aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
diff options
context:
space:
mode:
Diffstat (limited to 'eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java')
-rw-r--r--eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java73
1 files changed, 60 insertions, 13 deletions
diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
index 805bbc42..33d9fdc0 100644
--- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
+++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
@@ -20,6 +20,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants;
import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException;
+import at.asitplus.eidas.specific.modules.msproxyservice.utils.EidasProxyServiceUtils;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder;
@@ -94,7 +95,7 @@ public class ProxyServiceAuthenticationAction implements IAction {
lightRespBuilder.issuer(basicConfig.getBasicConfiguration(
MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_NODE_ENTITYID));
lightRespBuilder.levelOfAssurance(authData.getEidasQaaLevel());
- lightRespBuilder.attributes(buildAttributesFromAuthData(authData));
+ lightRespBuilder.attributes(buildAttributesFromAuthData(authData, eidasReq));
// set SLO response object of EAAF framework
final SloInformationImpl sloInformation = new SloInformationImpl();
@@ -202,13 +203,18 @@ public class ProxyServiceAuthenticationAction implements IAction {
}
- private ImmutableAttributeMap buildAttributesFromAuthData(IAuthData authData) {
+ private ImmutableAttributeMap buildAttributesFromAuthData(IAuthData authData,
+ ILightRequest eidasReq) {
IEidAuthData eidAuthData = (IEidAuthData) authData;
if (eidAuthData.isUseMandate()) {
log.debug("Building eIDAS Proxy-Service response with mandate ... ");
final ImmutableAttributeMap.Builder attributeMap = ImmutableAttributeMap.builder();
injectRepesentativeInformation(attributeMap, eidAuthData);
- injectMandatorInformation(attributeMap, eidAuthData);
+ injectMandatorInformation(attributeMap, eidAuthData);
+
+ // work-around that injects nat. person subject to bypass validation on eIDAS Node
+ injectJurPersonWorkaroundIfRequired(attributeMap, eidasReq, authData);
+
return attributeMap.build();
} else {
@@ -217,7 +223,7 @@ public class ProxyServiceAuthenticationAction implements IAction {
}
}
-
+
private void injectMandatorInformation(
ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData) {
String natMandatorId = eidAuthData.getGenericData(
@@ -278,7 +284,39 @@ public class ProxyServiceAuthenticationAction implements IAction {
}
- private ImmutableAttributeMap buildAttributesWithoutMandate(IEidAuthData eidAuthData) {
+ /**
+ * Work-around to inject representative information as nat. person subject to bypass eIDAS Node validation.
+ *
+ * <p><b>Injection will only be done if this work-around is enabled by configuration,
+ * the mandator is a legal person, and both legal and natural person subject's is requested.</b></p>
+ *
+ * @param attributeMap Attribute set for eIDAS response
+ * @param eidasReq Incoming eIDAS request
+ * @param authData Authentication data
+ */
+ private void injectJurPersonWorkaroundIfRequired(
+ ImmutableAttributeMap.Builder attributeMap, ILightRequest eidasReq, IAuthData authData) {
+ if (isLegalPersonWorkaroundActive() && isLegalPersonMandateAvailable(authData)
+ && EidasProxyServiceUtils.isNaturalPersonRequested(eidasReq)
+ && EidasProxyServiceUtils.isLegalPersonRequested(eidasReq)) {
+ log.debug("Injecting representative information as nat. person subject to bypass eIDAS Node validation");
+ attributeMap.putAll(buildAttributesWithoutMandate(authData));
+
+ }
+ }
+
+ private ImmutableAttributeMap buildAttributesWithoutMandate(IAuthData eidAuthData) {
+ //TODO: throw an error in case of SZR Date with month or day = "00"
+ return buildAttributesWithoutMandate(
+ eidAuthData.getGenericData(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class),
+ eidAuthData.getFamilyName(),
+ eidAuthData.getGivenName(),
+ eidAuthData.getDateOfBirth());
+
+ }
+
+ private ImmutableAttributeMap buildAttributesWithoutMandate(String personalIdentifier, String familyName,
+ String givenName, String dateOfBirth) {
final AttributeDefinition<?> attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
final AttributeDefinition<?> attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
@@ -290,18 +328,15 @@ public class ProxyServiceAuthenticationAction implements IAction {
final ImmutableAttributeMap.Builder attributeMap =
ImmutableAttributeMap.builder()
- .put(attrDefPersonalId,
- eidAuthData.getGenericData(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class))
- .put(attrDefFamilyName, eidAuthData.getFamilyName())
- .put(attrDefGivenName, eidAuthData.getGivenName())
-
- //TODO: throw an error in case of SZR Date with month or day = "00"
- .put(attrDefDateOfBirth, eidAuthData.getDateOfBirth());
+ .put(attrDefPersonalId, personalIdentifier)
+ .put(attrDefFamilyName, familyName)
+ .put(attrDefGivenName, givenName)
+ .put(attrDefDateOfBirth, dateOfBirth);
return attributeMap.build();
}
-
+
private BinaryLightToken putResponseInCommunicationCache(ILightResponse lightResponse)
throws ServletException {
final BinaryLightToken binaryLightToken;
@@ -322,5 +357,17 @@ public class ProxyServiceAuthenticationAction implements IAction {
return binaryLightToken;
}
+ private boolean isLegalPersonWorkaroundActive() {
+ return basicConfig.getBasicConfigurationBoolean(
+ MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_WORKAROUND_MANDATES_LEGAL_PERSON,
+ false);
+
+ }
+
+ private boolean isLegalPersonMandateAvailable(IAuthData authData) {
+ return StringUtils.isNoneEmpty(authData.getGenericData(
+ MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, String.class));
+
+ }
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-14 11:37:47 +0000