diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-04-01 17:24:53 +0200 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-04-01 17:24:53 +0200 |
commit | c972a8106bbff5dea9fecc76864be9a99a868d78 (patch) | |
tree | 6c9cfca3a7cd002d5fe6e4bbaf884b877ecaf5bf | |
parent | f4a941a0c4bbe6251a108612a4ee49607d6951fc (diff) | |
parent | 5945c62128c2cb9d552ad7b4c085c09d046d2d56 (diff) | |
download | EAAF-Components-c972a8106bbff5dea9fecc76864be9a99a868d78.tar.gz EAAF-Components-c972a8106bbff5dea9fecc76864be9a99a868d78.tar.bz2 EAAF-Components-c972a8106bbff5dea9fecc76864be9a99a868d78.zip |
Merge branch 'nightlyBuild'
81 files changed, 2590 insertions, 665 deletions
diff --git a/checks/egiz_checks.xml b/checks/egiz_checks.xml index 6a8e68ef..ad0be35e 100644 --- a/checks/egiz_checks.xml +++ b/checks/egiz_checks.xml @@ -1,13 +1,12 @@ <?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE module PUBLIC "-//Checkstyle//DTD Check Configuration 1.3//EN" "https://apps.egiz.gv.at/checkstyle/configuration_1_3.dtd"> +<!DOCTYPE module PUBLIC "-//Checkstyle//DTD Check Configuration 1.3//EN" "https://checkstyle.org/dtds/configuration_1_3.dtd"> <!-- This configuration file was written by the eclipse-cs plugin configuration editor --> <!-- - Checkstyle-Configuration: Google checks with EGIZ modifications - Description: -Checkstyle configuration that checks the Google coding conventions from Google Java Style that can be found at https://google.github.io/styleguide/javaguide.html. + Checkstyle-Configuration: EGIZ_checkstyle + Description: none --> <module name="Checker"> <property name="severity" value="warning"/> @@ -20,9 +19,6 @@ Checkstyle configuration that checks the Google coding conventions from Google J <property name="format" value="\\u00(09|0(a|A)|0(c|C)|0(d|D)|22|27|5(C|c))|\\(0(10|11|12|14|15|42|47)|134)"/> <property name="message" value="Consider using special escape sequence instead of octal value or Unicode escaped value."/> </module> - <!-- module name="SuppressionFilter"> - <property name="file" value="${samedir}/checkstyleSuppress.xml" /> - </module--> <module name="AvoidEscapedUnicodeCharacters"> <property name="allowEscapesForControlCharacters" value="true"/> <property name="allowByTailComment" value="true"/> @@ -180,9 +176,7 @@ Checkstyle configuration that checks the Google coding conventions from Google J <module name="JavadocMethod"> <property name="allowedAnnotations" value="Override, Test"/> <property name="scope" value="public"/> - <property name="allowThrowsTagsForSubclasses" value="true"/> - <property name="allowMissingParamTags" value="true"/> - <property name="allowMissingThrowsTags" value="true"/> + <property name="allowMissingParamTags" value="false"/> <property name="allowMissingReturnTag" value="true"/> </module> <module name="MissingJavadocMethod"> @@ -204,6 +198,8 @@ Checkstyle configuration that checks the Google coding conventions from Google J <module name="IllegalImport"/> <module name="RedundantImport"/> <module name="UnusedImports"/> + <module name="ParameterNumber"/> + <module name="RedundantModifier"/> </module> <module name="BeforeExecutionExclusionFileFilter"> <property name="fileNamePattern" value="module\-info\.java$"/> diff --git a/eaaf_core/pom.xml b/eaaf_core/pom.xml index bf6c5b47..4ee46149 100644 --- a/eaaf_core/pom.xml +++ b/eaaf_core/pom.xml @@ -4,7 +4,7 @@ <parent> <groupId>at.gv.egiz</groupId> <artifactId>eaaf</artifactId> - <version>1.1.0</version> + <version>1.1.1</version> </parent> <groupId>at.gv.egiz.eaaf</groupId> @@ -37,6 +37,7 @@ <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> + <scope>provided</scope> </dependency> <dependency> <groupId>org.slf4j</groupId> diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java index a7e4f6fe..b3e0c88f 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java @@ -3,6 +3,8 @@ package at.gv.egiz.eaaf.core.api.utils; import java.io.IOException; import java.io.InputStream; +import com.google.gson.JsonParseException; + import at.gv.egiz.eaaf.core.exceptions.EaafJsonMapperException; public interface IJsonMapper { @@ -23,6 +25,7 @@ public interface IJsonMapper { * @param value the JSON string to deserialize * @param clazz optional parameter that determines the type of the returned * object. If not set, an {@link Object} is returned. + * @param <T> Response class type * @return the deserialized JSON string as an object of type {@code clazz} or * {@link Object} * @throws JsonParseException if the JSON string contains invalid content. @@ -39,6 +42,7 @@ public interface IJsonMapper { * @param is the JSON to deserialize as {@link InputStream} * @param clazz optional parameter that determines the type of the returned * object. If not set, an {@link Object} is returned. + * @param <T> Response class type * @return the deserialized JSON string as an object of type {@code clazz} or * {@link Object} * @throws JsonParseException if the JSON string contains invalid content. diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java index a6fe5ff0..677e3c46 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java @@ -27,15 +27,16 @@ import java.util.Date; import java.util.Map; import java.util.TimeZone; -import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; -import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; - import org.apache.commons.collections4.map.HashedMap; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder; + /** * Service-Provider specific authentication data. * @@ -48,6 +49,7 @@ public class AuthenticationData implements IAuthData, Serializable { private static final long serialVersionUID = -1042697056735596866L; public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; + public static final String ISSUE_INSTANT_DATE_FORMAT = "yyyy-MM-dd'T'HH:mm:ss'Z'"; private boolean isBaseIdTransferRestrication = true; private final Map<String, Object> genericDataStorate = new HashedMap<>(); @@ -112,7 +114,7 @@ public class AuthenticationData implements IAuthData, Serializable { @Override public String getAuthenticationIssueInstantString() { - final SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"); + final SimpleDateFormat f = new SimpleDateFormat(ISSUE_INSTANT_DATE_FORMAT); f.setTimeZone(TimeZone.getTimeZone("UTC")); return f.format(this.issueInstant); @@ -292,7 +294,8 @@ public class AuthenticationData implements IAuthData, Serializable { */ @Deprecated public void setBpkType(final String bpkType) { - this.bpkType = bpkType; + this.bpkType = BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(bpkType); + } @Override diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java index 75b14489..c2f85fef 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java @@ -26,6 +26,17 @@ import java.util.ArrayList; import java.util.Collection; import java.util.Map.Entry; +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.lang.NonNull; +import org.springframework.util.Assert; +import org.springframework.util.Base64Utils; +import org.w3c.dom.DOMException; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; @@ -49,17 +60,6 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.lang.NonNull; -import org.springframework.util.Assert; -import org.springframework.util.Base64Utils; -import org.w3c.dom.DOMException; -import org.w3c.dom.Element; -import org.w3c.dom.Node; - public abstract class AbstractAuthenticationDataBuilder implements IAuthenticationDataBuilder { private static final Logger log = LoggerFactory.getLogger(AbstractAuthenticationDataBuilder.class); @@ -726,21 +726,9 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class); if (StringUtils.isNotEmpty(pvpBpkTypeAttr)) { - // //fix a wrong bPK-Type encoding, which was used in some PVP Standardportal - // implementations - // if (pvpbPKTypeAttr.startsWith(EAAFConstants.URN_PREFIX_CDID) && - // !pvpbPKTypeAttr.substring(EAAFConstants.URN_PREFIX_CDID.length(), - // EAAFConstants.URN_PREFIX_CDID.length() + 1).equals("+")) { - // log.warn("Receive uncorrect encoded bBKType attribute " + pvpbPKTypeAttr + " - // Starting - // attribute value correction ... "); - // pvpbPKTypeAttr = EAAFConstants.URN_PREFIX_CDID + "+" + - // pvpbPKTypeAttr.substring(EAAFConstants.URN_PREFIX_CDID.length() + 1); - // - // } - log.debug( - "Find PVP-Attr: " + PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME); - return pvpBpkTypeAttr; + log.debug("Find PVP-Attr: {}", PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME); + return BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(pvpBpkTypeAttr); + } return null; diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java index a613bd56..fed4af32 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java @@ -25,20 +25,22 @@ import java.security.PrivateKey; import java.security.PublicKey; import java.text.SimpleDateFormat; import java.util.Date; +import java.util.Map.Entry; +import javax.annotation.Nullable; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.util.Base64Utils; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; import at.gv.egiz.eaaf.core.impl.data.Pair; +import lombok.extern.slf4j.Slf4j; + /** * Builder for the bPK, as defined in @@ -47,9 +49,11 @@ import at.gv.egiz.eaaf.core.impl.data.Pair; * <code>"reference.e-government.gv.at"</code>. * */ +@Slf4j public class BpkBuilder { - private static final Logger log = LoggerFactory.getLogger(BpkBuilder.class); - + + private static final String ERROR_MSG_WRONG_TARGET_FORMAT = "bPK-target format must be full URI"; + /** * Calculates an area specific unique person-identifier from a baseID. * @@ -100,12 +104,17 @@ public class BpkBuilder { if (baseIdType.equals(EaafConstants.URN_PREFIX_BASEID)) { log.trace("Find baseID. Starting unique identifier caluclation for this target"); - if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_CDID) - || targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) { - log.trace("Calculate bPK, wbPK, or STORK identifier for target: " + targetIdentifier); + if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_CDID)) { + log.trace("Calculate bPK identifier for target: " + targetIdentifier); return Pair.newInstance(calculatebPKwbPK(baseID + "+" + targetIdentifier), targetIdentifier); + } else if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) { + log.trace("Calculate wbPK identifier for target: " + targetIdentifier); + return Pair.newInstance(calculatebPKwbPK( + baseID + "+" + normalizeBpkTargetIdentifierToCalculationFormat(targetIdentifier)), + normalizeBpkTargetIdentifierToCommonFormat(targetIdentifier)); + } else if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_EIDAS)) { log.trace("Calculate eIDAS identifier for target: " + targetIdentifier); final String[] splittedTarget = targetIdentifier.split("\\+"); @@ -144,57 +153,13 @@ public class BpkBuilder { } } - /** - * Builds the eIDAS from the given parameters. - * - * @param baseId baseID of the citizen - * @param baseIdType Type of the baseID - * @param sourceCountry CountryCode of that country, which build the eIDAs - * ID - * @param destinationCountry CountryCode of that country, which receives the - * eIDAs ID - * - * @return Pair eIDAs/bPKType in a BASE64 encoding - * @throws EaafBuilderException if some input data are not valid - */ - private static Pair<String, String> buildEidasIdentifer(final String baseId, - final String baseIdType, final String sourceCountry, final String destinationCountry) - throws EaafBuilderException { - String bpk = null; - String bpkType = null; - // check if we have been called by public sector application - if (baseIdType.startsWith(EaafConstants.URN_PREFIX_BASEID)) { - bpkType = EaafConstants.URN_PREFIX_EIDAS + sourceCountry + "+" + destinationCountry; - log.debug("Building eIDAS identification from: [identValue]+" + bpkType); - bpk = calculatebPKwbPK(baseId + "+" + bpkType); - - } else { // if not, sector identification value is already calculated by BKU - log.debug("eIDAS eIdentifier already provided by BKU"); - bpk = baseId; - } - - if (StringUtils.isEmpty(bpk) || StringUtils.isEmpty(sourceCountry) - || StringUtils.isEmpty(destinationCountry)) { - throw new EaafBuilderException("builder.00", - new Object[] { "eIDAS-ID", - "Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland=" - + destinationCountry + ", Ursprungsland=" + sourceCountry }, - "eIDAS-ID: Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland=" - + destinationCountry + ", Ursprungsland=" + sourceCountry); - } - - log.trace("eIDAS pseudonym generation finished. "); - final String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bpk; - - return Pair.newInstance(eIdentifier, bpkType); - } /** * Create an encrypted bPK. * * @param bpk unencrypted bPK - * @param target bPK target + * @param target bPK target in full form * @param publicKey Public-Key used for encryption * @return encrypted bPK * @throws EaafBuilderException In case of an error @@ -202,12 +167,17 @@ public class BpkBuilder { public static String encryptBpk(final String bpk, String target, final PublicKey publicKey) throws EaafBuilderException { final SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss"); - if (target.startsWith(EaafConstants.URN_PREFIX_CDID)) { - target = target.substring(EaafConstants.URN_PREFIX_CDID.length()); + + if (!target.startsWith(EaafConstants.URN_PREFIX_WITH_COLON)) { + throw new EaafBuilderException("builder.32", + null, ERROR_MSG_WRONG_TARGET_FORMAT); + } + + target = normalizeBpkTargetIdentifierToCalculationFormat(target); final String input = - "V1::urn:publicid:gv.at:cdid+" + target + "::" + bpk + "::" + sdf.format(new Date()); + "V1::" + target + "::" + bpk + "::" + sdf.format(new Date()); // System.out.println(input); byte[] result; try { @@ -227,17 +197,23 @@ public class BpkBuilder { * Decrypt an encrypted bPK. * * @param encryptedBpk encrypted bPK - * @param target bPK target + * @param target bPK target in full form * @param privateKey private-key for decryption - * @return bPK + * @return bPK Pair consists of (unique person identifier for this target, + * targetArea) but never null * @throws EaafBuilderException In case of an error */ - public static String decryptBpk(final String encryptedBpk, String target, + public static Pair<String, String> decryptBpk(final String encryptedBpk, String target, final PrivateKey privateKey) throws EaafBuilderException { String decryptedString; + + if (!target.startsWith(EaafConstants.URN_PREFIX_WITH_COLON)) { + throw new EaafBuilderException("builder.32", + null, ERROR_MSG_WRONG_TARGET_FORMAT); + + } + try { - // byte[] encryptedBytes = Base64Utils.decode(encryptedBpk, false, - // "ISO-8859-1"); final byte[] encryptedBytes = Base64Utils.decode(encryptedBpk.getBytes("ISO-8859-1")); final byte[] decryptedBytes = decrypt(encryptedBytes, privateKey); decryptedString = new String(decryptedBytes, "ISO-8859-1"); @@ -247,23 +223,121 @@ public class BpkBuilder { } - String tmp = decryptedString.substring(decryptedString.indexOf('+') + 1); - final String sector = tmp.substring(0, tmp.indexOf("::")); - tmp = tmp.substring(tmp.indexOf("::") + 2); - final String bPK = tmp.substring(0, tmp.indexOf("::")); - - if (target.startsWith(EaafConstants.URN_PREFIX_CDID + "+")) { - target = target.substring((EaafConstants.URN_PREFIX_CDID + "+").length()); + String[] parts = decryptedString.split("::"); + if (parts.length != 4) { + log.trace("Encrypted bPK has value: {}", decryptedString); + throw new EaafBuilderException("builder.31", new Object[] {parts.length}, + "encBpk has a suspect format"); + } + + final String sector = parts[1]; + final String bPK = parts[2]; - if (target.equals(sector)) { - return bPK; + if (target.equals(normalizeBpkTargetIdentifierToCommonFormat(sector))) { + return Pair.newInstance(bPK, target); + } else { - log.error("Decrypted bPK does not match to request bPK target."); - return null; + throw new EaafBuilderException("builder.30", new Object[] {sector, target}, + "Decrypted bPK-target does not match"); + } } + /** + * Normalize wbPK target identifier for FN, ZVR, and ERSB to XFN, XZVR, and XERSB. + * + * <p>If the target is not of this types the target will be returned as it is</p> + * @param targetIdentifier bPK input target + * @return XFN, XZVR, XERSB, or targetIdentfier if no normalization is required + */ + @Nullable + public static String normalizeBpkTargetIdentifierToCommonFormat(@Nullable String targetIdentifier) { + if (targetIdentifier != null + && !targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X)) { + for (Entry<String, String> mapper : EaafConstants.URN_WBPK_TARGET_X_TO_NONE_MAPPER.entrySet()) { + if (targetIdentifier.startsWith(mapper.getValue())) { + String wbpkTarget = mapper.getKey() + targetIdentifier.substring(mapper.getValue().length()); + log.trace("Normalize wbPK target: {} to {}", targetIdentifier, wbpkTarget); + return wbpkTarget; + + } + } + } + + return targetIdentifier; + } + + /** + * Normalize wbPK target identifier for XFN, XZVR, and XERSB to bPK calculation format like, FN, ZVR, and ERSB. + * + * <p>If the target is not of this types the target will be returned as it is</p> + * + * @param targetIdentifier bPK input target + * @return FN, ZVR, ERSB, or targetIdentfier if no normalization is required + */ + @Nullable + public static String normalizeBpkTargetIdentifierToCalculationFormat(@Nullable String targetIdentifier) { + if (targetIdentifier != null && targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) { + for (Entry<String, String> mapper : EaafConstants.URN_WBPK_TARGET_X_TO_NONE_MAPPER.entrySet()) { + if (targetIdentifier.startsWith(mapper.getKey())) { + String wbpkTarget = mapper.getValue() + targetIdentifier.substring(mapper.getKey().length()); + log.trace("Find new wbPK target: {}. Replace it by: {}", targetIdentifier, wbpkTarget); + return wbpkTarget; + + } + } + } + + return targetIdentifier; + } + + /** + * Builds the eIDAS from the given parameters. + * + * @param baseId baseID of the citizen + * @param baseIdType Type of the baseID + * @param sourceCountry CountryCode of that country, which build the eIDAs + * ID + * @param destinationCountry CountryCode of that country, which receives the + * eIDAs ID + * + * @return Pair eIDAs/bPKType in a BASE64 encoding + * @throws EaafBuilderException if some input data are not valid + */ + private static Pair<String, String> buildEidasIdentifer(final String baseId, + final String baseIdType, final String sourceCountry, final String destinationCountry) + throws EaafBuilderException { + String bpk = null; + String bpkType = null; + + // check if we have been called by public sector application + if (baseIdType.startsWith(EaafConstants.URN_PREFIX_BASEID)) { + bpkType = EaafConstants.URN_PREFIX_EIDAS + sourceCountry + "+" + destinationCountry; + log.debug("Building eIDAS identification from: [identValue]+" + bpkType); + bpk = calculatebPKwbPK(baseId + "+" + bpkType); + + } else { // if not, sector identification value is already calculated by BKU + log.debug("eIDAS eIdentifier already provided by BKU"); + bpk = baseId; + } + + if (StringUtils.isEmpty(bpk) || StringUtils.isEmpty(sourceCountry) + || StringUtils.isEmpty(destinationCountry)) { + throw new EaafBuilderException("builder.00", + new Object[] { "eIDAS-ID", + "Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland=" + + destinationCountry + ", Ursprungsland=" + sourceCountry }, + "eIDAS-ID: Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland=" + + destinationCountry + ", Ursprungsland=" + sourceCountry); + } + + log.trace("eIDAS pseudonym generation finished. "); + final String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bpk; + + return Pair.newInstance(eIdentifier, bpkType); + } + private static String calculatebPKwbPK(final String basisbegriff) throws EaafBuilderException { try { final MessageDigest md = MessageDigest.getInstance("SHA-1"); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java index 988a78b6..8eef4a8e 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java @@ -19,26 +19,31 @@ package at.gv.egiz.eaaf.core.impl.idp.auth.data; +import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Date; import java.util.HashMap; import java.util.Map; import java.util.TimeZone; +import javax.annotation.Nullable; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.EaafAuthProcessDataConstants; import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - public class AuthProcessDataWrapper implements IAuthProcessDataContainer, EaafAuthProcessDataConstants { private static final Logger log = LoggerFactory.getLogger(AuthProcessDataWrapper.class); + public static final String PATTERN_ISSUE_INSTANT = "yyyy-MM-dd'T'HH:mm:ss'Z'"; + protected Map<String, Object> authProcessData; public AuthProcessDataWrapper(final Map<String, Object> authProcessData) { @@ -46,6 +51,11 @@ public class AuthProcessDataWrapper } + @Override + public Date getIssueInstant() { + return wrapStoredObject(VALUE_ISSUEINSTANT, null, Date.class); + } + /* * (non-Javadoc) * @@ -53,8 +63,9 @@ public class AuthProcessDataWrapper * at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant() */ @Override - public String getIssueInstant() { - return wrapStringObject(VALUE_ISSUEINSTANT, null, String.class); + public String