributeExtractor extractor)
throws EaafBuilderException, ConfigurationException {
- final List<String> requiredEidasNodeAttributes =
+ final Set<String> requiredEidasNodeAttributes =
IdAustriaAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES;
try {
// check if all attributes are include
@@ -238,7 +237,7 @@ public class ReceiveFromIdAustriaSystemTask extends AbstractAuthServletTask {
extractor.getSingleAttributeValue(attrName));
}
-
+
// set foreigner flag
session.setForeigner(false);
@@ -248,7 +247,9 @@ public class ReceiveFromIdAustriaSystemTask extends AbstractAuthServletTask {
// set IssuerInstant from Assertion
session.setIssueInstant(extractor.getAssertionIssuingDate());
- // TODO: add mandates if SEMPER are integrated
+ // set mandate flag
+ session.setUseMandates(checkIfMandateInformationIsAvailable(extractor));
+
} catch (final EaafException | IOException e) {
throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e);
@@ -256,6 +257,20 @@ public class ReceiveFromIdAustriaSystemTask extends AbstractAuthServletTask {
}
}
+
+ /**
+ * Check if mandate information is available.
+ *
+ * @param extractor Assertion from ID Austria system.
+ * @return <code>true</code> if mandate was used, otherwise <code>false</code>
+ */
+ private boolean checkIfMandateInformationIsAvailable(AssertionAttributeExtractor extractor) {
+ boolean isMandateIncluded = extractor.containsAttribute(PvpAttributeDefinitions.MANDATE_TYPE_NAME);
+ log.debug("Response from ID-Austria system contains mandate information. Switch to mandate-mode ... ");
+ return isMandateIncluded;
+
+ }
+
private void validateResponseAttributes(AssertionAttributeExtractor extractor)
throws EaafAuthenticationException {
final String bpkTarget = extractor.getSingleAttributeValue(
@@ -295,14 +310,14 @@ public class ReceiveFromIdAustriaSystemTask extends AbstractAuthServletTask {
log.trace("Find bPK attribute. Extract eIDAS identifier ... ");
session.setGenericDataToSession(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER,
extractBpkFromResponse(attrValue));
-
- } else {
+
+ } else {
session.setGenericDataToSession(attrName, attrValue);
}
}
-
+
private String extractBpkFromResponse(String pvpBpkAttrValue) {
final String[] split = pvpBpkAttrValue.split(":", 2);
if (split.length == 2) {
diff --git a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java
index fc46ac8b..8151b429 100644
--- a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java
+++ b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java
@@ -14,6 +14,7 @@ import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.springframework.beans.factory.annotation.Autowired;
+import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration;
import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants;
import at.asitplus.eidas.specific.modules.auth.idaustria.config.IdAustriaAuthRequestBuilderConfiguration;
import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthCredentialProvider;
@@ -147,63 +148,52 @@ public class RequestIdAustriaSystemTask extends AbstractAuthServletTask {
final List<EaafRequestedAttribute> attributs = new ArrayList<>();
//build attribute that contains the unique identifier of the eIDAS-Connector
- final Attribute attrEidasConnectorId = PvpAttributeBuilder.buildEmptyAttribute(
- ExtendedPvpAttributeDefinitions.EIDAS_CONNECTOR_UNIQUEID_NAME);
- final EaafRequestedAttribute attrEidasConnectorIdReqAttr = Saml2Utils.generateReqAuthnAttributeSimple(
- attrEidasConnectorId,
- true,
+ injectAttribute(attributs, ExtendedPvpAttributeDefinitions.EIDAS_CONNECTOR_UNIQUEID_NAME,
pendingReq.getServiceProviderConfiguration().getUniqueIdentifier());
- attributs.add(attrEidasConnectorIdReqAttr);
-
-
+
// build EID sector for identification attribute
- final Attribute attr = PvpAttributeBuilder.buildEmptyAttribute(
- PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME);
- final EaafRequestedAttribute bpkTargetReqAttr = Saml2Utils.generateReqAuthnAttributeSimple(
- attr,
- true,
+ injectAttribute(attributs, PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME,
pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
- attributs.add(bpkTargetReqAttr);
-
// set requested LoA as attribute
- final Attribute loaAttr = PvpAttributeBuilder.buildEmptyAttribute(
- PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME);
- final EaafRequestedAttribute loaReqAttr = Saml2Utils.generateReqAuthnAttributeSimple(
- loaAttr,
- true,
+ injectAttribute(attributs, PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME,
selectHighestLoa(pendingReq.getServiceProviderConfiguration().getRequiredLoA()));
- attributs.add(loaReqAttr);
-
-
+
//set ProviderName if available
String providerName = ((ProxyServicePendingRequest)pendingReq).getEidasRequest().getProviderName();
