From 6b93c404726457a04cb52430d40abcf23fdd8f31 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Tue, 11 Oct 2022 16:40:54 +0200 Subject: feat(ejustic): add work-around to support BORIS eJustice attribute for natural person on IDA system eJustice attributes are implemented by using mandates on IDA side. However, European Commission only supports authentication without mandates. This work-around integrates both requirements into MS-Proxy-Service --- .../ms-proxyservice/misc/idaAttributeMapping.json | 2 +- .../EJusticWorkaroundPersonRoleHandler.java | 35 +++ .../handler/EJusticePersonRoleHandler.java | 8 +- .../handler/IEidasAttributeHandler.java | 9 + .../protocol/ProxyServiceAuthenticationAction.java | 51 +++- .../resources/spring/eidas_proxy-service.beans.xml | 3 + .../ProxyServiceAuthenticationActionTest.java | 312 +++++++-------------- .../resources/config/additional-attributes.xml | 2 +- .../test/resources/config/idaAttributeMapping.json | 2 +- 9 files changed, 203 insertions(+), 221 deletions(-) create mode 100644 modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticWorkaroundPersonRoleHandler.java diff --git a/basicConfig/ms-proxyservice/misc/idaAttributeMapping.json b/basicConfig/ms-proxyservice/misc/idaAttributeMapping.json index 3de4b8a9..bc1fe60c 100644 --- a/basicConfig/ms-proxyservice/misc/idaAttributeMapping.json +++ b/basicConfig/ms-proxyservice/misc/idaAttributeMapping.json @@ -128,7 +128,7 @@ }, { "eidasAttribute": "http://e-justice.europa.eu/attributes/naturalperson/eJusticeNaturalPersonRole", - "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticePersonRoleHandler", + "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticWorkaroundPersonRoleHandler", "type": { "mds": false, "autoIncludeWithMandates": false diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticWorkaroundPersonRoleHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticWorkaroundPersonRoleHandler.java new file mode 100644 index 00000000..6f855c14 --- /dev/null +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticWorkaroundPersonRoleHandler.java @@ -0,0 +1,35 @@ +package at.asitplus.eidas.specific.modules.msproxyservice.handler; + +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; +import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData; +import lombok.NonNull; +import lombok.extern.slf4j.Slf4j; + + +/** + * eJustic PersonRole attribute-handler for natural-person use-cases only. + * + *

In that special case, the legal-person mandate will be ignored and + * eIDAS response looks like a normal authentication without mandates.

+ * + * @author tlenz + * + */ +@Slf4j +public class EJusticWorkaroundPersonRoleHandler extends EJusticePersonRoleHandler { + + @Override + public void performAuthDataPostprocessing(@NonNull IEidAuthData authData) { + if (authData.isUseMandate()) { + log.info("eJusticeNaturalPersonRole was requested by SP. " + + "Perform work-around and partially ignoring mandate from IDA system ... "); + ((EidAuthenticationData)authData).setUseMandate(false); + + } else { + log.info("eJustice attribute was requested but no mandate from ID Austria. " + + "Something looks wrong, but use it as it is."); + + } + } + +} diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java index 6a5e4967..f8c14ceb 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java @@ -57,7 +57,13 @@ public class EJusticePersonRoleHandler implements IEidasAttributeHandler { spConfig.getRequestedAttributes().addAll(additionalReqAttributes); log.info("Add additional requested attributes: {}", additionalReqAttributes); - } + } + } + + @Override + public void performAuthDataPostprocessing(@NonNull IEidAuthData authData) { + log.trace("{} needs no post processing of authData, because we are in regular mode of operation.", + EJusticePersonRoleHandler.class.getName()); } diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java index 5a9c8d8c..36deba30 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java @@ -22,6 +22,15 @@ public interface IEidasAttributeHandler { void performSpConfigPostprocessing(@NonNull ServiceProviderConfiguration spConfig); + /** + * Perform attribute-specific post-processing of authentication information. + * + * @param authData authentication information from ID Austria system that should be post processed. + */ + @NonNull + void performAuthDataPostprocessing(@NonNull IEidAuthData authData); + + /** * Build eIDAS attribute-value from authentication data. * diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java index f1cb8f0b..7d01deda 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java @@ -1,8 +1,11 @@ package at.asitplus.eidas.specific.modules.msproxyservice.protocol; import java.io.IOException; +import java.util.Objects; import java.util.Optional; +import java.util.Set; import java.util.UUID; +import java.util.stream.Collectors; import javax.annotation.PostConstruct; import javax.servlet.ServletException; @@ -205,9 +208,14 @@ public class ProxyServiceAuthenticationAction implements IAction { } + + private ImmutableAttributeMap buildAttributesFromAuthData(IAuthData authData, ILightRequest eidasReq) { - final IEidAuthData eidAuthData = (IEidAuthData) authData; + + // eIDAS Out-Going and attribute-specific post-processing of authentication data + final IEidAuthData eidAuthData = performAuthdataPostprocessing(authData, eidasReq); + final ImmutableAttributeMap.Builder attributeMap = ImmutableAttributeMap.builder(); // inject all requested attributres @@ -369,5 +377,46 @@ public class ProxyServiceAuthenticationAction implements IAction { PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class)); } + + /** + * Post-processing of authentication data based on requested attributes. + * + * @param authData Authentication data from ID Austria system. + * @param eidasRequest AuthnRequest from foreign country + * @return AuthnRequest specific modification of authentication data + */ + private IEidAuthData performAuthdataPostprocessing(IAuthData authData, ILightRequest eidasRequest) { + IEidAuthData idaAuthData = (IEidAuthData) authData; + + // select advanced attribute handler + Set requiredHandlers = eidasRequest.getRequestedAttributes().getAttributeMap().keySet().stream() + .map(el -> attrRegistry.mapEidasAttributeToAttributeHandler(el.getNameUri().toString()).orElse(null)) + .filter(Objects::nonNull) + .distinct() + .collect(Collectors.toSet()); + + if (!requiredHandlers.isEmpty()) { + log.info("eIDAS requested attributes requires #{} specific attribute-hander. " + + "Starting advanced post-processing of authentication data ... ", requiredHandlers.size()); + requiredHandlers.forEach(el -> executeAttributeHandler(el, idaAuthData)); + + } + + return idaAuthData; + + } + + private void executeAttributeHandler(String handlerClass, IEidAuthData authData) { + try { + IEidasAttributeHandler handler = context.getBean(handlerClass, IEidasAttributeHandler.class); + + log.trace("Perfom authData post-processing by using: {}", handler.getClass().getName()); + handler.performAuthDataPostprocessing(authData); + + } catch (Exception e) { + log.error("No custom attribute-handler implementation for: {}. Operation can NOT be performed", handlerClass, e); + + } + } } diff --git a/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml b/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml index 38bd44da..361802eb 100644 --- a/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml +++ b/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml @@ -38,4 +38,7 @@ + + \ No newline at end of file diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java index d9bc017c..407da198 100644 --- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java +++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java @@ -10,7 +10,6 @@ import static org.junit.Assert.assertTrue; import java.net.URISyntaxException; import java.net.URLDecoder; -import java.time.Instant; import java.util.Arrays; import java.util.HashMap; import java.util.Map; @@ -43,12 +42,11 @@ import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServicePe import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; -import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues; import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; -import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface; import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData; import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; @@ -58,6 +56,7 @@ import eu.eidas.auth.commons.light.impl.LightRequest.Builder; import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; import eu.eidas.specificcommunication.exception.SpecificCommunicationException; import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; +import lombok.SneakyThrows; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(locations = { @@ -350,15 +349,15 @@ public class ProxyServiceAuthenticationActionTest { public void responseWithJurMandate() throws EaafException, SpecificCommunicationException { Map attr = new HashMap<>(); attr.put(PvpAttributeDefinitions.BPK_NAME, - "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); - + "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, RandomStringUtils.randomAlphabetic(10)); - + + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) @@ -402,8 +401,6 @@ public class ProxyServiceAuthenticationActionTest { Map attr = new HashMap<>(); attr.put(PvpAttributeDefinitions.BPK_NAME, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, RandomStringUtils.randomAlphabetic(10)); @@ -411,13 +408,15 @@ public class ProxyServiceAuthenticationActionTest { RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME, "MUST_BE_UPDATED"); + + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first()) - .