diff options
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_idp')
8 files changed, 230 insertions, 70 deletions
| diff --git a/eaaf_modules/eaaf_module_pvp2_idp/checks/spotbugs-exclude.xml b/eaaf_modules/eaaf_module_pvp2_idp/checks/spotbugs-exclude.xml new file mode 100644 index 00000000..855f39bd --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/checks/spotbugs-exclude.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<FindBugsFilter> +    <Match> +      <!-- allow SHA-1, because transient SubjectNameIDs should have the same pattern as bPKs --> +      <Class name="at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.Pvp2AssertionBuilder"/> +      <Method name="buildAssertion" /> +      <Bug pattern="WEAK_MESSAGE_DIGEST_SHA1" /> +    </Match> +    <Match> +      <!-- allow logging of SAML2 request parameters --> +      <Class name="at.gv.egiz.eaaf.modules.pvp2.idp.impl.AbstractPvp2XProtocol"/> +      <Bug pattern="CRLF_INJECTION_LOGS" /> +    </Match> +</FindBugsFilter> diff --git a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml index 5c5bc687..53ffff26 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml @@ -5,7 +5,7 @@    <parent>      <groupId>at.gv.egiz.eaaf</groupId>      <artifactId>eaaf_modules</artifactId> -    <version>1.1.3-SNAPSHOT</version> +    <version>1.2.1-SNAPSHOT</version>    </parent>    <artifactId>eaaf_module_pvp2_idp</artifactId>    <name>eaaf_module_pvp2_idp</name> @@ -17,7 +17,6 @@    	<dependency>    		<groupId>at.gv.egiz.eaaf</groupId>    		<artifactId>eaaf_module_pvp2_core</artifactId> -  		<version>${egiz.eaaf.version}</version>    	</dependency>      <dependency>        <groupId>org.springframework</groupId> @@ -32,11 +31,6 @@    	<!--  Testing -->      <dependency> -      <groupId>junit</groupId> -      <artifactId>junit</artifactId> -      <scope>test</scope> -    </dependency> -    <dependency>        <groupId>org.springframework</groupId>        <artifactId>spring-test</artifactId>        <scope>test</scope> @@ -64,31 +58,15 @@    <build>      <finalName>eaaf_module_pvp2_idp</finalName> -    <plugins> -      <plugin> -        <groupId>org.apache.maven.plugins</groupId> -        <artifactId>maven-compiler-plugin</artifactId> -        <version>3.7.0</version> -        <configuration> -          <source>1.8</source> -          <target>1.8</target> -        </configuration> -      </plugin> -       -      <!-- enable co-existence of testng and junit --> +    <plugins>              <plugin> -        <artifactId>maven-surefire-plugin</artifactId> -        <version>${surefire.version}</version> +        <groupId>com.github.spotbugs</groupId> +        <artifactId>spotbugs-maven-plugin</artifactId> +        <version>${spotbugs-maven-plugin.version}</version>          <configuration> -          <threadCount>1</threadCount>           +          <failOnError>true</failOnError> +          <excludeFilterFile>checks/spotbugs-exclude.xml</excludeFilterFile>          </configuration> -        <dependencies> -          <dependency> -            <groupId>org.apache.maven.surefire</groupId> -            <artifactId>surefire-junit47</artifactId> -            <version>${surefire.version}</version> -          </dependency> -        </dependencies>        </plugin>      </plugins> diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java index 1e42ac9c..2e30dcd9 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java @@ -44,6 +44,7 @@ import org.opensaml.xmlsec.signature.SignableXMLObject;  import org.slf4j.Logger;  import org.slf4j.LoggerFactory;  import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.util.Assert;  import at.gv.egiz.components.eventlog.api.EventConstants;  import at.gv.egiz.eaaf.core.api.IRequest; @@ -78,6 +79,7 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;  import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;  import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;  import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; +import lombok.Setter;  public abstract class AbstractPvp2XProtocol extends AbstractController implements IModulInfo {    private static final Logger log = LoggerFactory.getLogger(AbstractPvp2XProtocol.class); @@ -88,12 +90,16 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement    @Autowired(required = true)    protected IPvp2BasicConfiguration pvpBasicConfiguration;    @Autowired(required = true) -  protected IPvp2MetadataProvider metadataProvider; -  @Autowired(required = true)    protected SamlVerificationEngine samlVerificationEngine;    @Autowired(required = false)    protected List<IAuthnRequestPostProcessor> authRequestPostProcessors; +  /** +   * SAML2 metadata provider that should be used in this component. +   */ +  @Setter +  protected IPvp2MetadataProvider