From 7bf7c3c03fd3a1efeaf3f8e3dd75922e2f5f9921 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Tue, 8 Mar 2022 19:06:10 +0100
Subject: refactor(core): move all project libs into sub-project 'modules'

---
 .../core/builder/AuthenticationDataBuilder.java    | 255 +++++++++++++++++++++
 1 file changed, 255 insertions(+)
 create mode 100644 modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java

(limited to 'modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java')

diff --git a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java
new file mode 100644
index 00000000..e5937b99
--- /dev/null
+++ b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java
@@ -0,0 +1,255 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.asitplus.eidas.specific.core.builder;
+
+import java.util.Date;
+import java.util.Optional;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import org.springframework.stereotype.Service;
+
+import com.google.common.collect.Streams;
+
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
+import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.Triple;
+import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
+import lombok.extern.slf4j.Slf4j;
+
+@Service("AuthenticationDataBuilder")
+@Slf4j
+public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder {
+  
+  private static final String ERROR_B11 = "builder.11";
+
+  @Override
+  protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EaafException {
+    final EidAuthProcessDataWrapper authProcessData =
+        pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
+    final EidAuthenticationData authData = new EidAuthenticationData();
+
+    // set basis infos
+    super.generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData);
+
+    // set specific informations
+    authData.setSsoSessionValidTo(
+        new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000));
+
+    authData.setEidStatus(authProcessData.isTestIdentity()
+        ? EidIdentityStatusLevelValues.TESTIDENTITY
+        : EidIdentityStatusLevelValues.IDENTITY);
+
+    return authData;
+
+  }
+
+  @Override
+  protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq)
+      throws EaafException {
+    if (authData instanceof EidAuthenticationData) {
+      ((EidAuthenticationData) authData).setGenericData(
+          ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME,
+          pendingReq.getUniquePiiTransactionIdentifier());
+      log.trace("Inject piiTransactionId: {} into AuthData", pendingReq.getUniquePiiTransactionIdentifier());
+
+      // set specific informations
+      ((EidAuthenticationData) authData).setSsoSessionValidTo(
+          new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000));
+
+      // set E-ID status-level
+      final EidAuthProcessDataWrapper authProcessData =
+          pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
+      ((EidAuthenticationData) authData).setEidStatus(authProcessData.isTestIdentity()
+          ? EidIdentityStatusLevelValues.TESTIDENTITY
+          : EidIdentityStatusLevelValues.IDENTITY);
+
+      // handle mandate informations
+      buildMandateInformation((EidAuthenticationData) authData, pendingReq, authProcessData);
+
+    } else {
+      throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: "
+          + authData.getClass().getName());
+
+    }
+
+  }
+
+  @Override
+  protected IAuthData getAuthDataInstance(IRequest arg0) throws EaafException {
+    return new EidAuthenticationData();
+
+  }
+
+  @Override
+  protected Pair<String, String> buildOAspecificbPK(IRequest pendingReq, AuthenticationData authData)
+      throws EaafBuilderException {
+    return super.buildOAspecificbPK(pendingReq, authData);
+
+  }
+
+  @Override
+  protected Pair<String, String> getEncryptedBpkFromPvpAttribute(IAuthProcessDataContainer arg0,
+      AuthenticationData arg1, ISpConfiguration arg2) throws EaafBuilderException {
+    return null;
+
+  }
+
+  @Override
+  protected Pair<String, String> getbaseIdFromSzr(AuthenticationData arg0, String arg1, String arg2) {
+    return null;
+
+  }
+
+  private void buildMandateInformation(EidAuthenticationData authData, IRequest pendingReq,
+      EidAuthProcessDataWrapper authProcessData) throws EaafAuthenticationException, EaafBuilderException,
+      EaafStorageException {
+    authData.setUseMandate(authProcessData.isMandateUsed());
+    if (authProcessData.isMandateUsed()) {
+      log.debug("Build mandate-releated authentication data ... ");
+      if (authProcessData.isForeigner()) {
+        buildMandateInformationForEidasIncoming();
+
+      } else {
+        buildMandateInformationForEidasOutgoing(authData, pendingReq, authProcessData);