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first()) .build()); pendingReq.setEidasRequest(eidasRequestBuilder.build()); @@ -429,7 +428,7 @@ public class ProxyServiceAuthenticationActionTest { Assert.assertNotNull("Result should be not null", result); ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); - assertEquals("wrong attr. size", 8, respAttr.size()); + assertEquals("wrong attr. size", 7, respAttr.size()); checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, (String) attr.get(PvpAttributeDefinitions.BPK_NAME)); checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName()); @@ -442,7 +441,6 @@ public class ProxyServiceAuthenticationActionTest { (String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME)); checkAttrValue(respAttr, "eJusticeLegalPersonRole", "VIP1"); - checkAttrValue(respAttr, "eJusticeNaturalPersonRole", "VIP1"); assertNull("find nat. person subject: personalId", getAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER)); @@ -460,8 +458,6 @@ public class ProxyServiceAuthenticationActionTest { Map attr = new HashMap<>(); attr.put(PvpAttributeDefinitions.BPK_NAME, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, RandomStringUtils.randomAlphabetic(10)); @@ -470,12 +466,14 @@ public class ProxyServiceAuthenticationActionTest { attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME, "SECOND"); + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first()) - .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first()) .build()); pendingReq.setEidasRequest(eidasRequestBuilder.build()); @@ -487,12 +485,52 @@ public class ProxyServiceAuthenticationActionTest { Assert.assertNotNull("Result should be not null", result); ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); - assertEquals("wrong attr. size", 8, respAttr.size()); + assertEquals("wrong attr. size", 7, respAttr.size()); checkAttrValue(respAttr, "eJusticeLegalPersonRole", "VIP2"); - checkAttrValue(respAttr, "eJusticeNaturalPersonRole", "VIP2"); - + + } + + @Test + public void borisModeNatPersonResponse() throws EaafException, SpecificCommunicationException { + Map attr = new HashMap<>(); + attr.put(PvpAttributeDefinitions.BPK_NAME, + "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); + String familyName = RandomStringUtils.randomAlphanumeric(10); + + attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME, + "SECOND"); + + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + familyName, RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + + LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); + eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first()) + .build()); + pendingReq.setEidasRequest(eidasRequestBuilder.build()); + + + //perform test + SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); + + //validate state + Assert.assertNotNull("Result should be not null", result); + ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); + assertEquals("wrong attr. size", 5, respAttr.size()); + + checkAttrValue(respAttr, "eJusticeNaturalPersonRole", "VIP2"); + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, familyName); + } @Test @@ -500,20 +538,21 @@ public class ProxyServiceAuthenticationActionTest { Map attr = new HashMap<>(); attr.put(PvpAttributeDefinitions.BPK_NAME, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, RandomStringUtils.randomAlphabetic(10)); + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + + LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first()) - .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first()) .build()); pendingReq.setEidasRequest(eidasRequestBuilder.build()); @@ -534,8 +573,6 @@ public class ProxyServiceAuthenticationActionTest { Map attr = new HashMap<>(); attr.put(PvpAttributeDefinitions.BPK_NAME, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, RandomStringUtils.randomAlphabetic(10)); @@ -543,12 +580,14 @@ public class ProxyServiceAuthenticationActionTest { RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME, ""); + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first()) - .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first()) .build()); pendingReq.setEidasRequest(eidasRequestBuilder.build()); @@ -568,9 +607,7 @@ public class ProxyServiceAuthenticationActionTest { public void borisModeUnknownMandateType() throws EaafException, SpecificCommunicationException { Map attr = new HashMap<>(); attr.put(PvpAttributeDefinitions.BPK_NAME, - "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, RandomStringUtils.randomAlphabetic(10)); @@ -578,12 +615,14 @@ public class ProxyServiceAuthenticationActionTest { RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME, RandomStringUtils.randomAlphanumeric(10)); + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first()) - .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first()) .build()); pendingReq.setEidasRequest(eidasRequestBuilder.build()); @@ -616,8 +655,7 @@ public class ProxyServiceAuthenticationActionTest { RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, "1985-11-15"); - - + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); @@ -649,14 +687,15 @@ public class ProxyServiceAuthenticationActionTest { Map attr = new HashMap<>(); attr.put(PvpAttributeDefinitions.BPK_NAME, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); - + attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, RandomStringUtils.randomAlphabetic(10)); + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + //perform test SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); @@ -689,13 +728,14 @@ public class ProxyServiceAuthenticationActionTest { Map attr = new HashMap<>(); attr.put(PvpAttributeDefinitions.BPK_NAME, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, - RandomStringUtils.randomAlphabetic(10)); + RandomStringUtils.randomAlphabetic(10)); + + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); //perform test SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); @@ -726,6 +766,7 @@ public class ProxyServiceAuthenticationActionTest { } + @SneakyThrows private IAuthData generateDummyAuthData() { return generateDummyAuthData(new HashMap<>(), EaafConstants.EIDAS_LOA_LOW, RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1940-01-01", false); @@ -792,191 +833,30 @@ public class ProxyServiceAuthenticationActionTest { ); } + @SneakyThrows private IAuthData generateDummyAuthData(Map attrs, String loa, String familyName, String givenName, String dateOfBirth, boolean useMandates) { attrs.put(PvpAttributeDefinitions.BIRTHDATE_NAME, dateOfBirth); attrs.put(PvpAttributeDefinitions.GIVEN_NAME_NAME, givenName); attrs.put(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, familyName); - - return new IEidAuthData() { - - @Override - public boolean isSsoSession() { - // TODO Auto-generated method stub - return false; - } - - @Override - public boolean isForeigner() { - // TODO Auto-generated method stub - return false; - } - - @Override - public boolean isBaseIdTransferRestrication() { - // TODO Auto-generated method stub - return false; - } - - @Override - public Instant getSsoSessionValidTo() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getSessionIndex() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getNameIdFormat() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getNameID() { - // TODO Auto-generated method stub - return null; - } - - @Override - public IIdentityLink getIdentityLink() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getIdentificationValue() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getIdentificationType() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getGivenName() { - return givenName; - } - - @Override - public T getGenericData(String key, Class clazz) { - if (attrs.containsKey(key)) { - return (T) attrs.get(key); - - } else { - return null; - } - - } - - @Override - public String getDateOfBirth() { - return dateOfBirth; - } - - @Override - public String getFamilyName() { - return familyName; - } - - @Override - public String getEncryptedSourceIdType() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getEncryptedSourceId() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getEidasQaaLevel() { - return loa; - - } - - - @Override - public String getCiticenCountryCode() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getBpkType() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getBpk() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getAuthenticationIssuer() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getAuthenticationIssueInstantString() { - // TODO Auto-generated method stub - return null; - } - - @Override - public Instant getAuthenticationIssueInstant() { - // TODO Auto-generated method stub - return null; - } - - @Override - public byte[] getSignerCertificate() { - // TODO Auto-generated method stub - return null; - } - - @Override - public byte[] getEidToken() { - // TODO Auto-generated method stub - return null; - } - - @Override - public EidIdentityStatusLevelValues getEidStatus() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getVdaEndPointUrl() { - // TODO Auto-generated method stub - return null; - } - - @Override - public boolean isUseMandate() { - return useMandates; + + EidAuthenticationData dummyIdaData = new EidAuthenticationData(); + dummyIdaData.setUseMandate(useMandates); + dummyIdaData.setEidasLoa(loa); + dummyIdaData.setGivenName(givenName); + dummyIdaData.setFamilyName(familyName); + dummyIdaData.setDateOfBirth(dateOfBirth); + attrs.entrySet().forEach(el -> { + try { + dummyIdaData.setGenericData(el.getKey(), el.getValue()); + + } catch (EaafStorageException e) { + e.printStackTrace(); } - - @Override - public String getDateOfBirthFormated(String pattern) { - // TODO Auto-generated method stub - return null; - } - }; + }); + + return dummyIdaData; } } diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml b/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml index c7b40d90..a662c1ab 100644 --- a/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml +++ b/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml @@ -55,7 +55,7 @@ eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller http://e-justice.europa.eu/attributes/legalperson/eJusticePersonRoleNotExist - eJusticeLegalPersonRole + eJusticeLegalPersonRoleNotExist LegalPerson false http://www.w3.org/2001/XMLSchema diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json index 96034d12..a7014e76 100644 --- a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json +++ b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json @@ -130,7 +130,7 @@ }, { "eidasAttribute": "http://e-justice.europa.eu/attributes/naturalperson/eJusticeNaturalPersonRole", - "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticePersonRoleHandler", + "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticWorkaroundPersonRoleHandler", "type": { "mds": false, "autoIncludeWithMandates": false -- cgit v1.2.3