summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--checks/egiz_checks.xml16
-rw-r--r--eaaf_core/pom.xml3
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java4
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java15
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java40
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java216
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java93
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java2
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java4
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java5
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java10
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java2
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java2
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java2
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java3
-rw-r--r--eaaf_core/src/main/resources/messages/eaaf_core_messages.properties5
-rw-r--r--eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/AuthenticationDataBuilderTest.java110
-rw-r--r--eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/DummyHttpClientFactory.java12
-rw-r--r--eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/EaafCoreMessageSourceTest.java8
-rw-r--r--eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/AbstractAttributeBuilderTest.java2
-rw-r--r--eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/BpkAttributeBuilderTest.java123
-rw-r--r--eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/EidSectorForIdAttributeBuilderTest.java123
-rw-r--r--eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java453
-rw-r--r--eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java7
-rw-r--r--eaaf_core_api/pom.xml2
-rw-r--r--eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java8
-rw-r--r--eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java32
-rw-r--r--eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java3
-rw-r--r--eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PvpAttributeDefinitions.java7
-rw-r--r--eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java4
-rw-r--r--eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java8
-rw-r--r--eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java3
-rw-r--r--eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java8
-rw-r--r--eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfigurationWithSP.java7
-rw-r--r--eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java18
-rw-r--r--eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/storage/ITransactionStorage.java6
-rw-r--r--eaaf_core_utils/pom.xml19
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java50
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java191
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java (renamed from eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java)390
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java (renamed from eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java)78
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/IHttpClientFactory.java43
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java24
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java43
-rw-r--r--eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties5
-rw-r--r--eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml4
-rw-r--r--eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java24
-rw-r--r--eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java329
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/pom.xml8
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java10
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java32
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java37
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java46
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java1
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java2
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/pom.xml9
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/pom.xml8
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java13
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java6
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java19
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java18
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SimpleMetadataSignatureVerificationFilter.java46
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java54
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java8
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java20
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java36
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java10
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java69
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java9
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java31
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java155
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/pom.xml8
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java1
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/MetadataActionTest.java1
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/pom.xml8
-rw-r--r--eaaf_modules/pom.xml2
-rw-r--r--pom.xml14
81 files changed, 2590 insertions, 665 deletions
diff --git a/checks/egiz_checks.xml b/checks/egiz_checks.xml
index 6a8e68ef..ad0be35e 100644
--- a/checks/egiz_checks.xml
+++ b/checks/egiz_checks.xml
@@ -1,13 +1,12 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE module PUBLIC "-//Checkstyle//DTD Check Configuration 1.3//EN" "https://apps.egiz.gv.at/checkstyle/configuration_1_3.dtd">
+<!DOCTYPE module PUBLIC "-//Checkstyle//DTD Check Configuration 1.3//EN" "https://checkstyle.org/dtds/configuration_1_3.dtd">
<!--
This configuration file was written by the eclipse-cs plugin configuration editor
-->
<!--
- Checkstyle-Configuration: Google checks with EGIZ modifications
- Description:
-Checkstyle configuration that checks the Google coding conventions from Google Java Style that can be found at https://google.github.io/styleguide/javaguide.html.
+ Checkstyle-Configuration: EGIZ_checkstyle
+ Description: none
-->
<module name="Checker">
<property name="severity" value="warning"/>
@@ -20,9 +19,6 @@ Checkstyle configuration that checks the Google coding conventions from Google J
<property name="format" value="\\u00(09|0(a|A)|0(c|C)|0(d|D)|22|27|5(C|c))|\\(0(10|11|12|14|15|42|47)|134)"/>
<property name="message" value="Consider using special escape sequence instead of octal value or Unicode escaped value."/>
</module>
- <!-- module name="SuppressionFilter">
- <property name="file" value="${samedir}/checkstyleSuppress.xml" />
- </module-->
<module name="AvoidEscapedUnicodeCharacters">
<property name="allowEscapesForControlCharacters" value="true"/>
<property name="allowByTailComment" value="true"/>
@@ -180,9 +176,7 @@ Checkstyle configuration that checks the Google coding conventions from Google J
<module name="JavadocMethod">
<property name="allowedAnnotations" value="Override, Test"/>
<property name="scope" value="public"/>
- <property name="allowThrowsTagsForSubclasses" value="true"/>
- <property name="allowMissingParamTags" value="true"/>
- <property name="allowMissingThrowsTags" value="true"/>
+ <property name="allowMissingParamTags" value="false"/>
<property name="allowMissingReturnTag" value="true"/>
</module>
<module name="MissingJavadocMethod">
@@ -204,6 +198,8 @@ Checkstyle configuration that checks the Google coding conventions from Google J
<module name="IllegalImport"/>
<module name="RedundantImport"/>
<module name="UnusedImports"/>
+ <module name="ParameterNumber"/>
+ <module name="RedundantModifier"/>
</module>
<module name="BeforeExecutionExclusionFileFilter">
<property name="fileNamePattern" value="module\-info\.java$"/>
diff --git a/eaaf_core/pom.xml b/eaaf_core/pom.xml
index bf6c5b47..4ee46149 100644
--- a/eaaf_core/pom.xml
+++ b/eaaf_core/pom.xml
@@ -4,7 +4,7 @@
<parent>
<groupId>at.gv.egiz</groupId>
<artifactId>eaaf</artifactId>
- <version>1.1.0</version>
+ <version>1.1.1</version>
</parent>
<groupId>at.gv.egiz.eaaf</groupId>
@@ -37,6 +37,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
+ <scope>provided</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java
index a7e4f6fe..b3e0c88f 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java
@@ -3,6 +3,8 @@ package at.gv.egiz.eaaf.core.api.utils;
import java.io.IOException;
import java.io.InputStream;
+import com.google.gson.JsonParseException;
+
import at.gv.egiz.eaaf.core.exceptions.EaafJsonMapperException;
public interface IJsonMapper {
@@ -23,6 +25,7 @@ public interface IJsonMapper {
* @param value the JSON string to deserialize
* @param clazz optional parameter that determines the type of the returned
* object. If not set, an {@link Object} is returned.
+ * @param <T> Response class type
* @return the deserialized JSON string as an object of type {@code clazz} or
* {@link Object}
* @throws JsonParseException if the JSON string contains invalid content.
@@ -39,6 +42,7 @@ public interface IJsonMapper {
* @param is the JSON to deserialize as {@link InputStream}
* @param clazz optional parameter that determines the type of the returned
* object. If not set, an {@link Object} is returned.
+ * @param <T> Response class type
* @return the deserialized JSON string as an object of type {@code clazz} or
* {@link Object}
* @throws JsonParseException if the JSON string contains invalid content.
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java
index a6fe5ff0..677e3c46 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java
@@ -27,15 +27,16 @@ import java.util.Date;
import java.util.Map;
import java.util.TimeZone;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
-import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
-
import org.apache.commons.collections4.map.HashedMap;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder;
+
/**
* Service-Provider specific authentication data.
*
@@ -48,6 +49,7 @@ public class AuthenticationData implements IAuthData, Serializable {
private static final long serialVersionUID = -1042697056735596866L;
public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
+ public static final String ISSUE_INSTANT_DATE_FORMAT = "yyyy-MM-dd'T'HH:mm:ss'Z'";
private boolean isBaseIdTransferRestrication = true;
private final Map<String, Object> genericDataStorate = new HashedMap<>();
@@ -112,7 +114,7 @@ public class AuthenticationData implements IAuthData, Serializable {
@Override
public String getAuthenticationIssueInstantString() {
- final SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
+ final SimpleDateFormat f = new SimpleDateFormat(ISSUE_INSTANT_DATE_FORMAT);
f.setTimeZone(TimeZone.getTimeZone("UTC"));
return f.format(this.issueInstant);
@@ -292,7 +294,8 @@ public class AuthenticationData implements IAuthData, Serializable {
*/
@Deprecated
public void setBpkType(final String bpkType) {
- this.bpkType = bpkType;
+ this.bpkType = BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(bpkType);
+
}
@Override
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
index 75b14489..c2f85fef 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
@@ -26,6 +26,17 @@ import java.util.ArrayList;
import java.util.Collection;
import java.util.Map.Entry;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.lang.NonNull;
+import org.springframework.util.Assert;
+import org.springframework.util.Base64Utils;
+import org.w3c.dom.DOMException;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
@@ -49,17 +60,6 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.lang.NonNull;
-import org.springframework.util.Assert;
-import org.springframework.util.Base64Utils;
-import org.w3c.dom.DOMException;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
public abstract class AbstractAuthenticationDataBuilder implements IAuthenticationDataBuilder {
private static final Logger log =
LoggerFactory.getLogger(AbstractAuthenticationDataBuilder.class);
@@ -726,21 +726,9 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class);
if (StringUtils.isNotEmpty(pvpBpkTypeAttr)) {
- // //fix a wrong bPK-Type encoding, which was used in some PVP Standardportal
- // implementations
- // if (pvpbPKTypeAttr.startsWith(EAAFConstants.URN_PREFIX_CDID) &&
- // !pvpbPKTypeAttr.substring(EAAFConstants.URN_PREFIX_CDID.length(),
- // EAAFConstants.URN_PREFIX_CDID.length() + 1).equals("+")) {
- // log.warn("Receive uncorrect encoded bBKType attribute " + pvpbPKTypeAttr + "
- // Starting
- // attribute value correction ... ");
- // pvpbPKTypeAttr = EAAFConstants.URN_PREFIX_CDID + "+" +
- // pvpbPKTypeAttr.substring(EAAFConstants.URN_PREFIX_CDID.length() + 1);
- //
- // }
- log.debug(
- "Find PVP-Attr: " + PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME);
- return pvpBpkTypeAttr;
+ log.debug("Find PVP-Attr: {}", PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME);
+ return BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(pvpBpkTypeAttr);
+
}
return null;
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java
index a613bd56..fed4af32 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java
@@ -25,20 +25,22 @@ import java.security.PrivateKey;
import java.security.PublicKey;
import java.text.SimpleDateFormat;
import java.util.Date;
+import java.util.Map.Entry;
+import javax.annotation.Nullable;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import org.springframework.util.Base64Utils;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
+import lombok.extern.slf4j.Slf4j;
+
/**
* Builder for the bPK, as defined in
@@ -47,9 +49,11 @@ import at.gv.egiz.eaaf.core.impl.data.Pair;
* <code>&quot;reference.e-government.gv.at&quot;</code>.
*
*/
+@Slf4j
public class BpkBuilder {
- private static final Logger log = LoggerFactory.getLogger(BpkBuilder.class);
-
+
+ private static final String ERROR_MSG_WRONG_TARGET_FORMAT = "bPK-target format must be full URI";
+
/**
* Calculates an area specific unique person-identifier from a baseID.
*
@@ -100,12 +104,17 @@ public class BpkBuilder {
if (baseIdType.equals(EaafConstants.URN_PREFIX_BASEID)) {
log.trace("Find baseID. Starting unique identifier caluclation for this target");
- if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_CDID)
- || targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) {
- log.trace("Calculate bPK, wbPK, or STORK identifier for target: " + targetIdentifier);
+ if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_CDID)) {
+ log.trace("Calculate bPK identifier for target: " + targetIdentifier);
return Pair.newInstance(calculatebPKwbPK(baseID + "+" + targetIdentifier),
targetIdentifier);
+ } else if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) {
+ log.trace("Calculate wbPK identifier for target: " + targetIdentifier);
+ return Pair.newInstance(calculatebPKwbPK(
+ baseID + "+" + normalizeBpkTargetIdentifierToCalculationFormat(targetIdentifier)),
+ normalizeBpkTargetIdentifierToCommonFormat(targetIdentifier));
+
} else if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_EIDAS)) {
log.trace("Calculate eIDAS identifier for target: " + targetIdentifier);
final String[] splittedTarget = targetIdentifier.split("\\+");
@@ -144,57 +153,13 @@ public class BpkBuilder {
}
}
- /**
- * Builds the eIDAS from the given parameters.
- *
- * @param baseId baseID of the citizen
- * @param baseIdType Type of the baseID
- * @param sourceCountry CountryCode of that country, which build the eIDAs
- * ID
- * @param destinationCountry CountryCode of that country, which receives the
- * eIDAs ID
- *
- * @return Pair eIDAs/bPKType in a BASE64 encoding
- * @throws EaafBuilderException if some input data are not valid
- */
- private static Pair<String, String> buildEidasIdentifer(final String baseId,
- final String baseIdType, final String sourceCountry, final String destinationCountry)
- throws EaafBuilderException {
- String bpk = null;
- String bpkType = null;
- // check if we have been called by public sector application
- if (baseIdType.startsWith(EaafConstants.URN_PREFIX_BASEID)) {
- bpkType = EaafConstants.URN_PREFIX_EIDAS + sourceCountry + "+" + destinationCountry;
- log.debug("Building eIDAS identification from: [identValue]+" + bpkType);
- bpk = calculatebPKwbPK(baseId + "+" + bpkType);
-
- } else { // if not, sector identification value is already calculated by BKU
- log.debug("eIDAS eIdentifier already provided by BKU");
- bpk = baseId;
- }
-
- if (StringUtils.isEmpty(bpk) || StringUtils.isEmpty(sourceCountry)
- || StringUtils.isEmpty(destinationCountry)) {
- throw new EaafBuilderException("builder.00",
- new Object[] { "eIDAS-ID",
- "Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland="
- + destinationCountry + ", Ursprungsland=" + sourceCountry },
- "eIDAS-ID: Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland="
- + destinationCountry + ", Ursprungsland=" + sourceCountry);
- }
-
- log.trace("eIDAS pseudonym generation finished. ");
- final String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bpk;
-
- return Pair.newInstance(eIdentifier, bpkType);
- }
/**
* Create an encrypted bPK.
*
* @param bpk unencrypted bPK
- * @param target bPK target
+ * @param target bPK target in full form
* @param publicKey Public-Key used for encryption
* @return encrypted bPK
* @throws EaafBuilderException In case of an error
@@ -202,12 +167,17 @@ public class BpkBuilder {
public static String encryptBpk(final String bpk, String target, final PublicKey publicKey)
throws EaafBuilderException {
final SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");
- if (target.startsWith(EaafConstants.URN_PREFIX_CDID)) {
- target = target.substring(EaafConstants.URN_PREFIX_CDID.length());
+
+ if (!target.startsWith(EaafConstants.URN_PREFIX_WITH_COLON)) {
+ throw new EaafBuilderException("builder.32",
+ null, ERROR_MSG_WRONG_TARGET_FORMAT);
+
}
+
+ target = normalizeBpkTargetIdentifierToCalculationFormat(target);
final String input =
- "V1::urn:publicid:gv.at:cdid+" + target + "::" + bpk + "::" + sdf.format(new Date());
+ "V1::" + target + "::" + bpk + "::" + sdf.format(new Date());
// System.out.println(input);
byte[] result;
try {
@@ -227,17 +197,23 @@ public class BpkBuilder {
* Decrypt an encrypted bPK.
*
* @param encryptedBpk encrypted bPK
- * @param target bPK target
+ * @param target bPK target in full form
* @param privateKey private-key for decryption
- * @return bPK
+ * @return bPK Pair consists of (unique person identifier for this target,
+ * targetArea) but never null
* @throws EaafBuilderException In case of an error
*/
- public static String decryptBpk(final String encryptedBpk, String target,
+ public static Pair<String, String> decryptBpk(final String encryptedBpk, String target,
final PrivateKey privateKey) throws EaafBuilderException {
String decryptedString;
+
+ if (!target.startsWith(EaafConstants.URN_PREFIX_WITH_COLON)) {
+ throw new EaafBuilderException("builder.32",
+ null, ERROR_MSG_WRONG_TARGET_FORMAT);
+
+ }
+
try {
- // byte[] encryptedBytes = Base64Utils.decode(encryptedBpk, false,
- // "ISO-8859-1");
final byte[] encryptedBytes = Base64Utils.decode(encryptedBpk.getBytes("ISO-8859-1"));
final byte[] decryptedBytes = decrypt(encryptedBytes, privateKey);
decryptedString = new String(decryptedBytes, "ISO-8859-1");
@@ -247,23 +223,121 @@ public class BpkBuilder {
}
- String tmp = decryptedString.substring(decryptedString.indexOf('+') + 1);
- final String sector = tmp.substring(0, tmp.indexOf("::"));
- tmp = tmp.substring(tmp.indexOf("::") + 2);
- final String bPK = tmp.substring(0, tmp.indexOf("::"));
-
- if (target.startsWith(EaafConstants.URN_PREFIX_CDID + "+")) {
- target = target.substring((EaafConstants.URN_PREFIX_CDID + "+").length());
+ String[] parts = decryptedString.split("::");
+ if (parts.length != 4) {
+ log.trace("Encrypted bPK has value: {}", decryptedString);
+ throw new EaafBuilderException("builder.31", new Object[] {parts.length},
+ "encBpk has a suspect format");
+
}
+
+ final String sector = parts[1];
+ final String bPK = parts[2];
- if (target.equals(sector)) {
- return bPK;
+ if (target.equals(normalizeBpkTargetIdentifierToCommonFormat(sector))) {
+ return Pair.newInstance(bPK, target);
+
} else {
- log.error("Decrypted bPK does not match to request bPK target.");
- return null;
+ throw new EaafBuilderException("builder.30", new Object[] {sector, target},
+ "Decrypted bPK-target does not match");
+
}
}
+ /**
+ * Normalize wbPK target identifier for FN, ZVR, and ERSB to XFN, XZVR, and XERSB.
+ *
+ * <p>If the target is not of this types the target will be returned as it is</p>
+ * @param targetIdentifier bPK input target
+ * @return XFN, XZVR, XERSB, or targetIdentfier if no normalization is required
+ */
+ @Nullable
+ public static String normalizeBpkTargetIdentifierToCommonFormat(@Nullable String targetIdentifier) {
+ if (targetIdentifier != null
+ && !targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X)) {
+ for (Entry<String, String> mapper : EaafConstants.URN_WBPK_TARGET_X_TO_NONE_MAPPER.entrySet()) {
+ if (targetIdentifier.startsWith(mapper.getValue())) {
+ String wbpkTarget = mapper.getKey() + targetIdentifier.substring(mapper.getValue().length());
+ log.trace("Normalize wbPK target: {} to {}", targetIdentifier, wbpkTarget);
+ return wbpkTarget;
+
+ }
+ }
+ }
+
+ return targetIdentifier;
+ }
+
+ /**
+ * Normalize wbPK target identifier for XFN, XZVR, and XERSB to bPK calculation format like, FN, ZVR, and ERSB.
+ *
+ * <p>If the target is not of this types the target will be returned as it is</p>
+ *
+ * @param targetIdentifier bPK input target
+ * @return FN, ZVR, ERSB, or targetIdentfier if no normalization is required
+ */
+ @Nullable
+ public static String normalizeBpkTargetIdentifierToCalculationFormat(@Nullable String targetIdentifier) {
+ if (targetIdentifier != null && targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) {
+ for (Entry<String, String> mapper : EaafConstants.URN_WBPK_TARGET_X_TO_NONE_MAPPER.entrySet()) {
+ if (targetIdentifier.startsWith(mapper.getKey())) {
+ String wbpkTarget = mapper.getValue() + targetIdentifier.substring(mapper.getKey().length());
+ log.trace("Find new wbPK target: {}. Replace it by: {}", targetIdentifier, wbpkTarget);
+ return wbpkTarget;
+
+ }
+ }
+ }
+
+ return targetIdentifier;
+ }
+
+ /**
+ * Builds the eIDAS from the given parameters.