metadataProvider; +      private IPvp2CredentialProvider pvpIdpCredentials;    /** @@ -124,7 +130,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement      final StatusCode statusCode = Saml2Utils.createSamlObject(StatusCode.class);      final StatusMessage statusMessage = Saml2Utils.createSamlObject(StatusMessage.class); -    String moaError = null; +    String internalErrorCode = null;      if (e instanceof NoPassivAuthenticationException) {        statusCode.setValue(StatusCode.NO_PASSIVE); @@ -144,30 +150,37 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement        final String statusMessageValue = ex.getStatusMessageValue();        if (statusMessageValue != null) {          statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue)); +                } -      moaError = statusMessager.mapInternalErrorToExternalError(ex.getErrorId()); +       +      internalErrorCode = ex.getErrorId();      } else {        statusCode.setValue(StatusCode.RESPONDER);        statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage())); -      moaError = statusMessager.getResponseErrorCode(e); +      internalErrorCode = statusMessager.getResponseErrorCode(e); +            } -    if (StringUtils.isNotEmpty(moaError)) { -      final StatusCode moaStatusCode = Saml2Utils.createSamlObject(StatusCode.class); -      moaStatusCode.setValue(moaError); -      statusCode.setStatusCode(moaStatusCode); +    //set external sub-statusCode if one was selected +    if (StringUtils.isNotEmpty(internalErrorCode)) { +      final StatusCode externalStatusCode = Saml2Utils.createSamlObject(StatusCode.class); +      externalStatusCode.setValue( +          statusMessager.mapInternalErrorToExternalError(internalErrorCode)); +      statusCode.setStatusCode(externalStatusCode); +            } -    status.setStatusCode(statusCode); +    //set status-message if availabe          if (statusMessage.getMessage() != null) {        status.setStatusMessage(statusMessage); -    } -    samlResponse.setStatus(status); -    final String remoteSessionID = Saml2Utils.getSecureIdentifier(); -    samlResponse.setID(remoteSessionID); - +       +    }     +    status.setStatusCode(statusCode);     +    samlResponse.setStatus(status);     +    samlResponse.setID(Saml2Utils.getSecureIdentifier());      samlResponse.setIssueInstant(Instant.now()); +          final Issuer nissuer = Saml2Utils.createSamlObject(Issuer.class);      nissuer.setValue(pvpBasicConfiguration.getIdpEntityId(pvpRequest.getAuthUrl()));      nissuer.setFormat(NameIDType.ENTITY); @@ -176,13 +189,13 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement      IEncoder encoder = null;      if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { -      encoder = applicationContext.getBean("PVPRedirectBinding", RedirectBinding.class); +      encoder = applicationContext.getBean("PvpRedirectBinding", RedirectBinding.class);      } else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { -      encoder = applicationContext.getBean("PVPPOSTBinding", PostBinding.class); +      encoder = applicationContext.getBean("PvpPostBinding", PostBinding.class);      } else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) { -      encoder = applicationContext.getBean("PVPSOAPBinding", SoapBinding.class); +      encoder = applicationContext.getBean("PvpSoapBinding", SoapBinding.class);      }      if (encoder == null) { @@ -263,7 +276,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement              pendingReq.getUniqueTransactionIdentifier());        } -      throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); +      throw new InvalidProtocolRequestException("pvp2.21", new Object[] {e.getMessage()});      } catch (final Pvp2Exception e) {        final String samlRequest = req.getParameter(HTTP_PARAM_SAMLREQ); @@ -337,7 +350,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement              pendingReq.getUniqueTransactionIdentifier());        } -      throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); +      throw new InvalidProtocolRequestException("pvp2.21", new Object[] {e.getMessage()});      } catch (final Pvp2Exception e) {        final String samlRequest = req.getParameter(HTTP_PARAM_SAMLREQ); @@ -555,11 +568,9 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement    @PostConstruct    private void verifyInitialization() { -    if (pvpIdpCredentials == null) { -      log.error("No SAML2 credentialProvider injected!"); -      throw new RuntimeException("No SAML2 credentialProvider injected!"); +    Assert.notNull(metadataProvider, "No SAML2 MetadataProvider injected!"); +    Assert.notNull(pvpIdpCredentials, "No SAML2 credentialProvider injected!"); -    }    }  } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java