From 7bf7c3c03fd3a1efeaf3f8e3dd75922e2f5f9921 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Tue, 8 Mar 2022 19:06:10 +0100 Subject: refactor(core): move all project libs into sub-project 'modules' --- .../resources/config/additional-attributes.xml | 39 +++ .../src/test/resources/config/eidas-attributes.xml | 376 +++++++++++++++++++++ .../resources/config/junit_config_1.properties | 6 + 3 files changed, 421 insertions(+) create mode 100644 modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml create mode 100644 modules/eidas_proxy-sevice/src/test/resources/config/eidas-attributes.xml create mode 100644 modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties (limited to 'modules/eidas_proxy-sevice/src/test/resources/config') diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml b/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml new file mode 100644 index 00000000..6510546e --- /dev/null +++ b/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml @@ -0,0 +1,39 @@ + + + + + + Dynamic attributes + + http://eidas.europa.eu/attributes/naturalperson/AdditionalAttribute + AdditionalAttribute + NaturalPerson + false + http://www.w3.org/2001/XMLSchema + string + xs + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/LegalAdditionalAttribute + LegalAdditionalAttribute + LegalPerson + false + http://www.w3.org/2001/XMLSchema + string + xs + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/eidas-attributes.xml b/modules/eidas_proxy-sevice/src/test/resources/config/eidas-attributes.xml new file mode 100644 index 00000000..cbae35db --- /dev/null +++ b/modules/eidas_proxy-sevice/src/test/resources/config/eidas-attributes.xml @@ -0,0 +1,376 @@ + + + + + + eIDAS attributes + + http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier + PersonIdentifier + NaturalPerson + true + true + http://eidas.europa.eu/attributes/naturalperson + PersonIdentifierType + eidas-natural + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName + FamilyName + NaturalPerson + true + true + http://eidas.europa.eu/attributes/naturalperson + CurrentFamilyNameType + eidas-natural + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName + FirstName + NaturalPerson + true + true + http://eidas.europa.eu/attributes/naturalperson + CurrentGivenNameType + eidas-natural + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/DateOfBirth + DateOfBirth + NaturalPerson + true + http://eidas.europa.eu/attributes/naturalperson + DateOfBirthType + eidas-natural + eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/BirthName + BirthName + NaturalPerson + false + true + http://eidas.europa.eu/attributes/naturalperson + BirthNameType + eidas-natural + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth + PlaceOfBirth + NaturalPerson + false + http://eidas.europa.eu/attributes/naturalperson + PlaceOfBirthType + eidas-natural + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/CurrentAddress + CurrentAddress + NaturalPerson + false + http://eidas.europa.eu/attributes/naturalperson + CurrentAddressType + eidas-natural + eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/Gender + Gender + NaturalPerson + false + http://eidas.europa.eu/attributes/naturalperson + GenderType + eidas-natural + eu.eidas.auth.commons.protocol.eidas.impl.GenderAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/LegalPersonIdentifier + LegalPersonIdentifier + LegalPerson + true + true + http://eidas.europa.eu/attributes/legalperson + LegalPersonIdentifierType + eidas-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/LegalName + LegalName + LegalPerson + true + true + http://eidas.europa.eu/attributes/legalperson + LegalNameType + eidas-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/LegalPersonAddress + LegalAddress + LegalPerson + false + http://eidas.europa.eu/attributes/legalperson + LegalPersonAddressType + eidas-legal + eu.eidas.auth.commons.protocol.eidas.impl.LegalAddressAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/VATRegistrationNumber + VATRegistration + LegalPerson + false + http://eidas.europa.eu/attributes/legalperson + VATRegistrationNumberType + eidas-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/TaxReference + TaxReference + LegalPerson + false + http://eidas.europa.eu/attributes/legalperson + TaxReferenceType + eidas-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/D-2012-17-EUIdentifier + D-2012-17-EUIdentifier + LegalPerson + false + http://eidas.europa.eu/attributes/legalperson + D-2012-17-EUIdentifierType + eidas-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/LEI + LEI + LegalPerson + false + http://eidas.europa.eu/attributes/legalperson + LEIType + eidas-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/EORI + EORI + LegalPerson + false + http://eidas.europa.eu/attributes/legalperson + EORIType + eidas-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/SEED + SEED + LegalPerson + false + http://eidas.europa.eu/attributes/legalperson + SEEDType + eidas-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/SIC + SIC + LegalPerson + false + http://eidas.europa.eu/attributes/legalperson + SICType + eidas-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/representative/PersonIdentifier + RepresentativePersonIdentifier + RepresentativeNaturalPerson + false + true + http://eidas.europa.eu/attributes/naturalperson/representative + PersonIdentifierType + eidas-natural + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/representative/CurrentFamilyName + RepresentativeFamilyName + RepresentativeNaturalPerson + false + true + http://eidas.europa.eu/attributes/naturalperson/representative + CurrentFamilyNameType + eidas-reprentative-natural + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/representative/CurrentGivenName + RepresentativeFirstName + RepresentativeNaturalPerson + false + true + http://eidas.europa.eu/attributes/naturalperson/representative + CurrentGivenNameType + eidas-reprentative-natural + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/representative/DateOfBirth + RepresentativeDateOfBirth + RepresentativeNaturalPerson + false + http://eidas.europa.eu/attributes/naturalperson/representative + DateOfBirthType + eidas-reprentative-natural + eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/representative/BirthName + RepresentativeBirthName + RepresentativeNaturalPerson + false + true + http://eidas.europa.eu/attributes/naturalperson/representative + BirthNameType + eidas-reprentative-natural + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/representative/PlaceOfBirth + RepresentativePlaceOfBirth + RepresentativeNaturalPerson + false + http://eidas.europa.eu/attributes/naturalperson/representative + PlaceOfBirthType + eidas-reprentative-natural + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/representative/CurrentAddress + RepresentativeCurrentAddress + RepresentativeNaturalPerson + false + http://eidas.europa.eu/attributes/naturalperson/representative + CurrentAddressType + eidas-reprentative-natural + eu.eidas.auth.commons.protocol.eidas.impl.RepvCurrentAddressAttributeValueMarshaller + + http://eidas.europa.eu/attributes/naturalperson/representative/Gender + RepresentativeGender + RepresentativeNaturalPerson + false + http://eidas.europa.eu/attributes/naturalperson/representative + GenderType + eidas-reprentative-natural + eu.eidas.auth.commons.protocol.eidas.impl.GenderAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonIdentifier + RepresentativeLegalPersonIdentifier + RepresentativeLegalPerson + false + true + http://eidas.europa.eu/attributes/legalperson/representative + LegalPersonIdentifierType + eidas-reprentative-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/representative/LegalName + RepresentativeLegalName + RepresentativeLegalPerson + false + true + http://eidas.europa.eu/attributes/legalperson/representative + LegalNameType + eidas-reprentative-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonAddress + RepresentativeLegalAddress + RepresentativeLegalPerson + false + http://eidas.europa.eu/attributes/legalperson/representative + LegalPersonAddressType + eidas-reprentative-legal + eu.eidas.auth.commons.protocol.eidas.impl.RepvLegalAddressAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/representative/VATRegistrationNumber + RepresentativeVATRegistration + RepresentativeLegalPerson + false + http://eidas.europa.eu/attributes/legalperson/representative + VATRegistrationNumberType + eidas-reprentative-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/representative/TaxReference + RepresentativeTaxReference + RepresentativeLegalPerson + false + http://eidas.europa.eu/attributes/legalperson/representative + TaxReferenceType + eidas-reprentative-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/representative/D-2012-17-EUIdentifier + RepresentativeD-2012-17-EUIdentifier + RepresentativeLegalPerson + false + http://eidas.europa.eu/attributes/legalperson/representative + D-2012-17-EUIdentifierType + eidas-reprentative-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/representative/LEI + RepresentativeLEI + RepresentativeLegalPerson + false + http://eidas.europa.eu/attributes/legalperson/representative + LEIType + eidas-reprentative-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/representative/EORI + RepresentativeEORI + RepresentativeLegalPerson + false + http://eidas.europa.eu/attributes/legalperson/representative + EORIType + eidas-reprentative-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/representative/SEED + RepresentativeSEED + RepresentativeLegalPerson + false + http://eidas.europa.eu/attributes/legalperson/representative + SEEDType + eidas-reprentative-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/representative/SIC + RepresentativeSIC + RepresentativeLegalPerson + false + http://eidas.europa.eu/attributes/legalperson/representative + SICType + eidas-reprentative-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonAddress + RepresentativeLegalAddress + RepresentativeLegalPerson + false + http://eidas.europa.eu/attributes/legalperson/representative + LegalPersonAddressType + eidas-reprentative-legal + eu.eidas.auth.commons.protocol.eidas.impl.RepvLegalAddressAttributeValueMarshaller + + http://eidas.europa.eu/attributes/legalperson/representative/VATRegistrationNumber + RepresentativeVATRegistration + RepresentativeLegalPerson + false + http://eidas.europa.eu/attributes/legalperson/representative + VATRegistrationNumberType + eidas-reprentative-legal + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + + diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties new file mode 100644 index 00000000..4f3b82b5 --- /dev/null +++ b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties @@ -0,0 +1,6 @@ +## Basic service configuration +eidas.ms.context.url.prefix=http://localhost +eidas.ms.context.url.request.validation=false + +eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy +eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint=http://eidas.proxy/endpoint \ No newline at end of file -- cgit v1.2.3 From b3bbdc754025246c3de2a8e04a7ed2f085c5d19e Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Tue, 7 Jun 2022 13:21:48 +0200 Subject: feat(eidas): add attribute-mapping service to map eIDAS attributs to IDA attributes --- .../core/eidas/service/EidasAttributeRegistry.java | 9 +- modules/eidas_proxy-sevice/pom.xml | 5 + .../msproxyservice/MsProxyServiceConstants.java | 5 + .../dto/attributes/AttrMappingElement.java | 37 +++++ .../dto/attributes/IdaAttribute.java | 29 ++++ .../msproxyservice/dto/attributes/Type.java | 79 +++++++++ .../service/ProxyEidasAttributeRegistry.java | 176 +++++++++++++++++++++ .../resources/spring/eidas_proxy-service.beans.xml | 3 + .../services/ProxyEidasAttributeRegistryTest.java | 95 +++++++++++ .../test/resources/config/idaAttributeMapping.json | 157 ++++++++++++++++++ .../resources/config/junit_config_1.properties | 4 +- 11 files changed, 591 insertions(+), 8 deletions(-) create mode 100644 modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/AttrMappingElement.java create mode 100644 modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/IdaAttribute.java create mode 100644 modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java create mode 100644 modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java create mode 100644 modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java create mode 100644 modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json (limited to 'modules/eidas_proxy-sevice/src/test/resources/config') diff --git a/modules/core_commons_eidas/src/main/java/at/asitplus/eidas/specific/modules/core/eidas/service/EidasAttributeRegistry.java b/modules/core_commons_eidas/src/main/java/at/asitplus/eidas/specific/modules/core/eidas/service/EidasAttributeRegistry.java index 15c8b3c0..9af4e7ee 100644 --- a/modules/core_commons_eidas/src/main/java/at/asitplus/eidas/specific/modules/core/eidas/service/EidasAttributeRegistry.java +++ b/modules/core_commons_eidas/src/main/java/at/asitplus/eidas/specific/modules/core/eidas/service/EidasAttributeRegistry.java @@ -27,21 +27,16 @@ import java.io.File; import javax.annotation.PostConstruct; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import eu.eidas.auth.commons.attribute.AttributeRegistries; import eu.eidas.auth.commons.attribute.AttributeRegistry; +import lombok.extern.slf4j.Slf4j; @Service("attributeRegistry") +@Slf4j public class EidasAttributeRegistry { - private static final Logger log = LoggerFactory.getLogger(EidasAttributeRegistry.class); - @Autowired - protected IConfigurationWithSP basicConfig; private AttributeRegistry coreAttributeRegistry; diff --git a/modules/eidas_proxy-sevice/pom.xml b/modules/eidas_proxy-sevice/pom.xml index e45d6ee0..4a4ea26f 100644 --- a/modules/eidas_proxy-sevice/pom.xml +++ b/modules/eidas_proxy-sevice/pom.xml @@ -52,6 +52,11 @@ eu.eidas eidas-jcache-ignite-specific-communication + + + com.fasterxml.jackson.core + jackson-databind + org.apache.commons diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java index fd6b45bb..a2a2e78f 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java @@ -20,6 +20,11 @@ public class MsProxyServiceConstants { public static final String CONIG_PROPS_EIDAS_PROXY_NODE_FORWARD_URL = EidasConstants.CONIG_PROPS_EIDAS_NODE + ".proxy.forward.endpoint"; + + public static final String CONIG_PROPS_EIDAS_PROXY_ATTIBUTE_CONFIGURATION = + EidasConstants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.attribute.mapping.config"; + + // mandate configuration public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED = EidasConstants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.mandates.enabled"; diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/AttrMappingElement.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/AttrMappingElement.java new file mode 100644 index 00000000..d6ed1147 --- /dev/null +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/AttrMappingElement.java @@ -0,0 +1,37 @@ + +package at.asitplus.eidas.specific.modules.msproxyservice.dto.attributes; + +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; + +import lombok.Data; + +@JsonInclude(JsonInclude.Include.NON_NULL) +@JsonPropertyOrder({ + "eidasAttribute", + "idaAttribute", + "type" +}) +@Data +public class AttrMappingElement { + + /** + * eIDAS specific attribute name. + */ + @JsonProperty("eidasAttribute") + private String eidasAttributeName; + + /** + * IDA specific attribute name. + */ + @JsonProperty("idaAttribute") + private IdaAttribute idaAttribute; + + /** + * attribute characteristics. + */ + @JsonProperty("type") + private Type type; + +} diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/IdaAttribute.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/IdaAttribute.java new file mode 100644 index 00000000..ee5fc810 --- /dev/null +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/IdaAttribute.java @@ -0,0 +1,29 @@ +package at.asitplus.eidas.specific.modules.msproxyservice.dto.attributes; + +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; + +import lombok.Data; + +@JsonInclude(JsonInclude.Include.NON_NULL) +@JsonPropertyOrder({ + "basic", + "withMandates" +}) +@Data +public class IdaAttribute { + + /** + * IDA attribute name, in case of simple process without mandates. + */ + @JsonProperty("basic") + private String basic; + + /** + * IDA attribute name, in case of mandate process. + */ + @JsonProperty("withMandates") + private String withMandates; + +} diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java new file mode 100644 index 00000000..86ca49fa --- /dev/null +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java @@ -0,0 +1,79 @@ + +package at.asitplus.eidas.specific.modules.msproxyservice.dto.attributes; + +import java.util.HashMap; +import java.util.Map; + +import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.annotation.JsonValue; + +import lombok.Data; + +@JsonInclude(JsonInclude.Include.NON_NULL) +@JsonPropertyOrder({ + "mds", + "mandator" +}) +@Data +public class Type { + + /** + * true if this attribute is part of MDS, otherwise + * false + */ + @JsonProperty("mds") + private Boolean mds; + + /** + * Classifie that attribute to specific mandate modes. + */ + @JsonProperty("mandator") + private Type.Mandator mandator; + + /** + * Mandate type in case of a mandate attriute. + */ + public enum Mandator { + BOTH("both"), + LEGAL("legal"), + NATURAL("natural"), + NONE("none"); + + private final String value; + private final static Map CONSTANTS = new HashMap<>(); + + static { + for (final Type.Mandator c : values()) { + CONSTANTS.put(c.value, c); + } + } + + Mandator(String value) { + this.value = value; + } + + @Override + public String toString() { + return this.value; + } + + @JsonValue + public String value() { + return this.value; + } + + @JsonCreator + public static Type.Mandator fromValue(String value) { + final Type.Mandator constant = CONSTANTS.get(value); + if (constant == null) { + throw new IllegalArgumentException(value); + } else { + return constant; + } + } + + } +} diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java new file mode 100644 index 00000000..ea561c1d --- /dev/null +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java @@ -0,0 +1,176 @@ +package at.asitplus.eidas.specific.modules.msproxyservice.service; + +import java.io.IOException; +import java.io.InputStream; +import java.net.URISyntaxException; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Objects; +import java.util.Set; +import java.util.stream.Collectors; +import java.util.stream.Stream; + +import javax.annotation.PostConstruct; + +import org.apache.commons.io.IOUtils; +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; + +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.type.CollectionType; +import com.google.common.collect.Sets; + +import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry; +import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; +import at.asitplus.eidas.specific.modules.msproxyservice.dto.attributes.AttrMappingElement; +import at.asitplus.eidas.specific.modules.msproxyservice.dto.attributes.IdaAttribute; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import lombok.Getter; +import lombok.NonNull; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class ProxyEidasAttributeRegistry { + + private static final String ATTR_CONFIG_ALL = "*"; + + private static ObjectMapper mapper = new ObjectMapper(); + + @Autowired IConfiguration basicConfig; + @Autowired ResourceLoader resourceLoader; + + + @Getter + private EidasAttributeRegistry coreRegistry; + + private Set attributeConfiguration; + + + /** + * Attribute Registry for eIDAS Proxy-Service implementation. + * @param registry Core attribute registry + */ + public ProxyEidasAttributeRegistry(@Autowired EidasAttributeRegistry registry) { + this.coreRegistry = registry; + + } + + + /** + * Get all attributes that requested from IDA by default. + * + * @param withMandates true if mandates are supported, otherwise false + * @return {@link Stream} of IDA specific attribute names + */ + @NonNull + public Stream getAlwaysRequestedAttributes(boolean withMandates) { + return attributeConfiguration.stream() + .filter(el -> ATTR_CONFIG_ALL.equals(el.getEidasAttributeName())) + .map(el -> getReleadedIdaAttribute(el.getIdaAttribute(), withMandates)) + .flatMap(Collection::stream) + .filter(Objects::nonNull); + + } + + /** + * Get IDA attributes for a specific eIDAS attribute. + * + * @param eidasAttributeName Name of the eIDAS attribute. + * @param withMandates true if mandates are supported, otherwise false + * @return {@link Set} of IDA specific attribute names + */ + @NonNull + public Set getIdaAttributesForEidasAttribute(String eidasAttributeName, boolean withMandates) { + return attributeConfiguration.stream() + .filter(el -> el.getEidasAttributeName().equals(eidasAttributeName)) + .findFirst() + .map(el -> getReleadedIdaAttribute(el.getIdaAttribute(), withMandates)) + .orElse(Collections.emptySet()) + .stream() + .filter(Objects::nonNull) + .collect(Collectors.toSet()); + + } + + + @PostConstruct + private void initialize() throws EaafConfigurationException { + final String attrConfPath = basicConfig.getBasicConfiguration( + MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_ATTIBUTE_CONFIGURATION); + + log.debug("Initializing eIDAS <--> IDA attribute mapping from: {} ... ", attrConfPath); + + if (StringUtils.isEmpty(attrConfPath)) { + log.error("Error: Path to attribute-mapping config is unknown"); + throw new EaafConfigurationException("internal.configuration.00", + new Object[]{MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_ATTIBUTE_CONFIGURATION}); + + } + + try { + // reading attribute-configuration file + final CollectionType javaType = + mapper.getTypeFactory().constructCollectionType(List.class, AttrMappingElement.class); + List internalAttributeConfiguration = + mapper.readValue(readFromFile(attrConfPath), javaType); + log.debug("Found #{} eIDAS <--> IDA attribute-mappings . Starting import process ... ", + internalAttributeConfiguration.size()); + + // post-validation of attribute configuration + attributeConfiguration = internalAttributeConfiguration.stream() + .filter(el -> checkEidasAttributeName(el)) + .collect(Collectors.toSet()); + log.info("Load {} eIDAS <--> IDA attribute-mappings into attribute-registry", attributeConfiguration.size()); + + } catch (Exception e) { + log.error("Error reading eIDAS <--> IDA attribute-mapping configuration file", e); + throw new EaafConfigurationException("internal.configuration.01", + new Object[]{MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_ATTIBUTE_CONFIGURATION, + "Error reading Configurations file"}, e); + + } + } + + private Set getReleadedIdaAttribute(IdaAttribute el, boolean withMandates) { + return withMandates + ? Sets.newHashSet(el.getBasic(), el.getWithMandates()) + : Sets.newHashSet(el.getBasic()); + + } + + private boolean checkEidasAttributeName(AttrMappingElement el) { + if (StringUtils.isNotEmpty(el.getEidasAttributeName())) { + if (ATTR_CONFIG_ALL.equals(el.getEidasAttributeName()) + || coreRegistry.getCoreAttributeRegistry().getByName(el.getEidasAttributeName()) != null) { + return true; + + } else { + log.warn("eIDAS attribute: {} is UNKNOWN by eIDAS node. Ignore it!", el.getEidasAttributeName()); + + } + + } else { + log.warn("Find attribute-mapping element WITHOUT eIDAS attribute-name. Ignore it!"); + + } + + return false; + } + + private byte[] readFromFile(final String filePath) throws URISyntaxException, IOException { + final String fullFilePath = FileUtils.makeAbsoluteUrl(filePath, basicConfig.getConfigurationRootDirectory()); + final Resource ressource = resourceLoader.getResource(fullFilePath); + final InputStream is = ressource.getInputStream(); + final byte[] result = IOUtils.toByteArray(is); + is.close(); + return result; + + } + + +} diff --git a/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml b/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml index 1eb33e93..78b7640a 100644 --- a/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml +++ b/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml @@ -32,4 +32,7 @@ ref="specificConnectorAdditionalAttributesFileWithPath" /> + + \ No newline at end of file diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java new file mode 100644 index 