+ *
+ * @param baseId baseID of the citizen
+ * @param baseIdType Type of the baseID
+ * @param sourceCountry CountryCode of that country, which build the eIDAs
+ * ID
+ * @param destinationCountry CountryCode of that country, which receives the
+ * eIDAs ID
+ *
+ * @return Pair eIDAs/bPKType in a BASE64 encoding
+ * @throws EaafBuilderException if some input data are not valid
+ */
+ private static Pair<String, String> buildEidasIdentifer(final String baseId,
+ final String baseIdType, final String sourceCountry, final String destinationCountry)
+ throws EaafBuilderException {
+ String bpk = null;
+ String bpkType = null;
+
+ // check if we have been called by public sector application
+ if (baseIdType.startsWith(EaafConstants.URN_PREFIX_BASEID)) {
+ bpkType = EaafConstants.URN_PREFIX_EIDAS + sourceCountry + "+" + destinationCountry;
+ log.debug("Building eIDAS identification from: [identValue]+" + bpkType);
+ bpk = calculatebPKwbPK(baseId + "+" + bpkType);
+
+ } else { // if not, sector identification value is already calculated by BKU
+ log.debug("eIDAS eIdentifier already provided by BKU");
+ bpk = baseId;
+ }
+
+ if (StringUtils.isEmpty(bpk) || StringUtils.isEmpty(sourceCountry)
+ || StringUtils.isEmpty(destinationCountry)) {
+ throw new EaafBuilderException("builder.00",
+ new Object[] { "eIDAS-ID",
+ "Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland="
+ + destinationCountry + ", Ursprungsland=" + sourceCountry },
+ "eIDAS-ID: Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland="
+ + destinationCountry + ", Ursprungsland=" + sourceCountry);
+ }
+
+ log.trace("eIDAS pseudonym generation finished. ");
+ final String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bpk;
+
+ return Pair.newInstance(eIdentifier, bpkType);
+ }
+
private static String calculatebPKwbPK(final String basisbegriff) throws EaafBuilderException {
try {
final MessageDigest md = MessageDigest.getInstance("SHA-1");
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java
index 988a78b6..8eef4a8e 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java
@@ -19,26 +19,31 @@
package at.gv.egiz.eaaf.core.impl.idp.auth.data;
+import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.TimeZone;
+import javax.annotation.Nullable;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.idp.EaafAuthProcessDataConstants;
import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
public class AuthProcessDataWrapper
implements IAuthProcessDataContainer, EaafAuthProcessDataConstants {
private static final Logger log = LoggerFactory.getLogger(AuthProcessDataWrapper.class);
+ public static final String PATTERN_ISSUE_INSTANT = "yyyy-MM-dd'T'HH:mm:ss'Z'";
+
protected Map<String, Object> authProcessData;
public AuthProcessDataWrapper(final Map<String, Object> authProcessData) {
@@ -46,6 +51,11 @@ public class AuthProcessDataWrapper
}
+ @Override
+ public Date getIssueInstant() {
+ return wrapStoredObject(VALUE_ISSUEINSTANT, null, Date.class);
+ }
+
/*
* (non-Javadoc)
*
@@ -53,8 +63,9 @@ public class AuthProcessDataWrapper
* at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant()
*/
@Override
- public String getIssueInstant() {
- return wrapStringObject(VALUE_ISSUEINSTANT, null, String.class);
+ public String getIssueInstantString() {
+ return buildDateTimeUtcString(
+ wrapStoredObject(VALUE_ISSUEINSTANT, null, Date.class));
}
/*
@@ -66,7 +77,8 @@ public class AuthProcessDataWrapper
*/
@Override
public void setIssueInstant(final String issueInstant) {
- authProcessData.put(VALUE_ISSUEINSTANT, issueInstant);
+ authProcessData.put(VALUE_ISSUEINSTANT,
+ buildDateTimeUtcDate(issueInstant));
}
@@ -79,7 +91,7 @@ public class AuthProcessDataWrapper
*/
@Override
public void setIssueInstant(final Date issueInstant) {
- authProcessData.put(VALUE_ISSUEINSTANT, buildDateTimeUtc(issueInstant));
+ authProcessData.put(VALUE_ISSUEINSTANT, issueInstant);
}
@@ -91,7 +103,7 @@ public class AuthProcessDataWrapper
*/
@Override
public boolean isAuthenticated() {
- return wrapStringObject(FLAG_IS_AUTHENTICATED, false, Boolean.class);
+ return wrapStoredObject(FLAG_IS_AUTHENTICATED, false, Boolean.class);
}
@@ -116,7 +128,7 @@ public class AuthProcessDataWrapper
*/
@Override
public IIdentityLink getIdentityLink() {
- return wrapStringObject(VALUE_IDENTITYLINK, null, IIdentityLink.class);
+ return wrapStoredObject(VALUE_IDENTITYLINK, null, IIdentityLink.class);
}
@@ -141,7 +153,7 @@ public class AuthProcessDataWrapper
*/
@Override
public boolean isMandateUsed() {
- return wrapStringObject(FLAG_USE_MANDATE, false, Boolean.class);
+ return wrapStoredObject(FLAG_USE_MANDATE, false, Boolean.class);
}
/*
@@ -164,7 +176,7 @@ public class AuthProcessDataWrapper
*/
@Override
public String getQaaLevel() {
- return wrapStringObject(VALUE_QAALEVEL, null, String.class);
+ return wrapStoredObject(VALUE_QAALEVEL, null, String.class);
}
/*
@@ -187,7 +199,7 @@ public class AuthProcessDataWrapper
*/
@Override
public boolean isForeigner() {
- return wrapStringObject(FLAG_IS_FOREIGNER, false, Boolean.class);
+ return wrapStoredObject(FLAG_IS_FOREIGNER, false, Boolean.class);
}
/*
@@ -209,7 +221,7 @@ public class AuthProcessDataWrapper
*/
@Override
public boolean isOW() {
- return wrapStringObject(FLAG_IS_ORGANWALTER, false, Boolean.class);
+ return wrapStoredObject(FLAG_IS_ORGANWALTER, false, Boolean.class);
}
/*
@@ -225,7 +237,7 @@ public class AuthProcessDataWrapper
@Override
public boolean isEidProcess() {
- return wrapStringObject(FLAG_IS_NEW_EID_PROCESS, false, Boolean.class);
+ return wrapStoredObject(FLAG_IS_NEW_EID_PROCESS, false, Boolean.class);
}
@Override
@@ -242,7 +254,7 @@ public class AuthProcessDataWrapper
*/
@Override
public Date getSessionCreated() {
- return wrapStringObject(EaafConstants.AUTH_DATA_CREATED, null, Date.class);
+ return wrapStoredObject(EaafConstants.AUTH_DATA_CREATED, null, Date.class);
}
/*
@@ -283,7 +295,7 @@ public class AuthProcessDataWrapper
*/
@Override
public <T> T getGenericDataFromSession(final String key, final Class<T> clazz) {
- return wrapStringObject(GENERIC_PREFIX + key, null, clazz);
+ return wrapStoredObject(GENERIC_PREFIX + key, null, clazz);
}
/*
@@ -299,7 +311,7 @@ public class AuthProcessDataWrapper
}
- protected <T> T wrapStringObject(final String key, final Object defaultValue,
+ protected <T> T wrapStoredObject(final String key, final Object defaultValue,
final Class<T> clazz) {
if (StringUtils.isNotEmpty(key)) {
final Object obj = authProcessData.get(key);
@@ -322,16 +334,49 @@ public class AuthProcessDataWrapper
}
/**
- * Builds a <code>dateTime</code> value in UTC from a <code>Calendar</code> value.
+ * Builds a {@link String} dateTime value in UTC from a {@link Date} value.
*
- * @param date the <code>Calendar</code> value
- * @return the <code>dateTime</code> value
+ * @param date the {@link Date} that should be transformed
+ * @return The {@link String} representation of the date in
+ * <code>yyyy-MM-dd'T'HH:mm:ss'Z'</code>, or <code>null</code> if {@link Date} was <code>null</code>
*/
- public static String buildDateTimeUtc(final Date date) {
+ @Nullable
+ public static String buildDateTimeUtcString(@Nullable final Date date) {
+ if (date == null) {
+ return null;
- final SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
- f.setTimeZone(TimeZone.getTimeZone("UTC"));
+ }
+ final SimpleDateFormat f = new SimpleDateFormat(PATTERN_ISSUE_INSTANT);
+ f.setTimeZone(TimeZone.getTimeZone("UTC"));
return f.format(date.getTime());
+
+ }
+
+ /**
+ * Builds a {@link String} dateTime value in UTC from a {@link Date} value.
+ *
+ * @param date the {@link String} in <code>yyyy-MM-dd'T'HH:mm:ss'Z'</code>
+ * format that should be transformed
+ * @return The {@link Date} representation of the date, otherwise <code>null</code>
+ * if input parameter was <code>null</code> or invalid
+ */
+ @Nullable
+ public static Date buildDateTimeUtcDate(@Nullable final String date) {
+ final SimpleDateFormat f = new SimpleDateFormat(PATTERN_ISSUE_INSTANT);
+ try {
+ if (date != null) {
+ return f.parse(date);
+
+ }
+
+ } catch (final ParseException e) {
+ log.error("Can NOT parse Date from String: {}", date, null, e);
+
+ }
+
+ return null;
+
}
+
}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
index 817c7aa2..4c82adac 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
@@ -70,8 +70,8 @@ import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;
import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
import at.gv.egiz.eaaf.core.impl.gui.AbstractGuiFormBuilderConfiguration;
+import at.gv.egiz.eaaf.core.impl.http.HttpUtils;
import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egiz.eaaf.core.impl.utils.HttpUtils;
@Service
public class ProtocolAuthenticationService implements IProtocolAuthenticationService {
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java
index 172d74a7..e18cc1a8 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java
@@ -84,12 +84,16 @@ public class BpkAttributeBuilder implements IPvpAttributeBuilder {
Assert.isTrue(type != null, "bPKType is 'NULL'");
if (type.startsWith(EaafConstants.URN_PREFIX_WBPK)) {
return type.substring(EaafConstants.URN_PREFIX_WBPK.length());
+
} else if (type.startsWith(EaafConstants.URN_PREFIX_CDID)) {
return type.substring(EaafConstants.URN_PREFIX_CDID.length());
+
} else if (type.startsWith(EaafConstants.URN_PREFIX_EIDAS)) {
return type.substring(EaafConstants.URN_PREFIX_EIDAS.length());
+
} else {
return type;
+
}
}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java
index 3aedf9ab..48d7a3a3 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java
@@ -27,6 +27,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder;
@PvpMetadata
public class EidSectorForIdAttributeBuilder implements IPvpAttributeBuilder {
@@ -46,7 +47,9 @@ public class EidSectorForIdAttributeBuilder implements IPvpAttributeBuilder {
}
return g.buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME,
- EID_SECTOR_FOR_IDENTIFIER_NAME, bpktype);
+ EID_SECTOR_FOR_IDENTIFIER_NAME,
+ BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(bpktype));
+
}
@Override
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java
index 5dcbcb7e..708ef399 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java
@@ -28,10 +28,6 @@ import java.util.Map.Entry;
import javax.annotation.PostConstruct;
-import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
-
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -42,6 +38,10 @@ import org.springframework.core.env.EnumerablePropertySource;
import org.springframework.core.env.Environment;
import org.springframework.core.env.PropertySource;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+
public abstract class AbstractSpringBootConfigurationImpl implements IConfigurationWithSP {
private static final Logger log = LoggerFactory.getLogger(AbstractSpringBootConfigurationImpl.class);
@@ -114,7 +114,7 @@ public abstract class AbstractSpringBootConfigurationImpl implements IConfigurat
return new URI(env.getRequiredProperty(addPrefixToKey(PROP_CONFIG_ROOT_DIR)));
} catch (IllegalStateException | URISyntaxException e) {
- log.warn("ConfigRootDirectory is NOT set");
+ log.warn("ConfigRootDirectory is NOT set", e);
return null;
}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java
index adc8774a..f4494106 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java
@@ -40,8 +40,8 @@ import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.impl.http.HttpUtils;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
-import at.gv.egiz.eaaf.core.impl.utils.HttpUtils;
import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils;
import org.apache.commons.lang3.StringUtils;
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java
index 27bc829d..3eff8a7b 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java
@@ -52,6 +52,8 @@ public class ExecutionContextImpl implements ExecutionContext {
/**
* Creates a new instance and associated it with a certain process instance.
+ *
+ * @param processInstanceId ProcessInstanceId for this execution context.
*/
public ExecutionContextImpl(final String processInstanceId) {
this.processInstanceId = processInstanceId;
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java
index afcc0a58..9ef88679 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java
@@ -95,7 +95,7 @@ public class SpringWebExpressionEvaluator implements ExpressionEvaluator {
* @param delegate The original {@link ExpressionEvaluationContext} to be
* delegated to for {@code ctx['foo']} expressions.
*/
- public SpringWebExpressionEvaluationContext(final ExpressionEvaluationContext delegate) {
+ SpringWebExpressionEvaluationContext(final ExpressionEvaluationContext delegate) {
this.delegate = delegate;
}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java
index e1a02c64..01b063aa 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java
@@ -239,6 +239,7 @@ public class DomUtils {
* the same way it is accepted by the
* <code>xsi:noNamespaceSchemaLocation</code>
* attribute.
+ * @param parserFeatures {@link Map} of features for XML parser
* @return The parsed XML document as a DOM tree.
* @throws SAXException An error occurred parsing the document.
* @throws IOException An error occurred reading the document.
@@ -350,6 +351,7 @@ public class DomUtils {
* decide what to do with parsing
* errors. If <code>null</code>, it
* will not be set.
+ * @param parserFeatures {@link Map} of features for XML parser
* @return The parsed XML document as a DOM tree.
* @throws SAXException An error occurred parsing the document.
* @throws IOException An error occurred reading the document.
@@ -622,6 +624,7 @@ public class DomUtils {
* the same way it is accepted by the
* <code>xsi:noNamespaceSchemaLocation</code>
* attribute.
+ * @param entityResolver external entity resolver implemention
* @return <code>true</code>, if the <code>element</code> validates against the
* schemas declared in it.
* @throws SAXException An error occurred parsing the document.
diff --git a/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties b/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties
index 1916a7fc..064554b9 100644
--- a/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties
+++ b/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties
@@ -1,6 +1,7 @@
eaaf.core.00=Requested URL: {0} is NOT allowed by configuration.
builder.08=Authentication process could NOT completed. Reason: {0}
-
-
+builder.30=Decrypted bPK target: {0} does not match to required target: {1}
+builder.31=Encrypted bPK has a suspect format and consists of #{0} elements
+builder.32=bPK-target format must be full URI
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/AuthenticationDataBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/AuthenticationDataBuilderTest.java
index 072dbb95..33bd1010 100644
--- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/AuthenticationDataBuilderTest.java
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/AuthenticationDataBuilderTest.java
@@ -4,6 +4,7 @@ import java.io.ByteArrayInputStream;
import java.util.HashMap;
import java.util.Map;
+import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
@@ -11,7 +12,11 @@ import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.util.Base64Utils;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafParserException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyConfiguration;
@@ -156,6 +161,111 @@ public class AuthenticationDataBuilderTest {
}
+ @Test
+ public void buildAuthDataBpkTest() throws EaafParserException,
+ EaafAuthenticationException, EaafStorageException {
+ final TestRequestImpl pendingReq = new TestRequestImpl();
+ final Map<String, String> spConfigMap = new HashMap<>();
+ spConfigMap.put("target", "urn:publicid:gv.at:cdid+ZP-MH");
+
+ final DummySpConfiguration spConfig = new DummySpConfiguration(spConfigMap, authConfig);
+ pendingReq.setSpConfig(spConfig);
+
+ final HashMap<String, Object> sessionStore = new HashMap<>();
+ final AuthProcessDataWrapper wrapper = new AuthProcessDataWrapper(sessionStore);
+ wrapper.setIdentityLink(new SimpleIdentityLinkAssertionParser(
+ new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_2.getBytes())))
+ .parseIdentityLink());
+ pendingReq.setRawDataToTransaction(sessionStore);
+
+
+ //build authData
+ IAuthData authData = authBuilder.buildAuthenticationData(pendingReq);
+
+ Assert.assertEquals("Wrong bPK", "RwsSdKzmcbL5FKoADZx7/iUZANE=", authData.getBpk());
+ Assert.assertEquals("Wrong bPKType", "urn:publicid:gv.at:cdid+ZP-MH", authData.getBpkType());
+
+
+ }
+
+ @Test
+ public void buildAuthDataWbpkTestWithoutXTarget() throws EaafParserException,
+ EaafAuthenticationException, EaafStorageException {
+ final TestRequestImpl pendingReq = new TestRequestImpl();
+ final Map<String, String> spConfigMap = new HashMap<>();
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "FN+123456i");
+
+ final DummySpConfiguration spConfig = new DummySpConfiguration(spConfigMap, authConfig);
+ pendingReq.setSpConfig(spConfig);
+
+ final HashMap<String, Object> sessionStore = new HashMap<>();
+ final AuthProcessDataWrapper wrapper = new AuthProcessDataWrapper(sessionStore);
+ wrapper.setIdentityLink(new SimpleIdentityLinkAssertionParser(
+ new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_2.getBytes())))
+ .parseIdentityLink());
+ pendingReq.setRawDataToTransaction(sessionStore);
+
+
+ //build authData
+ IAuthData authData = authBuilder.buildAuthenticationData(pendingReq);
+
+ Assert.assertEquals("Wrong bPK", "k65HRxpVcoZ2OPZHo3j2LEn/JQE=", authData.getBpk());
+ Assert.assertEquals("Wrong bPKType", EaafConstants.URN_PREFIX_WBPK + "XFN+123456i", authData.getBpkType());
+
+ }
+
+ @Test
+ public void buildAuthDataWbpkTestWithXTarget() throws EaafParserException,
+ EaafAuthenticationException, EaafStorageException {
+ final TestRequestImpl pendingReq = new TestRequestImpl();
+ final Map<String, String> spConfigMap = new HashMap<>();
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XFN+123456i");
+
+ final DummySpConfiguration spConfig = new DummySpConfiguration(spConfigMap, authConfig);
+ pendingReq.setSpConfig(spConfig);
+
+ final HashMap<String, Object> sessionStore = new HashMap<>();
+ final AuthProcessDataWrapper wrapper = new AuthProcessDataWrapper(sessionStore);
+ wrapper.setIdentityLink(new SimpleIdentityLinkAssertionParser(
+ new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_2.getBytes())))
+ .parseIdentityLink());
+ pendingReq.setRawDataToTransaction(sessionStore);
+
+
+ //build authData
+ IAuthData authData = authBuilder.buildAuthenticationData(pendingReq);
+
+ Assert.assertEquals("Wrong bPK", "k65HRxpVcoZ2OPZHo3j2LEn/JQE=", authData.getBpk());
+ Assert.assertEquals("Wrong bPKType", EaafConstants.URN_PREFIX_WBPK + "XFN+123456i", authData.getBpkType());
+
+ }
+
+ @Test
+ public void buildAuthDataEidasTarget() throws EaafParserException,
+ EaafAuthenticationException, EaafStorageException {
+ final TestRequestImpl pendingReq = new TestRequestImpl();
+ final Map<String, String> spConfigMap = new HashMap<>();
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+ES");
+
+ final DummySpConfiguration spConfig = new DummySpConfiguration(spConfigMap, authConfig);
+ pendingReq.setSpConfig(spConfig);
+
+ final HashMap<String, Object> sessionStore = new HashMap<>();
+ final AuthProcessDataWrapper wrapper = new AuthProcessDataWrapper(sessionStore);
+ wrapper.setIdentityLink(new SimpleIdentityLinkAssertionParser(
+ new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_2.getBytes())))
+ .parseIdentityLink());
+ pendingReq.setRawDataToTransaction(sessionStore);
+
+
+ //build authData
+ IAuthData authData = authBuilder.buildAuthenticationData(pendingReq);
+
+ Assert.assertEquals("Wrong bPK", "AT/ES/7AuLZNKsiRr97yvLsQ16SZ6r0q0=", authData.getBpk());
+ Assert.assertEquals("Wrong bPKType", EaafConstants.URN_PREFIX_EIDAS + "AT+ES", authData.getBpkType());
+
+ }
+
private void buildAuthDataWithIdlOnly_2(final Boolean idlEscaptionFlag, final String givenName,
final String familyName) throws Exception {
IAuthData authData = null;
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/DummyHttpClientFactory.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/DummyHttpClientFactory.java
index 9a924f83..6aea52ac 100644
--- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/DummyHttpClientFactory.java
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/DummyHttpClientFactory.java
@@ -1,8 +1,10 @@
package at.gv.egiz.eaaf.core.impl.idp.auth;
-import org.apache.http.impl.client.CloseableHttpClient;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.http.HttpClientConfiguration;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
-import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
+import org.apache.http.impl.client.CloseableHttpClient;
public class DummyHttpClientFactory implements IHttpClientFactory {
@@ -18,4 +20,10 @@ public class DummyHttpClientFactory implements IHttpClientFactory {
return null;
}
+ @Override
+ public CloseableHttpClient getHttpClient(HttpClientConfiguration config) throws EaafException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
}
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/EaafCoreMessageSourceTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/EaafCoreMessageSourceTest.java
index a354b873..2fd25478 100644
--- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/EaafCoreMessageSourceTest.java
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/EaafCoreMessageSourceTest.java
@@ -2,8 +2,6 @@ package at.gv.egiz.eaaf.core.impl.idp.auth;
import java.util.List;
-import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation;
-
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -13,10 +11,12 @@ import org.springframework.core.io.ResourceLoader;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation;
+
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration({ "/eaaf_core.beans.xml",
