aboutsummaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java53
-rw-r--r--modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java9
-rw-r--r--modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java38
-rw-r--r--modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java106
-rw-r--r--modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java2
-rw-r--r--modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml10
-rw-r--r--modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json10
-rw-r--r--modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties10
8 files changed, 234 insertions, 4 deletions
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
index f42a7172..52a69944 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
@@ -1,5 +1,17 @@
package at.asitplus.eidas.specific.modules.msproxyservice.handler;
+import javax.annotation.PostConstruct;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import lombok.extern.slf4j.Slf4j;
+
/**
* Attribute handling to integrate BORIS attributes without full IDA support for sector-specific attributes.
*
@@ -8,6 +20,47 @@ package at.asitplus.eidas.specific.modules.msproxyservice.handler;
* @author tlenz
*
*/
+@Slf4j
public class EJusticePersonRoleHandler implements IEidasAttributeHandler {
+ public static final String CONFIG_PROP_IDA_MANDATE_PROFILE = "advanced.atributes.ejusticerole.mandate.profiles";
+ public static final String CONFIG_PROP_IDA_MANDATE_MODE = "advanced.atributes.ejusticerole.mandate.mode";
+
+ @Autowired IConfiguration config;
+
+ private SpMandateModes mandateMode;
+ private String mandateProfiles;
+
+ @Override
+ public void performSpConfigPostprocessing(ServiceProviderConfiguration spConfig) {
+ spConfig.setMandateMode(mandateMode);
+ spConfig.setMandateProfiles(KeyValueUtils.getListOfCsvValues(mandateProfiles));
+ log.info("Enforcing mandate-mode: {} with profile: {}", mandateMode, mandateProfiles);
+
+ }
+
+
+
+ @PostConstruct
+ private void initialize() throws EaafConfigurationException {
+ mandateMode = SpMandateModes.fromString(loadConfigValue(CONFIG_PROP_IDA_MANDATE_MODE));
+ mandateProfiles = loadConfigValue(CONFIG_PROP_IDA_MANDATE_PROFILE);
+
+ log.info("Initialize: {} with mandate-profile: {} mandate-mode: {}",
+ EJusticePersonRoleHandler.class.getSimpleName(), mandateProfiles, mandateMode);
+
+ }
+
+ private String loadConfigValue(String configProp) throws EaafConfigurationException {
+ String value = config.getBasicConfiguration(configProp);
+ if (StringUtils.isEmpty(value)) {
+ throw new EaafConfigurationException("internal.configuration.00",
+ new Object[]{configProp});
+
+ }
+
+ return value;
+
+ }
+
}
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java
index 153cf262..02e091ef 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java
@@ -1,5 +1,7 @@
package at.asitplus.eidas.specific.modules.msproxyservice.handler;
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
+
/**
* Handlers for attribute-processing that requires more features than a simple mapping.
*
@@ -8,6 +10,13 @@ package at.asitplus.eidas.specific.modules.msproxyservice.handler;
*/
public interface IEidasAttributeHandler {
+ /**
+ * Perform attribute-releated post-processing of internal Service-Provider configuration.
+ *
+ * @param spConfig SP configuration that was build from incoming eIDAS Authn. request.