00000000..6034c92a --- /dev/null +++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java @@ -0,0 +1,95 @@ +package at.asitplus.eidas.specific.modules.msproxyservice.test.services; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.Set; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.servlet.config.annotation.EnableWebMvc; + +import at.asitplus.eidas.specific.modules.msproxyservice.service.ProxyEidasAttributeRegistry; +import lombok.NonNull; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/spring/SpringTest-context_basic_test.xml", + "/spring/SpringTest-context_basic_mapConfig.xml", + }) +@EnableWebMvc +public class ProxyEidasAttributeRegistryTest { + + @Autowired ProxyEidasAttributeRegistry attrRegistry; + + @Test + public void checkDefaultAttributes() { + assertEquals("default attributes without mandates", 2, + attrRegistry.getAlwaysRequestedAttributes(false).count()); + assertEquals("default attributes with mandates", 4, + attrRegistry.getAlwaysRequestedAttributes(true).count()); + + } + + @Test + public void eidasAttributeMapping() { + checkAttributeMapping("http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", false, + Arrays.asList("urn:oid:1.2.40.0.10.2.1.1.149")); + checkAttributeMapping("http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", true, + Arrays.asList("urn:oid:1.2.40.0.10.2.1.1.149", "urn:oid:1.2.40.0.10.2.1.1.261.98")); + + } + + @Test + public void eidasAttributeMappingMandateOnly() { + checkAttributeMapping("http://eidas.europa.eu/attributes/legalperson/LegalPersonIdentifier", false, + Collections.emptyList()); + checkAttributeMapping("http://eidas.europa.eu/attributes/legalperson/LegalPersonIdentifier", true, + Arrays.asList("urn:oid:1.2.40.0.10.2.1.1.261.100")); + + } + + @Test + public void eidasAttributeMappingWithNoIdaAttribute() { + checkAttributeMapping("http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth", false, + Collections.emptyList()); + checkAttributeMapping("http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth", true, + Collections.emptyList()); + + } + + @Test + public void unknownEidasAttribute() { + checkAttributeMapping("http://eidas.europa.eu/attributes/jUnit/not/exits", false, + Collections.emptyList()); + checkAttributeMapping("http://eidas.europa.eu/attributes/jUnit/not/exits", true, + Collections.emptyList()); + + } + + @Test + public void unknownEidasAttribute2() { + checkAttributeMapping(RandomStringUtils.randomAlphabetic(10), false, + Collections.emptyList()); + checkAttributeMapping(RandomStringUtils.randomAlphabetic(10), true, + Collections.emptyList()); + + } + + private void checkAttributeMapping(String eidasAttr, boolean withMandates, List idaAttributes) { + @NonNull + Set idaAttrResult = attrRegistry.getIdaAttributesForEidasAttribute(eidasAttr, withMandates); + assertEquals("wrong number of IDA attributes", idaAttributes.size(), idaAttrResult.size()); + idaAttributes.forEach( + el -> assertTrue("missing: " + el, idaAttrResult.contains(el))); + + } + +} diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json new file mode 100644 index 00000000..4f059876 --- /dev/null +++ b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json @@ -0,0 +1,157 @@ +[ + { + "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", + "idaAttribute": { + "basic": "urn:oid:1.2.40.0.10.2.1.1.149", + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.98" + }, + "type": { + "mds": true + } + }, + { + "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName", + "idaAttribute": { + "basic": "urn:oid:2.5.4.42", + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.78" + }, + "type": { + "mds": true + } + }, + { + "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName", + "idaAttribute": { + "basic": "urn:oid:1.2.40.0.10.2.1.1.261.20", + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.80" + }, + "type": { + "mds": true + } + }, + { + "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/DateOfBirth", + "idaAttribute": { + "basic": "urn:oid:1.2.40.0.10.2.1.1.55", + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.82" + }, + "type": { + "mds": true + } + }, + { + "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth", + "idaAttribute": {}, + "type": { + "mds": false + } + }, + { + "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/BirthName", + "idaAttribute": {}, + "type": { + "mds": false + } + }, + { + "eidasAttribute": "http://eidas.europa.eu/attributes/legalperson/LegalPersonIdentifier", + "idaAttribute": { + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.100" + }, + "type": { + "mds": true + } + }, + { + "eidasAttribute": "http://eidas.europa.eu/attributes/legalperson/LegalName", + "idaAttribute": { + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.84" + }, + "type": { + "mds": true + } + }, + { + "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/representative/PersonIdentifier", + "idaAttribute": { + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.149" + }, + "type": { + "mds": true + } + }, + { + "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/representative/CurrentFamilyName", + "idaAttribute": { + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.20" + }, + "type": { + "mds": true + } + }, + { + "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/representative/CurrentGivenName", + "idaAttribute": { + "withMandates": "urn:oid:2.5.4.42" + }, + "type": { + "mds": true + } + }, + { + "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/representative/DateOfBirth", + "idaAttribute": { + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.55" + }, + "type": { + "mds": true + } + }, + { + "eidasAttribute": "*", + "idaAttribute": { + "basic": "urn:oid:1.2.40.0.10.2.1.1.261.32", + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.32" + }, + "type": { + "mds": false + } + }, + { + "eidasAttribute": "*", + "idaAttribute": { + "basic": "urn:oid:1.2.40.0.10.2.1.1.261.108", + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.108" + }, + "type": { + "mds": false + } + }, + { + "eidasAttribute": "*", + "idaAttribute": { + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.68" + }, + "type": { + "mds": false + } + }, + { + "eidasAttribute": "*", + "idaAttribute": { + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.106" + }, + "type": { + "mds": false + } + }, + { + "eidasAttribute": "http://eidas.europa.eu/attributes/jUnit/not/exits", + "idaAttribute": { + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.106" + }, + "type": { + "mds": false + } + } +] \ No newline at end of file diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties index 4f3b82b5..bd4575c3 100644 --- a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties +++ b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties @@ -3,4 +3,6 @@ eidas.ms.context.url.prefix=http://localhost eidas.ms.context.url.request.validation=false eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy -eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint=http://eidas.proxy/endpoint \ No newline at end of file +eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint=http://eidas.proxy/endpoint + +eidas.ms.auth.eIDAS.proxy.attribute.mapping.config=idaAttributeMapping.json \ No newline at end of file -- cgit v1.2.3 From 9c9463d593014292a4b19fbad2fca779e56e33cf Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Tue, 7 Jun 2022 13:47:42 +0200 Subject: feat(eidas): update proxy-service attribute registry to request releated attributes --- .../dto/attributes/AttrMappingElement.java | 6 +++++ .../service/ProxyEidasAttributeRegistry.java | 27 +++++++++++++++------- .../services/ProxyEidasAttributeRegistryTest.java | 13 +++++++++-- .../test/resources/config/idaAttributeMapping.json | 6 +++++ 4 files changed, 42 insertions(+), 10 deletions(-) (limited to 'modules/eidas_proxy-sevice/src/test/resources/config') diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/AttrMappingElement.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/AttrMappingElement.java index d6ed1147..cf106bad 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/AttrMappingElement.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/AttrMappingElement.java @@ -1,6 +1,8 @@ package at.asitplus.eidas.specific.modules.msproxyservice.dto.attributes; +import java.util.List; + import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyOrder; @@ -28,6 +30,10 @@ public class AttrMappingElement { @JsonProperty("idaAttribute") private IdaAttribute idaAttribute; + + @JsonProperty("addionalRequiredAttributes") + private List addionalRequiredAttributes; + /** * attribute characteristics. */ diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java index ea561c1d..b9e0c488 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java @@ -26,7 +26,6 @@ import com.google.common.collect.Sets; import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry; import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; import at.asitplus.eidas.specific.modules.msproxyservice.dto.attributes.AttrMappingElement; -import at.asitplus.eidas.specific.modules.msproxyservice.dto.attributes.IdaAttribute; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; @@ -71,7 +70,7 @@ public class ProxyEidasAttributeRegistry { public Stream getAlwaysRequestedAttributes(boolean withMandates) { return attributeConfiguration.stream() .filter(el -> ATTR_CONFIG_ALL.equals(el.getEidasAttributeName())) - .map(el -> getReleadedIdaAttribute(el.getIdaAttribute(), withMandates)) + .map(el -> getReleadedIdaAttribute(el, withMandates)) .flatMap(Collection::stream) .filter(Objects::nonNull); @@ -89,7 +88,7 @@ public class ProxyEidasAttributeRegistry { return attributeConfiguration.stream() .filter(el -> el.getEidasAttributeName().equals(eidasAttributeName)) .findFirst() - .map(el -> getReleadedIdaAttribute(el.getIdaAttribute(), withMandates)) + .map(el -> getReleadedIdaAttribute(el, withMandates)) .orElse(Collections.emptySet()) .stream() .filter(Objects::nonNull) @@ -136,11 +135,23 @@ public class ProxyEidasAttributeRegistry { } } - private Set getReleadedIdaAttribute(IdaAttribute el, boolean withMandates) { - return withMandates - ? Sets.newHashSet(el.getBasic(), el.getWithMandates()) - : Sets.newHashSet(el.getBasic()); - + private Set getReleadedIdaAttribute(AttrMappingElement el, boolean withMandates) { + if (el.getIdaAttribute() != null) { + Set directMapping = withMandates + ? Sets.newHashSet(el.getIdaAttribute().getBasic(), el.getIdaAttribute().getWithMandates()) + : Sets.newHashSet(el.getIdaAttribute().getBasic()); + + if (el.getAddionalRequiredAttributes() != null) { + el.getAddionalRequiredAttributes().forEach( + attr -> directMapping.add(attr)); + + } + return directMapping; + + } else { + return Collections.emptySet(); + + } } private boolean checkEidasAttributeName(AttrMappingElement el) { diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java index 6034c92a..d3e787bb 100644 --- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java +++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java @@ -50,9 +50,18 @@ public class ProxyEidasAttributeRegistryTest { @Test public void eidasAttributeMappingMandateOnly() { checkAttributeMapping("http://eidas.europa.eu/attributes/legalperson/LegalPersonIdentifier", false, - Collections.emptyList()); + Arrays.asList( + "urn:oid:1.2.40.0.10.2.1.1.149", + "urn:oid:2.5.4.42", + "urn:oid:1.2.40.0.10.2.1.1.261.20", + "urn:oid:1.2.40.0.10.2.1.1.55")); checkAttributeMapping("http://eidas.europa.eu/attributes/legalperson/LegalPersonIdentifier", true, - Arrays.asList("urn:oid:1.2.40.0.10.2.1.1.261.100")); + Arrays.asList( + "urn:oid:1.2.40.0.10.2.1.1.261.100", + "urn:oid:1.2.40.0.10.2.1.1.149", + "urn:oid:2.5.4.42", + "urn:oid:1.2.40.0.10.2.1.1.261.20", + "urn:oid:1.2.40.0.10.2.1.1.55")); } diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json index 4f059876..2d375acb 100644 --- a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json +++ b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json @@ -58,6 +58,12 @@ "idaAttribute": { "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.100" }, + "addionalRequiredAttributes" : [ + "urn:oid:1.2.40.0.10.2.1.1.149", + "urn:oid:2.5.4.42", + "urn:oid:1.2.40.0.10.2.1.1.261.20", + "urn:oid:1.2.40.0.10.2.1.1.55" + ], "type": { "mds": true } -- cgit v1.2.3 From 3d9d419a40b17de1f94d46cbc2f5b345a93bff00 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Wed, 8 Jun 2022 12:32:16 +0200 Subject: feat(eidas): perform mapping between IDA and eIDAS attributes based on external configuration --- .../ms-proxyservice/misc/idaAttributeMapping.json | 170 +++++++++ .../SpRequiredAttributersAttributeBuilder.java | 63 ++++ .../tasks/ReceiveFromIdAustriaSystemTask.java | 30 +- .../tasks/RequestIdAustriaSystemTask.java | 6 + .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder | 1 + .../SpRequiredAttributersAttributeBuilderTest.java | 72 ++++ .../test/task/ReceiveAuthnResponseTaskTest.java | 24 +- .../test/task/RequestIdAustriaSystemTaskTest.java | 72 ++-- .../eidas/specific/core/MsEidasNodeConstants.java | 13 +- .../core/builder/AuthenticationDataBuilder.java | 185 ++++++++-- .../main/resources/specific_eIDAS_core.beans.xml | 3 - .../test/utils/AuthenticationDataBuilderTest.java | 311 +++++++++++++++- .../msproxyservice/dto/attributes/Type.java | 7 + .../protocol/ProxyServiceAuthenticationAction.java | 297 +++++++--------- .../service/ProxyEidasAttributeRegistry.java | 34 +- .../ProxyServiceAuthenticationActionTest.java | 217 +++++++++-- .../services/ProxyEidasAttributeRegistryTest.java | 35 ++ .../test/resources/config/idaAttributeMapping.json | 56 ++- .../resources/specific_eIDAS_connector.beans.xml | 3 + .../builder/ProxyAuthenticationDataBuilder.java | 38 ++ .../main/resources/specific_eIDAS_proxy.beans.xml | 3 + .../ProxyAuthenticationDataBuilderTest.java | 395 +++++++++++++++++++++ .../config/junit_config_1_springboot.properties | 2 +- pom.xml | 2 +- 24 files changed, 1713 insertions(+), 326 deletions(-) create mode 100644 basicConfig/ms-proxyservice/misc/idaAttributeMapping.json create mode 100644 modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/builder/attributes/SpRequiredAttributersAttributeBuilder.java create mode 100644 modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/builder/attributes/SpRequiredAttributersAttributeBuilderTest.java create mode 100644 ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/builder/ProxyAuthenticationDataBuilder.java create mode 100644 ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/builder/ProxyAuthenticationDataBuilderTest.java (limited to 'modules/eidas_proxy-sevice/src/test/resources/config') diff --git a/basicConfig/ms-proxyservice/misc/idaAttributeMapping.json b/basicConfig/ms-proxyservice/misc/idaAttributeMapping.json new file mode 100644 index 00000000..7c44b48a --- /dev/null +++ b/basicConfig/ms-proxyservice/misc/idaAttributeMapping.json @@ -0,0 +1,170 @@ +[ + { + "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", + "idaAttribute": { + "basic": "urn:oid:1.2.40.0.10.2.1.1.149", + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.98" + }, + "type": { + "mds": true, + "autoIncludeWithMandates": false + } + }, + { + "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName", + "idaAttribute": { + "basic": "urn:oid:2.5.4.42", + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.78" + }, + "type": { + "mds": true, + "autoIncludeWithMandates": false + } + }, + { + "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName", + "idaAttribute": { + "basic": "urn:oid:1.2.40.0.10.2.1.1.261.20", + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.80" + }, + "type": { + "mds": true, + "autoIncludeWithMandates": false + } + }, + { + "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/DateOfBirth", + "idaAttribute": { + "basic": "urn:oid:1.2.40.0.10.2.1.1.55", + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.82" + }, + "type": { + "mds": true, + "autoIncludeWithMandates": false + } + }, + { + "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth", + "idaAttribute": {}, + "type": { + "mds": false, + "autoIncludeWithMandates": false + } + }, + { + "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/BirthName", + "idaAttribute": {}, + "type": { + "mds": false, + "autoIncludeWithMandates": false + } + }, + { + "eidasAttribute": "http://eidas.europa.eu/attributes/legalperson/LegalPersonIdentifier", + "idaAttribute": { + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.100" + }, + "addionalRequiredAttributes" : [ + "urn:oid:1.2.40.0.10.2.1.1.149", + "urn:oid:2.5.4.42", + "urn:oid:1.2.40.0.10.2.1.1.261.20", + "urn:oid:1.2.40.0.10.2.1.1.55" + ], + "type": { + "mds": true, + "autoIncludeWithMandates": false + } + }, + { + "eidasAttribute": "http://eidas.europa.eu/attributes/legalperson/LegalName", + "idaAttribute": { + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.84" + }, + "type": { + "mds": true, + "autoIncludeWithMandates": false + } + }, + { + "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/representative/PersonIdentifier", + "idaAttribute": { + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.149" + }, + "type": { + "mds": true, + "autoIncludeWithMandates": true + } + }, + { + "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/representative/CurrentFamilyName", + "idaAttribute": { + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.20" + }, + "type": { + "mds": true, + "autoIncludeWithMandates": true + } + }, + { + "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/representative/CurrentGivenName", + "idaAttribute": { + "withMandates": "urn:oid:2.5.4.42" + }, + "type": { + "mds": true, + "autoIncludeWithMandates": true + } + }, + { + "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/representative/DateOfBirth", + "idaAttribute": { + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.55" + }, + "type": { + "mds": true, + "autoIncludeWithMandates": true + } + }, + { + "eidasAttribute": "*", + "idaAttribute": { + "basic": "urn:oid:1.2.40.0.10.2.1.1.261.32", + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.32" + }, + "type": { + "mds": false, + "autoIncludeWithMandates": false + } + }, + { + "eidasAttribute": "*", + "idaAttribute": { + "basic": "urn:oid:1.2.40.0.10.2.1.1.261.108", + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.108" + }, + "type": { + "mds": false, + "autoIncludeWithMandates": false + } + }, + { + "eidasAttribute": "*", + "idaAttribute": { + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.68" + }, + "type": { + "mds": false, + "autoIncludeWithMandates": false + } + }, + { + "eidasAttribute": "*", + "idaAttribute": { + "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.106" + }, + "type": { + "mds": false, + "autoIncludeWithMandates": false + } + } +] diff --git a/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/builder/attributes/SpRequiredAttributersAttributeBuilder.java b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/builder/attributes/SpRequiredAttributersAttributeBuilder.java new file mode 100644 index 00000000..61687088 --- /dev/null +++ b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/builder/attributes/SpRequiredAttributersAttributeBuilder.java @@ -0,0 +1,63 @@ +/* + * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a + * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European + * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in + * compliance with the Licence. You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software distributed under the Licence + * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the Licence for the specific language governing permissions and limitations under + * the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text file for details on the + * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative + * works that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.idaustria.builder.attributes; + +import org.apache.commons.lang3.StringUtils; + +import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class SpRequiredAttributersAttributeBuilder + implements IAttributeBuilder, ExtendedPvpAttributeDefinitions { + + @Override + public String getName() { + return SP_REQUIRED_ATTRIBUTES_NAME; + } + + @Override + public ATT build(final ISpConfiguration oaParam, final IAuthData authData, + final IAttributeGenerator g) + throws AttributeBuilderException { + if (oaParam instanceof ServiceProviderConfiguration) { + return g.buildStringAttribute(SP_REQUIRED_ATTRIBUTES_FRIENDLY_NAME, SP_REQUIRED_ATTRIBUTES_NAME, + StringUtils.join(((ServiceProviderConfiguration)oaParam).getRequestedAttributes(), ",")); + + } else { + log.warn("Can not build attribute for required IDA attributes, because SP config-implementation does not match."); + return null; + + } + } + + @Override + public ATT buildEmpty(final IAttributeGenerator g) { + return g.buildEmptyAttribute(SP_REQUIRED_ATTRIBUTES_FRIENDLY_NAME, SP_REQUIRED_ATTRIBUTES_NAME); + + } + +} diff --git a/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java index e486b851..17e0e0d5 100644 --- a/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java +++ b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java @@ -16,7 +16,6 @@ import org.opensaml.saml.saml2.core.StatusCode; import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; import org.springframework.beans.factory.annotation.Autowired; -import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants; import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthCredentialProvider; import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthMetadataProvider; @@ -234,8 +233,7 @@ public class ReceiveFromIdAustriaSystemTask extends AbstractAuthServletTask { // inject all attributes into session final Set includedAttrNames = extractor.getAllIncludeAttributeNames(); for (final String attrName : includedAttrNames) { - injectAuthInfosIntoSession(session, attrName, - extractor.getSingleAttributeValue(attrName)); + injectAuthInfosIntoSession(session, attrName, extractor.getSingleAttributeValue(attrName)); } @@ -306,31 +304,11 @@ public class ReceiveFromIdAustriaSystemTask extends AbstractAuthServletTask { private void injectAuthInfosIntoSession(AuthProcessDataWrapper session, String attrName, String attrValue) throws EaafStorageException, IOException { log.trace("Inject attribute: {} with value: {} into AuthSession", attrName, attrValue); - log.debug("Inject attribute: {} into AuthSession", attrName); - if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) { - log.trace("Find bPK attribute. Extract eIDAS identifier ... "); - session.setGenericDataToSession(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, - extractBpkFromResponse(attrValue)); - - } else { - session.setGenericDataToSession(attrName, attrValue); - - } - + log.debug("Inject attribute: {} into AuthSession", attrName); + session.setGenericDataToSession(attrName, attrValue); + } - private String extractBpkFromResponse(String pvpBpkAttrValue) { - final String[] split = pvpBpkAttrValue.split(":", 2); - if (split.length == 2) { - return split[1]; - - } else { - log.warn("PVP bPK attribute: {} has wrong format. Use it as it is.", pvpBpkAttrValue); - return pvpBpkAttrValue; - - } - } - private Pair preProcessAuthResponse(PvpSProfileResponse msg) throws IOException, MarshallingException, TransformerException, CredentialsNotAvailableException, AuthnResponseValidationException, SamlAssertionValidationExeption { diff --git a/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java index 66aadde6..bbe9b45f 100644 --- a/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java +++ b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java @@ -160,6 +160,12 @@ public class RequestIdAustriaSystemTask extends AbstractAuthServletTask { injectAttribute(attributs, PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, selectHighestLoa(pendingReq.getServiceProviderConfiguration().getRequiredLoA())); + // set list of IDA attributes as attribute + injectAttribute(attributs, ExtendedPvpAttributeDefinitions.SP_REQUIRED_ATTRIBUTES_NAME, + StringUtils.join( + pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).getRequestedAttributes(), + ",")); + //set ProviderName if available String providerName = ((ProxyServicePendingRequest)pendingReq).getEidasRequest().getProviderName(); if (StringUtils.isNotEmpty(providerName)) { diff --git a/modules/authmodule_id-austria/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/modules/authmodule_id-austria/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index 65e9482c..3b20d687 100644 --- a/modules/authmodule_id-austria/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder +++ b/modules/authmodule_id-austria/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -1 +1,2 @@ at.asitplus.eidas.specific.modules.auth.idaustria.builder.attributes.EidasConnecorUniqueIdAttributeBuilder +at.asitplus.eidas.specific.modules.auth.idaustria.builder.attributes.SpRequiredAttributersAttributeBuilder diff --git a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/builder/attributes/SpRequiredAttributersAttributeBuilderTest.java b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/builder/attributes/SpRequiredAttributersAttributeBuilderTest.java new file mode 100644 index 00000000..2fe420df --- /dev/null +++ b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/builder/attributes/SpRequiredAttributersAttributeBuilderTest.java @@ -0,0 +1,72 @@ +package at.asitplus.eidas.specific.modules.auth.idaustria.test.builder.attributes; + +import static org.junit.Assert.assertEquals; + +import java.util.List; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.internal.util.collections.Sets; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; +import at.asitplus.eidas.specific.modules.auth.idaustria.builder.attributes.SpRequiredAttributersAttributeBuilder; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.auth.attributes.AbstractAttributeBuilderTest; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/spring/SpringTest-context_basic_mapConfig.xml", + "/spring/SpringTest-context_basic_test.xml", +}) +public class SpRequiredAttributersAttributeBuilderTest extends AbstractAttributeBuilderTest { + +private final IAttributeBuilder attrBuilder = new SpRequiredAttributersAttributeBuilder(); + + @Test + public void attributeName() { + Assert.assertEquals("Wrong attribute name", + "urn:eidgvat:attributes.RequiredAttributes", attrBuilder.getName()); + + } + + @Test + public void checkEmptyAttribute() { + String value = attrBuilder.buildEmpty(gen); + Assert.assertNull("Attr. not null", value); + + } + + @Test + public void withWrongSpConfig() throws AttributeBuilderException, Exception { + String value = attrBuilder.build(spConfig, buildAuthData(), gen); + Assert.assertNull("Attr. not null", value); + + } + + @Test + public void withAttributeValue() throws AttributeBuilderException, Exception { + ServiceProviderConfiguration sp = new ServiceProviderConfiguration(spConfigMap, new DummyConfiguration()); + sp.setRequestedAttributes(Sets.newSet( + "aabbccdd", + RandomStringUtils.randomAlphanumeric(10), + PvpAttributeDefinitions.BIRTHDATE_NAME)); + + + String value = attrBuilder.build(sp, buildAuthData(), gen); + + List elements = KeyValueUtils.getListOfCsvValues(value); + assertEquals("wrong number of attributes", sp.getRequestedAttributes().size(), elements.size()); + sp.getRequestedAttributes().forEach( + el -> elements.contains(el)); + + } + +} diff --git a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java index c452fe22..c3be6dad 100644 --- a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java +++ b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java @@ -36,7 +36,6 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; -import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants; @@ -542,14 +541,14 @@ public class ReceiveAuthnResponseTaskTest { assertTrue("eidProcess flag", session.isEidProcess()); assertFalse("useMandate flag", session.isMandateUsed()); - checkAttributeInSession(session,PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max"); - checkAttributeInSession(session,PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann"); - checkAttributeInSession(session,PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01"); - checkAttributeInSession(session,PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, "http://eidas.europa.eu/LoA/high"); - checkAttributeInSession(session,PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT"); + checkAttributeInSession(session, PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max"); + checkAttributeInSession(session, PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann"); + checkAttributeInSession(session, PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01"); + checkAttributeInSession(session, PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, "http://eidas.europa.eu/LoA/high"); + checkAttributeInSession(session, PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT"); //pre-generated eIDAS identifer - checkAttributeInSession(session, MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcM4UcyhDTNGYmVdrIoY="); + checkAttributeInSession(session, PvpAttributeDefinitions.BPK_NAME, "AT+XX:QVGm48cqcM4UcyhDTNGYmVdrIoY="); } @@ -587,7 +586,7 @@ public class ReceiveAuthnResponseTaskTest { checkAttributeInSession(session,PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01"); checkAttributeInSession(session,PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT"); - checkAttributeInSession(session,MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcM4UcyhDTNGYmVdrIoY="); + checkAttributeInSession(session,PvpAttributeDefinitions.BPK_NAME, "AT+CC:QVGm48cqcM4UcyhDTNGYmVdrIoY="); } @@ -625,7 +624,7 @@ public class ReceiveAuthnResponseTaskTest { checkAttributeInSession(session,PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT"); //pre-generated eIDAS identifer - checkAttributeInSession(session,MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcasfasfsafsafdM4UcyhDTNGYmVdrIoY="); + checkAttributeInSession(session,PvpAttributeDefinitions.BPK_NAME, "QVGm48cqcasfasfsafsafdM4UcyhDTNGYmVdrIoY="); } @@ -663,7 +662,7 @@ public class ReceiveAuthnResponseTaskTest { checkAttributeInSession(session,PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT"); //pre-generated eIDAS identifer - checkAttributeInSession(session,MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcasfasfsafsafdM4UcyhDTNGYmVdrIoY="); + checkAttributeInSession(session,PvpAttributeDefinitions.BPK_NAME, "AT+AB:QVGm48cqcasfasfsafsafdM4UcyhDTNGYmVdrIoY="); } @@ -708,7 +707,7 @@ public class ReceiveAuthnResponseTaskTest { checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, "urn:publicid:gv.at:baseid+XERSB"); //pre-generated eIDAS identifer - checkAttributeInSession(session, MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcM4UcyhDTNGYmVdrIoY="); + checkAttributeInSession(session, PvpAttributeDefinitions.BPK_NAME, "AT+XX:QVGm48cqcM4UcyhDTNGYmVdrIoY="); assertNull("find nat. person bpk for mandator", session.getGenericDataFromSession( PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, String.class)); @@ -758,8 +757,7 @@ public class ReceiveAuthnResponseTaskTest { //pre-generated eIDAS identifer - checkAttributeInSession(session, MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, - "QVGm48cqcM4UcyhDTNGYmVdrIoY="); + checkAttributeInSession(session, PvpAttributeDefinitions.BPK_NAME, "AT+XX:QVGm48cqcM4UcyhDTNGYmVdrIoY="); } diff --git a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java index f6ffc729..1feb684d 100644 --- a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java +++ b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java @@ -18,6 +18,7 @@ import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; +import org.mockito.internal.util.collections.Sets; import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; import org.opensaml.core.xml.schema.XSString; import org.opensaml.core.xml.util.XMLObjectSupport; @@ -41,6 +42,7 @@ import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServicePe import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; @@ -213,7 +215,7 @@ public class RequestIdAustriaSystemTaskTest { //validate state final EaafRequestedAttributes reqAttr = validate(); - Assert.assertEquals("#Req Attribute", 4, reqAttr.getAttributes().size()); + Assert.assertEquals("#Req Attribute", 5, reqAttr.getAttributes().size()); Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.eidas.uniqueId", reqAttr.getAttributes().get(0).getName()); @@ -246,15 +248,15 @@ public class RequestIdAustriaSystemTaskTest { ((XSString)reqAttr.getAttributes().get(2).getAttributeValues().get(0)).getValue()); Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderMandateType", - reqAttr.getAttributes().get(3).getName()); - Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(3).getAttributeValues()); + reqAttr.getAttributes().get(4).getName()); + Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(4).getAttributeValues()); Assert.assertEquals("#Req. Attr value", 1, - reqAttr.getAttributes().get(3).getAttributeValues().size()); + reqAttr.getAttributes().get(4).getAttributeValues().size()); org.springframework.util.Assert.isInstanceOf(XSString.class, - reqAttr.getAttributes().get(3).getAttributeValues().get(0), "Wrong requested Attributes Value type"); + reqAttr.getAttributes().get(4).getAttributeValues().get(0), "Wrong requested Attributes Value type"); Assert.assertEquals("Req. Attr. Value", pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).getMandateMode().getMode(), - ((XSString)reqAttr.getAttributes().get(3).getAttributeValues().get(0)).getValue()); + ((XSString)reqAttr.getAttributes().get(4).getAttributeValues().get(0)).getValue()); } @@ -275,33 +277,55 @@ public class RequestIdAustriaSystemTaskTest { LightRequest eidasReq = eidasRequestBuilder.build(); pendingReq.setEidasRequest(eidasReq); + oaParam.setRequestedAttributes(Sets.newSet( + "aabbccdd", + RandomStringUtils.randomAlphanumeric(10), + PvpAttributeDefinitions.BIRTHDATE_NAME)); + //execute test task.execute(pendingReq, executionContext); //validate state final EaafRequestedAttributes reqAttr = validate(); - Assert.assertEquals("#Req Attribute", 6, reqAttr.getAttributes().size()); + Assert.assertEquals("#Req Attribute", 7, reqAttr.getAttributes().size()); - Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderFriendlyName", + + Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.RequiredAttributes", reqAttr.getAttributes().get(3).getName()); - Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(1).getAttributeValues()); + Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(3).getAttributeValues()); Assert.assertEquals("#Req. Attr value", 1, reqAttr.getAttributes().get(3).getAttributeValues().size()); org.springframework.util.Assert.isInstanceOf(XSString.class, reqAttr.getAttributes().get(3).getAttributeValues().get(0), "Wrong requested Attributes Value type"); - Assert.assertEquals("Req. Attr. Value", eidasReq.getProviderName(), + + List reqProfiles = KeyValueUtils.getListOfCsvValues( ((XSString)reqAttr.getAttributes().get(3).getAttributeValues().get(0)).getValue()); + reqProfiles.stream().forEach( + el -> assertTrue("missing IDA attribute: " + el, oaParam.getRequestedAttributes().contains(el))); - Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderUniqueId", + + Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderFriendlyName", reqAttr.getAttributes().get(4).getName()); - Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(1).getAttributeValues()); + Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(4).getAttributeValues()); Assert.assertEquals("#Req. Attr value", 1, reqAttr.getAttributes().get(4).getAttributeValues().size()); org.springframework.util.Assert.isInstanceOf(XSString.class, reqAttr.getAttributes().get(4).getAttributeValues().get(0), "Wrong requested Attributes Value type"); - Assert.assertEquals("Req. Attr. Value", eidasReq.getRequesterId(), + Assert.assertEquals("Req. Attr. Value", eidasReq.getProviderName(), ((XSString)reqAttr.getAttributes().get(4).getAttributeValues().get(0)).getValue()); + Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderUniqueId", + reqAttr.getAttributes().get(5).getName()); + Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(5).getAttributeValues()); + Assert.assertEquals("#Req. Attr value", 1, + reqAttr.getAttributes().get(5).getAttributeValues().size()); + org.springframework.util.Assert.isInstanceOf(XSString.class, + reqAttr.getAttributes().get(5).getAttributeValues().get(0), "Wrong requested Attributes Value type"); + Assert.assertEquals("Req. Attr. Value", eidasReq.getRequesterId(), + ((XSString)reqAttr.getAttributes().get(5).getAttributeValues().get(0)).getValue()); + + + } @Test @@ -330,31 +354,31 @@ public class RequestIdAustriaSystemTaskTest { //validate state final EaafRequestedAttributes reqAttr = validate(); - Assert.assertEquals("#Req Attribute", 7, reqAttr.getAttributes().size()); + Assert.assertEquals("#Req Attribute", 8, reqAttr.getAttributes().size()); Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderMandateProfiles", - reqAttr.getAttributes().get(5).getName()); - Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(1).getAttributeValues()); + reqAttr.getAttributes().get(6).getName()); + Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(6).getAttributeValues()); Assert.assertEquals("#Req. Attr value", 1, - reqAttr.getAttributes().get(5).getAttributeValues().size()); + reqAttr.getAttributes().get(6).getAttributeValues().size()); org.springframework.util.Assert.isInstanceOf(XSString.class, - reqAttr.getAttributes().get(5).getAttributeValues().get(0), "Wrong requested Attributes Value type"); + reqAttr.getAttributes().get(6).getAttributeValues().get(0), "Wrong requested Attributes Value type"); List reqProfiles = KeyValueUtils.getListOfCsvValues( - ((XSString)reqAttr.getAttributes().get(5).getAttributeValues().get(0)).getValue()); + ((XSString)reqAttr.getAttributes().get(6).getAttributeValues().get(0)).getValue()); reqProfiles.stream().forEach(el -> assertTrue("missing profile: " + el, mandateProfiles.contains(el))); Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderMandateType", - reqAttr.getAttributes().get(6).getName()); - Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(6).getAttributeValues()); + reqAttr.getAttributes().get(7).getName()); + Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(7).getAttributeValues()); Assert.assertEquals("#Req. Attr value", 1, - reqAttr.getAttributes().get(6).getAttributeValues().size()); + reqAttr.getAttributes().get(7).getAttributeValues().size()); org.springframework.util.Assert.isInstanceOf(XSString.class, - reqAttr.getAttributes().get(6).getAttributeValues().get(0), "Wrong requested Attributes Value type"); + reqAttr.getAttributes().get(7).getAttributeValues().get(0), "Wrong requested Attributes Value type"); Assert.assertEquals("Req. Attr. Value", SpMandateModes.LEGAL_FORCE.getMode(), - ((XSString)reqAttr.getAttributes().get(6).getAttributeValues().get(0)).getValue()); + ((XSString)reqAttr.getAttributes().get(7).getAttributeValues().get(0)).getValue()); } diff --git a/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsEidasNodeConstants.java b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsEidasNodeConstants.java index be5d7c7d..8da7ddd0 100644 --- a/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsEidasNodeConstants.java +++ b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsEidasNodeConstants.java @@ -31,7 +31,6 @@ import java.util.List; import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.impl.data.Triple; -import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder; public class MsEidasNodeConstants { // ************ configuration properties ************ @@ -189,17 +188,7 @@ public class MsEidasNodeConstants { public static final String EID_BINDING_PUBLIC_KEY_NAME = "urn:eidgvat:attributes.binding.pubkey"; - - - // ---- Attribute configuration ------ - public static final String ATTR_EIDAS_PERSONAL_IDENTIFIER = - AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER + PvpAttributeDefinitions.BPK_NAME; - public static final String ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER = - AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER + PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME; - public static final String ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER = - AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER - + PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME; - + public static final String AUTH_DATA_SZR_AUTHBLOCK = "authData_AUTHBLOCK"; public static final String AUTH_DATA_EIDAS_BIND = "authData_EIDAS_BIND"; diff --git a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java index e719735c..673b8ef5 100644 --- a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java +++ b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java @@ -24,73 +24,92 @@ package at.asitplus.eidas.specific.core.builder; import java.time.Instant; - -import org.springframework.stereotype.Service; +import java.util.Optional; +import java.util.Set; import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; +import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Triple; import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder; import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper; import lombok.extern.slf4j.Slf4j; -@Service("AuthenticationDataBuilder") @Slf4j public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder { + private static final String ERROR_B11 = "builder.11"; + @Override - protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EaafException { + protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EaafException { final EidAuthProcessDataWrapper authProcessData = - pendingReq.getSessionData(EidAuthProcessDataWrapper.class); - EidAuthenticationData authData = new EidAuthenticationData(); - - //set basis infos + pendingReq.getSessionData(EidAuthProcessDataWrapper.class); + final EidAuthenticationData authData = new EidAuthenticationData(); + + // set basis infos super.generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData); - + // set specific informations authData.setSsoSessionValidTo( Instant.now().plusSeconds(MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60)); - authData.setEidStatus(authProcessData.isTestIdentity() - ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY); - + authData.setEidStatus(authProcessData.isTestIdentity() + ? EidIdentityStatusLevelValues.TESTIDENTITY + : EidIdentityStatusLevelValues.IDENTITY); + return authData; } @Override - protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) + protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) throws EaafException { if (authData instanceof EidAuthenticationData) { - ((EidAuthenticationData)authData).setGenericData( - ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, + ((EidAuthenticationData) authData).setGenericData( + ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, pendingReq.getUniquePiiTransactionIdentifier()); log.trace("Inject piiTransactionId: {} into AuthData", pendingReq.getUniquePiiTransactionIdentifier()); - + // set specific informations - ((EidAuthenticationData)authData).setSsoSessionValidTo( + ((EidAuthenticationData) authData).setSsoSessionValidTo( Instant.now().plusSeconds(MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60)); - //set E-ID status-level + // set E-ID status-level final EidAuthProcessDataWrapper authProcessData = - pendingReq.getSessionData(EidAuthProcessDataWrapper.class); - ((EidAuthenticationData)authData).setEidStatus(authProcessData.isTestIdentity() - ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY); - + pendingReq.getSessionData(EidAuthProcessDataWrapper.class); + ((EidAuthenticationData) authData).setEidStatus(authProcessData.isTestIdentity() + ? EidIdentityStatusLevelValues.TESTIDENTITY + : EidIdentityStatusLevelValues.IDENTITY); + + // forward all requested IDA attributes into authData + forwardAllRequestedIdaAttributes(authProcessData, (EidAuthenticationData) authData, + pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class) + .getRequestedAttributes()); + + // build specific bPK attribute + buildNatPersonInfos((EidAuthenticationData) authData, authProcessData); + + // handle mandate informations + buildMandateInformation((EidAuthenticationData) authData, pendingReq, authProcessData); + } else { - throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: " + throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: " + authData.getClass().getName()); - + } - + } @Override @@ -119,4 +138,120 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } + protected String customizeLegalPersonSourcePin(String sourcePin, String sourcePinType) { + log.trace("Use legal-person sourcePin as it is"); + return sourcePin; + + } + + protected String customizeBpkAttribute(String pvpBpkAttrValue) { + log.trace("Use natural-person bPK as it is"); + return pvpBpkAttrValue; + + } + + private void forwardAllRequestedIdaAttributes(EidAuthProcessDataWrapper authProcessData, + EidAuthenticationData authData, Set requestedIdaAttributes) { + if (requestedIdaAttributes != null && !requestedIdaAttributes.isEmpty()) { + log.trace("Forwarding IDA requested attributes ... "); + authProcessData.getGenericSessionDataStream() + .filter(el -> requestedIdaAttributes.contains(el.getKey())) + .forEach(el -> { + try { + authData.setGenericData(el.getKey(), el.getValue()); + + } catch (final EaafStorageException e) { + log.error("Can not store attribute: {} into session.", el.getKey(), e); + throw new RuntimeException(e); + + } + }); + } else { + log.trace("No IDA requested attributes to forwarding. Nothing todo"); + + } + } + + private void buildMandateInformation(EidAuthenticationData authData, IRequest pendingReq, + EidAuthProcessDataWrapper authProcessData) throws EaafAuthenticationException, EaafBuilderException, + EaafStorageException { + authData.setUseMandate(authProcessData.isMandateUsed()); + if (authProcessData.isMandateUsed()) { + log.debug("Build mandate-releated authentication data ... "); + if (authProcessData.isForeigner()) { + buildMandateInformationForEidasIncoming(); + + } else { + buildMandateInformationForEidasOutgoing(authData, pendingReq, authProcessData); + + } + } + } + + private void buildMandateInformationForEidasIncoming() { + log.debug("Find eIDAS incoming process. Generated mandate-information for ID-Austria system ... "); + + // TODO: implement IDA specific processing of foreign mandate + + } + + private void buildNatPersonInfos(EidAuthenticationData authData, + EidAuthProcessDataWrapper authProcessData) throws EaafStorageException { + // clean-up BPK attribute and forward it as new property + authData.setGenericData(PvpAttributeDefinitions.BPK_NAME, + customizeBpkAttribute(authProcessData.getGenericDataFromSession( + PvpAttributeDefinitions.BPK_NAME, String.class))); + + } + + private void buildMandateInformationForEidasOutgoing(EidAuthenticationData authData, IRequest pendingReq, + EidAuthProcessDataWrapper authProcessData) throws EaafAuthenticationException, EaafBuilderException, + EaafStorageException { + log.debug("Find eIDAS outgoing process. Generated mandate-information for other country ... "); + if (authProcessData.getGenericDataFromSession( + PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME) != null) { + final Optional> missingAttribute = + MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES.stream() + .filter(el -> authProcessData.getGenericDataFromSession(el.getFirst()) == null) + .findFirst(); + if (missingAttribute.isPresent()) { + log.error("ID-Austria response contains not all attributes for nat. person mandator. Missing: {}", + missingAttribute.get().getFirst()); + throw new EaafAuthenticationException(ERROR_B11, new Object[] { "Nat. person mandate" }); + + } else { + log.trace("Find nat. person mandate. Mandate can be used as it is "); + authData.setGenericData(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, + customizeBpkAttribute(authProcessData.getGenericDataFromSession( + PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, String.class))); + + } + + } else { + final Optional> missingAttribute = + MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_JUR_PVP_ATTRIBUTES.stream() + .filter(el -> authProcessData.getGenericDataFromSession(el.getFirst()) == null) + .findFirst(); + if (missingAttribute.isPresent()) { + log.error("ID-Austria response contains not all attributes for legal. person mandator. Missing: {}", + missingAttribute.get().getFirst()); + throw new EaafAuthenticationException(ERROR_B11, new Object[] { "Legal. person mandate" }); + + } else { + log.trace( + "Find jur. person mandate. Generate eIDAS identifier from legal-person sourcePin and type ... "); + final String sourcePin = authProcessData.getGenericDataFromSession( + PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class); + final String sourcePinType = authProcessData.getGenericDataFromSession( + PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class); + + // customize attribute-value for source-pin + final String sourcePinToUse = customizeLegalPersonSourcePin(sourcePin, sourcePinType); + log.debug("Use legal-person eIDAS identifer: {} from baseId: {} and baseIdType: {}", + sourcePinToUse, sourcePin, sourcePinType); + authData.setGenericData(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, sourcePinToUse); + + } + } + } } diff --git a/modules/core_common_webapp/src/main/resources/specific_eIDAS_core.beans.xml b/modules/core_common_webapp/src/main/resources/specific_eIDAS_core.beans.xml index ee67d712..af3594a5 100644 --- a/modules/core_common_webapp/src/main/resources/specific_eIDAS_core.beans.xml +++ b/modules/core_common_webapp/src/main/resources/specific_eIDAS_core.beans.xml @@ -23,9 +23,6 @@ - - diff --git a/modules/core_common_webapp/src/test/java/at/asitplus/eidas/specific/core/test/utils/AuthenticationDataBuilderTest.java b/modules/core_common_webapp/src/test/java/at/asitplus/eidas/specific/core/test/utils/AuthenticationDataBuilderTest.java index 12936a59..8b2eebd4 100644 --- a/modules/core_common_webapp/src/test/java/at/asitplus/eidas/specific/core/test/utils/AuthenticationDataBuilderTest.java +++ b/modules/core_common_webapp/src/test/java/at/asitplus/eidas/specific/core/test/utils/AuthenticationDataBuilderTest.java @@ -1,6 +1,9 @@ package at.asitplus.eidas.specific.core.test.utils; import static at.asitplus.eidas.specific.core.