- "/SpringTest-context_eaaf_core.xml",
- "/SpringTest-context_authManager.xml"})
+ "/SpringTest-context_eaaf_core.xml",
+ "/SpringTest-context_authManager.xml"})
public class EaafCoreMessageSourceTest {
@Autowired
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/AbstractAttributeBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/AbstractAttributeBuilderTest.java
index 96e870ee..7092031f 100644
--- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/AbstractAttributeBuilderTest.java
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/AbstractAttributeBuilderTest.java
@@ -130,7 +130,7 @@ public abstract class AbstractAttributeBuilderTest {
protected IAttributeGenerator<String> gen = new SimpleStringAttributeGenerator();
protected static DummySpConfiguration spConfig = null;
- private static final Map<String, String> spConfigMap = new HashMap<>();
+ protected static final Map<String, String> spConfigMap = new HashMap<>();
private static final TestRequestImpl pendingReq = new TestRequestImpl();
/**
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/BpkAttributeBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/BpkAttributeBuilderTest.java
new file mode 100644
index 00000000..1ad75abc
--- /dev/null
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/BpkAttributeBuilderTest.java
@@ -0,0 +1,123 @@
+package at.gv.egiz.eaaf.core.impl.idp.auth.attributes;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BpkAttributeBuilder;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/SpringTest-context_eaaf_core.xml")
+public class BpkAttributeBuilderTest extends AbstractAttributeBuilderTest {
+
+ private final IAttributeBuilder attrBuilde = new BpkAttributeBuilder();
+
+ @Test
+ public void performTestBpk() throws Exception {
+ spConfigMap.put("target", "urn:publicid:gv.at:cdid+ZP-MH");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong bPK",
+ "ZP-MH:" + authData.getBpk(),
+ value);
+
+ }
+
+ @Test
+ public void performTestWbpkFn() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XFN+123456i");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong wbPK",
+ "XFN+123456i:" + authData.getBpk(),
+ value);
+
+ }
+
+ @Test
+ public void performTestWbpkZvr() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XZVR+123456i");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong wbPK",
+ "XZVR+123456i:" + authData.getBpk(),
+ value);
+
+ }
+
+ @Test
+ public void performTestWbpkErsb() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XERSB+123456i");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong wbPK",
+ "XERSB+123456i:" + authData.getBpk(),
+ value);
+
+ }
+
+ @Test
+ public void performTestWbpkOldFormFn() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "FN+123456i");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong wbPK",
+ "XFN+123456i:" + authData.getBpk(),
+ value);
+
+ }
+
+ @Test
+ public void performTestWbpkOldFormZvr() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "ZVR+123456i");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong wbPK",
+ "XZVR+123456i:" + authData.getBpk(),
+ value);
+
+ }
+
+ @Test
+ public void performTestWbpkOldFormErsb() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "ERSB+123456i");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong wbPK",
+ "XERSB+123456i:" + authData.getBpk(),
+ value);
+
+ }
+
+ @Test
+ public void performTestEidas() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+ES");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong eIDAS bPK",
+ "AT+ES:" + authData.getBpk(),
+ value);
+
+ }
+}
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/EidSectorForIdAttributeBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/EidSectorForIdAttributeBuilderTest.java
new file mode 100644
index 00000000..204eea56
--- /dev/null
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/EidSectorForIdAttributeBuilderTest.java
@@ -0,0 +1,123 @@
+package at.gv.egiz.eaaf.core.impl.idp.auth.attributes;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidSectorForIdAttributeBuilder;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/SpringTest-context_eaaf_core.xml")
+public class EidSectorForIdAttributeBuilderTest extends AbstractAttributeBuilderTest {
+
+ private final IAttributeBuilder attrBuilde = new EidSectorForIdAttributeBuilder();
+
+ @Test
+ public void performTestBpk() throws Exception {
+ spConfigMap.put("target", "urn:publicid:gv.at:cdid+ZP-MH");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong bPK target",
+ "urn:publicid:gv.at:cdid+ZP-MH",
+ value);
+
+ }
+
+ @Test
+ public void performTestWbpkFn() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XFN+123456i");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong wbPK target",
+ EaafConstants.URN_PREFIX_WBPK + "FN+123456i",
+ value);
+
+ }
+
+ @Test
+ public void performTestWbpkZvr() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XZVR+123456i");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong wbPK target",
+ EaafConstants.URN_PREFIX_WBPK + "ZVR+123456i",
+ value);
+
+ }
+
+ @Test
+ public void performTestWbpkErsb() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "XERSB+123456i");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong wbPK target",
+ EaafConstants.URN_PREFIX_WBPK + "ERSB+123456i",
+ value);
+
+ }
+
+ @Test
+ public void performTestWbpkOldFormFn() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "FN+123456i");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong wbPK target",
+ EaafConstants.URN_PREFIX_WBPK + "FN+123456i",
+ value);
+
+ }
+
+ @Test
+ public void performTestWbpkOldFormZvr() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "ZVR+123456i");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong wbPK target",
+ EaafConstants.URN_PREFIX_WBPK + "ZVR+123456i",
+ value);
+
+ }
+
+ @Test
+ public void performTestWbpkOldFormErsb() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_WBPK + "ERSB+123456i");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong wbPK target",
+ EaafConstants.URN_PREFIX_WBPK + "ERSB+123456i",
+ value);
+
+ }
+
+ @Test
+ public void performTestEidas() throws Exception {
+ spConfigMap.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+ES");
+
+ final IAuthData authData = buildAuthData();
+ final String value = attrBuilde.build(spConfig, authData, gen);
+
+ Assert.assertEquals("Wrong eIDAS bPK target",
+ EaafConstants.URN_PREFIX_EIDAS + "AT+ES",
+ value);
+
+ }
+}
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java
new file mode 100644
index 00000000..64c13781
--- /dev/null
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java
@@ -0,0 +1,453 @@
+package at.gv.egiz.eaaf.core.impl.idp.auth.builder;
+
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+
+@RunWith(BlockJUnit4ClassRunner.class)
+public class BpkBuilderTest {
+
+ private static final String BASEID = "RUxHQVRlc3RQQjBYWFjFkHpnw7xyX1hYWFTDvHpla8OnaQ==";
+
+ private KeyPair keyPair;
+
+
+ /**
+ * jUnit test initializer.
+ * @throws NoSuchProviderException In case of an error
+ * @throws NoSuchAlgorithmException In case of an error
+ */
+ @Before
+ public void initialize() throws NoSuchAlgorithmException, NoSuchProviderException {
+ KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+ keyPair = keyGen.generateKeyPair();
+
+ }
+
+ @Test
+ public void encBpkWrongTarget() throws InvalidKeyException {
+ String bpk = RandomStringUtils.randomAlphanumeric(25);
+ String target = RandomStringUtils.randomAlphanumeric(25);
+
+ try {
+ BpkBuilder.encryptBpk(bpk, target, keyPair.getPublic());
+ Assert.fail("Wrong parameters not detected");
+
+ } catch (EaafBuilderException e) {
+ Assert.assertEquals("Wrong errorMsg", "builder.32", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ public void decBpkWrongTarget() throws InvalidKeyException {
+ String bpk = RandomStringUtils.randomAlphanumeric(25);
+ String target = RandomStringUtils.randomAlphanumeric(25);
+
+ try {
+ BpkBuilder.decryptBpk(bpk, target, keyPair.getPrivate());
+ Assert.fail("Wrong parameters not detected");
+
+ } catch (EaafBuilderException e) {
+ Assert.assertEquals("Wrong errorMsg", "builder.32", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ public void decBpkWrongTargetInEncBpk() throws InvalidKeyException, EaafBuilderException {
+ String bpk = RandomStringUtils.randomAlphanumeric(25);
+ String target = EaafConstants.URN_PREFIX_CDID + "AA";
+
+ String encBpk = BpkBuilder.encryptBpk(bpk, target, keyPair.getPublic());
+ try {
+ BpkBuilder.decryptBpk(encBpk,
+ EaafConstants.URN_PREFIX_CDID + "BB", keyPair.getPrivate());
+ Assert.fail("Wrong parameters not detected");
+
+ } catch (EaafBuilderException e) {
+ Assert.assertEquals("Wrong errorMsg", "builder.30", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ public void encBpkSuccess() throws EaafBuilderException, InvalidKeyException {
+ String bpk = RandomStringUtils.randomAlphanumeric(25);
+ String target = EaafConstants.URN_PREFIX_CDID + "AA";
+
+ String encBpk = BpkBuilder.encryptBpk(bpk, target, keyPair.getPublic());
+
+ Assert.assertNotNull("encBpk", encBpk);
+
+ Pair<String, String> decBpk = BpkBuilder.decryptBpk(encBpk, target, keyPair.getPrivate());
+
+ Assert.assertEquals("wrong bBK", bpk, decBpk.getFirst());
+ Assert.assertEquals("wrong bBK-Target", target, decBpk.getSecond());
+
+ }
+
+ @Test
+ public void encWbpkSuccess() throws EaafBuilderException, InvalidKeyException {
+ String bpk = RandomStringUtils.randomAlphanumeric(25);
+ String target = EaafConstants.URN_PREFIX_WBPK + "XFN+123456i";
+
+ String encBpk = BpkBuilder.encryptBpk(bpk, target, keyPair.getPublic());
+
+ Assert.assertNotNull("encBpk", encBpk);
+
+ Pair<String, String> decBpk = BpkBuilder.decryptBpk(encBpk, target, keyPair.getPrivate());
+
+ Assert.assertEquals("wrong bBK", bpk, decBpk.getFirst());
+ Assert.assertEquals("wrong bBK-Target", target, decBpk.getSecond());
+
+ }
+
+ @Test
+ public void encWbpkSuccessSecond() throws EaafBuilderException, InvalidKeyException {
+ String bpk = RandomStringUtils.randomAlphanumeric(25);
+ String target = EaafConstants.URN_PREFIX_WBPK + "FN+123456i";
+
+ String encBpk = BpkBuilder.encryptBpk(bpk, target, keyPair.getPublic());
+
+ Assert.assertNotNull("encBpk", encBpk);
+
+ Pair<String, String> decBpk = BpkBuilder.decryptBpk(encBpk,
+ EaafConstants.URN_PREFIX_WBPK + "XFN+123456i", keyPair.getPrivate());
+
+ Assert.assertEquals("wrong bBK", bpk, decBpk.getFirst());
+ Assert.assertEquals("wrong bBK-Target",
+ EaafConstants.URN_PREFIX_WBPK + "XFN+123456i", decBpk.getSecond());
+
+ }
+
+
+ @Test
+ public void noBaseId() {
+ try {
+ BpkBuilder.generateAreaSpecificPersonIdentifier(null, EaafConstants.URN_PREFIX_CDID + "AA");
+
+ } catch (EaafBuilderException e) {
+ Assert.assertEquals("Wrong errorCode", "builder.00", e.getErrorId());
+ }
+ }
+
+ @Test
+ public void noTarget() {
+ try {
+ BpkBuilder.generateAreaSpecificPersonIdentifier(BASEID, null);
+
+ } catch (EaafBuilderException e) {
+ Assert.assertEquals("Wrong errorCode", "builder.00", e.getErrorId());
+ }
+ }
+
+ @Test
+ public void noBaseIdType() {
+ try {
+ BpkBuilder.generateAreaSpecificPersonIdentifier(BASEID,
+ null, EaafConstants.URN_PREFIX_CDID + "AA");
+
+ } catch (EaafBuilderException e) {
+ Assert.assertEquals("Wrong errorCode", "builder.00", e.getErrorId());
+ }
+ }
+
+ @Test
+ public void wrongBaseIdType() {
+ try {
+ BpkBuilder.generateAreaSpecificPersonIdentifier(BASEID,
+ EaafConstants.URN_PREFIX_CDID + "BB", EaafConstants.URN_PREFIX_CDID + "AA");
+
+ } catch (EaafBuilderException e) {
+ Assert.assertEquals("Wrong errorCode", "builder.00", e.getErrorId());
+ }
+ }
+
+ @Test
+ public void baseIdTypeEqualsTarget() throws EaafBuilderException {
+ Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier(BASEID,
+ EaafConstants.URN_PREFIX_CDID + "AA", EaafConstants.URN_PREFIX_CDID + "AA");
+
+ Assert.assertEquals("first bPK", BASEID,
+ result1.getFirst());
+ Assert.assertEquals("first bPK", "urn:publicid:gv.at:cdid+AA",
+ result1.getSecond());
+
+ }
+
+ @Test
+ public void buildBpk() throws EaafBuilderException {
+
+ Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier(
+ BASEID, EaafConstants.URN_PREFIX_CDID + "AA");
+ Pair<String, String> result2 = BpkBuilder.generateAreaSpecificPersonIdentifier(
+ BASEID, EaafConstants.URN_PREFIX_CDID + "BB");
+
+ Assert.assertEquals("first bPK", "b1Ip610zZq/Or/uCqgb51lnAdZM=",
+ result1.getFirst());
+ Assert.assertEquals("first bPK", "urn:publicid:gv.at:cdid+AA",
+ result1.getSecond());
+
+ Assert.assertEquals("second bPK", "uYst6hjKJvyp7s/ezD8zsnkcj9k=",
+ result2.getFirst());
+ Assert.assertEquals("second bPK", "urn:publicid:gv.at:cdid+BB",
+ result2.getSecond());
+
+ }
+
+ @Test
+ public void buildWbpkFn() throws EaafBuilderException {
+
+ Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier(
+ BASEID, EaafConstants.URN_PREFIX_WBPK + "FN+123456i");
+
+ Assert.assertEquals("wbPK", "k65HRxpVcoZ2OPZHo3j2LEn/JQE=",
+ result1.getFirst());
+ Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XFN+123456i",
+ result1.getSecond());
+
+ }
+
+ @Test
+ public void buildWbpkZvr() throws EaafBuilderException {
+
+ Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier(
+ BASEID, EaafConstants.URN_PREFIX_WBPK + "ZVR+123456");
+
+ Assert.assertEquals("wbPK", "g4JRKGS+AJxd9FU8k2tG8Lxrx6M=",
+ result1.getFirst());
+ Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XZVR+123456",
+ result1.getSecond());
+
+ }
+
+ @Test
+ public void buildWbpkErsb() throws EaafBuilderException {
+
+ Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier(
+ BASEID, EaafConstants.URN_PREFIX_WBPK + "ERSB+123456");
+
+ Assert.assertEquals("wbPK", "Bjnl0BofeJGgqynJP1r/ff6E1Rk=",
+ result1.getFirst());
+ Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XERSB+123456",
+ result1.getSecond());
+
+ }
+
+ @Test
+ public void buildWbpkXFn() throws EaafBuilderException {
+
+ Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier(
+ BASEID, EaafConstants.URN_PREFIX_WBPK + "XFN+123456i");
+
+ Assert.assertEquals("wbPK", "k65HRxpVcoZ2OPZHo3j2LEn/JQE=",
+ result1.getFirst());
+ Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XFN+123456i",
+ result1.getSecond());
+
+ }
+
+ @Test
+ public void buildWbpkXZvr() throws EaafBuilderException {
+
+ Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier(
+ BASEID, EaafConstants.URN_PREFIX_WBPK + "XZVR+123456");
+
+ Assert.assertEquals("wbPK", "g4JRKGS+AJxd9FU8k2tG8Lxrx6M=",
+ result1.getFirst());
+ Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XZVR+123456",
+ result1.getSecond());
+
+ }
+
+ @Test
+ public void buildWbpkXErsb() throws EaafBuilderException {
+
+ Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier(
+ BASEID, EaafConstants.URN_PREFIX_WBPK + "XERSB+123456");
+
+ Assert.assertEquals("wbPK", "Bjnl0BofeJGgqynJP1r/ff6E1Rk=",
+ result1.getFirst());
+ Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XERSB+123456",
+ result1.getSecond());
+
+ }
+
+ @Test
+ public void buildWbpkOthers() throws EaafBuilderException {
+
+ Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier(
+ BASEID, EaafConstants.URN_PREFIX_WBPK + "XABC+123456");
+
+ Assert.assertEquals("wbPK", "wv96/xKUyi6YoYGv7IcIlFTsJIk=",
+ result1.getFirst());
+ Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XABC+123456",
+ result1.getSecond());
+
+ }
+
+ @Test
+ public void buildEidasId() throws EaafBuilderException {
+
+ Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier(
+ BASEID, EaafConstants.URN_PREFIX_EIDAS + "AT+ES");
+
+ Assert.assertEquals("eidas", "AT/ES/7AuLZNKsiRr97yvLsQ16SZ6r0q0=",
+ result1.getFirst());
+ Assert.assertEquals("wbPK", "urn:publicid:gv.at:eidasid+AT+ES",
+ result1.getSecond());
+
+ }
+
+ @Test
+ public void normalizeNullTarget() {
+ Assert.assertNull("Wrong normalized target",
+ BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(null));
+
+ }
+
+ @Test
+ public void normalizeBpkTarget() {
+ String target = EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2);
+ Assert.assertEquals("Wrong normalized target",
+ target,
+ BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(target));
+
+ }
+
+ @Test
+ public void normalizeWbpkTargetWithX() {
+ String target = EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + RandomStringUtils.randomAlphabetic(2);
+ Assert.assertEquals("Wrong normalized target",
+ target,
+ BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(target));
+
+ }
+
+ @Test
+ public void normalizeWbpkTargetWithOutXNoMapping() {
+ String target = EaafConstants.URN_PREFIX_WBPK + RandomStringUtils.randomAlphabetic(2);
+ Assert.assertEquals("Wrong normalized target",
+ target,
+ BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(target));
+
+ }
+
+ @Test
+ public void normalizeWbpkTargetWithOutXMappingFn() {
+ Assert.assertEquals("Wrong normalized target",
+ EaafConstants.URN_PREFIX_WBPK + "XFN+123456i",
+ BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(EaafConstants.URN_PREFIX_WBPK + "FN+123456i"));
+
+ }
+
+ @Test
+ public void normalizeWbpkTargetWithOutXMappingZvr() {
+ Assert.assertEquals("Wrong normalized target",
+ EaafConstants.URN_PREFIX_WBPK + "XZVR+1122334455",
+ BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(EaafConstants.URN_PREFIX_WBPK + "ZVR+1122334455"));
+
+ }
+
+ @Test
+ public void normalizeWbpkTargetWithOutXMappingErsb() {
+ Assert.assertEquals("Wrong normalized target",
+ EaafConstants.URN_PREFIX_WBPK + "XERSB+998877665544",
+ BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(EaafConstants.URN_PREFIX_WBPK + "ERSB+998877665544"));
+
+ }
+
+ @Test
+ public void normalizeEidasTarget() {
+ String target = EaafConstants.URN_PREFIX_EIDAS + RandomStringUtils.randomAlphabetic(2)
+ + "+" + RandomStringUtils.randomAlphabetic(2);
+ Assert.assertEquals("Wrong normalized target",
+ target,
+ BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(target));
+
+ }
+
+ @Test
+ public void calcNormalizeNullTarget() {
+ Assert.assertNull("Wrong normalized target",
+ BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(null));
+
+ }
+
+ @Test
+ public void calcNormalizeBpkTarget() {
+ String target = EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2);
+ Assert.assertEquals("Wrong normalized target",
+ target,
+ BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(target));
+
+ }
+
+ @Test
+ public void calcNormalizeWbpkTargetWithoutX() {
+
+ Assert.assertEquals("Wrong normalized target",
+ EaafConstants.URN_PREFIX_WBPK + "FN+123456i",
+ BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(EaafConstants.URN_PREFIX_WBPK + "FN+123456i"));
+
+ }
+
+ @Test
+ public void calcNormalizeWbpkTargetWithOutXNoMapping() {
+ String target = EaafConstants.URN_PREFIX_WBPK + RandomStringUtils.randomAlphabetic(2);
+ Assert.assertEquals("Wrong normalized target",
+ target,
+ BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(target));
+
+ }
+
+ @Test
+ public void calcNormalizeWbpkTargetWithXMappingFn() {
+ Assert.assertEquals("Wrong normalized target",
+ EaafConstants.URN_PREFIX_WBPK + "FN+123456i",
+ BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(EaafConstants.URN_PREFIX_WBPK + "XFN+123456i"));
+
+ }
+
+ @Test
+ public void calcNormalizeWbpkTargetWithXMappingZvr() {
+ Assert.assertEquals("Wrong normalized target",
+ EaafConstants.URN_PREFIX_WBPK + "ZVR+1122334455",
+ BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(EaafConstants.URN_PREFIX_WBPK + "XZVR+1122334455"));
+
+ }
+
+ @Test
+ public void calcNormalizeWbpkTargetWithXMappingErsb() {
+ Assert.assertEquals("Wrong normalized target",
+ EaafConstants.URN_PREFIX_WBPK + "ERSB+998877665544",
+ BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(
+ EaafConstants.URN_PREFIX_WBPK + "XERSB+998877665544"));
+
+ }
+
+ @Test
+ public void calcNormalizeEidasTarget() {
+ String target = EaafConstants.URN_PREFIX_EIDAS + RandomStringUtils.randomAlphabetic(2)
+ + "+" + RandomStringUtils.randomAlphabetic(2);
+ Assert.assertEquals("Wrong normalized target",
+ target,
+ BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(target));
+
+ }
+
+}
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java
index 26e2e17b..4aa32360 100644
--- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java
@@ -69,6 +69,13 @@ public class SpringExpressionEvaluatorTest {
assertTrue(expressionEvaluator.evaluate(ctx, "'HelloWorld'.equals(@simplePojo.stringValue)"));
assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.integerValue == 42"));
assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.stringValue.length() == 10"));
+
+ assertTrue(expressionEvaluator.evaluate(ctx,
+ "@simplePojo.stringValue.length() == 10 and @simplePojo.booleanValue"));
+ assertFalse(expressionEvaluator.evaluate(ctx,
+ "@simplePojo.stringValue.length() == 10 and !@simplePojo.booleanValue"));
+ assertTrue(expressionEvaluator.evaluate(ctx,
+ "@simplePojo.stringValue.length() == 10 or !@simplePojo.booleanValue"));
}
}
diff --git a/eaaf_core_api/pom.xml b/eaaf_core_api/pom.xml
index fd23f1c8..5da7ad89 100644
--- a/eaaf_core_api/pom.xml
+++ b/eaaf_core_api/pom.xml
@@ -7,7 +7,7 @@
<parent>
<groupId>at.gv.egiz</groupId>
<artifactId>eaaf</artifactId>
- <version>1.1.0</version>
+ <version>1.1.1</version>
</parent>
<groupId>at.gv.egiz.eaaf</groupId>
<artifactId>eaaf_core_api</artifactId>
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java
index 99541cd6..384446b8 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequest.java
@@ -87,9 +87,10 @@ public interface IRequest extends Serializable {
*
* @param key The specific identifier of the request-data object
* @param clazz The class type which is stored with this key
+ * @param <T> Response class type
* @return The request-data object or null if no data is found with this key
*/
- <T> T getRawData(String key, final Class<T> clazz);
+ <T> T getRawData(String key, Class<T> clazz);
/**
* Store a generic data-object into pending request with a specific identifier.
