aboutsummaryrefslogtreecommitdiff
path: root/modules/eidas_proxy-sevice/src/main/java/at/asitplus
diff options
context:
space:
mode:
Diffstat (limited to 'modules/eidas_proxy-sevice/src/main/java/at/asitplus')
-rw-r--r--modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticWorkaroundPersonRoleHandler.java35
-rw-r--r--modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java8
-rw-r--r--modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java9
-rw-r--r--modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java51
4 files changed, 101 insertions, 2 deletions
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticWorkaroundPersonRoleHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticWorkaroundPersonRoleHandler.java
new file mode 100644
index 00000000..6f855c14
--- /dev/null
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticWorkaroundPersonRoleHandler.java
@@ -0,0 +1,35 @@
+package at.asitplus.eidas.specific.modules.msproxyservice.handler;
+
+import at.gv.egiz.eaaf.core.api.idp.IEidAuthData;
+import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
+import lombok.NonNull;
+import lombok.extern.slf4j.Slf4j;
+
+
+/**
+ * eJustic PersonRole attribute-handler for natural-person use-cases only.
+ *
+ * <p>In that special case, the legal-person mandate will be ignored and
+ * eIDAS response looks like a normal authentication without mandates.</p>
+ *
+ * @author tlenz
+ *
+ */
+@Slf4j
+public class EJusticWorkaroundPersonRoleHandler extends EJusticePersonRoleHandler {
+
+ @Override
+ public void performAuthDataPostprocessing(@NonNull IEidAuthData authData) {
+ if (authData.isUseMandate()) {
+ log.info("eJusticeNaturalPersonRole was requested by SP. "
+ + "Perform work-around and partially ignoring mandate from IDA system ... ");
+ ((EidAuthenticationData)authData).setUseMandate(false);
+
+ } else {
+ log.info("eJustice attribute was requested but no mandate from ID Austria. "
+ + "Something looks wrong, but use it as it is.");
+
+ }
+ }
+
+}
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
index 6a5e4967..f8c14ceb 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
@@ -57,7 +57,13 @@ public class EJusticePersonRoleHandler implements IEidasAttributeHandler {
spConfig.getRequestedAttributes().addAll(additionalReqAttributes);
log.info("Add additional requested attributes: {}", additionalReqAttributes);
- }
+ }
+ }
+
+ @Override
+ public void performAuthDataPostprocessing(@NonNull IEidAuthData authData) {
+ log.trace("{} needs no post processing of authData, because we are in regular mode of operation.",
+ EJusticePersonRoleHandler.class.getName());
}
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java
index 5a9c8d8c..36deba30 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java
@@ -23,6 +23,15 @@ public interface IEidasAttributeHandler {
/**
+ * Perform attribute-specific post-processing of authentication information.
+ *
+ * @param authData authentication information from ID Austria system that should be post processed.
+ */
+ @NonNull
+ void performAuthDataPostprocessing(@NonNull IEidAuthData authData);
+
+
+ /**
* Build eIDAS attribute-value from authentication data.
*
* @param eidAuthData Authentication data for current process
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
index f1cb8f0b..7d01deda 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
@@ -1,8 +1,11 @@
package at.asitplus.eidas.specific.modules.msproxyservice.protocol;
import java.io.IOException;
+import java.util.Objects;
import java.util.Optional;
+import java.util.Set;
import java.util.UUID;
+import java.util.stream.Collectors;
import javax.annotation.PostConstruct;
import javax.servlet.ServletException;
@@ -205,9 +208,14 @@ public class ProxyServiceAuthenticationAction implements IAction {
}
+
+
private ImmutableAttributeMap buildAttributesFromAuthData(IAuthData authData,
ILightRequest eidasReq) {
- final IEidAuthData eidAuthData = (IEidAuthData) authData;
+
+ // eIDAS Out-Going and attribute-specific post-processing of authentication data
+ final IEidAuthData eidAuthData = performAuthdataPostprocessing(authData, eidasReq);
+
final ImmutableAttributeMap.Builder attributeMap = ImmutableAttributeMap.builder();
// inject all requested attributres
@@ -369,5 +377,46 @@ public class ProxyServiceAuthenticationAction implements IAction {
PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class));
}
+
+ /**
+ * Post-processing of authentication data based on requested attributes.
+ *
+ * @param authData Authentication data from ID Austria system.
+ * @param eidasRequest AuthnRequest from foreign country
+ * @return AuthnRequest specific modification of authentication data
+ */
+ private IEidAuthData performAuthdataPostprocessing(IAuthData authData, ILightRequest eidasRequest) {
+ IEidAuthData idaAuthData = (IEidAuthData) authData;
+
+ // select advanced attribute handler
+ Set<String> requiredHandlers = eidasRequest.getRequestedAttributes().getAttributeMap().keySet().stream()
+ .map(el -> attrRegistry.mapEidasAttributeToAttributeHandler(el.getNameUri().toString()).orElse(null))
+ .filter(Objects::nonNull)
+ .distinct()
+ .collect(Collectors.toSet());
+
+ if (!requiredHandlers.isEmpty()) {
+ log.info("eIDAS requested attributes requires #{} specific attribute-hander. "
+ + "Starting advanced post-processing of authentication data ... ", requiredHandlers.size());
+ requiredHandlers.forEach(el -> executeAttributeHandler(el, idaAuthData));
+
+ }
+
+ return idaAuthData;
+
+ }
+
+ private void executeAttributeHandler(String handlerClass, IEidAuthData authData) {
+ try {
+ IEidasAttributeHandler handler = context.getBean(handlerClass, IEidasAttributeHandler.class);
+
+ log.trace("Perfom authData post-processing by using: {}", handler.getClass().getName());
+ handler.performAuthDataPostprocessing(authData);
+
+ } catch (Exception e) {
+ log.error("No custom attribute-handler implementation for: {}. Operation can NOT be performed", handlerClass, e);
+
+ }
+ }
}