From 2daed784e006d449de5b6151f6e109ab2a829749 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Tue, 30 Mar 2021 15:08:07 +0200 Subject: add mandate functionality into eIDAS out-going process --- .../msproxyservice/MsProxyServiceConstants.java | 16 +- .../protocol/EidasProxyServiceController.java | 32 +++- .../protocol/ProxyServiceAuthenticationAction.java | 89 +++++++++- .../protocol/EidasProxyServiceControllerTest.java | 95 ++++++++++ .../ProxyServiceAuthenticationActionTest.java | 196 ++++++++++++++++++++- 5 files changed, 414 insertions(+), 14 deletions(-) (limited to 'eidas_modules/eidas_proxy-sevice') diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java index e5d4d33e..336e6c05 100644 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java +++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java @@ -18,12 +18,26 @@ public class MsProxyServiceConstants { public static final String ATTR_EIDAS_PERSONAL_IDENTIFIER = AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER + PvpAttributeDefinitions.BPK_NAME; + public static final String ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER = + AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER + PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME; + public static final String ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER = + AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER + + PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME; + //configuration constants public static final String CONIG_PROPS_EIDAS_PROXY_NODE_ENTITYID = Constants.CONIG_PROPS_EIDAS_NODE + ".proxy.entityId"; public static final String CONIG_PROPS_EIDAS_PROXY_NODE_FORWARD_URL = Constants.CONIG_PROPS_EIDAS_NODE + ".proxy.forward.endpoint"; - + + // mandate configuration + public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED = Constants.CONIG_PROPS_EIDAS_PREFIX + + ".proxy.mandates.enabled"; + public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT = Constants.CONIG_PROPS_EIDAS_PREFIX + + ".proxy.mandates.profiles.default"; + public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_SPECIFIC = Constants.CONIG_PROPS_EIDAS_PREFIX + + ".proxy.mandates.profiles.specific."; + //http end-points public static final String EIDAS_HTTP_ENDPOINT_IDP_POST = "/eidas/light/idp/post"; diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java index aafe57e7..8e417c36 100644 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java +++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java @@ -2,7 +2,9 @@ package at.asitplus.eidas.specific.modules.msproxyservice.protocol; import java.io.IOException; import java.text.MessageFormat; +import java.util.Collections; import java.util.HashMap; +import java.util.List; import java.util.Map; import java.util.stream.Collectors; @@ -30,6 +32,7 @@ import at.gv.egiz.eaaf.core.api.idp.IModulInfo; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import eu.eidas.auth.commons.EidasParameterKeys; import eu.eidas.auth.commons.light.ILightRequest; import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; @@ -221,7 +224,10 @@ public class EidasProxyServiceController extends AbstractController implements I EaafConstants.URN_PREFIX_EIDAS + ccCountry + "+" + spCountry); spConfig.setRequiredLoA( eidasRequest.getLevelsOfAssurance().stream().map(el -> el.getValue()).collect(Collectors.toList())); - + + spConfig.setMandateProfiles(buildMandateProfileConfiguration(eidasRequest)); + + return spConfig; } catch (EaafException e) { @@ -230,4 +236,28 @@ public class EidasProxyServiceController extends AbstractController implements I } } + private List buildMandateProfileConfiguration(ILightRequest eidasRequest) { + if (authConfig.getBasicConfigurationBoolean( + MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, false)) { + log.trace("eIDAS Proxy-Service allows mandates. Selecting profiles ... "); + List spMandateProfiles = authConfig.getBasicConfigurationWithPrefix( + MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_SPECIFIC) + .entrySet().stream() + .filter(el -> el.getKey().endsWith(eidasRequest.getSpCountryCode().toLowerCase())) + .findFirst() + .map(el -> KeyValueUtils.getListOfCsvValues(el.getValue())) + .orElse(KeyValueUtils.getListOfCsvValues( + authConfig.getBasicConfiguration( + MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT))); + + log.debug("Set mandate-profiles: {} to request from country: {}", + spMandateProfiles, eidasRequest.getSpCountryCode()); + return spMandateProfiles; + + } + + return Collections.emptyList(); + + } + } diff --git a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java index c51db460..9de2eb79 100644 --- a/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java +++ b/eidas_modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java @@ -21,10 +21,12 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRe import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; import at.gv.egiz.eaaf.core.api.idp.IAction; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.exceptions.EaafException; @@ -143,6 +145,80 @@ public class ProxyServiceAuthenticationAction implements IAction { private ImmutableAttributeMap buildAttributesFromAuthData(IAuthData authData) { + IEidAuthData eidAuthData = (IEidAuthData) authData; + if (eidAuthData.isUseMandate()) { + log.debug("Building eIDAS Proxy-Service response with mandate ... "); + final ImmutableAttributeMap.Builder attributeMap = ImmutableAttributeMap.builder(); + injectRepesentativeInformation(attributeMap, eidAuthData); + injectMandatorInformation(attributeMap, eidAuthData); + return attributeMap.build(); + + } else { + log.debug("Building eIDAS Proxy-Service response without mandates ... "); + return buildAttributesWithoutMandate(eidAuthData); + + } + } + + private void injectMandatorInformation( + ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData) { + String natMandatorId = eidAuthData.getGenericData( + MsProxyServiceConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, String.class); + + if (StringUtils.isNotEmpty(natMandatorId)) { + log.debug("Injecting natural mandator informations ... "); + final