@@ -115,6 +116,7 @@ public interface IRequest extends Serializable {
* Wrap the internal dataStorage map into a DAO.
*
* @param wrapper DOA to access SessionData
+ * @param <T> Response class type
* @return
*/
@Nonnull
@@ -241,9 +243,11 @@ public interface IRequest extends Serializable {
/**
* Get get Service-Provider configuration which is associated with this request.
*
+ * @param decorator Interface of the Service-Provider information DAO
+ * @param <T> Response class type
* @return Service-Provider configuration as object
*/
- <T> T getServiceProviderConfiguration(final Class<T> decorator);
+ <T> T getServiceProviderConfiguration(Class<T> decorator);
/**
* Indicates, if this pending-request is aborted by the user.
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java
index 4bd5bc39..57375e01 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java
@@ -19,6 +19,10 @@
package at.gv.egiz.eaaf.core.api.data;
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
public class EaafConstants {
public static final String CONTENTTYPE_HTML_UTF8 = "text/html; charset=UTF-8";
@@ -51,6 +55,34 @@ public class EaafConstants {
public static final String URN_PREFIX_EIDAS = URN_PREFIX_WITH_COLON + URN_PART_EIDAS;
public static final String URN_PREFIX_OW_BPK = URN_PREFIX_CDID + "OW";
+ public static final String URN_PREFIX_WBPK_TARGET_WITH_X = EaafConstants.URN_PREFIX_WBPK + "X";
+ private static final String WBPK_TARGET_FN = "FN";
+ private static final String WBPK_TARGET_ZVR = "ZVR";
+ private static final String WBPK_TARGET_ERSB = "ERSB";
+
+ private static final String URN_PREFIX_WBPK_TARGET_XFN_TARGET =
+ EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + WBPK_TARGET_FN;
+ private static final String URN_PREFIX_WBPK_TARGET_XZVR_TARGET =
+ EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + WBPK_TARGET_ZVR;
+ private static final String URN_PREFIX_WBPK_TARGET_XERSB_TARGET =
+ EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + WBPK_TARGET_ERSB;
+
+ private static final String URN_PREFIX_WBPK_TARGET_FN_TARGET = EaafConstants.URN_PREFIX_WBPK + WBPK_TARGET_FN;
+ private static final String URN_PREFIX_WBPK_TARGET_ZVR_TARGET = EaafConstants.URN_PREFIX_WBPK + WBPK_TARGET_ZVR;
+ private static final String URN_PREFIX_WBPK_TARGET_ERSB_TARGET = EaafConstants.URN_PREFIX_WBPK + WBPK_TARGET_ERSB;
+
+ public static final Map<String, String> URN_WBPK_TARGET_X_TO_NONE_MAPPER;
+
+ static {
+ final Map<String, String> intMap = new LinkedHashMap<>();
+ intMap.put(URN_PREFIX_WBPK_TARGET_XFN_TARGET, URN_PREFIX_WBPK_TARGET_FN_TARGET);
+ intMap.put(URN_PREFIX_WBPK_TARGET_XZVR_TARGET, URN_PREFIX_WBPK_TARGET_ZVR_TARGET);
+ intMap.put(URN_PREFIX_WBPK_TARGET_XERSB_TARGET, URN_PREFIX_WBPK_TARGET_ERSB_TARGET);
+ URN_WBPK_TARGET_X_TO_NONE_MAPPER = Collections.unmodifiableMap(intMap);
+
+ }
+
+
// Authentication process data_constants
public static final String UNIQUESESSIONIDENTIFIER = "eaaf_uniqueSessionIdentifier";
public static final String AUTH_DATA_CREATED = "eaaf_authdata_created";
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java
index b6f602d2..727c360c 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java
@@ -49,4 +49,7 @@ public interface ExtendedPvpAttributeDefinitions extends PvpAttributeDefinitions
String EID_MIS_MANDATE_NAME = "urn:eidgvat:attributes.mis.mandate";
String EID_MIS_MANDATE_FRIENDLY_NAME = "mandate";
+ String EID_MIS_MANDATE_IDENTIFIER_NAME = "urn:eidgvat:attributes.mis.mandate.id";
+ String EID_MIS_MANDATE_IDENTIFIER_FRIENDLY_NAME = "mandate-identifier";
+
}
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PvpAttributeDefinitions.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PvpAttributeDefinitions.java
index 2a9a8317..793715f1 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PvpAttributeDefinitions.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PvpAttributeDefinitions.java
@@ -137,7 +137,7 @@ public interface PvpAttributeDefinitions {
IDENTITY("http://eid.gv.at/eID/status/identity"), TESTIDENTITY("http://eid.gv.at/eID/status/testidentity"),
SYSTEM("http://eid.gv.at/eID/status/system");
- private String uri;
+ private final String uri;
EidIdentityStatusLevelValues(final String uri) {
this.uri = uri;
@@ -311,11 +311,6 @@ public interface PvpAttributeDefinitions {
String MANDATE_REFERENCE_VALUE_FRIENDLY_NAME = "MANDATE-REFERENCE-VALUE";
int MANDATE_REFERENCE_VALUE_MAX_LENGTH = 100;
- String MANDATE_IDENTIFIER_OID = "1.2.40.0.10.2.1.1.261.91";
- String MANDATE_IDENTIFIER_FRIENDLY_NAME = "MANDATE-IDENTIFIER";
- String MANDATE_IDENTIFIER_NAME = URN_OID_PREFIX + MANDATE_IDENTIFIER_OID;
- int MANDATE_IDENTIFIER_MAX_LENGTH = 256;
-
@Deprecated
String MANDATE_FULL_MANDATE_OID = "1.2.40.0.10.2.1.1.261.92";
@Deprecated
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java
index 9c451282..c490bd9c 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java
@@ -24,8 +24,8 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
public interface IAttributeBuilder {
String getName();
- <ATT> ATT build(final ISpConfiguration oaParam, final IAuthData authData, final IAttributeGenerator<ATT> g)
+ <ATT> ATT build(ISpConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
throws AttributeBuilderException;
- <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g);
+ <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g);
}
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java
index 072f76e6..9f3e35cc 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java
@@ -28,11 +28,11 @@ public interface IAttributeGenerator<ATT> {
* @param value value
* @return
*/
- ATT buildStringAttribute(final String friendlyName, final String name, final String value);
+ ATT buildStringAttribute(String friendlyName, String name, String value);
- ATT buildIntegerAttribute(final String friendlyName, final String name, final int value);
+ ATT buildIntegerAttribute(String friendlyName, String name, int value);
- ATT buildLongAttribute(final String friendlyName, final String name, final long value);
+ ATT buildLongAttribute(String friendlyName, String name, long value);
- ATT buildEmptyAttribute(final String friendlyName, final String name);
+ ATT buildEmptyAttribute(String friendlyName, String name);
}
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java
index ca946496..62aa8852 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java
@@ -166,9 +166,10 @@ public interface IAuthData {
*
* @param key Identifier for the generic data
* @param clazz Type of the generic data
+ * @param <T> Response class type
* @return return the generic data of specific type, otherwise null
*/
- <T> T getGenericData(String key, final Class<T> clazz);
+ <T> T getGenericData(String key, Class<T> clazz);
/**
* Get bPK of the user.
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java
index b9ba9869..a4914f16 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java
@@ -29,7 +29,7 @@ public interface IConfiguration {
* @param key configuration key
* @return configuration value or null if it is not found
*/
- String getBasicConfiguration(final String key);
+ String getBasicConfiguration(String key);
/**
* Get a configuration value from file based configuration.
@@ -38,7 +38,7 @@ public interface IConfiguration {
* @param defaultValue Default value if no value with this key is found
* @return configuration value
*/
- String getBasicConfiguration(final String key, final String defaultValue);
+ String getBasicConfiguration(String key, String defaultValue);
/**
* Get a configuration value from file based configuration.
@@ -47,7 +47,7 @@ public interface IConfiguration {
* @return configuration value as {@link Boolean} or <code>false</code> if key
* does not exist
*/
- boolean getBasicConfigurationBoolean(final String key);
+ boolean getBasicConfigurationBoolean(String key);
/**
* Get a configuration value from file based configuration.
@@ -57,7 +57,7 @@ public interface IConfiguration {
* @return configuration value as {@link Boolean} or <code>defaultValue</code>
* if key does not exist
*/
- boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue);
+ boolean getBasicConfigurationBoolean(String key, boolean defaultValue);
/**
* Get the root directory of the configuration folder.
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfigurationWithSP.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfigurationWithSP.java
index 1ab27e7f..cf8867b3 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfigurationWithSP.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfigurationWithSP.java
@@ -22,7 +22,7 @@ public interface IConfigurationWithSP extends IConfiguration {
* error
*/
@Nullable
- ISpConfiguration getServiceProviderConfiguration(final String uniqueID) throws EaafConfigurationException;
+ ISpConfiguration getServiceProviderConfiguration(String uniqueID) throws EaafConfigurationException;
/**
* Get a configuration entry for a specific Service Provider that is decorated
@@ -32,12 +32,13 @@ public interface IConfigurationWithSP extends IConfiguration {
* @param decorator Decorator that should be used to decorate the result.
* This decorator has to be implement or extend the
* {@link ISpConfiguration} interface
+ * @param <T> Response class type
* @return <code>T</code> or <code>null</code> if no SP configuration was found
* @throws EaafConfigurationException In case of a Service-Provider loading
* error
*/
@Nullable
- <T> T getServiceProviderConfiguration(String spIdentifier, final Class<T> decorator)
+ <T> T getServiceProviderConfiguration(String spIdentifier, Class<T> decorator)
throws EaafConfigurationException;
/**
@@ -49,7 +50,7 @@ public interface IConfigurationWithSP extends IConfiguration {
* @param prefix Prefix of the configuration key
* @return Map String/String without prefix, but never null
*/
- Map<String, String> getBasicConfigurationWithPrefix(final String prefix);
+ Map<String, String> getBasicConfigurationWithPrefix(String prefix);
/**
* Validate a URL if it it is allowed by configuration.
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java
index 6c7292ac..274f3f7f 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java
@@ -31,12 +31,23 @@ public interface IAuthProcessDataContainer {
*
* @return The issuing time of the AUTH-Block SAML assertion.
*/
- String getIssueInstant();
+ Date getIssueInstant();
+
+ /**
+ * Returns the issuing time of the AUTH-Block SAML assertion.
+ *
+ *<p>{@link String} representation uses pattern:
+ * <code>yyyy-MM-dd'T'HH:mm:ss'Z'</code> </p>
+ *
+ * @return The issuing time of the AUTH-Block SAML assertion.
+ */
+ String getIssueInstantString();
/**
* Sets the issuing time of the AUTH-Block SAML assertion.
*
- * @param issueInstant The issueInstant to set.
+ * @param issueInstant The issueInstant with pattern:
+ * <code>yyyy-MM-dd'T'HH:mm:ss'Z'</code> to set.
*/
void setIssueInstant(String issueInstant);
@@ -129,6 +140,8 @@ public interface IAuthProcessDataContainer {
/**
* Mark that the auth. process was done by an official representatives
+ *
+ * @param isOW Mark this data as Organwalter
*
*/
void setOW(boolean isOW);
@@ -171,6 +184,7 @@ public interface IAuthProcessDataContainer {
*
* @param key The specific identifier of the session-data object
* @param clazz The class type which is stored with this key
+ * @param <T> Response class type
* @return The session-data object or null if no data is found with this key
*/
<T> T getGenericDataFromSession(String key, Class<T> clazz);
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/storage/ITransactionStorage.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/storage/ITransactionStorage.java
index 754ff9ac..f80fc967 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/storage/ITransactionStorage.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/storage/ITransactionStorage.java
@@ -70,10 +70,11 @@ public interface ITransactionStorage {
*
* @param key Id which identifiers the data object
* @param clazz The class type which is stored with this key
+ * @param <T> Response class type
* @return The transaction-data object from type class, or null
* @throws EaafStorageException In case of load operation failed
*/
- <T> T get(String key, final Class<T> clazz) throws EaafException;
+ <T> T get(String key, Class<T> clazz) throws EaafException;
/**
* Get a data object from transaction storage.
@@ -81,10 +82,11 @@ public interface ITransactionStorage {
* @param key Id which identifiers the data object
* @param clazz The class type which is stored with this key
* @param dataTimeOut Data-object timeout in [ms]
+ * @param <T> Response class type
* @return The transaction-data object from type class, or null
* @throws EaafStorageException In case of load operation failed
*/
- <T> T get(String key, final Class<T> clazz, long dataTimeOut) throws EaafException;
+ <T> T get(String key, Class<T> clazz, long dataTimeOut) throws EaafException;
/**
* Change the key of a data object and store it under the new key.
diff --git a/eaaf_core_utils/pom.xml b/eaaf_core_utils/pom.xml
index fa5fa412..eb65b01e 100644
--- a/eaaf_core_utils/pom.xml
+++ b/eaaf_core_utils/pom.xml
@@ -7,7 +7,7 @@
<parent>
<groupId>at.gv.egiz</groupId>
<artifactId>eaaf</artifactId>
- <version>1.1.0</version>
+ <version>1.1.1</version>
</parent>
<groupId>at.gv.egiz.eaaf</groupId>
<artifactId>eaaf_core_utils</artifactId>
@@ -79,6 +79,13 @@
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
</dependency>
+
+
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-webmvc</artifactId>
+ <scope>provided</scope>
+ </dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
@@ -100,6 +107,16 @@
<artifactId>guava</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>com.squareup.okhttp3</groupId>
+ <artifactId>mockwebserver</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>com.squareup.okhttp3</groupId>
+ <artifactId>okhttp-tls</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java
new file mode 100644
index 00000000..1e1e2137
--- /dev/null
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java
@@ -0,0 +1,50 @@
+package at.gv.egiz.eaaf.core.impl.http;
+
+import java.net.Socket;
+import java.util.Map;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.http.ssl.PrivateKeyDetails;
+import org.apache.http.ssl.PrivateKeyStrategy;
+
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * Private Key selection implementation for Apache HTTP clients.
+ *
+ * @author tlenz
+ *
+ */
+@Slf4j
+public class EaafSslKeySelectionStrategy implements PrivateKeyStrategy {
+
+ private final String keyAlias;
+
+ /**
+ * Private Key selection implementation for Apache HTTP clients.
+ *
+ * @param alias Alias of the Key that should be used for SSL client authentication.
+ */
+ public EaafSslKeySelectionStrategy(String alias) {
+ this.keyAlias = alias;
+
+ }
+
+ @Override
+ public String chooseAlias(Map<String, PrivateKeyDetails> aliases, Socket socket) {
+ log.trace("Selection SSL client-auth key for alias: {}", keyAlias);
+ final PrivateKeyDetails selected = aliases.get(keyAlias);
+ if (selected != null) {
+ log.trace("Select SL client-auth key with type:", selected.getType());
+ return keyAlias;
+
+ } else {
+ log.warn("KeyStore contains NO key with alias: {}. Using first key from keystore", keyAlias);
+ log.info("Available aliases: {}", StringUtils.join(aliases.keySet(), ", "));
+ return aliases.keySet().iterator().next();
+
+ }
+
+ }
+
+}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java
new file mode 100644
index 00000000..582ad545
--- /dev/null
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java
@@ -0,0 +1,191 @@
+package at.gv.egiz.eaaf.core.impl.http;
+
+import java.text.MessageFormat;
+import java.util.UUID;
+
+import javax.annotation.Nonnull;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+
+import org.apache.commons.lang3.StringUtils;
+
+import lombok.Getter;
+import lombok.Setter;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+@Getter
+public class HttpClientConfiguration {
+
+ private static final String MSG_KEYSTORE_NAME = "KeyStore for httpClient: {0}";
+
+ private static final String ERROR_00 = "internal.httpclient.00";
+ private static final String ERROR_01 = "internal.httpclient.01";
+ private static final String ERROR_02 = "internal.httpclient.02";
+
+ @Nonnull
+ private final String friendlyName;
+
+ @Nonnull
+ private final String uuid;
+
+ @Nonnull
+ private ClientAuthMode authMode = ClientAuthMode.NONE;
+
+ @Setter
+ private String username;
+
+ @Setter
+ private String password;
+
+ @Setter
+ boolean disableHostnameValidation = false;
+
+ @Setter
+ boolean disableTlsHostCertificateValidation = false;
+
+
+ private KeyStoreConfiguration keyStoreConfig;
+
+ @Setter
+ private String sslKeyAlias;
+
+ @Setter
+ private String sslKeyPassword;
+
+ @Setter
+ private boolean followHttpRedirects = true;
+
+ /**
+ * Get a new HTTP-client configuration object.
+ *
+ * @param name FriendlyName of this http client for logging purposes.
+ */
+ public HttpClientConfiguration(String name) {
+ this.friendlyName = name;
+ this.uuid = UUID.randomUUID().toString();
+
+ }
+
+ /**
+ * Set Client authentication-mode from configuration property.
+ *
+ * <p>If the mode is unknown than the {@link ClientAuthMode} is set to <code>NONE</code> </p>
+ *
+ * @param authModeString Modes from {@link ClientAuthMode}
+ */
+ public void setAuthMode(String authModeString) {
+ final ClientAuthMode configAuthMode = HttpClientConfiguration.ClientAuthMode.fromString(authModeString);
+ if (configAuthMode != null) {
+ authMode = configAuthMode;
+
+ } else {
+ log.warn("Can Not parse ClientAuthMode for client: {}! Set mode to default value",
+ friendlyName);
+
+ }
+ }
+
+
+ /**
+ * Validate the internal state of this configuration object.