if (StringUtils.isNotEmpty(providerName)) {
- final Attribute providerNameAttr = PvpAttributeBuilder.buildEmptyAttribute(
- ExtendedPvpAttributeDefinitions.SP_FRIENDLYNAME_NAME);
- final EaafRequestedAttribute providerNameReqAttr = Saml2Utils.generateReqAuthnAttributeSimple(
- providerNameAttr,
- true,
- providerName);
- attributs.add(providerNameReqAttr);
+ injectAttribute(attributs, ExtendedPvpAttributeDefinitions.SP_FRIENDLYNAME_NAME, providerName);
}
-
-
+
//set ProviderName if available
String requesterId = ((ProxyServicePendingRequest)pendingReq).getEidasRequest().getRequesterId();
if (StringUtils.isNotEmpty(requesterId)) {
- final Attribute requesterIdAttr = PvpAttributeBuilder.buildEmptyAttribute(
- ExtendedPvpAttributeDefinitions.SP_UNIQUEID_NAME);
- final EaafRequestedAttribute requesterIdReqAttr = Saml2Utils.generateReqAuthnAttributeSimple(
- requesterIdAttr,
- true,
- requesterId);
- attributs.add(requesterIdReqAttr);
+ injectAttribute(attributs, ExtendedPvpAttributeDefinitions.SP_UNIQUEID_NAME, requesterId);
}
+ //set mandate profiles
+ List<String> mandateProfiles =
+ pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).getMandateProfiles();
+ if (mandateProfiles != null && !mandateProfiles.isEmpty()) {
+ log.debug("Set mandate-profiles attribute into ID-Austria request");
+ injectAttribute(attributs, ExtendedPvpAttributeDefinitions.SP_USED_MANDATE_PROFILES_NAME,
+ StringUtils.join(mandateProfiles, ","));
+
+ }
+
return attributs;
}
+ private void injectAttribute(List<EaafRequestedAttribute> attributs, String attributeName, String attributeValue) {
+ final Attribute requesterIdAttr = PvpAttributeBuilder.buildEmptyAttribute(attributeName);
+ final EaafRequestedAttribute requesterIdReqAttr = Saml2Utils.generateReqAuthnAttributeSimple(
+ requesterIdAttr,
+ true,
+ attributeValue);
+ attributs.add(requesterIdReqAttr);
+
+ }
+
}
diff --git a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/controller/IdAustriaAuthMetadataControllerFirstTest.java b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/controller/IdAustriaAuthMetadataControllerFirstTest.java
index ef0c4da0..d2a2556b 100644
--- a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/controller/IdAustriaAuthMetadataControllerFirstTest.java
+++ b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/controller/IdAustriaAuthMetadataControllerFirstTest.java
@@ -94,7 +94,7 @@ public class IdAustriaAuthMetadataControllerFirstTest {
controller.getSpMetadata(httpReq, httpResp);
//check result
- validateResponse(7);
+ validateResponse(16);
}
@@ -117,7 +117,7 @@ public class IdAustriaAuthMetadataControllerFirstTest {
controller.getSpMetadata(httpReq, httpResp);
//check result
- validateResponse(8);
+ validateResponse(17);
}
diff --git a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java
index a0446ad9..b3a5130f 100644
--- a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java
+++ b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java
@@ -1,6 +1,9 @@
package at.asitplus.eidas.specific.modules.auth.idaustria.test.task;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertThrows;
+import static org.junit.Assert.assertTrue;
import java.io.IOException;
import java.util.Arrays;
@@ -536,6 +539,8 @@ public class ReceiveAuthnResponseTaskTest {
Assert.assertNotNull("pendingReq not stored", storedReq);
final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
Assert.assertFalse("foreigner flag", session.isForeigner());
+ assertTrue("eidProcess flag", session.isEidProcess());
+ assertFalse("useMandate flag", session.isMandateUsed());
checkAttributeInSession(session,PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max");
checkAttributeInSession(session,PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann");
@@ -662,6 +667,103 @@ public class ReceiveAuthnResponseTaskTest {
}
+ @Test
+ public void httpPostValidSignedAssertionEidValidWithJurMandate() throws IOException, XMLParserException, UnmarshallingException,
+ MarshallingException, TransformerException, TaskExecutionException, EaafException {
+
+ oaParam.setBpkTargetIdentifier(EaafConstants.URN_PREFIX_EIDAS + "AT+XX");
+
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+
+ final Response response = initializeResponse(
+ "classpath:/data/idp_metadata_classpath_entity.xml",
+ "/data/Response_with_EID_with_mandate_jur.xml",
+ credentialProvider.getMessageSigningCredential(),
+ true);
+ httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
+ "UTF-8")));
+
+ // perform task
+ task.execute(pendingReq, executionContext);
+
+ // validate state
+ IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId());
+ Assert.assertNotNull("pendingReq not stored", storedReq);
