From df31d6f5ec7aeabdccdf6a23eb946e9ce014832b Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Tue, 3 Mar 2020 11:16:58 +0100
Subject: switch to next snapshot version
---
eaaf_modules/eaaf_module_auth_sl20/pom.xml | 2 +-
eaaf_modules/eaaf_module_moa-sig/pom.xml | 2 +-
eaaf_modules/eaaf_module_pvp2_core/pom.xml | 2 +-
eaaf_modules/eaaf_module_pvp2_idp/pom.xml | 2 +-
eaaf_modules/eaaf_module_pvp2_sp/pom.xml | 2 +-
eaaf_modules/pom.xml | 2 +-
6 files changed, 6 insertions(+), 6 deletions(-)
(limited to 'eaaf_modules')
diff --git a/eaaf_modules/eaaf_module_auth_sl20/pom.xml b/eaaf_modules/eaaf_module_auth_sl20/pom.xml
index 81611aff..9b237b78 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/pom.xml
+++ b/eaaf_modules/eaaf_module_auth_sl20/pom.xml
@@ -6,7 +6,7 @@
at.gv.egiz.eaaf
eaaf_modules
- 1.1.0
+ 1.1.1-SNAPSHOT
eaaf_module_auth_sl20
Generic SL2.0 authentication
diff --git a/eaaf_modules/eaaf_module_moa-sig/pom.xml b/eaaf_modules/eaaf_module_moa-sig/pom.xml
index 11b8cfd9..b9dd49f6 100644
--- a/eaaf_modules/eaaf_module_moa-sig/pom.xml
+++ b/eaaf_modules/eaaf_module_moa-sig/pom.xml
@@ -5,7 +5,7 @@
at.gv.egiz.eaaf
eaaf_modules
- 1.1.0
+ 1.1.1-SNAPSHOT
eaaf_module_moa-sig
MOA-Sig signature verification module
diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
index 31110bfd..32d66501 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
@@ -7,7 +7,7 @@
at.gv.egiz.eaaf
eaaf_modules
- 1.1.0
+ 1.1.1-SNAPSHOT
eaaf_module_pvp2_core
eaaf_module_pvp2_core
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
index ffda330d..cf833f67 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
@@ -5,7 +5,7 @@
at.gv.egiz.eaaf
eaaf_modules
- 1.1.0
+ 1.1.1-SNAPSHOT
eaaf_module_pvp2_idp
eaaf_module_pvp2_idp
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
index 69eb26ab..b936f307 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
@@ -5,7 +5,7 @@
at.gv.egiz.eaaf
eaaf_modules
- 1.1.0
+ 1.1.1-SNAPSHOT
eaaf_module_pvp2_sp
eaaf_module_pvp2_sp
diff --git a/eaaf_modules/pom.xml b/eaaf_modules/pom.xml
index 228a41cf..3addb4b5 100644
--- a/eaaf_modules/pom.xml
+++ b/eaaf_modules/pom.xml
@@ -4,7 +4,7 @@
at.gv.egiz
eaaf
- 1.1.0
+ 1.1.1-SNAPSHOT
at.gv.egiz.eaaf
--
cgit v1.2.3
From 19bc544de503af5992d045a699a1f2bcc1eaf505 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Tue, 10 Mar 2020 13:58:43 +0100
Subject: inject X509 certificates into JOSE signature-verification response if
available
---
.../java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
(limited to 'eaaf_modules')
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
index 1b1f090f..ccb650b3 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
@@ -230,7 +230,7 @@ public class JsonSecurityUtils implements IJoseTools {
jws.setKey(selectedKey);
// load payLoad
- return new VerificationResult(mapper.getMapper().readTree(jws.getPayload()), null, jws.verifySignature());
+ return new VerificationResult(mapper.getMapper().readTree(jws.getPayload()), x5cCerts, jws.verifySignature());
}
--
cgit v1.2.3
From f95a1fb3982395ccbc7e139cb5bd8a1c106bbb48 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Wed, 11 Mar 2020 12:46:45 +0100
Subject: refactor HttpClientFactory.java to build HTTP clients with different
authentication mechanisms
---
.../eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java | 2 +-
.../java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java | 2 +-
.../at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java | 2 +-
.../at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java | 2 +-
.../gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java | 2 +-
.../gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java | 2 +-
.../src/test/resources/spring/test_eaaf_core.beans.xml | 2 +-
7 files changed, 7 insertions(+), 7 deletions(-)
(limited to 'eaaf_modules')
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
index d1887d5c..1d97b167 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
@@ -28,8 +28,8 @@ import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
index 147199a5..ee601c73 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
@@ -11,10 +11,10 @@ import javax.xml.parsers.ParserConfigurationException;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory;
import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
-import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java
index 37e4acd1..cbeca4c3 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java
@@ -6,8 +6,8 @@ import java.net.URLDecoder;
import javax.xml.parsers.ParserConfigurationException;
import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
-import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java
index 64ebe00c..3673859a 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java
@@ -6,7 +6,7 @@ import java.util.ArrayList;