+ *
+ * @throws EaafConfigurationException In case of a configuration error
+ */
+ public void validate() throws EaafConfigurationException {
+ log.trace("Validating http-client: {}", this.friendlyName);
+ if (this.authMode.equals(ClientAuthMode.PASSWORD)) {
+ if (StringUtils.isEmpty(this.username)) {
+ throw new EaafConfigurationException(ERROR_00, new Object[] {this.friendlyName});
+
+ }
+
+ if (StringUtils.isEmpty(this.password)) {
+ log.warn("Http basic authentication was activated but NOT username was set!");
+
+ }
+
+ } else if (this.authMode.equals(ClientAuthMode.SSL)) {
+ if (this.keyStoreConfig == null) {
+ throw new EaafConfigurationException(ERROR_01, new Object[] {this.friendlyName});
+
+ } else {
+ log.trace("Validating KeyStore: {} for http-client: {} ...",
+ this.keyStoreConfig.getFriendlyName(), this.friendlyName);
+ this.keyStoreConfig.validate();
+
+ }
+
+ if (StringUtils.isEmpty(this.sslKeyPassword)) {
+ throw new EaafConfigurationException(ERROR_02, new Object[] {
+ this.friendlyName, this.keyStoreConfig.getFriendlyName()});
+
+ }
+ }
+
+ }
+
+ /**
+ * Build a {@link KeyStoreConfiguration} object from configuration parameters.
+ *
+ * @param keyStoreType String based KeyStore type
+ * @param keyStorePath Path to KeyStore in case of a software based KeyStore
+ * @param keyStorePassword Password in case of a software based KeyStore
+ * @param keyStoreName Name of the KeyStore in case of a named KeyStore like HSM-Facade
+ * @throws EaafConfigurationException In case of a configuration error
+ */
+ public void buildKeyStoreConfig(String keyStoreType, String keyStorePath,
+ String keyStorePassword, String keyStoreName) throws EaafConfigurationException {
+ final KeyStoreConfiguration config = new KeyStoreConfiguration();
+ config.setKeyStoreType(keyStoreType);
+ config.setFriendlyName(MessageFormat.format(MSG_KEYSTORE_NAME, friendlyName));
+ config.setSoftKeyStoreFilePath(keyStorePath);
+ config.setSoftKeyStorePassword(keyStorePassword);
+ config.setKeyStoreName(keyStoreName);
+ this.keyStoreConfig = config;
+
+ }
+
+ public enum ClientAuthMode {
+ NONE("none"), PASSWORD("password"), SSL("ssl");
+
+ private final String mode;
+
+ ClientAuthMode(final String mode) {
+ this.mode = mode;
+ }
+
+ /**
+ * Get the PVP mode.
+ *
+ * @return
+ */
+ public String getMode() {
+ return this.mode;
+ }
+
+ /**
+ * Get http-client authentication mode from String representation.
+ *
+ * @param s Config parameter
+ * @return
+ */
+ public static ClientAuthMode fromString(final String s) {
+ try {
+ return ClientAuthMode.valueOf(s.toUpperCase());
+
+ } catch (IllegalArgumentException | NullPointerException e) {
+ return null;
+ }
+ }
+
+ @Override
+ public String toString() {
+ return getMode();
+
+ }
+
+ }
+
+}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java
index e681e705..00d5891a 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java
@@ -1,22 +1,14 @@
-package at.gv.egiz.eaaf.core.impl.utils;
+package at.gv.egiz.eaaf.core.impl.http;
-import java.security.KeyManagementException;
import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.UnrecoverableKeyException;
+import java.util.HashMap;
+import java.util.Map;
+import javax.annotation.Nonnull;
import javax.annotation.PostConstruct;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
-
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
@@ -29,6 +21,7 @@ import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
+import org.apache.http.config.SocketConfig;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
@@ -43,20 +36,21 @@ import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.protocol.HttpContext;
import org.apache.http.ssl.SSLContexts;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.core.io.ResourceLoader;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
import lombok.extern.slf4j.Slf4j;
@Slf4j
public class HttpClientFactory implements IHttpClientFactory {
- @Autowired(required = true)
+ @Autowired
private IConfiguration basicConfig;
-
- @Autowired(required = true)
- ResourceLoader resourceLoader;
-
- @Autowired private EaafKeyStoreFactory keyStoreFactory;
+ @Autowired
+ private EaafKeyStoreFactory keyStoreFactory;
public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE =
"client.http.connection.pool.use";
@@ -84,9 +78,10 @@ public class HttpClientFactory implements IHttpClientFactory {
"client.auth.ssl.keystore.name";
public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE =
"client.auth.ssl.keystore.type";
+ public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEY_ALIAS =
+ "client.auth.ssl.key.alias";
public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD =
"client.auth.ssl.key.password";
- public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEY_ALIAS = "client.auth.ssl.key.alias";
// default configuration values
public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET = "15";
@@ -95,48 +90,8 @@ public class HttpClientFactory implements IHttpClientFactory {
public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL = "500";
public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE = "100";
- public enum ClientAuthMode {
- NONE("none"), PASSWORD("password"), SSL("ssl");
-
- private final String mode;
-
- ClientAuthMode(final String mode) {
- this.mode = mode;
- }
-
- /**
- * Get the PVP mode.
- *
- * @return
- */
- public String getMode() {
- return this.mode;
- }
-
- /**
- * Get http-client authentication mode from String representation.
- *
- * @param s Config parameter
- * @return
- */
- public static ClientAuthMode fromString(final String s) {
- try {
- return ClientAuthMode.valueOf(s.toUpperCase());
-
- } catch (IllegalArgumentException | NullPointerException e) {
- return null;
- }
- }
-
- @Override
- public String toString() {
- return getMode();
-
- }
-
- }
-
- private HttpClientBuilder httpClientBuilder = null;
+ private String defaultConfigurationId = null;
+ private final Map<String, HttpClientBuilder> availableBuilders = new HashMap<>();
/*
* (non-Javadoc)
@@ -151,185 +106,168 @@ public class HttpClientFactory implements IHttpClientFactory {
@Override
public CloseableHttpClient getHttpClient(final boolean followRedirects) {
- RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
- if (!followRedirects) {
- redirectStrategy = new RedirectStrategy() {
+ return availableBuilders.get(defaultConfigurationId).setRedirectStrategy(
+ buildRedirectStrategy(followRedirects)).build();
- @Override
- public boolean isRedirected(final HttpRequest request, final HttpResponse response,
- final HttpContext context) throws ProtocolException {
- return false;
- }
+ }
- @Override
- public HttpUriRequest getRedirect(final HttpRequest request, final HttpResponse response,
- final HttpContext context) throws ProtocolException {
- return null;
- }
- };
- }
+ @Override
+ public CloseableHttpClient getHttpClient(@Nonnull HttpClientConfiguration config) throws EaafException {
+ log.trace("Build http client for: {}", config.getFriendlyName());
+ HttpClientBuilder builder = null;
+ if (availableBuilders.containsKey(config.getUuid())) {
+ builder = availableBuilders.get(config.getUuid());
- return httpClientBuilder.setRedirectStrategy(redirectStrategy).build();
+ } else {
+ log.debug("Initialize new http-client builder for: {}", config.getFriendlyName());
- }
+ //validate configuration object
+ config.validate();
- @PostConstruct
- private void initalize() {
- // initialize http client
- log.trace("Initializing HTTP Client-builder ... ");
- httpClientBuilder = HttpClients.custom();
+ builder = HttpClients.custom();
+ builder.setDefaultRequestConfig(buildDefaultRequestConfig());
- // set default request configuration
- final RequestConfig requestConfig =
- RequestConfig.custom()
- .setConnectTimeout(
- Integer.parseInt(basicConfig.getBasicConfiguration(
- PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION,
- DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION)) * 1000)
- .setConnectionRequestTimeout(Integer.parseInt(basicConfig.getBasicConfiguration(
- PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST,
- DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST)) * 1000)
- .setSocketTimeout(Integer.parseInt(
- basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET,
- DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET))
- * 1000)
- .build();
- httpClientBuilder.setDefaultRequestConfig(requestConfig);
+ //inject basic authentication infos
+ injectBasicAuthenticationIfRequired(builder, config);
- ClientAuthMode clientAuthMode = ClientAuthMode.fromString(
- basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_MODE, ClientAuthMode.NONE.getMode()));
- if (clientAuthMode == null) {
- log.warn("Can Not parse ClientAuthMode! Set mode to default value");
- clientAuthMode = ClientAuthMode.NONE;
+ //inject authentication if required
+ final LayeredConnectionSocketFactory sslConnectionFactory = getSslContext(config);
- }
+ // set pool connection if required
+ injectDefaultConnectionPoolIfRequired(builder, sslConnectionFactory);
- // inject basic http authentication if required
- log.info("Client authentication-mode is set to: {}", clientAuthMode);
- injectBasicAuthenticationIfRequired(clientAuthMode);
+ availableBuilders.put(config.getUuid(), builder);
- // inject authentication if required
- final LayeredConnectionSocketFactory sslConnectionFactory = getSslContext(clientAuthMode);
+ }
- // set pool connection if required
- injectConnectionPoolIfRequired(sslConnectionFactory);
+ return builder.setRedirectStrategy(
+ buildRedirectStrategy(config.isFollowHttpRedirects())).build();
}
- private void injectBasicAuthenticationIfRequired(final ClientAuthMode clientAuthMode) {
- if (clientAuthMode.equals(ClientAuthMode.PASSWORD)) {
- final CredentialsProvider provider = new BasicCredentialsProvider();
+ @PostConstruct
+ private void initalize() throws EaafException {
+ final HttpClientConfiguration defaultHttpClientConfig = buildDefaultHttpClientConfiguration();
- final String username =
- basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_HTTP_USERNAME);
- final String password =
- basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_HTTP_PASSORD);
+ // initialize http client
+ log.trace("Initializing default HTTP-Client builder ... ");
+ final HttpClientBuilder defaultHttpClientBuilder = HttpClients.custom();
- if (StringUtils.isEmpty(username)) {
- log.warn("Http basic authentication was activated but NOT username was set!");
+ // set default request configuration
+ defaultHttpClientBuilder.setDefaultRequestConfig(buildDefaultRequestConfig());
- }
+ //inject http basic authentication
+ injectBasicAuthenticationIfRequired(defaultHttpClientBuilder, defaultHttpClientConfig);
- log.trace("Injecting basic authentication with username: {} and password: {}", username,
- password);
- final UsernamePasswordCredentials credentials =
- new UsernamePasswordCredentials(username, password);
- provider.setCredentials(AuthScope.ANY, credentials);
- httpClientBuilder.setDefaultCredentialsProvider(provider);
- log.info("Basic http authentication was injected with username: {}", username);
+ // inject authentication if required
+ final LayeredConnectionSocketFactory sslConnectionFactory =
+ getSslContext(defaultHttpClientConfig);
- } else {
- log.trace("Injection of Http Basic authentication was skipped");
+ // set pool connection if required
+ injectDefaultConnectionPoolIfRequired(defaultHttpClientBuilder, sslConnectionFactory);
- }
+ //set default http client builder
+ defaultConfigurationId = defaultHttpClientConfig.getUuid();
+ availableBuilders.put(defaultConfigurationId, defaultHttpClientBuilder);
}
- private SSLContext buildSslContextWithSslClientAuthentication()
- throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException,
- KeyStoreException, EaafConfigurationException {
- log.trace("Injecting SSL client-authentication into http client ... ");
- final KeyStore keystore = getSslAuthKeyStore();
- final String keyPasswordString =
- basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD);
- log.trace("Open SSL Client-Auth keystore with password: {}", keyPasswordString);
- final char[] keyPassword = keyPasswordString == null ? StringUtils.EMPTY.toCharArray()
- : keyPasswordString.toCharArray();
- return SSLContexts.custom().loadKeyMaterial(keystore, keyPassword).build();
+ private HttpClientConfiguration buildDefaultHttpClientConfiguration() throws EaafConfigurationException {
+ final HttpClientConfiguration config = new HttpClientConfiguration("Default");
+ // inject basic http authentication if required
+ config.setAuthMode(basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_MODE,
+ HttpClientConfiguration.ClientAuthMode.NONE.getMode()));
+ log.info("Default client authentication-mode is set to: {}", config.getAuthMode());
+
+ // set Username and Password if available
+ config.setUsername(basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_HTTP_USERNAME));
+ config.setPassword(basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_HTTP_PASSORD));
+
+ // set SSL Client auth. informations if available
+ config.buildKeyStoreConfig(
+ basicConfig.getBasicConfiguration(
+ PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE, KeyStoreType.PKCS12.getKeyStoreType()),
+ basicConfig.getBasicConfiguration(
+ PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PATH, StringUtils.EMPTY),
+ basicConfig.getBasicConfiguration(
+ PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD, StringUtils.EMPTY),
+ basicConfig.getBasicConfiguration(
+ PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_NAME, StringUtils.EMPTY));
+
+ config.setSslKeyAlias(
+ basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEY_ALIAS));
+ config.setSslKeyPassword(
+ basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD));
+
+ config.setDisableHostnameValidation(basicConfig.getBasicConfigurationBoolean(
+ PROP_CONFIG_CLIENT_HTTP_SSL_HOSTNAMEVERIFIER_TRUSTALL, false));
+
+ // validate configuration object
+ config.validate();
+
+ return config;
}
- private KeyStore getSslAuthKeyStore() throws EaafConfigurationException {
- final String keyStoreType = basicConfig.getBasicConfiguration(
- PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE, KeyStoreType.PKCS12.getKeyStoreType());
- final String localKeyStorePath = basicConfig
- .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PATH, StringUtils.EMPTY);
- final String keyStorePassword = basicConfig
- .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD, StringUtils.EMPTY);
- final String keyStoreName = basicConfig
- .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_NAME, StringUtils.EMPTY);
-
- try {
- final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
- keyStoreConfig.setKeyStoreType(keyStoreType);
- keyStoreConfig.setFriendlyName("HttpClient Keystore");
- keyStoreConfig.setSoftKeyStoreFilePath(localKeyStorePath);
- keyStoreConfig.setSoftKeyStorePassword(keyStorePassword);
- keyStoreConfig.setKeyStoreName(keyStoreName);
-
- log.debug("Open keyStore with type: {}", keyStoreType);
- final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig).getFirst();
-
- return keyStore;
-
- } catch (final EaafException e) {
- log.warn("Can NOT read keyStore: {} from filesystem", localKeyStorePath, null, e);
- throw new EaafConfigurationException("Can NOT read keyStore: {} from filesystem",
- new Object[] { localKeyStorePath }, e);
+ private void injectBasicAuthenticationIfRequired(HttpClientBuilder builder,
+ final HttpClientConfiguration httpClientConfig) {
+ if (httpClientConfig.getAuthMode().equals(HttpClientConfiguration.ClientAuthMode.PASSWORD)) {
+ final CredentialsProvider provider = new BasicCredentialsProvider();
+ log.trace("Injecting basic authentication with username: {} and password: {}",
+ httpClientConfig.getUsername(), httpClientConfig.getPassword());
+ final UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(
+ httpClientConfig.getUsername(), httpClientConfig.getPassword());
+
+ final AuthScope scope = new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT, AuthScope.ANY_REALM);
+ provider.setCredentials(scope, credentials);
+ builder.setDefaultCredentialsProvider(provider);
+ log.info("Basic http authentication was injected with username: {}",
+ httpClientConfig.getUsername());
+
+ } else {
+ log.trace("Injection of Http Basic authentication was skipped");
}
}
- private LayeredConnectionSocketFactory getSslContext(final ClientAuthMode clientAuthMode) {
+ @Nonnull
+ private LayeredConnectionSocketFactory getSslContext(final HttpClientConfiguration httpClientConfig)
+ throws EaafException {
SSLContext sslContext = null;
- try {
- if (clientAuthMode.equals(ClientAuthMode.SSL)) {
- sslContext = buildSslContextWithSslClientAuthentication();
-
- } else {
- log.trace("Initializing default SSL Context ... ");
- sslContext = SSLContext.getDefault();
-
- }
-
- // set hostname verifier
- HostnameVerifier hostnameVerifier = null;
- if (basicConfig.getBasicConfigurationBoolean(
- PROP_CONFIG_CLIENT_HTTP_SSL_HOSTNAMEVERIFIER_TRUSTALL, false)) {
- hostnameVerifier = new NoopHostnameVerifier();
- log.warn("HTTP client-builder deactivates SSL Host-name verification!");
-
- }
+ if (httpClientConfig.getAuthMode().equals(HttpClientConfiguration.ClientAuthMode.SSL)) {
+ log.debug("Open keyStore with type: {}", httpClientConfig.getKeyStoreConfig().getKeyStoreType());
+ final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(httpClientConfig.getKeyStoreConfig())
+ .getFirst();
- final LayeredConnectionSocketFactory sslSocketFactory =
- new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
+ log.trace("Injecting SSL client-authentication into http client ... ");
+ sslContext = HttpUtils.buildSslContextWithSslClientAuthentication(keyStore,
+ httpClientConfig.getSslKeyAlias(), httpClientConfig.getSslKeyPassword(),
+ httpClientConfig.isDisableTlsHostCertificateValidation(), httpClientConfig.getFriendlyName());
- return sslSocketFactory;
+ } else {
+ log.trace("Initializing default SSL Context ... ");
+ sslContext = SSLContexts.createDefault();
+
+ }
- } catch (final NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException
- | KeyStoreException | EaafConfigurationException e) {
- log.warn("HTTP client-builder can NOT initialze SSL-Context", e);
+ // set hostname verifier
+ HostnameVerifier hostnameVerifier = null;
+ if (httpClientConfig.isDisableHostnameValidation()) {
+ hostnameVerifier = new NoopHostnameVerifier();
+ log.warn("HTTP client-builder deactivates SSL Host-name verification!");
}
- log.info("HTTP client-builder successfuly initialized");
- return null;
+ final LayeredConnectionSocketFactory sslSocketFactory =
+ new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
+ log.debug("HTTP client-builder successfuly initialized");
+ return sslSocketFactory;
}
- private void injectConnectionPoolIfRequired(
- final LayeredConnectionSocketFactory sslConnectionFactory) {
+ private void injectDefaultConnectionPoolIfRequired(
+ HttpClientBuilder builder, final LayeredConnectionSocketFactory sslConnectionFactory) {
if (basicConfig.getBasicConfigurationBoolean(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE,
true)) {
PoolingHttpClientConnectionManager pool;
@@ -347,7 +285,7 @@ public class HttpClientFactory implements IHttpClientFactory {
pool = new PoolingHttpClientConnectionManager();
}
-
+
pool.setDefaultMaxPerRoute(Integer.parseInt(
basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE,
DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE)));
@@ -355,15 +293,61 @@ public class HttpClientFactory implements IHttpClientFactory {
basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL,
DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL)));
- httpClientBuilder.setConnectionManager(pool);
+ pool.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(Integer.parseInt(
+ basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET,
+ DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET))
+ * 1000).build());
+
+ builder.setConnectionManager(pool);
log.debug("Initalize http-client pool with, maxTotal: {} maxPerRoute: {}", pool.getMaxTotal(),
pool.getDefaultMaxPerRoute());
} else if (sslConnectionFactory != null) {
log.trace("Inject SSLSocketFactory without connection pool");
- httpClientBuilder.setSSLSocketFactory(sslConnectionFactory);
+ builder.setSSLSocketFactory(sslConnectionFactory);
+
+ }
+
+ }
+ private RequestConfig buildDefaultRequestConfig() {
+ final RequestConfig requestConfig =
+ RequestConfig.custom()
+ .setConnectTimeout(
+ Integer.parseInt(basicConfig.getBasicConfiguration(
+ PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION,
+ DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION)) * 1000)
+ .setConnectionRequestTimeout(Integer.parseInt(basicConfig.getBasicConfiguration(
+ PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST,
+ DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST)) * 1000)
+ .setSocketTimeout(Integer.parseInt(
+ basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET,
+ DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET))
+ * 1000)
+ .build();
+ return requestConfig;
+
+ }
+
+ private static RedirectStrategy buildRedirectStrategy(final boolean followRedirects) {
+ RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
+ if (!followRedirects) {
+ redirectStrategy = new RedirectStrategy() {
+
+ @Override
+ public boolean isRedirected(final HttpRequest request, final HttpResponse response,
+ final HttpContext context) throws ProtocolException {
+ return false;
+ }
+
+ @Override
+ public HttpUriRequest getRedirect(final HttpRequest request, final HttpResponse response,
+ final HttpContext context) throws ProtocolException {
+ return null;
+ }
+ };
}
+ return redirectStrategy;
}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
index 66356ba0..2d514912 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
@@ -16,14 +16,35 @@
* works that you distribute must include a readable copy of the "NOTICE" text file.
