From aacc2545abb12328a09cef2cf20ca80a61374836 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Thu, 17 Nov 2022 16:48:29 +0100
Subject: feat(connector): add validation to disable private-SP support for
 specific countries

---
 .../AlternativeSearchTaskWithRegisterTest.java     |  6 ++-
 .../eidas/v2/test/tasks/InitialSearchTaskTest.java |  6 ++-
 .../tasks/InitialSearchTaskWithRegistersTest.java  |  6 ++-
 .../EidasRequestPreProcessingFirstTest.java        |  8 +++-
 .../EidasRequestPreProcessingSecondTest.java       | 51 +++++++++++++++++++++-
 5 files changed, 69 insertions(+), 8 deletions(-)

(limited to 'modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific')

diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/AlternativeSearchTaskWithRegisterTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/AlternativeSearchTaskWithRegisterTest.java
index 2506a9b6..305220cf 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/AlternativeSearchTaskWithRegisterTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/AlternativeSearchTaskWithRegisterTest.java
@@ -56,6 +56,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.CountrySpecificDetailSearchProcessor;
@@ -871,8 +872,9 @@ public class AlternativeSearchTaskWithRegisterTest {
       }
 
       @Override
-      public void preProcess(String selectedCC, IRequest pendingReq, LightRequest.Builder authnRequestBuilder) {
-        genericEidProcessor.preProcess(pendingReq, authnRequestBuilder);
+      public void preProcess(String selectedCC, IRequest pendingReq, LightRequest.Builder authnRequestBuilder) 
+          throws EidPreProcessingException {
+        genericEidProcessor.preProcess(pendingReq, authnRequestBuilder, selectedCC);
       }
     };
   }
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java
index 6292a0e1..ca78e156 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java
@@ -74,6 +74,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException;
@@ -172,8 +173,9 @@ public class InitialSearchTaskTest {
       }
 
       @Override
-      public void preProcess(String selectedCC, IRequest pendingReq, LightRequest.Builder authnRequestBuilder) {
-        genericEidProcessor.preProcess(pendingReq, authnRequestBuilder);
+      public void preProcess(String selectedCC, IRequest pendingReq, LightRequest.Builder authnRequestBuilder) 
+          throws EidPreProcessingException {
+        genericEidProcessor.preProcess(pendingReq, authnRequestBuilder, selectedCC);
       }
     };
   }
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskWithRegistersTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskWithRegistersTest.java
index 4b9e9fe2..ead276f9 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskWithRegistersTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskWithRegistersTest.java
@@ -76,6 +76,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException;
@@ -536,8 +537,9 @@ public class InitialSearchTaskWithRegistersTest {
       }
 
       @Override
-      public void preProcess(String selectedCC, IRequest pendingReq, LightRequest.Builder authnRequestBuilder) {
-        genericEidProcessor.preProcess(pendingReq, authnRequestBuilder);
+      public void preProcess(String selectedCC, IRequest pendingReq, LightRequest.Builder authnRequestBuilder) 
+          throws EidPreProcessingException {
+        genericEidProcessor.preProcess(pendingReq, authnRequestBuilder, selectedCC);
       }
     };
   }
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
index ca292d4c..f3863ce0 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
@@ -50,6 +50,7 @@ import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration;
 import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
 import eu.eidas.auth.commons.light.impl.LightRequest;
 import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
+import lombok.SneakyThrows;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(locations = {
@@ -110,7 +111,8 @@ public class EidasRequestPreProcessingFirstTest {
   }
 
   @Test
-  public void prePreProcessGeneric() throws EidPostProcessingException {
+  @SneakyThrows
+  public void prePreProcessGeneric() {
     final String testCountry = "XX";
     authnRequestBuilder.citizenCountryCode(testCountry);
     preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder);
@@ -125,6 +127,7 @@ public class EidasRequestPreProcessingFirstTest {
   }
 