getIssueInstantString() { + return buildDateTimeUtcString( + wrapStoredObject(VALUE_ISSUEINSTANT, null, Date.class)); } /* @@ -66,7 +77,8 @@ public class AuthProcessDataWrapper */ @Override public void setIssueInstant(final String issueInstant) { - authProcessData.put(VALUE_ISSUEINSTANT, issueInstant); + authProcessData.put(VALUE_ISSUEINSTANT, + buildDateTimeUtcDate(issueInstant)); } @@ -79,7 +91,7 @@ public class AuthProcessDataWrapper */ @Override public void setIssueInstant(final Date issueInstant) { - authProcessData.put(VALUE_ISSUEINSTANT, buildDateTimeUtc(issueInstant)); + authProcessData.put(VALUE_ISSUEINSTANT, issueInstant); } @@ -91,7 +103,7 @@ public class AuthProcessDataWrapper */ @Override public boolean isAuthenticated() { - return wrapStringObject(FLAG_IS_AUTHENTICATED, false, Boolean.class); + return wrapStoredObject(FLAG_IS_AUTHENTICATED, false, Boolean.class); } @@ -116,7 +128,7 @@ public class AuthProcessDataWrapper */ @Override public IIdentityLink getIdentityLink() { - return wrapStringObject(VALUE_IDENTITYLINK, null, IIdentityLink.class); + return wrapStoredObject(VALUE_IDENTITYLINK, null, IIdentityLink.class); } @@ -141,7 +153,7 @@ public class AuthProcessDataWrapper */ @Override public boolean isMandateUsed() { - return wrapStringObject(FLAG_USE_MANDATE, false, Boolean.class); + return wrapStoredObject(FLAG_USE_MANDATE, false, Boolean.class); } /* @@ -164,7 +176,7 @@ public class AuthProcessDataWrapper */ @Override public String getQaaLevel() { - return wrapStringObject(VALUE_QAALEVEL, null, String.class); + return wrapStoredObject(VALUE_QAALEVEL, null, String.class); } /* @@ -187,7 +199,7 @@ public class AuthProcessDataWrapper */ @Override public boolean isForeigner() { - return wrapStringObject(FLAG_IS_FOREIGNER, false, Boolean.class); + return wrapStoredObject(FLAG_IS_FOREIGNER, false, Boolean.class); } /* @@ -209,7 +221,7 @@ public class AuthProcessDataWrapper */ @Override public boolean isOW() { - return wrapStringObject(FLAG_IS_ORGANWALTER, false, Boolean.class); + return wrapStoredObject(FLAG_IS_ORGANWALTER, false, Boolean.class); } /* @@ -225,7 +237,7 @@ public class AuthProcessDataWrapper @Override public boolean isEidProcess() { - return wrapStringObject(FLAG_IS_NEW_EID_PROCESS, false, Boolean.class); + return wrapStoredObject(FLAG_IS_NEW_EID_PROCESS, false, Boolean.class); } @Override @@ -242,7 +254,7 @@ public class AuthProcessDataWrapper */ @Override public Date getSessionCreated() { - return wrapStringObject(EaafConstants.AUTH_DATA_CREATED, null, Date.class); + return wrapStoredObject(EaafConstants.AUTH_DATA_CREATED, null, Date.class); } /* @@ -283,7 +295,7 @@ public class AuthProcessDataWrapper */ @Override public <T> T getGenericDataFromSession(final String key, final Class<T> clazz) { - return wrapStringObject(GENERIC_PREFIX + key, null, clazz); + return wrapStoredObject(GENERIC_PREFIX + key, null, clazz); } /* @@ -299,7 +311,7 @@ public class AuthProcessDataWrapper } - protected <T> T wrapStringObject(final String key, final Object defaultValue, + protected <T> T wrapStoredObject(final String key, final Object defaultValue, final Class<T> clazz) { if (StringUtils.isNotEmpty(key)) { final Object obj = authProcessData.get(key); @@ -322,16 +334,49 @@ public class AuthProcessDataWrapper } /** - * Builds a <code>dateTime</code> value in UTC from a <code>Calendar</code> value. + * Builds a {@link String} dateTime value in UTC from a {@link Date} value. * - * @param date the <code>Calendar</code> value - * @return the <code>dateTime</code> value + * @param date the {@link Date} that should be transformed + * @return The {@link String} representation of the date in + * <code>yyyy-MM-dd'T'HH:mm:ss'Z'</code>, or <code>null</code> if {@link Date} was <code>null</code> */ - public static String buildDateTimeUtc(final Date date) { + @Nullable + public static String buildDateTimeUtcString(@Nullable final Date date) { + if (date == null) { + return null; - final SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"); - f.setTimeZone(TimeZone.getTimeZone("UTC")); + } + final SimpleDateFormat f = new SimpleDateFormat(PATTERN_ISSUE_INSTANT); + f.setTimeZone(TimeZone.getTimeZone("UTC")); return f.format(date.getTime()); + + } + + /** + * Builds a {@link String} dateTime value in UTC from a {@link Date} value. + * + * @param date the {@link String} in <code>yyyy-MM-dd'T'HH:mm:ss'Z'</code> + * format that should be transformed + * @return The {@link Date} representation of the date, otherwise <code>null</code> + * if input parameter was <code>null</code> or invalid + */ + @Nullable + public static Date buildDateTimeUtcDate(@Nullable final String date) { + final SimpleDateFormat f = new SimpleDateFormat(PATTERN_ISSUE_INSTANT); + try { + if (date != null) { + return f.parse(date); + + } + + } catch (final ParseException e) { + log.error("Can NOT parse Date from String: {}", date, null, e); + + } + + return null; + } + } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java index 817c7aa2..4c82adac 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java @@ -70,8 +70,8 @@ import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException; import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; import at.gv.egiz.eaaf.core.impl.gui.AbstractGuiFormBuilderConfiguration; +import at.gv.egiz.eaaf.core.impl.http.HttpUtils; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; -import at.gv.egiz.eaaf.core.impl.utils.HttpUtils; @Service public class ProtocolAuthenticationService implements IProtocolAuthenticationService { diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java index 172d74a7..e18cc1a8 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java @@ -84,12 +84,16 @@ public class BpkAttributeBuilder implements IPvpAttributeBuilder { Assert.isTrue(type != null, "bPKType is 'NULL'"); if (type.startsWith(EaafConstants.URN_PREFIX_WBPK)) { return type.substring(EaafConstants.URN_PREFIX_WBPK.length()); + } else if (type.startsWith(EaafConstants.URN_PREFIX_CDID)) { return type.substring(EaafConstants.URN_PREFIX_CDID.length()); + } else if (type.startsWith(EaafConstants.URN_PREFIX_EIDAS)) { return type.substring(EaafConstants.URN_PREFIX_EIDAS.length()); + } else { return type; + } } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java index 3aedf9ab..48d7a3a3 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java @@ -27,6 +27,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder; @PvpMetadata public class EidSectorForIdAttributeBuilder implements IPvpAttributeBuilder { @@ -46,7 +47,9 @@ public class EidSectorForIdAttributeBuilder implements IPvpAttributeBuilder { } return g.buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, - EID_SECTOR_FOR_IDENTIFIER_NAME, bpktype); + EID_SECTOR_FOR_IDENTIFIER_NAME, + BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(bpktype)); + } @Override diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java index 5dcbcb7e..708ef399 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java @@ -28,10 +28,6 @@ import java.util.Map.Entry; import javax.annotation.PostConstruct; -import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; - import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -42,6 +38,10 @@ import org.springframework.core.env.EnumerablePropertySource; import org.springframework.core.env.Environment; import org.springframework.core.env.PropertySource; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; + public abstract class AbstractSpringBootConfigurationImpl implements IConfigurationWithSP { private static final Logger log = LoggerFactory.getLogger(AbstractSpringBootConfigurationImpl.class); @@ -114,7 +114,7 @@ public abstract class AbstractSpringBootConfigurationImpl implements IConfigurat return new URI(env.getRequiredProperty(addPrefixToKey(PROP_CONFIG_ROOT_DIR))); } catch (IllegalStateException | URISyntaxException e) { - log.warn("ConfigRootDirectory is NOT set"); + log.warn("ConfigRootDirectory is NOT set", e); return null; } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java index adc8774a..f4494106 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java @@ -40,8 +40,8 @@ import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.impl.http.HttpUtils; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; -import at.gv.egiz.eaaf.core.impl.utils.HttpUtils; import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; import org.apache.commons.lang3.StringUtils; diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java index 27bc829d..3eff8a7b 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java @@ -52,6 +52,8 @@ public class ExecutionContextImpl implements ExecutionContext { /** * Creates a new instance and associated it with a certain process instance. + * + * @param processInstanceId ProcessInstanceId for this execution context. */ public ExecutionContextImpl(final String processInstanceId) { this.processInstanceId = processInstanceId; diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java index afcc0a58..9ef88679 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java @@ -95,7 +95,7 @@ public class SpringWebExpressionEvaluator implements ExpressionEvaluator { * @param delegate The original {@link ExpressionEvaluationContext} to be * delegated to for {@code ctx['foo']} expressions. */ - public SpringWebExpressionEvaluationContext(final ExpressionEvaluationContext delegate) { + SpringWebExpressionEvaluationContext(final ExpressionEvaluationContext delegate) { this.delegate = delegate; } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java index e1a02c64..01b063aa 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java @@ -239,6 +239,7 @@ public class DomUtils { * the same way it is accepted by the * <code>xsi:noNamespaceSchemaLocation</code> * attribute. + * @param parserFeatures {@link Map} of features for XML parser * @return The parsed XML document as a DOM tree. * @throws SAXException An error occurred parsing the document. * @throws IOException An error occurred reading the document. @@ -350,6 +351,7 @@ public class DomUtils { * decide what to do with parsing * errors. If <code>null</code>, it * will not be set. + * @param parserFeatures {@link Map} of features for XML parser * @return The parsed XML document as a DOM tree. * @throws SAXException An error occurred parsing the document. * @throws IOException An error occurred reading the document. @@ -622,6 +624,7 @@ public class DomUtils { * the same way it is accepted by the * <code>xsi:noNamespaceSchemaLocation</code> * attribute. + * @param entityResolver external entity resolver implemention * @return <code>true</code>, if the <code>element</code> validates against the * schemas declared in it. * @throws SAXException An error occurred parsing the document. diff --git a/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties b/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties index 1916a7fc..064554b9 100644 --- a/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties +++ b/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties @@ -1,6 +1,7 @@ eaaf.core.00=Requested URL: {0} is NOT allowed by configuration. builder.08=Authentication process could NOT completed. Reason: {0} - - +builder.30=Decrypted bPK target: {0} does not match to required target: {1} +builder.31=Encrypted bPK has a suspect format and consists of #{0} elements +builder.32=bPK-target format must be full URI diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/AuthenticationDataBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/AuthenticationDataBuilderTest.java index 072dbb95..33bd1010 100644 --- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/AuthenticationDataBuilderTest.java +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/AuthenticationDataBuilderTest.java @@ -4,6 +4,7 @@ import java.io.ByteArrayInputStream; import java.util.HashMap; import java.util.Map; +import org.junit.Assert; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; @@ -11,7 +12,11 @@ import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.util.Base64Utils; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EaafParserException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyConfiguration; @@ -156,6 +161,111 @@ public class AuthenticationDataBuilderTest { } + @Test + public void buildAuthDataBpkTest() throws EaafParserException, + EaafAuthenticationException, EaafStorageException { + final TestRequestImpl pendingReq = new TestRequestImpl(); + final Map<String, String> spConfigMap = new HashMap<>(); + spConfigMap.put("target", "urn:publicid:gv.at:cdid+ZP-MH"); + + final DummySpConfiguration spConfig = new DummySpConfiguration(spConfigMap, authConfig); + pendingReq.setSpConfig(spConfig); + + final HashMap<String, Object> sessionStore = new HashMap<>(); + final AuthProcessDataWrapper wrapper = new AuthProcessDataWrapper(sessionStore); + wrapper.setIdentityLink(new SimpleIdentityLinkAssertionParser( + new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_2.getBytes()))) + .parseIdentityLink()); + pendingReq.setRawDataToTransaction(sessionStore); + + + //build authData + IAuthData authData = authBuilder.buildAuthenticationData(pendingReq); + + Assert.assertEquals("Wrong bPK", "RwsSdKzmcbL5FKoADZx7/iUZANE=", authData.getBpk()); + Assert.assertEquals("Wrong bPKType", "urn:publicid:gv.at:cdid+ZP-MH", authData.getBpkType()); + + + } + + @Test + public void buildAuthDataWbpkTestWithoutXTarget() throws EaafParserException, + EaafAuthenticationException, EaafStorageException { + final TestRequestImpl pendingReq = new TestRequestImpl(); + final Map<String, String> spConfigMap = new HashMap<>(); + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "FN+123456i"); + + final DummySpConfiguration spConfig = new DummySpConfiguration(spConfigMap, authConfig); + pendingReq.setSpConfig(spConfig); + + final HashMap<String, Object> sessionStore = new HashMap<>(); + final AuthProcessDataWrapper wrapper = new AuthProcessDataWrapper(sessionStore); + wrapper.setIdentityLink(new SimpleIdentityLinkAssertionParser( + new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_2.getBytes()))) + .parseIdentityLink()); + pendingReq.setRawDataToTransaction(sessionStore); + + + //build authData + IAuthData authData = authBuilder.buildAuthenticationData(pendingReq); + + Assert.assertEquals("Wrong bPK", "k65HRxpVcoZ2OPZHo3j2LEn/JQE=", authData.getBpk()); + Assert.assertEquals("Wrong bPKType", EaafConstants.URN_PREFIX_WBPK + "XFN+123456i", authData.getBpkType()); + + } + + @Test + public void buildAuthDataWbpkTestWithXTarget() throws EaafParserException, + EaafAuthenticationException, EaafStorageException { + final TestRequestImpl pendingReq = new TestRequestImpl(); + final Map<String, String> spConfigMap = new HashMap<>(); + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XFN+123456i"); + + final DummySpConfiguration spConfig = new DummySpConfiguration(spConfigMap, authConfig); + pendingReq.setSpConfig(spConfig); + + final HashMap<String, Object> sessionStore = new HashMap<>(); + final AuthProcessDataWrapper wrapper = new AuthProcessDataWrapper(sessionStore); + wrapper.setIdentityLink(new SimpleIdentityLinkAssertionParser( + new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_2.getBytes()))) + .parseIdentityLink()); + pendingReq.setRawDataToTransaction(sessionStore); + + + //build authData + IAuthData authData = authBuilder.buildAuthenticationData(pendingReq); + + Assert.assertEquals("Wrong bPK", "k65HRxpVcoZ2OPZHo3j2LEn/JQE=", authData.getBpk()); + Assert.assertEquals("Wrong bPKType", EaafConstants.URN_PREFIX_WBPK + "XFN+123456i", authData.getBpkType()); + + } + + @Test + public void buildAuthDataEidasTarget() throws EaafParserException, + EaafAuthenticationException, EaafStorageException { + final TestRequestImpl pendingReq = new TestRequestImpl(); + final Map<String, String> spConfigMap = new HashMap<>(); + spConfigMap.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+ES"); + + final DummySpConfiguration spConfig = new DummySpConfiguration(spConfigMap, authConfig); + pendingReq.setSpConfig(spConfig); + + final HashMap<String, Object> sessionStore = new HashMap<>(); + final AuthProcessDataWrapper wrapper = new AuthProcessDataWrapper(sessionStore); + wrapper.setIdentityLink(new SimpleIdentityLinkAssertionParser( + new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_2.getBytes()))) + .parseIdentityLink()); + pendingReq.setRawDataToTransaction(sessionStore); + + + //build authData + IAuthData authData = authBuilder.buildAuthenticationData(pendingReq); + + Assert.assertEquals("Wrong bPK", "AT/ES/7AuLZNKsiRr97yvLsQ16SZ6r0q0=", authData.getBpk()); + Assert.assertEquals("Wrong bPKType", EaafConstants.URN_PREFIX_EIDAS + "AT+ES", authData.getBpkType()); + + } + private void buildAuthDataWithIdlOnly_2(final Boolean idlEscaptionFlag, final String givenName, final String familyName) throws Exception { IAuthData authData = null; diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/DummyHttpClientFactory.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/DummyHttpClientFactory.java index 9a924f83..6aea52ac 100644 --- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/DummyHttpClientFactory.java +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/DummyHttpClientFactory.java @@ -1,8 +1,10 @@ package at.gv.egiz.eaaf.core.impl.idp.auth; -import org.apache.http.impl.client.CloseableHttpClient; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.http.HttpClientConfiguration; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; -import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory; +import org.apache.http.impl.client.CloseableHttpClient; public class DummyHttpClientFactory implements IHttpClientFactory { @@ -18,4 +20,10 @@ public class DummyHttpClientFactory implements IHttpClientFactory { return null; } + @Override + public CloseableHttpClient getHttpClient(HttpClientConfiguration config) throws EaafException { + // TODO Auto-generated method stub + return null; + } + } diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/EaafCoreMessageSourceTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/EaafCoreMessageSourceTest.java index a354b873..2fd25478 100644 --- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/EaafCoreMessageSourceTest.java +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/EaafCoreMessageSourceTest.java @@ -2,8 +2,6 @@ package at.gv.egiz.eaaf.core.impl.idp.auth; import java.util.List; -import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; - import org.junit.Assert; import org.junit.Test; import org.junit.runner.RunWith; @@ -13,10 +11,12 @@ import org.springframework.core.io.ResourceLoader; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; + @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration({ "/eaaf_core.beans.xml", - "/SpringTest-context_eaaf_core.xml", - "/SpringTest-context_authManager.xml"}) + "/SpringTest-context_eaaf_core.xml", + "/SpringTest-context_authManager.xml"}) public class EaafCoreMessageSourceTest { @Autowired diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/AbstractAttributeBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/AbstractAttributeBuilderTest.java index 96e870ee..7092031f 100644 --- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/AbstractAttributeBuilderTest.java +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/AbstractAttributeBuilderTest.java @@ -130,7 +130,7 @@ public abstract class AbstractAttributeBuilderTest { protected IAttributeGenerator<String> gen = new SimpleStringAttributeGenerator(); protected static DummySpConfiguration spConfig = null; - private static final Map<String, String> spConfigMap = new HashMap<>(); + protected static final Map<String, String> spConfigMap = new HashMap<>(); private static final TestRequestImpl pendingReq = new TestRequestImpl(); /** diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/BpkAttributeBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/BpkAttributeBuilderTest.java new file mode 100644 index 00000000..1ad75abc --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/BpkAttributeBuilderTest.java @@ -0,0 +1,123 @@ +package at.gv.egiz.eaaf.core.impl.idp.auth.attributes; + +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BpkAttributeBuilder; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_eaaf_core.xml") +public class BpkAttributeBuilderTest extends AbstractAttributeBuilderTest { + + private final IAttributeBuilder attrBuilde = new BpkAttributeBuilder(); + + @Test + public void performTestBpk() throws Exception { + spConfigMap.put("target", "urn:publicid:gv.at:cdid+ZP-MH"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong bPK", + "ZP-MH:" + authData.getBpk(), + value); + + } + + @Test + public void performTestWbpkFn() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XFN+123456i"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong wbPK", + "XFN+123456i:" + authData.getBpk(), + value); + + } + + @Test + public void performTestWbpkZvr() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XZVR+123456i"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong wbPK", + "XZVR+123456i:" + authData.getBpk(), + value); + + } + + @Test + public void