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertThrows; +import static org.junit.Assert.assertTrue; import java.io.IOException; import java.security.PublicKey; @@ -30,8 +33,11 @@ import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; import org.w3c.dom.Element; +import com.google.common.collect.Sets; + import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.asitplus.eidas.specific.core.builder.AuthenticationDataBuilder; +import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; @@ -49,9 +55,9 @@ import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; -import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import lombok.SneakyThrows; import net.shibboleth.utilities.java.support.component.ComponentInitializationException; @RunWith(SpringJUnit4ClassRunner.class) @@ -71,7 +77,8 @@ public class AuthenticationDataBuilderTest { private MockHttpServletResponse httpResp; private TestRequestImpl pendingReq; - private DummySpConfiguration oaParam; + private Map spConfig; + private ServiceProviderConfiguration oaParam; private String eidasBind; private String authBlock; @@ -86,18 +93,20 @@ public class AuthenticationDataBuilderTest { } @Before + @SneakyThrows public void initialize() throws EaafStorageException { httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); httpResp = new MockHttpServletResponse(); RequestContextHolder.resetRequestAttributes(); RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); - final Map spConfig = new HashMap<>(); + spConfig = new HashMap<>(); spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); spConfig.put(PROP_CONFIG_SP_NEW_EID_MODE, "true"); - oaParam = new DummySpConfiguration(spConfig, basicConfig); - + oaParam = new ServiceProviderConfiguration(spConfig, basicConfig); + oaParam.setBpkTargetIdentifier("urn:publicid:gv.at:cdid+XX"); + pendingReq = new TestRequestImpl(); pendingReq.setAuthUrl("https://localhost/ms_connector"); pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); @@ -119,6 +128,260 @@ public class AuthenticationDataBuilderTest { } + @Test + public void eidasProxyModeWithJurMandate() throws EaafAuthenticationException, EaafStorageException { + // initialize state + injectRepresentativeInfosIntoSession(); + + String commonMandate = RandomStringUtils.randomAlphabetic(10); + + // set constant country-code and sourcePin to check hashed eIDAS identifier + String sourcePinMandate = "asfdsadfsadfsafsdafsadfasr"; + spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+EE"); + + // set nat. person mandate information + pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, commonMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, sourcePinMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, + EaafConstants.URN_PREFIX_BASEID + "+XFN"); + + oaParam.setRequestedAttributes(Sets.newHashSet( + PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, + PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, + PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME)); + + // execute test + IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); + + + // validate state + Assert.assertNotNull("AuthData null", authData); + assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate()); + + //check mandate informations + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, commonMandate); + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, sourcePinMandate); + + } + + @Test + public void eidasProxyModeWithJurMandateMissingAttribute() throws EaafAuthenticationException, EaafStorageException { + // initialize state + injectRepresentativeInfosIntoSession(); + + // set constant country-code and sourcePin to check hashed eIDAS identifier + String sourcePinMandate = "asfdsadfsadfsafsdafsadfasr"; + spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+EE"); + + // set nat. person mandate information + pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, sourcePinMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, + EaafConstants.URN_PREFIX_BASEID + "+XFN"); + + // execute test + // execute test + EaafAuthenticationException error = assertThrows(EaafAuthenticationException.class, + () -> authenticationDataBuilder.buildAuthenticationData(pendingReq)); + Assert.assertEquals("wrong errorId", "builder.11", error.getErrorId()); + + } + + @Test + public void eidasProxyModeWithNatMandate() throws EaafAuthenticationException, EaafStorageException { + // initialize state + injectRepresentativeInfosIntoSession(); + + String givenNameMandate = RandomStringUtils.randomAlphabetic(10); + String familyNameMandate = RandomStringUtils.randomAlphabetic(10); + String dateOfBirthMandate = "1957-09-15"; + String bpkMandate = RandomStringUtils.randomAlphanumeric(10); + + // set nat. person mandate information + pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, "AT+XX:" + bpkMandate); + + oaParam.setRequestedAttributes(Sets.newHashSet( + PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, + PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, + PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, + PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME)); + + // execute test + IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); + + + // validate state + Assert.assertNotNull("AuthData null", authData); + assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate()); + + //check mandate informations + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate); + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate); + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, "1957-09-15"); + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, "AT+XX:" + bpkMandate); + + } + + @Test + public void eidasProxyModeWithNatMandateWrongBpkFormat() throws EaafAuthenticationException, EaafStorageException { + // initialize state + injectRepresentativeInfosIntoSession(); + + String givenNameMandate = RandomStringUtils.randomAlphabetic(10); + String familyNameMandate = RandomStringUtils.randomAlphabetic(10); + String dateOfBirthMandate = "1957-09-15"; + String bpkMandate = RandomStringUtils.randomAlphanumeric(10); + + // set nat. person mandate information + pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate); + + oaParam.setRequestedAttributes(Sets.newHashSet( + PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, + PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, + PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, + PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME)); + + // execute test + IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); + + + // validate state + Assert.assertNotNull("AuthData null", authData); + assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate()); + + //check mandate informations + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate); + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate); + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, "1957-09-15"); + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate); + + } + + @Test + public void eidasProxyModeWithNatMandateMissingAttribute() throws EaafAuthenticationException, EaafStorageException { + // initialize state + injectRepresentativeInfosIntoSession(); + + String familyNameMandate = RandomStringUtils.randomAlphabetic(10); + String dateOfBirthMandate = "1957-09-15"; + String bpkMandate = RandomStringUtils.randomAlphanumeric(10); + + // set nat. person mandate information + pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate); + + // execute test + EaafAuthenticationException error = assertThrows(EaafAuthenticationException.class, + () -> authenticationDataBuilder.buildAuthenticationData(pendingReq)); + Assert.assertEquals("wrong errorId", "builder.11", error.getErrorId()); + + } + + + + @Test + @SneakyThrows + public void eidasProxyMode() throws EaafAuthenticationException { + // initialize state + pendingReq = new TestRequestImpl(); + pendingReq.setAuthUrl("https://localhost/ms_connector"); + pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setPiiTransactionId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setSpConfig(oaParam); + boolean isTestIdentity = RandomUtils.nextBoolean(); + + pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setForeigner(false); + + String bpk = RandomStringUtils.randomAlphanumeric(10); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + PvpAttributeDefinitions.BPK_NAME, "eidas+AT+XX:" + bpk); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max"); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann"); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01"); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, + "http://eidas.europa.eu/LoA/high"); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, + RandomStringUtils.randomAlphabetic(2)); + + String randAttr = RandomStringUtils.randomAlphabetic(10); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + randAttr, RandomStringUtils.randomAlphabetic(10)); + + oaParam.setRequestedAttributes(Sets.newHashSet(randAttr, + PvpAttributeDefinitions.BPK_NAME, + PvpAttributeDefinitions.GIVEN_NAME_NAME, + PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, + PvpAttributeDefinitions.BIRTHDATE_NAME, + PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, + PvpAttributeDefinitions.EID_ISSUING_NATION_NAME)); + + + // execute + IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); + + // validate state + Assert.assertNotNull("AuthData null", authData); + Assert.assertNull("authBlock null", authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class)); + Assert.assertNull("eidasBind null", authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class)); + Assert.assertNotNull("LoA null", authData.getEidasQaaLevel()); + + Assert.assertEquals("FamilyName", "Mustermann", authData.getFamilyName()); + Assert.assertEquals("GivenName", "Max", authData.getGivenName()); + Assert.assertEquals("DateOfBirth", "1940-01-01", authData.getDateOfBirth()); + + Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/high", authData.getEidasQaaLevel()); + Assert.assertEquals("EID-ISSUING-NATION", + pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession( + PvpAttributeDefinitions.EID_ISSUING_NATION_NAME), + authData.getCiticenCountryCode()); + + checkGenericAttribute(authData, PvpAttributeDefinitions.BPK_NAME, "eidas+AT+XX:" + bpk); + checkGenericAttribute(authData, PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max"); + checkGenericAttribute(authData, PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann"); + checkGenericAttribute(authData, PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01"); + + Assert.assertEquals("random optional attr.", + pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession( + randAttr), + authData.getGenericData(randAttr, String.class)); + + } + + + @Test public void eidMode() throws EaafAuthenticationException { // initialize state @@ -207,10 +470,48 @@ public class AuthenticationDataBuilderTest { authData.getBpk()); Assert.assertEquals("bPKType", EaafConstants.URN_PREFIX_CDID + "XX", authData.getBpkType()); Assert.assertNotNull("IDL", authData.getIdentityLink()); + + } + + private void injectRepresentativeInfosIntoSession() throws EaafStorageException { + boolean isTestIdentity = RandomUtils.nextBoolean(); + pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); + String givenName = RandomStringUtils.randomAlphabetic(10); + String familyName = RandomStringUtils.randomAlphabetic(10); + String dateOfBirth = "1956-12-08"; + String bpk = RandomStringUtils.randomAlphanumeric(10); + String cc = pendingReq.getSessionData(AuthProcessDataWrapper.class) + .getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class); + String spC = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + cc + "+" + spC); + + pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setForeigner(false); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.GIVEN_NAME_NAME, givenName); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, familyName); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.BIRTHDATE_NAME, dateOfBirth); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, bpk); + + //set LoA level attribute instead of explicit session-data + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, + pendingReq.getSessionData(AuthProcessDataWrapper.class).getQaaLevel()); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setQaaLevel(null); } + + private void checkGenericAttribute(IAuthData authData, String attrName, String expected) { + assertEquals("Wrong: " + attrName, expected, authData.getGenericData(attrName, String.class)); + + } + private IIdentityLink buildDummyIdl() { return new IIdentityLink() { diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java index 86ca49fa..f66bb799 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java @@ -15,6 +15,7 @@ import lombok.Data; @JsonInclude(JsonInclude.Include.NON_NULL) @JsonPropertyOrder({ "mds", + "autoIncludeWithMandates", "mandator" }) @Data @@ -27,6 +28,12 @@ public class Type { @JsonProperty("mds") private Boolean mds; + /** + * true if that attribute has to be included into eIDAS response in case of mandates. + */ + @JsonProperty("autoIncludeWithMandates") + private Boolean autoIncludeWithMandates; + /** * Classifie that attribute to specific mandate modes. */ diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java index 92165412..bf1c5e5f 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java @@ -1,6 +1,7 @@ package at.asitplus.eidas.specific.modules.msproxyservice.protocol; import java.io.IOException; +import java.util.Optional; import java.util.UUID; import javax.annotation.PostConstruct; @@ -15,12 +16,11 @@ import org.springframework.context.ApplicationContext; import org.springframework.core.io.ResourceLoader; import org.springframework.web.util.UriComponentsBuilder; -import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.asitplus.eidas.specific.core.gui.StaticGuiBuilderConfiguration; import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants; -import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry; import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException; +import at.asitplus.eidas.specific.modules.msproxyservice.service.ProxyEidasAttributeRegistry; import at.asitplus.eidas.specific.modules.msproxyservice.utils.EidasProxyServiceUtils; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; @@ -69,35 +69,35 @@ public class ProxyServiceAuthenticationAction implements IAction { @Autowired ISpringMvcGuiFormBuilder guiBuilder; @Autowired - EidasAttributeRegistry attrRegistry; + ProxyEidasAttributeRegistry attrRegistry; @Override public SloInformationInterface processRequest(IRequest pendingReq, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws EaafException { if (pendingReq instanceof ProxyServicePendingRequest) { - try { - ILightRequest eidasReq = ((ProxyServicePendingRequest) pendingReq).getEidasRequest(); - - //build eIDAS response - Builder lightRespBuilder = LightResponse.builder(); + try { + final ILightRequest eidasReq = ((ProxyServicePendingRequest) pendingReq).getEidasRequest(); + + // build eIDAS response + final Builder lightRespBuilder = LightResponse.builder(); lightRespBuilder.id(UUID.randomUUID().toString()); lightRespBuilder.inResponseToId(eidasReq.getId()); lightRespBuilder.relayState(eidasReq.getRelayState()); - + lightRespBuilder.status(ResponseStatus.builder() .statusCode(EidasConstants.SUCCESS_URI) .build()); - - //TODO: check if we can use transient subjectNameIds + + // TODO: check if we can use transient subjectNameIds lightRespBuilder.subject(UUID.randomUUID().toString()); lightRespBuilder.subjectNameIdFormat(NameIDType.TRANSIENT); - - //TODO: + + // TODO: lightRespBuilder.issuer(basicConfig.getBasicConfiguration( MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_NODE_ENTITYID)); - lightRespBuilder.levelOfAssurance(authData.getEidasQaaLevel()); + lightRespBuilder.levelOfAssurance(authData.getEidasQaaLevel()); lightRespBuilder.attributes(buildAttributesFromAuthData(authData, eidasReq)); - + // set SLO response object of EAAF framework final SloInformationImpl sloInformation = new SloInformationImpl(); sloInformation.setProtocolType(pendingReq.requestedModule()); @@ -121,7 +121,7 @@ public class ProxyServiceAuthenticationAction implements IAction { } } - + @Override public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { return true; @@ -133,28 +133,29 @@ public class ProxyServiceAuthenticationAction implements IAction { return PROXYSERVICE_AUTH_ACTION_NAME; } - /** * Forward eIDAS Light response to eIDAS node. - * - * @param pendingReq Current pending request. - * @param httpReq Current HTTP request - * @param httpResp Current HTTP response + * + * @param pendingReq Current pending request. + * @param httpReq Current HTTP request + * @param httpResp Current HTTP response * @param lightResponse eIDAS LightResponse * @throws EaafConfigurationException In case of a configuration error - * @throws IOException In case of a general error - * @throws GuiBuildException In case of a GUI rendering error, if http POST binding is used - * @throws ServletException In case of a general error + * @throws IOException In case of a general error + * @throws GuiBuildException In case of a GUI rendering error, if http + * POST binding is used + * @throws ServletException In case of a general error */ public void forwardToEidasProxy(IRequest pendingReq, HttpServletRequest httpReq, - HttpServletResponse httpResp, LightResponse lightResponse) throws EaafConfigurationException, IOException, + HttpServletResponse httpResp, LightResponse lightResponse) throws EaafConfigurationException, + IOException, GuiBuildException, ServletException { // put request into shared cache final BinaryLightToken token = putResponseInCommunicationCache(lightResponse); final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token); - + // select forward URL regarding the selected environment final String forwardUrl = basicConfig.getBasicConfiguration( MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_NODE_FORWARD_URL); @@ -196,148 +197,80 @@ public class ProxyServiceAuthenticationAction implements IAction { } } - - @PostConstruct + + @PostConstruct private void checkConfiguration() { - //TODO: validate configuration on start-up - + // TODO: validate configuration on start-up + } - - - private ImmutableAttributeMap buildAttributesFromAuthData(IAuthData authData, + + private ImmutableAttributeMap buildAttributesFromAuthData(IAuthData authData, ILightRequest eidasReq) { - IEidAuthData eidAuthData = (IEidAuthData) authData; + final IEidAuthData eidAuthData = (IEidAuthData) authData; + final ImmutableAttributeMap.Builder attributeMap = ImmutableAttributeMap.builder(); + + // inject all requested attributres + injectRequestedAttributes(attributeMap, eidasReq, eidAuthData); + if (eidAuthData.isUseMandate()) { log.debug("Building eIDAS Proxy-Service response with mandate ... "); - final ImmutableAttributeMap.Builder attributeMap = ImmutableAttributeMap.builder(); - injectRepesentativeInformation(attributeMap, eidAuthData); - injectMandatorInformation(attributeMap, eidAuthData); - - // work-around that injects nat. person subject to bypass validation on eIDAS Node + injectMdsRepesentativeInformation(attributeMap, eidAuthData, eidasReq.getRequestedAttributes()); + + // work-around that injects nat. person subject to bypass validation on eIDAS + // Node injectJurPersonWorkaroundIfRequired(attributeMap, eidasReq, authData); - - return attributeMap.build(); - - } else { - log.debug("Building eIDAS Proxy-Service response without mandates ... "); - return buildAttributesWithoutMandate(eidAuthData); - - } - } - - private void injectMandatorInformation( - ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData) { - String natMandatorId = eidAuthData.getGenericData( - MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, String.class); - - if (StringUtils.isNotEmpty(natMandatorId)) { - log.debug("Injecting natural mandator informations ... "); - final AttributeDefinition attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); - final AttributeDefinition attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first(); - final AttributeDefinition attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first(); - final AttributeDefinition attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first(); - - attributeMap.put(attrDefPersonalId, natMandatorId); - attributeMap.put(attrDefFamilyName, eidAuthData.getGenericData( - PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class)); - attributeMap.put(attrDefGivenName, eidAuthData.getGenericData( - PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class)); - attributeMap.put(attrDefDateOfBirth, eidAuthData.getGenericData( - PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, String.class)); - - } else { - log.debug("Injecting legal mandator informations ... "); - final AttributeDefinition commonName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - EidasConstants.eIDAS_ATTR_LEGALNAME).first(); - final AttributeDefinition legalPersonId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first(); - - attributeMap.put(commonName, eidAuthData.getGenericData( - PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, String.class)); - attributeMap.put(legalPersonId, eidAuthData.getGenericData( - MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, String.class)); - - } - } - private void injectRepesentativeInformation( - ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData) { - final AttributeDefinition attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER).first(); - final AttributeDefinition attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME).first(); - final AttributeDefinition attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME).first(); - final AttributeDefinition attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - EidasConstants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH).first(); - - attributeMap.put(attrDefPersonalId, - eidAuthData.getGenericData(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class)); - attributeMap.put(attrDefFamilyName, eidAuthData.getFamilyName()); - attributeMap.put(attrDefGivenName, eidAuthData.getGivenName()); - - //TODO: throw an error in case of SZR Date with month or day = "00" - attributeMap.put(attrDefDateOfBirth, eidAuthData.getDateOfBirth()); - + } + + return attributeMap.build(); + } - /** - * Work-around to inject representative information as nat. person subject to bypass eIDAS Node validation. - * - *

Injection will only be done if this work-around is enabled by configuration, - * the mandator is a legal person, and both legal and natural person subject's is requested.