+
+      }
+
+      // inject mandate information into authdata
+      final Set<String> mandateAttributes = Streams.concat(
+          MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES.stream(),
+          MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_JUR_PVP_ATTRIBUTES.stream())
+          .map(el -> el.getFirst())
+          .collect(Collectors.toSet());
+
+      authProcessData.getGenericSessionDataStream()
+          .filter(el -> mandateAttributes.contains(el.getKey()))
+          .forEach(el -> {
+            try {
+              authData.setGenericData(el.getKey(), el.getValue());
+
+            } catch (final EaafStorageException e) {
+              log.error("Can not store attribute: {} into session.", el.getKey(), e);
+              throw new RuntimeException(e);
+
+            }
+          });
+    }
+  }
+
+  private void buildMandateInformationForEidasIncoming() {
+    log.debug("Find eIDAS incoming process. Generated mandate-information for ID-Austria system ... ");
+
+    // TODO: implement IDA specific processing of foreign mandate
+
+  }
+
+  private void buildMandateInformationForEidasOutgoing(EidAuthenticationData authData, IRequest pendingReq,
+      EidAuthProcessDataWrapper authProcessData) throws EaafAuthenticationException, EaafBuilderException,
+      EaafStorageException {
+    log.debug("Find eIDAS outgoing process. Generated mandate-information for other country ... ");
+    if (authProcessData.getGenericDataFromSession(
+        PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME) != null) {
+      final Optional<Triple<String, String, Boolean>> missingAttribute =
+          MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES.stream()
+              .filter(el -> authProcessData.getGenericDataFromSession(el.getFirst()) == null)
+              .findFirst();
+      if (missingAttribute.isPresent()) {
+        log.error("ID-Austria response contains not all attributes for nat. person mandator. Missing: {}",
+            missingAttribute.get().getFirst());
+        throw new EaafAuthenticationException(ERROR_B11, new Object[] { "Nat. person mandate" });
+
+      } else {
+        log.trace("Find nat. person mandate. Mandate can be used as it is ");
+        authData.setGenericData(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER,
+            extractBpkFromResponse(authProcessData.getGenericDataFromSession(
+                PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, String.class)));
+
+      }
+
+    } else {
+      final Optional<Triple<String, String, Boolean>> missingAttribute =
+          MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_JUR_PVP_ATTRIBUTES.stream()
+              .filter(el -> authProcessData.getGenericDataFromSession(el.getFirst()) == null)
+              .findFirst();
+      if (missingAttribute.isPresent()) {
+        log.error("ID-Austria response contains not all attributes for legal. person mandator. Missing: {}",
+            missingAttribute.get().getFirst());
+        throw new EaafAuthenticationException(ERROR_B11, new Object[] { "Legal. person mandate" });
+
+      } else {
+        log.trace(
+            "Find jur. person mandate. Generate eIDAS identifier from legal-person sourcePin and type ... ");
+        final String sourcePin = authProcessData.getGenericDataFromSession(
+            PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class);
+        final String sourcePinType = authProcessData.getGenericDataFromSession(
+            PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class);
+
+        // build leagl-person identifier for eIDAS out-going 
+        final String[] splittedTarget =  
+            pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier().split("\\+");       
+        StringBuilder sb = new StringBuilder();
+        sb.append(splittedTarget[1])
+          .append("/")
+          .append(splittedTarget[2])
+          .append("/")
+          .append(sourcePinType)
+          .append("+")
+          .append(sourcePin);
+                
+        log.debug("Use legal-person eIDAS identifer: {} from baseId: {} and baseIdType: {}",
+            sb.toString(), sourcePin, sourcePinType);
+        authData.setGenericData(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, sb.toString());
+
+      }
+    }
+  }
+
+  private String extractBpkFromResponse(String pvpBpkAttrValue) {
+    final String[] split = pvpBpkAttrValue.split(":", 2);
+    if (split.length == 2) {
+      return split[1];
+
+    } else {
+      log.warn("PVP bPK attribute: {} has wrong format. Use it as it is.", pvpBpkAttrValue);
+      return pvpBpkAttrValue;
+
+    }
+  }
+
+}
-- 
cgit v1.2.3