*/
-package at.gv.egiz.eaaf.core.impl.utils;
+package at.gv.egiz.eaaf.core.impl.http;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+import javax.net.ssl.SSLContext;
import javax.servlet.http.HttpServletRequest;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
+
import org.apache.commons.lang3.StringUtils;
+import org.apache.http.conn.ssl.TrustAllStrategy;
+import org.apache.http.ssl.SSLContextBuilder;
+import org.apache.http.ssl.SSLContexts;
+import org.apache.http.ssl.TrustStrategy;
+
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class HttpUtils {
+ private static final String ERROR_03 = "internal.httpclient.03";
+
/**
* Helper method to retrieve server URL including context path.
*
@@ -115,4 +136,59 @@ public class HttpUtils {
}
}
+ /**
+ * Initialize a {@link SSLContext} with a {@link KeyStore} that uses X509 Client
+ * authentication.
+ *
+ * @param keyStore KeyStore with private keys that should be
+ * used
+ * @param keyAlias Alias of the key that should be used. If
+ * the alias is null, than the first key that
+ * is found will be selected.
+ * @param keyPasswordString Password of the Key in this keystore
+ * @param trustAllServerCertificates Deactivate SSL server-certificate
+ * validation
+ * @param friendlyName FriendlyName of the http client for logging
+ * purposes
+ * @return {@link SSLContext} with X509 client authentication
+ * @throws EaafConfigurationException In case of a configuration error
+ * @throws EaafFactoryException In case of a {@link SSLContext}
+ * initialization error
+ */
+ public static SSLContext buildSslContextWithSslClientAuthentication(@Nonnull final KeyStore keyStore,
+ @Nullable String keyAlias, @Nullable String keyPasswordString,
+ boolean trustAllServerCertificates, @Nonnull String friendlyName)
+ throws EaafConfigurationException, EaafFactoryException {
+ try {
+ log.trace("Open SSL Client-Auth keystore with password: {}", keyPasswordString);
+ final char[] keyPassword = keyPasswordString == null ? StringUtils.EMPTY.toCharArray()
+ : keyPasswordString.toCharArray();
+
+ SSLContextBuilder sslContextBuilder = SSLContexts.custom();
+ if (StringUtils.isNotEmpty(keyAlias)) {
+ sslContextBuilder = sslContextBuilder
+ .loadKeyMaterial(keyStore, keyPassword, new EaafSslKeySelectionStrategy(keyAlias));
+
+ } else {
+ sslContextBuilder = sslContextBuilder
+ .loadKeyMaterial(keyStore, keyPassword);
+
+ }
+
+ if (trustAllServerCertificates) {
+ log.warn("Http-client:{} trusts ALL TLS server-certificates!");
+ final TrustStrategy trustStrategy = new TrustAllStrategy();
+ sslContextBuilder = sslContextBuilder.loadTrustMaterial(trustStrategy);
+
+ }
+
+ return sslContextBuilder.build();
+
+ } catch (NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException
+ | KeyStoreException e) {
+ throw new EaafFactoryException(ERROR_03, new Object[] { friendlyName, e.getMessage() }, e);
+
+ }
+ }
+
}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/IHttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/IHttpClientFactory.java
new file mode 100644
index 00000000..7ec58d46
--- /dev/null
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/IHttpClientFactory.java
@@ -0,0 +1,43 @@
+package at.gv.egiz.eaaf.core.impl.http;
+
+import javax.annotation.Nonnull;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+
+import org.apache.http.impl.client.CloseableHttpClient;
+
+public interface IHttpClientFactory {
+
+ /**
+ * Return an instance of a Apache HTTP client that uses
+ * default configuration properties from {@link IHttpClientFactory} implementation
+ * and follows http redirects automatically.
+ *
+ * @return http client
+ */
+ @Nonnull
+ CloseableHttpClient getHttpClient();
+
+ /**
+ * Return an instance of a Apache HTTP client that uses
+ * default configuration properties from {@link IHttpClientFactory} implementation.
+ *
+ * @param followRedirects if <code>false</code>, the client does not flow 30x
+ * http redirects
+ * @return http client
+ */
+ @Nonnull
+ CloseableHttpClient getHttpClient(boolean followRedirects);
+
+ /**
+ * Return an instance of a Apache HTTP client based in {@link HttpClientConfiguration}.
+ *
+ * @param config Configuration object for this http client
+ * @return http client
+ * @throws EaafException In case of a http-client initialization problem
+ */
+ @Nonnull
+ CloseableHttpClient getHttpClient(@Nonnull HttpClientConfiguration config)
+ throws EaafException;
+
+}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java
deleted file mode 100644
index f922e1ac..00000000
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package at.gv.egiz.eaaf.core.impl.utils;
-
-import org.apache.http.impl.client.CloseableHttpClient;
-
-public interface IHttpClientFactory {
-
- /**
- * Return an instance of a Apache HTTP client that follows http redirects
- * automatically.
- *
- * @return
- */
- CloseableHttpClient getHttpClient();
-
- /**
- * Return an instance of a Apache HTTP client.
- *
- * @param followRedirects if <code>false</code>, the client does not flow 30x
- * http redirects
- * @return
- */
- CloseableHttpClient getHttpClient(boolean followRedirects);
-
-}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java
index 4cbcfa70..4c1601c0 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java
@@ -19,6 +19,8 @@
package at.gv.egiz.eaaf.core.impl.utils;
+import java.util.UUID;
+
import at.gv.egiz.eaaf.core.api.IRequest;
/**
@@ -29,7 +31,6 @@ import at.gv.egiz.eaaf.core.api.IRequest;
*/
public class TransactionIdUtils {
- // MDC variables for logging
/**
* To correlate technical logs over one single transactions.
*/
@@ -46,6 +47,11 @@ public class TransactionIdUtils {
public static final String MDC_SERVICEPROVIDER_ID = "oaId";
/**
+ * Unique application identifier that is processed in this transaction.
+ */
+ public static final String MDC_REMOTEHOST = "remoteHost";
+
+ /**
* Set all MDC variables from pending request to this threat context.<br>
* These includes SessionID, TransactionID, and unique service-provider
* identifier
@@ -67,6 +73,7 @@ public class TransactionIdUtils {
removeSessionId();
removeTransactionId();
removeServiceProviderId();
+ removeRemoteHost();
}
@@ -99,6 +106,14 @@ public class TransactionIdUtils {
}
/**
+ * Set new random transactionId as an UUID.
+ */
+ public static void setTransactionId() {
+ org.slf4j.MDC.put(MDC_TRANSACTION_ID, UUID.randomUUID().toString());
+
+ }
+
+ /**
* Set Id to correlate technical logs over one single transactions.
*
* @param transactionId Unique transaction Id
@@ -117,6 +132,14 @@ public class TransactionIdUtils {
}
/**
+ * Set a new random SessionId as UUID.
+ */
+ public static void setSessionId() {
+ org.slf4j.MDC.put(MDC_SESSION_ID, UUID.randomUUID().toString());
+
+ }
+
+ /**
* Set Id to correlate technical logs over a set of transactions, like SSO.
*
* @param uniqueSessionId Unique Id
@@ -135,5 +158,23 @@ public class TransactionIdUtils {
}
+ /**
+ * Set remoteHost information to correlate technical logs.
+ *
+ * @param remoteHost IP address of the remote host
+ */
+ public static void setRemoteHost(final String remoteHost) {
+ org.slf4j.MDC.put(MDC_REMOTEHOST, remoteHost);
+
+ }
+
+ /**
+ * Remove remoteHost for Logging.
+ */
+ public static void removeRemoteHost() {
+ org.slf4j.MDC.remove(MDC_REMOTEHOST);
+
+ }
+
}
diff --git a/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties
index f531e02d..b20c5f63 100644
--- a/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties
+++ b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties
@@ -12,4 +12,7 @@ internal.keystore.07=Validation of KeyStore: {0} failed. Reason: {1}
internal.keystore.08=Can not access Key: {1} in KeyStore: {0}
internal.keystore.09=Can not access Key: {1} in KeyStore: {0} Reason: {2}
-
+internal.httpclient.00=HttpClient:{0} uses http Basic-Auth, but 'Username' is NOT set
+internal.httpclient.01=HttpClient:{0} uses X509 client-auth, but 'KeyStoreConfig' is NOT set
+internal.httpclient.02=HttpClient:{0} uses KeyStore:{1}, but 'keyPassword' is NOT set
+internal.httpclient.03=Can not initialize SSLContext for HttpClient:{0} Reason:{1} \ No newline at end of file
diff --git a/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml b/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml
index ab631e34..aa5a50de 100644
--- a/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml
+++ b/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml
@@ -11,8 +11,8 @@
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd" >
<bean id="eaafHttpClientFactory"
- class="at.gv.egiz.eaaf.core.impl.utils.HttpClientFactory" />
-
+ class="at.gv.egiz.eaaf.core.impl.http.HttpClientFactory" />
+
<bean id="eaafKeyStoreFactory"
class="at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory" />
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
index ed2e159b..cefb1e7e 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
@@ -7,17 +7,6 @@ import java.security.Provider;
import java.security.cert.X509Certificate;
import java.util.List;
-import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
-
import org.apache.commons.lang3.RandomStringUtils;
import org.junit.Assert;
import org.junit.Before;
@@ -35,6 +24,17 @@ import com.google.common.base.Optional;
import com.google.common.base.Predicates;
import com.google.common.base.Throwables;
import com.google.common.collect.FluentIterable;
+
+import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
import io.grpc.StatusRuntimeException;
@RunWith(SpringJUnit4ClassRunner.class)
@@ -325,7 +325,7 @@ public class EaafKeyStoreFactoryTest {
keyStore.getFirst(), "notexist", "password".toCharArray(), false, "jUnit test");
Assert.assertNull("Credential 3", privCred3);
- //read priv. key
+ //read priv. key
final Pair<Key, X509Certificate[]> privCred4 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
keyStore.getFirst(), "meta", "wrong".toCharArray(), false, "jUnit test");
Assert.assertNull("Credential 3", privCred4);
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java
new file mode 100644
index 00000000..25bd3008
--- /dev/null
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java
@@ -0,0 +1,329 @@
+package at.gv.egiz.eaaf.core.test.http;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.InetAddress;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.Provider;
+import java.security.cert.X509Certificate;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.http.client.ClientProtocolException;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpUriRequest;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.http.HttpClientConfiguration;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
+import okhttp3.HttpUrl;
+import okhttp3.mockwebserver.MockResponse;
+import okhttp3.mockwebserver.MockWebServer;
+import okhttp3.mockwebserver.RecordedRequest;
+import okhttp3.tls.HandshakeCertificates;
+import okhttp3.tls.HeldCertificate;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/spring/test_eaaf_pvp_not_lazy.beans.xml")
+public class HttpClientFactoryTest {
+
+ @Autowired private EaafKeyStoreFactory keyStoreFactory;
+ @Autowired private IHttpClientFactory httpClientFactory;
+
+ private MockWebServer mockWebServer = null;
+ private HttpUrl mockServerUrl;
+
+ /**
+ * JUnit test set-up.
+ *
+ */
+ @Before
+ public void setup() {
+
+ }
+
+ /**
+ * jUnit test shutdown.
+ *
+ * @throws IOException In case of an mockWebServer error
+ */
+ @After
+ public void shutdown() throws IOException {
+ if (mockWebServer != null) {
+ mockWebServer.shutdown();
+ mockWebServer = null;
+
+ }
+
+ }
+
+ @Test
+ public void getDefaultClient() {
+ final CloseableHttpClient client = httpClientFactory.getHttpClient();
+ Assert.assertNotNull("httpClient", client);
+
+ }
+
+ @Test
+ public void getDefaultClientNoRedirect() {
+ final CloseableHttpClient client = httpClientFactory.getHttpClient(false);
+ Assert.assertNotNull("httpClient", client);
+
+ }
+
+ @Test
+ public void getCustomClientsDefault() throws EaafException {
+ final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
+ Assert.assertFalse("Wrong default config - Hostnamevalidation",
+ config.isDisableHostnameValidation());
+ Assert.assertFalse("Wrong default config - TLS Server-certs",
+ config.isDisableTlsHostCertificateValidation());
+
+ final CloseableHttpClient client1 = httpClientFactory.getHttpClient(config);
+ Assert.assertNotNull("first http client", client1);
+
+ final CloseableHttpClient client2 = httpClientFactory.getHttpClient(config);
+ Assert.assertNotNull("second http client", client2);
+
+ }
+
+ @Test
+ public void getCustomClientUnknownAuthMethod() throws EaafException {
+ final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
+ config.setAuthMode(RandomStringUtils.randomAlphabetic(5));
+ final CloseableHttpClient client = httpClientFactory.getHttpClient(config);
+ Assert.assertNotNull("httpClient", client);
+
+ }
+
+ @Test
+ public void getCustomClientBasicAuth() throws EaafException, ClientProtocolException,
+ IOException, InterruptedException {
+ final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
+ config.setAuthMode("password");
+ config.setUsername("jUnit");
+ config.setPassword("password");
+
+ final CloseableHttpClient client = httpClientFactory.getHttpClient(config);
+ Assert.assertNotNull("httpClient", client);
+
+ //setup test webserver that requestes http Basic authentication
+ mockWebServer = new MockWebServer();
+ mockServerUrl = mockWebServer.url("/sp/junit");
+ mockWebServer.enqueue(new MockResponse()
+ .setResponseCode(HttpURLConnection.HTTP_UNAUTHORIZED)
+ .addHeader("www-authenticate: Basic realm=\"protected area\"")
+ .setBody("Please authenticate."));
+ mockWebServer.enqueue(new MockResponse().setResponseCode(200)
+ .setBody("Successful auth!"));
+
+ //request webservice
+ final HttpUriRequest httpGet2 = new HttpGet(mockServerUrl.url().toString());
+ final CloseableHttpResponse httpResp2 = client.execute(httpGet2);
+ Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode());
+
+ //check request contains basic authentication after authentication was requested
+ final RecordedRequest httpReq1 = mockWebServer.takeRequest();
+ final RecordedRequest httpReq2 = mockWebServer.takeRequest();
+ Assert.assertNull("wrong BasicAuthHeader", httpReq1.getHeader("Authorization"));
+ Assert.assertNotNull("missing BasicAuthHeader", httpReq2.getHeader("Authorization"));
+
+ }
+
+ @Test
+ public void getCustomClientBasicAuthNoUsername() {
+ final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
+ config.setAuthMode("password");
+ try {
+ httpClientFactory.getHttpClient(config);
+ Assert.fail("Wrong config not detected");
+
+ } catch (final EaafException e) {
+ Assert.assertEquals("Wrong errorCode", "internal.httpclient.00", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ public void getCustomClientBasicAuthNoPassword() throws EaafException {
+ final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
+ config.setAuthMode("password");
+ config.setUsername(RandomStringUtils.randomAlphabetic(5));
+
+ final CloseableHttpClient client = httpClientFactory.getHttpClient(config);
+ Assert.assertNotNull("httpClient", client);
+
+ }
+
+ @Test
+ public void getCustomClientX509AuthNoKeyStoreConfig() {
+ final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
+ config.setAuthMode("ssl");
+ try {
+ httpClientFactory.getHttpClient(config);
+ Assert.fail("Wrong config not detected");
+
+ } catch (final EaafException e) {
+ Assert.assertEquals("Wrong errorCode", "internal.httpclient.01", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ public void getCustomClientX509AuthNoKeyPassword() throws EaafException {
+ final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
+ config.setAuthMode("ssl");
+ config.buildKeyStoreConfig(
+ "jks",
+ "src/test/resources/data/junit.jks",
+ "password",
+ null);
+
+ try {
+ httpClientFactory.getHttpClient(config);
+ Assert.fail("Wrong config not detected");
+
+ } catch (final EaafException e) {
+ Assert.assertEquals("Wrong errorCode", "internal.httpclient.02", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ public void getCustomClientX509Auth() throws EaafException {
+ final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
+ config.setAuthMode("ssl");
+ config.buildKeyStoreConfig(
+ "jks",
+ "src/test/resources/data/junit.jks",
+ "password",
+ null);
+ config.setSslKeyPassword("password");
+
+ final CloseableHttpClient client = httpClientFactory.getHttpClient(config);
+ Assert.assertNotNull("httpClient", client);
+
+ }
+
+ @Test
+ public void getCustomClientX509AuthWithAlias() throws EaafException, ClientProtocolException,
+ IOException, KeyStoreException {
+ final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
+ config.setAuthMode("ssl");
+ config.buildKeyStoreConfig(
+ "jks",
+ "src/test/resources/data/junit.jks",
+ "password",
+ null);
+ config.setSslKeyPassword("password");
+ config.setSslKeyAlias("sig");
+ config.setDisableTlsHostCertificateValidation(true);
+
+ final CloseableHttpClient client = httpClientFactory.getHttpClient(config);
+ Assert.assertNotNull("httpClient", client);
+
+ //set-up mock-up web-server with SSL client authentication
+ final Pair<KeyStore, Provider> sslClientKeyStore =
+ keyStoreFactory.buildNewKeyStore(config.getKeyStoreConfig());
+ final String localhost = InetAddress.getByName("localhost").getCanonicalHostName();
+ final HeldCertificate localhostCertificate = new HeldCertificate.Builder()
+ .addSubjectAlternativeName(localhost)
+ .build();
+ final HandshakeCertificates serverCertificates = new HandshakeCertificates.Builder()
+ .addTrustedCertificate(
+ (X509Certificate) sslClientKeyStore.getFirst().getCertificate(config.getSslKeyAlias()))
+ .heldCertificate(localhostCertificate)
+ .build();
+ mockWebServer = new MockWebServer();
+ mockWebServer.useHttps(serverCertificates.sslSocketFactory(), false);
+ mockWebServer.requireClientAuth();
+ mockWebServer.enqueue(new MockResponse().setResponseCode(200)
+ .setBody("Successful auth!"));
+ mockServerUrl = mockWebServer.url("/sp/junit");
+
+ //perform test request
+ final HttpUriRequest httpGet2 = new HttpGet(mockServerUrl.url().toString());
+ final CloseableHttpResponse httpResp2 = client.execute(httpGet2);
+ Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode());
+
+ }
+
+ @Test
+ public void getCustomClientX509AuthWrongKeyPassword() throws EaafException {
+ final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
+ config.setAuthMode("ssl");
+ config.buildKeyStoreConfig(
+ "jks",
+ "src/test/resources/data/junit.jks",
+ "password",
+ null);
+ config.setSslKeyPassword(RandomStringUtils.randomAlphanumeric(5));
+ config.setSslKeyAlias("sig");
+
+ try {
+ httpClientFactory.getHttpClient(config);
+ Assert.fail("Wrong key password not detected");
+
+ } catch (final EaafException e) {
+ Assert.assertEquals("Wrong errorCode", "internal.httpclient.03", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ public void getCustomClientX509AuthWithWrongAlias() throws EaafException, KeyStoreException,
+ ClientProtocolException, IOException {
+ final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
+ config.setAuthMode("ssl");
+ config.buildKeyStoreConfig(
+ "jks",
+ "src/test/resources/data/junit.jks",
+ "password",
+ null);
+ config.setSslKeyPassword("password");
+ config.setSslKeyAlias(RandomStringUtils.randomAlphabetic(5));
+ config.setDisableHostnameValidation(true);
+ config.setFollowHttpRedirects(false);
+ config.setDisableTlsHostCertificateValidation(true);
+
+ final CloseableHttpClient client = httpClientFactory.getHttpClient(config);
+ Assert.assertNotNull("httpClient", client);
+
+ //set-up mock-up web-server with SSL client authentication
+ final Pair<KeyStore, Provider> sslClientKeyStore =
+ keyStoreFactory.buildNewKeyStore(config.getKeyStoreConfig());
+ final String localhost = InetAddress.getByName("localhost").getCanonicalHostName();
+ final HeldCertificate localhostCertificate = new HeldCertificate.Builder()
+ .addSubjectAlternativeName(localhost)
+ .build();
+ final HandshakeCertificates serverCertificates = new HandshakeCertificates.Builder()
+ .addTrustedCertificate(
+ (X509Certificate) sslClientKeyStore.getFirst().getCertificate("meta"))
+ .heldCertificate(localhostCertificate)
+ .build();
+ mockWebServer = new MockWebServer();
+ mockWebServer.useHttps(serverCertificates.sslSocketFactory(), false);
+ mockWebServer.requireClientAuth();
+ mockWebServer.enqueue(new MockResponse().setResponseCode(200)
+ .setBody("Successful auth!"));
+ mockServerUrl = mockWebServer.url("/sp/junit");
+
+ //perform test request
+ final HttpUriRequest httpGet2 = new HttpGet(mockServerUrl.url().toString());
+ final CloseableHttpResponse httpResp2 = client.execute(httpGet2);
+ Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode());
+
+ }
+}
diff --git a/eaaf_modules/eaaf_module_auth_sl20/pom.xml b/eaaf_modules/eaaf_module_auth_sl20/pom.xml
index 81611aff..c113ef98 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/pom.xml
+++ b/eaaf_modules/eaaf_module_auth_sl20/pom.xml
@@ -6,7 +6,7 @@
<parent>
<groupId>at.gv.egiz.eaaf</groupId>
<artifactId>eaaf_modules</artifactId>
- <version>1.1.0</version>
+ <version>1.1.1</version>
</parent>
<artifactId>eaaf_module_auth_sl20</artifactId>
<name>Generic SL2.0 authentication</name>
@@ -42,7 +42,11 @@
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
</dependency>
-
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-webmvc</artifactId>
+ <scope>provided</scope>
+ </dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java
index bb0c41d7..0f88e251 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java
@@ -9,6 +9,7 @@ public class VerificationResult {
private Boolean validSigned = null;
private List<X509Certificate> certs = null;
+ private JsonNode header = null;
private JsonNode payload = null;
public VerificationResult(final JsonNode payload) {
@@ -19,11 +20,14 @@ public class VerificationResult {
/**
* JWS signature verification-result container.