import java.util.List;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java
index 6abe52dc..27c42c57 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java
@@ -5,8 +5,8 @@ import java.io.UnsupportedEncodingException;
import java.util.Arrays;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
-import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
index accdd8b0..da417ec7 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
@@ -10,7 +10,7 @@ import java.util.List;
import javax.xml.transform.TransformerException;
-import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml
index 99552053..fa7b4eae 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml
@@ -20,7 +20,7 @@
class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory" />
+ class="at.gv.egiz.eaaf.core.impl.http.HttpClientFactory" />
--
cgit v1.2.3
From 5742681b60c6f99efa0040c42e514005596ffb34 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Thu, 19 Mar 2020 15:59:15 +0100
Subject: inject authType parameter in VDA request to select a specific
authentication method
---
.../tasks/AbstractCreateQualEidRequestTask.java | 30 +++++++++++++++
.../modules/auth/sl20/utils/SL20Constants.java | 45 ++++++++++++++++++++++
2 files changed, 75 insertions(+)
(limited to 'eaaf_modules')
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
index 1d97b167..6a5e1ef0 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
@@ -1,5 +1,6 @@
package at.gv.egiz.eaaf.modules.auth.sl20.tasks;
+import java.io.Serializable;
import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import java.util.List;
@@ -39,6 +40,7 @@ import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants;
+import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants.VdaAuthMethod;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonBuilderUtils;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils;
@@ -95,6 +97,15 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
final List parameters = new ArrayList<>();
parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM,
Base64Url.encode(sl20Req.toString().getBytes("UTF-8"))));
+
+ //set specific authentication method if it was selection by process step before
+ VdaAuthMethod authMethod = getVdaAuthMethodFromContext(executionContext);
+ if (authMethod != null) {
+ log.debug("Request VDA with authType: {}", authMethod);
+ parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_AUTH_METHOD_PARAM,
+ authMethod.getAuthMethod()));
+ }
+
httpReq.setEntity(new UrlEncodedFormEntity(parameters));
// build http GET request
@@ -190,6 +201,13 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
}
+ /**
+ * Get ExecutionContext parameter-key for VDA AuthMethod information.
+ *
+ * @return Key to get AuthMethod from {@link ExecutionContext}
+ */
+ protected abstract String getAuthMethodContextParamKey();
+
/**
* Create a implementation specific qualified eID SL2.0 command
*
@@ -201,6 +219,18 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
*/
protected abstract String buildSignedQualifiedEidCommand() throws CertificateEncodingException, SL20Exception;
+
+ private VdaAuthMethod getVdaAuthMethodFromContext(ExecutionContext executionContext) {
+ Serializable authMethodRaw = executionContext.get(getAuthMethodContextParamKey());
+ if (authMethodRaw instanceof String) {
+ log.trace("Find authMethod parameter: {} on context", authMethodRaw);
+ return VdaAuthMethod.fromString((String) authMethodRaw);
+
+ }
+
+ return null;
+ }
+
private String extractVdaUrlForSpecificOa(final ISpConfiguration oaConfig, final ExecutionContext executionContext) {
// load SP specific config for development and testing purposes
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
index 01316b9b..ec5dbf2e 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
@@ -4,6 +4,8 @@ import java.util.Arrays;
import java.util.Collections;
import java.util.List;
+import javax.annotation.Nonnull;
+
import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers;
import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers;
import org.jose4j.jws.AlgorithmIdentifiers;
@@ -11,10 +13,53 @@ import org.jose4j.jws.AlgorithmIdentifiers;
public class SL20Constants {
public static final int CURRENT_SL20_VERSION = 10;
+
// http binding parameters
public static final String PARAM_SL20_REQ_COMMAND_PARAM = "slcommand";
public static final String PARAM_SL20_REQ_COMMAND_PARAM_OLD = "sl2command";
+ public static final String PARAM_SL20_REQ_AUTH_METHOD_PARAM = "authtype";
+ public enum VdaAuthMethod {
+ ANY("any"), MOBILEPHONE("handy"), CARD("card");
+
+ private final String authMethod;
+
+ VdaAuthMethod(final String method) {
+ this.authMethod = method;
+ }
+
+ /**
+ * Get VDA AuthMethod.
+ *
+ * @return
+ */
+ public String getAuthMethod() {
+ return this.authMethod;
+ }
+
+ /**
+ * Get VDA authmethod from String representation.