index 91e92d63..a3c6cb5d 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java @@ -36,6 +36,7 @@ import org.slf4j.LoggerFactory;  import org.springframework.beans.factory.annotation.Autowired;  import org.springframework.context.ApplicationContext;  import org.springframework.stereotype.Service; +import org.springframework.util.Assert;  import at.gv.egiz.eaaf.core.api.IRequest;  import at.gv.egiz.eaaf.core.api.idp.IAction; @@ -57,14 +58,13 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;  import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;  import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;  import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import lombok.Setter;  @Service("PVPAuthenticationRequestAction")  public class AuthenticationAction implements IAction {    private static final Logger log = LoggerFactory.getLogger(AuthenticationAction.class);    @Autowired(required = true) -  private IPvp2MetadataProvider metadataProvider; -  @Autowired(required = true)    ApplicationContext springContext;    @Autowired(required = true)    IConfiguration authConfig; @@ -75,6 +75,12 @@ public class AuthenticationAction implements IAction {    @Autowired(required = true)    IRevisionLogger revisionsLogger; +  /** +   * SAML2 metadata provider that should be used in this component. +   */ +  @Setter +  protected IPvp2MetadataProvider metadataProvider; +      private IPvp2CredentialProvider pvpIdpCredentials;    /** @@ -169,11 +175,9 @@ public class AuthenticationAction implements IAction {    @PostConstruct    private void verifyInitialization() { -    if (pvpIdpCredentials == null) { -      log.error("No SAML2 credentialProvider injected!"); -      throw new RuntimeException("No SAML2 credentialProvider injected!"); +    Assert.notNull(metadataProvider, "No SAML2 MetadataProvider injected!"); +    Assert.notNull(pvpIdpCredentials, "No SAML2 credentialProvider injected!"); -    }    }  } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java index df5c15f8..cab14a5d 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java @@ -157,10 +157,6 @@ public class AuthenticationActionTest {          return null;        } -      @Override -      public String getFormatedDateOfBirth() { -        return DateFormatUtils.format(getDateOfBirth(), "yyyy-MM-dd"); -      }        @Override        public String getFamilyName() { @@ -184,13 +180,7 @@ public class AuthenticationActionTest {        public String getEidasQaaLevel() {          return EaafConstants.EIDAS_LOA_LOW;        } -       -      @Override -      public Date getDateOfBirth() { -        return new Date(); -         -      } -       +                    @Override        public String getCiticenCountryCode() {          // TODO Auto-generated method stub @@ -221,6 +211,19 @@ public class AuthenticationActionTest {        public Date getAuthenticationIssueInstant() {          return new Date();        } + +      @Override +      public String getDateOfBirth() { +        return RandomStringUtils.randomNumeric(4) + "-" + RandomStringUtils.randomNumeric(2) + "-" +            + RandomStringUtils.randomNumeric(2); +         +      } + +      @Override +      public String getDateOfBirthFormated(String pattern) { +        // TODO Auto-generated method stub +        return null; +      }      };    } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthnResponseBuilderTest.java b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthnResponseBuilderTest.java index 799002ed..f2df5e8d 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthnResponseBuilderTest.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthnResponseBuilderTest.java @@ -61,6 +61,51 @@ public class AuthnResponseBuilderTest {    }    @Test +  public void plainAssertion() throws InvalidAssertionEncryptionException, Pvp2MetadataException, +      XMLParserException, UnmarshallingException, MarshallingException, TransformerException, IOException { +    final String issuerEntityID = RandomStringUtils.randomAlphabetic(15); + +    final IPvp2MetadataProvider metadataProvider = +        metadataResolverFactory.createMetadataProvider( +            "classpath:/data/pvp_metadata_junit_keystore_without_enc.xml", null, "jUnit metadata resolver", null); + +    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream( +        XMLObjectProviderRegistrySupport.getParserPool(), +        PostBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml")); +    authnReq.setID("_" + RandomStringUtils.randomAlphanumeric(10)); + +    final Assertion assertion = (Assertion) XMLObjectSupport.unmarshallFromInputStream( +        XMLObjectProviderRegistrySupport.getParserPool(), +        PostBindingTest.class.getResourceAsStream("/data/Assertion_1.xml")); + +    //build