AttributeDefinition attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); + final AttributeDefinition attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_CURRENTFAMILYNAME).first(); + final AttributeDefinition attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_CURRENTGIVENNAME).first(); + final AttributeDefinition attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_DATEOFBIRTH).first(); + + attributeMap.put(attrDefPersonalId, natMandatorId); + attributeMap.put(attrDefFamilyName, eidAuthData.getGenericData( + PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class)); + attributeMap.put(attrDefGivenName, eidAuthData.getGenericData( + PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class)); + attributeMap.put(attrDefDateOfBirth, eidAuthData.getGenericData( + PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, String.class)); + + } else { + log.debug("Injecting legal mandator informations ... "); + final AttributeDefinition commonName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_LEGALNAME).first(); + final AttributeDefinition legalPersonId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first(); + + attributeMap.put(commonName, eidAuthData.getGenericData( + PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, String.class)); + attributeMap.put(legalPersonId, eidAuthData.getGenericData( + MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, String.class)); + + } + } + + private void injectRepesentativeInformation( + ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData) { + final AttributeDefinition attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER).first(); + final AttributeDefinition attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME).first(); + final AttributeDefinition attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME).first(); + final AttributeDefinition attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH).first(); + + attributeMap.put(attrDefPersonalId, + eidAuthData.getGenericData(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class)); + attributeMap.put(attrDefFamilyName, eidAuthData.getFamilyName()); + attributeMap.put(attrDefGivenName, eidAuthData.getGivenName()); + attributeMap.put(attrDefDateOfBirth, eidAuthData.getFormatedDateOfBirth()); + + } + + private ImmutableAttributeMap buildAttributesWithoutMandate(IEidAuthData eidAuthData) { final AttributeDefinition attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); final AttributeDefinition attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( @@ -153,16 +229,17 @@ public class ProxyServiceAuthenticationAction implements IAction { Constants.eIDAS_ATTR_DATEOFBIRTH).first(); final ImmutableAttributeMap.Builder attributeMap = - ImmutableAttributeMap.builder().put(attrDefPersonalId, - authData.getGenericData(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class)) - .put(attrDefFamilyName, authData.getFamilyName()) - .put(attrDefGivenName, authData.getGivenName()) - .put(attrDefDateOfBirth, authData.getFormatedDateOfBirth()); + ImmutableAttributeMap.builder() + .put(attrDefPersonalId, + eidAuthData.getGenericData(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class)) + .put(attrDefFamilyName, eidAuthData.getFamilyName()) + .put(attrDefGivenName, eidAuthData.getGivenName()) + .put(attrDefDateOfBirth, eidAuthData.getFormatedDateOfBirth()); return attributeMap.build(); } - + private BinaryLightToken putResponseInCommunicationCache(ILightResponse lightResponse) throws ServletException { final BinaryLightToken binaryLightToken; diff --git a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java index 9ce7115a..1a19b723 100644 --- a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java +++ b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java @@ -1,13 +1,20 @@ package at.asitplus.eidas.specific.modules.auth.idaustria.test.protocol; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertThrows; +import static org.junit.Assert.assertTrue; import java.io.IOException; import java.net.URISyntaxException; import java.text.MessageFormat; +import java.util.Arrays; +import java.util.List; import java.util.UUID; import org.apache.commons.lang3.RandomStringUtils; +import org.apache.commons.lang3.StringUtils; import org.junit.Assert; import org.junit.Before; import org.junit.Test; @@ -23,6 +30,7 @@ import org.springframework.web.context.request.ServletRequestAttributes; import org.springframework.web.servlet.config.annotation.EnableWebMvc; import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration; +import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService; import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; @@ -51,6 +59,8 @@ public class EidasProxyServiceControllerTest { @Autowired private DummySpecificCommunicationService proxyService; @Autowired private DummyProtocolAuthService authService; + @Autowired MsConnectorDummyConfigMap config; + private MockHttpServletRequest httpReq; private MockHttpServletResponse httpResp; @@ -167,6 +177,91 @@ public class EidasProxyServiceControllerTest { EaafConstants.URN_PREFIX_EIDAS + "AT+" + spCountryCode, spConfig.getAreaSpecificTargetIdentifier()); + assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); + assertTrue("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); + } + @Test + public void validAuthnRequestWithMandatesDefaultProfiles() throws IOException, EaafException { + //initialize state + httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); + String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + LightRequest.Builder authnReqBuilder = LightRequest.builder() + .id(UUID.randomUUID().toString()) + .issuer(RandomStringUtils.randomAlphabetic(10)) + .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) + .spCountryCode(spCountryCode) + .spType("public"); + + proxyService.setiLightRequest(authnReqBuilder.build()); + + List mandateProfiles = + Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT, + StringUtils.join(mandateProfiles, ",")); + + //execute + controller.receiveEidasAuthnRequest(httpReq, httpResp); + + //validate state + ServiceProviderConfiguration spConfig = + authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); + assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); + assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); + assertEquals("mandateprofile size", mandateProfiles.size(), spConfig.getMandateProfiles().size()); + spConfig.getMandateProfiles().stream() + .