+ *
+ * @param s authMethod parameter
+ * @return AuthMethod, or VdaAuthMethod.ANY if the parameter is unknown
+ */
+ public static VdaAuthMethod fromString(@Nonnull final String s) {
+ try {
+ return VdaAuthMethod.valueOf(s.toUpperCase());
+
+ } catch (IllegalArgumentException | NullPointerException e) {
+ return VdaAuthMethod.ANY;
+
+ }
+ }
+
+ @Override
+ public String toString() {
+ return getAuthMethod();
+
+ }
+ }
+
public static final String PARAM_SL20_REQ_ICP_RETURN_URL_PARAM = "slIPCReturnUrl";
public static final String PARAM_SL20_REQ_TRANSACTIONID = "slTransactionID";
--
cgit v1.2.3
From efa9cafcc8cab417efcc8a0a610e82e7578d64fc Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Thu, 19 Mar 2020 16:07:10 +0100
Subject: codestyle problem
---
.../main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java | 1 +
1 file changed, 1 insertion(+)
(limited to 'eaaf_modules')
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
index ec5dbf2e..5c3fa705 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
@@ -19,6 +19,7 @@ public class SL20Constants {
public static final String PARAM_SL20_REQ_COMMAND_PARAM_OLD = "sl2command";
public static final String PARAM_SL20_REQ_AUTH_METHOD_PARAM = "authtype";
+
public enum VdaAuthMethod {
ANY("any"), MOBILEPHONE("handy"), CARD("card");
--
cgit v1.2.3
From b3157cfd92685303de5aa05f05a66ec933d21266 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Thu, 19 Mar 2020 17:30:45 +0100
Subject: add 'smartphone' as parameter for authType on VDA side
---
.../java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
(limited to 'eaaf_modules')
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
index 5c3fa705..bfc393db 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
@@ -21,7 +21,7 @@ public class SL20Constants {
public static final String PARAM_SL20_REQ_AUTH_METHOD_PARAM = "authtype";
public enum VdaAuthMethod {
- ANY("any"), MOBILEPHONE("handy"), CARD("card");
+ ANY("any"), MOBILEPHONE("handy"), CARD("card"), SMARTPHONE("smartphone");
private final String authMethod;
--
cgit v1.2.3
From 895066c1aa921204346225551525006b6d34b7c6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Fri, 20 Mar 2020 13:51:29 +0100
Subject: switch to HSM-Facade 0.4-Snapshot and fix possible race-condition
between jUnit tests
---
.../pvp2/test/AbstractSamlVerificationEngine.java | 54 +++++++++++++---------
.../pvp2/test/SamlVerificationEngineTest.java | 36 ++++++++-------
.../SamlVerificationEngineWithHsmFacadeTest.java | 10 ++--
.../pvp2/test/metadata/MetadataBuilderTest.java | 20 ++++----
4 files changed, 70 insertions(+), 50 deletions(-)
(limited to 'eaaf_modules')
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java
index d5186857..e593c1d4 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java
@@ -3,28 +3,9 @@ package at.gv.egiz.eaaf.modules.pvp2.test;
import java.util.ArrayList;
import java.util.List;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
-import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider;
-
+import org.apache.xml.security.algorithms.JCEMapper;
import org.joda.time.DateTime;
+import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
@@ -47,6 +28,26 @@ import org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.Assert;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
@@ -72,6 +73,17 @@ public abstract class AbstractSamlVerificationEngine {
EaafOpenSaml3xInitializer.eaafInitialize();
}
+
+ /**
+ * Reset OpenSAML3.x JCEMapper to default.
