2 files changed, 51 insertions, 14 deletions

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index d975b6e0a..74cf665ca 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -22,10 +22,17 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas;
 
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
 import org.apache.xml.security.signature.XMLSignature;
 import org.opensaml.xml.encryption.EncryptionConstants;
 import org.opensaml.xml.signature.SignatureConstants;
 
+import at.gv.egovernment.moa.id.data.Trible;
+
 /**
  * @author tlenz
  *
@@ -119,4 +126,15 @@ public class Constants {
     		EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128 + ";" + 
     		EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
     
+    public static final List<URI> NATURALPERSONMINIMUMDATASETLIST = Collections.unmodifiableList(new ArrayList<URI>() {
+		private static final long serialVersionUID = 1L;
+		{
+			add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_FAMILY_NAME.getNameUri());
+			add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_GIVEN_NAME.getNameUri());
+			add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.DATE_OF_BIRTH.getNameUri());
+			add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PERSON_IDENTIFIER.getNameUri());
+		}
+	});
+
+    
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 1ce900ebb..8fb81082f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.eidas;
 
 import java.io.IOException;
 import java.io.StringWriter;
+import java.net.URI;
 import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -62,6 +63,7 @@ import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.EidasStringUtil;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
 import eu.eidas.auth.commons.protocol.IAuthenticationRequest;
 import eu.eidas.auth.commons.protocol.IResponseMessage;
 import eu.eidas.auth.commons.protocol.eidas.IEidasAuthenticationRequest;
@@ -302,7 +304,37 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
 				
 			}
 			
-						
+			//validate service-provider type from eIDAS request
+			String spType = null;
+			if (eIDASSamlReq.getSpType() != null)
+				spType = eIDASSamlReq.getSpType();
+				
+			if (MiscUtil.isEmpty(spType))
+				spType = MetadataUtil.getSPTypeFromMetadata(eIDASNodeEntityDesc);
+							
+			if (MiscUtil.isNotEmpty(spType))
+				Logger.debug("eIDAS request has SPType:" + spType);			
+			else {
+				Logger.warn("eIDAS request and eIDAS metadata contains NO 'SPType' element.");
+				throw new EIDASAuthnRequestProcessingException("eIDAS.06", 
+						new Object[]{"eIDAS request and eIDAS metadata contains NO 'SPType' element."});
+				
+			}
+				
+			//validate if minimal data-set if it is not fully requested
+			//TODO: must be tested!!!!
+			ImmutableAttributeMap reqAttrList = eIDASSamlReq.getRequestedAttributes();
+			for (URI el : Constants.NATURALPERSONMINIMUMDATASETLIST) {
+				if(reqAttrList.getAttributeValuesByNameUri(el) == null) {
+					Logger.warn("Minimum data-set attribute: " + el + " is not requested.");
+					throw new EIDASAuthnRequestProcessingException("eIDAS.06", 
+							new Object[]{"eIDAS request does not contain all attributes of minimum data-set for natural person"});
+					
+				}
+			}
+			
+			
+			
 			//*************************************************
 			//*****  store eIDAS request information  *********
 			//*************************************************
@@ -335,19 +367,6 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
 	
 			// - memorize OA config
 			pendingReq.setOnlineApplicationConfiguration(oaConfig);
-			
-			// - memorize service-provider type from eIDAS request
-			String spType = null;
-			if (eIDASSamlReq.getSpType() != null)
-				spType = eIDASSamlReq.getSpType();
-				
-			if (MiscUtil.isEmpty(spType))
-				spType = MetadataUtil.getSPTypeFromMetadata(eIDASNodeEntityDesc);
-							
-			if (MiscUtil.isNotEmpty(spType))
-				Logger.debug("eIDAS request has SPType:" + spType);			
-			else
-				Logger.info("eIDAS request and eIDAS metadata contains NO 'SPType' element.");
 					
 		} catch (MOAIDException e) {
 			Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage());