From ce516f7e94bc77946dbe12987505870f9fa2e411 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Mon, 26 Jul 2021 13:35:53 +0200 Subject: add configuration property to disable validation of requested MDS attrbutes on eIDAS Connector level --- .../protocol/EidasProxyServiceController.java | 29 ++++++++++++++++------ 1 file changed, 21 insertions(+), 8 deletions(-) (limited to 'eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java') diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java index 080a910e..a9cc998e 100644 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java +++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java @@ -129,10 +129,6 @@ public class EidasProxyServiceController extends AbstractController implements I revisionsLogger.logEvent(pendingReq.getUniqueSessionIdentifier(), pendingReq.getUniqueTransactionIdentifier(), EventConstants.TRANSACTION_IP, httpReq.getRemoteAddr()); - - - //TODO: map issuer from eIDAS request to countryCode in special cases - // validate eIDAS Authn. request and set into pending-request validateEidasAuthnRequest(eidasRequest); @@ -141,6 +137,9 @@ public class EidasProxyServiceController extends AbstractController implements I // generate Service-Provider configuration from eIDAS request final ISpConfiguration spConfig = generateSpConfigurationFromEidasRequest(eidasRequest); + // validate eIDAS Authn. request by using eIDAS Connector specifc parameters + validateEidasAuthnRequest(spConfig, eidasRequest); + // populate pendingRequest with parameters pendingReq.setOnlineApplicationConfiguration(spConfig); pendingReq.setSpEntityId(spConfig.getUniqueIdentifier()); @@ -236,7 +235,7 @@ public class EidasProxyServiceController extends AbstractController implements I } /** - * Validate incoming eIDAS request. + * Generic validation of incoming eIDAS request. * * @param eidasRequest Incoming eIDAS authentication request * @throws EidasProxyServiceException In case of a validation error @@ -246,9 +245,23 @@ public class EidasProxyServiceController extends AbstractController implements I throw new EidasProxyServiceException(ERROR_05, null); } - + + // TODO: validate some other stuff + + } + + /** + * eIDAS Connector specific validation of incoming eIDAS request. + * + * @param eidasRequest Incoming eIDAS authentication request + * @param spConfig eIDAS Connector configuration + * @throws EidasProxyServiceException In case of a validation error + */ + private void validateEidasAuthnRequest(ISpConfiguration spConfig, ILightRequest eidasRequest) + throws EidasProxyServiceException { // check if natural-person and legal-person attributes requested in parallel - if (isLegalPersonRequested(eidasRequest) && isNaturalPersonRequested(eidasRequest)) { + if (spConfig.isConfigurationValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_VALIDATION_ATTR_MDS, true) + && isLegalPersonRequested(eidasRequest) && isNaturalPersonRequested(eidasRequest)) { throw new EidasProxyServiceException(ERROR_08, null); } @@ -256,7 +269,7 @@ public class EidasProxyServiceController extends AbstractController implements I // TODO: validate some other stuff } - + /** * Generate a dummy Service-Provider configuration for processing. * -- cgit v1.2.3