performTestWbpkErsb() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XERSB+123456i"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong wbPK", + "XERSB+123456i:" + authData.getBpk(), + value); + + } + + @Test + public void performTestWbpkOldFormFn() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "FN+123456i"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong wbPK", + "XFN+123456i:" + authData.getBpk(), + value); + + } + + @Test + public void performTestWbpkOldFormZvr() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "ZVR+123456i"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong wbPK", + "XZVR+123456i:" + authData.getBpk(), + value); + + } + + @Test + public void performTestWbpkOldFormErsb() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "ERSB+123456i"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong wbPK", + "XERSB+123456i:" + authData.getBpk(), + value); + + } + + @Test + public void performTestEidas() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+ES"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong eIDAS bPK", + "AT+ES:" + authData.getBpk(), + value); + + } +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/EidSectorForIdAttributeBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/EidSectorForIdAttributeBuilderTest.java new file mode 100644 index 00000000..204eea56 --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/EidSectorForIdAttributeBuilderTest.java @@ -0,0 +1,123 @@ +package at.gv.egiz.eaaf.core.impl.idp.auth.attributes; + +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidSectorForIdAttributeBuilder; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_eaaf_core.xml") +public class EidSectorForIdAttributeBuilderTest extends AbstractAttributeBuilderTest { + + private final IAttributeBuilder attrBuilde = new EidSectorForIdAttributeBuilder(); + + @Test + public void performTestBpk() throws Exception { + spConfigMap.put("target", "urn:publicid:gv.at:cdid+ZP-MH"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong bPK target", + "urn:publicid:gv.at:cdid+ZP-MH", + value); + + } + + @Test + public void performTestWbpkFn() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XFN+123456i"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong wbPK target", + EaafConstants.URN_PREFIX_WBPK + "FN+123456i", + value); + + } + + @Test + public void performTestWbpkZvr() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XZVR+123456i"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong wbPK target", + EaafConstants.URN_PREFIX_WBPK + "ZVR+123456i", + value); + + } + + @Test + public void performTestWbpkErsb() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XERSB+123456i"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong wbPK target", + EaafConstants.URN_PREFIX_WBPK + "ERSB+123456i", + value); + + } + + @Test + public void performTestWbpkOldFormFn() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "FN+123456i"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong wbPK target", + EaafConstants.URN_PREFIX_WBPK + "FN+123456i", + value); + + } + + @Test + public void performTestWbpkOldFormZvr() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "ZVR+123456i"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong wbPK target", + EaafConstants.URN_PREFIX_WBPK + "ZVR+123456i", + value); + + } + + @Test + public void performTestWbpkOldFormErsb() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "ERSB+123456i"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong wbPK target", + EaafConstants.URN_PREFIX_WBPK + "ERSB+123456i", + value); + + } + + @Test + public void performTestEidas() throws Exception { + spConfigMap.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+ES"); + + final IAuthData authData = buildAuthData(); + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong eIDAS bPK target", + EaafConstants.URN_PREFIX_EIDAS + "AT+ES", + value); + + } +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java new file mode 100644 index 00000000..64c13781 --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java @@ -0,0 +1,453 @@ +package at.gv.egiz.eaaf.core.impl.idp.auth.builder; + +import java.security.InvalidKeyException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; + +@RunWith(BlockJUnit4ClassRunner.class) +public class BpkBuilderTest { + + private static final String BASEID = "RUxHQVRlc3RQQjBYWFjFkHpnw7xyX1hYWFTDvHpla8OnaQ=="; + + private KeyPair keyPair; + + + /** + * jUnit test initializer. + * @throws NoSuchProviderException In case of an error + * @throws NoSuchAlgorithmException In case of an error + */ + @Before + public void initialize() throws NoSuchAlgorithmException, NoSuchProviderException { + KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); + keyPair = keyGen.generateKeyPair(); + + } + + @Test + public void encBpkWrongTarget() throws InvalidKeyException { + String bpk = RandomStringUtils.randomAlphanumeric(25); + String target = RandomStringUtils.randomAlphanumeric(25); + + try { + BpkBuilder.encryptBpk(bpk, target, keyPair.getPublic()); + Assert.fail("Wrong parameters not detected"); + + } catch (EaafBuilderException e) { + Assert.assertEquals("Wrong errorMsg", "builder.32", e.getErrorId()); + + } + } + + @Test + public void decBpkWrongTarget() throws InvalidKeyException { + String bpk = RandomStringUtils.randomAlphanumeric(25); + String target = RandomStringUtils.randomAlphanumeric(25); + + try { + BpkBuilder.decryptBpk(bpk, target, keyPair.getPrivate()); + Assert.fail("Wrong parameters not detected"); + + } catch (EaafBuilderException e) { + Assert.assertEquals("Wrong errorMsg", "builder.32", e.getErrorId()); + + } + } + + @Test + public void decBpkWrongTargetInEncBpk() throws InvalidKeyException, EaafBuilderException { + String bpk = RandomStringUtils.randomAlphanumeric(25); + String target = EaafConstants.URN_PREFIX_CDID + "AA"; + + String encBpk = BpkBuilder.encryptBpk(bpk, target, keyPair.getPublic()); + try { + BpkBuilder.decryptBpk(encBpk, + EaafConstants.URN_PREFIX_CDID + "BB", keyPair.getPrivate()); + Assert.fail("Wrong parameters not detected"); + + } catch (EaafBuilderException e) { + Assert.assertEquals("Wrong errorMsg", "builder.30", e.getErrorId()); + + } + } + + @Test + public void encBpkSuccess() throws EaafBuilderException, InvalidKeyException { + String bpk = RandomStringUtils.randomAlphanumeric(25); + String target = EaafConstants.URN_PREFIX_CDID + "AA"; + + String encBpk = BpkBuilder.encryptBpk(bpk, target, keyPair.getPublic()); + + Assert.assertNotNull("encBpk", encBpk); + + Pair<String, String> decBpk = BpkBuilder.decryptBpk(encBpk, target, keyPair.getPrivate()); + + Assert.assertEquals("wrong bBK", bpk, decBpk.getFirst()); + Assert.assertEquals("wrong bBK-Target", target, decBpk.getSecond()); + + } + + @Test + public void encWbpkSuccess() throws EaafBuilderException, InvalidKeyException { + String bpk = RandomStringUtils.randomAlphanumeric(25); + String target = EaafConstants.URN_PREFIX_WBPK + "XFN+123456i"; + + String encBpk = BpkBuilder.encryptBpk(bpk, target, keyPair.getPublic()); + + Assert.assertNotNull("encBpk", encBpk); + + Pair<String, String> decBpk = BpkBuilder.decryptBpk(encBpk, target, keyPair.getPrivate()); + + Assert.assertEquals("wrong bBK", bpk, decBpk.getFirst()); + Assert.assertEquals("wrong bBK-Target", target, decBpk.getSecond()); + + } + + @Test + public void encWbpkSuccessSecond() throws EaafBuilderException, InvalidKeyException { + String bpk = RandomStringUtils.randomAlphanumeric(25); + String target = EaafConstants.URN_PREFIX_WBPK + "FN+123456i"; + + String encBpk = BpkBuilder.encryptBpk(bpk, target, keyPair.getPublic()); + + Assert.assertNotNull("encBpk", encBpk); + + Pair<String, String> decBpk = BpkBuilder.decryptBpk(encBpk, + EaafConstants.URN_PREFIX_WBPK + "XFN+123456i", keyPair.getPrivate()); + + Assert.assertEquals("wrong bBK", bpk, decBpk.getFirst()); + Assert.assertEquals("wrong bBK-Target", + EaafConstants.URN_PREFIX_WBPK + "XFN+123456i", decBpk.getSecond()); + + } + + + @Test + public void noBaseId() { + try { + BpkBuilder.generateAreaSpecificPersonIdentifier(null, EaafConstants.URN_PREFIX_CDID + "AA"); + + } catch (EaafBuilderException e) { + Assert.assertEquals("Wrong errorCode", "builder.00", e.getErrorId()); + } + } + + @Test + public void noTarget() { + try { + BpkBuilder.generateAreaSpecificPersonIdentifier(BASEID, null); + + } catch (EaafBuilderException e) { + Assert.assertEquals("Wrong errorCode", "builder.00", e.getErrorId()); + } + } + + @Test + public void noBaseIdType() { + try { + BpkBuilder.generateAreaSpecificPersonIdentifier(BASEID, + null, EaafConstants.URN_PREFIX_CDID + "AA"); + + } catch (EaafBuilderException e) { + Assert.assertEquals("Wrong errorCode", "builder.00", e.getErrorId()); + } + } + + @Test + public void wrongBaseIdType() { + try { + BpkBuilder.generateAreaSpecificPersonIdentifier(BASEID, + EaafConstants.URN_PREFIX_CDID + "BB", EaafConstants.URN_PREFIX_CDID + "AA"); + + } catch (EaafBuilderException e) { + Assert.assertEquals("Wrong errorCode", "builder.00", e.getErrorId()); + } + } + + @Test + public void baseIdTypeEqualsTarget() throws EaafBuilderException { + Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier(BASEID, + EaafConstants.URN_PREFIX_CDID + "AA", EaafConstants.URN_PREFIX_CDID + "AA"); + + Assert.assertEquals("first bPK", BASEID, + result1.getFirst()); + Assert.assertEquals("first bPK", "urn:publicid:gv.at:cdid+AA", + result1.getSecond()); + + } + + @Test + public void buildBpk() throws EaafBuilderException { + + Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_CDID + "AA"); + Pair<String, String> result2 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_CDID + "BB"); + + Assert.assertEquals("first bPK", "b1Ip610zZq/Or/uCqgb51lnAdZM=", + result1.getFirst()); + Assert.assertEquals("first bPK", "urn:publicid:gv.at:cdid+AA", + result1.getSecond()); + + Assert.assertEquals("second bPK", "uYst6hjKJvyp7s/ezD8zsnkcj9k=", + result2.getFirst()); + Assert.assertEquals("second bPK", "urn:publicid:gv.at:cdid+BB", + result2.getSecond()); + + } + + @Test + public void buildWbpkFn() throws EaafBuilderException { + + Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_WBPK + "FN+123456i"); + + Assert.assertEquals("wbPK", "k65HRxpVcoZ2OPZHo3j2LEn/JQE=", + result1.getFirst()); + Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XFN+123456i", + result1.getSecond()); + + } + + @Test + public void buildWbpkZvr() throws EaafBuilderException { + + Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_WBPK + "ZVR+123456"); + + Assert.assertEquals("wbPK", "g4JRKGS+AJxd9FU8k2tG8Lxrx6M=", + result1.getFirst()); + Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XZVR+123456", + result1.getSecond()); + + } + + @Test + public void buildWbpkErsb() throws EaafBuilderException { + + Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_WBPK + "ERSB+123456"); + + Assert.assertEquals("wbPK", "Bjnl0BofeJGgqynJP1r/ff6E1Rk=", + result1.getFirst()); + Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XERSB+123456", + result1.getSecond()); + + } + + @Test + public void buildWbpkXFn() throws EaafBuilderException { + + Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_WBPK + "XFN+123456i"); + + Assert.assertEquals("wbPK", "k65HRxpVcoZ2OPZHo3j2LEn/JQE=", + result1.getFirst()); + Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XFN+123456i", + result1.getSecond()); + + } + + @Test + public void buildWbpkXZvr() throws EaafBuilderException { + + Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_WBPK + "XZVR+123456"); + + Assert.assertEquals("wbPK", "g4JRKGS+AJxd9FU8k2tG8Lxrx6M=", + result1.getFirst()); + Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XZVR+123456", + result1.getSecond()); + + } + + @Test + public void buildWbpkXErsb() throws EaafBuilderException { + + Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_WBPK + "XERSB+123456"); + + Assert.assertEquals("wbPK", "Bjnl0BofeJGgqynJP1r/ff6E1Rk=", + result1.getFirst()); + Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XERSB+123456", + result1.getSecond()); + + } + + @Test + public void buildWbpkOthers() throws EaafBuilderException { + + Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_WBPK + "XABC+123456"); + + Assert.assertEquals("wbPK", "wv96/xKUyi6YoYGv7IcIlFTsJIk=", + result1.getFirst()); + Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XABC+123456", + result1.getSecond()); + + } + + @Test + public void buildEidasId() throws EaafBuilderException { + + Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_EIDAS + "AT+ES"); + + Assert.assertEquals("eidas", "AT/ES/7AuLZNKsiRr97yvLsQ16SZ6r0q0=", + result1.getFirst()); + Assert.assertEquals("wbPK", "urn:publicid:gv.at:eidasid+AT+ES", + result1.getSecond()); + + } + + @Test + public void normalizeNullTarget() { + Assert.assertNull("Wrong normalized target", + BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(null)); + + } + + @Test + public void normalizeBpkTarget() { + String target = EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong normalized target", + target, + BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(target)); + + } + + @Test + public void normalizeWbpkTargetWithX() { + String target = EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong normalized target", + target, + BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(target)); + + } + + @Test + public void normalizeWbpkTargetWithOutXNoMapping() { + String target = EaafConstants.URN_PREFIX_WBPK + RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong normalized target", + target, + BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(target)); + + } + + @Test + public void normalizeWbpkTargetWithOutXMappingFn() { + Assert.assertEquals("Wrong normalized target", + EaafConstants.URN_PREFIX_WBPK + "XFN+123456i", + BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(EaafConstants.URN_PREFIX_WBPK + "FN+123456i")); + + } + + @Test + public void normalizeWbpkTargetWithOutXMappingZvr() { + Assert.assertEquals("Wrong normalized target", + EaafConstants.URN_PREFIX_WBPK + "XZVR+1122334455", + BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(EaafConstants.URN_PREFIX_WBPK + "ZVR+1122334455")); + + } + + @Test + public void normalizeWbpkTargetWithOutXMappingErsb() { + Assert.assertEquals("Wrong normalized target", + EaafConstants.URN_PREFIX_WBPK + "XERSB+998877665544", + BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(EaafConstants.URN_PREFIX_WBPK + "ERSB+998877665544")); + + } + + @Test + public void normalizeEidasTarget() { + String target = EaafConstants.URN_PREFIX_EIDAS + RandomStringUtils.randomAlphabetic(2) + + "+" + RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong normalized target", + target, + BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(target)); + + } + + @Test + public void calcNormalizeNullTarget() { + Assert.assertNull("Wrong normalized target", + BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(null)); + + } + + @Test + public void calcNormalizeBpkTarget() { + String target = EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong normalized target", + target, + BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(target)); + + } + + @Test + public void calcNormalizeWbpkTargetWithoutX() { + + Assert.assertEquals("Wrong normalized target", + EaafConstants.URN_PREFIX_WBPK + "FN+123456i", + BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(EaafConstants.URN_PREFIX_WBPK + "FN+123456i")); + + } + + @Test + public void calcNormalizeWbpkTargetWithOutXNoMapping() { + String target = EaafConstants.URN_PREFIX_WBPK + RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong normalized target", + target, + BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(target)); + + } + + @Test + public void calcNormalizeWbpkTargetWithXMappingFn() { + Assert.assertEquals("Wrong normalized target", + EaafConstants.URN_PREFIX_WBPK + "FN+123456i", + BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(EaafConstants.URN_PREFIX_WBPK + "XFN+123456i")); + + } + + @Test + public void calcNormalizeWbpkTargetWithXMappingZvr() { + Assert.assertEquals("Wrong normalized target", + EaafConstants.URN_PREFIX_WBPK + "ZVR+1122334455", + BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(EaafConstants.URN_PREFIX_WBPK + "XZVR+1122334455")); + + } + + @Test + public void calcNormalizeWbpkTargetWithXMappingErsb() { + Assert.assertEquals("Wrong normalized target", + EaafConstants.URN_PREFIX_WBPK + "ERSB+998877665544", + BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat( + EaafConstants.URN_PREFIX_WBPK + "XERSB+998877665544")); + + } + + @Test + public void calcNormalizeEidasTarget() { + String target = EaafConstants.URN_PREFIX_EIDAS + RandomStringUtils.randomAlphabetic(2) + + "+" + RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong normalized target", + target, + BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(target)); + + } + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java index 26e2e17b..4aa32360 100644 --- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java @@ -69,6 +69,13 @@ public class SpringExpressionEvaluatorTest { assertTrue(expressionEvaluator.evaluate(ctx, "'HelloWorld'.equals(@simplePojo.stringValue)")); assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.integerValue == 42")); assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.stringValue.length() == 10")); + + assertTrue(expressionEvaluator.evaluate(ctx, + "@simplePojo.stringValue.length() == 10 and @simplePojo.booleanValue")); + assertFalse(expressionEvaluator.evaluate(ctx, + "@simplePojo.stringValue.length() == 10 and !@simplePojo.booleanValue")); + assertTrue(expressionEvaluator.evaluate(ctx, + "@simplePojo.stringValue.length() == 10 or !@simplePojo.booleanValue")); } } diff --git a/eaaf_core_api/pom.xml b/eaaf_core_api/pom.xml index fd23f1c8..5da7ad89 100644 --- a/eaaf_core_api/pom.xml +++ b/eaaf_core_api/pom.xml @@ -7,7 +7,7 @@ <parent> <groupId>at.gv.egiz</groupId> <artifactId>eaaf</artifactId> - <version>1.1.0</version> + <version>1.1.1</version> </parent> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_core_api</artifactId> diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java index 99541cd6..384446b8 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java @@ -87,9 +87,10 @@ public interface IRequest extends Serializable { * * @param key The specific identifier of the request-data object * @param clazz The class type which is stored with this key + * @param <T> Response class type * @return The request-data object or null if no data is found with this key */ - <T> T getRawData(String key, final Class<T> clazz); + <T> T getRawData(String key, Class<T> clazz); /** * Store a generic data-object into pending request with a specific identifier. @@ -115,6 +116,7 @@ public interface IRequest extends Serializable { * Wrap the internal dataStorage map into a DAO. * * @param wrapper DOA to access SessionData + * @param <T> Response class type * @return */ @Nonnull @@ -241,9 +243,11 @@ public interface IRequest extends Serializable { /** * Get get Service-Provider configuration which is associated with this request. * + * @param decorator Interface of the Service-Provider information DAO + * @param <T> Response class type * @return Service-Provider configuration as object */ - <T> T getServiceProviderConfiguration(final Class<T> decorator); + <T> T getServiceProviderConfiguration(Class<T> decorator); /** * Indicates, if this pending-request is aborted by the user. diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java index 4bd5bc39..57375e01 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java @@ -19,6 +19,10 @@ package at.gv.egiz.eaaf.core.api.data; +import java.util.Collections; +import java.util.LinkedHashMap; +import java.util.Map; + public class EaafConstants { public static final String CONTENTTYPE_HTML_UTF8 = "text/html; charset=UTF-8"; @@ -51,6 +55,34 @@ public class EaafConstants { public static final String URN_PREFIX_EIDAS = URN_PREFIX_WITH_COLON + URN_PART_EIDAS; public static final String URN_PREFIX_OW_BPK = URN_PREFIX_CDID + "OW"; + public static final String URN_PREFIX_WBPK_TARGET_WITH_X = EaafConstants.URN_PREFIX_WBPK + "X"; + private static final String WBPK_TARGET_FN = "FN"; + private static final String WBPK_TARGET_ZVR = "ZVR"; + private static final String WBPK_TARGET_ERSB = "ERSB"; + + private static final String URN_PREFIX_WBPK_TARGET_XFN_TARGET = + EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + WBPK_TARGET_FN; + private static final String URN_PREFIX_WBPK_TARGET_XZVR_TARGET = + EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + WBPK_TARGET_ZVR; + private static final String URN_PREFIX_WBPK_TARGET_XERSB_TARGET = + EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + WBPK_TARGET_ERSB; + + private static final String URN_PREFIX_WBPK_TARGET_FN_TARGET = EaafConstants.URN_PREFIX_WBPK + WBPK_TARGET_FN; + private static final String URN_PREFIX_WBPK_TARGET_ZVR_TARGET = EaafConstants.URN_PREFIX_WBPK + WBPK_TARGET_ZVR; + private static final String URN_PREFIX_WBPK_TARGET_ERSB_TARGET = EaafConstants.URN_PREFIX_WBPK + WBPK_TARGET_ERSB; + + public static final Map<String, String> URN_WBPK_TARGET_X_TO_NONE_MAPPER; + + static { + final Map<String, String> intMap = new LinkedHashMap<>(); + intMap.put(URN_PREFIX_WBPK_TARGET_XFN_TARGET, URN_PREFIX_WBPK_TARGET_FN_TARGET); + intMap.put(URN_PREFIX_WBPK_TARGET_XZVR_TARGET, URN_PREFIX_WBPK_TARGET_ZVR_TARGET); + intMap.put(URN_PREFIX_WBPK_TARGET_XERSB_TARGET, URN_PREFIX_WBPK_TARGET_ERSB_TARGET); + URN_WBPK_TARGET_X_TO_NONE_MAPPER = Collections.unmodifiableMap(intMap); + + } + + // Authentication process data_constants public static final String UNIQUESESSIONIDENTIFIER = "eaaf_uniqueSessionIdentifier"; public static final String AUTH_DATA_CREATED = "eaaf_authdata_created"; diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java index b6f602d2..727c360c 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java @@ -49,4 +49,7 @@ public interface ExtendedPvpAttributeDefinitions extends PvpAttributeDefinitions String EID_MIS_MANDATE_NAME = "urn:eidgvat:attributes.mis.mandate"; String EID_MIS_MANDATE_FRIENDLY_NAME = "mandate"; + String EID_MIS_MANDATE_IDENTIFIER_NAME = "urn:eidgvat:attributes.mis.mandate.id"; + String EID_MIS_MANDATE_IDENTIFIER_FRIENDLY_NAME = "mandate-identifier"; + } diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PvpAttributeDefinitions.