+ final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ Assert.assertFalse("foreigner flag", session.isForeigner());
+ assertTrue("eidProcess flag", session.isEidProcess());
+ assertTrue("useMandate flag", session.isMandateUsed());
+
+ checkAttributeInSession(session, PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max");
+ checkAttributeInSession(session, PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann");
+ checkAttributeInSession(session, PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01");
+ checkAttributeInSession(session, PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, "http://eidas.europa.eu/LoA/high");
+ checkAttributeInSession(session, PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT");
+
+ checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_TYPE_NAME, "Generalvollmacht");
+ checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, "Testfirma");
+ checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, "999999m");
+ checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, "urn:publicid:gv.at:baseid+XERSB");
+
+ //pre-generated eIDAS identifer
+ checkAttributeInSession(session, MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcM4UcyhDTNGYmVdrIoY=");
+ assertNull("find nat. person bpk for mandator", session.getGenericDataFromSession(
+ PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, String.class));
+
+
+ }
+
+ @Test
+ public void httpPostValidSignedAssertionEidValidWithNatMandate() throws IOException, XMLParserException, UnmarshallingException,
+ MarshallingException, TransformerException, TaskExecutionException, EaafException {
+
+ oaParam.setBpkTargetIdentifier(EaafConstants.URN_PREFIX_EIDAS + "AT+XX");
+
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+
+ final Response response = initializeResponse(
+ "classpath:/data/idp_metadata_classpath_entity.xml",
+ "/data/Response_with_EID_with_mandate_nat.xml",
+ credentialProvider.getMessageSigningCredential(),
+ true);
+ httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
+ "UTF-8")));
+
+ // perform task
+ task.execute(pendingReq, executionContext);
+
+ // validate state
+ IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId());
+ Assert.assertNotNull("pendingReq not stored", storedReq);
+ final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ Assert.assertFalse("foreigner flag", session.isForeigner());
+ assertTrue("eidProcess flag", session.isEidProcess());
+ assertTrue("useMandate flag", session.isMandateUsed());
+
+ checkAttributeInSession(session, PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max");
+ checkAttributeInSession(session, PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann");
+ checkAttributeInSession(session, PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01");
+ checkAttributeInSession(session, PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, "http://eidas.europa.eu/LoA/high");
+ checkAttributeInSession(session, PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT");
+
+ checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_TYPE_NAME, "GeneralvollmachtBilateral");
+ checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, "Gerti");
+ checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, "Musterfrau");
+ checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, "01-02-1941");
+ checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, "AT+XX:AFSDAFSDFDSFCSDAFASDF=");
+
+
+ //pre-generated eIDAS identifer
+ checkAttributeInSession(session, MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER,
+ "QVGm48cqcM4UcyhDTNGYmVdrIoY=");
+
+
+ }
+
private void checkAttributeInSession(AuthProcessDataWrapper session, String attrName, String expected) {
String value = session.getGenericDataFromSession(attrName, String.class);
Assert.assertEquals("wrong attr. value", expected, value);
diff --git a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java
index e5493332..6dc8d415 100644
--- a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java
+++ b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java
@@ -1,12 +1,14 @@
package at.asitplus.eidas.specific.modules.auth.idaustria.test.task;
import static org.junit.Assert.assertThrows;
+import static org.junit.Assert.assertTrue;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
import java.util.UUID;
@@ -45,6 +47,7 @@ import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory;
import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
@@ -290,6 +293,48 @@ public class RequestIdAustriaSystemTaskTest {
}
+ @Test
+ public void successWithMandates() throws Pvp2InternalErrorException, SecurityException, Exception {
+ metadataProvider.addMetadataResolverIntoChain(
+ metadataFactory.createMetadataProvider(METADATA_PATH, null, "jUnitTest", null));
+