response +    final Instant now = Instant.now(); +    final Response response = AuthResponseBuilder.buildResponse( +        metadataProvider, issuerEntityID, authnReq, +        now, assertion, authConfig); + + +    //validate +    Assert.assertNotNull("SAML2 response is null", response); +    Assert.assertFalse("Assertion is empty", response.getAssertions().isEmpty()); +    Assert.assertEquals("# assertions wrong", 1, response.getAssertions().size()); +     +    Assert.assertNotNull("Enc. assertion is null", response.getEncryptedAssertions()); +    Assert.assertTrue("Enc. assertion is not empty", response.getEncryptedAssertions().isEmpty()); +    +    Assert.assertEquals("InResponseTo", authnReq.getID(), response.getInResponseTo()); +    Assert.assertEquals("Issuer EntityId", issuerEntityID, response.getIssuer().getValue()); +    Assert.assertNotNull("ResponseId is null", response.getID()); +    Assert.assertFalse("ResponseId is emptry", response.getID().isEmpty()); + +    final Element responseElement = XMLObjectSupport.getMarshaller(response).marshall(response); +    final String xmlResp = DomUtils.serializeNode(responseElement); +    Assert.assertNotNull("XML response is null", xmlResp); +    Assert.assertFalse("XML response is empty", xmlResp.isEmpty()); + +  } +   +  @Test    public void encryptedAssertion() throws InvalidAssertionEncryptionException, Pvp2MetadataException,        XMLParserException, UnmarshallingException, MarshallingException, TransformerException, IOException {      final String issuerEntityID = RandomStringUtils.randomAlphabetic(15); diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/pvp_metadata_junit_keystore_without_enc.xml b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/pvp_metadata_junit_keystore_without_enc.xml new file mode 100644 index 00000000..fb6e1d94 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/pvp_metadata_junit_keystore_without_enc.xml @@ -0,0 +1,104 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_2e23ca9b2ba4dc9eef15187830d07ff0" entityID="https://demo.egiz.gv.at/demoportal_demologin/" validUntil="2045-02-05T06:41:42.966Z"> +	<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> +		<ds:SignedInfo> +			<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> +			<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> +			<ds:Reference URI="#_2e23ca9b2ba4dc9eef15187830d07ff0"> +				<ds:Transforms> +					<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> +					<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> +				</ds:Transforms> +				<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> +				<ds:DigestValue>Jy/c0ZvVJSfWzSoAcxDx/o+T5W61vvNJNqTFz2o+ILc=</ds:DigestValue> +			</ds:Reference> +		</ds:SignedInfo> +		<ds:SignatureValue>chMxIdwrPvr78j3oTtgS7udbydy9kye1bbeQ4jm2GeFKUfxvJqY+vt9MjVnWFeR4c16gd80BjZJ6xxD5i5Ifci3YtxeKSxq0ttH/xZYEhJZkD/0NrGUhSvNV9zuLAz3uGk/LJ+2JxRq7dbnW4n9MtGuYhea8OW9/Pr1xI1KyskQS76NZDsGjjfnFWbFXahLoQZULU4Ke3SfZVqLATTn0J34RZnjNH3QieY3LhRzOVu/I5yeZtnLgUS6dg0Gab9DA/pdNFaC632iaE5QCXJmhgpqkjbkayO9e8N93YGFjbszhU1Kws5OUGjXjfCZwezLeOUZoKEfo5c+4+zEaTrEQjg==</ds:SignatureValue> +		<ds:KeyInfo> +			<ds:X509Data> +				<ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH +SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W +ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w +CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ +RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq +UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ +M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F +Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt +1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq +nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC +VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq +itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc +2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O +fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy +4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate> +			</ds:X509Data> +		</ds:KeyInfo> +	</ds:Signature> +	<md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> +		<md:KeyDescriptor use="signing"> +			<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> +				<ds:X509Data> +					<ds:X509Certificate>MIIC+jCCAeKgAwIBAgIEXjF+fTANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJB +VDENMAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxETAPBgNVBAMMCE1ldGFk +YXRhMB4XDTIwMDEyOTEyNDU0OVoXDTI2MDEyODEyNDU0OVowPzELMAkGA1UEBhMC +QVQxDTALBgNVBAcMBEVHSVoxDjAMBgNVBAoMBWpVbml0MREwDwYDVQQDDAhNZXRh +ZGF0YTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK230G3dxNbNlSYA +O5Kx/Js0aBAgxMt7q9m+dA35fK/dOvF/GjrqjWsMCnax+no9gLnq6x0gXiJclz6H +rp/YDOfLrJjMpNL/r0FWT947vbnEj7eT8TdY5d6Yi8AZulZmjiCI5nbZh2zwrP4+ +WqRroLoPhXQj8mDyp26M4xHBBUhLMRc2HV4S+XH4uNZ/vTmb8vBg31XGHCY33gl7 +/KA54JNGxJdN8Dxv6yHYsm91ZfVrX39W0iYLUNhUCkolwuQmjDVfrExM8BTLIONb +f+erJoCm3A9ghZyDYRQ/e69/UEUqDa6XOzykr88INkQscEiAXCDS+EBPMpKo+t3l +PIA9r7kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAh/2mg4S03bdZy1OVtEAudBT9 +YZb9OF34hxPtNbkB/V04wSIg1d4TBr5KDhV7CdiUOxPZzHpS8LUCgfGX306FB6NX +zh/b67uTOPaE72AB4VIT/Np0fsM7k5WhG9k9NoprIGiqCz2lXcfpZiT+LtSO1vWS +YI87wR9KOSWjcw/5i5qZIAJuwvLCQj5JtUsmrhHK75222J3TJf4dS/gfN4xfY2rW +9vcXtH6//8WdWp/zx9V7Z1ZsDb8TDKtBCEGuFDgVeU5ScKtVq8qRoUKD3Ve76cZi +purO3KrRrVAuZP2EfLkZdHEHqe8GPigNnZ5kTn8V2VJ3iRAQ73hpJRR98tFd0A==</ds:X509Certificate> +				</ds:X509Data> +                <ds:X509Data> +                  <ds:X509Certificate>MIIBbTCCARKgAwIBAgIEXjF+qTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJBVDEN +MAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcw +HhcNMjAwMTI5MTI0NjMzWhcNMjcwMTI4MTI0NjMzWjA+MQswCQYDVQQGEwJBVDEN +MAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcw +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASRt7gZRrr4rSEE7Q922oKQJF+mlkwC +LZnv8ZzHtH54s4VdyQFIBjQF1PPf9PTn+5tid8QJehZPndcoeD7J8fPJMAoGCCqG +SM49BAMCA0kAMEYCIQDFUO0owvqMVRO2FmD+vb8mqJBpWCE6Cl5pEHaygTa5LwIh +ANsmjI2azWiTSFjb7Ou5fnCfbeiJUP0s66m8qS4rYl9L +                </ds:X509Certificate> +              </ds:X509Data> +			</ds:KeyInfo> +		</md:KeyDescriptor> +		<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat> +		<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/post" index="0" isDefault="true"/> +		<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/redirect" index="1"/> +		<md:AttributeConsumingService index="0" isDefault="true"> +			<md:ServiceName xml:lang="en">Default Service</md:ServiceName> +			<md:RequestedAttribute FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +			<md:RequestedAttribute FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +			<md:RequestedAttribute FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +			<md:RequestedAttribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +			<md:RequestedAttribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +			<md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-SOURCE-PIN-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.76" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> +			<md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-FULL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.84" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> +			<md:RequestedAttribute FriendlyName="MANDATE-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.68" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> +			<md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-SOURCE-PIN" Name="urn:oid:1.2.40.0.10.2.1.1.261.100" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> +			<md:RequestedAttribute FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +			<md:RequestedAttribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +			<md:RequestedAttribute FriendlyName="MANDATE-TYPE-OID" Name="urn:oid:1.2.40.0.10.2.1.1.261.106" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> +			<md:RequestedAttribute FriendlyName="EID-IDENTITY-LINK" Name="urn:oid:1.2.40.0.10.2.1.1.261.38" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> +			<md:RequestedAttribute FriendlyName="EID-CITIZEN-QAA-EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> +		</md:AttributeConsumingService> +	</md:SPSSODescriptor> +	<md:Organization> +		<md:OrganizationName xml:lang="de">EGIZ</md:OrganizationName> +		<md:OrganizationDisplayName xml:lang="de">E-Government Innovationszentrum</md:OrganizationDisplayName> +		<md:OrganizationURL xml:lang="de">http://www.egiz.gv.at</md:OrganizationURL> +	</md:Organization> +	<md:ContactPerson contactType="technical"> +		<md:Company>E-Government Innovationszentrum</md:Company> +		<md:GivenName>Lenz</md:GivenName> +		<md:SurName>Thomas</md:SurName> +		<md:EmailAddress>thomas.lenz@egiz.gv.at</md:EmailAddress> +		<md:TelephoneNumber>+43 316 873 5525</md:TelephoneNumber> +	</md:ContactPerson> +</md:EntityDescriptor> diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_pvp.beans.xml b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_pvp.beans.xml index 2bddd629..760f290e 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_pvp.beans.xml +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_pvp.beans.xml @@ -38,6 +38,7 @@    <bean   id="PVPAuthenticationRequestAction"            class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.AuthenticationAction">        <property name="pvpIdpCredentials" ref="dummyCredentialProvider" /> +      <property name="metadataProvider" ref="dummyChainingMetadataResolver" />    </bean>    <bean   id="pvpMetadataService" | 