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PvpAttributeDefinitions.java index 2a9a8317..793715f1 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PvpAttributeDefinitions.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PvpAttributeDefinitions.java @@ -137,7 +137,7 @@ public interface PvpAttributeDefinitions { IDENTITY("http://eid.gv.at/eID/status/identity"), TESTIDENTITY("http://eid.gv.at/eID/status/testidentity"), SYSTEM("http://eid.gv.at/eID/status/system"); - private String uri; + private final String uri; EidIdentityStatusLevelValues(final String uri) { this.uri = uri; @@ -311,11 +311,6 @@ public interface PvpAttributeDefinitions { String MANDATE_REFERENCE_VALUE_FRIENDLY_NAME = "MANDATE-REFERENCE-VALUE"; int MANDATE_REFERENCE_VALUE_MAX_LENGTH = 100; - String MANDATE_IDENTIFIER_OID = "1.2.40.0.10.2.1.1.261.91"; - String MANDATE_IDENTIFIER_FRIENDLY_NAME = "MANDATE-IDENTIFIER"; - String MANDATE_IDENTIFIER_NAME = URN_OID_PREFIX + MANDATE_IDENTIFIER_OID; - int MANDATE_IDENTIFIER_MAX_LENGTH = 256; - @Deprecated String MANDATE_FULL_MANDATE_OID = "1.2.40.0.10.2.1.1.261.92"; @Deprecated diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java index 9c451282..c490bd9c 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java @@ -24,8 +24,8 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public interface IAttributeBuilder { String getName(); - <ATT> ATT build(final ISpConfiguration oaParam, final IAuthData authData, final IAttributeGenerator<ATT> g) + <ATT> ATT build(ISpConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeBuilderException; - <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g); + <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g); } diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java index 072f76e6..9f3e35cc 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java @@ -28,11 +28,11 @@ public interface IAttributeGenerator<ATT> { * @param value value * @return */ - ATT buildStringAttribute(final String friendlyName, final String name, final String value); + ATT buildStringAttribute(String friendlyName, String name, String value); - ATT buildIntegerAttribute(final String friendlyName, final String name, final int value); + ATT buildIntegerAttribute(String friendlyName, String name, int value); - ATT buildLongAttribute(final String friendlyName, final String name, final long value); + ATT buildLongAttribute(String friendlyName, String name, long value); - ATT buildEmptyAttribute(final String friendlyName, final String name); + ATT buildEmptyAttribute(String friendlyName, String name); } diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java index ca946496..62aa8852 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java @@ -166,9 +166,10 @@ public interface IAuthData { * * @param key Identifier for the generic data * @param clazz Type of the generic data + * @param <T> Response class type * @return return the generic data of specific type, otherwise null */ - <T> T getGenericData(String key, final Class<T> clazz); + <T> T getGenericData(String key, Class<T> clazz); /** * Get bPK of the user. diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java index b9ba9869..a4914f16 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java @@ -29,7 +29,7 @@ public interface IConfiguration { * @param key configuration key * @return configuration value or null if it is not found */ - String getBasicConfiguration(final String key); + String getBasicConfiguration(String key); /** * Get a configuration value from file based configuration. @@ -38,7 +38,7 @@ public interface IConfiguration { * @param defaultValue Default value if no value with this key is found * @return configuration value */ - String getBasicConfiguration(final String key, final String defaultValue); + String getBasicConfiguration(String key, String defaultValue); /** * Get a configuration value from file based configuration. @@ -47,7 +47,7 @@ public interface IConfiguration { * @return configuration value as {@link Boolean} or <code>false</code> if key * does not exist */ - boolean getBasicConfigurationBoolean(final String key); + boolean getBasicConfigurationBoolean(String key); /** * Get a configuration value from file based configuration. @@ -57,7 +57,7 @@ public interface IConfiguration { * @return configuration value as {@link Boolean} or <code>defaultValue</code> * if key does not exist */ - boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue); + boolean getBasicConfigurationBoolean(String key, boolean defaultValue); /** * Get the root directory of the configuration folder. diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfigurationWithSP.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfigurationWithSP.java index 1ab27e7f..cf8867b3 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfigurationWithSP.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfigurationWithSP.java @@ -22,7 +22,7 @@ public interface IConfigurationWithSP extends IConfiguration { * error */ @Nullable - ISpConfiguration getServiceProviderConfiguration(final String uniqueID) throws EaafConfigurationException; + ISpConfiguration getServiceProviderConfiguration(String uniqueID) throws EaafConfigurationException; /** * Get a configuration entry for a specific Service Provider that is decorated @@ -32,12 +32,13 @@ public interface IConfigurationWithSP extends IConfiguration { * @param decorator Decorator that should be used to decorate the result. * This decorator has to be implement or extend the * {@link ISpConfiguration} interface + * @param <T> Response class type * @return <code>T</code> or <code>null</code> if no SP configuration was found * @throws EaafConfigurationException In case of a Service-Provider loading * error */ @Nullable - <T> T getServiceProviderConfiguration(String spIdentifier, final Class<T> decorator) + <T> T getServiceProviderConfiguration(String spIdentifier, Class<T> decorator) throws EaafConfigurationException; /** @@ -49,7 +50,7 @@ public interface IConfigurationWithSP extends IConfiguration { * @param prefix Prefix of the configuration key * @return Map String/String without prefix, but never null */ - Map<String, String> getBasicConfigurationWithPrefix(final String prefix); + Map<String, String> getBasicConfigurationWithPrefix(String prefix); /** * Validate a URL if it it is allowed by configuration. diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java index 6c7292ac..274f3f7f 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java @@ -31,12 +31,23 @@ public interface IAuthProcessDataContainer { * * @return The issuing time of the AUTH-Block SAML assertion. */ - String getIssueInstant(); + Date getIssueInstant(); + + /** + * Returns the issuing time of the AUTH-Block SAML assertion. + * + *<p>{@link String} representation uses pattern: + * <code>yyyy-MM-dd'T'HH:mm:ss'Z'</code> </p> + * + * @return The issuing time of the AUTH-Block SAML assertion. + */ + String getIssueInstantString(); /** * Sets the issuing time of the AUTH-Block SAML assertion. * - * @param issueInstant The issueInstant to set. + * @param issueInstant The issueInstant with pattern: + * <code>yyyy-MM-dd'T'HH:mm:ss'Z'</code> to set. */ void setIssueInstant(String issueInstant); @@ -129,6 +140,8 @@ public interface IAuthProcessDataContainer { /** * Mark that the auth. process was done by an official representatives + * + * @param isOW Mark this data as Organwalter * */ void setOW(boolean isOW); @@ -171,6 +184,7 @@ public interface IAuthProcessDataContainer { * * @param key The specific identifier of the session-data object * @param clazz The class type which is stored with this key + * @param <T> Response class type * @return The session-data object or null if no data is found with this key */ <T> T getGenericDataFromSession(String key, Class<T> clazz); diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/storage/ITransactionStorage.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/storage/ITransactionStorage.java index 754ff9ac..f80fc967 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/storage/ITransactionStorage.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/storage/ITransactionStorage.java @@ -70,10 +70,11 @@ public interface ITransactionStorage { * * @param key Id which identifiers the data object * @param clazz The class type which is stored with this key + * @param <T> Response class type * @return The transaction-data object from type class, or null * @throws EaafStorageException In case of load operation failed */ - <T> T get(String key, final Class<T> clazz) throws EaafException; + <T> T get(String key, Class<T> clazz) throws EaafException; /** * Get a data object from transaction storage. @@ -81,10 +82,11 @@ public interface ITransactionStorage { * @param key Id which identifiers the data object * @param clazz The class type which is stored with this key * @param dataTimeOut Data-object timeout in [ms] + * @param <T> Response class type * @return The transaction-data object from type class, or null * @throws EaafStorageException In case of load operation failed */ - <T> T get(String key, final Class<T> clazz, long dataTimeOut) throws EaafException; + <T> T get(String key, Class<T> clazz, long dataTimeOut) throws EaafException; /** * Change the key of a data object and store it under the new key. diff --git a/eaaf_core_utils/pom.xml b/eaaf_core_utils/pom.xml index fa5fa412..eb65b01e 100644 --- a/eaaf_core_utils/pom.xml +++ b/eaaf_core_utils/pom.xml @@ -7,7 +7,7 @@ <parent> <groupId>at.gv.egiz</groupId> <artifactId>eaaf</artifactId> - <version>1.1.0</version> + <version>1.1.1</version> </parent> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_core_utils</artifactId> @@ -79,6 +79,13 @@ <groupId>joda-time</groupId> <artifactId>joda-time</artifactId> </dependency> + + + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-webmvc</artifactId> + <scope>provided</scope> + </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> @@ -100,6 +107,16 @@ <artifactId>guava</artifactId> <scope>test</scope> </dependency> + <dependency> + <groupId>com.squareup.okhttp3</groupId> + <artifactId>mockwebserver</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>com.squareup.okhttp3</groupId> + <artifactId>okhttp-tls</artifactId> + <scope>test</scope> + </dependency> </dependencies> diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java new file mode 100644 index 00000000..1e1e2137 --- /dev/null +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java @@ -0,0 +1,50 @@ +package at.gv.egiz.eaaf.core.impl.http; + +import java.net.Socket; +import java.util.Map; + +import org.apache.commons.lang3.StringUtils; +import org.apache.http.ssl.PrivateKeyDetails; +import org.apache.http.ssl.PrivateKeyStrategy; + +import lombok.extern.slf4j.Slf4j; + +/** + * Private Key selection implementation for Apache HTTP clients. + * + * @author tlenz + * + */ +@Slf4j +public class EaafSslKeySelectionStrategy implements PrivateKeyStrategy { + + private final String keyAlias; + + /** + * Private Key selection implementation for Apache HTTP clients. + * + * @param alias Alias of the Key that should be used for SSL client authentication. + */ + public EaafSslKeySelectionStrategy(String alias) { + this.keyAlias = alias; + + } + + @Override + public String chooseAlias(Map<String, PrivateKeyDetails> aliases, Socket socket) { + log.trace("Selection SSL client-auth key for alias: {}", keyAlias); + final PrivateKeyDetails selected = aliases.get(keyAlias); + if (selected != null) { + log.trace("Select SL client-auth key with type:", selected.getType()); + return keyAlias; + + } else { + log.warn("KeyStore contains NO key with alias: {}. Using first key from keystore", keyAlias); + log.info("Available aliases: {}", StringUtils.join(aliases.keySet(), ", ")); + return aliases.keySet().iterator().next(); + + } + + } + +} diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java new file mode 100644 index 00000000..582ad545 --- /dev/null +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java @@ -0,0 +1,191 @@ +package at.gv.egiz.eaaf.core.impl.http; + +import java.text.MessageFormat; +import java.util.UUID; + +import javax.annotation.Nonnull; + +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; + +import org.apache.commons.lang3.StringUtils; + +import lombok.Getter; +import lombok.Setter; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Getter +public class HttpClientConfiguration { + + private static final String MSG_KEYSTORE_NAME = "KeyStore for httpClient: {0}"; + + private static final String ERROR_00 = "internal.httpclient.00"; + private static final String ERROR_01 = "internal.httpclient.01"; + private static final String ERROR_02 = "internal.httpclient.02"; + + @Nonnull + private final String friendlyName; + + @Nonnull + private final String uuid; + + @Nonnull + private ClientAuthMode authMode = ClientAuthMode.NONE; + + @Setter + private String username; + + @Setter + private String password; + + @Setter + boolean disableHostnameValidation = false; + + @Setter + boolean disableTlsHostCertificateValidation = false; + + + private KeyStoreConfiguration keyStoreConfig; + + @Setter + private String sslKeyAlias; + + @Setter + private String sslKeyPassword; + + @Setter + private boolean followHttpRedirects = true; + + /** + * Get a new HTTP-client configuration object. + * + * @param name FriendlyName of this http client for logging purposes. + */ + public HttpClientConfiguration(String name) { + this.friendlyName = name; + this.uuid = UUID.randomUUID().toString(); + + } + + /** + * Set Client authentication-mode from configuration property. + * + * <p>If the mode is unknown than the {@link ClientAuthMode} is set to <code>NONE</code> </p> + * + * @param authModeString Modes from {@link ClientAuthMode} + */ + public void setAuthMode(String authModeString) { + final ClientAuthMode configAuthMode = HttpClientConfiguration.ClientAuthMode.fromString(authModeString); + if (configAuthMode != null) { + authMode = configAuthMode; + + } else { + log.warn("Can Not parse ClientAuthMode for client: {}! Set mode to default value", + friendlyName); + + } + } + + + /** + * Validate the internal state of this configuration object. + * + * @throws EaafConfigurationException In case of a configuration error + */ + public void validate() throws EaafConfigurationException { + log.trace("Validating http-client: {}", this.friendlyName); + if (this.authMode.equals(ClientAuthMode.PASSWORD)) { + if (StringUtils.isEmpty(this.username)) { + throw new EaafConfigurationException(ERROR_00, new Object[] {this.friendlyName}); + + } + + if (StringUtils.isEmpty(this.password)) { + log.warn("Http basic authentication was activated but NOT username was set!"); + + } + + } else if (this.authMode.equals(ClientAuthMode.SSL)) { + if (this.keyStoreConfig == null) { + throw new EaafConfigurationException(ERROR_01, new Object[] {this.friendlyName}); + + } else { + log.trace("Validating KeyStore: {} for http-client: {} ...", + this.keyStoreConfig.getFriendlyName(), this.friendlyName); + this.keyStoreConfig.validate(); + + } + + if (StringUtils.isEmpty(this.sslKeyPassword)) { + throw new EaafConfigurationException(ERROR_02, new Object[] { + this.friendlyName, this.keyStoreConfig.getFriendlyName()}); + + } + } + + } + + /** + * Build a {@link KeyStoreConfiguration} object from configuration parameters. + * + * @param keyStoreType String based KeyStore type + * @param keyStorePath Path to KeyStore in case of a software based KeyStore + * @param keyStorePassword Password in case of a software based KeyStore + * @param keyStoreName Name of the KeyStore in case of a named KeyStore like HSM-Facade + * @throws EaafConfigurationException In case of a configuration error + */ + public void buildKeyStoreConfig(String keyStoreType, String keyStorePath, + String keyStorePassword, String keyStoreName) throws EaafConfigurationException { + final KeyStoreConfiguration config = new KeyStoreConfiguration(); + config.setKeyStoreType(keyStoreType); + config.setFriendlyName(MessageFormat.format(MSG_KEYSTORE_NAME, friendlyName)); + config.setSoftKeyStoreFilePath(keyStorePath); + config.setSoftKeyStorePassword(keyStorePassword); + config.setKeyStoreName(keyStoreName); + this.keyStoreConfig = config; + + } + + public enum ClientAuthMode { + NONE("none"), PASSWORD("password"), SSL("ssl"); + + private final String mode; + + ClientAuthMode(final String mode) { + this.mode = mode; + } + + /** + * Get the PVP mode. + * + * @return + */ + public String getMode() { + return this.mode; + } + + /** + * Get http-client authentication mode from String representation. + * + * @param s Config parameter + * @return + */ + public static ClientAuthMode fromString(final String s) { + try { + return ClientAuthMode.valueOf(s.toUpperCase()); + + } catch (IllegalArgumentException | NullPointerException e) { + return null; + } + } + + @Override + public String toString() { + return getMode(); + + } + + } + +} diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java index e681e705..00d5891a 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java @@ -1,22 +1,14 @@ -package at.gv.egiz.eaaf.core.impl.utils; +package at.gv.egiz.eaaf.core.impl.http; -import java.security.KeyManagementException; import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.UnrecoverableKeyException; +import java.util.HashMap; +import java.util.Map; +import javax.annotation.Nonnull; import javax.annotation.PostConstruct; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; - import org.apache.commons.lang3.StringUtils; import org.apache.http.HttpRequest; import org.apache.http.HttpResponse; @@ -29,6 +21,7 @@ import org.apache.http.client.config.RequestConfig; import org.apache.http.client.methods.HttpUriRequest; import org.apache.http.config.Registry; import org.apache.http.config.RegistryBuilder; +import org.apache.http.config.SocketConfig; import org.apache.http.conn.socket.ConnectionSocketFactory; import org.apache.http.conn.socket.LayeredConnectionSocketFactory; import org.apache.http.conn.socket.PlainConnectionSocketFactory; @@ -43,20 +36,21 @@ import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; import org.apache.http.protocol.HttpContext; import org.apache.http.ssl.SSLContexts; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.core.io.ResourceLoader; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; import lombok.extern.slf4j.Slf4j; @Slf4j public class HttpClientFactory implements IHttpClientFactory { - @Autowired(required = true) + @Autowired private IConfiguration basicConfig; - - @Autowired(required = true) - ResourceLoader resourceLoader; - - @Autowired private EaafKeyStoreFactory keyStoreFactory; + @Autowired + private EaafKeyStoreFactory keyStoreFactory; public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE = "client.http.connection.pool.use"; @@ -84,9 +78,10 @@ public class HttpClientFactory implements IHttpClientFactory { "client.auth.ssl.keystore.name"; public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE = "client.auth.ssl.keystore.type"; + public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEY_ALIAS = + "client.auth.ssl.key.alias"; public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD = "client.auth.ssl.key.password"; - public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEY_ALIAS = "client.auth.ssl.key.alias"; // default configuration values public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET = "15"; @@ -95,48 +90,8 @@ public class HttpClientFactory implements IHttpClientFactory { public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL = "500"; public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE = "100"; - public enum ClientAuthMode { - NONE("none"), PASSWORD("password"), SSL("ssl"); - - private final String mode; - - ClientAuthMode(final String mode) { - this.mode = mode; - } - - /** - * Get the PVP mode. - * - * @return - */ - public String getMode() { - return