+ *
+ */
+ @AfterClass
+ public static void classCloser() {
+ JCEMapper.setProviderId(null);
+
+ }
+
protected abstract String getMetadataJunitJKeystore();
protected abstract String getMetadataClassPathEntityPath();
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java
index 64bfb8f6..57c4b93a 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java
@@ -1,22 +1,5 @@
package at.gv.egiz.eaaf.modules.pvp2.test;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException;
-import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider;
-
import org.joda.time.DateTime;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -30,12 +13,30 @@ import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.StatusCode;
import org.opensaml.xmlsec.signature.support.SignatureConstants;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.util.Assert;
import org.w3c.dom.Element;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
@RunWith(SpringJUnit4ClassRunner.class)
@@ -43,6 +44,7 @@ import net.shibboleth.utilities.java.support.xml.XMLParserException;
"/spring/test_eaaf_core_spring_config.beans.xml",
"/spring/eaaf_utils.beans.xml" })
@TestPropertySource(locations = { "/config/config_1.props" })
+@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
public class SamlVerificationEngineTest extends AbstractSamlVerificationEngine {
@Autowired
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java
index 5b06a73f..926f25b2 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java
@@ -1,20 +1,24 @@
package at.gv.egiz.eaaf.modules.pvp2.test;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-
import org.junit.Test;
import org.junit.runner.RunWith;
import org.opensaml.xmlsec.signature.support.SignatureConstants;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+
+//@IfProfileValue(name = "spring.profiles.active", value = "devEnvironment")
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml",
"/spring/test_eaaf_core_spring_config.beans.xml",
"/spring/eaaf_utils.beans.xml" })
@TestPropertySource(locations = { "/config/config_3.props" })
+@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
public class SamlVerificationEngineWithHsmFacadeTest extends AbstractSamlVerificationEngine {
@Override
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
index 0f8817a0..8657bc60 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
@@ -14,15 +14,6 @@ import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactoryConfigurationError;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration;
-import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-
import org.apache.commons.lang3.RandomStringUtils;
import org.junit.Assert;
import org.junit.BeforeClass;
@@ -46,10 +37,20 @@ import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.SignatureValidator;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
@@ -61,6 +62,7 @@ import net.shibboleth.utilities.java.support.xml.XMLParserException;
"/spring/test_eaaf_core_spring_config.beans.xml",
"/spring/eaaf_utils.beans.xml" })
@TestPropertySource(locations = { "/config/config_1.props" })
+@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
public class MetadataBuilderTest {
@Autowired private PvpMetadataBuilder metadataBuilder;
--
cgit v1.2.3
From f3792e2ffbfbf0dea3d2ede7b311acdefc1c19fd Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Fri, 20 Mar 2020 13:51:57 +0100
Subject: add JOSE header into JWS verificationresult DAO
---
.../modules/auth/sl20/data/VerificationResult.java | 10 +++++-
.../modules/auth/sl20/utils/JsonSecurityUtils.java | 37 ++++++++++++----------
2 files changed, 29 insertions(+), 18 deletions(-)
(limited to 'eaaf_modules')
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java
index bb0c41d7..0f88e251 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java
@@ -9,6 +9,7 @@ public class VerificationResult {
private Boolean validSigned = null;
private List certs = null;
+ private JsonNode header = null;
private JsonNode payload = null;
public VerificationResult(final JsonNode payload) {
@@ -19,11 +20,14 @@ public class VerificationResult {
/**
* JWS signature verification-result container.
*
+ * @param joseHeader JWS header
* @param payload JWS payload
* @param certs JWS signercertificate
* @param wasValidSigned true if signature was valid
*/
- public VerificationResult(final JsonNode payload, final List certs, final boolean wasValidSigned) {
+ public VerificationResult(final JsonNode joseHeader, final JsonNode payload,
+ final List certs, final boolean wasValidSigned) {
+ this.header = joseHeader;
this.payload = payload;
this.certs = certs;
this.validSigned = wasValidSigned;
@@ -42,4 +46,8 @@ public class VerificationResult {
return payload;
}
+ public JsonNode getJoseHeader() {
+ return header;
+
+ }
}
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
index ccb650b3..43c44647 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
@@ -13,22 +13,6 @@ import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.PostConstruct;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.impl.utils.X509Utils;
-import at.gv.egiz.eaaf.modules.auth.sl20.Constants;
-import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20SecurityException;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
-
import org.apache.commons.lang3.StringUtils;
import org.jose4j.jca.ProviderContext;
import org.jose4j.jwa.AlgorithmConstraints;
@@ -50,6 +34,22 @@ import org.springframework.util.Base64Utils;
import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.databind.JsonNode;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.utils.X509Utils;
+import at.gv.egiz.eaaf.modules.auth.sl20.Constants;
+import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20SecurityException;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
+
@Service
public class JsonSecurityUtils implements IJoseTools {
private static final Logger log = LoggerFactory.getLogger(JsonSecurityUtils.class);
@@ -230,7 +230,10 @@ public class JsonSecurityUtils implements IJoseTools {
jws.setKey(selectedKey);
// load payLoad
- return new VerificationResult(mapper.getMapper().readTree(jws.getPayload()), x5cCerts, jws.verifySignature());
+ return new VerificationResult(
+ mapper.getMapper().readTree(jws.getHeaders().getFullHeaderAsJsonString()),
+ mapper.getMapper().readTree(jws.getPayload()),
+ x5cCerts, jws.verifySignature());
}
--
cgit v1.2.3
From bb15852878205381898c0719d163756d6aa96e1c Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Fri, 20 Mar 2020 20:45:42 +0100
Subject: refactor SAML2 metadata signature-filter to use a TrustStore
implementation to get trusted X509 certificates
---
.../pvp2/api/utils/IPvp2CredentialProvider.java | 13 ++
.../impl/utils/AbstractCredentialProvider.java | 18 ++-
.../SimpleMetadataSignatureVerificationFilter.java | 46 ++++--
.../pvp2/test/metadata/MetadataResolverTest.java | 155 +++++++++++----------
4 files changed, 142 insertions(+), 90 deletions(-)
(limited to 'eaaf_modules')
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java
index a564efb2..acd565a1 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java
@@ -1,11 +1,14 @@
package at.gv.egiz.eaaf.modules.pvp2.api.utils;
+import java.security.KeyStore;
+import java.security.Provider;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
@@ -51,5 +54,15 @@ public interface IPvp2CredentialProvider {
@Nonnull
List getTrustedCertificates()
throws CredentialsNotAvailableException;
+
+
+ /**
+ * Get the {@link KeyStore} that is used in this {@link IPvp2CredentialProvider}.
