From fb04ef818546cf26ed1e623e5b565ac0961780fe Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 15 Dec 2022 17:56:49 +0100 Subject: feat(connector): add support for Ukraine eIDAS-ProxyService Since Ukraine is not notified, we need a new configuration parameter to set not-notified LoA --- .../auth/eidas/v2/handler/UaEidProcessor.java | 68 ++++++++++++++++++++++ .../src/main/resources/eidas_v2_auth.beans.xml | 5 ++ .../EidasRequestPreProcessingFirstTest.java | 21 +++++++ .../EidasRequestPreProcessingSecondTest.java | 24 ++++++++ 4 files changed, 118 insertions(+) create mode 100644 modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/UaEidProcessor.java (limited to 'modules') diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/UaEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/UaEidProcessor.java new file mode 100644 index 00000000..6be0a26b --- /dev/null +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/UaEidProcessor.java @@ -0,0 +1,68 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; + +import java.util.Arrays; +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import eu.eidas.auth.commons.light.impl.LightRequest.Builder; +import lombok.Getter; +import lombok.Setter; +import lombok.extern.slf4j.Slf4j; + +/** + * Ulraine specific eIDAS AuthnRequest generation. + * + * @author tlenz + * + */ +@Slf4j +public class UaEidProcessor extends AbstractEidProcessor { + + private static final String CONFIG_PROP_UA_SPECIFIC_LOA = "auth.eIDAS.node_v2.loa.ua.requested"; + + private static final String canHandleCC = "UA"; + + @Autowired IConfiguration config; + + @Getter + @Setter + private int priority = 1; + + @Override + public String getName() { + return "UA-PostProcessor"; + + } + + @Override + public boolean canHandle(String countryCode) { + return countryCode != null && countryCode.equalsIgnoreCase(canHandleCC); + + } + + @Override + protected Map getCountrySpecificRequestedAttributes() { + return new HashMap<>(); + + } + + protected void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) { + + // allow override of LoA, because UA maybe only support not-notified LoA levels + String uaSpecificLoA = config.getBasicConfiguration(CONFIG_PROP_UA_SPECIFIC_LOA); + if (StringUtils.isNotEmpty(uaSpecificLoA)) { + authnRequestBuilder.levelsOfAssuranceValues(Arrays.asList(uaSpecificLoA)); + log.info("Set UA specific LoA level to: {}", uaSpecificLoA); + + } else { + super.buildLevelOfAssurance(spConfig, authnRequestBuilder); + + } + } + +} diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index ab4228fd..8c561fbb 100644 --- a/modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -72,6 +72,11 @@ + + + + diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java index f3863ce0..b0290c90 100644 --- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java @@ -199,4 +199,25 @@ public class EidasRequestPreProcessingFirstTest { } + @Test + @SneakyThrows + public void prePreProcessUaWithoutConfig() throws EidPostProcessingException { + + final String testCountry = "UA"; + spConfig.put("loa", EaafConstants.EIDAS_LOA_LOW); + authnRequestBuilder.citizenCountryCode(testCountry); + authnRequestBuilder.levelOfAssurance(EaafConstants.EIDAS_LOA_LOW); + + preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder); + + final LightRequest lightReq = authnRequestBuilder.build(); + + Assert.assertNotSame("RequesterId was set", lightReq.getRequesterId()); + Assert.assertEquals("no PublicSP", "public", lightReq.getSpType()); + Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size()); + + Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_LOW, lightReq.getLevelOfAssurance()); + + } + } diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java index 0453ca1d..7cfd2d5c 100644 --- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java @@ -203,4 +203,28 @@ public class EidasRequestPreProcessingSecondTest { } + @Test + @SneakyThrows + public void prePreProcessUaWithConfig() throws EidPostProcessingException { + + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.loa.ua.requested", "http://eidas.europa.eu/NotNotified/LoA/high"); + + final String testCountry = "UA"; + authnRequestBuilder.citizenCountryCode(testCountry); + authnRequestBuilder.levelOfAssurance(EaafConstants.EIDAS_LOA_LOW); + + preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder); + + final LightRequest lightReq = authnRequestBuilder.build(); + + Assert.assertNotSame("RequesterId was set", lightReq.getRequesterId()); + Assert.assertEquals("no PublicSP", "public", lightReq.getSpType()); + Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size()); + + Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/NotNotified/LoA/high", + lightReq.getLevelsOfAssurance().get(0).getValue()); + + } + } -- cgit v1.2.3