+ */
+ void performSpConfigPostprocessing(ServiceProviderConfiguration spConfig);
+
}
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
index 32be0e22..d0e3d1ba 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
@@ -8,6 +8,7 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
+import java.util.Set;
import java.util.UUID;
import java.util.stream.Collectors;
@@ -33,6 +34,7 @@ import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants;
import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException;
+import at.asitplus.eidas.specific.modules.msproxyservice.handler.IEidasAttributeHandler;
import at.asitplus.eidas.specific.modules.msproxyservice.service.ProxyEidasAttributeRegistry;
import at.asitplus.eidas.specific.modules.msproxyservice.utils.EidasProxyServiceUtils;
import at.gv.egiz.components.eventlog.api.EventConstants;
@@ -333,7 +335,10 @@ public class EidasProxyServiceController extends AbstractController implements I
// map eIDAS attributes to national attributes
buildNationalRequestedAttributes(spConfig, eidasRequest);
-
+
+ // execute custom attribute-handler
+ advancedAttributeHandler(spConfig, eidasRequest);
+
return spConfig;
} catch (final EidasProxyServiceException e) {
@@ -344,6 +349,37 @@ public class EidasProxyServiceController extends AbstractController implements I
}
}
+
+ private void advancedAttributeHandler(ServiceProviderConfiguration spConfig, ILightRequest eidasRequest) {
+ Set<String> requiredHandlers = eidasRequest.getRequestedAttributes().getAttributeMap().keySet().stream()
+ .map(el -> attrRegistry.mapEidasAttributeToAttributeHandler(el.getNameUri().toString()).orElse(null))
+ .filter(Objects::nonNull)
+ .distinct()
+ .collect(Collectors.toSet());
+
+ if (!requiredHandlers.isEmpty()) {
+ log.info("eIDAS requested attributes requires #{} specific attribute-hander. "
+ + "Starting advanced attribute-handling ... ", requiredHandlers.size());
+ requiredHandlers.forEach(el -> executeAttributeHandler(el, spConfig));
+
+ } else {
+ log.debug("No advanced eIDAS attribute-handling required.");
+
+ }
+ }
+
+ private void executeAttributeHandler(String handlerClass, ServiceProviderConfiguration spConfig) {
+ try {
+ IEidasAttributeHandler handler = applicationContext.getBean(handlerClass, IEidasAttributeHandler.class);
+
+ log.trace("Perfom SP config post-processing by using: {}", handler.getClass().getName());
+ handler.performSpConfigPostprocessing(spConfig);
+
+ } catch (Exception e) {
+ log.error("No custom attribute-handler implementation for: {}. Operation can NOT be performed", handlerClass, e);
+
+ }
+ }
private void buildNationalRequestedAttributes(
ServiceProviderConfiguration spConfig, ILightRequest eidasRequest) {
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
index 830360e0..4f62b2eb 100644
--- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
@@ -731,6 +731,112 @@ public class EidasProxyServiceControllerTest {
}
+
+ @Test
+ public void validAuthnRequestWithBorisAttributeLegal() throws IOException, EaafException {
+ //initialize state
+ httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));
+ String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+ String issuer = RandomStringUtils.randomAlphabetic(10);
+ LightRequest.Builder authnReqBuilder = LightRequest.builder()
+ .id(UUID.randomUUID().toString())
+ .issuer(issuer)
+ .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+ .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+ .spCountryCode(spCountryCode)
+ .spType("public")
+ .requestedAttributes(ImmutableAttributeMap.builder()
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+ EidasConstants.eIDAS_ATTR_LEGALNAME).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+ EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+ "eJusticeLegalPersonRole").first())
+ .build());
+
+ proxyService.setiLightRequest(authnReqBuilder.build());
+
+
+ // set default mandate configuration
+ List<String> mandateProfilesNat =
+ Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+ List<String> mandateProfilesJur =
+ Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+ config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true");
+ config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL,
+ StringUtils.join(mandateProfilesNat, ","));
+ config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL,
+ StringUtils.join(mandateProfilesJur, ","));
+
+
+ //execute
+ controller.receiveEidasAuthnRequest(httpReq, httpResp);
+
+ //validate state
+ ServiceProviderConfiguration spConfig =
+ authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class);
+ assertNotNull("mandateprofiles", spConfig.getMandateProfiles());
+ assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty());
+ assertEquals("mandateprofile size", 1, spConfig.getMandateProfiles().size());
+ assertEquals("mandateprofile", "MUST_BE_UPDATED", spConfig.getMandateProfiles().get(0));
+ assertEquals("MandateMode", SpMandateModes.LEGAL, spConfig.getMandateMode());
+
+ assertEquals("requested IDA attributes", 10, spConfig.getRequestedAttributes().size());
+
+ }
+
+ @Test
+ public void validAuthnRequestWithBorisAttributeNat() throws IOException, EaafException {
+ //initialize state
+ httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));
+ String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+ String issuer = RandomStringUtils.randomAlphabetic(10);