From ce7e30f92356f602b65a0608b8224dd93b271f5e Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Fri, 13 May 2022 09:00:52 +0200
Subject: refact(core): switch to eaaf-components 1.3.x and replace
 'java.util.Date' by 'java.time.Instant'

---
 .../eidas/specific/core/builder/AuthenticationDataBuilder.java     | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java')

diff --git a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java
index 9580a62f..e719735c 100644
--- a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java
+++ b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java
@@ -23,7 +23,7 @@
 
 package at.asitplus.eidas.specific.core.builder;
 
-import java.util.Date;
+import java.time.Instant;
 
 import org.springframework.stereotype.Service;
 
@@ -58,8 +58,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
     
     // set specific informations
     authData.setSsoSessionValidTo(
-        new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000));
-    
+        Instant.now().plusSeconds(MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60));
     authData.setEidStatus(authProcessData.isTestIdentity() 
         ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY);
     
@@ -78,7 +77,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
     
       // set specific informations
       ((EidAuthenticationData)authData).setSsoSessionValidTo(
-          new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000));
+          Instant.now().plusSeconds(MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60));
 
       //set E-ID status-level
       final EidAuthProcessDataWrapper authProcessData =
-- 
cgit v1.2.3


From 3d9d419a40b17de1f94d46cbc2f5b345a93bff00 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Wed, 8 Jun 2022 12:32:16 +0200
Subject: feat(eidas): perform mapping between IDA and eIDAS attributes based
 on external configuration

---
 .../core/builder/AuthenticationDataBuilder.java    | 185 ++++++++++++++++++---
 1 file changed, 160 insertions(+), 25 deletions(-)

(limited to 'modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java')

diff --git a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java
index e719735c..673b8ef5 100644
--- a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java
+++ b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java
@@ -24,73 +24,92 @@
 package at.asitplus.eidas.specific.core.builder;
 
 import java.time.Instant;
-
-import org.springframework.stereotype.Service;
+import java.util.Optional;
+import java.util.Set;
 
 import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
 import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
+import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
 import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.Triple;
 import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
 import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
 import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
 import lombok.extern.slf4j.Slf4j;
 
-@Service("AuthenticationDataBuilder")
 @Slf4j
 public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder {
 
+  private static final String ERROR_B11 = "builder.11";
+
   @Override
-  protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EaafException {        
+  protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EaafException {
     final EidAuthProcessDataWrapper authProcessData =
-        pendingReq.getSessionData(EidAuthProcessDataWrapper.class);    
-    EidAuthenticationData authData = new EidAuthenticationData();
-    
-    //set basis infos
+        pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
+    final EidAuthenticationData authData = new EidAuthenticationData();
+
+    // set basis infos
     super.generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData);
-    
+
     // set specific informations
     authData.setSsoSessionValidTo(
         Instant.now().plusSeconds(MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60));
-    authData.setEidStatus(authProcessData.isTestIdentity() 
-        ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY);
-    
+    authData.setEidStatus(authProcessData.isTestIdentity()
+        ? EidIdentityStatusLevelValues.TESTIDENTITY
+        : EidIdentityStatusLevelValues.IDENTITY);
+
     return authData;
 
   }
 
   @Override
-  protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) 
+  protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq)
       throws EaafException {
     if (authData instanceof EidAuthenticationData) {
-      ((EidAuthenticationData)authData).setGenericData(
-          ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, 
+      ((EidAuthenticationData) authData).setGenericData(
+          ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME,
           pendingReq.getUniquePiiTransactionIdentifier());
       log.trace("Inject piiTransactionId: {} into AuthData", pendingReq.getUniquePiiTransactionIdentifier());
-    
+
       // set specific informations
-      ((EidAuthenticationData)authData).setSsoSessionValidTo(
+      ((EidAuthenticationData) authData).setSsoSessionValidTo(
           Instant.now().plusSeconds(MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60));
 