*
+ * @param joseHeader JWS header
* @param payload JWS payload
* @param certs JWS signercertificate
* @param wasValidSigned true if signature was valid
*/
- public VerificationResult(final JsonNode payload, final List<X509Certificate> certs, final boolean wasValidSigned) {
+ public VerificationResult(final JsonNode joseHeader, final JsonNode payload,
+ final List<X509Certificate> certs, final boolean wasValidSigned) {
+ this.header = joseHeader;
this.payload = payload;
this.certs = certs;
this.validSigned = wasValidSigned;
@@ -42,4 +46,8 @@ public class VerificationResult {
return payload;
}
+ public JsonNode getJoseHeader() {
+ return header;
+
+ }
}
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
index d1887d5c..6a5e1ef0 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
@@ -1,5 +1,6 @@
package at.gv.egiz.eaaf.modules.auth.sl20.tasks;
+import java.io.Serializable;
import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import java.util.List;
@@ -28,8 +29,8 @@ import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils;
@@ -39,6 +40,7 @@ import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants;
+import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants.VdaAuthMethod;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonBuilderUtils;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils;
@@ -95,6 +97,15 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
final List<NameValuePair> parameters = new ArrayList<>();
parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM,
Base64Url.encode(sl20Req.toString().getBytes("UTF-8"))));
+
+ //set specific authentication method if it was selection by process step before
+ VdaAuthMethod authMethod = getVdaAuthMethodFromContext(executionContext);
+ if (authMethod != null) {
+ log.debug("Request VDA with authType: {}", authMethod);
+ parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_AUTH_METHOD_PARAM,
+ authMethod.getAuthMethod()));
+ }
+
httpReq.setEntity(new UrlEncodedFormEntity(parameters));
// build http GET request
@@ -191,6 +202,13 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
}
/**
+ * Get ExecutionContext parameter-key for VDA AuthMethod information.
+ *
+ * @return Key to get AuthMethod from {@link ExecutionContext}
+ */
+ protected abstract String getAuthMethodContextParamKey();
+
+ /**
* Create a implementation specific qualified eID SL2.0 command
*
* @param oaConfig
@@ -201,6 +219,18 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
*/
protected abstract String buildSignedQualifiedEidCommand() throws CertificateEncodingException, SL20Exception;
+
+ private VdaAuthMethod getVdaAuthMethodFromContext(ExecutionContext executionContext) {
+ Serializable authMethodRaw = executionContext.get(getAuthMethodContextParamKey());
+ if (authMethodRaw instanceof String) {
+ log.trace("Find authMethod parameter: {} on context", authMethodRaw);
+ return VdaAuthMethod.fromString((String) authMethodRaw);
+
+ }
+
+ return null;
+ }
+
private String extractVdaUrlForSpecificOa(final ISpConfiguration oaConfig, final ExecutionContext executionContext) {
// load SP specific config for development and testing purposes
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
index 1b1f090f..43c44647 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
@@ -13,22 +13,6 @@ import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.PostConstruct;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.impl.utils.X509Utils;
-import at.gv.egiz.eaaf.modules.auth.sl20.Constants;
-import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20SecurityException;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
-
import org.apache.commons.lang3.StringUtils;
import org.jose4j.jca.ProviderContext;
import org.jose4j.jwa.AlgorithmConstraints;
@@ -50,6 +34,22 @@ import org.springframework.util.Base64Utils;
import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.databind.JsonNode;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.utils.X509Utils;
+import at.gv.egiz.eaaf.modules.auth.sl20.Constants;
+import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20SecurityException;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
+
@Service
public class JsonSecurityUtils implements IJoseTools {
private static final Logger log = LoggerFactory.getLogger(JsonSecurityUtils.class);
@@ -230,7 +230,10 @@ public class JsonSecurityUtils implements IJoseTools {
jws.setKey(selectedKey);
// load payLoad
- return new VerificationResult(mapper.getMapper().readTree(jws.getPayload()), null, jws.verifySignature());
+ return new VerificationResult(
+ mapper.getMapper().readTree(jws.getHeaders().getFullHeaderAsJsonString()),
+ mapper.getMapper().readTree(jws.getPayload()),
+ x5cCerts, jws.verifySignature());
}
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
index 01316b9b..bfc393db 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
@@ -4,6 +4,8 @@ import java.util.Arrays;
import java.util.Collections;
import java.util.List;
+import javax.annotation.Nonnull;
+
import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers;
import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers;
import org.jose4j.jws.AlgorithmIdentifiers;
@@ -11,10 +13,54 @@ import org.jose4j.jws.AlgorithmIdentifiers;
public class SL20Constants {
public static final int CURRENT_SL20_VERSION = 10;
+
// http binding parameters
public static final String PARAM_SL20_REQ_COMMAND_PARAM = "slcommand";
public static final String PARAM_SL20_REQ_COMMAND_PARAM_OLD = "sl2command";
+ public static final String PARAM_SL20_REQ_AUTH_METHOD_PARAM = "authtype";
+
+ public enum VdaAuthMethod {
+ ANY("any"), MOBILEPHONE("handy"), CARD("card"), SMARTPHONE("smartphone");
+
+ private final String authMethod;
+
+ VdaAuthMethod(final String method) {
+ this.authMethod = method;
+ }
+
+ /**
+ * Get VDA AuthMethod.
+ *
+ * @return
+ */
+ public String getAuthMethod() {
+ return this.authMethod;
+ }
+
+ /**
+ * Get VDA authmethod from String representation.
+ *
+ * @param s authMethod parameter
+ * @return AuthMethod, or VdaAuthMethod.ANY if the parameter is unknown
+ */
+ public static VdaAuthMethod fromString(@Nonnull final String s) {
+ try {
+ return VdaAuthMethod.valueOf(s.toUpperCase());
+
+ } catch (IllegalArgumentException | NullPointerException e) {
+ return VdaAuthMethod.ANY;
+
+ }
+ }
+
+ @Override
+ public String toString() {
+ return getAuthMethod();
+
+ }
+ }
+
public static final String PARAM_SL20_REQ_ICP_RETURN_URL_PARAM = "slIPCReturnUrl";
public static final String PARAM_SL20_REQ_TRANSACTIONID = "slTransactionID";
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java
index eb17781b..d76f4aad 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java
@@ -105,6 +105,7 @@ public class SL20JsonBuilderUtils {
* @param name commando name
* @param result commando result
* @param encryptedResult encrypted commando result
+ * @param signer {@link JsonSecurityUtils} implementation
* @return JWS in serialized form
* @throws SlCommandoBuildException in case of an error
*
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java
index eb6de461..40ea0430 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java
@@ -63,6 +63,7 @@ public class SL20JsonExtractorUtils {
* @param input JSON
* @param keyID Element identifier
* @param isRequired true, if the element must not null
+ * @param defaultValue in case of no existing element with key
* @return Boolean
* @throws SlCommandoParserException In case of an error
*/
@@ -269,6 +270,7 @@ public class SL20JsonExtractorUtils {
*
* @param container JSON
* @param joseTools JWS implementation
+ * @param mustBeSigned Throw an error if the result was not signed
* @return Signature verification result that contains the payLoad
* @throws SlCommandoParserException In case of an error
*/
diff --git a/eaaf_modules/eaaf_module_moa-sig/pom.xml b/eaaf_modules/eaaf_module_moa-sig/pom.xml
index 11b8cfd9..aa63b3c3 100644
--- a/eaaf_modules/eaaf_module_moa-sig/pom.xml
+++ b/eaaf_modules/eaaf_module_moa-sig/pom.xml
@@ -5,7 +5,7 @@
<parent>
<groupId>at.gv.egiz.eaaf</groupId>
<artifactId>eaaf_modules</artifactId>
- <version>1.1.0</version>
+ <version>1.1.1</version>
</parent>
<artifactId>eaaf_module_moa-sig</artifactId>
<name>MOA-Sig signature verification module</name>
@@ -59,7 +59,12 @@
<groupId>at.gv.egiz.eaaf</groupId>
<artifactId>eaaf_core_api</artifactId>
</dependency>
-
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-webmvc</artifactId>
+ <scope>provided</scope>
+ </dependency>
+
<dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
index 31110bfd..253d0afb 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
@@ -7,7 +7,7 @@
<parent>
<groupId>at.gv.egiz.eaaf</groupId>
<artifactId>eaaf_modules</artifactId>
- <version>1.1.0</version>
+ <version>1.1.1</version>
</parent>
<artifactId>eaaf_module_pvp2_core</artifactId>
<name>eaaf_module_pvp2_core</name>
@@ -48,6 +48,12 @@
</dependency>
<dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-webmvc</artifactId>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<scope>provided</scope>
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java
index a564efb2..acd565a1 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java
@@ -1,11 +1,14 @@
package at.gv.egiz.eaaf.modules.pvp2.api.utils;
+import java.security.KeyStore;
+import java.security.Provider;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
@@ -51,5 +54,15 @@ public interface IPvp2CredentialProvider {
@Nonnull
List<X509Certificate> getTrustedCertificates()
throws CredentialsNotAvailableException;
+
+
+ /**
+ * Get the {@link KeyStore} that is used in this {@link IPvp2CredentialProvider}.
+ *
+ * @return KeyStore {@link Pair} of {@link KeyStore} and JCE {@link Provider}
+ * if a special provider is in use
+ */
+ @Nonnull
+ Pair<KeyStore, Provider> getKeyStore();
} \ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java
index bf201803..1d6e3738 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java
@@ -19,8 +19,6 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.builder;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.schema.XSInteger;
@@ -30,6 +28,8 @@ import org.opensaml.core.xml.schema.impl.XSStringBuilder;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.core.AttributeValue;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+
/**
* Build all attributes from PVP2 citizen-token.
*
@@ -73,6 +73,7 @@ public class CitizenTokenBuilder {
* Build simple attribute.
*
* @param friendlyName attribute friendly-name
+ * @param name attribute name
* @param value Attributevalue
* @return XML attribute
*/
@@ -89,6 +90,7 @@ public class CitizenTokenBuilder {
* Build simple attribute.
*
* @param friendlyName attribute friendly-name
+ * @param name attribute name
* @param value Attributevalue
* @return XML attribute
*/
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java
index 0b505e56..d29f1a0e 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java
@@ -8,15 +8,6 @@ import javax.annotation.Nullable;
import javax.annotation.PostConstruct;
import javax.net.ssl.SSLHandshakeException;
-import at.gv.egiz.components.spring.api.IDestroyableObject;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter;
-
import org.apache.http.client.HttpClient;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.saml.metadata.resolver.ExtendedRefreshableMetadataResolver;
@@ -30,6 +21,15 @@ import org.springframework.core.io.ResourceLoader;
import com.google.common.base.Predicates;
import com.google.common.base.Throwables;
import com.google.common.collect.FluentIterable;
+
+import at.gv.egiz.components.spring.api.IDestroyableObject;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter;
import lombok.extern.slf4j.Slf4j;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
@@ -90,6 +90,7 @@ public class PvpMetadataResolverFactory implements IDestroyableObject {
* @param filter Filters, which should be used to validate the
* metadata
* @param idForLogging Id, which is used for Logging
+ * @param pool XML parser-pool to parse SAML2 Metadaten
* @param httpClient Apache commons 4.x http client
*
* @return SAML2 Metadata Provider, or null if the metadata provider can not
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
index 26a5c5f6..e17e625e 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
@@ -32,6 +32,12 @@ import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.PostConstruct;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.xml.security.algorithms.JCEMapper;
+import org.opensaml.security.credential.UsageType;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.ResourceLoader;
+
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
@@ -44,13 +50,6 @@ import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter;
-
-import org.apache.commons.lang3.StringUtils;
-import org.apache.xml.security.algorithms.JCEMapper;
-import org.opensaml.security.credential.UsageType;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.core.io.ResourceLoader;
-
import lombok.extern.slf4j.Slf4j;
@Slf4j
@@ -256,6 +255,11 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi
}
+ public Pair<KeyStore, Provider> getKeyStore() {
+ return keyStore;
+
+ }
+
@PostConstruct
private void initialize() throws Exception {
try {
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SimpleMetadataSignatureVerificationFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SimpleMetadataSignatureVerificationFilter.java
index ef09e5c4..5a97924f 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SimpleMetadataSignatureVerificationFilter.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SimpleMetadataSignatureVerificationFilter.java
@@ -23,15 +23,14 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Nonnull;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMetadataSignatureException;
-
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
@@ -40,13 +39,18 @@ import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.SignatureValidator;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMetadataSignatureException;
import lombok.extern.slf4j.Slf4j;
@Slf4j
public class SimpleMetadataSignatureVerificationFilter extends AbstractMetadataSignatureFilter {
private final String metadataUrl;
- private final List<BasicX509Credential> trustedCredential = new ArrayList<>();
+ private final KeyStore trustedCredential;
private static final String ERROR_07 = "internal.pvp.07";
private static final String ERROR_12 = "internal.pvp.12";
@@ -61,13 +65,13 @@ public class SimpleMetadataSignatureVerificationFilter extends AbstractMetadataS
* SAML2 metadata with {@link EntitiesDescriptor} <b>are not supported.</b>
* </p>
*
- * @param credentials Trust X509 certificates
+ * @param keyStore TrustStore that contains trusted X509 certificates
* @param metadataUrl Metadata URL for logging purposes
*/
- public SimpleMetadataSignatureVerificationFilter(@Nonnull List<BasicX509Credential> credentials,
+ public SimpleMetadataSignatureVerificationFilter(@Nonnull KeyStore keyStore,
@Nonnull String metadataUrl) {
this.metadataUrl = metadataUrl;
- this.trustedCredential.addAll(credentials);
+ this.trustedCredential = keyStore;
}
@@ -121,7 +125,7 @@ public class SimpleMetadataSignatureVerificationFilter extends AbstractMetadataS
// perform cryptographic signature verification
boolean isTrusted = false;
- for (final BasicX509Credential cred : trustedCredential) {
+ for (final BasicX509Credential cred : getTrustedCertificates()) {
log.trace("Validating signature with credential: {} ... ",
cred.getEntityCertificate().getSubjectDN());
try {
@@ -140,7 +144,31 @@ public class SimpleMetadataSignatureVerificationFilter extends AbstractMetadataS
throw new SamlMetadataSignatureException(metadataUrl, ERROR_MSG_SIGNOTVALID);
}
+ }
+
+ private List<BasicX509Credential> getTrustedCertificates() throws EaafConfigurationException {
+ try {
+ final List<X509Certificate> certs =
+ EaafKeyStoreUtils.readCertsFromKeyStore(trustedCredential);
+ if (certs.isEmpty()) {
+ log.warn("No trusted metadata-signing certificates in configuration");
+ throw new EaafConfigurationException("module.eidasauth.02",
+ new Object[] { "No trusted metadata-signing certificates" });
+
+ }
+
+ final List<BasicX509Credential> result = new ArrayList<>();
+ for (final X509Certificate cert : certs) {
+ result.add(new BasicX509Credential(cert));
+ }
+ return result;
+
+ } catch (final KeyStoreException e) {
+ throw new EaafConfigurationException("module.eidasauth.01",
+ new Object[] { "Trusted metadata-signing certificates", e.getMessage() }, e);
+
+ }
}
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java
index d5186857..e593c1d4 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java
@@ -3,28 +3,9 @@ package at.gv.egiz.eaaf.modules.pvp2.test;
import java.util.ArrayList;
import java.util.List;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
-import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider;
-
+import org.apache.xml.security.algorithms.JCEMapper;
import org.joda.time.DateTime;
+import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
@@ -47,6 +28,26 @@ import org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.Assert;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
@@ -72,6 +73,17 @@ public abstract class AbstractSamlVerificationEngine {
EaafOpenSaml3xInitializer.eaafInitialize();
}
+
+ /**
+ * Reset OpenSAML3.x JCEMapper to default.