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfiles.contains(el))); + + } + + @Test + public void validAuthnRequestWithMandatesCountryProfiles() throws IOException, EaafException { + //initialize state + httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); + String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + LightRequest.Builder authnReqBuilder = LightRequest.builder() + .id(UUID.randomUUID().toString()) + .issuer(RandomStringUtils.randomAlphabetic(10)) + .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) + .spCountryCode(spCountryCode) + .spType("public"); + + proxyService.setiLightRequest(authnReqBuilder.build()); + + List mandateProfiles = + Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); + List mandateProfilesCc1 = + Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); + List mandateProfilesCc2 = + Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT, + StringUtils.join(mandateProfiles, ",")); + + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_SPECIFIC + + RandomStringUtils.randomAlphabetic(2).toLowerCase(), + StringUtils.join(mandateProfilesCc1, ",")); + config.putConfigValue( + MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_SPECIFIC + spCountryCode.toLowerCase(), + StringUtils.join(mandateProfilesCc2, ",")); + + + //execute + controller.receiveEidasAuthnRequest(httpReq, httpResp); + + //validate state + ServiceProviderConfiguration spConfig = + authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); + assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); + assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); + assertEquals("mandateprofile size", mandateProfiles.size(), spConfig.getMandateProfiles().size()); + spConfig.getMandateProfiles().stream() + .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfilesCc2.contains(el))); + + } + } diff --git a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java index 96429d71..3236bbf0 100644 --- a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java +++ b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java @@ -1,9 +1,14 @@ package at.asitplus.eidas.specific.modules.auth.idaustria.test.protocol; import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertThrows; +import static org.junit.Assert.assertTrue; import java.net.URISyntaxException; +import java.net.URLDecoder; import java.util.Arrays; import java.util.Collections; import java.util.Date; @@ -12,10 +17,12 @@ import java.util.Map; import java.util.UUID; import org.apache.commons.lang3.RandomStringUtils; +import org.joda.time.DateTime; import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; +import org.opensaml.saml.saml2.core.NameIDType; import org.powermock.core.classloader.annotations.PrepareForTest; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; @@ -26,20 +33,33 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; +import com.google.common.collect.ImmutableSortedSet; + import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummySpConfiguration; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServiceAuthenticationAction; import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServicePendingRequest; import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues; import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.light.ILightResponse; import eu.eidas.auth.commons.light.impl.LightRequest; +import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; +import eu.eidas.specificcommunication.exception.SpecificCommunicationException; +import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; @RunWith(SpringJUnit4ClassRunner.class) @PrepareForTest(CreateIdentityLinkTask.class) @@ -52,11 +72,13 @@ public class ProxyServiceAuthenticationActionTest { @Autowired private MsConnectorDummyConfigMap basicConfig; @Autowired private ProxyServiceAuthenticationAction action; @Autowired private ApplicationContext context; + @Autowired EidasAttributeRegistry attrRegistry; private MockHttpServletRequest httpReq; private MockHttpServletResponse httpResp; private ProxyServicePendingRequest pendingReq; private MsConnectorDummySpConfiguration oaParam; + private SpecificCommunicationService springManagedSpecificConnectorCommunicationService; /** @@ -95,6 +117,12 @@ public class ProxyServiceAuthenticationActionTest { .providerName(RandomStringUtils.randomAlphanumeric(10)); pendingReq.setEidasRequest(eidasRequestBuilder.build()); + + springManagedSpecificConnectorCommunicationService = + (SpecificCommunicationService) context.getBean( + SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE + .toString()); + } @Test @@ -114,7 +142,7 @@ public class ProxyServiceAuthenticationActionTest { attr.put(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18"); + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false); basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint"); EaafException exception = assertThrows(EaafException.class, @@ -124,12 +152,86 @@ public class ProxyServiceAuthenticationActionTest { } @Test - public void dummyResponseActionTest() throws EaafException { + public void responseWithoutMandate() throws EaafException, SpecificCommunicationException { + Map attr = new HashMap<>(); + attr.put(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, + "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false); + + //perform test + SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); + + //validate state + Assert.assertNotNull("Result should be not null", result); + + ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); + assertEquals("wrong attr. size", 4, respAttr.size()); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + (String) attr.get(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER)); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName()); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName()); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH, + authData.getFormatedDateOfBirth()); + + } + + @Test + public void responseWithNatMandate() throws EaafException, SpecificCommunicationException { + Map attr = new HashMap<>(); + attr.put(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, + "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); + + attr.put(MsProxyServiceConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, + "1985-11-15"); + + + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + + //perform test + SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); + + //validate state + Assert.assertNotNull("Result should be not null", result); + + ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); + assertEquals("wrong attr. size", 8, respAttr.size()); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, + (String) attr.get(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER)); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName()); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName()); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getFormatedDateOfBirth()); + + checkAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + (String) attr.get(MsProxyServiceConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER)); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME, + (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME)); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME, + (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME)); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH, + (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME)); + + } + + @Test + public void responseWithJurMandate() throws EaafException, SpecificCommunicationException { Map attr = new HashMap<>(); attr.put(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18"); + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + + attr.put(MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, + RandomStringUtils.randomAlphabetic(10)); //perform test SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); @@ -137,6 +239,20 @@ public class ProxyServiceAuthenticationActionTest { //validate state Assert.assertNotNull("Result should be not null", result); + ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); + assertEquals("wrong attr. size", 6, respAttr.size()); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, + (String) attr.get(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER)); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName()); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName()); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getFormatedDateOfBirth()); + + checkAttrValue(respAttr, Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER, + (String) attr.get(MsProxyServiceConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER)); + checkAttrValue(respAttr, Constants.eIDAS_ATTR_LEGALNAME, + (String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME)); + + } @Test @@ -151,12 +267,50 @@ public class ProxyServiceAuthenticationActionTest { private IAuthData generateDummyAuthData() { return generateDummyAuthData(Collections.emptyMap(), EaafConstants.EIDAS_LOA_LOW, - RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1940-01-01"); + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1940-01-01", false); } - private IAuthData generateDummyAuthData(Map attrs, String loa, String familyName, String givenName, String dateOfBirth) { - return new IAuthData() { + private void checkAttrValue(ImmutableAttributeMap respAttr, String attrName, String expected) { + final AttributeDefinition attrDef = + attrRegistry.getCoreAttributeRegistry().getByFriendlyName(attrName).first(); + Object value = respAttr.getFirstValue(attrDef); + assertNotNull("not attr value: " + attrName, value); + + if (value instanceof String) { + assertEquals("wrong attr. value: " + attrName, expected, value); + + } else if ( value instanceof DateTime) { + assertEquals("wrong attr. value: " + attrName, expected, ((DateTime)value).toString("yyyy-MM-dd")); + + } + + } + + private ImmutableAttributeMap validateBasicEidasResponse(IAuthData authData) throws SpecificCommunicationException { + assertNotNull("not redirct Header", httpResp.getHeader("Location")); + assertTrue("wrong redirect URL", httpResp.getHeader("Location").startsWith("http://eidas.proxy/endpoint?token=")); + String token = httpResp.getHeader("Location").substring("http://eidas.proxy/endpoint?token=".length()); + + ILightResponse resp = springManagedSpecificConnectorCommunicationService.getAndRemoveResponse(URLDecoder.decode(token), + ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes())); + + assertNotNull("responseId", resp.getId()); + assertEquals("inResponseTo", pendingReq.getEidasRequest().getId(), resp.getInResponseToId()); + assertEquals("relayState", pendingReq.getEidasRequest().getRelayState(), resp.getRelayState()); + assertEquals("LoA", authData.getEidasQaaLevel(), resp.getLevelOfAssurance()); + + assertNotNull("subjectNameId", resp.getSubject()); + assertEquals("subjectNameIdFormat", NameIDType.TRANSIENT, resp.getSubjectNameIdFormat()); + + assertFalse("not attributes", resp.getAttributes().isEmpty()); + return resp.getAttributes(); + + } + + private IAuthData generateDummyAuthData(Map attrs, String loa, String familyName, String givenName, String dateOfBirth, + boolean useMandates) { + return new IEidAuthData() { @Override public boolean isSsoSession() { @@ -303,6 +457,36 @@ public class ProxyServiceAuthenticationActionTest { // TODO Auto-generated method stub return null; } + + @Override + public byte[] getSignerCertificate() { + // TODO Auto-generated method stub + return null; + } + + @Override + public byte[] getEidToken() { + // TODO Auto-generated method stub + return null; + } + + @Override + public EidIdentityStatusLevelValues getEidStatus() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getVdaEndPointUrl() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isUseMandate() { + return useMandates; + + } }; } -- cgit v1.2.3