   @Test
+  @SneakyThrows
   public void prePreProcessGenericNoCountryCode() throws EidPostProcessingException {
     final String testCountry = "XX";
     authnRequestBuilder.citizenCountryCode(testCountry);
@@ -140,6 +143,7 @@ public class EidasRequestPreProcessingFirstTest {
   }
 
   @Test
+  @SneakyThrows
   public void prePreProcessDE() throws EidPostProcessingException {
 
     final String testCountry = "DE";
@@ -157,6 +161,7 @@ public class EidasRequestPreProcessingFirstTest {
   }
   
   @Test
+  @SneakyThrows
   public void prePreProcessNlWithUpgrade() throws EidPostProcessingException {
 
     final String testCountry = "NL";
@@ -177,6 +182,7 @@ public class EidasRequestPreProcessingFirstTest {
   }
    
   @Test
+  @SneakyThrows
   public void prePreProcessNlWithOutUpgrade() throws EidPostProcessingException {
 
     final String testCountry = "NL";
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
index 9b061b55..0453ca1d 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
@@ -23,6 +23,9 @@
 
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.validation;
 
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertThrows;
+
 import java.util.HashMap;
 import java.util.Map;
 import java.util.UUID;
@@ -39,6 +42,7 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
 import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.CcSpecificEidProcessingService;
 import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
@@ -46,6 +50,7 @@ import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration;
 import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
 import eu.eidas.auth.commons.light.impl.LightRequest;
 import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
+import lombok.SneakyThrows;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(locations = {
@@ -85,13 +90,55 @@ public class EidasRequestPreProcessingSecondTest {
     authnRequestBuilder.id(UUID.randomUUID().toString());
     authnRequestBuilder.issuer("Test");
     authnRequestBuilder.levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH);
+    
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.publicSectorTargets", ".*");    
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll", "true");    
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.proxyservices.privatesp.notsupported", "");        
+    
+  }
 
+  @Test
+  @SneakyThrows
+  public void privateSpAllowed() {
     basicConfig.putConfigValue(
-        "eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll", "true");
+        "eidas.ms.auth.eIDAS.node_v2.proxyservices.privatesp.notsupported", "XX,XY");          
+    basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
+    
+    oaParam.getFullConfiguration().put("target", "urn:publicid:gv.at:wbpk+XFN+123456a");
     
+    final String testCountry = "DE";
+    authnRequestBuilder.citizenCountryCode(testCountry);
+    preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder);
+
+    final LightRequest lightReq = authnRequestBuilder.build();
+    Assert.assertEquals("no PublicSP", "private", lightReq.getSpType());
+        
   }
+  
+  @Test
+  @SneakyThrows
+  public void privateSpNotAllowed() {
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.proxyservices.privatesp.notsupported", "XX,XY");          
+    basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
+    
+    oaParam.getFullConfiguration().put("target", "urn:publicid:gv.at:wbpk+XFN+123456a");
+    
+    final String testCountry = "XY";
+    authnRequestBuilder.citizenCountryCode(testCountry);
+
+    EidPreProcessingException error = assertThrows("validation error not detected", EidPreProcessingException.class, 
+        () -> preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder));
+    assertEquals("wrong errorId", "module.eidasauth.07", error.getErrorId());
 
+        
+  }
+  
   @Test
+  @SneakyThrows
   public void prePreProcessDeUnknownAttribute() throws EidPostProcessingException {
     basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs", "myNode");
     basicConfig.putConfigValue(
@@ -114,6 +161,7 @@ public class EidasRequestPreProcessingSecondTest {
    * Set ProviderName according to general configuration
    */
   @Test
+  @SneakyThrows
   public void prePreProcessLuPublicSpWithoutRequestId() throws EidPostProcessingException {
 
     basicConfig.putConfigValue(
@@ -136,6 +184,7 @@ public class EidasRequestPreProcessingSecondTest {
    * Always set requesterId and providername in case of country LU
    */
   @Test
+  @SneakyThrows
   public void prePreProcessLuPublicSpWithStaticRequesterId() throws EidPostProcessingException {
 
     
-- 
cgit v1.2.3