this.mode; - } - - /** - * Get http-client authentication mode from String representation. - * - * @param s Config parameter - * @return - */ - public static ClientAuthMode fromString(final String s) { - try { - return ClientAuthMode.valueOf(s.toUpperCase()); - - } catch (IllegalArgumentException | NullPointerException e) { - return null; - } - } - - @Override - public String toString() { - return getMode(); - - } - - } - - private HttpClientBuilder httpClientBuilder = null; + private String defaultConfigurationId = null; + private final Map<String, HttpClientBuilder> availableBuilders = new HashMap<>(); /* * (non-Javadoc) @@ -151,185 +106,168 @@ public class HttpClientFactory implements IHttpClientFactory { @Override public CloseableHttpClient getHttpClient(final boolean followRedirects) { - RedirectStrategy redirectStrategy = new DefaultRedirectStrategy(); - if (!followRedirects) { - redirectStrategy = new RedirectStrategy() { + return availableBuilders.get(defaultConfigurationId).setRedirectStrategy( + buildRedirectStrategy(followRedirects)).build(); - @Override - public boolean isRedirected(final HttpRequest request, final HttpResponse response, - final HttpContext context) throws ProtocolException { - return false; - } + } - @Override - public HttpUriRequest getRedirect(final HttpRequest request, final HttpResponse response, - final HttpContext context) throws ProtocolException { - return null; - } - }; - } + @Override + public CloseableHttpClient getHttpClient(@Nonnull HttpClientConfiguration config) throws EaafException { + log.trace("Build http client for: {}", config.getFriendlyName()); + HttpClientBuilder builder = null; + if (availableBuilders.containsKey(config.getUuid())) { + builder = availableBuilders.get(config.getUuid()); - return httpClientBuilder.setRedirectStrategy(redirectStrategy).build(); + } else { + log.debug("Initialize new http-client builder for: {}", config.getFriendlyName()); - } + //validate configuration object + config.validate(); - @PostConstruct - private void initalize() { - // initialize http client - log.trace("Initializing HTTP Client-builder ... "); - httpClientBuilder = HttpClients.custom(); + builder = HttpClients.custom(); + builder.setDefaultRequestConfig(buildDefaultRequestConfig()); - // set default request configuration - final RequestConfig requestConfig = - RequestConfig.custom() - .setConnectTimeout( - Integer.parseInt(basicConfig.getBasicConfiguration( - PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION, - DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION)) * 1000) - .setConnectionRequestTimeout(Integer.parseInt(basicConfig.getBasicConfiguration( - PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST, - DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST)) * 1000) - .setSocketTimeout(Integer.parseInt( - basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET, - DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET)) - * 1000) - .build(); - httpClientBuilder.setDefaultRequestConfig(requestConfig); + //inject basic authentication infos + injectBasicAuthenticationIfRequired(builder, config); - ClientAuthMode clientAuthMode = ClientAuthMode.fromString( - basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_MODE, ClientAuthMode.NONE.getMode())); - if (clientAuthMode == null) { - log.warn("Can Not parse ClientAuthMode! Set mode to default value"); - clientAuthMode = ClientAuthMode.NONE; + //inject authentication if required + final LayeredConnectionSocketFactory sslConnectionFactory = getSslContext(config); - } + // set pool connection if required + injectDefaultConnectionPoolIfRequired(builder, sslConnectionFactory); - // inject basic http authentication if required - log.info("Client authentication-mode is set to: {}", clientAuthMode); - injectBasicAuthenticationIfRequired(clientAuthMode); + availableBuilders.put(config.getUuid(), builder); - // inject authentication if required - final LayeredConnectionSocketFactory sslConnectionFactory = getSslContext(clientAuthMode); + } - // set pool connection if required - injectConnectionPoolIfRequired(sslConnectionFactory); + return builder.setRedirectStrategy( + buildRedirectStrategy(config.isFollowHttpRedirects())).build(); } - private void injectBasicAuthenticationIfRequired(final ClientAuthMode clientAuthMode) { - if (clientAuthMode.equals(ClientAuthMode.PASSWORD)) { - final CredentialsProvider provider = new BasicCredentialsProvider(); + @PostConstruct + private void initalize() throws EaafException { + final HttpClientConfiguration defaultHttpClientConfig = buildDefaultHttpClientConfiguration(); - final String username = - basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_HTTP_USERNAME); - final String password = - basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_HTTP_PASSORD); + // initialize http client + log.trace("Initializing default HTTP-Client builder ... "); + final HttpClientBuilder defaultHttpClientBuilder = HttpClients.custom(); - if (StringUtils.isEmpty(username)) { - log.warn("Http basic authentication was activated but NOT username was set!"); + // set default request configuration + defaultHttpClientBuilder.setDefaultRequestConfig(buildDefaultRequestConfig()); - } + //inject http basic authentication + injectBasicAuthenticationIfRequired(defaultHttpClientBuilder, defaultHttpClientConfig); - log.trace("Injecting basic authentication with username: {} and password: {}", username, - password); - final UsernamePasswordCredentials credentials = - new UsernamePasswordCredentials(username, password); - provider.setCredentials(AuthScope.ANY, credentials); - httpClientBuilder.setDefaultCredentialsProvider(provider); - log.info("Basic http authentication was injected with username: {}", username); + // inject authentication if required + final LayeredConnectionSocketFactory sslConnectionFactory = + getSslContext(defaultHttpClientConfig); - } else { - log.trace("Injection of Http Basic authentication was skipped"); + // set pool connection if required + injectDefaultConnectionPoolIfRequired(defaultHttpClientBuilder, sslConnectionFactory); - } + //set default http client builder + defaultConfigurationId = defaultHttpClientConfig.getUuid(); + availableBuilders.put(defaultConfigurationId, defaultHttpClientBuilder); } - private SSLContext buildSslContextWithSslClientAuthentication() - throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, - KeyStoreException, EaafConfigurationException { - log.trace("Injecting SSL client-authentication into http client ... "); - final KeyStore keystore = getSslAuthKeyStore(); - final String keyPasswordString = - basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD); - log.trace("Open SSL Client-Auth keystore with password: {}", keyPasswordString); - final char[] keyPassword = keyPasswordString == null ? StringUtils.EMPTY.toCharArray() - : keyPasswordString.toCharArray(); - return SSLContexts.custom().loadKeyMaterial(keystore, keyPassword).build(); + private HttpClientConfiguration buildDefaultHttpClientConfiguration() throws EaafConfigurationException { + final HttpClientConfiguration config = new HttpClientConfiguration("Default"); + // inject basic http authentication if required + config.setAuthMode(basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_MODE, + HttpClientConfiguration.ClientAuthMode.NONE.getMode())); + log.info("Default client authentication-mode is set to: {}", config.getAuthMode()); + + // set Username and Password if available + config.setUsername(basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_HTTP_USERNAME)); + config.setPassword(basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_HTTP_PASSORD)); + + // set SSL Client auth. informations if available + config.buildKeyStoreConfig( + basicConfig.getBasicConfiguration( + PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE, KeyStoreType.PKCS12.getKeyStoreType()), + basicConfig.getBasicConfiguration( + PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PATH, StringUtils.EMPTY), + basicConfig.getBasicConfiguration( + PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD, StringUtils.EMPTY), + basicConfig.getBasicConfiguration( + PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_NAME, StringUtils.EMPTY)); + + config.setSslKeyAlias( + basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEY_ALIAS)); + config.setSslKeyPassword( + basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD)); + + config.setDisableHostnameValidation(basicConfig.getBasicConfigurationBoolean( + PROP_CONFIG_CLIENT_HTTP_SSL_HOSTNAMEVERIFIER_TRUSTALL, false)); + + // validate configuration object + config.validate(); + + return config; } - private KeyStore getSslAuthKeyStore() throws EaafConfigurationException { - final String keyStoreType = basicConfig.getBasicConfiguration( - PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE, KeyStoreType.PKCS12.getKeyStoreType()); - final String localKeyStorePath = basicConfig - .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PATH, StringUtils.EMPTY); - final String keyStorePassword = basicConfig - .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD, StringUtils.EMPTY); - final String keyStoreName = basicConfig - .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_NAME, StringUtils.EMPTY); - - try { - final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); - keyStoreConfig.setKeyStoreType(keyStoreType); - keyStoreConfig.setFriendlyName("HttpClient Keystore"); - keyStoreConfig.setSoftKeyStoreFilePath(localKeyStorePath); - keyStoreConfig.setSoftKeyStorePassword(keyStorePassword); - keyStoreConfig.setKeyStoreName(keyStoreName); - - log.debug("Open keyStore with type: {}", keyStoreType); - final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig).getFirst(); - - return keyStore; - - } catch (final EaafException e) { - log.warn("Can NOT read keyStore: {} from filesystem", localKeyStorePath, null, e); - throw new EaafConfigurationException("Can NOT read keyStore: {} from filesystem", - new Object[] { localKeyStorePath }, e); + private void injectBasicAuthenticationIfRequired(HttpClientBuilder builder, + final HttpClientConfiguration httpClientConfig) { + if (httpClientConfig.getAuthMode().equals(HttpClientConfiguration.ClientAuthMode.PASSWORD)) { + final CredentialsProvider provider = new BasicCredentialsProvider(); + log.trace("Injecting basic authentication with username: {} and password: {}", + httpClientConfig.getUsername(), httpClientConfig.getPassword()); + final UsernamePasswordCredentials credentials = new UsernamePasswordCredentials( + httpClientConfig.getUsername(), httpClientConfig.getPassword()); + + final AuthScope scope = new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT, AuthScope.ANY_REALM); + provider.setCredentials(scope, credentials); + builder.setDefaultCredentialsProvider(provider); + log.info("Basic http authentication was injected with username: {}", + httpClientConfig.getUsername()); + + } else { + log.trace("Injection of Http Basic authentication was skipped"); } } - private LayeredConnectionSocketFactory getSslContext(final ClientAuthMode clientAuthMode) { + @Nonnull + private LayeredConnectionSocketFactory getSslContext(final HttpClientConfiguration httpClientConfig) + throws EaafException { SSLContext sslContext = null; - try { - if (clientAuthMode.equals(ClientAuthMode.SSL)) { - sslContext = buildSslContextWithSslClientAuthentication(); - - } else { - log.trace("Initializing default SSL Context ... "); - sslContext = SSLContext.getDefault(); - - } - - // set hostname verifier - HostnameVerifier hostnameVerifier = null; - if (basicConfig.getBasicConfigurationBoolean( - PROP_CONFIG_CLIENT_HTTP_SSL_HOSTNAMEVERIFIER_TRUSTALL, false)) { - hostnameVerifier = new NoopHostnameVerifier(); - log.warn("HTTP client-builder deactivates SSL Host-name verification!"); - - } + if (httpClientConfig.getAuthMode().equals(HttpClientConfiguration.ClientAuthMode.SSL)) { + log.debug("Open keyStore with type: {}", httpClientConfig.getKeyStoreConfig().getKeyStoreType()); + final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(httpClientConfig.getKeyStoreConfig()) + .getFirst(); - final LayeredConnectionSocketFactory sslSocketFactory = - new SSLConnectionSocketFactory(sslContext, hostnameVerifier); + log.trace("Injecting SSL client-authentication into http client ... "); + sslContext = HttpUtils.buildSslContextWithSslClientAuthentication(keyStore, + httpClientConfig.getSslKeyAlias(), httpClientConfig.getSslKeyPassword(), + httpClientConfig.isDisableTlsHostCertificateValidation(), httpClientConfig.getFriendlyName()); - return sslSocketFactory; + } else { + log.trace("Initializing default SSL Context ... "); + sslContext = SSLContexts.createDefault(); + + } - } catch (final NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException - | KeyStoreException | EaafConfigurationException e) { - log.warn("HTTP client-builder can NOT initialze SSL-Context", e); + // set hostname verifier + HostnameVerifier hostnameVerifier = null; + if (httpClientConfig.isDisableHostnameValidation()) { + hostnameVerifier = new NoopHostnameVerifier(); + log.warn("HTTP client-builder deactivates SSL Host-name verification!"); } - log.info("HTTP client-builder successfuly initialized"); - return null; + final LayeredConnectionSocketFactory sslSocketFactory = + new SSLConnectionSocketFactory(sslContext, hostnameVerifier); + log.debug("HTTP client-builder successfuly initialized"); + return sslSocketFactory; } - private void injectConnectionPoolIfRequired( - final LayeredConnectionSocketFactory sslConnectionFactory) { + private void injectDefaultConnectionPoolIfRequired( + HttpClientBuilder builder, final LayeredConnectionSocketFactory sslConnectionFactory) { if (basicConfig.getBasicConfigurationBoolean(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE, true)) { PoolingHttpClientConnectionManager pool; @@ -347,7 +285,7 @@ public class HttpClientFactory implements IHttpClientFactory { pool = new PoolingHttpClientConnectionManager(); } - + pool.setDefaultMaxPerRoute(Integer.parseInt( basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE, DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE))); @@ -355,15 +293,61 @@ public class HttpClientFactory implements IHttpClientFactory { basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL, DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL))); - httpClientBuilder.setConnectionManager(pool); + pool.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(Integer.parseInt( + basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET, + DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET)) + * 1000).build()); + + builder.setConnectionManager(pool); log.debug("Initalize http-client pool with, maxTotal: {} maxPerRoute: {}", pool.getMaxTotal(), pool.getDefaultMaxPerRoute()); } else if (sslConnectionFactory != null) { log.trace("Inject SSLSocketFactory without connection pool"); - httpClientBuilder.setSSLSocketFactory(sslConnectionFactory); + builder.setSSLSocketFactory(sslConnectionFactory); + + } + + } + private RequestConfig buildDefaultRequestConfig() { + final RequestConfig requestConfig = + RequestConfig.custom() + .setConnectTimeout( + Integer.parseInt(basicConfig.getBasicConfiguration( + PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION, + DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION)) * 1000) + .setConnectionRequestTimeout(Integer.parseInt(basicConfig.getBasicConfiguration( + PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST, + DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST)) * 1000) + .setSocketTimeout(Integer.parseInt( + basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET, + DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET)) + * 1000) + .build(); + return requestConfig; + + } + + private static RedirectStrategy buildRedirectStrategy(final boolean followRedirects) { + RedirectStrategy redirectStrategy = new DefaultRedirectStrategy(); + if (!followRedirects) { + redirectStrategy = new RedirectStrategy() { + + @Override + public boolean isRedirected(final HttpRequest request, final HttpResponse response, + final HttpContext context) throws ProtocolException { + return false; + } + + @Override + public HttpUriRequest getRedirect(final HttpRequest request, final HttpResponse response, + final HttpContext context) throws ProtocolException { + return null; + } + }; } + return redirectStrategy; } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java index 66356ba0..2d514912 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java @@ -16,14 +16,35 @@ * works that you distribute must include a readable copy of the "NOTICE" text file. */ -package at.gv.egiz.eaaf.core.impl.utils; +package at.gv.egiz.eaaf.core.impl.http; +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; + +import javax.annotation.Nonnull; +import javax.annotation.Nullable; +import javax.net.ssl.SSLContext; import javax.servlet.http.HttpServletRequest; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; + import org.apache.commons.lang3.StringUtils; +import org.apache.http.conn.ssl.TrustAllStrategy; +import org.apache.http.ssl.SSLContextBuilder; +import org.apache.http.ssl.SSLContexts; +import org.apache.http.ssl.TrustStrategy; + +import lombok.extern.slf4j.Slf4j; +@Slf4j public class HttpUtils { + private static final String ERROR_03 = "internal.httpclient.03"; + /** * Helper method to retrieve server URL including context path. * @@ -115,4 +136,59 @@ public class HttpUtils { } } + /** + * Initialize a {@link SSLContext} with a {@link KeyStore} that uses X509 Client + * authentication. + * + * @param keyStore KeyStore with private keys that should be + * used + * @param keyAlias Alias of the key that should be used. If + * the alias is null, than the first key that + * is found will be selected. + * @param keyPasswordString Password of the Key in this keystore + * @param trustAllServerCertificates Deactivate SSL server-certificate + * validation + * @param friendlyName FriendlyName of the http client for logging + * purposes + * @return {@link SSLContext} with X509 client authentication + * @throws EaafConfigurationException In case of a configuration error + * @throws EaafFactoryException In case of a {@link SSLContext} + * initialization error + */ + public static SSLContext buildSslContextWithSslClientAuthentication(@Nonnull final KeyStore keyStore, + @Nullable String keyAlias, @Nullable String keyPasswordString, + boolean trustAllServerCertificates, @Nonnull String friendlyName) + throws EaafConfigurationException, EaafFactoryException { + try { + log.trace("Open SSL Client-Auth keystore with password: {}", keyPasswordString); + final char[] keyPassword = keyPasswordString == null ? StringUtils.EMPTY.toCharArray() + : keyPasswordString.toCharArray(); + + SSLContextBuilder sslContextBuilder = SSLContexts.custom(); + if (StringUtils.isNotEmpty(keyAlias)) { + sslContextBuilder = sslContextBuilder + .loadKeyMaterial(keyStore, keyPassword, new EaafSslKeySelectionStrategy(keyAlias)); + + } else { + sslContextBuilder = sslContextBuilder + .loadKeyMaterial(keyStore, keyPassword); + + } + + if (trustAllServerCertificates) { + log.warn("Http-client:{} trusts ALL TLS server-certificates!"); + final TrustStrategy trustStrategy = new TrustAllStrategy(); + sslContextBuilder = sslContextBuilder.loadTrustMaterial(trustStrategy); + + } + + return sslContextBuilder.build(); + + } catch (NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException + | KeyStoreException e) { + throw new EaafFactoryException(ERROR_03, new Object[] { friendlyName, e.getMessage() }, e); + + } + } + } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/IHttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/IHttpClientFactory.java new file mode 100644 index 00000000..7ec58d46 --- /dev/null +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/IHttpClientFactory.java @@ -0,0 +1,43 @@ +package at.gv.egiz.eaaf.core.impl.http; + +import javax.annotation.Nonnull; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; + +import org.apache.http.impl.client.CloseableHttpClient; + +public interface IHttpClientFactory { + + /** + * Return an instance of a Apache HTTP client that uses + * default configuration properties from {@link IHttpClientFactory} implementation + * and follows http redirects automatically. + * + * @return http client + */ + @Nonnull + CloseableHttpClient getHttpClient(); + + /** + * Return an instance of a Apache HTTP client that uses + * default configuration properties from {@link IHttpClientFactory} implementation. + * + * @param followRedirects if <code>false</code>, the client does not flow 30x + * http redirects + * @return http client + */ + @Nonnull + CloseableHttpClient getHttpClient(boolean followRedirects); + + /** + * Return an instance of a Apache HTTP client based in {@link HttpClientConfiguration}. + * + * @param config Configuration object for this http client + * @return http client + * @throws EaafException In case of a http-client initialization problem + */ + @Nonnull + CloseableHttpClient getHttpClient(@Nonnull HttpClientConfiguration config) + throws EaafException; + +} diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java deleted file mode 100644 index f922e1ac..00000000 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java +++ /dev/null @@ -1,24 +0,0 @@ -package at.gv.egiz.eaaf.core.impl.utils; - -import org.apache.http.impl.client.CloseableHttpClient; - -public interface IHttpClientFactory { - - /** - * Return an instance of a Apache HTTP client that follows http redirects - * automatically. - * - * @return - */ - CloseableHttpClient getHttpClient(); - - /** - * Return an instance of a Apache HTTP client. - * - * @param followRedirects if <code>false</code>, the client does not flow 30x - * http redirects - * @return - */ - CloseableHttpClient getHttpClient(boolean followRedirects); - -} diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java index 4cbcfa70..4c1601c0 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java @@ -19,6 +19,8 @@ package at.gv.egiz.eaaf.core.impl.utils; +import java.util.UUID; + import at.gv.egiz.eaaf.core.api.IRequest; /** @@ -29,7 +31,6 @@ import at.gv.egiz.eaaf.core.api.IRequest; */ public class TransactionIdUtils { - // MDC variables for logging /** * To correlate technical logs over one single transactions. */ @@ -46,6 +47,11 @@ public class TransactionIdUtils { public static final String MDC_SERVICEPROVIDER_ID = "oaId"; /** + * Unique application identifier that is processed in this transaction. + */ + public static final String MDC_REMOTEHOST = "remoteHost"; + + /** * Set all MDC variables from pending request to this threat context.