+ LightRequest.Builder eidasRequestBuilder = LightRequest.builder()
+ .id(UUID.randomUUID().toString())
+ .issuer(RandomStringUtils.randomAlphabetic(10))
+ .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+ .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+ .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+ .spType("public")
+ .requesterId(RandomStringUtils.randomAlphanumeric(10))
+ .providerName(RandomStringUtils.randomAlphanumeric(10));
+ LightRequest eidasReq = eidasRequestBuilder.build();
+ pendingReq.setEidasRequest(eidasReq);
+
+ List<String> mandateProfiles = Arrays.asList(
+ RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+ oaParam.setMandateProfiles(mandateProfiles);
+
+ //execute test
+ task.execute(pendingReq, executionContext);
+
+ //validate state
+ final EaafRequestedAttributes reqAttr = validate();
+ Assert.assertEquals("#Req Attribute", 6, reqAttr.getAttributes().size());
+
+ Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderMandateProfiles",
+ reqAttr.getAttributes().get(5).getName());
+ Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(1).getAttributeValues());
+ Assert.assertEquals("#Req. Attr value", 1,
+ reqAttr.getAttributes().get(5).getAttributeValues().size());
+ org.springframework.util.Assert.isInstanceOf(XSString.class,
+ reqAttr.getAttributes().get(5).getAttributeValues().get(0), "Wrong requested Attributes Value type");
+
+ List<String> reqProfiles = KeyValueUtils.getListOfCsvValues(
+ ((XSString)reqAttr.getAttributes().get(5).getAttributeValues().get(0)).getValue());
+ reqProfiles.stream().forEach(el -> assertTrue("missing profile: " + el, mandateProfiles.contains(el)));
+
+ }
+
private EaafRequestedAttributes validate() throws Pvp2InternalErrorException, SecurityException, Exception {
Assert.assertEquals("HTTP Statuscode", 200, httpResp.getStatus());
Assert.assertEquals("ContentType", "text/html;charset=UTF-8", httpResp.getContentType());
diff --git a/eidas_modules/authmodule_id-austria/src/test/resources/data/Response_with_EID_with_mandate_jur.xml b/eidas_modules/authmodule_id-austria/src/test/resources/data/Response_with_EID_with_mandate_jur.xml
new file mode 100644
index 00000000..da97bbf4
--- /dev/null
+++ b/eidas_modules/authmodule_id-austria/src/test/resources/data/Response_with_EID_with_mandate_jur.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/sp/idaustria/eidas/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+ <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">classpath:/data/idp_metadata_classpath_entity.xml</saml2:Issuer>
+ <saml2p:Status>
+ <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+ </saml2p:Status>
+ <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_602c3236bffaf71ac3ac88674e76ff9f" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0">
+ <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata</saml2:Issuer>
+ <saml2:Subject>
+ <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID>
+ <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+ <saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/sp/eidas/post"/>
+ </saml2:SubjectConfirmation>
+ </saml2:Subject>
+ <saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2035-03-05T06:44:51.017Z">
+ <saml2:AudienceRestriction>
+ <saml2:Audience>https://localhost/authhandler/sp/idaustria/eidas/metadata</saml2:Audience>
+ </saml2:AudienceRestriction>
+ </saml2:Conditions>
+ <saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406">
+ <saml2:AuthnContext>
+ <saml2:AuthnContextClassRef>http://eidas.europa.eu/LoA/high</saml2:AuthnContextClassRef>
+ </saml2:AuthnContext>
+ </saml2:AuthnStatement>
+ <saml2:AttributeStatement>
+ <saml2:Attribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">2.1</saml2:AttributeValue>
+ </saml2:Attribute>
+ <saml2:Attribute FriendlyName="EID-CITIZEN-QAA- EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">http://eidas.europa.eu/LoA/high</saml2:AttributeValue>
+ </saml2:Attribute>
+ <saml2:Attribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">AT</saml2:AttributeValue>
+ </saml2:Attribute>
+ <saml2:Attribute FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Mustermann</saml2:AttributeValue>
+ </saml2:Attribute>
+ <saml2:Attribute FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Max</saml2:AttributeValue>
+ </saml2:Attribute>
+ <saml2:Attribute FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1940-01-01</saml2:AttributeValue>
+ </saml2:Attribute>
+ <saml2:Attribute FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">AT+XX:QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:AttributeValue>
+ </saml2:Attribute>
+
+ <saml2:Attribute FriendlyName="MANDATE-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.68" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Generalvollmacht</saml2:AttributeValue>
