diff options
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_idp/src')
19 files changed, 553 insertions, 163 deletions
| diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/Pvp2SProfileIdpSpringResourceProvider.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/Pvp2SProfileIdpSpringResourceProvider.java index 9414dc33..7e572d70 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/Pvp2SProfileIdpSpringResourceProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/Pvp2SProfileIdpSpringResourceProvider.java @@ -20,6 +20,7 @@  package at.gv.egiz.eaaf.modules.pvp2.idp;  import at.gv.egiz.components.spring.api.SpringResourceProvider; +  import org.springframework.core.io.ClassPathResource;  import org.springframework.core.io.Resource; @@ -41,7 +42,7 @@ public class Pvp2SProfileIdpSpringResourceProvider implements SpringResourceProv      final ClassPathResource sl20AuthConfig = new ClassPathResource("/eaaf_pvp_idp.beans.xml",          Pvp2SProfileIdpSpringResourceProvider.class); -    return new Resource[] {sl20AuthConfig}; +    return new Resource[] { sl20AuthConfig };    }  } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionConsumerServiceException.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionConsumerServiceException.java index 0003b829..a7e05664 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionConsumerServiceException.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionConsumerServiceException.java @@ -28,21 +28,19 @@ public class InvalidAssertionConsumerServiceException extends Pvp2Exception {    private static final long serialVersionUID = 7861790149343943091L;    public InvalidAssertionConsumerServiceException(final int idx) { -    super("pvp2.28", new Object[] {idx}); +    super("pvp2.28", new Object[] { idx });      this.statusCodeValue = StatusCode.REQUESTER;    }    /**     * Invalid assertion consumer-service URL.     * -   *  @param wrongUrl invalid URL +   * @param wrongUrl invalid URL     */    public InvalidAssertionConsumerServiceException(final String wrongUrl) { -    super("pvp2.23", new Object[] {wrongUrl}); +    super("pvp2.23", new Object[] { wrongUrl });      this.statusCodeValue = StatusCode.REQUESTER;    } - -  } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SamlRequestNotSignedException.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SamlRequestNotSignedException.java index c02e534c..add2103b 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SamlRequestNotSignedException.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SamlRequestNotSignedException.java @@ -37,7 +37,4 @@ public class SamlRequestNotSignedException extends Pvp2Exception {      this.statusCodeValue = StatusCode.REQUESTER;    } - - -  } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SamlRequestNotSupported.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SamlRequestNotSupported.java index b0dcdb2e..d672f457 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SamlRequestNotSupported.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SamlRequestNotSupported.java @@ -23,7 +23,6 @@ import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;  import org.opensaml.saml.saml2.core.StatusCode; -  public class SamlRequestNotSupported extends Pvp2Exception {    private static final long serialVersionUID = 1244883178458802767L; @@ -33,7 +32,4 @@ public class SamlRequestNotSupported extends Pvp2Exception {      this.statusCodeValue = StatusCode.REQUEST_UNSUPPORTED;    } - - -  } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/UnprovideableAttributeException.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/UnprovideableAttributeException.java index 0f84b8fb..3a56b414 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/UnprovideableAttributeException.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/UnprovideableAttributeException.java @@ -28,7 +28,7 @@ public class UnprovideableAttributeException extends Pvp2Exception {    private static final long serialVersionUID = 3972197758163647157L;    public UnprovideableAttributeException(final String attributeName) { -    super("pvp2.10", new Object[] {attributeName}); +    super("pvp2.10", new Object[] { attributeName });      this.statusCodeValue = StatusCode.UNKNOWN_ATTR_PROFILE;    }  } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java index f86fd883..1ef7da29 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java @@ -46,6 +46,7 @@ import at.gv.egiz.eaaf.modules.pvp2.exception.InvalidPvpRequestException;  import at.gv.egiz.eaaf.modules.pvp2.exception.NameIdFormatNotSupportedException;  import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;  import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;  import at.gv.egiz.eaaf.modules.pvp2.idp.exception.InvalidAssertionConsumerServiceException;  import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;  import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; @@ -72,7 +73,6 @@ import org.opensaml.saml.saml2.core.StatusMessage;  import org.opensaml.saml.saml2.metadata.AssertionConsumerService;  import org.opensaml.saml.saml2.metadata.EntityDescriptor;  import org.opensaml.saml.saml2.metadata.SPSSODescriptor; -import org.opensaml.ws.security.SecurityPolicyException;  import org.opensaml.xmlsec.signature.SignableXMLObject;  import org.slf4j.Logger;  import org.slf4j.LoggerFactory; @@ -81,6 +81,9 @@ import org.springframework.beans.factory.annotation.Autowired;  public abstract class AbstractPvp2XProtocol extends AbstractController implements IModulInfo {    private static final Logger log = LoggerFactory.getLogger(AbstractPvp2XProtocol.class); +  private static final String HTTP_PARAM_SAMLREQ = "SAMLRequest"; +  private static final String ERROR_INVALID_REQUEST = "Receive INVALID protocol request: {}"; +    @Autowired(required = true)    protected IPvp2BasicConfiguration pvpBasicConfiguration;    @Autowired(required = true) @@ -92,8 +95,6 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement    private AbstractCredentialProvider pvpIdpCredentials; - -    /**     * Sets a specific credential provider for PVP S-Profile IDP component.     * @@ -151,7 +152,6 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement        moaError = statusMessager.getResponseErrorCode(e);      } -      if (StringUtils.isNotEmpty(moaError)) {        final StatusCode moaStatusCode = Saml2Utils.createSamlObject(StatusCode.class);        moaStatusCode.setValue(moaError); @@ -245,16 +245,16 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement        // get POST-Binding decoder implementation        final InboundMessage msg = (InboundMessage) new PostBinding().decode(req, resp, -          metadataProvider, false, +          metadataProvider, SPSSODescriptor.DEFAULT_ELEMENT_NAME,            new EaafUriCompare(pvpBasicConfiguration.getIdpSsoPostService(pendingReq.getAuthUrl())));        pendingReq.setRequest(msg);        // preProcess Message        preProcess(req, resp, pendingReq); -    } catch (final SecurityPolicyException e) { -      final String samlRequest = req.getParameter("SAMLRequest"); -      log.warn("Receive INVALID protocol request: " + samlRequest, e); +    } catch (final SamlSigningException e) { +      final String samlRequest = req.getParameter(HTTP_PARAM_SAMLREQ); +      log.warn(ERROR_INVALID_REQUEST, samlRequest, null, e);        // write revision log entries        if (pendingReq != null) { @@ -264,9 +264,9 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement        throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); -    } catch (final SecurityException e) { -      final String samlRequest = req.getParameter("SAMLRequest"); -      log.warn("Receive INVALID protocol request: " + samlRequest, e); +    } catch (final Pvp2Exception e) { +      final String samlRequest = req.getParameter(HTTP_PARAM_SAMLREQ); +      log.warn(ERROR_INVALID_REQUEST, samlRequest, null, e);        // write revision log entries        if (pendingReq != null) { @@ -274,7 +274,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement              pendingReq.getUniqueTransactionIdentifier());        } -      throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); +      throw new InvalidProtocolRequestException("pvp2.22", new Object[] { e.getMessage() });      } catch (final EaafException e) { @@ -287,8 +287,8 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement        throw e;      } catch (final Throwable e) { -      final String samlRequest = req.getParameter("SAMLRequest"); -      log.warn("Receive INVALID protocol request: " + samlRequest, e); +      final String samlRequest = req.getParameter(HTTP_PARAM_SAMLREQ); +      log.warn(ERROR_INVALID_REQUEST, samlRequest, null, e);        // write revision log entries        if (pendingReq != null) { @@ -296,7 +296,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement              pendingReq.getUniqueTransactionIdentifier());        } -      throw new EaafException("pvp2.24", new Object[] {e.getMessage()}, e); +      throw new EaafException("pvp2.24", new Object[] { e.getMessage() }, e);      }    } @@ -319,16 +319,16 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement        // get POST-Binding decoder implementation        final InboundMessage msg = (InboundMessage) new RedirectBinding().decode(req, resp, -          metadataProvider, false, new EaafUriCompare( +          metadataProvider, SPSSODescriptor.DEFAULT_ELEMENT_NAME, new EaafUriCompare(                pvpBasicConfiguration.getIdpSsoRedirectService(pendingReq.getAuthUrl())));        pendingReq.setRequest(msg);        // preProcess Message        preProcess(req, resp, pendingReq); -    } catch (final SecurityPolicyException e) { -      final String samlRequest = req.getParameter("SAMLRequest"); -      log.warn("Receive INVALID protocol request: " + samlRequest, e); +    } catch (final SamlSigningException e) { +      final String samlRequest = req.getParameter(HTTP_PARAM_SAMLREQ); +      log.warn(ERROR_INVALID_REQUEST, samlRequest, null, e);        // write revision log entries        if (pendingReq != null) { @@ -338,9 +338,9 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement        throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); -    } catch (final SecurityException e) { -      final String samlRequest = req.getParameter("SAMLRequest"); -      log.warn("Receive INVALID protocol request: " + samlRequest, e); +    } catch (final Pvp2Exception e) { +      final String samlRequest = req.getParameter(HTTP_PARAM_SAMLREQ); +      log.warn(ERROR_INVALID_REQUEST, samlRequest, null, e);        // write revision log entries        if (pendingReq != null) { @@ -348,11 +348,11 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement              pendingReq.getUniqueTransactionIdentifier());        } -      throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); +      throw new InvalidProtocolRequestException("pvp2.22", new Object[] { e.getMessage() });      } catch (final EaafException e) { -      final String samlRequest = req.getParameter("SAMLRequest"); -      log.info("Receive INVALID protocol request: " + samlRequest); +      final String samlRequest = req.getParameter(HTTP_PARAM_SAMLREQ); +      log.info(ERROR_INVALID_REQUEST, samlRequest, null, e);        // write revision log entries        if (pendingReq != null) { @@ -363,8 +363,8 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement        throw e;      } catch (final Throwable e) { -      final String samlRequest = req.getParameter("SAMLRequest"); -      log.warn("Receive INVALID protocol request: " + samlRequest, e); +      final String samlRequest = req.getParameter(HTTP_PARAM_SAMLREQ); +      log.warn(ERROR_INVALID_REQUEST, samlRequest, null, e);        // write revision log entries        if (pendingReq != null) { @@ -372,17 +372,15 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement              pendingReq.getUniqueTransactionIdentifier());        } -      throw new EaafException("pvp2.24", new Object[] {e.getMessage()}, e); +      throw new EaafException("pvp2.24", new Object[] { e.getMessage() }, e);      }    } - -    /**     * Authentication request pre-processor.     * -   * @param request http request -   * @param response http response +   * @param request    http request +   * @param response   http response     * @param pendingReq current pending request     * @return true if preprocess can handle this request type, otherwise false     * @throws Throwable In case of an error @@ -419,20 +417,17 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement        log.error("Receive unsupported PVP21 message of type: "            + ((PvpSProfileRequest) msg).getSamlRequest().getClass().getName());        throw new InvalidPvpRequestException("pvp2.09", -          new Object[] {((PvpSProfileRequest) msg).getSamlRequest().getClass().getName()}); +          new Object[] { ((PvpSProfileRequest) msg).getSamlRequest().getClass().getName() });      } - -      // switch to session authentication      protAuthService.performAuthentication(request, response, pendingReq);    } -    /**     * PreProcess Authn request.     * -   * @param request http request +   * @param request    http request     * @param pendingReq current pending request     * @throws Throwable in case of an error     */ @@ -458,7 +453,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement      if (authnRequest.getIssueInstant() == null) {        log.warn("Unsupported request: No IssueInstant Attribute found.");        throw new AuthnRequestValidatorException("pvp2.22", -          new Object[] {"Unsupported request: No IssueInstant Attribute found"}, pendingReq); +          new Object[] { "Unsupported request: No IssueInstant Attribute found" }, pendingReq);      } @@ -466,7 +461,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement          .isAfterNow()) {        log.warn("Unsupported request: No IssueInstant DateTime is not valid anymore.");        throw new AuthnRequestValidatorException("pvp2.22", -          new Object[] {"Unsupported request: No IssueInstant DateTime is not valid anymore."