+ *
+ * @return KeyStore {@link Pair} of {@link KeyStore} and JCE {@link Provider}
+ * if a special provider is in use
+ */
+ @Nonnull
+ Pair getKeyStore();
}
\ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
index 26a5c5f6..e17e625e 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
@@ -32,6 +32,12 @@ import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.PostConstruct;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.xml.security.algorithms.JCEMapper;
+import org.opensaml.security.credential.UsageType;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.ResourceLoader;
+
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
@@ -44,13 +50,6 @@ import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter;
-
-import org.apache.commons.lang3.StringUtils;
-import org.apache.xml.security.algorithms.JCEMapper;
-import org.opensaml.security.credential.UsageType;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.core.io.ResourceLoader;
-
import lombok.extern.slf4j.Slf4j;
@Slf4j
@@ -256,6 +255,11 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi
}
+ public Pair getKeyStore() {
+ return keyStore;
+
+ }
+
@PostConstruct
private void initialize() throws Exception {
try {
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SimpleMetadataSignatureVerificationFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SimpleMetadataSignatureVerificationFilter.java
index ef09e5c4..5a97924f 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SimpleMetadataSignatureVerificationFilter.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SimpleMetadataSignatureVerificationFilter.java
@@ -23,15 +23,14 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Nonnull;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMetadataSignatureException;
-
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
@@ -40,13 +39,18 @@ import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.SignatureValidator;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMetadataSignatureException;
import lombok.extern.slf4j.Slf4j;
@Slf4j
public class SimpleMetadataSignatureVerificationFilter extends AbstractMetadataSignatureFilter {
private final String metadataUrl;
- private final List trustedCredential = new ArrayList<>();
+ private final KeyStore trustedCredential;
private static final String ERROR_07 = "internal.pvp.07";
private static final String ERROR_12 = "internal.pvp.12";
@@ -61,13 +65,13 @@ public class SimpleMetadataSignatureVerificationFilter extends AbstractMetadataS
* SAML2 metadata with {@link EntitiesDescriptor} are not supported.
*
*
- * @param credentials Trust X509 certificates
+ * @param keyStore TrustStore that contains trusted X509 certificates
* @param metadataUrl Metadata URL for logging purposes
*/
- public SimpleMetadataSignatureVerificationFilter(@Nonnull List credentials,
+ public SimpleMetadataSignatureVerificationFilter(@Nonnull KeyStore keyStore,
@Nonnull String metadataUrl) {
this.metadataUrl = metadataUrl;
- this.trustedCredential.addAll(credentials);
+ this.trustedCredential = keyStore;
}
@@ -121,7 +125,7 @@ public class SimpleMetadataSignatureVerificationFilter extends AbstractMetadataS
// perform cryptographic signature verification
boolean isTrusted = false;
- for (final BasicX509Credential cred : trustedCredential) {
+ for (final BasicX509Credential cred : getTrustedCertificates()) {
log.trace("Validating signature with credential: {} ... ",
cred.getEntityCertificate().getSubjectDN());
try {
@@ -140,7 +144,31 @@ public class SimpleMetadataSignatureVerificationFilter extends AbstractMetadataS
throw new SamlMetadataSignatureException(metadataUrl, ERROR_MSG_SIGNOTVALID);
}
+ }
+
+ private List getTrustedCertificates() throws EaafConfigurationException {
+ try {
+ final List certs =
+ EaafKeyStoreUtils.readCertsFromKeyStore(trustedCredential);
+ if (certs.isEmpty()) {
+ log.warn("No trusted metadata-signing certificates in configuration");
+ throw new EaafConfigurationException("module.eidasauth.02",
+ new Object[] { "No trusted metadata-signing certificates" });
+
+ }
+
+ final List result = new ArrayList<>();
+ for (final X509Certificate cert : certs) {
+ result.add(new BasicX509Credential(cert));
+ }
+ return result;
+
+ } catch (final KeyStoreException e) {
+ throw new EaafConfigurationException("module.eidasauth.01",
+ new Object[] { "Trusted metadata-signing certificates", e.getMessage() }, e);
+
+ }
}
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
index da417ec7..1cbc2f14 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
@@ -2,6 +2,9 @@ package at.gv.egiz.eaaf.modules.pvp2.test.metadata;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
@@ -10,21 +13,6 @@ import java.util.List;
import javax.xml.transform.TransformerException;
-import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PvpEntityCategoryFilter;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.RandomStringUtils;
import org.joda.time.DateTime;
@@ -68,6 +56,20 @@ import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.w3c.dom.Element;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PvpEntityCategoryFilter;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
@@ -91,7 +93,8 @@ public class MetadataResolverTest {
private PvpMetadataResolverFactory metadataResolverFactory;
@Autowired
private IHttpClientFactory httpClientFactory;
- @Autowired private DummyCredentialProvider credentialProvider;
+ @Autowired
+ private DummyCredentialProvider credentialProvider;
/**
* JUnit class initializer.