+ *
+ */
+ @AfterClass
+ public static void classCloser() {
+ JCEMapper.setProviderId(null);
+
+ }
+
protected abstract String getMetadataJunitJKeystore();
protected abstract String getMetadataClassPathEntityPath();
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java
index b94ed8cc..88106e5b 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java
@@ -2,8 +2,6 @@ package at.gv.egiz.eaaf.modules.pvp2.test;
import java.util.List;
-import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation;
-
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -14,10 +12,12 @@ import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation;
+
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml",
-"/spring/test_eaaf_core_spring_config.beans.xml",
-"/spring/eaaf_utils.beans.xml" })
+ "/spring/test_eaaf_core_spring_config.beans.xml",
+ "/spring/eaaf_utils.beans.xml" })
@TestPropertySource(locations = { "/config/config_1.props" })
public class PvpCoreMessageSourceTest {
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java
index 44cdf111..c2530004 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java
@@ -27,7 +27,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
try {
@@ -35,7 +35,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
}
@@ -54,7 +54,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
}
@@ -69,7 +69,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_SUBSTANTIAL, requiredLoAs, matchingMode);
@@ -80,7 +80,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
}
@@ -95,7 +95,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
try {
@@ -103,7 +103,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_HIGH, requiredLoAs, matchingMode);
@@ -113,7 +113,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
}
@@ -128,7 +128,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_LOW, requiredLoAs, matchingMode);
@@ -139,7 +139,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java
index 64bfb8f6..57c4b93a 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java
@@ -1,22 +1,5 @@
package at.gv.egiz.eaaf.modules.pvp2.test;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException;
-import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider;
-
import org.joda.time.DateTime;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -30,12 +13,30 @@ import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.StatusCode;
import org.opensaml.xmlsec.signature.support.SignatureConstants;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.util.Assert;
import org.w3c.dom.Element;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
@RunWith(SpringJUnit4ClassRunner.class)
@@ -43,6 +44,7 @@ import net.shibboleth.utilities.java.support.xml.XMLParserException;
"/spring/test_eaaf_core_spring_config.beans.xml",
"/spring/eaaf_utils.beans.xml" })
@TestPropertySource(locations = { "/config/config_1.props" })
+@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
public class SamlVerificationEngineTest extends AbstractSamlVerificationEngine {
@Autowired
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java
index 5b06a73f..926f25b2 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java
@@ -1,20 +1,24 @@
package at.gv.egiz.eaaf.modules.pvp2.test;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-
import org.junit.Test;
import org.junit.runner.RunWith;
import org.opensaml.xmlsec.signature.support.SignatureConstants;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+
+//@IfProfileValue(name = "spring.profiles.active", value = "devEnvironment")
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml",
"/spring/test_eaaf_core_spring_config.beans.xml",
"/spring/eaaf_utils.beans.xml" })
@TestPropertySource(locations = { "/config/config_3.props" })
+@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
public class SamlVerificationEngineWithHsmFacadeTest extends AbstractSamlVerificationEngine {
@Override
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
index 147199a5..f14a9093 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
@@ -9,33 +9,6 @@ import java.util.Map;
import javax.xml.parsers.ParserConfigurationException;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
-import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory;
-import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
-import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
-import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
-import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest;
-
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.RandomStringUtils;
import org.joda.time.DateTime;
@@ -69,6 +42,32 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
+import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest;
import net.shibboleth.utilities.java.support.net.URIComparator;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
@@ -357,7 +356,8 @@ public class PostBindingTest {
@Test
public void decodeRequestSuccessWithRequestAttributes() throws MessageDecodingException, SecurityException,
- IOException, Pvp2Exception, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, MarshallingException {
+ IOException, Pvp2Exception, CredentialsNotAvailableException, XMLParserException,
+ UnmarshallingException, MarshallingException {
final String serviceUrl = "https://eidas-test.bmi.gv.at/ms_connector/pvp/post";
final String relayState = RandomStringUtils.randomAlphanumeric(10);
@@ -369,7 +369,8 @@ public class PostBindingTest {
issuer.setValue("https://demo.egiz.gv.at/demoportal_demologin/");
authnReq.setIssuer(issuer);
- final RequestAbstractType signedAuthn = Saml2Utils.signSamlObject(authnReq, credentialProvider.getMessageSigningCredential(), true);
+ final RequestAbstractType signedAuthn = Saml2Utils.signSamlObject(
+ authnReq, credentialProvider.getMessageSigningCredential(), true);
final Element signedElement = XMLObjectSupport.getMarshaller(signedAuthn).marshall(signedAuthn);
final String b64AuthnReq =
Base64.getEncoder().encodeToString(SerializeSupport.nodeToString(signedElement).getBytes("UTF-8"));
@@ -404,7 +405,8 @@ public class PostBindingTest {
Assert.assertEquals("extension child size", 1, parsedAuthnReq.getExtensions().getUnknownXMLObjects().size());
final XMLObject reqAttrs = parsedAuthnReq.getExtensions().getUnknownXMLObjects().get(0);
- org.springframework.util.Assert.isInstanceOf(EaafRequestedAttributes.class, reqAttrs, "Wrong requested Attributes type");
+ org.springframework.util.Assert.isInstanceOf(
+ EaafRequestedAttributes.class, reqAttrs, "Wrong requested Attributes type");
final EaafRequestedAttributes eaafReqAttrs = (EaafRequestedAttributes) reqAttrs;
Assert.assertNotNull("Req attr is null", eaafReqAttrs.getAttributes());
Assert.assertFalse("Req attr is empty", eaafReqAttrs.getAttributes().isEmpty());
@@ -418,7 +420,8 @@ public class PostBindingTest {
Assert.assertEquals("Req. Attr. Value size", 1, eaafReqAttr.getAttributeValues().size());
org.springframework.util.Assert.isInstanceOf(XSString.class, eaafReqAttr.getAttributeValues().get(0),
"Wrong requested Attributes Value type");
- Assert.assertEquals("Req. Attr. Value", "urn:publicid:gv.at:cdid+BF", ((XSString)eaafReqAttr.getAttributeValues().get(0)).getValue());
+ Assert.assertEquals("Req. Attr. Value", "urn:publicid:gv.at:cdid+BF",
+ ((XSString)eaafReqAttr.getAttributeValues().get(0)).getValue());
}
@@ -454,7 +457,9 @@ public class PostBindingTest {
try {
Assert.assertNotNull("AuthnReq is null", msg.getInboundMessage());
- } catch (final RuntimeException e) { }
+ } catch (final RuntimeException e) {
+ Assert.assertNotNull("No errorMsg", e.getMessage());
+ }
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java
index 37e4acd1..cbeca4c3 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java
@@ -6,8 +6,8 @@ import java.net.URLDecoder;
import javax.xml.parsers.ParserConfigurationException;
import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
-import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java
index 7418e1b3..1fe9afcf 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java
@@ -1,13 +1,13 @@
package at.gv.egiz.eaaf.modules.pvp2.test.dummy;
+import org.springframework.beans.factory.annotation.Autowired;
+
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
-import org.springframework.beans.factory.annotation.Autowired;
-
public class DummyCredentialProvider extends AbstractCredentialProvider {
@Autowired IConfiguration basicConfig;
@@ -49,6 +49,11 @@ public class DummyCredentialProvider extends AbstractCredentialProvider {
}
+ /**
+ * Get Path to keystore.
+ *
+ * @return
+ */
public String getKeyStoreFilePath() {
final String path = basicConfig.getBasicConfiguration(KEYSTORE_PATH);
return path;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java
index 64ebe00c..3673859a 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java
@@ -6,7 +6,7 @@ import java.util.ArrayList;
import java.util.List;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java
index 6abe52dc..27c42c57 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java
@@ -5,8 +5,8 @@ import java.io.UnsupportedEncodingException;
import java.util.Arrays;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
-import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
index 0f8817a0..3cc0a908 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
@@ -14,15 +14,6 @@ import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactoryConfigurationError;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration;
-import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-
import org.apache.commons.lang3.RandomStringUtils;
import org.junit.Assert;
import org.junit.BeforeClass;
@@ -46,10 +37,20 @@ import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.SignatureValidator;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
@@ -61,6 +62,7 @@ import net.shibboleth.utilities.java.support.xml.XMLParserException;
"/spring/test_eaaf_core_spring_config.beans.xml",
"/spring/eaaf_utils.beans.xml" })
@TestPropertySource(locations = { "/config/config_1.props" })
+@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
public class MetadataBuilderTest {
@Autowired private PvpMetadataBuilder metadataBuilder;
@@ -157,7 +159,16 @@ public class MetadataBuilderTest {
return entity;
}
- public static IPvpMetadataBuilderConfiguration idpMetadataConfig(IPvp2CredentialProvider credentialProvider, boolean buildSpInfos, boolean buildIdpInfos) {
+ /**
+ * Dummy Metadata builder configuration.
+ *
+ * @param credentialProvider Credentialprovider
+ * @param buildSpInfos Sp metadata flag
+ * @param buildIdpInfos IDP metadata flag
+ * @return
+ */
+ public static IPvpMetadataBuilderConfiguration idpMetadataConfig(
+ IPvp2CredentialProvider credentialProvider, boolean buildSpInfos, boolean buildIdpInfos) {
return new IPvpMetadataBuilderConfiguration() {
@Override
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
index accdd8b0..1cbc2f14 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
@@ -2,6 +2,9 @@ package at.gv.egiz.eaaf.modules.pvp2.test.metadata;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
@@ -10,21 +13,6 @@ import java.util.List;
import javax.xml.transform.TransformerException;
-import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PvpEntityCategoryFilter;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.RandomStringUtils;
import org.joda.time.DateTime;
@@ -68,6 +56,20 @@ import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.w3c.dom.Element;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PvpEntityCategoryFilter;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
@@ -91,7 +93,8 @@ public class MetadataResolverTest {
private PvpMetadataResolverFactory metadataResolverFactory;
@Autowired
private IHttpClientFactory httpClientFactory;
- @Autowired private DummyCredentialProvider credentialProvider;
+ @Autowired
+ private DummyCredentialProvider credentialProvider;
/**
* JUnit class initializer.
@@ -183,16 +186,15 @@ public class MetadataResolverTest {
}
@Test
- public void noCredentials() {
+ public void noCredentials() throws KeyStoreException {
final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml";
- final List<BasicX509Credential> credentials = new ArrayList<>();
-
+ final KeyStore keystore = KeyStore.getInstance("JKS");
final List<MetadataFilter> filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
metadataUrl));
final MetadataFilterChain filterChain = new MetadataFilterChain();
@@ -212,20 +214,21 @@ public class MetadataResolverTest {
}
@Test
- public void wrongCredentials() throws CertificateException {
+ public void wrongCredentials() throws CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException {
final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml";
- final List<BasicX509Credential> credentials = new ArrayList<>();
+ final KeyStore keystore = KeyStore.getInstance("JKS");
+ keystore.load(null, "junit".toCharArray());
final CertificateFactory fact = CertificateFactory.getInstance("X.509");
final BasicX509Credential credential = new BasicX509Credential((X509Certificate) fact.generateCertificate(
MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")));
- credentials.add(credential);
+ keystore.setCertificateEntry("1", credential.getEntityCertificate());
final List<MetadataFilter> filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
metadataUrl));
final MetadataFilterChain filterChain = new MetadataFilterChain();
@@ -246,21 +249,22 @@ public class MetadataResolverTest {
@Test
public void validCredentialsInvalidSig() throws CertificateException, Pvp2MetadataException,
- ResolverException {
+ ResolverException, KeyStoreException, NoSuchAlgorithmException, IOException {
final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml";
- final List<BasicX509Credential> credentials = new ArrayList<>();
+ final KeyStore keystore = KeyStore.getInstance("JKS");
+ keystore.load(null, "junit".toCharArray());
final CertificateFactory fact = CertificateFactory.getInstance("X.509");
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))));
+ keystore.setCertificateEntry("1", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")));
+ keystore.setCertificateEntry("2", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")));
final List<MetadataFilter> filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
metadataUrl));
final MetadataFilterChain filterChain = new MetadataFilterChain();
@@ -281,7 +285,8 @@ public class MetadataResolverTest {
@Test
public void metadataSignatureValidCredentials() throws CertificateException, Pvp2MetadataException,
ResolverException, XMLParserException, UnmarshallingException, SamlSigningException,
- CredentialsNotAvailableException, MarshallingException, TransformerException, IOException {
+ CredentialsNotAvailableException, MarshallingException, TransformerException, IOException,
+ KeyStoreException, NoSuchAlgorithmException {
mockWebServer.shutdown();
mockWebServer = new MockWebServer();
@@ -300,19 +305,20 @@ public class MetadataResolverTest {
.setBody(SerializeSupport.nodeToString(metadataElement))
.setHeader("Content-Type", "text/html;charset=utf-8"));
- final List<BasicX509Credential> credentials = new ArrayList<>();
+ final KeyStore keystore = KeyStore.getInstance("JKS");
+ keystore.load(null, "junit".toCharArray());
final CertificateFactory fact = CertificateFactory.getInstance("X.509");
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))));
+ keystore.setCertificateEntry("1", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")));
+ keystore.setCertificateEntry("2", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")));
+ keystore.setCertificateEntry("3", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")));
final List<MetadataFilter> filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
mockServerUrl.url().toString()));
filterList.add(new PvpEntityCategoryFilter(true));
@@ -332,7 +338,8 @@ public class MetadataResolverTest {
@Test
public void metadataSignatureValidCredentialsSecond() throws CertificateException, Pvp2MetadataException,
ResolverException, XMLParserException, UnmarshallingException, SamlSigningException,
- CredentialsNotAvailableException, MarshallingException, TransformerException, IOException {
+ CredentialsNotAvailableException, MarshallingException, TransformerException, IOException,
+ KeyStoreException, NoSuchAlgorithmException {
final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
@@ -347,19 +354,20 @@ public class MetadataResolverTest {
.setBody(SerializeSupport.nodeToString(metadataElement))
.setHeader("Content-Type", "text/html;charset=utf-8"));
- final List<BasicX509Credential> credentials = new ArrayList<>();
+ final KeyStore keystore = KeyStore.getInstance("JKS");
+ keystore.load(null, "junit".toCharArray());
final CertificateFactory fact = CertificateFactory.getInstance("X.509");
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))));
+ keystore.setCertificateEntry("1", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")));
+ keystore.setCertificateEntry("2", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")));
+ keystore.setCertificateEntry("3", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")));
final List<MetadataFilter> filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
mockServerUrl.url().toString()));
filterList.add(new PvpEntityCategoryFilter(true));
@@ -370,8 +378,6 @@ public class MetadataResolverTest {
mockServerUrl.url().toString(),
filterChain, "jUnit test", httpClientFactory.getHttpClient());
-
-
final EntityDescriptor descr = mdResolver.getEntityDescriptor(metadata.getEntityID());
Assert.assertNotNull("No EntityDescripter", descr);
@@ -385,11 +391,13 @@ public class MetadataResolverTest {
@Test
public void metadataSignatureValidCredentialsThird() throws CertificateException, Pvp2MetadataException,
ResolverException, XMLParserException, UnmarshallingException, SamlSigningException,
- CredentialsNotAvailableException, MarshallingException, TransformerException, IOException {
+ CredentialsNotAvailableException, MarshallingException, TransformerException, IOException,
+ KeyStoreException, NoSuchAlgorithmException {
final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
- MetadataResolverTest.class.getResourceAsStream("/data/pvp_metadata_valid_with_entityCategory_egov.xml"));
+ MetadataResolverTest.class.getResourceAsStream(
+ "/data/pvp_metadata_valid_with_entityCategory_egov.xml"));
metadata.setValidUntil(DateTime.now().plusDays(1));
metadata.setSignature(null);
metadata.setEntityID(RandomStringUtils.randomAlphabetic(10));
@@ -400,19 +408,20 @@ public class MetadataResolverTest {
.setBody(SerializeSupport.nodeToString(metadataElement))
.setHeader("Content-Type", "text/html;charset=utf-8"));
- final List<BasicX509Credential> credentials = new ArrayList<>();
+ final KeyStore keystore = KeyStore.getInstance("JKS");
+ keystore.load(null, "junit".toCharArray());
final CertificateFactory fact = CertificateFactory.getInstance("X.509");
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))));
+ keystore.setCertificateEntry("1", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")));
+ keystore.setCertificateEntry("2", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")));
+ keystore.setCertificateEntry("3", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")));
final List<MetadataFilter> filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
mockServerUrl.url().toString()));
filterList.add(new PvpEntityCategoryFilter(true));
@@ -423,8 +432,6 @@ public class MetadataResolverTest {
mockServerUrl.url().toString(),
filterChain, "jUnit test", httpClientFactory.getHttpClient());
-
-
final EntityDescriptor descr = mdResolver.getEntityDescriptor(metadata.getEntityID());
Assert.assertNotNull("No EntityDescripter", descr);
@@ -438,7 +445,8 @@ public class MetadataResolverTest {
@Test
public void metadataExpired() throws CertificateException, Pvp2MetadataException,
ResolverException, XMLParserException, UnmarshallingException, SamlSigningException,
- CredentialsNotAvailableException, MarshallingException, TransformerException, IOException {
+ CredentialsNotAvailableException, MarshallingException, TransformerException, IOException,
+ KeyStoreException, NoSuchAlgorithmException {
final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
@@ -452,24 +460,24 @@ public class MetadataResolverTest {
.setBody(SerializeSupport.nodeToString(metadataElement))
.setHeader("Content-Type", "text/html;charset=utf-8"));
- final List<BasicX509Credential> credentials = new ArrayList<>();
+ final KeyStore keystore = KeyStore.getInstance("JKS");
+ keystore.load(null, "junit".toCharArray());
final CertificateFactory fact = CertificateFactory.getInstance("X.509");
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))));
+ keystore.setCertificateEntry("1", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")));
+ keystore.setCertificateEntry("2", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")));
+ keystore.setCertificateEntry("2", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")));
final List<MetadataFilter> filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
mockServerUrl.url().toString()));
filterList.add(new RequiredValidUntilFilter());
filterList.add(new PvpEntityCategoryFilter(false));
-
final MetadataFilterChain filterChain = new MetadataFilterChain();
filterChain.setFilters(filterList);
@@ -484,7 +492,6 @@ public class MetadataResolverTest {
}
-
}
@Test
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
index ffda330d..e8fb2acc 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
@@ -5,7 +5,7 @@
<parent>
<groupId>at.gv.egiz.eaaf</groupId>
<artifactId>eaaf_modules</artifactId>
- <version>1.1.0</version>
+ <version>1.1.1</version>
</parent>
<artifactId>eaaf_module_pvp2_idp</artifactId>
<name>eaaf_module_pvp2_idp</name>
@@ -19,7 +19,11 @@
<artifactId>eaaf_module_pvp2_core</artifactId>
<version>${egiz.eaaf.version}</version>
</dependency>
-
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-webmvc</artifactId>
+ <scope>provided</scope>
+ </dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java
index a88fa869..df5c15f8 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java
@@ -39,6 +39,7 @@ public class AuthenticationActionTest {
protected MockHttpServletRequest httpReq;
protected MockHttpServletResponse httpResp;
private PvpSProfilePendingRequest pendingReq;
+
/**
* JUnit class initializer.
*
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/MetadataActionTest.java b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/MetadataActionTest.java
index 8436a43d..51b4eaef 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/MetadataActionTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/MetadataActionTest.java
@@ -35,6 +35,7 @@ public class MetadataActionTest {
protected MockHttpServletRequest httpReq;
protected MockHttpServletResponse httpResp;
private TestRequestImpl pendingReq;
+
/**
* JUnit class initializer.
*
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml
index 99552053..fa7b4eae 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml
@@ -20,7 +20,7 @@
class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory" />
<bean id="httpClientFactory"
- class="at.gv.egiz.eaaf.core.impl.utils.HttpClientFactory" />
+ class="at.gv.egiz.eaaf.core.impl.http.HttpClientFactory" />
<bean id="dummyRevisionLogger"
class="at.gv.egiz.eaaf.core.impl.logging.DummyRevisionsLogger" />
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
index 69eb26ab..3b661c7b 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
@@ -5,7 +5,7 @@
<parent>
<groupId>at.gv.egiz.eaaf</groupId>
<artifactId>eaaf_modules</artifactId>
- <version>1.1.0</version>
+ <version>1.1.1</version>
</parent>
<artifactId>eaaf_module_pvp2_sp</artifactId>
<name>eaaf_module_pvp2_sp</name>
@@ -25,7 +25,11 @@
</exclusion>
</exclusions>
</dependency>
-
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-webmvc</artifactId>
+ <scope>provided</scope>
+ </dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
diff --git a/eaaf_modules/pom.xml b/eaaf_modules/pom.xml
index 228a41cf..84f4163d 100644
--- a/eaaf_modules/pom.xml
+++ b/eaaf_modules/pom.xml
@@ -4,7 +4,7 @@
<parent>
<groupId>at.gv.egiz</groupId>
<artifactId>eaaf</artifactId>
- <version>1.1.0</version>
+ <version>1.1.1</version>
</parent>
<groupId>at.gv.egiz.eaaf</groupId>
diff --git a/pom.xml b/pom.xml
index 37e25f66..0bcde9ed 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>at.gv.egiz</groupId>
<artifactId>eaaf</artifactId>
- <version>1.1.0</version>
+ <version>1.1.1</version>
<packaging>pom</packaging>
<name>EGIZ EAAF components</name>
@@ -21,7 +21,7 @@
<!-- ===================================================================== -->
<at.gv.egiz.components.eventlog-api.version>0.4</at.gv.egiz.components.eventlog-api.version>
- <at.gv.egiz.components.egiz-spring-api>0.3</at.gv.egiz.components.egiz-spring-api>
+ <at.gv.egiz.components.egiz-spring-api>0.3.1</at.gv.egiz.components.egiz-spring-api>
<MOA.spss.server.moa-sig-lib.version>3.1.2</MOA.spss.server.moa-sig-lib.version>
<MOA.spss.tsl_lib.version>2.0.2</MOA.spss.tsl_lib.version>
@@ -43,7 +43,7 @@
<iaik.prod.iaik_xades.version>2.13_moa</iaik.prod.iaik_xades.version>
<iaik.prod.iaik_xsect.version>2.13_moa</iaik.prod.iaik_xsect.version>
- <hsm-facade-provider.version>0.3.0</hsm-facade-provider.version>
+ <hsm-facade-provider.version>0.4.0-SNAPSHOT</hsm-facade-provider.version>
<io.grpc-core.version>1.25.0</io.grpc-core.version>
<!-- Other third-party libs -->
@@ -78,7 +78,7 @@
<!-- jUnit testing -->
<surefire.version>2.22.1</surefire.version>
<junit.version>4.12</junit.version>
- <com.squareup.okhttp3.version>4.0.0</com.squareup.okhttp3.version>
+ <com.squareup.okhttp3.version>4.4.1</com.squareup.okhttp3.version>
<!-- Code helper plug-ins -->
<org.projectlombok.lombok.version>1.18.10</org.projectlombok.lombok.version>
@@ -484,6 +484,12 @@
<scope>test</scope>
</dependency>
<dependency>
+ <groupId>com.squareup.okhttp3</groupId>
+ <artifactId>okhttp-tls</artifactId>
+ <version>${com.squareup.okhttp3.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>at.gv.egiz.eaaf</groupId>
<artifactId>eaaf_core_utils</artifactId>
<version>${egiz.eaaf.version}</version>