-      //set E-ID status-level
+      // set E-ID status-level
       final EidAuthProcessDataWrapper authProcessData =
-          pendingReq.getSessionData(EidAuthProcessDataWrapper.class);        
-      ((EidAuthenticationData)authData).setEidStatus(authProcessData.isTestIdentity() 
-          ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY);
-      
+          pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
+      ((EidAuthenticationData) authData).setEidStatus(authProcessData.isTestIdentity()
+          ? EidIdentityStatusLevelValues.TESTIDENTITY
+          : EidIdentityStatusLevelValues.IDENTITY);
+
+      // forward all requested IDA attributes into authData
+      forwardAllRequestedIdaAttributes(authProcessData, (EidAuthenticationData) authData,
+          pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class)
+              .getRequestedAttributes());
+
+      // build specific bPK attribute
+      buildNatPersonInfos((EidAuthenticationData) authData, authProcessData);
+
+      // handle mandate informations
+      buildMandateInformation((EidAuthenticationData) authData, pendingReq, authProcessData);
+
     } else {
-      throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: " 
+      throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: "
           + authData.getClass().getName());
-      
+
     }
-        
+
   }
 
   @Override
@@ -119,4 +138,120 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 
   }
 
+  protected String customizeLegalPersonSourcePin(String sourcePin, String sourcePinType) {
+    log.trace("Use legal-person sourcePin as it is");
+    return sourcePin;
+
+  }
+
+  protected String customizeBpkAttribute(String pvpBpkAttrValue) {
+    log.trace("Use natural-person bPK as it is");
+    return pvpBpkAttrValue;
+
+  }
+
+  private void forwardAllRequestedIdaAttributes(EidAuthProcessDataWrapper authProcessData,
+      EidAuthenticationData authData, Set<String> requestedIdaAttributes) {
+    if (requestedIdaAttributes != null && !requestedIdaAttributes.isEmpty()) {
+      log.trace("Forwarding IDA requested attributes ... ");
+      authProcessData.getGenericSessionDataStream()
+          .filter(el -> requestedIdaAttributes.contains(el.getKey()))
+          .forEach(el -> {
+            try {
+              authData.setGenericData(el.getKey(), el.getValue());
+
+            } catch (final EaafStorageException e) {
+              log.error("Can not store attribute: {} into session.", el.getKey(), e);
+              throw new RuntimeException(e);
+
+            }
+          });
+    } else {
+      log.trace("No IDA requested attributes to forwarding. Nothing todo");
+
+    }
+  }
+
+  private void buildMandateInformation(EidAuthenticationData authData, IRequest pendingReq,
+      EidAuthProcessDataWrapper authProcessData) throws EaafAuthenticationException, EaafBuilderException,
+      EaafStorageException {
+    authData.setUseMandate(authProcessData.isMandateUsed());
+    if (authProcessData.isMandateUsed()) {
+      log.debug("Build mandate-releated authentication data ... ");
+      if (authProcessData.isForeigner()) {
+        buildMandateInformationForEidasIncoming();
+
+      } else {
+        buildMandateInformationForEidasOutgoing(authData, pendingReq, authProcessData);
+
+      }
+    }
+  }
+
+  private void buildMandateInformationForEidasIncoming() {
+    log.debug("Find eIDAS incoming process. Generated mandate-information for ID-Austria system ... ");
+
+    // TODO: implement IDA specific processing of foreign mandate
+
+  }
+
+  private void buildNatPersonInfos(EidAuthenticationData authData,
+      EidAuthProcessDataWrapper authProcessData) throws EaafStorageException {
+    // clean-up BPK attribute and forward it as new property
+    authData.setGenericData(PvpAttributeDefinitions.BPK_NAME,
+        customizeBpkAttribute(authProcessData.getGenericDataFromSession(
+            PvpAttributeDefinitions.BPK_NAME, String.class)));
+
+  }
+
+  private void buildMandateInformationForEidasOutgoing(EidAuthenticationData authData, IRequest pendingReq,
+      EidAuthProcessDataWrapper authProcessData) throws EaafAuthenticationException, EaafBuilderException,
+      EaafStorageException {
+    log.debug("Find eIDAS outgoing process. Generated mandate-information for other country ... ");
+    if (authProcessData.getGenericDataFromSession(
+        PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME) != null) {
+      final Optional<Triple<String, String, Boolean>> missingAttribute =
+          MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES.stream()
+              .filter(el -> authProcessData.getGenericDataFromSession(el.getFirst()) == null)
+              .findFirst();
+      if (missingAttribute.isPresent()) {
+        log.error("ID-Austria response contains not all attributes for nat. person mandator. Missing: {}",
+            missingAttribute.get().getFirst());
+        throw new EaafAuthenticationException(ERROR_B11, new Object[] { "Nat. person mandate" });
+
+      } else {
+        log.trace("Find nat. person mandate. Mandate can be used as it is ");
+        authData.setGenericData(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME,
+            customizeBpkAttribute(authProcessData.getGenericDataFromSession(
+                PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, String.class)));
+
+      }
+
+    } else {
+      final Optional<Triple<String, String, Boolean>> missingAttribute =
+          MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_JUR_PVP_ATTRIBUTES.stream()
+              .filter(el -> authProcessData.getGenericDataFromSession(el.getFirst()) == null)
+              .findFirst();
+      if (missingAttribute.isPresent()) {
+        log.error("ID-Austria response contains not all attributes for legal. person mandator. Missing: {}",
+            missingAttribute.get().getFirst());
+        throw new EaafAuthenticationException(ERROR_B11, new Object[] { "Legal. person mandate" });
+
+      } else {
+        log.trace(
+            "Find jur. person mandate. Generate eIDAS identifier from legal-person sourcePin and type ... ");
+        final String sourcePin = authProcessData.getGenericDataFromSession(
+            PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class);
+        final String sourcePinType = authProcessData.getGenericDataFromSession(
+            PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class);
+
+        // customize attribute-value for source-pin
+        final String sourcePinToUse = customizeLegalPersonSourcePin(sourcePin, sourcePinType);
+        log.debug("Use legal-person eIDAS identifer: {} from baseId: {} and baseIdType: {}",
+            sourcePinToUse, sourcePin, sourcePinType);
+        authData.setGenericData(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, sourcePinToUse);
+
+      }
+    }
+  }
 }
-- 
cgit v1.2.3