- * - * @param attributeMap Attribute set for eIDAS response - * @param eidasReq Incoming eIDAS request - * @param authData Authentication data - */ - private void injectJurPersonWorkaroundIfRequired( - ImmutableAttributeMap.Builder attributeMap, ILightRequest eidasReq, IAuthData authData) { - if (isLegalPersonWorkaroundActive() && isLegalPersonMandateAvailable(authData) - && EidasProxyServiceUtils.isNaturalPersonRequested(eidasReq) - && EidasProxyServiceUtils.isLegalPersonRequested(eidasReq)) { - log.debug("Injecting representative information as nat. person subject to bypass eIDAS Node validation"); - attributeMap.putAll(buildAttributesWithoutMandate(authData)); - - } + private void injectRequestedAttributes(ImmutableAttributeMap.Builder attributeMap, ILightRequest eidasReq, + IEidAuthData eidAuthData) { + eidasReq.getRequestedAttributes().getAttributeMap().keySet().stream() + .forEach(el -> injectEidasAttribute(attributeMap, eidAuthData, + el.getNameUri().toString(), eidAuthData.isUseMandate())); + } - - private ImmutableAttributeMap buildAttributesWithoutMandate(IAuthData eidAuthData) { - //TODO: throw an error in case of SZR Date with month or day = "00" - return buildAttributesWithoutMandate( - eidAuthData.getGenericData(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class), - eidAuthData.getFamilyName(), - eidAuthData.getGivenName(), - eidAuthData.getDateOfBirth()); - + + private void injectMdsRepesentativeInformation( + ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData, + ImmutableAttributeMap requestedAttributes) { + attrRegistry.getRepresentativeAttributesToAddByDefault() + .filter(el -> requestedAttributes.getAttributeValuesByNameUri(el) == null) + .forEach(el -> injectEidasAttribute(attributeMap, eidAuthData, el, true)); + } - private ImmutableAttributeMap buildAttributesWithoutMandate(String personalIdentifier, String familyName, - String givenName, String dateOfBirth) { - final AttributeDefinition attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); - final AttributeDefinition attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first(); - final AttributeDefinition attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first(); - final AttributeDefinition attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first(); - - final ImmutableAttributeMap.Builder attributeMap = - ImmutableAttributeMap.builder() - .put(attrDefPersonalId, personalIdentifier) - .put(attrDefFamilyName, familyName) - .put(attrDefGivenName, givenName) - .put(attrDefDateOfBirth, dateOfBirth); - - return attributeMap.build(); - + private void injectEidasAttribute(ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData, + String eidasAttrName, boolean mandatesUsed) { + final Optional releatedIdaAttribute = + attrRegistry.mapEidasAttributeToSpecificIdaAttribute(eidasAttrName, mandatesUsed); + if (releatedIdaAttribute.isPresent()) { + log.trace("Mapping IDA attribute: {} to eIDAS attribute: {}", releatedIdaAttribute.get(), + eidasAttrName); + final String idaAttrValue = eidAuthData.getGenericData(releatedIdaAttribute.get(), String.class); + if (StringUtils.isNotEmpty(idaAttrValue)) { + log.debug("Build eIDAS attribute: {} from IDA attribute: {}", eidasAttrName, releatedIdaAttribute + .get()); + attributeMap.put( + attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByName(eidasAttrName), + idaAttrValue); + + } else { + log.info("No IDA attribute: {}, eIDAS attribute: {} will be ignored", releatedIdaAttribute.get(), + eidasAttrName); + + } + + } else { + log.warn("Can not build eIDAS attribute: {}, because there is not corresponding IDA attribute defined", + eidasAttrName); + + } } - + private BinaryLightToken putResponseInCommunicationCache(ILightResponse lightResponse) throws ServletException { final BinaryLightToken binaryLightToken; @@ -358,17 +291,61 @@ public class ProxyServiceAuthenticationAction implements IAction { return binaryLightToken; } + /** + * Work-around to inject representative information as nat. person subject to + * bypass eIDAS Node validation. + * + *

+ * Injection will only be done if this work-around is enabled by + * configuration, the mandator is a legal person, and both legal and natural + * person subject's is requested. + *

+ * + * @param attributeMap Attribute set for eIDAS response + * @param eidasReq Incoming eIDAS request + * @param authData Authentication data + */ + private void injectJurPersonWorkaroundIfRequired( + ImmutableAttributeMap.Builder attributeMap, ILightRequest eidasReq, IAuthData authData) { + if (isLegalPersonWorkaroundActive() && isLegalPersonMandateAvailable(authData) + && EidasProxyServiceUtils.isNaturalPersonRequested(eidasReq) + && EidasProxyServiceUtils.isLegalPersonRequested(eidasReq)) { + log.debug( + "Injecting representative information as nat. person subject to bypass eIDAS Node validation"); + + final AttributeDefinition attrDefPersonalId = + attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName( + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); + final AttributeDefinition attrDefFamilyName = + attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName( + EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first(); + final AttributeDefinition attrDefGivenName = + attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName( + EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first(); + final AttributeDefinition attrDefDateOfBirth = + attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName( + EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first(); + + attributeMap.put(attrDefPersonalId, authData.getGenericData(PvpAttributeDefinitions.BPK_NAME, + String.class)); + attributeMap.put(attrDefFamilyName, authData.getFamilyName()); + attributeMap.put(attrDefGivenName, authData.getGivenName()); + attributeMap.put(attrDefDateOfBirth, authData.getDateOfBirth()); + + } + } + private boolean isLegalPersonWorkaroundActive() { return basicConfig.getBasicConfigurationBoolean( - MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_WORKAROUND_MANDATES_LEGAL_PERSON, + MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_WORKAROUND_MANDATES_LEGAL_PERSON, false); - + } - + private boolean isLegalPersonMandateAvailable(IAuthData authData) { return StringUtils.isNoneEmpty(authData.getGenericData( - MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, String.class)); - + PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class)); + } } diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java index b9e0c488..a6a50100 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java @@ -7,6 +7,7 @@ import java.util.Collection; import java.util.Collections; import java.util.List; import java.util.Objects; +import java.util.Optional; import java.util.Set; import java.util.stream.Collectors; import java.util.stream.Stream; @@ -76,6 +77,19 @@ public class ProxyEidasAttributeRegistry { } + /** + * Get all eIDAS attributes that are added by default in case of mandates. + * + * @return {@link Stream} of eIDAS attributes + */ + @NonNull + public Stream getRepresentativeAttributesToAddByDefault() { + return attributeConfiguration.stream() + .filter(el -> el.getType() != null && el.getType().getAutoIncludeWithMandates()) + .map(el -> el.getEidasAttributeName()); + + } + /** * Get IDA attributes for a specific eIDAS attribute. * @@ -95,8 +109,24 @@ public class ProxyEidasAttributeRegistry { .collect(Collectors.toSet()); } - - + + /** + * Get eIDAS related IDA attribute. + * + * @param eidasAttributeName Name of the eIDAS attribute. + * @param withMandates true if mandates are supported, otherwise false + * @return Name of the related IDA attribute if available + */ + public Optional mapEidasAttributeToSpecificIdaAttribute( + String eidasAttributeName, boolean withMandates) { + return attributeConfiguration.stream() + .filter(el -> el.getEidasAttributeName().equals(eidasAttributeName)) + .findFirst() + .map(el -> withMandates ? el.getIdaAttribute().getWithMandates() : el.getIdaAttribute().getBasic()) + .filter(el -> StringUtils.isNotEmpty(el)); + + } + @PostConstruct private void initialize() throws EaafConfigurationException { final String attrConfPath = basicConfig.getBasicConfiguration( diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java index c41d6c99..d44ffc2d 100644 --- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java +++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java @@ -12,7 +12,6 @@ import java.net.URISyntaxException; import java.net.URLDecoder; import java.time.Instant; import java.util.Arrays; -import java.util.Collections; import java.util.HashMap; import java.util.Map; import java.util.UUID; @@ -35,7 +34,6 @@ import org.springframework.web.context.request.ServletRequestAttributes; import com.google.common.collect.ImmutableSortedSet; -import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummySpConfiguration; import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants; @@ -132,7 +130,7 @@ public class ProxyServiceAuthenticationActionTest { @Test public void missingForwardUrl() { Map attr = new HashMap<>(); - attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, + attr.put(PvpAttributeDefinitions.BPK_NAME, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false); @@ -147,8 +145,7 @@ public class ProxyServiceAuthenticationActionTest { @Test public void responseWithoutMandate() throws EaafException, SpecificCommunicationException { Map attr = new HashMap<>(); - attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, - "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); + attr.put(PvpAttributeDefinitions.BPK_NAME, RandomStringUtils.randomAlphanumeric(10)); IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false); @@ -161,7 +158,7 @@ public class ProxyServiceAuthenticationActionTest { ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); assertEquals("wrong attr. size", 4, respAttr.size()); checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, - (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER)); + (String) attr.get(PvpAttributeDefinitions.BPK_NAME)); checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName()); checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName()); checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH, @@ -170,12 +167,89 @@ public class ProxyServiceAuthenticationActionTest { } @Test - public void responseWithNatMandate() throws EaafException, SpecificCommunicationException { + public void responseWithoutMandateAndOptionalAttributesExist() throws EaafException, SpecificCommunicationException { + LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); + eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByName("http://eidas.europa.eu/attributes/naturalperson/BirthName")) + .build()); + pendingReq.setEidasRequest(eidasRequestBuilder.build()); + + Map attr = new HashMap<>(); - attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, - "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); + attr.put(PvpAttributeDefinitions.BPK_NAME, + "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); + attr.put("ida_birthname", RandomStringUtils.randomAlphanumeric(10)); + + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false); + + //perform test + SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); + + //validate state + Assert.assertNotNull("Result should be not null", result); + + ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); + assertEquals("wrong attr. size", 5, respAttr.size()); + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, + (String) attr.get(PvpAttributeDefinitions.BPK_NAME)); + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName()); + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName()); + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH, + authData.getDateOfBirth()); + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_BIRTHNAME, + (String) attr.get("ida_birthname")); + + } + + @Test + public void responseWithoutMandateAndOptionalAttributesNotExist() throws EaafException, SpecificCommunicationException { + LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); + eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByName("http://eidas.europa.eu/attributes/naturalperson/BirthName")) + .build()); + pendingReq.setEidasRequest(eidasRequestBuilder.build()); + + + Map attr = new HashMap<>(); + attr.put(PvpAttributeDefinitions.BPK_NAME, + "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); + + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false); + + //perform test + SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); + + //validate state + Assert.assertNotNull("Result should be not null", result); - attr.put(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, + ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); + assertEquals("wrong attr. size", 4, respAttr.size()); + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, + (String) attr.get(PvpAttributeDefinitions.BPK_NAME)); + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName()); + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName()); + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH, + authData.getDateOfBirth()); + + } + + + @Test + public void responseWithNatMandate() throws EaafException, SpecificCommunicationException { + Map attr = new HashMap<>(); + attr.put(PvpAttributeDefinitions.BPK_NAME, + "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); + attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, RandomStringUtils.randomAlphabetic(10)); @@ -197,13 +271,13 @@ public class ProxyServiceAuthenticationActionTest { ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); assertEquals("wrong attr. size", 8, respAttr.size()); checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, - (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER)); + (String) attr.get(PvpAttributeDefinitions.BPK_NAME)); checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName()); checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName()); checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getDateOfBirth()); checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, - (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER)); + (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME)); checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME)); checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, @@ -213,19 +287,86 @@ public class ProxyServiceAuthenticationActionTest { } + @Test + public void responseWithNatMandateOptionalAttribute() throws EaafException, SpecificCommunicationException { + LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); + eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByName("http://eidas.europa.eu/attributes/naturalperson/BirthName")) + .build()); + pendingReq.setEidasRequest(eidasRequestBuilder.build()); + + Map attr = new HashMap<>(); + attr.put(PvpAttributeDefinitions.BPK_NAME, + "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); + attr.put("ida_birthName_mandator", RandomStringUtils.randomAlphanumeric(10)); + attr.put("ida_birthName", RandomStringUtils.randomAlphanumeric(10)); + + attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, + "1985-11-15"); + + + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + + //perform test + SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); + + //validate state + Assert.assertNotNull("Result should be not null", result); + + ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); + assertEquals("wrong attr. size", 9, respAttr.size()); + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, + (String) attr.get(PvpAttributeDefinitions.BPK_NAME)); + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName()); + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName()); + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getDateOfBirth()); + + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, + (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME)); + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, + (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME)); + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, + (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME)); + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH, + (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME)); + + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_BIRTHNAME, + (String) attr.get("ida_birthName_mandator")); + + } + @Test public void responseWithJurMandate() throws EaafException, SpecificCommunicationException { Map attr = new HashMap<>(); - attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, + attr.put(PvpAttributeDefinitions.BPK_NAME, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); - attr.put(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, + attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, RandomStringUtils.randomAlphabetic(10)); + LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); + eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first()) + .build()); + pendingReq.setEidasRequest(eidasRequestBuilder.build()); + + //perform test SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); @@ -235,13 +376,13 @@ public class ProxyServiceAuthenticationActionTest { ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); assertEquals("wrong attr. size", 6, respAttr.size()); checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, - (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER)); + (String) attr.get(PvpAttributeDefinitions.BPK_NAME)); checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName()); checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName()); checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getDateOfBirth()); checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER, - (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER)); + (String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME)); checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_LEGALNAME, (String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME)); @@ -260,19 +401,12 @@ public class ProxyServiceAuthenticationActionTest { public void responseWithNatMandateWithWorkAround() throws EaafException, SpecificCommunicationException { basicConfig.putConfigValue("auth.eIDAS.proxy.workaround.mandates.legalperson", "true"); - - //request natural person subject only - LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); - eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder().put( - attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build()); - pendingReq.setEidasRequest(eidasRequestBuilder.build()); - - + Map attr = new HashMap<>(); - attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, + attr.put(PvpAttributeDefinitions.BPK_NAME, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); - attr.put(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, + attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, RandomStringUtils.randomAlphabetic(10)); @@ -306,16 +440,17 @@ public class ProxyServiceAuthenticationActionTest { eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first()) .build()); pendingReq.setEidasRequest(eidasRequestBuilder.build()); Map attr = new HashMap<>(); - attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, + attr.put(PvpAttributeDefinitions.BPK_NAME, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); - attr.put(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, + attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, RandomStringUtils.randomAlphabetic(10)); @@ -329,7 +464,7 @@ public class ProxyServiceAuthenticationActionTest { ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); assertEquals("wrong attr. size", 10, respAttr.size()); checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, - (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER)); + (String) attr.get(PvpAttributeDefinitions.BPK_NAME)); checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName()); checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName()); checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH, authData.getDateOfBirth()); @@ -344,18 +479,18 @@ public class ProxyServiceAuthenticationActionTest { //request natural person subject only LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() - .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first()) .build()); pendingReq.setEidasRequest(eidasRequestBuilder.build()); Map attr = new HashMap<>(); - attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, + attr.put(PvpAttributeDefinitions.BPK_NAME, "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); - attr.put(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, + attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, RandomStringUtils.randomAlphabetic(10)); attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, RandomStringUtils.randomAlphabetic(10)); @@ -390,7 +525,7 @@ public class ProxyServiceAuthenticationActionTest { } private IAuthData generateDummyAuthData() { - return generateDummyAuthData(Collections.emptyMap(), EaafConstants.EIDAS_LOA_LOW, + return generateDummyAuthData(new HashMap<>(), EaafConstants.EIDAS_LOA_LOW, RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1940-01-01", false); } @@ -445,12 +580,22 @@ public class ProxyServiceAuthenticationActionTest { .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .spType("public") .requesterId(RandomStringUtils.randomAlphanumeric(10)) - .providerName(RandomStringUtils.randomAlphanumeric(10)); - + .providerName(RandomStringUtils.randomAlphanumeric(10)) + .requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first()) + .build() + ); } private IAuthData generateDummyAuthData(Map attrs, String loa, String familyName, String givenName, String dateOfBirth, boolean useMandates) { + attrs.put(PvpAttributeDefinitions.BIRTHDATE_NAME, dateOfBirth); + attrs.put(PvpAttributeDefinitions.GIVEN_NAME_NAME, givenName); + attrs.put(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, familyName); + return new IEidAuthData() { @Override diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java index d3e787bb..8d417c1a 100644 --- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java +++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java @@ -1,11 +1,13 @@ package at.asitplus.eidas.specific.modules.msproxyservice.test.services; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; import java.util.Arrays; import java.util.Collections; import java.util.List; +import java.util.Optional; import java.util.Set; import org.apache.commons.lang3.RandomStringUtils; @@ -92,6 +94,39 @@ public class ProxyEidasAttributeRegistryTest { } + @Test + public void attributeResponseMapping() { + assertFalse("find wrong IDA mapping", attrRegistry.mapEidasAttributeToSpecificIdaAttribute( + "http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth", false).isPresent()); + assertFalse("find wrong IDA mapping", attrRegistry.mapEidasAttributeToSpecificIdaAttribute( + "http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth", true).isPresent()); + + + Optional attr1 = attrRegistry.mapEidasAttributeToSpecificIdaAttribute( + "http://eidas.europa.eu/attributes/naturalperson/BirthName", false); + assertTrue("find wrong IDA mapping", attr1.isPresent()); + assertEquals("find wrong IDA mapping value", "ida_birthname", attr1.get()); + + Optional attr2 = attrRegistry.mapEidasAttributeToSpecificIdaAttribute( + "http://eidas.europa.eu/attributes/naturalperson/BirthName", true); + assertTrue("find wrong IDA mapping", attr2.isPresent()); + assertEquals("find wrong IDA mapping value", "ida_birthName_mandator", attr2.get()); + + + assertTrue("find wrong IDA mapping", attrRegistry.mapEidasAttributeToSpecificIdaAttribute( + "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", false).isPresent()); + assertTrue("find wrong IDA mapping", attrRegistry.mapEidasAttributeToSpecificIdaAttribute( + "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", true).isPresent()); + + } + + @Test + public void defaultRepresentativeAttributes() { + assertEquals("wrong number of rep. attributes", 4, + attrRegistry.getRepresentativeAttributesToAddByDefault().count()); + + } + private void checkAttributeMapping(String eidasAttr, boolean withMandates, List idaAttributes) { @NonNull Set idaAttrResult = attrRegistry.getIdaAttributesForEidasAttribute(eidasAttr, withMandates); diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json index 2d375acb..7e41d8f6 100644 --- a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json +++ b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json @@ -6,7 +6,8 @@ "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.98" }, "type": { - "mds": true + "mds": true, + "autoIncludeWithMandates": false } }, { @@ -16,7 +17,8 @@ "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.78" }, "type": { - "mds": true + "mds": true, + "autoIncludeWithMandates": false } }, { @@ -26,7 +28,8 @@ "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.80" }, "type": { - "mds": true + "mds": true, + "autoIncludeWithMandates": false } }, { @@ -36,21 +39,27 @@ "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.82" }, "type": { - "mds": true + "mds": true, + "autoIncludeWithMandates": false } }, { "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth", "idaAttribute": {}, "type": { - "mds": false + "mds": false, + "autoIncludeWithMandates": false } }, { "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/BirthName", - "idaAttribute": {}, + "idaAttribute": { + "basic": "ida_birthname", + "withMandates": "ida_birthName_mandator" + }, "type": { - "mds": false + "mds": false, + "autoIncludeWithMandates": false } }, { @@ -65,7 +74,8 @@ "urn:oid:1.2.40.0.10.2.1.1.55" ], "type": { - "mds": true + "mds": true, + "autoIncludeWithMandates": false } }, { @@ -74,7 +84,8 @@ "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.84" }, "type": { - "mds": true + "mds": true, + "autoIncludeWithMandates": false } }, { @@ -83,7 +94,8 @@ "withMandates": "urn:oid:1.2.40.0.10.2.1.1.149" }, "type": { - "mds": true + "mds": true, + "autoIncludeWithMandates": true } }, { @@ -92,7 +104,8 @@ "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.20" }, "type": { - "mds": true + "mds": true, + "autoIncludeWithMandates": true } }, { @@ -101,7 +114,8 @@ "withMandates": "urn:oid:2.5.4.42" }, "type": { - "mds": true + "mds": true, + "autoIncludeWithMandates": true } }, { @@ -110,7 +124,8 @@ "withMandates": "urn:oid:1.2.40.0.10.2.1.1.55" }, "type": { - "mds": true + "mds": true, + "autoIncludeWithMandates": true } }, { @@ -120,7 +135,8 @@ "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.32" }, "type": { - "mds": false + "mds": false, + "autoIncludeWithMandates": false } }, { @@ -130,7 +146,8 @@ "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.108" }, "type": { - "mds": false + "mds": false, + "autoIncludeWithMandates": false } }, { @@ -139,7 +156,8 @@ "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.68" }, "type": { - "mds": false + "mds": false, + "autoIncludeWithMandates": false } }, { @@ -148,7 +166,8 @@ "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.106" }, "type": { - "mds": false + "mds": false, + "autoIncludeWithMandates": false } }, { @@ -157,7 +176,8 @@ "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.106" }, "type": { - "mds": false + "mds": false, + "autoIncludeWithMandates": false } } ] \ No newline at end of file diff --git a/ms_specific_connector/src/main/resources/specific_eIDAS_connector.beans.xml b/ms_specific_connector/src/main/resources/specific_eIDAS_connector.beans.xml index 9861a7c6..0757327a 100644 --- a/ms_specific_connector/src/main/resources/specific_eIDAS_connector.beans.xml +++ b/ms_specific_connector/src/main/resources/specific_eIDAS_connector.beans.xml @@ -14,6 +14,9 @@ + + diff --git a/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/builder/ProxyAuthenticationDataBuilder.java b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/builder/ProxyAuthenticationDataBuilder.java new file mode 100644 index 00000000..bc7f88d4 --- /dev/null +++ b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/builder/ProxyAuthenticationDataBuilder.java @@ -0,0 +1,38 @@ +package at.asitplus.eidas.specific.proxy.builder; + +import at.asitplus.eidas.specific.core.builder.AuthenticationDataBuilder; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import lombok.extern.slf4j.Slf4j; + +/** + * eIDAS Proxy-Service specific authentication-data builder. + * + * @author tlenz + * + */ +@Slf4j +public class ProxyAuthenticationDataBuilder extends AuthenticationDataBuilder { + + private static final String PLUS = "+"; + + @Override + protected String customizeLegalPersonSourcePin(String sourcePin, String sourcePinType) { + String sectorType = sourcePinType.substring((EaafConstants.URN_PREFIX_BASEID + PLUS).length()); + return sectorType + PLUS + sourcePin; + + } + + @Override + protected String customizeBpkAttribute(String pvpBpkAttrValue) { + final String[] split = pvpBpkAttrValue.split(":", 2); + if (split.length == 2) { + log.debug("Remove prefix from bPK attribute to transform it into eIDAS-Node format"); + return split[1]; + + } else { + log.warn("PVP bPK attribute: {} has wrong format. Use it as it is.", pvpBpkAttrValue); + return pvpBpkAttrValue; + + } + } +} diff --git a/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml b/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml index 5633cb0e..cc4c904e 100644 --- a/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml +++ b/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml @@ -13,6 +13,9 @@ + + diff --git a/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/builder/ProxyAuthenticationDataBuilderTest.java b/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/builder/ProxyAuthenticationDataBuilderTest.java new file mode 100644 index 00000000..ee2c8d8c --- /dev/null +++ b/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/builder/ProxyAuthenticationDataBuilderTest.java @@ -0,0 +1,395 @@ +package at.asitplus.eidas.specific.proxy.test.builder; + +import static at.asitplus.eidas.specific.core.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + +import java.lang.reflect.Field; +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.apache.commons.lang3.RandomUtils; +import org.apache.ignite.Ignition; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.config.InitializationException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.context.i18n.LocaleContextHolder; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ActiveProfiles; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.TestPropertySource; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import com.google.common.collect.Sets; + +import at.asitplus.eidas.specific.core.MsEidasNodeConstants; +import at.asitplus.eidas.specific.core.builder.AuthenticationDataBuilder; +import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; +import at.gv.egiz.components.spring.api.SpringBootApplicationContextInitializer; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication; +import lombok.SneakyThrows; +import net.shibboleth.utilities.java.support.component.ComponentInitializationException; + +@RunWith(SpringJUnit4ClassRunner.class) +@SpringBootTest +@ContextConfiguration(initializers = { + org.springframework.boot.context.config.DelegatingApplicationContextInitializer.class, + SpringBootApplicationContextInitializer.class + }) +@TestPropertySource(locations = { "file:src/test/resources/config/junit_config_1_springboot.properties" }) +@DirtiesContext(classMode = ClassMode.AFTER_CLASS) +@ActiveProfiles(profiles = {"JUNIT", "jUnitTestMode"}) +public class ProxyAuthenticationDataBuilderTest { + + + @Autowired + private AuthenticationDataBuilder authenticationDataBuilder; + + @Autowired(required = true) + private IConfiguration basicConfig; + + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + private TestRequestImpl pendingReq; + + private Map spConfig; + private ServiceProviderConfiguration oaParam; + + private String eidasBind; + private String authBlock; + + @BeforeClass + public static void classInitializer() throws InitializationException, ComponentInitializationException { + final String current = new java.io.File(".").toURI().toString(); + System.setProperty("eidas.ms.configuration", current + + "src/test/resources/config/junit_config_3.properties"); + + //eIDAS Ref. Impl. properties + System.setProperty("EIDAS_CONFIG_REPOSITORY", current.substring("file:".length()) + + "../basicConfig/eIDAS/"); + System.setProperty("SPECIFIC_CONNECTOR_CONFIG_REPOSITORY", current.substring("file:".length()) + + "../basicConfig/eIDAS/"); + System.setProperty("SPECIFIC_PROXY_SERVICE_CONFIG_REPOSITORY", current.substring("file:".length()) + + "../basicConfig/eIDAS/"); + + EaafOpenSaml3xInitializer.eaafInitialize(); + } + + /** + * Test shut-down. + * + * @throws Exception In case of an error + */ + @AfterClass + @SneakyThrows + public static void closeIgniteNode() { + System.out.println("Closiong Ignite Node ... "); + Ignition.stopAll(true); + + //set Ignite-node holder to 'null' because static holders are shared between different tests + final Field field = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance"); + field.setAccessible(true); + field.set(null, null); + + } + + @Before + @SneakyThrows + public void initialize() throws EaafStorageException { + httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + spConfig = new HashMap<>(); + spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); + spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); + spConfig.put(PROP_CONFIG_SP_NEW_EID_MODE, "true"); + oaParam = new ServiceProviderConfiguration(spConfig, basicConfig); + oaParam.setBpkTargetIdentifier("urn:publicid:gv.at:cdid+XX"); + + pendingReq = new TestRequestImpl(); + pendingReq.setAuthUrl("https://localhost/ms_connector"); + pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setPiiTransactionId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setSpConfig(oaParam); + authBlock = RandomStringUtils.randomAlphanumeric(20); + eidasBind = RandomStringUtils.randomAlphanumeric(20); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, authBlock); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, eidasBind); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setQaaLevel(EaafConstants.EIDAS_LOA_PREFIX + RandomStringUtils.randomAlphabetic(5)); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, + RandomStringUtils.randomAlphabetic(2)); + + LocaleContextHolder.resetLocaleContext(); + + } + + @Test + @SneakyThrows + public void eidasProxyModeSimple() throws EaafAuthenticationException { + // initialize state + pendingReq = new TestRequestImpl(); + pendingReq.setAuthUrl("https://localhost/ms_connector"); + pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setPiiTransactionId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setSpConfig(oaParam); + boolean isTestIdentity = RandomUtils.nextBoolean(); + + pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setForeigner(false); + + String bpk = RandomStringUtils.randomAlphanumeric(10); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + PvpAttributeDefinitions.BPK_NAME, "eidas+AT+XX:" + bpk); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max"); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann"); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01"); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, + "http://eidas.europa.eu/LoA/high"); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, + RandomStringUtils.randomAlphabetic(2)); + + String randAttr = RandomStringUtils.randomAlphabetic(10); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + randAttr, RandomStringUtils.randomAlphabetic(10)); + + oaParam.setRequestedAttributes(Sets.newHashSet(randAttr, + PvpAttributeDefinitions.BPK_NAME, + PvpAttributeDefinitions.GIVEN_NAME_NAME, + PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, + PvpAttributeDefinitions.BIRTHDATE_NAME, + PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, + PvpAttributeDefinitions.EID_ISSUING_NATION_NAME)); + + + // execute + IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); + + // validate state + Assert.assertNotNull("AuthData null", authData); + Assert.assertNull("authBlock null", authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class)); + Assert.assertNull("eidasBind null", authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class)); + Assert.assertNotNull("LoA null", authData.getEidasQaaLevel()); + + Assert.assertEquals("FamilyName", "Mustermann", authData.getFamilyName()); + Assert.assertEquals("GivenName", "Max", authData.getGivenName()); + Assert.assertEquals("DateOfBirth", "1940-01-01", authData.getDateOfBirth()); + + Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/high", authData.getEidasQaaLevel()); + Assert.assertEquals("EID-ISSUING-NATION", + pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession( + PvpAttributeDefinitions.EID_ISSUING_NATION_NAME), + authData.getCiticenCountryCode()); + + checkGenericAttribute(authData, PvpAttributeDefinitions.BPK_NAME, bpk); + checkGenericAttribute(authData, PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max"); + checkGenericAttribute(authData, PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann"); + checkGenericAttribute(authData, PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01"); + + Assert.assertEquals("random optional attr.", + pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession( + randAttr), + authData.getGenericData(randAttr, String.class)); + + } + + + @Test + public void eidasProxyModeWithNatMandate() throws EaafAuthenticationException, EaafStorageException { + // initialize state + injectRepresentativeInfosIntoSession(); + + String givenNameMandate = RandomStringUtils.randomAlphabetic(10); + String familyNameMandate = RandomStringUtils.randomAlphabetic(10); + String dateOfBirthMandate = "1957-09-15"; + String bpkMandate = RandomStringUtils.randomAlphanumeric(10); + + // set nat. person mandate information + pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, "AT+XX:" + bpkMandate); + + oaParam.setRequestedAttributes(Sets.newHashSet( + PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, + PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, + PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, + PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME)); + + // execute test + IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); + + + // validate state + Assert.assertNotNull("AuthData null", authData); + assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate()); + + //check mandate informations + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate); + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate); + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, "1957-09-15"); + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate); + + } + + @Test + public void eidasProxyModeWithNatMandateWrongBpkFormat() throws EaafAuthenticationException, EaafStorageException { + // initialize state + injectRepresentativeInfosIntoSession(); + + String givenNameMandate = RandomStringUtils.randomAlphabetic(10); + String familyNameMandate = RandomStringUtils.randomAlphabetic(10); + String dateOfBirthMandate = "1957-09-15"; + String bpkMandate = RandomStringUtils.randomAlphanumeric(10); + + // set nat. person mandate information + pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate); + + oaParam.setRequestedAttributes(Sets.newHashSet( + PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, + PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, + PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, + PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME)); + + // execute test + IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); + + + // validate state + Assert.assertNotNull("AuthData null", authData); + assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate()); + + //check mandate informations + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate); + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate); + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, "1957-09-15"); + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate); + + } + + @Test + public void eidasProxyModeWithJurMandate() throws EaafAuthenticationException, EaafStorageException { + // initialize state + injectRepresentativeInfosIntoSession(); + + String commonMandate = RandomStringUtils.randomAlphabetic(10); + + // set constant country-code and sourcePin to check hashed eIDAS identifier + String sourcePinMandate = "asfdsadfsadfsafsdafsadfasr"; + spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+EE"); + + // set nat. person mandate information + pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, commonMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, sourcePinMandate); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, + EaafConstants.URN_PREFIX_BASEID + "+XFN"); + + oaParam.setRequestedAttributes(Sets.newHashSet( + PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, + PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, + PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME)); + + // execute test + IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); + + + // validate state + Assert.assertNotNull("AuthData null", authData); + assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate()); + + //check mandate informations + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, commonMandate); + checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, "XFN+" + sourcePinMandate); + + } + + private void injectRepresentativeInfosIntoSession() throws EaafStorageException { + boolean isTestIdentity = RandomUtils.nextBoolean(); + pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); + + String givenName = RandomStringUtils.randomAlphabetic(10); + String familyName = RandomStringUtils.randomAlphabetic(10); + String dateOfBirth = "1956-12-08"; + String bpk = RandomStringUtils.randomAlphanumeric(10); + String cc = pendingReq.getSessionData(AuthProcessDataWrapper.class) + .getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class); + String spC = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + cc + "+" + spC); + + pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setForeigner(false); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.GIVEN_NAME_NAME, givenName); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, familyName); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.BIRTHDATE_NAME, dateOfBirth); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, bpk); + + //set LoA level attribute instead of explicit session-data + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, + pendingReq.getSessionData(AuthProcessDataWrapper.class).getQaaLevel()); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setQaaLevel(null); + + } + + private void checkGenericAttribute(IAuthData authData, String attrName, String expected) { + assertEquals("Wrong: " + attrName, expected, authData.getGenericData(attrName, String.class)); + + } + +} diff --git a/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties b/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties index 8cd77046..47d50191 100644 --- a/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties +++ b/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties @@ -69,7 +69,7 @@ eidas.ms.configuration.pvp.enable.entitycategories=false ############################################################################# ## MS-speccific eIDAS-Proxy-Service configuration - +eidas.ms.auth.eIDAS.proxy.attribute.mapping.config=./../../../../../basicConfig/ms-proxyservice/misc/idaAttributeMapping.json #### eIDAS ms-specific Proxy-Service configuration eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy diff --git a/pom.xml b/pom.xml index 309fab68..e469f680 100644 --- a/pom.xml +++ b/pom.xml @@ -22,7 +22,7 @@ 0.3 0.4 - 1.3.2 + 1.3.3-SNAPSHOT 2.5.13 2.5.6 -- cgit v1.2.3 From ca50cb8dda0a24b5a4589db126bfab8d0d885b00 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Tue, 16 Aug 2022 10:56:54 +0200 Subject: feat(proxy): add support for custom eIDAS attribute-handler into ProxyEidasAttributeRegistry This allow more sopisticated attribute-processing than simple mapping to IDA attributes --- .../ms-proxyservice/misc/idaAttributeMapping.json | 16 +++++++++++++++ .../dto/attributes/AttrMappingElement.java | 6 ++++++ .../service/ProxyEidasAttributeRegistry.java | 18 +++++++++++++++- .../services/ProxyEidasAttributeRegistryTest.java | 20 ++++++++++++++++++ .../resources/config/additional-attributes.xml | 19 +++++++++++++++++ .../test/resources/config/idaAttributeMapping.json | 24 ++++++++++++++++++++++ 6 files changed, 102 insertions(+), 1 deletion(-) (limited to 'modules/eidas_proxy-sevice/src/test/resources/config') diff --git a/basicConfig/ms-proxyservice/misc/idaAttributeMapping.json b/basicConfig/ms-proxyservice/misc/idaAttributeMapping.json index e5495547..3de4b8a9 100644 --- a/basicConfig/ms-proxyservice/misc/idaAttributeMapping.json +++ b/basicConfig/ms-proxyservice/misc/idaAttributeMapping.json @@ -126,6 +126,22 @@ "autoIncludeWithMandates": true } }, + { + "eidasAttribute": "http://e-justice.europa.eu/attributes/naturalperson/eJusticeNaturalPersonRole", + "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticePersonRoleHandler", + "type": { + "mds": false, + "autoIncludeWithMandates": false + } + }, + { + "eidasAttribute": "http://e-justice.europa.eu/attributes/legalperson/eJusticeLegalPersonRole", + "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticePersonRoleHandler", + "type": { + "mds": false, + "autoIncludeWithMandates": false + } + }, { "eidasAttribute": "*", "idaAttribute": { diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/AttrMappingElement.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/AttrMappingElement.java index cf106bad..2dffbc2d 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/AttrMappingElement.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/AttrMappingElement.java @@ -13,6 +13,8 @@ import lombok.Data; @JsonPropertyOrder({ "eidasAttribute", "idaAttribute", + "addionalRequiredAttributes", + "specificAttributeHandlerClass", "type" }) @Data @@ -34,6 +36,10 @@ public class AttrMappingElement { @JsonProperty("addionalRequiredAttributes") private List addionalRequiredAttributes; + + @JsonProperty("specificAttributeHandlerClass") + private String specificAttributeHandlerClass; + /** * attribute characteristics. */ diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java index a6a50100..a0c99019 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java @@ -111,7 +111,7 @@ public class ProxyEidasAttributeRegistry { } /** - * Get eIDAS related IDA attribute. + * Get eIDAS related IDA attribute for a specific mode-operation. * * @param eidasAttributeName Name of the eIDAS attribute. * @param withMandates true if mandates are supported, otherwise false @@ -127,6 +127,22 @@ public class ProxyEidasAttributeRegistry { } + /** + * Get eIDAS related custom attribute-handler. + * + * @param eidasAttributeName Name of the eIDAS attribute. + * @return full classname of the handler implementation if available + */ + public Optional mapEidasAttributeToAttributeHandler(String eidasAttributeName) { + return attributeConfiguration.stream() + .filter(el -> el.getEidasAttributeName().equals(eidasAttributeName)) + .filter(el -> StringUtils.isNotEmpty(el.getSpecificAttributeHandlerClass())) + .findFirst() + .map(el -> el.getSpecificAttributeHandlerClass()); + + } + + @PostConstruct private void initialize() throws EaafConfigurationException { final String attrConfPath = basicConfig.getBasicConfiguration( diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java index 8d417c1a..fb7d257e 100644 --- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java +++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java @@ -127,6 +127,26 @@ public class ProxyEidasAttributeRegistryTest { } + @Test + public void specificAttributeHandler() { + assertFalse("find wrong attribute", + attrRegistry.mapEidasAttributeToAttributeHandler( + "http://eidas.europa.eu/attributes/jUnit/no/custom/handler").isPresent()); + + assertFalse("find wrong attribute", + attrRegistry.mapEidasAttributeToAttributeHandler( + "http://eidas.europa.eu/attributes/naturalperson/representative/DateOfBirth").isPresent()); + + + Optional attr2 = attrRegistry.mapEidasAttributeToAttributeHandler( + "http://e-justice.europa.eu/attributes/naturalperson/eJusticeNaturalPersonRole"); + assertTrue("find wrong IDA mapping", attr2.isPresent()); + assertEquals("find wrong specific attribute-handler", + "at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticePersonRoleHandler", attr2.get()); + + } + + private void checkAttributeMapping(String eidasAttr, boolean withMandates, List idaAttributes) { @NonNull Set idaAttrResult = attrRegistry.getIdaAttributesForEidasAttribute(eidasAttr, withMandates); diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml b/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml index 6510546e..e40ebdc4 100644 --- a/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml +++ b/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml @@ -36,4 +36,23 @@ xs eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + http://e-justice.europa.eu/attributes/naturalperson/eJusticeNaturalPersonRole + eJusticeNaturalPersonRole + NaturalPerson + false + http://www.w3.org/2001/XMLSchema + string + xs + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + http://e-justice.europa.eu/attributes/legalperson/eJusticeLegalPersonRole + eJusticeLegalPersonRole + LegalPerson + false + http://www.w3.org/2001/XMLSchema + string + xs + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json index 7e41d8f6..daaaa37d 100644 --- a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json +++ b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json @@ -128,6 +128,22 @@ "autoIncludeWithMandates": true } }, + { + "eidasAttribute": "http://e-justice.europa.eu/attributes/naturalperson/eJusticeNaturalPersonRole", + "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticePersonRoleHandler", + "type": { + "mds": false, + "autoIncludeWithMandates": false + } + }, + { + "eidasAttribute": "http://e-justice.europa.eu/attributes/legalperson/eJusticeLegalPersonRole", + "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticePersonRoleHandler", + "type": { + "mds": false, + "autoIncludeWithMandates": false + } + }, { "eidasAttribute": "*", "idaAttribute": { @@ -179,5 +195,13 @@ "mds": false, "autoIncludeWithMandates": false } + }, + { + "eidasAttribute": "http://eidas.europa.eu/attributes/jUnit/no/custom/handler", + "specificAttributeHandlerClass": "", + "type": { + "mds": false, + "autoIncludeWithMandates": false + } } ] \ No newline at end of file -- cgit v1.2.3 From 72e8da84f3ff8cd36d6f62d0d0690ad3f9a19efd Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Tue, 16 Aug 2022 11:21:04 +0200 Subject: chore(core): check if custom attribute-handler implementations are available on start-up --- .../msproxyservice/handler/EJusticePersonRoleHandler.java | 13 +++++++++++++ .../msproxyservice/handler/IEidasAttributeHandler.java | 13 +++++++++++++ .../service/ProxyEidasAttributeRegistry.java | 15 +++++++++++++++ .../main/resources/spring/eidas_proxy-service.beans.xml | 3 +++ .../test/services/ProxyEidasAttributeRegistryTest.java | 3 +++ .../src/test/resources/config/idaAttributeMapping.json | 2 +- 6 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java create mode 100644 modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java (limited to 'modules/eidas_proxy-sevice/src/test/resources/config') diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java new file mode 100644 index 00000000..f42a7172 --- /dev/null +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java @@ -0,0 +1,13 @@ +package at.asitplus.eidas.specific.modules.msproxyservice.handler; + +/** + * Attribute handling to integrate BORIS attributes without full IDA support for sector-specific attributes. + * + *

This attribute-handler maps a specific mandate-profile to an eIDAS attribute.

