From fb04ef818546cf26ed1e623e5b565ac0961780fe Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Thu, 15 Dec 2022 17:56:49 +0100
Subject: feat(connector): add support for Ukraine eIDAS-ProxyService

Since Ukraine is not notified, we need a new configuration parameter to set not-notified LoA
---
 .../auth/eidas/v2/handler/UaEidProcessor.java      | 68 ++++++++++++++++++++++
 .../src/main/resources/eidas_v2_auth.beans.xml     |  5 ++
 .../EidasRequestPreProcessingFirstTest.java        | 21 +++++++
 .../EidasRequestPreProcessingSecondTest.java       | 24 ++++++++
 4 files changed, 118 insertions(+)
 create mode 100644 modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/UaEidProcessor.java

(limited to 'modules')

diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/UaEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/UaEidProcessor.java
new file mode 100644
index 00000000..6be0a26b
--- /dev/null
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/UaEidProcessor.java
@@ -0,0 +1,68 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * Ulraine specific eIDAS AuthnRequest generation. 
+ * 
+ * @author tlenz
+ *
+ */
+@Slf4j
+public class UaEidProcessor extends AbstractEidProcessor {
+
+  private static final String CONFIG_PROP_UA_SPECIFIC_LOA = "auth.eIDAS.node_v2.loa.ua.requested";
+  
+  private static final String canHandleCC = "UA";
+
+  @Autowired IConfiguration config;
+  
+  @Getter
+  @Setter
+  private int priority = 1;
+  
+  @Override
+  public String getName() {
+    return "UA-PostProcessor";
+    
+  }
+
+  @Override
+  public boolean canHandle(String countryCode) {
+    return countryCode != null && countryCode.equalsIgnoreCase(canHandleCC);
+    
+  }
+    
+  @Override
+  protected Map<String, Boolean> getCountrySpecificRequestedAttributes() {
+    return new HashMap<>();
+    
+  }
+  
+  protected void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) {        
+    
+    // allow override of LoA, because UA maybe only support not-notified LoA levels    
+    String uaSpecificLoA = config.getBasicConfiguration(CONFIG_PROP_UA_SPECIFIC_LOA);
+    if (StringUtils.isNotEmpty(uaSpecificLoA)) {
+      authnRequestBuilder.levelsOfAssuranceValues(Arrays.asList(uaSpecificLoA));
+      log.info("Set UA specific LoA level to: {}", uaSpecificLoA);
+      
+    } else {
+      super.buildLevelOfAssurance(spConfig, authnRequestBuilder);
+      
+    }
+  }
+  
+}
diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
index ab4228fd..8c561fbb 100644
--- a/modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
+++ b/modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
@@ -72,6 +72,11 @@
     <property name="priority" value="1" />
   </bean>
 
+  <bean id="UA-Processor"
+        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.UaEidProcessor">
+    <property name="priority" value="1" />
+  </bean>
+
   <bean id="Default-Processor"
         class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.GenericEidProcessor">
     <property name="priority" value="0" />
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
index f3863ce0..b0290c90 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
@@ -199,4 +199,25 @@ public class EidasRequestPreProcessingFirstTest {
     
   }
   
+  @Test
+  @SneakyThrows
+  public void prePreProcessUaWithoutConfig() throws EidPostProcessingException {
+
+    final String testCountry = "UA";
+    spConfig.put("loa", EaafConstants.EIDAS_LOA_LOW);
+    authnRequestBuilder.citizenCountryCode(testCountry);
+    authnRequestBuilder.levelOfAssurance(EaafConstants.EIDAS_LOA_LOW);
+    
+    preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder);
+
+    final LightRequest lightReq = authnRequestBuilder.build();
+
+    Assert.assertNotSame("RequesterId was set", lightReq.getRequesterId());
+    Assert.assertEquals("no PublicSP", "public", lightReq.getSpType());
+    Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size());
+
+    Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_LOW, lightReq.getLevelOfAssurance());
+    
+  }
+    
 }
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
index 0453ca1d..7cfd2d5c 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
@@ -203,4 +203,28 @@ public class EidasRequestPreProcessingSecondTest {
 
   }
   
+  @Test
+  @SneakyThrows
+  public void prePreProcessUaWithConfig() throws EidPostProcessingException {
+
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.loa.ua.requested", "http://eidas.europa.eu/NotNotified/LoA/high"); 
+    
+    final String testCountry = "UA";
+    authnRequestBuilder.citizenCountryCode(testCountry);
+    authnRequestBuilder.levelOfAssurance(EaafConstants.EIDAS_LOA_LOW);
+    
+    preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder);
+
+    final LightRequest lightReq = authnRequestBuilder.build();
+
+    Assert.assertNotSame("RequesterId was set", lightReq.getRequesterId());
+    Assert.assertEquals("no PublicSP", "public", lightReq.getSpType());
+    Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size());
+
+    Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/NotNotified/LoA/high", 
+        lightReq.getLevelsOfAssurance().get(0).getValue());
+    
+  }
+  
 }
-- 
cgit v1.2.3