}, +          new Object[] { "Unsupported request: No IssueInstant DateTime is not valid anymore." },            pendingReq);      } @@ -496,14 +491,13 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement        } -      } else {        // use AssertionConsumerServiceIndex and select consumerService from metadata        final Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();        int assertionidx = 0;        if (aIdx != null) { -        assertionidx = aIdx.intValue(); +        assertionidx = aIdx;        } else {          assertionidx = Saml2Utils.getDefaultAssertionConsumerServiceIndex(spSsoDescriptor); @@ -517,7 +511,6 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement        }      } -      // validate AuthnRequest      final AuthnRequest authReq = (AuthnRequest) samlReq;      final String oaUrl = moaRequest.getEntityMetadata(metadataProvider).getEntityID(); diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java index 200d98c4..c0190959 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java @@ -23,19 +23,6 @@ import javax.annotation.PostConstruct;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; -import org.joda.time.DateTime; -import org.opensaml.saml.common.xml.SAMLConstants; -import org.opensaml.saml.saml2.core.Assertion; -import org.opensaml.saml.saml2.core.AuthnRequest; -import org.opensaml.saml.saml2.core.Response; -import org.opensaml.saml.saml2.metadata.AssertionConsumerService; -import org.opensaml.saml.saml2.metadata.EntityDescriptor; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; -import org.springframework.stereotype.Service; -  import at.gv.egiz.eaaf.core.api.IRequest;  import at.gv.egiz.eaaf.core.api.idp.IAction;  import at.gv.egiz.eaaf.core.api.idp.IAuthData; @@ -57,13 +44,23 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;  import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;  import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import org.joda.time.DateTime; +import org.opensaml.saml.common.xml.SAMLConstants; +import org.opensaml.saml.saml2.core.Assertion; +import org.opensaml.saml.saml2.core.AuthnRequest; +import org.opensaml.saml.saml2.core.Response; +import org.opensaml.saml.saml2.metadata.AssertionConsumerService; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.stereotype.Service; +  @Service("PVPAuthenticationRequestAction")  public class AuthenticationAction implements IAction {    private static final Logger log = LoggerFactory.getLogger(AuthenticationAction.class); -  private static final String CONFIG_PROPERTY_PVP2_ENABLE_ENCRYPTION = -      "protocols.pvp2.assertion.encryption.active"; -    @Autowired(required = true)    private IPvp2MetadataProvider metadataProvider;    @Autowired(required = true) @@ -115,7 +112,7 @@ public class AuthenticationAction implements IAction {        final Response authResponse = AuthResponseBuilder.buildResponse(metadataProvider,            issuerEntityID, authnRequest, date, assertion, -          authConfig.getBasicConfigurationBoolean(CONFIG_PROPERTY_PVP2_ENABLE_ENCRYPTION, true)); +          authConfig);        IEncoder binding = null; @@ -141,7 +138,7 @@ public class AuthenticationAction implements IAction {        sloInformation.setSpEntityID(req.getServiceProviderConfiguration().getUniqueIdentifier());        return sloInformation; -    } catch (SecurityException e) { +    } catch (final SecurityException e) {        log.warn("Message Encoding exception", e);        throw new ResponderErrorException("pvp2.01", null, e); diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/MetadataAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/MetadataAction.java index a1e8b5ba..3f0ad0b6 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/MetadataAction.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/MetadataAction.java @@ -22,6 +22,7 @@ package at.gv.egiz.eaaf.modules.pvp2.idp.impl;  import javax.annotation.PostConstruct;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; +  import at.gv.egiz.eaaf.core.api.IRequest;  import at.gv.egiz.eaaf.core.api.idp.IAction;  import at.gv.egiz.eaaf.core.api.idp.IAuthData; @@ -33,6 +34,7 @@ import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataConfigurationFactor  import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;  import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder;  import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; +  import org.slf4j.Logger;  import org.slf4j.LoggerFactory;  import org.springframework.beans.factory.annotation.Autowired; @@ -74,8 +76,6 @@ public class MetadataAction implements IAction {        final IPvpMetadataBuilderConfiguration metadataConfig = configFactory            .generateMetadataBuilderConfiguration(req.getAuthUrlWithOutSlash(), pvpIdpCredentials); - -        final String metadataXml = metadatabuilder.buildPvpMetadata(metadataConfig);        log.trace("METADATA: " + metadataXml); @@ -117,5 +117,4 @@ public class MetadataAction implements IAction {      }    } -  } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/PvpSProfilePendingRequest.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/PvpSProfilePendingRequest.java index 6c621841..26e04881 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/PvpSProfilePendingRequest.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/PvpSProfilePendingRequest.java @@ -21,6 +21,7 @@ package at.gv.egiz.eaaf.modules.pvp2.idp.impl;  import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;  import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +  import org.springframework.beans.factory.config.BeanDefinition;  import org.springframework.context.annotation.Scope;  import org.springframework.stereotype.Component; diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java index 8cafebb9..55e3e8b4 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java @@ -19,37 +19,55 @@  package at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder; +import java.security.PublicKey; +import java.security.interfaces.ECPublicKey; +import java.security.interfaces.RSAPublicKey;  import java.util.ArrayList;  import java.util.List; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.idp.exception.InvalidAssertionEncryptionException; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +  import org.joda.time.DateTime;  import org.opensaml.core.criterion.EntityIdCriterion;  import org.opensaml.saml.common.xml.SAMLConstants; +import org.opensaml.saml.criterion.EntityRoleCriterion; +import org.opensaml.saml.criterion.ProtocolCriterion; +import org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver;  import org.opensaml.saml.saml2.core.Assertion;  import org.opensaml.saml.saml2.core.EncryptedAssertion;  import org.opensaml.saml.saml2.core.Issuer;  import org.opensaml.saml.saml2.core.NameIDType;  import org.opensaml.saml.saml2.core.RequestAbstractType;  import org.opensaml.saml.saml2.core.Response; +import org.opensaml.saml.saml2.encryption.Encrypter;  import org.opensaml.saml.saml2.encryption.Encrypter.KeyPlacement;  import org.opensaml.saml.saml2.metadata.SPSSODescriptor;  import org.opensaml.saml.security.impl.MetadataCredentialResolver; -import org.opensaml.security.MetadataCriteria;  import org.opensaml.security.credential.UsageType;  import org.opensaml.security.criteria.UsageCriterion;  import org.opensaml.security.x509.X509Credential; -import org.opensaml.xmlsec.EncryptionParameters; +import org.opensaml.xmlsec.SecurityConfigurationSupport; +import org.opensaml.xmlsec.encryption.support.DataEncryptionParameters;  import org.opensaml.xmlsec.encryption.support.EncryptionException;  import org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters; +import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;  import org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorFactory; +import org.opensaml.xmlsec.keyinfo.impl.BasicProviderKeyInfoCredentialResolver; +import org.opensaml.xmlsec.keyinfo.impl.KeyInfoProvider; +import org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider; +import org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider; +import org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider;  import org.slf4j.Logger;  import org.slf4j.LoggerFactory; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.idp.exception.InvalidAssertionEncryptionException; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import net.shibboleth.utilities.java.support.component.ComponentInitializationException;  import net.shibboleth.utilities.java.support.resolver.CriteriaSet; +import net.shibboleth.utilities.java.support.resolver.ResolverException;  /**   * Authentication response builder. @@ -65,17 +83,17 @@ public class AuthResponseBuilder {     * Build PVP2 S-Profile authentication response.     *     * @param metadataProvider Service-Provider metadata -   * @param issuerEntityID IDP entityId -   * @param req current pending request -   * @param date Timestamp -   * @param assertion PVP2 S-Profil Assertion -   * @param enableEncryption encrypt Assertion flag +   * @param issuerEntityID   IDP entityId +   * @param req              current pending request +   * @param date             Timestamp +   * @param assertion        PVP2 S-Profil Assertion +   * @param authConfig       {@link IConfiguration}     * @return PVP2 S-Profile authentication response     * @throws InvalidAssertionEncryptionException In case of an error     */    public static Response buildResponse(final IPvp2MetadataProvider metadataProvider,        final String issuerEntityID, final RequestAbstractType req, final DateTime date, -      final Assertion assertion, final boolean enableEncryption) +      final Assertion assertion, IConfiguration authConfig)        throws InvalidAssertionEncryptionException {      final Response authResponse = Saml2Utils.createSamlObject(Response.class); @@ -90,72 +108,117 @@ public class AuthResponseBuilder {      final String remoteSessionID = Saml2Utils.getSecureIdentifier();      authResponse.setID(remoteSessionID); -      // SAML2 response required IssueInstant      authResponse.setIssueInstant(date);      authResponse.setStatus(Saml2Utils.getSuccessStatus());      // check, if metadata includes an encryption key -    final MetadataCredentialResolver mdCredResolver = -        new MetadataCredentialResolver(metadataProvider); - -    final CriteriaSet criteriaSet = new CriteriaSet(); -    criteriaSet.add(new EntityIdCriterion(req.getIssuer().getValue())); -    criteriaSet -        .add(new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS)); -    criteriaSet.add(new UsageCriterion(UsageType.ENCRYPTION)); +    final X509Credential encryptionCredentials = resolveEncryptionCredential(req, metadataProvider); -    X509Credential encryptionCredentials = null; -    try { -      encryptionCredentials = (X509Credential) mdCredResolver.resolveSingle(criteriaSet); +    if (encryptionCredentials != null +        && authConfig.getBasicConfigurationBoolean( +            PvpConstants.CONFIG_PROPERTY_PVP2_ENABLE_ENCRYPTION, true)) { +      authResponse.getEncryptedAssertions().add( +          doEncryption(assertion, encryptionCredentials, authConfig)); -    } catch (final SecurityException e2) { -      log.warn("Can not extract the Assertion Encryption-Key from metadata", e2); -      throw new InvalidAssertionEncryptionException(); +    } else { +      authResponse.getAssertions().add(assertion);      } -    if (encryptionCredentials != null && enableEncryption) { -      // encrypt SAML2 assertion +    return authResponse; +  } + +  private static EncryptedAssertion doEncryption(Assertion assertion, +      X509Credential encryptionCredentials, IConfiguration authConfig) +      throws InvalidAssertionEncryptionException { +    try { +      final String keyEncAlg = selectKeyEncryptionAlgorithm(encryptionCredentials, authConfig); -      try { +      final DataEncryptionParameters dataEncParams = new DataEncryptionParameters(); +      dataEncParams.setAlgorithm(authConfig.getBasicConfiguration( +          PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_DATA, PvpConstants.DEFAULT_SYM_ENCRYPTION_METHODE)); -        final EncryptionParameters dataEncParams = new EncryptionParameters(); -        dataEncParams.setAlgorithm(PvpConstants.DEFAULT_SYM_ENCRYPTION_METHODE); +      final List<KeyEncryptionParameters> keyEncParamList = new ArrayList<>(); +      final KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters(); +      keyEncParam.setEncryptionCredential(encryptionCredentials); +      keyEncParam.setAlgorithm(keyEncAlg); -        final List<KeyEncryptionParameters> keyEncParamList = new ArrayList<>(); -        final KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters(); +      final KeyInfoGeneratorFactory kigf = +          SecurityConfigurationSupport.getGlobalEncryptionConfiguration() +              .getKeyTransportKeyInfoGeneratorManager().getDefaultManager().getFactory(encryptionCredentials); +      keyEncParam.setKeyInfoGenerator(kigf.newInstance()); +      keyEncParamList.add(keyEncParam); -        keyEncParam.setEncryptionCredential(encryptionCredentials); -        keyEncParam.setAlgorithm(PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE); -        final KeyInfoGeneratorFactory kigf = -            org.opensaml.xml.Configuration.getGlobalSecurityConfiguration() -                .getKeyInfoGeneratorManager().getDefaultManager().getFactory(encryptionCredentials); -        keyEncParam.setKeyInfoGenerator(kigf.newInstance()); -        keyEncParamList.add(keyEncParam); +      final Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList); +      samlEncrypter.setKeyPlacement(KeyPlacement.PEER); -        final Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList); -        // samlEncrypter.setKeyPlacement(KeyPlacement.INLINE); -        samlEncrypter.setKeyPlacement(KeyPlacement.PEER); +      return samlEncrypter.encrypt(assertion); -        EncryptedAssertion encryptAssertion = null; +    } catch (final EncryptionException | SamlSigningException e1) { +      log.warn("Can not encrypt the PVP2 assertion", e1); +      throw new InvalidAssertionEncryptionException(); -        encryptAssertion = samlEncrypter.encrypt(assertion); +    } -        authResponse.getEncryptedAssertions().add(encryptAssertion); +  } -      } catch (final EncryptionException e1) { -        log.warn("Can not encrypt the PVP2 assertion", e1); -        throw new InvalidAssertionEncryptionException(); +  private static String selectKeyEncryptionAlgorithm(X509Credential encryptionCredentials, +      IConfiguration authConfig) throws SamlSigningException { +    final PublicKey privatekey = encryptionCredentials.getPublicKey(); +    if (privatekey instanceof RSAPublicKey) { +      return authConfig.getBasicConfiguration( +          PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG, +          PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA); -      } +    } else if (privatekey instanceof ECPublicKey) { +      return authConfig.getBasicConfiguration( +          PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG, +          PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC);      } else { -      authResponse.getAssertions().add(assertion); +      log.warn("Could NOT evaluate the Private-Key type from " + encryptionCredentials.getEntityId() +          + " credential."); +      throw new SamlSigningException("internal.pvp.97", +          new Object[] { encryptionCredentials.getEntityId(), privatekey.getClass().getName() });      } -    return authResponse; +  } + +  private static X509Credential resolveEncryptionCredential(RequestAbstractType req, +      IPvp2MetadataProvider metadataProvider) throws InvalidAssertionEncryptionException { +    try { +      final List<KeyInfoProvider> keyInfoProvider = new ArrayList<>(); +      keyInfoProvider.add(new DSAKeyValueProvider()); +      keyInfoProvider.add(new RSAKeyValueProvider()); +      keyInfoProvider.add(new InlineX509DataProvider()); +      final KeyInfoCredentialResolver keyInfoCredentialResolver = new BasicProviderKeyInfoCredentialResolver( +          keyInfoProvider); + +      final PredicateRoleDescriptorResolver roleDescriptorResolver = new PredicateRoleDescriptorResolver( +          metadataProvider); +      roleDescriptorResolver.setRequireValidMetadata(true); +      roleDescriptorResolver.initialize(); + +      final MetadataCredentialResolver mdCredResolver = new MetadataCredentialResolver(); +      mdCredResolver.setRoleDescriptorResolver(roleDescriptorResolver); +      mdCredResolver.setKeyInfoCredentialResolver(keyInfoCredentialResolver); +      mdCredResolver.initialize(); + +      final CriteriaSet criteriaSet = new CriteriaSet(); +      criteriaSet.add(new EntityIdCriterion(req.getIssuer().getValue())); +      criteriaSet.add(new ProtocolCriterion(SAMLConstants.SAML20P_NS)); +      criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME)); +      criteriaSet.add(new UsageCriterion(UsageType.ENCRYPTION)); + +      return (X509Credential) mdCredResolver.resolveSingle(criteriaSet); + +    } catch (final SecurityException | ComponentInitializationException | ResolverException e2) { +      log.warn("Can not extract the Assertion Encryption-Key from metadata", e2); +      throw new InvalidAssertionEncryptionException(); + +    }    }  } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java index 922e7efe..b7b18f0f 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java @@ -24,6 +24,8 @@ import java.util.ArrayList;  import java.util.Iterator;  import java.util.List; +import javax.naming.ConfigurationException; +  import at.gv.egiz.eaaf.core.api.data.EaafConstants;  import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;  import at.gv.egiz.eaaf.core.api.idp.IAuthData; @@ -86,17 +88,16 @@ public class Pvp2AssertionBuilder implements PvpConstants {    @Autowired    private ISubjectNameIdGenerator subjectNameIdGenerator; -    /**     * Build a PVP assertion as response for a SAML2 AttributeQuery request.     *     * @param issuerEntityID EnitiyID, which should be used for this IDP response -   * @param attrQuery AttributeQuery request from Service-Provider -   * @param attrList List of PVP response attributes -   * @param now Current time -   * @param validTo ValidTo time of the assertion -   * @param qaaLevel QAA level of the authentication -   * @param sessionIndex SAML2 SessionIndex, which should be included * +   * @param attrQuery      AttributeQuery request from Service-Provider +   * @param attrList       List of PVP response attributes +   * @param now            Current time +   * @param validTo        ValidTo time of the assertion +   * @param qaaLevel       QAA level of the authentication +   * @param sessionIndex   SAML2 SessionIndex, which should be included *     * @return PVP 2.1 Assertion     * @throws Pvp2Exception In case of an error     */ @@ -119,18 +120,21 @@ public class Pvp2AssertionBuilder implements PvpConstants {          validTo);    } -    /**     * Build a PVP 2.1 assertion as response of a SAML2 AuthnRequest.     * -   * @param issuerEntityID EnitiyID, which should be used for this IDP response -   * @param pendingReq Current processed pendingRequest DAO -   * @param authnRequest Current processed PVP AuthnRequest -   * @param authData AuthenticationData of the user, which is already authenticated -   * @param peerEntity SAML2 EntityDescriptor of the service-provider, which receives the response -   * @param date TimeStamp -   * @param assertionConsumerService SAML2 endpoint of the service-provider, which should be used -   * @param sloInformation Single LogOut information DAO +   * @param issuerEntityID           EnitiyID, which should be used for this IDP +   *                                 response +   * @param pendingReq               Current processed pendingRequest DAO +   * @param authnRequest             Current processed PVP AuthnRequest +   * @param authData                 AuthenticationData of the user, which is +   *                                 already authenticated +   * @param peerEntity               SAML2 EntityDescriptor of the +   *                                 service-provider, which receives the response +   * @param date                     TimeStamp +   * @param assertionConsumerService SAML2 endpoint of the service-provider, which +   *                                 should be used +   * @param sloInformation           Single LogOut information DAO     * @return PVP2 S-Profil Assertion     * @throws Pvp2Exception In case of an error     */ @@ -203,7 +207,6 @@ public class Pvp2AssertionBuilder implements PvpConstants {        }      } -      // load SPSS decriptor from service-provider metadata      final SPSSODescriptor spSsoDescriptor = peerEntity.getSPSSODescriptor(SAMLConstants.SAML20P_NS); @@ -217,7 +220,7 @@ public class Pvp2AssertionBuilder implements PvpConstants {        AttributeConsumingService attributeConsumingService = null;        if (aIdx != null) { -        idx = aIdx.intValue(); +        idx = aIdx;          attributeConsumingService = spSsoDescriptor.getAttributeConsumingServices().get(idx);        } else { @@ -231,8 +234,8 @@ public class Pvp2AssertionBuilder implements PvpConstants {        }        /* -       * TODO: maybe use first AttributeConsumingService if no is selected in request or on service -       * is marked as default +       * TODO: maybe use first AttributeConsumingService if no is selected in request +       * or on service is marked as default         *         */        if (attributeConsumingService == null) { @@ -244,7 +247,6 @@ public class Pvp2AssertionBuilder implements PvpConstants {        } -        if (attributeConsumingService != null) {          final Iterator<RequestedAttribute> it =              attributeConsumingService.getRequestAttributes().iterator(); @@ -268,7 +270,6 @@ public class Pvp2AssertionBuilder implements PvpConstants {                throw new UnprovideableAttributeException(reqAttribut.getName());              } -            } catch (final Pvp2Exception e) {              log.info("Attribute generation failed! for " + reqAttribut.getFriendlyName());              if (reqAttribut.isRequired()) { @@ -342,10 +343,10 @@ public class Pvp2AssertionBuilder implements PvpConstants {        subjectNameID.setFormat(nameIdFormat);      } -      String sessionIndex = null; -    // if request is a reauthentication and NameIDFormat match reuse old session information +    // if request is a reauthentication and NameIDFormat match reuse old session +    // information      if (StringUtils.isNotEmpty(authData.getNameID())          && StringUtils.isNotEmpty(authData.getNameIdFormat())          && nameIdFormat.equals(authData.getNameIdFormat())) { @@ -368,7 +369,8 @@ public class Pvp2AssertionBuilder implements PvpConstants {      // set 'recipient' attribute in subjectConformationData      subjectConfirmationData.setRecipient(assertionConsumerService.getLocation()); -    // set IP address of the user machine as 'Address' attribute in subjectConformationData +    // set IP address of the user machine as 'Address' attribute in +    // subjectConformationData      final String usersIpAddress =          pendingReq.getRawData(RequestImpl.DATAID_REQUESTER_IP_ADDRESS, String.class);      if (StringUtils.isNotEmpty(usersIpAddress)) { @@ -388,15 +390,15 @@ public class Pvp2AssertionBuilder implements PvpConstants {    /**     * Build generic part of PVP S-Profile Assertion.     * -   * @param issuer IDP EntityID -   * @param entityID Service Provider EntityID -   * @param date Timestamp -   * @param authnContextClassRef SAML2 AuthnContextClassReference -   * @param attrList List of attributes -   * @param subjectNameID SubjectNameId +   * @param issuer                  IDP EntityID +   * @param entityID                Service Provider EntityID +   * @param date                    Timestamp +   * @param authnContextClassRef    SAML2 AuthnContextClassReference +   * @param attrList                List of attributes +   * @param subjectNameID           SubjectNameId     * @param subjectConfirmationData SubjectConfirmationInformation -   * @param sessionIndex SessionIndex -   * @param isValidTo ValidTo Timestamp +   * @param sessionIndex            SessionIndex +   * @param isValidTo               ValidTo Timestamp     * @return PVP S-Profile Assertion     * @throws ConfigurationException In case on an error     */ diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthnResponseBuilderTest.java b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthnResponseBuilderTest.java new file mode 100644 index 00000000..98cf5f40 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthnResponseBuilderTest.java @@ -0,0 +1,102 @@ +package at.gv.egiz.eaaf.modules.pvp2.idp.test; + +import java.io.IOException; + +import javax.xml.transform.TransformerException; + +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfig; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.idp.exception.InvalidAssertionEncryptionException; +import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.AuthResponseBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.test.binding.PostBindingTest; + +import org.apache.commons.lang3.RandomStringUtils; +import org.joda.time.DateTime; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.io.MarshallingException; +import org.opensaml.core.xml.io.UnmarshallingException; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.saml2.core.Assertion; +import org.opensaml.saml.saml2.core.RequestAbstractType; +import org.opensaml.saml.saml2.core.Response; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.TestPropertySource; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.w3c.dom.Element; + +import net.shibboleth.utilities.java.support.xml.XMLParserException; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({"/spring/test_eaaf_pvp.beans.xml"}) +@TestPropertySource( +    locations = {"/config/config_1.props"}) +public class AuthnResponseBuilderTest { + +  @Autowired private DummyAuthConfig authConfig; +  @Autowired private PvpMetadataResolverFactory metadataResolverFactory; + +  /** +   * JUnit class initializer. +   * +   * @throws Exception In case of an OpenSAML3 initialization error +   */ +  @BeforeClass +  public static void classInitializer() throws Exception { +    EaafOpenSaml3xInitializer.eaafInitialize(); + +  } + +  @Test +  public void encryptedAssertion() throws InvalidAssertionEncryptionException, Pvp2MetadataException, +      XMLParserException, UnmarshallingException, MarshallingException, TransformerException, IOException { +    final String issuerEntityID = RandomStringUtils.randomAlphabetic(15); + +    final IPvp2MetadataProvider metadataProvider = +        metadataResolverFactory.createMetadataProvider( +            "classpath:/data/pvp_metadata_junit_keystore.xml", null, "jUnit metadata resolver", null); + +    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream( +        XMLObjectProviderRegistrySupport.getParserPool(), +        PostBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml")); +    authnReq.setID("_" + RandomStringUtils.randomAlphanumeric(10)); + +    final Assertion assertion = (Assertion) XMLObjectSupport.unmarshallFromInputStream( +        XMLObjectProviderRegistrySupport.getParserPool(), +        PostBindingTest.class.getResourceAsStream("/data/Assertion_1.xml")); + +    //build response +    final DateTime now = DateTime.now(); +    final Response response = AuthResponseBuilder.buildResponse( +        metadataProvider, issuerEntityID, authnReq, +        now, assertion, authConfig); + + +    //validate +    Assert.assertNotNull("SAML2 response is null", response); +    Assert.assertTrue("Assertion not null", response.getAssertions().isEmpty()); +    Assert.assertNotNull("Enc. assertion is null", response.getEncryptedAssertions()); +    Assert.assertFalse("Enc. assertion is empty", response.getEncryptedAssertions().isEmpty()); +    Assert.assertEquals("# enc. assertions wrong", 1, response.getEncryptedAssertions().size()); + +    Assert.assertEquals("InResponseTo", authnReq.getID(), response.getInResponseTo()); +    Assert.assertEquals("Issuer EntityId", issuerEntityID, response.getIssuer().getValue()); +    Assert.assertNotNull("ResponseId is null", response.getID()); +    Assert.assertFalse("ResponseId is emptry", response.getID().isEmpty()); + +    final Element responseElement = XMLObjectSupport.getMarshaller(response).marshall(response); +    final String xmlResp = DomUtils.serializeNode(responseElement); +    Assert.assertNotNull("XML response is null", xmlResp); +    Assert.assertFalse("XML response is empty", xmlResp.isEmpty()); + +  } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_1.props b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_1.props new file mode 100644 index 00000000..6324f190 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_1.props @@ -0,0 +1,14 @@ +keystore.path=classpath:/data/junit.jks +keystore.pass=password +key.metadata.alias=meta +key.metadata.pass=password +key.sig.alias=sig +key.sig.pass=password +key.enc.alias= +key.enc.pass= + +pvp2.assertion.encryption.active=true + +client.http.connection.timeout.socket=2 +client.http.connection.timeout.connection=2 +client.http.connection.timeout.request=2