+ * + * @author tlenz + * + */ +public class EJusticePersonRoleHandler implements IEidasAttributeHandler { + +} diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java new file mode 100644 index 00000000..153cf262 --- /dev/null +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java @@ -0,0 +1,13 @@ +package at.asitplus.eidas.specific.modules.msproxyservice.handler; + +/** + * Handlers for attribute-processing that requires more features than a simple mapping. + * + * @author tlenz + * + */ +public interface IEidasAttributeHandler { + + + +} diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java index a0c99019..747c808c 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java @@ -17,6 +17,7 @@ import javax.annotation.PostConstruct; import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; import org.springframework.core.io.Resource; import org.springframework.core.io.ResourceLoader; @@ -27,6 +28,7 @@ import com.google.common.collect.Sets; import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry; import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; import at.asitplus.eidas.specific.modules.msproxyservice.dto.attributes.AttrMappingElement; +import at.asitplus.eidas.specific.modules.msproxyservice.handler.IEidasAttributeHandler; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; @@ -41,6 +43,7 @@ public class ProxyEidasAttributeRegistry { private static ObjectMapper mapper = new ObjectMapper(); + @Autowired ApplicationContext context; @Autowired IConfiguration basicConfig; @Autowired ResourceLoader resourceLoader; @@ -204,6 +207,18 @@ public class ProxyEidasAttributeRegistry { if (StringUtils.isNotEmpty(el.getEidasAttributeName())) { if (ATTR_CONFIG_ALL.equals(el.getEidasAttributeName()) || coreRegistry.getCoreAttributeRegistry().getByName(el.getEidasAttributeName()) != null) { + + // check if custom attribute-handler implementation is available + if (StringUtils.isNotEmpty(el.getSpecificAttributeHandlerClass())) { + try { + context.getBean(el.getSpecificAttributeHandlerClass(), IEidasAttributeHandler.class); + + } catch (Exception e) { + log.error("No custom attribute-handler implementation for: {}", el.getSpecificAttributeHandlerClass(), e); + return false; + } + } + return true; } else { diff --git a/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml b/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml index 78b7640a..38bd44da 100644 --- a/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml +++ b/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml @@ -35,4 +35,7 @@ + + \ No newline at end of file diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java index fb7d257e..d3d1d7b0 100644 --- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java +++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java @@ -137,6 +137,9 @@ public class ProxyEidasAttributeRegistryTest { attrRegistry.mapEidasAttributeToAttributeHandler( "http://eidas.europa.eu/attributes/naturalperson/representative/DateOfBirth").isPresent()); + assertFalse("find wrong attribute", + attrRegistry.mapEidasAttributeToAttributeHandler( + "http://e-justice.europa.eu/attributes/legalperson/eJusticeLegalPersonRole").isPresent()); Optional attr2 = attrRegistry.mapEidasAttributeToAttributeHandler( "http://e-justice.europa.eu/attributes/naturalperson/eJusticeNaturalPersonRole"); diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json index daaaa37d..a3ff1ead 100644 --- a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json +++ b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json @@ -138,7 +138,7 @@ }, { "eidasAttribute": "http://e-justice.europa.eu/attributes/legalperson/eJusticeLegalPersonRole", - "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticePersonRoleHandler", + "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.notExist", "type": { "mds": false, "autoIncludeWithMandates": false -- cgit v1.2.3 From 68c46a22406af910838b3ee6bbea5a4e9807ddaa Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Tue, 16 Aug 2022 13:20:02 +0200 Subject: feat(eidas): add advanced SP config post-processing based on requested attributes --- .../handler/EJusticePersonRoleHandler.java | 53 +++++++++++ .../handler/IEidasAttributeHandler.java | 9 ++ .../protocol/EidasProxyServiceController.java | 38 +++++++- .../protocol/EidasProxyServiceControllerTest.java | 106 +++++++++++++++++++++ .../services/ProxyEidasAttributeRegistryTest.java | 2 +- .../resources/config/additional-attributes.xml | 10 ++ .../test/resources/config/idaAttributeMapping.json | 10 +- .../resources/config/junit_config_1.properties | 10 +- .../src/main/resources/application.properties | 7 ++ pom.xml | 2 +- 10 files changed, 242 insertions(+), 5 deletions(-) (limited to 'modules/eidas_proxy-sevice/src/test/resources/config') diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java index f42a7172..52a69944 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java @@ -1,5 +1,17 @@ package at.asitplus.eidas.specific.modules.msproxyservice.handler; +import javax.annotation.PostConstruct; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; + +import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import lombok.extern.slf4j.Slf4j; + /** * Attribute handling to integrate BORIS attributes without full IDA support for sector-specific attributes. * @@ -8,6 +20,47 @@ package at.asitplus.eidas.specific.modules.msproxyservice.handler; * @author tlenz * */ +@Slf4j public class EJusticePersonRoleHandler implements IEidasAttributeHandler { + public static final String CONFIG_PROP_IDA_MANDATE_PROFILE = "advanced.atributes.ejusticerole.mandate.profiles"; + public static final String CONFIG_PROP_IDA_MANDATE_MODE = "advanced.atributes.ejusticerole.mandate.mode"; + + @Autowired IConfiguration config; + + private SpMandateModes mandateMode; + private String mandateProfiles; + + @Override + public void performSpConfigPostprocessing(ServiceProviderConfiguration spConfig) { + spConfig.setMandateMode(mandateMode); + spConfig.setMandateProfiles(KeyValueUtils.getListOfCsvValues(mandateProfiles)); + log.info("Enforcing mandate-mode: {} with profile: {}", mandateMode, mandateProfiles); + + } + + + + @PostConstruct + private void initialize() throws EaafConfigurationException { + mandateMode = SpMandateModes.fromString(loadConfigValue(CONFIG_PROP_IDA_MANDATE_MODE)); + mandateProfiles = loadConfigValue(CONFIG_PROP_IDA_MANDATE_PROFILE); + + log.info("Initialize: {} with mandate-profile: {} mandate-mode: {}", + EJusticePersonRoleHandler.class.getSimpleName(), mandateProfiles, mandateMode); + + } + + private String loadConfigValue(String configProp) throws EaafConfigurationException { + String value = config.getBasicConfiguration(configProp); + if (StringUtils.isEmpty(value)) { + throw new EaafConfigurationException("internal.configuration.00", + new Object[]{configProp}); + + } + + return value; + + } + } diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java index 153cf262..02e091ef 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java @@ -1,5 +1,7 @@ package at.asitplus.eidas.specific.modules.msproxyservice.handler; +import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; + /** * Handlers for attribute-processing that requires more features than a simple mapping. * @@ -8,6 +10,13 @@ package at.asitplus.eidas.specific.modules.msproxyservice.handler; */ public interface IEidasAttributeHandler { + /** + * Perform attribute-releated post-processing of internal Service-Provider configuration. + * + * @param spConfig SP configuration that was build from incoming eIDAS Authn. request. + */ + void performSpConfigPostprocessing(ServiceProviderConfiguration spConfig); + } diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java index 32be0e22..d0e3d1ba 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java @@ -8,6 +8,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Objects; +import java.util.Set; import java.util.UUID; import java.util.stream.Collectors; @@ -33,6 +34,7 @@ import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants; import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException; +import at.asitplus.eidas.specific.modules.msproxyservice.handler.IEidasAttributeHandler; import at.asitplus.eidas.specific.modules.msproxyservice.service.ProxyEidasAttributeRegistry; import at.asitplus.eidas.specific.modules.msproxyservice.utils.EidasProxyServiceUtils; import at.gv.egiz.components.eventlog.api.EventConstants; @@ -333,7 +335,10 @@ public class EidasProxyServiceController extends AbstractController implements I // map eIDAS attributes to national attributes buildNationalRequestedAttributes(spConfig, eidasRequest); - + + // execute custom attribute-handler + advancedAttributeHandler(spConfig, eidasRequest); + return spConfig; } catch (final EidasProxyServiceException e) { @@ -344,6 +349,37 @@ public class EidasProxyServiceController extends AbstractController implements I } } + + private void advancedAttributeHandler(ServiceProviderConfiguration spConfig, ILightRequest eidasRequest) { + Set requiredHandlers = eidasRequest.getRequestedAttributes().getAttributeMap().keySet().stream() + .map(el -> attrRegistry.mapEidasAttributeToAttributeHandler(el.getNameUri().toString()).orElse(null)) + .filter(Objects::nonNull) + .distinct() + .collect(Collectors.toSet()); + + if (!requiredHandlers.isEmpty()) { + log.info("eIDAS requested attributes requires #{} specific attribute-hander. " + + "Starting advanced attribute-handling ... ", requiredHandlers.size()); + requiredHandlers.forEach(el -> executeAttributeHandler(el, spConfig)); + + } else { + log.debug("No advanced eIDAS attribute-handling required."); + + } + } + + private void executeAttributeHandler(String handlerClass, ServiceProviderConfiguration spConfig) { + try { + IEidasAttributeHandler handler = applicationContext.getBean(handlerClass, IEidasAttributeHandler.class); + + log.trace("Perfom SP config post-processing by using: {}", handler.getClass().getName()); + handler.performSpConfigPostprocessing(spConfig); + + } catch (Exception e) { + log.error("No custom attribute-handler implementation for: {}. Operation can NOT be performed", handlerClass, e); + + } + } private void buildNationalRequestedAttributes( ServiceProviderConfiguration spConfig, ILightRequest eidasRequest) { diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java index 830360e0..4f62b2eb 100644 --- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java +++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java @@ -731,6 +731,112 @@ public class EidasProxyServiceControllerTest { } + + @Test + public void validAuthnRequestWithBorisAttributeLegal() throws IOException, EaafException { + //initialize state + httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); + String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + String issuer = RandomStringUtils.randomAlphabetic(10); + LightRequest.Builder authnReqBuilder = LightRequest.builder() + .id(UUID.randomUUID().toString()) + .issuer(issuer) + .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) + .spCountryCode(spCountryCode) + .spType("public") + .requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + EidasConstants.eIDAS_ATTR_LEGALNAME).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + "eJusticeLegalPersonRole").first()) + .build()); + + proxyService.setiLightRequest(authnReqBuilder.build()); + + + // set default mandate configuration + List mandateProfilesNat = + Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); + List mandateProfilesJur = + Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, + StringUtils.join(mandateProfilesNat, ",")); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, + StringUtils.join(mandateProfilesJur, ",")); + + + //execute + controller.receiveEidasAuthnRequest(httpReq, httpResp); + + //validate state + ServiceProviderConfiguration spConfig = + authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); + assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); + assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); + assertEquals("mandateprofile size", 1, spConfig.getMandateProfiles().size()); + assertEquals("mandateprofile", "MUST_BE_UPDATED", spConfig.getMandateProfiles().get(0)); + assertEquals("MandateMode", SpMandateModes.LEGAL, spConfig.getMandateMode()); + + assertEquals("requested IDA attributes", 10, spConfig.getRequestedAttributes().size()); + + } + + @Test + public void validAuthnRequestWithBorisAttributeNat() throws IOException, EaafException { + //initialize state + httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); + String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + String issuer = RandomStringUtils.randomAlphabetic(10); + LightRequest.Builder authnReqBuilder = LightRequest.builder() + .id(UUID.randomUUID().toString()) + .issuer(issuer) + .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) + .spCountryCode(spCountryCode) + .spType("public") + .requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + "eJusticeNaturalPersonRole").first()) + .build()); + + proxyService.setiLightRequest(authnReqBuilder.build()); + + + // set default mandate configuration + List mandateProfilesNat = + Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); + List mandateProfilesJur = + Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, + StringUtils.join(mandateProfilesNat, ",")); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, + StringUtils.join(mandateProfilesJur, ",")); + + + //execute + controller.receiveEidasAuthnRequest(httpReq, httpResp); + + //validate state + ServiceProviderConfiguration spConfig = + authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); + assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); + assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); + assertEquals("mandateprofile size", 1, spConfig.getMandateProfiles().size()); + assertEquals("mandateprofile", "MUST_BE_UPDATED", spConfig.getMandateProfiles().get(0)); + assertEquals("MandateMode", SpMandateModes.LEGAL, spConfig.getMandateMode()); + + assertEquals("requested IDA attributes", 6, spConfig.getRequestedAttributes().size()); + + } + + private void addConnectorConfig(int i, String key, String value) { config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_PREFIX + String.valueOf(i) + "." + key, value); diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java index d3d1d7b0..b6b8a8df 100644 --- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java +++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java @@ -139,7 +139,7 @@ public class ProxyEidasAttributeRegistryTest { assertFalse("find wrong attribute", attrRegistry.mapEidasAttributeToAttributeHandler( - "http://e-justice.europa.eu/attributes/legalperson/eJusticeLegalPersonRole").isPresent()); + "http://e-justice.europa.eu/attributes/legalperson/eJusticePersonRoleNotExist").isPresent()); Optional attr2 = attrRegistry.mapEidasAttributeToAttributeHandler( "http://e-justice.europa.eu/attributes/naturalperson/eJusticeNaturalPersonRole"); diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml b/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml index e40ebdc4..c7b40d90 100644 --- a/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml +++ b/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml @@ -54,5 +54,15 @@ xs eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + http://e-justice.europa.eu/attributes/legalperson/eJusticePersonRoleNotExist + eJusticeLegalPersonRole + LegalPerson + false + http://www.w3.org/2001/XMLSchema + string + xs + eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller + + diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json index a3ff1ead..96034d12 100644 --- a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json +++ b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json @@ -138,12 +138,20 @@ }, { "eidasAttribute": "http://e-justice.europa.eu/attributes/legalperson/eJusticeLegalPersonRole", - "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.notExist", + "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticePersonRoleHandler", "type": { "mds": false, "autoIncludeWithMandates": false } }, + { + "eidasAttribute": "http://e-justice.europa.eu/attributes/legalperson/eJusticePersonRoleNotExist", + "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.notExist", + "type": { + "mds": false, + "autoIncludeWithMandates": false + } + }, { "eidasAttribute": "*", "idaAttribute": { diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties index bd4575c3..46e0bb69 100644 --- a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties +++ b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties @@ -5,4 +5,12 @@ eidas.ms.context.url.request.validation=false eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint=http://eidas.proxy/endpoint -eidas.ms.auth.eIDAS.proxy.attribute.mapping.config=idaAttributeMapping.json \ No newline at end of file +eidas.ms.auth.eIDAS.proxy.attribute.mapping.config=idaAttributeMapping.json + + +############################################################################# +## advanced eIDAS attribute processing + +# BORIS attribute for eJustice +eidas.ms.advanced.atributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED +eidas.ms.advanced.atributes.ejusticerole.mandate.mode=legal diff --git a/ms_specific_proxyservice/src/main/resources/application.properties b/ms_specific_proxyservice/src/main/resources/application.properties index 8d66a7c0..40587815 100644 --- a/ms_specific_proxyservice/src/main/resources/application.properties +++ b/ms_specific_proxyservice/src/main/resources/application.properties @@ -115,4 +115,11 @@ eidas.ms.modules.idaustriaauth.keystore.type=jks #eidas.ms.modules.idaustriaauth.truststore.password= +############################################################################# +## advanced eIDAS attribute processing + +# BORIS attribute for eJustice +eidas.ms.advanced.atributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED +eidas.ms.advanced.atributes.ejusticerole.mandate.mode=legal + diff --git a/pom.xml b/pom.xml index 946dd3ec..e20e076e 100644 --- a/pom.xml +++ b/pom.xml @@ -22,7 +22,7 @@ 0.3 0.4 - 1.3.3-SNAPSHOT + 1.3.4-SNAPSHOT 2.5.13 2.5.6 -- cgit v1.2.3 From d5cb2ae3d5bf3f04646cc23d7d59cd10822349c6 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Tue, 16 Aug 2022 15:09:07 +0200 Subject: feat(eidas): generate advanced attributes in response-processing too --- .../handler/EJusticePersonRoleHandler.java | 78 +++++++- .../handler/IEidasAttributeHandler.java | 16 +- .../protocol/ProxyServiceAuthenticationAction.java | 28 ++- .../service/ProxyEidasAttributeRegistry.java | 1 + .../ProxyServiceAuthenticationActionTest.java | 202 +++++++++++++++++++++ .../resources/config/junit_config_1.properties | 2 + .../src/main/resources/application.properties | 5 +- 7 files changed, 316 insertions(+), 16 deletions(-) (limited to 'modules/eidas_proxy-sevice/src/test/resources/config') diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java index 52a69944..ec161b1a 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java @@ -1,5 +1,10 @@ package at.asitplus.eidas.specific.modules.msproxyservice.handler; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import java.util.stream.Collectors; + import javax.annotation.PostConstruct; import org.apache.commons.lang3.StringUtils; @@ -7,9 +12,12 @@ import org.springframework.beans.factory.annotation.Autowired; import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; +import at.gv.egiz.eaaf.core.api.idp.IExtendedConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import lombok.NonNull; import lombok.extern.slf4j.Slf4j; /** @@ -25,32 +33,84 @@ public class EJusticePersonRoleHandler implements IEidasAttributeHandler { public static final String CONFIG_PROP_IDA_MANDATE_PROFILE = "advanced.atributes.ejusticerole.mandate.profiles"; public static final String CONFIG_PROP_IDA_MANDATE_MODE = "advanced.atributes.ejusticerole.mandate.mode"; - - @Autowired IConfiguration config; + public static final String CONFIG_PROP_RESULT_PREFIX = "advanced.atributes.ejusticerole.value."; + public static final String CONFIG_PROP_RESULT_VALUE_DELIMITER = "="; + + + @Autowired IExtendedConfiguration config; private SpMandateModes mandateMode; - private String mandateProfiles; + private List mandateProfiles; + private Map resultMapper; @Override public void performSpConfigPostprocessing(ServiceProviderConfiguration spConfig) { spConfig.setMandateMode(mandateMode); - spConfig.setMandateProfiles(KeyValueUtils.getListOfCsvValues(mandateProfiles)); + spConfig.setMandateProfiles(mandateProfiles); log.info("Enforcing mandate-mode: {} with profile: {}", mandateMode, mandateProfiles); } + @Override + public String buildAttributeValue(@NonNull IEidAuthData eidAuthData) { + final String mandateType = eidAuthData.getGenericData( + PvpAttributeDefinitions.MANDATE_TYPE_NAME, String.class); + if (StringUtils.isNotEmpty(mandateType)) { + String attrValue = resultMapper.get(mandateType); + if (StringUtils.isNotEmpty(attrValue)) { + log.debug("Mapping mandate-type: {} to EJusticePersonRole: {}", mandateType, attrValue); + return attrValue; + + } else { + log.info("Ignore mandate-type: {}, because it is not mapped to a EJusticePersonRole", mandateType); + + } + + } else { + log.warn("Can not build: EJusticePersonRole, because IDA response contains no attribute: ", + PvpAttributeDefinitions.MANDATE_TYPE_NAME); + + } + + + return null; + + } @PostConstruct private void initialize() throws EaafConfigurationException { mandateMode = SpMandateModes.fromString(loadConfigValue(CONFIG_PROP_IDA_MANDATE_MODE)); - mandateProfiles = loadConfigValue(CONFIG_PROP_IDA_MANDATE_PROFILE); - - log.info("Initialize: {} with mandate-profile: {} mandate-mode: {}", + mandateProfiles = KeyValueUtils.getListOfCsvValues(loadConfigValue(CONFIG_PROP_IDA_MANDATE_PROFILE)); + resultMapper = config.getBasicConfigurationWithPrefix(CONFIG_PROP_RESULT_PREFIX).values().stream() + .filter(el -> el.contains(CONFIG_PROP_RESULT_VALUE_DELIMITER)) + .collect(Collectors.toMap(x -> split(x, 0), x -> split(x, 1))); + + // validate requested profiles to result map + Optional missingConfig = mandateProfiles.stream() + .filter(el -> !resultMapper.containsKey(el)) + .findFirst(); + if (missingConfig.isPresent()) { + log.error("Missing mandate-profile: {} in result mapping", missingConfig.get()); + throw new EaafConfigurationException("internal.configuration.00", + new Object[]{CONFIG_PROP_RESULT_PREFIX}); + + } + + log.info("Initialize: {} with mandate-profile: {} mandate-mode: {} and result-map:", EJusticePersonRoleHandler.class.getSimpleName(), mandateProfiles, mandateMode); + resultMapper.entrySet().stream().forEach(el -> + log.info("Profile: {} --> Attribute-Value: {}", el.getKey(), el.getValue())); + } + private String split(String value, int i) { + return value.split(CONFIG_PROP_RESULT_VALUE_DELIMITER, 2)[i]; + + } + + private String loadConfigValue(String configProp) throws EaafConfigurationException { String value = config.getBasicConfiguration(configProp); if (StringUtils.isEmpty(value)) { @@ -62,5 +122,5 @@ public class EJusticePersonRoleHandler implements IEidasAttributeHandler { return value; } - + } diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java index 02e091ef..5a9c8d8c 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java @@ -1,6 +1,10 @@ package at.asitplus.eidas.specific.modules.msproxyservice.handler; +import javax.annotation.Nullable; + import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; +import lombok.NonNull; /** * Handlers for attribute-processing that requires more features than a simple mapping. @@ -15,7 +19,17 @@ public interface IEidasAttributeHandler { * * @param spConfig SP configuration that was build from incoming eIDAS Authn. request. */ - void performSpConfigPostprocessing(ServiceProviderConfiguration spConfig); + void performSpConfigPostprocessing(@NonNull ServiceProviderConfiguration spConfig); + + + /** + * Build eIDAS attribute-value from authentication data. + * + * @param eidAuthData Authentication data for current process + * @return attribute-value if attribute is available, otherwise null + */ + @Nullable + String buildAttributeValue(@NonNull IEidAuthData eidAuthData); diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java index 8348558c..f1cb8f0b 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java @@ -20,6 +20,7 @@ import at.asitplus.eidas.specific.core.gui.StaticGuiBuilderConfiguration; import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants; import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException; +import at.asitplus.eidas.specific.modules.msproxyservice.handler.IEidasAttributeHandler; import at.asitplus.eidas.specific.modules.msproxyservice.service.ProxyEidasAttributeRegistry; import at.asitplus.eidas.specific.modules.msproxyservice.utils.EidasProxyServiceUtils; import at.gv.egiz.eaaf.core.api.IRequest; @@ -264,10 +265,29 @@ public class ProxyServiceAuthenticationAction implements IAction { } - } else { - log.warn("Can not build eIDAS attribute: {}, because there is not corresponding IDA attribute defined", - eidasAttrName); - + } else { + Optional advancedAttributeHandler = attrRegistry.mapEidasAttributeToAttributeHandler(eidasAttrName); + if (advancedAttributeHandler.isPresent()) { + final String idaAttrValue = context.getBean(advancedAttributeHandler.get(), IEidasAttributeHandler.class) + .buildAttributeValue(eidAuthData); + if (StringUtils.isNotEmpty(idaAttrValue)) { + log.debug("Build eIDAS attribute: {} by advanced attribute-handler: {}", + eidasAttrName, advancedAttributeHandler.get()); + attributeMap.put( + attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByName(eidasAttrName), + idaAttrValue); + + } else { + log.info("Empty attribte-value returned by advanced attribute-handler, eIDAS attribute: {} will be ignored", + eidasAttrName); + + } + + } else { + log.warn("Can not build eIDAS attribute: {}, because there is not corresponding IDA attribute defined", + eidasAttrName); + + } } } diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java index 747c808c..edb21722 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java @@ -124,6 +124,7 @@ public class ProxyEidasAttributeRegistry { String eidasAttributeName, boolean withMandates) { return attributeConfiguration.stream() .filter(el -> el.getEidasAttributeName().equals(eidasAttributeName)) + .filter(el -> el.getIdaAttribute() != null) .findFirst() .map(el -> withMandates ? el.getIdaAttribute().getWithMandates() : el.getIdaAttribute().getBasic()) .filter(el -> StringUtils.isNotEmpty(el)); diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java index d44ffc2d..d9bc017c 100644 --- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java +++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java @@ -397,6 +397,208 @@ public class ProxyServiceAuthenticationActionTest { } + @Test + public void borisModeResponseWithJurMandate() throws EaafException, SpecificCommunicationException { + Map attr = new HashMap<>(); + attr.put(PvpAttributeDefinitions.BPK_NAME, + "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + + attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME, + "MUST_BE_UPDATED"); + + LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); + eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first()) + .build()); + pendingReq.setEidasRequest(eidasRequestBuilder.build()); + + + //perform test + SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); + + //validate state + Assert.assertNotNull("Result should be not null", result); + + ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); + assertEquals("wrong attr. size", 8, respAttr.size()); + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, + (String) attr.get(PvpAttributeDefinitions.BPK_NAME)); + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName()); + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName()); + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getDateOfBirth()); + + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER, + (String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME)); + checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_LEGALNAME, + (String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME)); + + checkAttrValue(respAttr, "eJusticeLegalPersonRole", "VIP1"); + checkAttrValue(respAttr, "eJusticeNaturalPersonRole", "VIP1"); + + assertNull("find nat. person subject: personalId", + getAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER)); + assertNull("find nat. person subject: familyName", + getAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME)); + assertNull("find nat. person subject: givenName", + getAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME)); + assertNull("find nat. person subject: dateOfBirth", + getAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH)); + + } + + @Test + public void borisModeResponseWithJurMandate2() throws EaafException, SpecificCommunicationException { + Map attr = new HashMap<>(); + attr.put(PvpAttributeDefinitions.BPK_NAME, + "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + + attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME, + "SECOND"); + + LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); + eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first()) + .build()); + pendingReq.setEidasRequest(eidasRequestBuilder.build()); + + + //perform test + SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); + + //validate state + Assert.assertNotNull("Result should be not null", result); + + ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); + assertEquals("wrong attr. size", 8, respAttr.size()); + + checkAttrValue(respAttr, "eJusticeLegalPersonRole", "VIP2"); + checkAttrValue(respAttr, "eJusticeNaturalPersonRole", "VIP2"); + + + } + + @Test + public void borisModeNoMandateType() throws EaafException, SpecificCommunicationException { + Map attr = new HashMap<>(); + attr.put(PvpAttributeDefinitions.BPK_NAME, + "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + + attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, + RandomStringUtils.randomAlphabetic(10)); + + LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); + eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first()) + .build()); + pendingReq.setEidasRequest(eidasRequestBuilder.build()); + + + //perform test + SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); + + //validate state + Assert.assertNotNull("Result should be not null", result); + + ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); + assertEquals("wrong attr. size", 6, respAttr.size()); + + } + + @Test + public void borisModeEmptyMandateType() throws EaafException, SpecificCommunicationException { + Map attr = new HashMap<>(); + attr.put(PvpAttributeDefinitions.BPK_NAME, + "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + + attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME, ""); + + LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); + eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first()) + .build()); + pendingReq.setEidasRequest(eidasRequestBuilder.build()); + + + //perform test + SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); + + //validate state + Assert.assertNotNull("Result should be not null", result); + + ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); + assertEquals("wrong attr. size", 6, respAttr.size()); + + } + + @Test + public void borisModeUnknownMandateType() throws EaafException, SpecificCommunicationException { + Map attr = new HashMap<>(); + attr.put(PvpAttributeDefinitions.BPK_NAME, + "AT+XX:" + RandomStringUtils.randomAlphanumeric(10)); + IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH, + RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true); + + attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, + RandomStringUtils.randomAlphabetic(10)); + attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME, RandomStringUtils.randomAlphanumeric(10)); + + LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest(); + eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first()) + .build()); + pendingReq.setEidasRequest(eidasRequestBuilder.build()); + + + //perform test + SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData); + + //validate state + Assert.assertNotNull("Result should be not null", result); + + ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData); + assertEquals("wrong attr. size", 6, respAttr.size()); + + } + @Test public void responseWithNatMandateWithWorkAround() throws EaafException, SpecificCommunicationException { basicConfig.putConfigValue("auth.eIDAS.proxy.workaround.mandates.legalperson", diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties index 46e0bb69..b59cae5f 100644 --- a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties +++ b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties @@ -14,3 +14,5 @@ eidas.ms.auth.eIDAS.proxy.attribute.mapping.config=idaAttributeMapping.json # BORIS attribute for eJustice eidas.ms.advanced.atributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED eidas.ms.advanced.atributes.ejusticerole.mandate.mode=legal +eidas.ms.advanced.atributes.ejusticerole.value.1=MUST_BE_UPDATED=VIP1 +eidas.ms.advanced.atributes.ejusticerole.value.2=SECOND=VIP2 diff --git a/ms_specific_proxyservice/src/main/resources/application.properties b/ms_specific_proxyservice/src/main/resources/application.properties index 40587815..f7aca8a3 100644 --- a/ms_specific_proxyservice/src/main/resources/application.properties +++ b/ms_specific_proxyservice/src/main/resources/application.properties @@ -119,7 +119,8 @@ eidas.ms.modules.idaustriaauth.keystore.type=jks ## advanced eIDAS attribute processing # BORIS attribute for eJustice -eidas.ms.advanced.atributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED +eidas.ms.advanced.atributes.ejusticerole.mandate.profiles.1=MUST_BE_UPDATED,SECOND eidas.ms.advanced.atributes.ejusticerole.mandate.mode=legal - +eidas.ms.advanced.atributes.ejusticerole.value.1=MUST_BE_UPDATED,VIP1 +eidas.ms.advanced.atributes.ejusticerole.value.2=SECOND,VIP2 -- cgit v1.2.3 From ee60dcbde9210e6ecf417af9fd7e4f13e8d95bbd Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Tue, 16 Aug 2022 15:46:31 +0200 Subject: style(eidas): fix typo in configuration properties --- .../modules/msproxyservice/handler/EJusticePersonRoleHandler.java | 6 +++--- .../src/test/resources/config/junit_config_1.properties | 8 ++++---- .../src/main/resources/application.properties | 7 +++---- .../test/resources/config/junit_config_1_springboot.properties | 7 +++++++ 4 files changed, 17 insertions(+), 11 deletions(-) (limited to 'modules/eidas_proxy-sevice/src/test/resources/config') diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java index ec161b1a..87a033eb 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java @@ -31,9 +31,9 @@ import lombok.extern.slf4j.Slf4j; @Slf4j public class EJusticePersonRoleHandler implements IEidasAttributeHandler { - public static final String CONFIG_PROP_IDA_MANDATE_PROFILE = "advanced.atributes.ejusticerole.mandate.profiles"; - public static final String CONFIG_PROP_IDA_MANDATE_MODE = "advanced.atributes.ejusticerole.mandate.mode"; - public static final String CONFIG_PROP_RESULT_PREFIX = "advanced.atributes.ejusticerole.value."; + public static final String CONFIG_PROP_IDA_MANDATE_PROFILE = "advanced.attributes.ejusticerole.mandate.profiles"; + public static final String CONFIG_PROP_IDA_MANDATE_MODE = "advanced.attributes.ejusticerole.mandate.mode"; + public static final String CONFIG_PROP_RESULT_PREFIX = "advanced.attributes.ejusticerole.value"; public static final String CONFIG_PROP_RESULT_VALUE_DELIMITER = "="; diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties index b59cae5f..8963129e 100644 --- a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties +++ b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties @@ -12,7 +12,7 @@ eidas.ms.auth.eIDAS.proxy.attribute.mapping.config=idaAttributeMapping.json ## advanced eIDAS attribute processing # BORIS attribute for eJustice -eidas.ms.advanced.atributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED -eidas.ms.advanced.atributes.ejusticerole.mandate.mode=legal -eidas.ms.advanced.atributes.ejusticerole.value.1=MUST_BE_UPDATED=VIP1 -eidas.ms.advanced.atributes.ejusticerole.value.2=SECOND=VIP2 +eidas.ms.advanced.attributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED +eidas.ms.advanced.attributes.ejusticerole.mandate.mode=legal +eidas.ms.advanced.attributes.ejusticerole.value.1=MUST_BE_UPDATED=VIP1 +eidas.ms.advanced.attributes.ejusticerole.value.2=SECOND=VIP2 diff --git a/ms_specific_proxyservice/src/main/resources/application.properties b/ms_specific_proxyservice/src/main/resources/application.properties index f7aca8a3..b8da2a10 100644 --- a/ms_specific_proxyservice/src/main/resources/application.properties +++ b/ms_specific_proxyservice/src/main/resources/application.properties @@ -119,8 +119,7 @@ eidas.ms.modules.idaustriaauth.keystore.type=jks ## advanced eIDAS attribute processing # BORIS attribute for eJustice -eidas.ms.advanced.atributes.ejusticerole.mandate.profiles.1=MUST_BE_UPDATED,SECOND -eidas.ms.advanced.atributes.ejusticerole.mandate.mode=legal -eidas.ms.advanced.atributes.ejusticerole.value.1=MUST_BE_UPDATED,VIP1 -eidas.ms.advanced.atributes.ejusticerole.value.2=SECOND,VIP2 +eidas.ms.advanced.attributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED,SECOND +eidas.ms.advanced.attributes.ejusticerole.mandate.mode=legal +eidas.ms.advanced.attributes.ejusticerole.value.1=MUST_BE_UPDATED=VIP1 diff --git a/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties b/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties index 47d50191..9f36c9d7 100644 --- a/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties +++ b/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties @@ -113,4 +113,11 @@ eidas.ms.modules.idaustriaauth.truststore.password=password eidas.ms.modules.idaustriaauth.truststore.type=jks +############################################################################# +## advanced eIDAS attribute processing + +# BORIS attribute for eJustice +eidas.ms.advanced.attributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED +eidas.ms.advanced.attributes.ejusticerole.mandate.mode=legal +eidas.ms.advanced.attributes.ejusticerole.value.1=MUST_BE_UPDATED=VIP1 -- cgit v1.2.3 From 920d33465e5ab1a71d81cc280e41de10cd8b5247 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Wed, 17 Aug 2022 09:53:46 +0200 Subject: feat(eidas): extend EJusticePersonRoleHandler to include additional requested attributes --- .../handler/EJusticePersonRoleHandler.java | 22 ++- .../EidasProxyServiceControllerBorisTest.java | 197 +++++++++++++++++++++ .../protocol/EidasProxyServiceControllerTest.java | 8 +- .../resources/config/junit_config_1.properties | 1 + .../resources/config/junit_config_2.properties | 18 ++ .../spring/SpringTest-context_basic_mapConfig2.xml | 20 +++ .../src/main/resources/application.properties | 3 +- 7 files changed, 261 insertions(+), 8 deletions(-) create mode 100644 modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerBorisTest.java create mode 100644 modules/eidas_proxy-sevice/src/test/resources/config/junit_config_2.properties create mode 100644 modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_mapConfig2.xml (limited to 'modules/eidas_proxy-sevice/src/test/resources/config') diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java index 87a033eb..6a5e4967 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java @@ -33,6 +33,9 @@ public class EJusticePersonRoleHandler implements IEidasAttributeHandler { public static final String CONFIG_PROP_IDA_MANDATE_PROFILE = "advanced.attributes.ejusticerole.mandate.profiles"; public static final String CONFIG_PROP_IDA_MANDATE_MODE = "advanced.attributes.ejusticerole.mandate.mode"; + public static final String CONFIG_PROP_IDA_ADDITIONAL_ATTRIBUTES = + "advanced.attributes.ejusticerole.additional.ida.attributes"; + public static final String CONFIG_PROP_RESULT_PREFIX = "advanced.attributes.ejusticerole.value"; public static final String CONFIG_PROP_RESULT_VALUE_DELIMITER = "="; @@ -41,14 +44,21 @@ public class EJusticePersonRoleHandler implements IEidasAttributeHandler { private SpMandateModes mandateMode; private List mandateProfiles; + private List additionalReqAttributes; private Map resultMapper; @Override public void performSpConfigPostprocessing(ServiceProviderConfiguration spConfig) { spConfig.setMandateMode(mandateMode); - spConfig.setMandateProfiles(mandateProfiles); + spConfig.setMandateProfiles(mandateProfiles); log.info("Enforcing mandate-mode: {} with profile: {}", mandateMode, mandateProfiles); + if (!additionalReqAttributes.isEmpty()) { + spConfig.getRequestedAttributes().addAll(additionalReqAttributes); + log.info("Add additional requested attributes: {}", additionalReqAttributes); + + } + } @Override @@ -80,8 +90,10 @@ public class EJusticePersonRoleHandler implements IEidasAttributeHandler { @PostConstruct private void initialize() throws EaafConfigurationException { - mandateMode = SpMandateModes.fromString(loadConfigValue(CONFIG_PROP_IDA_MANDATE_MODE)); - mandateProfiles = KeyValueUtils.getListOfCsvValues(loadConfigValue(CONFIG_PROP_IDA_MANDATE_PROFILE)); + mandateMode = SpMandateModes.fromString(loadConfigValue(CONFIG_PROP_IDA_MANDATE_MODE, true)); + mandateProfiles = KeyValueUtils.getListOfCsvValues(loadConfigValue(CONFIG_PROP_IDA_MANDATE_PROFILE, true)); + additionalReqAttributes = KeyValueUtils.getListOfCsvValues( + loadConfigValue(CONFIG_PROP_IDA_ADDITIONAL_ATTRIBUTES, false)); resultMapper = config.getBasicConfigurationWithPrefix(CONFIG_PROP_RESULT_PREFIX).values().stream() .filter(el -> el.contains(CONFIG_PROP_RESULT_VALUE_DELIMITER)) .collect(Collectors.toMap(x -> split(x, 0), x -> split(x, 1))); @@ -111,9 +123,9 @@ public class EJusticePersonRoleHandler implements IEidasAttributeHandler { } - private String loadConfigValue(String configProp) throws EaafConfigurationException { + private String loadConfigValue(String configProp, boolean isRequired) throws EaafConfigurationException { String value = config.getBasicConfiguration(configProp); - if (StringUtils.isEmpty(value)) { + if (StringUtils.isEmpty(value) && isRequired) { throw new EaafConfigurationException("internal.configuration.00", new Object[]{configProp}); diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerBorisTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerBorisTest.java new file mode 100644 index 00000000..dfa4e264 --- /dev/null +++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerBorisTest.java @@ -0,0 +1,197 @@ +package at.asitplus.eidas.specific.modules.msproxyservice.test.protocol; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; + +import java.io.IOException; +import java.net.URISyntaxException; +import java.util.Arrays; +import java.util.List; +import java.util.UUID; + +import org.apache.commons.lang3.RandomStringUtils; +import org.apache.commons.lang3.StringUtils; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; +import org.springframework.web.servlet.config.annotation.EnableWebMvc; + +import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants; +import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry; +import at.asitplus.eidas.specific.modules.core.eidas.test.dummy.DummySpecificCommunicationService; +import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; +import at.asitplus.eidas.specific.modules.msproxyservice.protocol.EidasProxyServiceController; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyProtocolAuthService; +import eu.eidas.auth.commons.EidasParameterKeys; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.light.impl.LightRequest; +import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; +import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/spring/SpringTest-context_basic_test.xml", + "/spring/SpringTest-context_basic_mapConfig2.xml", + }) +@EnableWebMvc +public class EidasProxyServiceControllerBorisTest { + + @Autowired private EidasProxyServiceController controller; + + @Autowired private DummySpecificCommunicationService proxyService; + @Autowired private DummyProtocolAuthService authService; + @Autowired private EidasAttributeRegistry attrRegistry; + @Autowired private ApplicationContext context; + + @Autowired MsConnectorDummyConfigMap config; + + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + + private SpecificCommunicationService springManagedSpecificConnectorCommunicationService; + + /** + * jUnit test set-up. + */ + @Before + public void setUp() throws EaafStorageException, URISyntaxException { + httpReq = new MockHttpServletRequest("POST", "http://localhost/ms_connector/eidas/light/idp/redirect"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + proxyService.setiLightRequest(null); + proxyService.setError(null); + + config.putConfigValue("eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint", + "http://eidas.proxy/endpoint"); + + springManagedSpecificConnectorCommunicationService = + (SpecificCommunicationService) context.getBean( + SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE + .toString()); + + } + + @Test + public void validAuthnRequestWithBorisAttributeLegal() throws IOException, EaafException { + //initialize state + httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); + String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + String issuer = RandomStringUtils.randomAlphabetic(10); + LightRequest.Builder authnReqBuilder = LightRequest.builder() + .id(UUID.randomUUID().toString()) + .issuer(issuer) + .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) + .spCountryCode(spCountryCode) + .spType("public") + .requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + EidasConstants.eIDAS_ATTR_LEGALNAME).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + "eJusticeLegalPersonRole").first()) + .build()); + + proxyService.setiLightRequest(authnReqBuilder.build()); + + + // set default mandate configuration + List mandateProfilesNat = + Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); + List mandateProfilesJur = + Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, + StringUtils.join(mandateProfilesNat, ",")); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, + StringUtils.join(mandateProfilesJur, ",")); + + + //execute + controller.receiveEidasAuthnRequest(httpReq, httpResp); + + //validate state + ServiceProviderConfiguration spConfig = + authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); + assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); + assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); + assertEquals("mandateprofile size", 1, spConfig.getMandateProfiles().size()); + assertEquals("mandateprofile", "MUST_BE_UPDATED", spConfig.getMandateProfiles().get(0)); + assertEquals("MandateMode", SpMandateModes.LEGAL, spConfig.getMandateMode()); + + assertEquals("requested IDA attributes", 10, spConfig.getRequestedAttributes().size()); + + } + + @Test + public void validAuthnRequestWithBorisAttributeNat() throws IOException, EaafException { + //initialize state + httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); + String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + String issuer = RandomStringUtils.randomAlphabetic(10); + LightRequest.Builder authnReqBuilder = LightRequest.builder() + .id(UUID.randomUUID().toString()) + .issuer(issuer) + .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) + .spCountryCode(spCountryCode) + .spType("public") + .requestedAttributes(ImmutableAttributeMap.builder() + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + "eJusticeNaturalPersonRole").first()) + .build()); + + proxyService.setiLightRequest(authnReqBuilder.build()); + + + // set default mandate configuration + List mandateProfilesNat = + Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); + List mandateProfilesJur = + Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, + StringUtils.join(mandateProfilesNat, ",")); + config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, + StringUtils.join(mandateProfilesJur, ",")); + + + //execute + controller.receiveEidasAuthnRequest(httpReq, httpResp); + + //validate state + ServiceProviderConfiguration spConfig = + authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); + assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); + assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); + assertEquals("mandateprofile size", 1, spConfig.getMandateProfiles().size()); + assertEquals("mandateprofile", "MUST_BE_UPDATED", spConfig.getMandateProfiles().get(0)); + assertEquals("MandateMode", SpMandateModes.LEGAL, spConfig.getMandateMode()); + + assertEquals("requested IDA attributes", 6, spConfig.getRequestedAttributes().size()); + + } + +} + + diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java index 4f62b2eb..5894ea45 100644 --- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java +++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java @@ -781,7 +781,7 @@ public class EidasProxyServiceControllerTest { assertEquals("mandateprofile", "MUST_BE_UPDATED", spConfig.getMandateProfiles().get(0)); assertEquals("MandateMode", SpMandateModes.LEGAL, spConfig.getMandateMode()); - assertEquals("requested IDA attributes", 10, spConfig.getRequestedAttributes().size()); + assertEquals("requested IDA attributes", 11, spConfig.getRequestedAttributes().size()); } @@ -832,7 +832,11 @@ public class EidasProxyServiceControllerTest { assertEquals("mandateprofile", "MUST_BE_UPDATED", spConfig.getMandateProfiles().get(0)); assertEquals("MandateMode", SpMandateModes.LEGAL, spConfig.getMandateMode()); - assertEquals("requested IDA attributes", 6, spConfig.getRequestedAttributes().size()); + assertEquals("requested IDA attributes", 7, spConfig.getRequestedAttributes().size()); + assertTrue("missing additional attribute", spConfig.getRequestedAttributes().stream() + .filter(el -> el.equals("testAttribute")) + .findFirst() + .isPresent()); } diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties index 8963129e..90b44868 100644 --- a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties +++ b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties @@ -14,5 +14,6 @@ eidas.ms.auth.eIDAS.proxy.attribute.mapping.config=idaAttributeMapping.json # BORIS attribute for eJustice eidas.ms.advanced.attributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED eidas.ms.advanced.attributes.ejusticerole.mandate.mode=legal +eidas.ms.advanced.attributes.ejusticerole.additional.ida.attributes=testAttribute eidas.ms.advanced.attributes.ejusticerole.value.1=MUST_BE_UPDATED=VIP1 eidas.ms.advanced.attributes.ejusticerole.value.2=SECOND=VIP2 diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_2.properties b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_2.properties new file mode 100644 index 00000000..8963129e --- /dev/null +++ b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_2.properties @@ -0,0 +1,18 @@ +## Basic service configuration +eidas.ms.context.url.prefix=http://localhost +eidas.ms.context.url.request.validation=false + +eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy +eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint=http://eidas.proxy/endpoint + +eidas.ms.auth.eIDAS.proxy.attribute.mapping.config=idaAttributeMapping.json + + +############################################################################# +## advanced eIDAS attribute processing + +# BORIS attribute for eJustice +eidas.ms.advanced.attributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED +eidas.ms.advanced.attributes.ejusticerole.mandate.mode=legal +eidas.ms.advanced.attributes.ejusticerole.value.1=MUST_BE_UPDATED=VIP1 +eidas.ms.advanced.attributes.ejusticerole.value.2=SECOND=VIP2 diff --git a/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_mapConfig2.xml b/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_mapConfig2.xml new file mode 100644 index 00000000..dfe98ea5 --- /dev/null +++ b/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_mapConfig2.xml @@ -0,0 +1,20 @@ + + + + + + + + + + + \ No newline at end of file diff --git a/ms_specific_proxyservice/src/main/resources/application.properties b/ms_specific_proxyservice/src/main/resources/application.properties index b8da2a10..c9d5e58f 100644 --- a/ms_specific_proxyservice/src/main/resources/application.properties +++ b/ms_specific_proxyservice/src/main/resources/application.properties @@ -120,6 +120,7 @@ eidas.ms.modules.idaustriaauth.keystore.type=jks # BORIS attribute for eJustice eidas.ms.advanced.attributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED,SECOND -eidas.ms.advanced.attributes.ejusticerole.mandate.mode=legal +eidas.ms.advanced.attributes.ejusticerole.mandate.mode=forceLegal +eidas.ms.advanced.attributes.ejusticerole.additional.ida.attributes= eidas.ms.advanced.attributes.ejusticerole.value.1=MUST_BE_UPDATED=VIP1 -- cgit v1.2.3