@@ -183,16 +186,15 @@ public class MetadataResolverTest {
}
@Test
- public void noCredentials() {
+ public void noCredentials() throws KeyStoreException {
final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml";
- final List credentials = new ArrayList<>();
-
+ final KeyStore keystore = KeyStore.getInstance("JKS");
final List filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
metadataUrl));
final MetadataFilterChain filterChain = new MetadataFilterChain();
@@ -212,20 +214,21 @@ public class MetadataResolverTest {
}
@Test
- public void wrongCredentials() throws CertificateException {
+ public void wrongCredentials() throws CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException {
final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml";
- final List credentials = new ArrayList<>();
+ final KeyStore keystore = KeyStore.getInstance("JKS");
+ keystore.load(null, "junit".toCharArray());
final CertificateFactory fact = CertificateFactory.getInstance("X.509");
final BasicX509Credential credential = new BasicX509Credential((X509Certificate) fact.generateCertificate(
MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")));
- credentials.add(credential);
+ keystore.setCertificateEntry("1", credential.getEntityCertificate());
final List filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
metadataUrl));
final MetadataFilterChain filterChain = new MetadataFilterChain();
@@ -246,21 +249,22 @@ public class MetadataResolverTest {
@Test
public void validCredentialsInvalidSig() throws CertificateException, Pvp2MetadataException,
- ResolverException {
+ ResolverException, KeyStoreException, NoSuchAlgorithmException, IOException {
final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml";
- final List credentials = new ArrayList<>();
+ final KeyStore keystore = KeyStore.getInstance("JKS");
+ keystore.load(null, "junit".toCharArray());
final CertificateFactory fact = CertificateFactory.getInstance("X.509");
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))));
+ keystore.setCertificateEntry("1", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")));
+ keystore.setCertificateEntry("2", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")));
final List filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
metadataUrl));
final MetadataFilterChain filterChain = new MetadataFilterChain();
@@ -281,7 +285,8 @@ public class MetadataResolverTest {
@Test
public void metadataSignatureValidCredentials() throws CertificateException, Pvp2MetadataException,
ResolverException, XMLParserException, UnmarshallingException, SamlSigningException,
- CredentialsNotAvailableException, MarshallingException, TransformerException, IOException {
+ CredentialsNotAvailableException, MarshallingException, TransformerException, IOException,
+ KeyStoreException, NoSuchAlgorithmException {
mockWebServer.shutdown();
mockWebServer = new MockWebServer();
@@ -300,19 +305,20 @@ public class MetadataResolverTest {
.setBody(SerializeSupport.nodeToString(metadataElement))
.setHeader("Content-Type", "text/html;charset=utf-8"));
- final List credentials = new ArrayList<>();
+ final KeyStore keystore = KeyStore.getInstance("JKS");
+ keystore.load(null, "junit".toCharArray());
final CertificateFactory fact = CertificateFactory.getInstance("X.509");
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))));
+ keystore.setCertificateEntry("1", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")));
+ keystore.setCertificateEntry("2", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")));
+ keystore.setCertificateEntry("3", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")));
final List filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
mockServerUrl.url().toString()));
filterList.add(new PvpEntityCategoryFilter(true));
@@ -332,7 +338,8 @@ public class MetadataResolverTest {
@Test
public void metadataSignatureValidCredentialsSecond() throws CertificateException, Pvp2MetadataException,
ResolverException, XMLParserException, UnmarshallingException, SamlSigningException,
- CredentialsNotAvailableException, MarshallingException, TransformerException, IOException {
+ CredentialsNotAvailableException, MarshallingException, TransformerException, IOException,
+ KeyStoreException, NoSuchAlgorithmException {
final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
@@ -347,19 +354,20 @@ public class MetadataResolverTest {
.setBody(SerializeSupport.nodeToString(metadataElement))
.setHeader("Content-Type", "text/html;charset=utf-8"));
- final List credentials = new ArrayList<>();
+ final KeyStore keystore = KeyStore.getInstance("JKS");
+ keystore.load(null, "junit".toCharArray());
final CertificateFactory fact = CertificateFactory.getInstance("X.509");
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))));
+ keystore.setCertificateEntry("1", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")));