<br> * These includes SessionID, TransactionID, and unique service-provider * identifier @@ -67,6 +73,7 @@ public class TransactionIdUtils { removeSessionId(); removeTransactionId(); removeServiceProviderId(); + removeRemoteHost(); } @@ -99,6 +106,14 @@ public class TransactionIdUtils { } /** + * Set new random transactionId as an UUID. + */ + public static void setTransactionId() { + org.slf4j.MDC.put(MDC_TRANSACTION_ID, UUID.randomUUID().toString()); + + } + + /** * Set Id to correlate technical logs over one single transactions. * * @param transactionId Unique transaction Id @@ -117,6 +132,14 @@ public class TransactionIdUtils { } /** + * Set a new random SessionId as UUID. + */ + public static void setSessionId() { + org.slf4j.MDC.put(MDC_SESSION_ID, UUID.randomUUID().toString()); + + } + + /** * Set Id to correlate technical logs over a set of transactions, like SSO. * * @param uniqueSessionId Unique Id @@ -135,5 +158,23 @@ public class TransactionIdUtils { } + /** + * Set remoteHost information to correlate technical logs. + * + * @param remoteHost IP address of the remote host + */ + public static void setRemoteHost(final String remoteHost) { + org.slf4j.MDC.put(MDC_REMOTEHOST, remoteHost); + + } + + /** + * Remove remoteHost for Logging. + */ + public static void removeRemoteHost() { + org.slf4j.MDC.remove(MDC_REMOTEHOST); + + } + } diff --git a/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties index f531e02d..b20c5f63 100644 --- a/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties +++ b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties @@ -12,4 +12,7 @@ internal.keystore.07=Validation of KeyStore: {0} failed. Reason: {1} internal.keystore.08=Can not access Key: {1} in KeyStore: {0} internal.keystore.09=Can not access Key: {1} in KeyStore: {0} Reason: {2} - +internal.httpclient.00=HttpClient:{0} uses http Basic-Auth, but 'Username' is NOT set +internal.httpclient.01=HttpClient:{0} uses X509 client-auth, but 'KeyStoreConfig' is NOT set +internal.httpclient.02=HttpClient:{0} uses KeyStore:{1}, but 'keyPassword' is NOT set +internal.httpclient.03=Can not initialize SSLContext for HttpClient:{0} Reason:{1}
\ No newline at end of file diff --git a/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml b/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml index ab631e34..aa5a50de 100644 --- a/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml +++ b/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml @@ -11,8 +11,8 @@ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd" > <bean id="eaafHttpClientFactory" - class="at.gv.egiz.eaaf.core.impl.utils.HttpClientFactory" /> - + class="at.gv.egiz.eaaf.core.impl.http.HttpClientFactory" /> + <bean id="eaafKeyStoreFactory" class="at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory" /> diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java index ed2e159b..cefb1e7e 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java @@ -7,17 +7,6 @@ import java.security.Provider; import java.security.cert.X509Certificate; import java.util.List; -import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; - import org.apache.commons.lang3.RandomStringUtils; import org.junit.Assert; import org.junit.Before; @@ -35,6 +24,17 @@ import com.google.common.base.Optional; import com.google.common.base.Predicates; import com.google.common.base.Throwables; import com.google.common.collect.FluentIterable; + +import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; import io.grpc.StatusRuntimeException; @RunWith(SpringJUnit4ClassRunner.class) @@ -325,7 +325,7 @@ public class EaafKeyStoreFactoryTest { keyStore.getFirst(), "notexist", "password".toCharArray(), false, "jUnit test"); Assert.assertNull("Credential 3", privCred3); - //read priv. key + //read priv. key final Pair<Key, X509Certificate[]> privCred4 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore.getFirst(), "meta", "wrong".toCharArray(), false, "jUnit test"); Assert.assertNull("Credential 3", privCred4); diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java new file mode 100644 index 00000000..25bd3008 --- /dev/null +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java @@ -0,0 +1,329 @@ +package at.gv.egiz.eaaf.core.test.http; + +import java.io.IOException; +import java.net.HttpURLConnection; +import java.net.InetAddress; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.Provider; +import java.security.cert.X509Certificate; + +import org.apache.commons.lang3.RandomStringUtils; +import org.apache.http.client.ClientProtocolException; +import org.apache.http.client.methods.CloseableHttpResponse; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.methods.HttpUriRequest; +import org.apache.http.impl.client.CloseableHttpClient; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.http.HttpClientConfiguration; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; +import okhttp3.HttpUrl; +import okhttp3.mockwebserver.MockResponse; +import okhttp3.mockwebserver.MockWebServer; +import okhttp3.mockwebserver.RecordedRequest; +import okhttp3.tls.HandshakeCertificates; +import okhttp3.tls.HeldCertificate; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/spring/test_eaaf_pvp_not_lazy.beans.xml") +public class HttpClientFactoryTest { + + @Autowired private EaafKeyStoreFactory keyStoreFactory; + @Autowired private IHttpClientFactory httpClientFactory; + + private MockWebServer mockWebServer = null; + private HttpUrl mockServerUrl; + + /** + * JUnit test set-up. + * + */ + @Before + public void setup() { + + } + + /** + * jUnit test shutdown. + * + * @throws IOException In case of an mockWebServer error + */ + @After + public void shutdown() throws IOException { + if (mockWebServer != null) { + mockWebServer.shutdown(); + mockWebServer = null; + + } + + } + + @Test + public void getDefaultClient() { + final CloseableHttpClient client = httpClientFactory.getHttpClient(); + Assert.assertNotNull("httpClient", client); + + } + + @Test + public void getDefaultClientNoRedirect() { + final CloseableHttpClient client = httpClientFactory.getHttpClient(false); + Assert.assertNotNull("httpClient", client); + + } + + @Test + public void getCustomClientsDefault() throws EaafException { + final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); + Assert.assertFalse("Wrong default config - Hostnamevalidation", + config.isDisableHostnameValidation()); + Assert.assertFalse("Wrong default config - TLS Server-certs", + config.isDisableTlsHostCertificateValidation()); + + final CloseableHttpClient client1 = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("first http client", client1); + + final CloseableHttpClient client2 = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("second http client", client2); + + } + + @Test + public void getCustomClientUnknownAuthMethod() throws EaafException { + final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); + config.setAuthMode(RandomStringUtils.randomAlphabetic(5)); + final CloseableHttpClient client = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("httpClient", client); + + } + + @Test + public void getCustomClientBasicAuth() throws EaafException, ClientProtocolException, + IOException, InterruptedException { + final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); + config.setAuthMode("password"); + config.setUsername("jUnit"); + config.setPassword("password"); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("httpClient", client); + + //setup test webserver that requestes http Basic authentication + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/junit"); + mockWebServer.enqueue(new MockResponse() + .setResponseCode(HttpURLConnection.HTTP_UNAUTHORIZED) + .addHeader("www-authenticate: Basic realm=\"protected area\"") + .setBody("Please authenticate.")); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody("Successful auth!")); + + //request webservice + final HttpUriRequest httpGet2 = new HttpGet(mockServerUrl.url().toString()); + final CloseableHttpResponse httpResp2 = client.execute(httpGet2); + Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode()); + + //check request contains basic authentication after authentication was requested + final RecordedRequest httpReq1 = mockWebServer.takeRequest(); + final RecordedRequest httpReq2 = mockWebServer.takeRequest(); + Assert.assertNull("wrong BasicAuthHeader", httpReq1.getHeader("Authorization")); + Assert.assertNotNull("missing BasicAuthHeader", httpReq2.getHeader("Authorization")); + + } + + @Test + public void getCustomClientBasicAuthNoUsername() { + final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); + config.setAuthMode("password"); + try { + httpClientFactory.getHttpClient(config); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + Assert.assertEquals("Wrong errorCode", "internal.httpclient.00", e.getErrorId()); + + } + } + + @Test + public void getCustomClientBasicAuthNoPassword() throws EaafException { + final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); + config.setAuthMode("password"); + config.setUsername(RandomStringUtils.randomAlphabetic(5)); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("httpClient", client); + + } + + @Test + public void getCustomClientX509AuthNoKeyStoreConfig() { + final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); + config.setAuthMode("ssl"); + try { + httpClientFactory.getHttpClient(config); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + Assert.assertEquals("Wrong errorCode", "internal.httpclient.01", e.getErrorId()); + + } + } + + @Test + public void getCustomClientX509AuthNoKeyPassword() throws EaafException { + final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); + config.setAuthMode("ssl"); + config.buildKeyStoreConfig( + "jks", + "src/test/resources/data/junit.jks", + "password", + null); + + try { + httpClientFactory.getHttpClient(config); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + Assert.assertEquals("Wrong errorCode", "internal.httpclient.02", e.getErrorId()); + + } + } + + @Test + public void getCustomClientX509Auth() throws EaafException { + final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); + config.setAuthMode("ssl"); + config.buildKeyStoreConfig( + "jks", + "src/test/resources/data/junit.jks", + "password", + null); + config.setSslKeyPassword("password"); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("httpClient", client); + + } + + @Test + public void getCustomClientX509AuthWithAlias() throws EaafException, ClientProtocolException, + IOException, KeyStoreException { + final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); + config.setAuthMode("ssl"); + config.buildKeyStoreConfig( + "jks", + "src/test/resources/data/junit.jks", + "password", + null); + config.setSslKeyPassword("password"); + config.setSslKeyAlias("sig"); + config.setDisableTlsHostCertificateValidation(true); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("httpClient", client); + + //set-up mock-up web-server with SSL client authentication + final Pair<KeyStore, Provider> sslClientKeyStore = + keyStoreFactory.buildNewKeyStore(config.getKeyStoreConfig()); + final String localhost = InetAddress.getByName("localhost").getCanonicalHostName(); + final HeldCertificate localhostCertificate = new HeldCertificate.Builder() + .addSubjectAlternativeName(localhost) + .build(); + final HandshakeCertificates serverCertificates = new HandshakeCertificates.Builder() + .addTrustedCertificate( + (X509Certificate) sslClientKeyStore.getFirst().getCertificate(config.getSslKeyAlias())) + .heldCertificate(localhostCertificate) + .build(); + mockWebServer = new MockWebServer(); + mockWebServer.useHttps(serverCertificates.sslSocketFactory(), false); + mockWebServer.requireClientAuth(); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody("Successful auth!")); + mockServerUrl = mockWebServer.url("/sp/junit"); + + //perform test request + final HttpUriRequest httpGet2 = new HttpGet(mockServerUrl.url().toString()); + final CloseableHttpResponse httpResp2 = client.execute(httpGet2); + Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode()); + + } + + @Test + public void getCustomClientX509AuthWrongKeyPassword() throws EaafException { + final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); + config.setAuthMode("ssl"); + config.buildKeyStoreConfig( + "jks", + "src/test/resources/data/junit.jks", + "password", + null); + config.setSslKeyPassword(RandomStringUtils.randomAlphanumeric(5)); + config.setSslKeyAlias("sig"); + + try { + httpClientFactory.getHttpClient(config); + Assert.fail("Wrong key password not detected"); + + } catch (final EaafException e) { + Assert.assertEquals("Wrong errorCode", "internal.httpclient.03", e.getErrorId()); + + } + } + + @Test + public void getCustomClientX509AuthWithWrongAlias() throws EaafException, KeyStoreException, + ClientProtocolException, IOException { + final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); + config.setAuthMode("ssl"); + config.buildKeyStoreConfig( + "jks", + "src/test/resources/data/junit.jks", + "password", + null); + config.setSslKeyPassword("password"); + config.setSslKeyAlias(RandomStringUtils.randomAlphabetic(5)); + config.setDisableHostnameValidation(true); + config.setFollowHttpRedirects(false); + config.setDisableTlsHostCertificateValidation(true); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("httpClient", client); + + //set-up mock-up web-server with SSL client authentication + final Pair<KeyStore, Provider> sslClientKeyStore = + keyStoreFactory.buildNewKeyStore(config.getKeyStoreConfig()); + final String localhost = InetAddress.getByName("localhost").getCanonicalHostName(); + final HeldCertificate localhostCertificate = new HeldCertificate.Builder() + .addSubjectAlternativeName(localhost) + .build(); + final HandshakeCertificates serverCertificates = new HandshakeCertificates.Builder() + .addTrustedCertificate( + (X509Certificate) sslClientKeyStore.getFirst().getCertificate("meta")) + .heldCertificate(localhostCertificate) + .build(); + mockWebServer = new MockWebServer(); + mockWebServer.useHttps(serverCertificates.sslSocketFactory(), false); + mockWebServer.requireClientAuth(); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody("Successful auth!")); + mockServerUrl = mockWebServer.url("/sp/junit"); + + //perform test request + final HttpUriRequest httpGet2 = new HttpGet(mockServerUrl.url().toString()); + final CloseableHttpResponse httpResp2 = client.execute(httpGet2); + Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode()); + + } +} diff --git a/eaaf_modules/eaaf_module_auth_sl20/pom.xml b/eaaf_modules/eaaf_module_auth_sl20/pom.xml index 81611aff..c113ef98 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/pom.xml +++ b/eaaf_modules/eaaf_module_auth_sl20/pom.xml @@ -6,7 +6,7 @@ <parent> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_modules</artifactId> - <version>1.1.0</version> + <version>1.1.1</version> </parent> <artifactId>eaaf_module_auth_sl20</artifactId> <name>Generic SL2.0 authentication</name> @@ -42,7 +42,11 @@ <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> </dependency> - + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-webmvc</artifactId> + <scope>provided</scope> + </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java index bb0c41d7..0f88e251 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java @@ -9,6 +9,7 @@ public class VerificationResult { private Boolean validSigned = null; private List<X509Certificate> certs = null; + private JsonNode header = null; private JsonNode payload = null; public VerificationResult(final JsonNode payload) { @@ -19,11 +20,14 @@ public class VerificationResult { /** * JWS signature verification-result container. * + * @param joseHeader JWS header * @param payload JWS payload * @param certs JWS signercertificate * @param wasValidSigned true if signature was valid */ - public VerificationResult(final JsonNode payload, final List<X509Certificate> certs, final boolean wasValidSigned) { + public VerificationResult(final JsonNode joseHeader, final JsonNode payload, + final List<X509Certificate> certs, final boolean wasValidSigned) { + this.header = joseHeader; this.payload = payload; this.certs = certs; this.validSigned = wasValidSigned; @@ -42,4 +46,8 @@ public class VerificationResult { return payload; } + public JsonNode getJoseHeader() { + return header; + + } } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java index d1887d5c..6a5e1ef0 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java @@ -1,5 +1,6 @@ package at.gv.egiz.eaaf.modules.auth.sl20.tasks; +import java.io.Serializable; import java.security.cert.CertificateEncodingException; import java.util.ArrayList; import java.util.List; @@ -28,8 +29,8 @@ import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; @@ -39,6 +40,7 @@ import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants; +import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants.VdaAuthMethod; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonBuilderUtils; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils; @@ -95,6 +97,15 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl final List<NameValuePair> parameters = new ArrayList<>(); parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes("UTF-8")))); + + //set specific authentication method if it was selection by process step before + VdaAuthMethod authMethod = getVdaAuthMethodFromContext(executionContext); + if (authMethod != null) { + log.debug("Request VDA with authType: {}", authMethod); + parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_AUTH_METHOD_PARAM, + authMethod.getAuthMethod())); + } + httpReq.setEntity(new UrlEncodedFormEntity(parameters)); // build http GET request @@ -191,6 +202,13 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl } /** + * Get ExecutionContext parameter-key for VDA AuthMethod information. + * + * @return Key to get AuthMethod from {@link ExecutionContext} + */ + protected abstract String getAuthMethodContextParamKey(); + + /** * Create a implementation specific qualified eID SL2.0 command * * @param oaConfig @@ -201,6 +219,18 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl */ protected abstract String buildSignedQualifiedEidCommand() throws CertificateEncodingException, SL20Exception; + + private VdaAuthMethod getVdaAuthMethodFromContext(ExecutionContext executionContext) { + Serializable authMethodRaw = executionContext.get(getAuthMethodContextParamKey()); + if (authMethodRaw instanceof String) { + log.trace("Find authMethod parameter: {} on context", authMethodRaw); + return VdaAuthMethod.fromString((String) authMethodRaw); + + } + + return null; + } + private String extractVdaUrlForSpecificOa(final ISpConfiguration oaConfig, final ExecutionContext executionContext) { // load SP specific config for development and testing purposes diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java index 1b1f090f..43c44647 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java @@ -13,22 +13,6 @@ import java.util.List; import javax.annotation.Nonnull; import javax.annotation.PostConstruct; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.utils.X509Utils; -import at.gv.egiz.eaaf.modules.auth.sl20.Constants; -import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20SecurityException; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException; - import org.apache.commons.lang3.StringUtils; import org.jose4j.jca.ProviderContext; import org.jose4j.jwa.AlgorithmConstraints; @@ -50,6 +34,22 @@ import org.springframework.util.Base64Utils; import com.fasterxml.jackson.core.JsonParseException; import