From ce516f7e94bc77946dbe12987505870f9fa2e411 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Mon, 26 Jul 2021 13:35:53 +0200
Subject: add configuration property to disable validation of requested MDS
 attrbutes on eIDAS Connector level

---
 .../msproxyservice/MsProxyServiceConstants.java    |  3 ++-
 .../protocol/EidasProxyServiceController.java      | 29 ++++++++++++++++------
 2 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java
index 72890bad..65fb556a 100644
--- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java
+++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java
@@ -39,13 +39,14 @@ public class MsProxyServiceConstants {
   public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL = 
       Constants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.mandates.profiles.legal.default";
   
-  // specifuc eIDAS-Connector configuration
+  // specific eIDAS-Connector configuration
   public static final String CONIG_PROPS_CONNECTOR_PREFIX = "connector";
   public static final String CONIG_PROPS_CONNECTOR_UNIQUEID = EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER;
   public static final String CONIG_PROPS_CONNECTOR_COUNTRYCODE = "countryCode";  
   public static final String CONIG_PROPS_CONNECTOR_MANDATES_ENABLED = "mandates.enabled";
   public static final String CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL = "mandates.natural"; 
   public static final String CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL = "mandates.legal";
+  public static final String CONIG_PROPS_CONNECTOR_VALIDATION_ATTR_MDS = "validation.attributes.mds";
   
   
   //http end-points
diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
index 080a910e..a9cc998e 100644
--- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
+++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
@@ -129,10 +129,6 @@ public class EidasProxyServiceController extends AbstractController implements I
       revisionsLogger.logEvent(pendingReq.getUniqueSessionIdentifier(),
           pendingReq.getUniqueTransactionIdentifier(), EventConstants.TRANSACTION_IP,
           httpReq.getRemoteAddr());
-
-      
-      //TODO: map issuer from eIDAS request to countryCode in special cases
-      
       
       // validate eIDAS Authn. request and set into pending-request
       validateEidasAuthnRequest(eidasRequest);
@@ -141,6 +137,9 @@ public class EidasProxyServiceController extends AbstractController implements I
       // generate Service-Provider configuration from eIDAS request
       final ISpConfiguration spConfig = generateSpConfigurationFromEidasRequest(eidasRequest);
 
+      // validate eIDAS Authn. request by using eIDAS Connector specifc parameters 
+      validateEidasAuthnRequest(spConfig, eidasRequest);
+                  
       // populate pendingRequest with parameters
       pendingReq.setOnlineApplicationConfiguration(spConfig);
       pendingReq.setSpEntityId(spConfig.getUniqueIdentifier());
@@ -236,7 +235,7 @@ public class EidasProxyServiceController extends AbstractController implements I
   }
 
   /**
-   * Validate incoming eIDAS request.
+   * Generic validation of incoming eIDAS request.
    *
    * @param eidasRequest Incoming eIDAS authentication request
    * @throws EidasProxyServiceException In case of a validation error
@@ -246,9 +245,23 @@ public class EidasProxyServiceController extends AbstractController implements I
       throw new EidasProxyServiceException(ERROR_05, null);
 
     }
-    
+        
+    // TODO: validate some other stuff
+
+  }
+
+  /**
+   * eIDAS Connector specific validation of incoming eIDAS request.
+   *
+   * @param eidasRequest Incoming eIDAS authentication request
+   * @param spConfig eIDAS Connector configuration
+   * @throws EidasProxyServiceException In case of a validation error
+   */
+  private void validateEidasAuthnRequest(ISpConfiguration spConfig, ILightRequest eidasRequest) 
+      throws EidasProxyServiceException {    
     // check if natural-person and legal-person attributes requested in parallel
-    if (isLegalPersonRequested(eidasRequest) && isNaturalPersonRequested(eidasRequest)) {
+    if (spConfig.isConfigurationValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_VALIDATION_ATTR_MDS, true) 
+        && isLegalPersonRequested(eidasRequest) && isNaturalPersonRequested(eidasRequest)) {
       throw new EidasProxyServiceException(ERROR_08, null);
       
     }
@@ -256,7 +269,7 @@ public class EidasProxyServiceController extends AbstractController implements I
     // TODO: validate some other stuff
 
   }
-
+  
   /**
    * Generate a dummy Service-Provider configuration for processing.
    *
-- 
cgit v1.2.3