+ keystore.setCertificateEntry("2", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")));
+ keystore.setCertificateEntry("3", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")));
final List filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
mockServerUrl.url().toString()));
filterList.add(new PvpEntityCategoryFilter(true));
@@ -370,8 +378,6 @@ public class MetadataResolverTest {
mockServerUrl.url().toString(),
filterChain, "jUnit test", httpClientFactory.getHttpClient());
-
-
final EntityDescriptor descr = mdResolver.getEntityDescriptor(metadata.getEntityID());
Assert.assertNotNull("No EntityDescripter", descr);
@@ -385,11 +391,13 @@ public class MetadataResolverTest {
@Test
public void metadataSignatureValidCredentialsThird() throws CertificateException, Pvp2MetadataException,
ResolverException, XMLParserException, UnmarshallingException, SamlSigningException,
- CredentialsNotAvailableException, MarshallingException, TransformerException, IOException {
+ CredentialsNotAvailableException, MarshallingException, TransformerException, IOException,
+ KeyStoreException, NoSuchAlgorithmException {
final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
- MetadataResolverTest.class.getResourceAsStream("/data/pvp_metadata_valid_with_entityCategory_egov.xml"));
+ MetadataResolverTest.class.getResourceAsStream(
+ "/data/pvp_metadata_valid_with_entityCategory_egov.xml"));
metadata.setValidUntil(DateTime.now().plusDays(1));
metadata.setSignature(null);
metadata.setEntityID(RandomStringUtils.randomAlphabetic(10));
@@ -400,19 +408,20 @@ public class MetadataResolverTest {
.setBody(SerializeSupport.nodeToString(metadataElement))
.setHeader("Content-Type", "text/html;charset=utf-8"));
- final List credentials = new ArrayList<>();
+ final KeyStore keystore = KeyStore.getInstance("JKS");
+ keystore.load(null, "junit".toCharArray());
final CertificateFactory fact = CertificateFactory.getInstance("X.509");
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))));
+ keystore.setCertificateEntry("1", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")));
+ keystore.setCertificateEntry("2", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")));
+ keystore.setCertificateEntry("3", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")));
final List filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
mockServerUrl.url().toString()));
filterList.add(new PvpEntityCategoryFilter(true));
@@ -423,8 +432,6 @@ public class MetadataResolverTest {
mockServerUrl.url().toString(),
filterChain, "jUnit test", httpClientFactory.getHttpClient());
-
-
final EntityDescriptor descr = mdResolver.getEntityDescriptor(metadata.getEntityID());
Assert.assertNotNull("No EntityDescripter", descr);
@@ -438,7 +445,8 @@ public class MetadataResolverTest {
@Test
public void metadataExpired() throws CertificateException, Pvp2MetadataException,
ResolverException, XMLParserException, UnmarshallingException, SamlSigningException,
- CredentialsNotAvailableException, MarshallingException, TransformerException, IOException {
+ CredentialsNotAvailableException, MarshallingException, TransformerException, IOException,
+ KeyStoreException, NoSuchAlgorithmException {
final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
@@ -452,24 +460,24 @@ public class MetadataResolverTest {
.setBody(SerializeSupport.nodeToString(metadataElement))
.setHeader("Content-Type", "text/html;charset=utf-8"));
- final List credentials = new ArrayList<>();
+ final KeyStore keystore = KeyStore.getInstance("JKS");
+ keystore.load(null, "junit".toCharArray());
final CertificateFactory fact = CertificateFactory.getInstance("X.509");
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))));
+ keystore.setCertificateEntry("1", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")));
+ keystore.setCertificateEntry("2", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")));
+ keystore.setCertificateEntry("2", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")));
final List filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
mockServerUrl.url().toString()));
filterList.add(new RequiredValidUntilFilter());
filterList.add(new PvpEntityCategoryFilter(false));
-
final MetadataFilterChain filterChain = new MetadataFilterChain();
filterChain.setFilters(filterList);
@@ -484,7 +492,6 @@ public class MetadataResolverTest {
}
-
}
@Test
--
cgit v1.2.3
From 1044640c80e6586192e14635ae5a65d2f6524dc8 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Tue, 24 Mar 2020 19:51:58 +0100
Subject: fix dependency problems with different Java Spring versions
---
eaaf_modules/eaaf_module_auth_sl20/pom.xml | 6 +++++-
eaaf_modules/eaaf_module_moa-sig/pom.xml | 7 ++++++-
eaaf_modules/eaaf_module_pvp2_core/pom.xml | 6 ++++++
eaaf_modules/eaaf_module_pvp2_idp/pom.xml | 6 +++++-
eaaf_modules/eaaf_module_pvp2_sp/pom.xml | 6 +++++-