From cab2ab4ddb85b305d77798073b868cf42a7e0111 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Wed, 8 Jun 2022 14:56:42 +0200
Subject: chore(core): minory style, test and validation fixes

---
 .../eidas/specific/core/builder/AuthenticationDataBuilder.java    | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java')

diff --git a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java
index 673b8ef5..5a8992b5 100644
--- a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java
+++ b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java
@@ -102,7 +102,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
       buildNatPersonInfos((EidAuthenticationData) authData, authProcessData);
 
       // handle mandate informations
-      buildMandateInformation((EidAuthenticationData) authData, pendingReq, authProcessData);
+      buildMandateInformation((EidAuthenticationData) authData, authProcessData);
 
     } else {
       throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: "
@@ -172,7 +172,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
     }
   }
 
-  private void buildMandateInformation(EidAuthenticationData authData, IRequest pendingReq,
+  private void buildMandateInformation(EidAuthenticationData authData,
       EidAuthProcessDataWrapper authProcessData) throws EaafAuthenticationException, EaafBuilderException,
       EaafStorageException {
     authData.setUseMandate(authProcessData.isMandateUsed());
@@ -182,7 +182,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
         buildMandateInformationForEidasIncoming();
 
       } else {
-        buildMandateInformationForEidasOutgoing(authData, pendingReq, authProcessData);
+        buildMandateInformationForEidasOutgoing(authData, authProcessData);
 
       }
     }
@@ -204,7 +204,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 
   }
 
-  private void buildMandateInformationForEidasOutgoing(EidAuthenticationData authData, IRequest pendingReq,
+  private void buildMandateInformationForEidasOutgoing(EidAuthenticationData authData,
       EidAuthProcessDataWrapper authProcessData) throws EaafAuthenticationException, EaafBuilderException,
       EaafStorageException {
     log.debug("Find eIDAS outgoing process. Generated mandate-information for other country ... ");
-- 
cgit v1.2.3