+ LightRequest.Builder authnReqBuilder = LightRequest.builder()
+ .id(UUID.randomUUID().toString())
+ .issuer(issuer)
+ .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+ .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+ .spCountryCode(spCountryCode)
+ .spType("public")
+ .requestedAttributes(ImmutableAttributeMap.builder()
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+ EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+ .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+ "eJusticeNaturalPersonRole").first())
+ .build());
+
+ proxyService.setiLightRequest(authnReqBuilder.build());
+
+
+ // set default mandate configuration
+ List<String> mandateProfilesNat =
+ Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+ List<String> mandateProfilesJur =
+ Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+ config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true");
+ config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL,
+ StringUtils.join(mandateProfilesNat, ","));
+ config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL,
+ StringUtils.join(mandateProfilesJur, ","));
+
+
+ //execute
+ controller.receiveEidasAuthnRequest(httpReq, httpResp);
+
+ //validate state
+ ServiceProviderConfiguration spConfig =
+ authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class);
+ assertNotNull("mandateprofiles", spConfig.getMandateProfiles());
+ assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty());
+ assertEquals("mandateprofile size", 1, spConfig.getMandateProfiles().size());
+ assertEquals("mandateprofile", "MUST_BE_UPDATED", spConfig.getMandateProfiles().get(0));
+ assertEquals("MandateMode", SpMandateModes.LEGAL, spConfig.getMandateMode());
+
+ assertEquals("requested IDA attributes", 6, spConfig.getRequestedAttributes().size());
+
+ }
+
+
private void addConnectorConfig(int i, String key, String value) {
config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_PREFIX + String.valueOf(i) + "." + key,
value);
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java
index d3d1d7b0..b6b8a8df 100644
--- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java
@@ -139,7 +139,7 @@ public class ProxyEidasAttributeRegistryTest {
assertFalse("find wrong attribute",
attrRegistry.mapEidasAttributeToAttributeHandler(
- "http://e-justice.europa.eu/attributes/legalperson/eJusticeLegalPersonRole").isPresent());
+ "http://e-justice.europa.eu/attributes/legalperson/eJusticePersonRoleNotExist").isPresent());
Optional<String> attr2 = attrRegistry.mapEidasAttributeToAttributeHandler(
"http://e-justice.europa.eu/attributes/naturalperson/eJusticeNaturalPersonRole");
diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml b/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml
index e40ebdc4..c7b40d90 100644
--- a/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml
+++ b/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml
@@ -54,5 +54,15 @@
<entry key="4.XmlType.NamespacePrefix">xs</entry>
<entry key="4.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+ <entry key="5.NameUri">http://e-justice.europa.eu/attributes/legalperson/eJusticePersonRoleNotExist</entry>
+ <entry key="5.FriendlyName">eJusticeLegalPersonRole</entry>
+ <entry key="5.PersonType">LegalPerson</entry>
+ <entry key="5.Required">false</entry>
+ <entry key="5.XmlType.NamespaceUri">http://www.w3.org/2001/XMLSchema</entry>
+ <entry key="5.XmlType.LocalPart">string</entry>
+ <entry key="5.XmlType.NamespacePrefix">xs</entry>
+ <entry key="5.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+
</properties>
diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json
index a3ff1ead..96034d12 100644
--- a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json
+++ b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json
@@ -138,13 +138,21 @@
},
{
"eidasAttribute": "http://e-justice.europa.eu/attributes/legalperson/eJusticeLegalPersonRole",
- "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.notExist",
+ "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticePersonRoleHandler",
"type": {
"mds": false,
"autoIncludeWithMandates": false
}
},
{
+ "eidasAttribute": "http://e-justice.europa.eu/attributes/legalperson/eJusticePersonRoleNotExist",
+ "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.notExist",
+ "type": {
+ "mds": false,
+ "autoIncludeWithMandates": false
+ }
+ },
+ {
"eidasAttribute": "*",
"idaAttribute": {
"basic": "urn:oid:1.2.40.0.10.2.1.1.261.32",
diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
index bd4575c3..46e0bb69 100644
--- a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
+++ b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
@@ -5,4 +5,12 @@ eidas.ms.context.url.request.validation=false
eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy
eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint=http://eidas.proxy/endpoint
-eidas.ms.auth.eIDAS.proxy.attribute.mapping.config=idaAttributeMapping.json \ No newline at end of file
+eidas.ms.auth.eIDAS.proxy.attribute.mapping.config=idaAttributeMapping.json
+
+
+#############################################################################
+## advanced eIDAS attribute processing
+
+# BORIS attribute for eJustice
+eidas.ms.advanced.atributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED
+eidas.ms.advanced.atributes.ejusticerole.mandate.mode=legal