com.fasterxml.jackson.databind.JsonNode; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.utils.X509Utils; +import at.gv.egiz.eaaf.modules.auth.sl20.Constants; +import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20SecurityException; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException; + @Service public class JsonSecurityUtils implements IJoseTools { private static final Logger log = LoggerFactory.getLogger(JsonSecurityUtils.class); @@ -230,7 +230,10 @@ public class JsonSecurityUtils implements IJoseTools { jws.setKey(selectedKey); // load payLoad - return new VerificationResult(mapper.getMapper().readTree(jws.getPayload()), null, jws.verifySignature()); + return new VerificationResult( + mapper.getMapper().readTree(jws.getHeaders().getFullHeaderAsJsonString()), + mapper.getMapper().readTree(jws.getPayload()), + x5cCerts, jws.verifySignature()); } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java index 01316b9b..bfc393db 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java @@ -4,6 +4,8 @@ import java.util.Arrays; import java.util.Collections; import java.util.List; +import javax.annotation.Nonnull; + import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers; import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers; import org.jose4j.jws.AlgorithmIdentifiers; @@ -11,10 +13,54 @@ import org.jose4j.jws.AlgorithmIdentifiers; public class SL20Constants { public static final int CURRENT_SL20_VERSION = 10; + // http binding parameters public static final String PARAM_SL20_REQ_COMMAND_PARAM = "slcommand"; public static final String PARAM_SL20_REQ_COMMAND_PARAM_OLD = "sl2command"; + public static final String PARAM_SL20_REQ_AUTH_METHOD_PARAM = "authtype"; + + public enum VdaAuthMethod { + ANY("any"), MOBILEPHONE("handy"), CARD("card"), SMARTPHONE("smartphone"); + + private final String authMethod; + + VdaAuthMethod(final String method) { + this.authMethod = method; + } + + /** + * Get VDA AuthMethod. + * + * @return + */ + public String getAuthMethod() { + return this.authMethod; + } + + /** + * Get VDA authmethod from String representation. + * + * @param s authMethod parameter + * @return AuthMethod, or VdaAuthMethod.ANY if the parameter is unknown + */ + public static VdaAuthMethod fromString(@Nonnull final String s) { + try { + return VdaAuthMethod.valueOf(s.toUpperCase()); + + } catch (IllegalArgumentException | NullPointerException e) { + return VdaAuthMethod.ANY; + + } + } + + @Override + public String toString() { + return getAuthMethod(); + + } + } + public static final String PARAM_SL20_REQ_ICP_RETURN_URL_PARAM = "slIPCReturnUrl"; public static final String PARAM_SL20_REQ_TRANSACTIONID = "slTransactionID"; diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java index eb17781b..d76f4aad 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java @@ -105,6 +105,7 @@ public class SL20JsonBuilderUtils { * @param name commando name * @param result commando result * @param encryptedResult encrypted commando result + * @param signer {@link JsonSecurityUtils} implementation * @return JWS in serialized form * @throws SlCommandoBuildException in case of an error * diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java index eb6de461..40ea0430 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java @@ -63,6 +63,7 @@ public class SL20JsonExtractorUtils { * @param input JSON * @param keyID Element identifier * @param isRequired true, if the element must not null + * @param defaultValue in case of no existing element with key * @return Boolean * @throws SlCommandoParserException In case of an error */ @@ -269,6 +270,7 @@ public class SL20JsonExtractorUtils { * * @param container JSON * @param joseTools JWS implementation + * @param mustBeSigned Throw an error if the result was not signed * @return Signature verification result that contains the payLoad * @throws SlCommandoParserException In case of an error */ diff --git a/eaaf_modules/eaaf_module_moa-sig/pom.xml b/eaaf_modules/eaaf_module_moa-sig/pom.xml index 11b8cfd9..aa63b3c3 100644 --- a/eaaf_modules/eaaf_module_moa-sig/pom.xml +++ b/eaaf_modules/eaaf_module_moa-sig/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_modules</artifactId> - <version>1.1.0</version> + <version>1.1.1</version> </parent> <artifactId>eaaf_module_moa-sig</artifactId> <name>MOA-Sig signature verification module</name> @@ -59,7 +59,12 @@ <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_core_api</artifactId> </dependency> - + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-webmvc</artifactId> + <scope>provided</scope> + </dependency> + <dependency> <groupId>joda-time</groupId> <artifactId>joda-time</artifactId> diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml index 31110bfd..253d0afb 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml @@ -7,7 +7,7 @@ <parent> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_modules</artifactId> - <version>1.1.0</version> + <version>1.1.1</version> </parent> <artifactId>eaaf_module_pvp2_core</artifactId> <name>eaaf_module_pvp2_core</name> @@ -48,6 +48,12 @@ </dependency> <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-webmvc</artifactId> + <scope>provided</scope> + </dependency> + + <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <scope>provided</scope> diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java index a564efb2..acd565a1 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java @@ -1,11 +1,14 @@ package at.gv.egiz.eaaf.modules.pvp2.api.utils; +import java.security.KeyStore; +import java.security.Provider; import java.security.cert.X509Certificate; import java.util.List; import javax.annotation.Nonnull; import javax.annotation.Nullable; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; @@ -51,5 +54,15 @@ public interface IPvp2CredentialProvider { @Nonnull List<X509Certificate> getTrustedCertificates() throws CredentialsNotAvailableException; + + + /** + * Get the {@link KeyStore} that is used in this {@link IPvp2CredentialProvider}. + * + * @return KeyStore {@link Pair} of {@link KeyStore} and JCE {@link Provider} + * if a special provider is in use + */ + @Nonnull + Pair<KeyStore, Provider> getKeyStore(); }
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java index bf201803..1d6e3738 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java @@ -19,8 +19,6 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.builder; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; - import org.opensaml.core.xml.XMLObject; import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; import org.opensaml.core.xml.schema.XSInteger; @@ -30,6 +28,8 @@ import org.opensaml.core.xml.schema.impl.XSStringBuilder; import org.opensaml.saml.saml2.core.Attribute; import org.opensaml.saml.saml2.core.AttributeValue; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; + /** * Build all attributes from PVP2 citizen-token. * @@ -73,6 +73,7 @@ public class CitizenTokenBuilder { * Build simple attribute. * * @param friendlyName attribute friendly-name + * @param name attribute name * @param value Attributevalue * @return XML attribute */ @@ -89,6 +90,7 @@ public class CitizenTokenBuilder { * Build simple attribute. * * @param friendlyName attribute friendly-name + * @param name attribute name * @param value Attributevalue * @return XML attribute */ diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java index 0b505e56..d29f1a0e 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java @@ -8,15 +8,6 @@ import javax.annotation.Nullable; import javax.annotation.PostConstruct; import javax.net.ssl.SSLHandshakeException; -import at.gv.egiz.components.spring.api.IDestroyableObject; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.impl.utils.FileUtils; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter; - import org.apache.http.client.HttpClient; import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; import org.opensaml.saml.metadata.resolver.ExtendedRefreshableMetadataResolver; @@ -30,6 +21,15 @@ import org.springframework.core.io.ResourceLoader; import com.google.common.base.Predicates; import com.google.common.base.Throwables; import com.google.common.collect.FluentIterable; + +import at.gv.egiz.components.spring.api.IDestroyableObject; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter; import lombok.extern.slf4j.Slf4j; import net.shibboleth.utilities.java.support.component.ComponentInitializationException; import net.shibboleth.utilities.java.support.resolver.ResolverException; @@ -90,6 +90,7 @@ public class PvpMetadataResolverFactory implements IDestroyableObject { * @param filter Filters, which should be used to validate the * metadata * @param idForLogging Id, which is used for Logging + * @param pool XML parser-pool to parse SAML2 Metadaten * @param httpClient Apache commons 4.x http client * * @return SAML2 Metadata Provider, or null if the metadata provider can not diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java index 26a5c5f6..e17e625e 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java @@ -32,6 +32,12 @@ import java.util.List; import javax.annotation.Nonnull; import javax.annotation.PostConstruct; +import org.apache.commons.lang3.StringUtils; +import org.apache.xml.security.algorithms.JCEMapper; +import org.opensaml.security.credential.UsageType; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.ResourceLoader; + import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.exceptions.EaafException; @@ -44,13 +50,6 @@ import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter; - -import org.apache.commons.lang3.StringUtils; -import org.apache.xml.security.algorithms.JCEMapper; -import org.opensaml.security.credential.UsageType; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.core.io.ResourceLoader; - import lombok.extern.slf4j.Slf4j; @Slf4j @@ -256,6 +255,11 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi } + public Pair<KeyStore, Provider> getKeyStore() { + return keyStore; + + } + @PostConstruct private void initialize() throws Exception { try { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SimpleMetadataSignatureVerificationFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SimpleMetadataSignatureVerificationFilter.java index ef09e5c4..5a97924f 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SimpleMetadataSignatureVerificationFilter.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SimpleMetadataSignatureVerificationFilter.java @@ -23,15 +23,14 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; import javax.annotation.Nonnull; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMetadataSignatureException; - import org.opensaml.saml.common.SignableSAMLObject; import org.opensaml.saml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml.saml2.metadata.EntityDescriptor; @@ -40,13 +39,18 @@ import org.opensaml.security.x509.BasicX509Credential; import org.opensaml.xmlsec.signature.support.SignatureException; import org.opensaml.xmlsec.signature.support.SignatureValidator; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMetadataSignatureException; import lombok.extern.slf4j.Slf4j; @Slf4j public class SimpleMetadataSignatureVerificationFilter extends AbstractMetadataSignatureFilter { private final String metadataUrl; - private final List<BasicX509Credential> trustedCredential = new ArrayList<>(); + private final KeyStore trustedCredential; private static final String ERROR_07 = "internal.pvp.07"; private static final String ERROR_12 = "internal.pvp.12"; @@ -61,13 +65,13 @@ public class SimpleMetadataSignatureVerificationFilter extends AbstractMetadataS * SAML2 metadata with {@link EntitiesDescriptor} <b>are not supported.</b> * </p> * - * @param credentials Trust X509 certificates + * @param keyStore TrustStore that contains trusted X509 certificates * @param metadataUrl Metadata URL for logging purposes */ - public SimpleMetadataSignatureVerificationFilter(@Nonnull List<BasicX509Credential> credentials, + public SimpleMetadataSignatureVerificationFilter(@Nonnull KeyStore keyStore, @Nonnull String metadataUrl) { this.metadataUrl = metadataUrl; - this.trustedCredential.addAll(credentials); + this.trustedCredential = keyStore; } @@ -121,7 +125,7 @@ public class SimpleMetadataSignatureVerificationFilter extends AbstractMetadataS // perform cryptographic signature verification boolean isTrusted = false; - for (final BasicX509Credential cred : trustedCredential) { + for (final BasicX509Credential cred : getTrustedCertificates()) { log.trace("Validating signature with credential: {} ... ", cred.getEntityCertificate().getSubjectDN()); try { @@ -140,7 +144,31 @@ public class SimpleMetadataSignatureVerificationFilter extends AbstractMetadataS throw new SamlMetadataSignatureException(metadataUrl, ERROR_MSG_SIGNOTVALID); } + } + + private List<BasicX509Credential> getTrustedCertificates() throws EaafConfigurationException { + try { + final List<X509Certificate> certs = + EaafKeyStoreUtils.readCertsFromKeyStore(trustedCredential); + if (certs.isEmpty()) { + log.warn("No trusted metadata-signing certificates in configuration"); + throw new EaafConfigurationException("module.eidasauth.02", + new Object[] { "No trusted metadata-signing certificates" }); + + } + + final List<BasicX509Credential> result = new ArrayList<>(); + for (final X509Certificate cert : certs) { + result.add(new BasicX509Credential(cert)); + } + return result; + + } catch (final KeyStoreException e) { + throw new EaafConfigurationException("module.eidasauth.01", + new Object[] { "Trusted metadata-signing certificates", e.getMessage() }, e); + + } } } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java index d5186857..e593c1d4 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java @@ -3,28 +3,9 @@ package at.gv.egiz.eaaf.modules.pvp2.test; import java.util.ArrayList; import java.util.List; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; -import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; -import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; -import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider; - +import org.apache.xml.security.algorithms.JCEMapper; import org.joda.time.DateTime; +import org.junit.AfterClass; import org.junit.BeforeClass; import org.junit.Test; import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; @@ -47,6 +28,26 @@ import org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.util.Assert; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider; import net.shibboleth.utilities.java.support.xml.XMLParserException; @@ -72,6 +73,17 @@ public abstract class AbstractSamlVerificationEngine { EaafOpenSaml3xInitializer.eaafInitialize(); } + + /** + * Reset OpenSAML3.x JCEMapper to default. + * + */ + @AfterClass + public static void classCloser() { + JCEMapper.setProviderId(null); + + } + protected abstract String getMetadataJunitJKeystore(); protected abstract String getMetadataClassPathEntityPath(); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java index b94ed8cc..88106e5b 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java @@ -2,8 +2,6 @@ package at.gv.egiz.eaaf.modules.pvp2.test; import java.util.List; -import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; - import org.junit.Assert; import org.junit.Test; import org.junit.runner.RunWith; @@ -14,10 +12,12 @@ import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; + @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml", -"/spring/test_eaaf_core_spring_config.beans.xml", -"/spring/eaaf_utils.beans.xml" }) + "/spring/test_eaaf_core_spring_config.beans.xml", + "/spring/eaaf_utils.beans.xml" }) @TestPropertySource(locations = { "/config/config_1.props" }) public class PvpCoreMessageSourceTest { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java index 44cdf111..c2530004 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java @@ -27,7 +27,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } try { @@ -35,7 +35,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } } @@ -54,7 +54,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } } @@ -69,7 +69,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_SUBSTANTIAL, requiredLoAs, matchingMode); @@ -80,7 +80,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } } @@ -95,7 +95,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } try { @@ -103,7 +103,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_HIGH, requiredLoAs, matchingMode); @@ -113,7 +113,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } } @@ -128,7 +128,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_LOW, requiredLoAs, matchingMode); @@ -139,7 +139,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java index 64bfb8f6..57c4b93a 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java @@ -1,22 +1,5 @@ package at.gv.egiz.eaaf.modules.pvp2.test; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException; -import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; -import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; -import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider; - import org.joda.time.DateTime; import org.junit.Test; import org.junit.runner.RunWith; @@ -30,12 +13,30 @@ import org.opensaml.saml.saml2.core.Response; import org.opensaml.saml.saml2.core.StatusCode; import org.opensaml.xmlsec.signature.support.SignatureConstants; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.util.Assert; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider; import net.shibboleth.utilities.java.support.xml.XMLParserException; @RunWith(SpringJUnit4ClassRunner.class) @@ -43,6 +44,7 @@ import net.shibboleth.utilities.java.support.xml.XMLParserException; "/spring/test_eaaf_core_spring_config.beans.xml", "/spring/eaaf_utils.beans.xml" }) @TestPropertySource(locations = { "/config/config_1.props" }) +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) public class SamlVerificationEngineTest extends AbstractSamlVerificationEngine { @Autowired diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java index 5b06a73f..926f25b2 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java @@ -1,20 +1,24 @@ package at.gv.egiz.eaaf.modules.pvp2.test; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; - import org.junit.Test; import org.junit.runner.RunWith; import org.opensaml.xmlsec.signature.support.SignatureConstants; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; + +//@IfProfileValue(name = "spring.profiles.active", value = "devEnvironment") @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml", "/spring/test_eaaf_core_spring_config.beans.xml", "/spring/eaaf_utils.beans.xml" }) @TestPropertySource(locations = { "/config/config_3.props" }) +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) public class SamlVerificationEngineWithHsmFacadeTest extends AbstractSamlVerificationEngine { @Override diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java index 147199a5..f14a9093 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java @@ -9,33 +9,6 @@ import java.util.Map; import javax.xml.parsers.ParserConfigurationException; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; -import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory; -import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; -import at.gv.egiz.eaaf.core.impl.utils.DomUtils; -import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; -import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; -import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare; -import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; -import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest; - import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.RandomStringUtils; import org.joda.time.DateTime; @@ -69,6 +42,32 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.w3c.dom.Element; import org.xml.sax.SAXException; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; +import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest; import net.shibboleth.utilities.java.support.net.URIComparator; import net.shibboleth.utilities.java.support.xml.SerializeSupport; import net.shibboleth.utilities.java.support.xml.XMLParserException; @@ -357,7 +356,8 @@ public class PostBindingTest { @Test public void decodeRequestSuccessWithRequestAttributes() throws MessageDecodingException, SecurityException, - IOException, Pvp2Exception, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, MarshallingException { + IOException, Pvp2Exception, CredentialsNotAvailableException, XMLParserException, + UnmarshallingException, MarshallingException { final String serviceUrl = "https://eidas-test.bmi.gv.at/ms_connector/pvp/post"; final String relayState = RandomStringUtils.randomAlphanumeric(10); @@ -369,7 +369,8 @@ public class PostBindingTest { issuer.setValue("https://demo.egiz.gv.at/demoportal_demologin/"); authnReq.setIssuer(issuer); - final RequestAbstractType signedAuthn = Saml2Utils.signSamlObject(authnReq, credentialProvider.getMessageSigningCredential(), true); + final RequestAbstractType signedAuthn = Saml2Utils.signSamlObject( + authnReq, credentialProvider.getMessageSigningCredential(), true); final Element signedElement = XMLObjectSupport.getMarshaller(signedAuthn).marshall(signedAuthn); final String b64AuthnReq = Base64.getEncoder().encodeToString(SerializeSupport.nodeToString(signedElement).getBytes("UTF-8")); @@ -404,7 +405,8 @@ public class PostBindingTest { Assert.assertEquals("extension child size", 1, parsedAuthnReq.getExtensions().getUnknownXMLObjects().size()); final XMLObject reqAttrs = parsedAuthnReq.getExtensions().getUnknownXMLObjects().get(0); - org.springframework.util.Assert.isInstanceOf(EaafRequestedAttributes.class, reqAttrs, "Wrong requested Attributes type"); + org.springframework.util.Assert.isInstanceOf( + EaafRequestedAttributes.class, reqAttrs, "Wrong requested Attributes type"); final EaafRequestedAttributes eaafReqAttrs = (EaafRequestedAttributes) reqAttrs; Assert.assertNotNull("Req attr is null", eaafReqAttrs.getAttributes()); Assert.assertFalse("Req attr is empty", eaafReqAttrs.getAttributes().isEmpty()); @@ -418,7 +420,8 @@ public class PostBindingTest { Assert.assertEquals("Req. Attr. Value size", 1, eaafReqAttr.getAttributeValues().size()); org.springframework.util.Assert.isInstanceOf(XSString.class, eaafReqAttr.getAttributeValues().get(0), "Wrong requested Attributes Value type"); - Assert.assertEquals("Req. Attr. Value", "urn:publicid:gv.at:cdid+BF", ((XSString)eaafReqAttr.getAttributeValues().get(0)).getValue()); + Assert.assertEquals("Req. Attr. Value", "urn:publicid:gv.at:cdid+BF", + ((XSString)eaafReqAttr.getAttributeValues().get(0)).getValue()); } @@ -454,7 +457,9 @@ public class PostBindingTest { try { Assert.assertNotNull("AuthnReq is null", msg.getInboundMessage()); - } catch (final RuntimeException e) { } + } catch (final RuntimeException e) { + Assert.assertNotNull("No errorMsg", e.getMessage()); + } } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java index 37e4acd1..cbeca4c3 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java @@ -6,8 +6,8 @@ import java.net.URLDecoder; import javax.xml.parsers.ParserConfigurationException; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; -import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory; import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java index 7418e1b3..1fe9afcf 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java @@ -1,13 +1,13 @@ package at.gv.egiz.eaaf.modules.pvp2.test.dummy; +import org.springframework.beans.factory.annotation.Autowired; + import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; -import org.springframework.beans.factory.annotation.Autowired; - public class DummyCredentialProvider extends AbstractCredentialProvider { @Autowired IConfiguration basicConfig; @@ -49,6 +49,11 @@ public class DummyCredentialProvider extends AbstractCredentialProvider { } + /** + * Get Path to keystore. + * + * @return + */ public String getKeyStoreFilePath() { final String path = basicConfig.getBasicConfiguration(KEYSTORE_PATH); return path; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java index 64ebe00c..3673859a 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java @@ -6,7 +6,7 @@ import java.util.ArrayList; import java.util.List; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider; import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java index 6abe52dc..27c42c57 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java @@ -5,8 +5,8 @@ import java.io.UnsupportedEncodingException; import java.util.Arrays; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; -import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java index 0f8817a0..3cc0a908 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java @@ -14,15 +14,6 @@ import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; import javax.xml.transform.TransformerFactoryConfigurationError; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; -import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; - import org.apache.commons.lang3.RandomStringUtils; import org.junit.Assert; import org.junit.BeforeClass; @@ -46,10 +37,20 @@ import org.opensaml.security.x509.BasicX509Credential; import org.opensaml.xmlsec.signature.support.SignatureException; import org.opensaml.xmlsec.signature.support.SignatureValidator; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; import net.shibboleth.utilities.java.support.xml.XMLParserException; @@ -61,6 +62,7 @@ import net.shibboleth.utilities.java.support.xml.XMLParserException; "/spring/test_eaaf_core_spring_config.beans.xml", "/spring/eaaf_utils.beans.xml" }) @TestPropertySource(locations = { "/config/config_1.props" }) +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) public class MetadataBuilderTest { @Autowired private PvpMetadataBuilder metadataBuilder; @@ -157,7 +159,16 @@ public class MetadataBuilderTest { return entity; } - public static IPvpMetadataBuilderConfiguration idpMetadataConfig(IPvp2CredentialProvider credentialProvider, boolean buildSpInfos, boolean buildIdpInfos) { + /** + * Dummy Metadata builder configuration. + * + * @param credentialProvider Credentialprovider + * @param buildSpInfos Sp metadata flag + * @param buildIdpInfos IDP metadata flag + * @return + */ + public static IPvpMetadataBuilderConfiguration idpMetadataConfig( + IPvp2CredentialProvider credentialProvider, boolean buildSpInfos, boolean buildIdpInfos) { return new IPvpMetadataBuilderConfiguration() { @Override diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java index accdd8b0..1cbc2f14 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java @@ -2,6 +2,9 @@ package at.gv.egiz.eaaf.modules.pvp2.test.metadata; import java.io.IOException; import java.io.UnsupportedEncodingException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; @@ -10,21 +13,6 @@ import java.util.List; import javax.xml.transform.TransformerException; -import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; -import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PvpEntityCategoryFilter; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter; -import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; - import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.RandomStringUtils; import org.joda.time.DateTime; @@ -68,6 +56,20 @@ import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PvpEntityCategoryFilter; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; import net.shibboleth.utilities.java.support.component.ComponentInitializationException; import net.shibboleth.utilities.java.support.resolver.CriteriaSet; import net.shibboleth.utilities.java.support.resolver.ResolverException; @@ -91,7 +93,8 @@ public class MetadataResolverTest { private PvpMetadataResolverFactory metadataResolverFactory; @Autowired private IHttpClientFactory httpClientFactory; - @Autowired private DummyCredentialProvider credentialProvider; + @Autowired + private DummyCredentialProvider credentialProvider; /** * JUnit class initializer. @@ -183,16 +186,15 @@ public class MetadataResolverTest { } @Test - public void noCredentials() { + public void noCredentials() throws KeyStoreException { final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml"; - final List<BasicX509Credential> credentials = new ArrayList<>(); - + final KeyStore keystore = KeyStore.getInstance("JKS"); final List<MetadataFilter> filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( - credentials, + keystore, metadataUrl)); final MetadataFilterChain filterChain = new MetadataFilterChain(); @@ -212,20 +214,21 @@ public class MetadataResolverTest { } @Test - public void wrongCredentials() throws CertificateException { + public void wrongCredentials() throws CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException { final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml"; - final List<BasicX509Credential> credentials = new ArrayList<>(); + final KeyStore keystore = KeyStore.getInstance("JKS"); + keystore.load(null, "junit".toCharArray()); final CertificateFactory fact = CertificateFactory.getInstance("X.509"); final BasicX509Credential credential = new BasicX509Credential((X509Certificate) fact.generateCertificate( MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))); - credentials.add(credential); + keystore.setCertificateEntry("1", credential.getEntityCertificate()); final List<MetadataFilter> filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( - credentials, + keystore, metadataUrl)); final MetadataFilterChain filterChain = new MetadataFilterChain(); @@ -246,21 +249,22 @@ public class MetadataResolverTest { @Test public void validCredentialsInvalidSig() throws CertificateException, Pvp2MetadataException, - ResolverException { + ResolverException, KeyStoreException, NoSuchAlgorithmException, IOException { final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml"; - final List<BasicX509Credential> credentials = new ArrayList<>(); + final KeyStore keystore = KeyStore.getInstance("JKS"); + keystore.load(null, "junit".toCharArray()); final CertificateFactory fact = CertificateFactory.getInstance("X.509"); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")))); + keystore.setCertificateEntry("1", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))); + keystore.setCertificateEntry("2", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))); final List<MetadataFilter> filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( - credentials, + keystore, metadataUrl)); final MetadataFilterChain filterChain = new MetadataFilterChain(); @@ -281,7 +285,8 @@ public class MetadataResolverTest { @Test public void metadataSignatureValidCredentials() throws CertificateException, Pvp2MetadataException, ResolverException, XMLParserException, UnmarshallingException, SamlSigningException, - CredentialsNotAvailableException, MarshallingException, TransformerException, IOException { + CredentialsNotAvailableException, MarshallingException, TransformerException, IOException, + KeyStoreException, NoSuchAlgorithmException { mockWebServer.shutdown(); mockWebServer = new MockWebServer(); @@ -300,19 +305,20 @@ public class MetadataResolverTest { .setBody(SerializeSupport.nodeToString(metadataElement)) .setHeader("Content-Type", "text/html;charset=utf-8")); - final List<BasicX509Credential> credentials = new ArrayList<>(); + final KeyStore keystore = KeyStore.getInstance("JKS"); + keystore.load(null, "junit".toCharArray()); final CertificateFactory fact = CertificateFactory.getInstance("X.509"); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")))); + keystore.setCertificateEntry("1", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))); + keystore.setCertificateEntry("2", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))); + keystore.setCertificateEntry("3", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))); final List<MetadataFilter> filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( - credentials, + keystore, mockServerUrl.url().toString())); filterList.add(new PvpEntityCategoryFilter(true)); @@ -332,7 +338,8 @@ public class MetadataResolverTest { @Test public void metadataSignatureValidCredentialsSecond() throws CertificateException, Pvp2MetadataException, ResolverException, XMLParserException, UnmarshallingException, SamlSigningException, - CredentialsNotAvailableException, MarshallingException, TransformerException, IOException { + CredentialsNotAvailableException, MarshallingException, TransformerException, IOException, + KeyStoreException, NoSuchAlgorithmException { final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), @@ -347,19 +354,20 @@ public class MetadataResolverTest { .setBody(SerializeSupport.nodeToString(metadataElement)) .setHeader("Content-Type", "text/html;charset=utf-8")); - final List<BasicX509Credential> credentials = new ArrayList<>(); + final KeyStore keystore = KeyStore.getInstance("JKS"); + keystore.load(null, "junit".toCharArray()); final CertificateFactory fact = CertificateFactory.getInstance("X.509"); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")))); + keystore.setCertificateEntry("1", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))); + keystore.setCertificateEntry("2", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))); + keystore.setCertificateEntry("3", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))); final List<MetadataFilter> filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( - credentials, + keystore, mockServerUrl.url().toString())); filterList.add(new PvpEntityCategoryFilter(true)); @@ -370,8 +378,6 @@ public class MetadataResolverTest { mockServerUrl.url().toString(), filterChain, "jUnit test", httpClientFactory.getHttpClient()); - - final EntityDescriptor descr = mdResolver.getEntityDescriptor(metadata.getEntityID()); Assert.assertNotNull("No EntityDescripter", descr); @@ -385,11 +391,13 @@ public class MetadataResolverTest { @Test public void metadataSignatureValidCredentialsThird() throws CertificateException, Pvp2MetadataException, ResolverException, XMLParserException, UnmarshallingException, SamlSigningException, - CredentialsNotAvailableException, MarshallingException, TransformerException, IOException { + CredentialsNotAvailableException, MarshallingException, TransformerException, IOException, + KeyStoreException, NoSuchAlgorithmException { final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), - MetadataResolverTest.class.getResourceAsStream("/data/pvp_metadata_valid_with_entityCategory_egov.xml")); + MetadataResolverTest.class.getResourceAsStream( + "/data/pvp_metadata_valid_with_entityCategory_egov.xml")); metadata.setValidUntil(DateTime.now().plusDays(1)); metadata.setSignature(null); metadata.setEntityID(RandomStringUtils.randomAlphabetic(10)); @@ -400,19 +408,20 @@ public class MetadataResolverTest { .setBody(SerializeSupport.nodeToString(metadataElement)) .setHeader("Content-Type", "text/html;charset=utf-8")); - final List<BasicX509Credential> credentials = new ArrayList<>(); + final KeyStore keystore = KeyStore.getInstance("JKS"); + keystore.load(null, "junit".toCharArray()); final CertificateFactory fact = CertificateFactory.getInstance("X.509"); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")))); + keystore.setCertificateEntry("1", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))); + keystore.setCertificateEntry("2", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))); + keystore.setCertificateEntry("3", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))); final List<MetadataFilter> filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( - credentials, + keystore, mockServerUrl.url().toString())); filterList.add(new PvpEntityCategoryFilter(true)); @@ -423,8 +432,6 @@ public class MetadataResolverTest { mockServerUrl.url().toString(), filterChain, "jUnit test", httpClientFactory.getHttpClient()); - - final EntityDescriptor descr = mdResolver.getEntityDescriptor(metadata.getEntityID()); Assert.assertNotNull("No EntityDescripter", descr); @@ -438,7 +445,8 @@ public class MetadataResolverTest { @Test public void metadataExpired() throws CertificateException, Pvp2MetadataException, ResolverException, XMLParserException, UnmarshallingException, SamlSigningException, - CredentialsNotAvailableException, MarshallingException, TransformerException, IOException { + CredentialsNotAvailableException, MarshallingException, TransformerException, IOException, + KeyStoreException, NoSuchAlgorithmException { final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), @@ -452,24 +460,24 @@ public class MetadataResolverTest { .setBody(SerializeSupport.nodeToString(metadataElement)) .setHeader("Content-Type", "text/html;charset=utf-8")); - final List<BasicX509Credential> credentials = new ArrayList<>(); + final KeyStore keystore = KeyStore.getInstance("JKS"); + keystore.load(null, "junit".toCharArray()); final CertificateFactory fact = CertificateFactory.getInstance("X.509"); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")))); + keystore.setCertificateEntry("1", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))); + keystore.setCertificateEntry("2", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))); + keystore.setCertificateEntry("2", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))); final List<MetadataFilter> filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( - credentials, + keystore, mockServerUrl.url().toString())); filterList.add(new RequiredValidUntilFilter()); filterList.add(new PvpEntityCategoryFilter(false)); - final MetadataFilterChain filterChain = new MetadataFilterChain(); filterChain.setFilters(filterList); @@ -484,7 +492,6 @@ public class MetadataResolverTest { } - } @Test diff --git a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml index ffda330d..e8fb2acc 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_modules</artifactId> - <version>1.1.0</version> + <version>1.1.1</version> </parent> <artifactId>eaaf_module_pvp2_idp</artifactId> <name>eaaf_module_pvp2_idp</name> @@ -19,7 +19,11 @@ <artifactId>eaaf_module_pvp2_core</artifactId> <version>${egiz.eaaf.version}</version> </dependency> - + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-webmvc</artifactId> + <scope>provided</scope> + </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java index a88fa869..df5c15f8 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java @@ -39,6 +39,7 @@ public class AuthenticationActionTest { protected MockHttpServletRequest httpReq; protected MockHttpServletResponse httpResp; private PvpSProfilePendingRequest pendingReq; + /** * JUnit class initializer. * diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/MetadataActionTest.java b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/MetadataActionTest.java index 8436a43d..51b4eaef 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/MetadataActionTest.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/MetadataActionTest.java @@ -35,6 +35,7 @@ public class MetadataActionTest { protected MockHttpServletRequest httpReq; protected MockHttpServletResponse httpResp; private TestRequestImpl pendingReq; + /** * JUnit class initializer. * diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml index 99552053..fa7b4eae 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml @@ -20,7 +20,7 @@ class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory" /> <bean id="httpClientFactory" - class="at.gv.egiz.eaaf.core.impl.utils.HttpClientFactory" /> + class="at.gv.egiz.eaaf.core.impl.http.HttpClientFactory" /> <bean id="dummyRevisionLogger" class="at.gv.egiz.eaaf.core.impl.logging.DummyRevisionsLogger" /> diff --git a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml index 69eb26ab..3b661c7b 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_modules</artifactId> - <version>1.1.0</version> + <version>1.1.1</version> </parent> <artifactId>eaaf_module_pvp2_sp</artifactId> <name>eaaf_module_pvp2_sp</name> @@ -25,7 +25,11 @@ </exclusion> </exclusions> </dependency> - + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-webmvc</artifactId> + <scope>provided</scope> + </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> diff --git a/eaaf_modules/pom.xml b/eaaf_modules/pom.xml index 228a41cf..84f4163d 100644 --- a/eaaf_modules/pom.xml +++ b/eaaf_modules/pom.xml @@ -4,7 +4,7 @@ <parent> <groupId>at.gv.egiz</groupId> <artifactId>eaaf</artifactId> - <version>1.1.0</version> + <version>1.1.1</version> </parent> <groupId>at.gv.egiz.eaaf</groupId> @@ -6,7 +6,7 @@ <modelVersion>4.0.0</modelVersion> <groupId>at.gv.egiz</groupId> <artifactId>eaaf</artifactId> - <version>1.1.0</version> + <version>1.1.1</version> <packaging>pom</packaging> <name>EGIZ EAAF components</name> @@ -21,7 +21,7 @@ <!-- ===================================================================== --> <at.gv.egiz.components.eventlog-api.version>0.4</at.gv.egiz.components.eventlog-api.version> - <at.gv.egiz.components.egiz-spring-api>0.3</at.gv.egiz.components.egiz-spring-api> + <at.gv.egiz.components.egiz-spring-api>0.3.1</at.gv.egiz.components.egiz-spring-api> <MOA.spss.server.moa-sig-lib.version>3.1.2</MOA.spss.server.moa-sig-lib.version> <MOA.spss.tsl_lib.version>2.0.2</MOA.spss.tsl_lib.version> @@ -43,7 +43,7 @@ <iaik.prod.iaik_xades.version>2.13_moa</iaik.prod.iaik_xades.version> <iaik.prod.iaik_xsect.version>2.13_moa</iaik.prod.iaik_xsect.version> - <hsm-facade-provider.version>0.3.0</hsm-facade-provider.version> + <hsm-facade-provider.version>0.4.0-SNAPSHOT</hsm-facade-provider.version> <io.grpc-core.version>1.25.0</io.grpc-core.version> <!-- Other third-party libs --> @@ -78,7 +78,7 @@ <!-- jUnit testing --> <surefire.version>2.22.1</surefire.version> <junit.version>4.12</junit.version> - <com.squareup.okhttp3.version>4.0.0</com.squareup.okhttp3.version> + <com.squareup.okhttp3.version>4.4.1</com.squareup.okhttp3.version> <!-- Code helper plug-ins --> <org.projectlombok.lombok.version>1.18.10</org.projectlombok.lombok.version> @@ -484,6 +484,12 @@ <scope>test</scope> </dependency> <dependency> + <groupId>com.squareup.okhttp3</groupId> + <artifactId>okhttp-tls</artifactId> + <version>${com.squareup.okhttp3.version}</version> + <scope>test</scope> + </dependency> + <dependency> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_core_utils</artifactId> <version>${egiz.eaaf.version}</version> |