From db3af28b79296b6f5650a85c5a41ad5015c57222 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Tue, 7 Jun 2022 13:48:34 +0200 Subject: feat(eidas): include IDA releated requested attributes into service-provider configuration --- .../protocol/EidasProxyServiceController.java | 35 +++++++++++++++++----- .../protocol/EidasProxyServiceControllerTest.java | 14 ++++++++- 2 files changed, 41 insertions(+), 8 deletions(-) (limited to 'modules/eidas_proxy-sevice') diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java index cd404cee..26cc51ee 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java @@ -2,9 +2,11 @@ package at.asitplus.eidas.specific.modules.msproxyservice.protocol; import java.io.IOException; import java.text.MessageFormat; +import java.util.Collection; import java.util.Collections; import java.util.HashMap; import java.util.Map; +import java.util.Objects; import java.util.UUID; import java.util.stream.Collectors; @@ -22,13 +24,14 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import com.google.common.collect.ImmutableSortedSet; +import com.google.common.collect.Streams; import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants; -import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry; import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException; +import at.asitplus.eidas.specific.modules.msproxyservice.service.ProxyEidasAttributeRegistry; import at.asitplus.eidas.specific.modules.msproxyservice.utils.EidasProxyServiceUtils; import at.gv.egiz.components.eventlog.api.EventConstants; import at.gv.egiz.eaaf.core.api.IRequest; @@ -76,7 +79,7 @@ public class EidasProxyServiceController extends AbstractController implements I public static final String PROTOCOL_ID = "eidasProxy"; - @Autowired EidasAttributeRegistry attrRegistry; + @Autowired ProxyEidasAttributeRegistry attrRegistry; @Autowired ProxyServiceAuthenticationAction responseAction; /** @@ -115,7 +118,7 @@ public class EidasProxyServiceController extends AbstractController implements I .toString()); final ILightRequest eidasRequest = specificProxyCommunicationService.getAndRemoveRequest( tokenBase64, - ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes())); + ImmutableSortedSet.copyOf(attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getAttributes())); if (eidasRequest == null) { log.info("Find no eIDAS Authn. Request with stated token."); throw new EidasProxyServiceException(ERROR_11, null); @@ -317,9 +320,12 @@ public class EidasProxyServiceController extends AbstractController implements I spConfig.setRequiredLoA( eidasRequest.getLevelsOfAssurance().stream().map(el -> el.getValue()).collect(Collectors.toList())); - //build mandate profiles for this specific request + // build mandate profiles for this specific request buildMandateProfileConfiguration(spConfig, eidasRequest); - + + // map eIDAS attributes to national attributes + buildNationalRequestedAttributes(spConfig, eidasRequest); + return spConfig; } catch (EidasProxyServiceException e) { @@ -332,6 +338,22 @@ public class EidasProxyServiceController extends AbstractController implements I } + private void buildNationalRequestedAttributes( + ServiceProviderConfiguration spConfig, ILightRequest eidasRequest) { + boolean mandatesEnabled = !SpMandateModes.NONE.equals(spConfig.getMandateMode()); + spConfig.setRequestedAttributes( + Streams.concat( + eidasRequest.getRequestedAttributes().getAttributeMap().keySet().stream() + .map(el -> attrRegistry.getIdaAttributesForEidasAttribute( + el.getNameUri().toString(), mandatesEnabled)) + .flatMap(Collection::stream) + .filter(Objects::nonNull), + attrRegistry.getAlwaysRequestedAttributes(mandatesEnabled)) + .collect(Collectors.toSet())); + log.debug("Inject #{} attributes to request from IDA system", spConfig.getRequestedAttributes().size()); + + } + private Map extractRawConnectorConfiguration(ILightRequest eidasRequest) { Map allConnectorConfigs = authConfig.getBasicConfigurationWithPrefix( MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_PREFIX); @@ -341,8 +363,7 @@ public class EidasProxyServiceController extends AbstractController implements I el -> log.trace("Key: {} -> Value: {}", el.getKey(), el.getValue())); } - - + Map connectorConfig = allConnectorConfigs.entrySet().stream() .filter(el -> el.getKey().endsWith(MsEidasNodeConstants.PROP_CONFIG_SP_UNIQUEIDENTIFIER) && el.getValue().equals(eidasRequest.getIssuer())) diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java index 189378e0..ef1abbcd 100644 --- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java +++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java @@ -277,7 +277,10 @@ public class EidasProxyServiceControllerTest { .spType("public") .requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( - EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build()); + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()) + .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + EidasConstants.eIDAS_ATTR_BIRTHNAME).first()) + .build()); proxyService.setiLightRequest(authnReqBuilder.build()); @@ -326,6 +329,9 @@ public class EidasProxyServiceControllerTest { assertTrue("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); assertEquals("MandateMode", SpMandateModes.NONE, spConfig.getMandateMode()); + assertEquals("requested IDA attributes", 3, spConfig.getRequestedAttributes().size()); + + } @Test @@ -370,6 +376,8 @@ public class EidasProxyServiceControllerTest { .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfilesNat.contains(el))); assertEquals("MandateMode", SpMandateModes.NATURAL, spConfig.getMandateMode()); + assertEquals("requested IDA attributes", 6, spConfig.getRequestedAttributes().size()); + } @Test @@ -414,6 +422,8 @@ public class EidasProxyServiceControllerTest { .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfilesJur.contains(el))); assertEquals("MandateMode", SpMandateModes.LEGAL_FORCE, spConfig.getMandateMode()); + assertEquals("requested IDA attributes", 9, spConfig.getRequestedAttributes().size()); + } @Test @@ -481,6 +491,8 @@ public class EidasProxyServiceControllerTest { assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); assertTrue("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); assertEquals("MandateMode", SpMandateModes.NONE, spConfig.getMandateMode()); + + assertEquals("requested IDA attributes", 3, spConfig.getRequestedAttributes().size()); } -- cgit v1.2.3