+ </saml2:Attribute>
+ <saml2:Attribute FriendlyName="MANDATOR-LEGAL-PERSON-SOURCE-PIN" Name="urn:oid:1.2.40.0.10.2.1.1.261.100" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">999999m</saml2:AttributeValue>
+ </saml2:Attribute>
+ <saml2:Attribute FriendlyName="MANDATOR-LEGAL-PERSON-SOURCE-PIN-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.76" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:publicid:gv.at:baseid+XERSB</saml2:AttributeValue>
+ </saml2:Attribute>
+ <saml2:Attribute FriendlyName="MANDATOR-LEGAL-PERSON-FULL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.84" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Testfirma</saml2:AttributeValue>
+ </saml2:Attribute>
+
+ </saml2:AttributeStatement>
+ </saml2:Assertion>
+</saml2p:Response>
diff --git a/eidas_modules/authmodule_id-austria/src/test/resources/data/Response_with_EID_with_mandate_nat.xml b/eidas_modules/authmodule_id-austria/src/test/resources/data/Response_with_EID_with_mandate_nat.xml
new file mode 100644
index 00000000..8a84503d
--- /dev/null
+++ b/eidas_modules/authmodule_id-austria/src/test/resources/data/Response_with_EID_with_mandate_nat.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/sp/idaustria/eidas/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+ <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">classpath:/data/idp_metadata_classpath_entity.xml</saml2:Issuer>
+ <saml2p:Status>
+ <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+ </saml2p:Status>
+ <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_602c3236bffaf71ac3ac88674e76ff9f" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0">
+ <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata</saml2:Issuer>
+ <saml2:Subject>
+ <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID>
+ <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+ <saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/sp/eidas/post"/>
+ </saml2:SubjectConfirmation>
+ </saml2:Subject>
+ <saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2035-03-05T06:44:51.017Z">
+ <saml2:AudienceRestriction>
+ <saml2:Audience>https://localhost/authhandler/sp/idaustria/eidas/metadata</saml2:Audience>
+ </saml2:AudienceRestriction>
+ </saml2:Conditions>
+ <saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406">
+ <saml2:AuthnContext>
+ <saml2:AuthnContextClassRef>http://eidas.europa.eu/LoA/high</saml2:AuthnContextClassRef>
+ </saml2:AuthnContext>
+ </saml2:AuthnStatement>
+ <saml2:AttributeStatement>
+ <saml2:Attribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">2.1</saml2:AttributeValue>
+ </saml2:Attribute>
+ <saml2:Attribute FriendlyName="EID-CITIZEN-QAA- EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">http://eidas.europa.eu/LoA/high</saml2:AttributeValue>
+ </saml2:Attribute>
+ <saml2:Attribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">AT</saml2:AttributeValue>
+ </saml2:Attribute>
+ <saml2:Attribute FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Mustermann</saml2:AttributeValue>
+ </saml2:Attribute>
+ <saml2:Attribute FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Max</saml2:AttributeValue>
+ </saml2:Attribute>
+ <saml2:Attribute FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1940-01-01</saml2:AttributeValue>
+ </saml2:Attribute>
+ <saml2:Attribute FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">AT+XX:QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:AttributeValue>
+ </saml2:Attribute>
+
+ <saml2:Attribute FriendlyName="MANDATE-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.68" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">GeneralvollmachtBilateral</saml2:AttributeValue>
+ </saml2:Attribute>
+ <saml2:Attribute FriendlyName="MANDATOR-NATURAL-PERSON-BPK" Name="urn:oid:1.2.40.0.10.2.1.1.261.98" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">AT+XX:AFSDAFSDFDSFCSDAFASDF=</saml2:AttributeValue>
+ </saml2:Attribute>
+ <saml2:Attribute FriendlyName="MANDATOR-NATURAL-PERSON-GIVEN-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.78" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Gerti</saml2:AttributeValue>
+ </saml2:Attribute>
+ <saml2:Attribute FriendlyName="MANDATOR-NATURAL-PERSON-FAMILY-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.80" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Musterfrau</saml2:AttributeValue>
+ </saml2:Attribute>
+ <saml2:Attribute FriendlyName="MANDATOR-NATURAL-PERSON-BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.261.82" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+ <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">01-02-1941</saml2:AttributeValue>
+ </saml2:Attribute>
+
+ </saml2:AttributeStatement>
+ </saml2:Assertion>
+</saml2p:Response>