18F · KeithNava · May 21, 2024 · May 13, 2024 · May 13, 2024 · May 15, 2024
diff --git a/app/services/vot/parser.rb b/app/services/vot/parser.rb
@@ -12,6 +12,7 @@ class ParseException < StandardError; end
       :identity_proofing?,
       :biometric_comparison?,
       :ialmax?,
+      :enhanced_ipp?,
     ) do
       def self.no_sp_result
         self.new(
@@ -22,6 +23,7 @@ def self.no_sp_result
           identity_proofing?: false,
           biometric_comparison?: false,
           ialmax?: false,
+          enhanced_ipp?: false,
         )
       end
 
@@ -86,6 +88,7 @@ def expand_components_with_initial_components(initial_components)
         identity_proofing?: requirement_list.include?(:identity_proofing),
         biometric_comparison?: requirement_list.include?(:biometric_comparison),
         ialmax?: requirement_list.include?(:ialmax),
+        enhanced_ipp?: requirement_list.include?(:enhanced_ipp),
       )
     end
 

diff --git a/app/services/vot/supported_component_values.rb b/app/services/vot/supported_component_values.rb
@@ -38,6 +38,12 @@ module SupportedComponentValues
       implied_component_values: [P1],
       requirements: [:biometric_comparison],
     ).freeze
+    Pe = ComponentValue.new(
+      name: 'Pe',
+      description: 'Enhanced In Person Proofing is required',
+      implied_component_values: [P1],
+      requirements: [:enhanced_ipp],
+    ).freeze
 
     NAME_HASH = constants.map do |constant|
       component_value = const_get(constant)

diff --git a/spec/policies/service_provider_mfa_policy_spec.rb b/spec/policies/service_provider_mfa_policy_spec.rb
@@ -15,6 +15,7 @@
       identity_proofing?: false,
       biometric_comparison?: false,
       ialmax?: false,
+      enhanced_ipp?: false,
     )
   end
   let(:auth_methods_session) { AuthMethodsSession.new(user_session: {}) }

diff --git a/spec/services/authn_context_resolver_spec.rb b/spec/services/authn_context_resolver_spec.rb
@@ -18,6 +18,26 @@
       expect(result.identity_proofing?).to eq(true)
       expect(result.biometric_comparison?).to eq(true)
       expect(result.ialmax?).to eq(false)
+      expect(result.enhanced_ipp?).to eq(false)
+    end
+
+    it 'parses the vtr param for enhanced ipp' do
+      vtr = ['Pe']
+
+      result = AuthnContextResolver.new(
+        service_provider: nil,
+        vtr: vtr,
+        acr_values: nil,
+      ).resolve
+
+      expect(result.component_values.map(&:name).join('.')).to eq('C1.C2.P1.Pe')
+      expect(result.aal2?).to eq(true)
+      expect(result.phishing_resistant?).to eq(false)
+      expect(result.hspd12?).to eq(false)
+      expect(result.identity_proofing?).to eq(true)
+      expect(result.biometric_comparison?).to eq(false)
+      expect(result.ialmax?).to eq(false)
+      expect(result.enhanced_ipp?).to eq(true)
     end
 
     it 'ignores any acr_values params that are passed' do
@@ -59,6 +79,7 @@
         expect(result.identity_proofing?).to eq(false)
         expect(result.biometric_comparison?).to eq(false)
         expect(result.ialmax?).to eq(false)
+        expect(result.enhanced_ipp?).to eq(false)
       end
 
       it 'properly parses an ACR value without an AAL ACR' do
@@ -79,6 +100,7 @@
         expect(result.identity_proofing?).to eq(false)
         expect(result.biometric_comparison?).to eq(false)
         expect(result.ialmax?).to eq(false)
+        expect(result.enhanced_ipp?).to eq(false)
       end
 
       it 'properly parses an ACR value without an IAL ACR' do
@@ -99,6 +121,7 @@
         expect(result.identity_proofing?).to eq(false)
         expect(result.biometric_comparison?).to eq(false)
         expect(result.ialmax?).to eq(false)
+        expect(result.enhanced_ipp?).to eq(false)
       end
     end
 

diff --git a/spec/services/vot/parser_spec.rb b/spec/services/vot/parser_spec.rb
@@ -22,6 +22,7 @@
         expect(result.identity_proofing?).to eq(false)
         expect(result.biometric_comparison?).to eq(false)
         expect(result.ialmax?).to eq(false)
+        expect(result.enhanced_ipp?).to eq(false)
       end
     end
 
@@ -38,6 +39,22 @@
         expect(result.identity_proofing?).to eq(true)
         expect(result.biometric_comparison?).to eq(true)
         expect(result.ialmax?).to eq(false)
+        expect(result.enhanced_ipp?).to eq(false)
+      end
+
+      it 'adds the Enhanced In Person Proofing components' do
+        vector_of_trust = 'Pe'
+
+        result = Vot::Parser.new(vector_of_trust:).parse
+
+        expect(result.component_values.map(&:name).join('.')).to eq('C1.C2.P1.Pe')
+        expect(result.aal2?).to eq(true)
+        expect(result.phishing_resistant?).to eq(false)
+        expect(result.hspd12?).to eq(false)
+        expect(result.identity_proofing?).to eq(true)
+        expect(result.biometric_comparison?).to eq(false)
+        expect(result.ialmax?).to eq(false)
+        expect(result.enhanced_ipp?).to eq(true)
       end
     end
 
@@ -77,6 +94,7 @@
           expect(result.identity_proofing?).to eq(true)
           expect(result.biometric_comparison?).to eq(false)
           expect(result.ialmax?).to eq(false)
+          expect(result.enhanced_ipp?).to eq(false)
         end
       end
     end