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/Assertion_1.xml b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/Assertion_1.xml new file mode 100644 index 00000000..7c45b5fa --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/Assertion_1.xml @@ -0,0 +1,46 @@ +<?xml version="1.0" encoding="UTF-8"?> +	<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_602c3236bffaf71ac3ac88674e76ff9f" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0"> +		<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata</saml2:Issuer> +		<saml2:Subject> +			<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID> +			<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> +				<saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://demo.egiz.gv.at/demoportal_demologin/securearea.action"/> +			</saml2:SubjectConfirmation> +		</saml2:Subject> +		<saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2014-03-05T06:44:51.017Z"> +			<saml2:AudienceRestriction> +				<saml2:Audience>https://demo.egiz.gv.at/demoportal_demologin/</saml2:Audience> +			</saml2:AudienceRestriction> +		</saml2:Conditions> +		<saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406"> +			<saml2:AuthnContext> +				<saml2:AuthnContextClassRef>http://www.stork.gov.eu/1.0/citizenQAALevel/4</saml2:AuthnContextClassRef> +			</saml2:AuthnContext> +		</saml2:AuthnStatement> +		<saml2:AttributeStatement> +			<saml2:Attribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> +				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">2.1</saml2:AttributeValue> +			</saml2:Attribute> +			<saml2:Attribute FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> +				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Mustermann</saml2:AttributeValue> +			</saml2:Attribute> +			<saml2:Attribute FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> +				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Max</saml2:AttributeValue> +			</saml2:Attribute> +			<saml2:Attribute FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> +				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1940-01-01</saml2:AttributeValue> +			</saml2:Attribute> +			<saml2:Attribute FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> +				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">BF:QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:AttributeValue> +			</saml2:Attribute> +			<saml2:Attribute FriendlyName="EID-CITIZEN-QAA-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.94" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> +				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:integer">4</saml2:AttributeValue> +			</saml2:Attribute> +			<saml2:Attribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> +				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">AT</saml2:AttributeValue> +			</saml2:Attribute> +			<saml2:Attribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> +				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:publicid:gv.at:cdid+BF</saml2:AttributeValue> +			</saml2:Attribute> +		</saml2:AttributeStatement> +	</saml2:Assertion> diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/AuthRequest_without_sig_1.xml b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/AuthRequest_without_sig_1.xml new file mode 100644 index 00000000..ef35ea92 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/AuthRequest_without_sig_1.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceIndex="1" AttributeConsumingServiceIndex="0" Destination="https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp2/post" ID="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:02.775Z" Version="2.0"> +	<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_demologin/</saml2:Issuer> +	<saml2:Subject xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> +		<saml2:NameID>https://demo.egiz.gv.at/demoportal_demologin/</saml2:NameID> +	</saml2:Subject> +	<saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/> +	<saml2p:RequestedAuthnContext> +		<saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://www.stork.gov.eu/1.0/citizenQAALevel/4</saml2:AuthnContextClassRef> +	</saml2p:RequestedAuthnContext> +</saml2p:AuthnRequest> diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/junit.jks b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/junit.jksBinary files differ new file mode 100644 index 00000000..b5262cb8 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/junit.jks diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/pvp_metadata_junit_keystore.xml b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/pvp_metadata_junit_keystore.xml new file mode 100644 index 00000000..52549a88 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/pvp_metadata_junit_keystore.xml @@ -0,0 +1,125 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_2e23ca9b2ba4dc9eef15187830d07ff0" entityID="https://demo.egiz.gv.at/demoportal_demologin/" validUntil="2020-02-05T06:41:42.966Z"> +	<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> +		<ds:SignedInfo> +			<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> +			<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> +			<ds:Reference URI="#_2e23ca9b2ba4dc9eef15187830d07ff0"> +				<ds:Transforms> +					<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> +					<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> +				</ds:Transforms> +				<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> +				<ds:DigestValue>Jy/c0ZvVJSfWzSoAcxDx/o+T5W61vvNJNqTFz2o+ILc=</ds:DigestValue> +			</ds:Reference> +		</ds:SignedInfo> +		<ds:SignatureValue>chMxIdwrPvr78j3oTtgS7udbydy9kye1bbeQ4jm2GeFKUfxvJqY+vt9MjVnWFeR4c16gd80BjZJ6xxD5i5Ifci3YtxeKSxq0ttH/xZYEhJZkD/0NrGUhSvNV9zuLAz3uGk/LJ+2JxRq7dbnW4n9MtGuYhea8OW9/Pr1xI1KyskQS76NZDsGjjfnFWbFXahLoQZULU4Ke3SfZVqLATTn0J34RZnjNH3QieY3LhRzOVu/I5yeZtnLgUS6dg0Gab9DA/pdNFaC632iaE5QCXJmhgpqkjbkayO9e8N93YGFjbszhU1Kws5OUGjXjfCZwezLeOUZoKEfo5c+4+zEaTrEQjg==</ds:SignatureValue> +		<ds:KeyInfo> +			<ds:X509Data> +				<ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH +SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W +ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w +CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ +RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq +UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ +M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F +Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt +1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq +nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC +VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq +itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc +2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O +fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy +4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate> +			</ds:X509Data> +		</ds:KeyInfo> +	</ds:Signature> +	<md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> +		<md:KeyDescriptor use="signing"> +			<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> +				<ds:X509Data> +					<ds:X509Certificate>MIIC+jCCAeKgAwIBAgIEXjF+fTANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJB +VDENMAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxETAPBgNVBAMMCE1ldGFk +YXRhMB4XDTIwMDEyOTEyNDU0OVoXDTI2MDEyODEyNDU0OVowPzELMAkGA1UEBhMC +QVQxDTALBgNVBAcMBEVHSVoxDjAMBgNVBAoMBWpVbml0MREwDwYDVQQDDAhNZXRh +ZGF0YTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK230G3dxNbNlSYA +O5Kx/Js0aBAgxMt7q9m+dA35fK/dOvF/GjrqjWsMCnax+no9gLnq6x0gXiJclz6H +rp/YDOfLrJjMpNL/r0FWT947vbnEj7eT8TdY5d6Yi8AZulZmjiCI5nbZh2zwrP4+ +WqRroLoPhXQj8mDyp26M4xHBBUhLMRc2HV4S+XH4uNZ/vTmb8vBg31XGHCY33gl7 +/KA54JNGxJdN8Dxv6yHYsm91ZfVrX39W0iYLUNhUCkolwuQmjDVfrExM8BTLIONb +f+erJoCm3A9ghZyDYRQ/e69/UEUqDa6XOzykr88INkQscEiAXCDS+EBPMpKo+t3l +PIA9r7kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAh/2mg4S03bdZy1OVtEAudBT9 +YZb9OF34hxPtNbkB/V04wSIg1d4TBr5KDhV7CdiUOxPZzHpS8LUCgfGX306FB6NX +zh/b67uTOPaE72AB4VIT/Np0fsM7k5WhG9k9NoprIGiqCz2lXcfpZiT+LtSO1vWS +YI87wR9KOSWjcw/5i5qZIAJuwvLCQj5JtUsmrhHK75222J3TJf4dS/gfN4xfY2rW +9vcXtH6//8WdWp/zx9V7Z1ZsDb8TDKtBCEGuFDgVeU5ScKtVq8qRoUKD3Ve76cZi +purO3KrRrVAuZP2EfLkZdHEHqe8GPigNnZ5kTn8V2VJ3iRAQ73hpJRR98tFd0A==</ds:X509Certificate> +				</ds:X509Data> +                <ds:X509Data> +                  <ds:X509Certificate>MIIBbTCCARKgAwIBAgIEXjF+qTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJBVDEN +MAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcw +HhcNMjAwMTI5MTI0NjMzWhcNMjcwMTI4MTI0NjMzWjA+MQswCQYDVQQGEwJBVDEN +MAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcw +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASRt7gZRrr4rSEE7Q922oKQJF+mlkwC +LZnv8ZzHtH54s4VdyQFIBjQF1PPf9PTn+5tid8QJehZPndcoeD7J8fPJMAoGCCqG +SM49BAMCA0kAMEYCIQDFUO0owvqMVRO2FmD+vb8mqJBpWCE6Cl5pEHaygTa5LwIh +ANsmjI2azWiTSFjb7Ou5fnCfbeiJUP0s66m8qS4rYl9L +                </ds:X509Certificate> +              </ds:X509Data> +			</ds:KeyInfo> +		</md:KeyDescriptor> +		<md:KeyDescriptor use="encryption"> +			<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> +				<ds:X509Data> +					<ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH +SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W +ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w +CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ +RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq +UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ +M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F +Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt +1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq +nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC +VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq +itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc +2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O +fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy +4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate> +				</ds:X509Data> +			</ds:KeyInfo> +		</md:KeyDescriptor> +		<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat> +		<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/post" index="0" isDefault="true"/> +		<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/redirect" index="1"/> +		<md:AttributeConsumingService index="0" isDefault="true"> +			<md:ServiceName xml:lang="en">Default Service</md:ServiceName> +			<md:RequestedAttribute FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +			<md:RequestedAttribute FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +			<md:RequestedAttribute FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +			<md:RequestedAttribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +			<md:RequestedAttribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +			<md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-SOURCE-PIN-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.76" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> +			<md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-FULL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.84" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> +			<md:RequestedAttribute FriendlyName="MANDATE-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.68" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> +			<md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-SOURCE-PIN" Name="urn:oid:1.2.40.0.10.2.1.1.261.100" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> +			<md:RequestedAttribute FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +			<md:RequestedAttribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +			<md:RequestedAttribute FriendlyName="MANDATE-TYPE-OID" Name="urn:oid:1.2.40.0.10.2.1.1.261.106" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> +			<md:RequestedAttribute FriendlyName="EID-IDENTITY-LINK" Name="urn:oid:1.2.40.0.10.2.1.1.261.38" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> +			<md:RequestedAttribute FriendlyName="EID-CITIZEN-QAA-EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +		</md:AttributeConsumingService> +	</md:SPSSODescriptor> +	<md:Organization> +		<md:OrganizationName xml:lang="de">EGIZ</md:OrganizationName> +		<md:OrganizationDisplayName xml:lang="de">E-Government Innovationszentrum</md:OrganizationDisplayName> +		<md:OrganizationURL xml:lang="de">http://www.egiz.gv.at</md:OrganizationURL> +	</md:Organization> +	<md:ContactPerson contactType="technical"> +		<md:Company>E-Government Innovationszentrum</md:Company> +		<md:GivenName>Lenz</md:GivenName> +		<md:SurName>Thomas</md:SurName> +		<md:EmailAddress>thomas.lenz@egiz.gv.at</md:EmailAddress> +		<md:TelephoneNumber>+43 316 873 5525</md:TelephoneNumber> +	</md:ContactPerson> +</md:EntityDescriptor> diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml new file mode 100644 index 00000000..375224bb --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml @@ -0,0 +1,25 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<beans xmlns="http://www.springframework.org/schema/beans" +  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" +  xmlns:context="http://www.springframework.org/schema/context" +  xmlns:tx="http://www.springframework.org/schema/tx" +  xmlns:aop="http://www.springframework.org/schema/aop" +  xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd +    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd +    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd +    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + +  <bean id="dummyAuthConfig" +        class="at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfig" /> + +  <bean id="dummyVelocityGuiBuilder" +        class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyVelocityGuiFormBuilder" /> + +  <bean id="dummyGuiBuilderConfigFactory" +        class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory" /> +   +  <bean id="httpClientFactory" +        class="at.gv.egiz.eaaf.core.impl.utils.HttpClientFactory" /> + +</beans>
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_pvp.beans.xml b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_pvp.beans.xml new file mode 100644 index 00000000..aac94041 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_pvp.beans.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<beans xmlns="http://www.springframework.org/schema/beans" +  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" +  xmlns:context="http://www.springframework.org/schema/context" +  xmlns:tx="http://www.springframework.org/schema/tx" +  xmlns:aop="http://www.springframework.org/schema/aop" +  xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd +    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd +    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd +    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + +  <import resource="test_eaaf_core.beans.xml"/>   +  <import resource="classpath:/eaaf_pvp.beans.xml"/> + +  <bean id="dummyCredentialProvider" +        class="at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider" /> + +  +</beans>
\ No newline at end of file | 