5 files changed, 27 insertions(+), 4 deletions(-)
(limited to 'eaaf_modules')
diff --git a/eaaf_modules/eaaf_module_auth_sl20/pom.xml b/eaaf_modules/eaaf_module_auth_sl20/pom.xml
index 9b237b78..482596a2 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/pom.xml
+++ b/eaaf_modules/eaaf_module_auth_sl20/pom.xml
@@ -42,7 +42,11 @@
com.fasterxml.jackson.core
jackson-databind
-
+
+ org.springframework
+ spring-webmvc
+ provided
+
javax.servlet
javax.servlet-api
diff --git a/eaaf_modules/eaaf_module_moa-sig/pom.xml b/eaaf_modules/eaaf_module_moa-sig/pom.xml
index b9dd49f6..eb2cdae8 100644
--- a/eaaf_modules/eaaf_module_moa-sig/pom.xml
+++ b/eaaf_modules/eaaf_module_moa-sig/pom.xml
@@ -59,7 +59,12 @@
at.gv.egiz.eaaf
eaaf_core_api
-
+
+ org.springframework
+ spring-webmvc
+ provided
+
+
joda-time
joda-time
diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
index 32d66501..efc359aa 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
@@ -47,6 +47,12 @@
bcprov-jdk15on
+
+ org.springframework
+ spring-webmvc
+ provided
+
+
javax.servlet
javax.servlet-api
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
index cf833f67..b570c88a 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
@@ -19,7 +19,11 @@
eaaf_module_pvp2_core
${egiz.eaaf.version}
-
+
+ org.springframework
+ spring-webmvc
+ provided
+
javax.servlet
javax.servlet-api
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
index b936f307..cf2ac340 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
@@ -25,7 +25,11 @@
-
+
+ org.springframework
+ spring-webmvc
+ provided
+
javax.servlet
javax.servlet-api
--
cgit v1.2.3
From a382287bb7f061bb2a26c095e8e17b324efcb4cf Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Thu, 26 Mar 2020 12:36:36 +0100
Subject: fix codestyle
---
.../auth/sl20/utils/SL20JsonBuilderUtils.java | 1 +
.../auth/sl20/utils/SL20JsonExtractorUtils.java | 2 +
.../pvp2/impl/builder/CitizenTokenBuilder.java | 6 +-
.../impl/metadata/PvpMetadataResolverFactory.java | 19 ++++---
.../pvp2/test/PvpCoreMessageSourceTest.java | 8 +--
.../modules/pvp2/test/binding/PostBindingTest.java | 65 +++++++++++-----------
.../pvp2/test/metadata/MetadataBuilderTest.java | 3 +-
.../pvp2/idp/test/AuthenticationActionTest.java | 1 +
.../modules/pvp2/idp/test/MetadataActionTest.java | 1 +
9 files changed, 59 insertions(+), 47 deletions(-)
(limited to 'eaaf_modules')
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java
index eb17781b..d76f4aad 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java
@@ -105,6 +105,7 @@ public class SL20JsonBuilderUtils {
* @param name commando name
* @param result commando result
* @param encryptedResult encrypted commando result
+ * @param signer {@link JsonSecurityUtils} implementation
* @return JWS in serialized form
* @throws SlCommandoBuildException in case of an error
*
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java
index eb6de461..40ea0430 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java
@@ -63,6 +63,7 @@ public class SL20JsonExtractorUtils {
* @param input JSON
* @param keyID Element identifier
* @param isRequired true, if the element must not null
+ * @param defaultValue in case of no existing element with key
* @return Boolean
* @throws SlCommandoParserException In case of an error
*/
@@ -269,6 +270,7 @@ public class SL20JsonExtractorUtils {
*
* @param container JSON
* @param joseTools JWS implementation
+ * @param mustBeSigned Throw an error if the result was not signed
* @return Signature verification result that contains the payLoad
* @throws SlCommandoParserException In case of an error
*/
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java
index bf201803..1d6e3738 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java
@@ -19,8 +19,6 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.builder;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.schema.XSInteger;
@@ -30,6 +28,8 @@ import org.opensaml.core.xml.schema.impl.XSStringBuilder;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.core.AttributeValue;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+
/**
* Build all attributes from PVP2 citizen-token.
*
@@ -73,6 +73,7 @@ public class CitizenTokenBuilder {
* Build simple attribute.
*
* @param friendlyName attribute friendly-name
+ * @param name attribute name
* @param value Attributevalue
* @return XML attribute
*/
@@ -89,6 +90,7 @@ public class CitizenTokenBuilder {
* Build simple attribute.
*
* @param friendlyName attribute friendly-name
+ * @param name attribute name
* @param value Attributevalue
* @return XML attribute
*/
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java
index 0b505e56..d29f1a0e 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java
@@ -8,15 +8,6 @@ import javax.annotation.Nullable;
import javax.annotation.PostConstruct;
import javax.net.ssl.SSLHandshakeException;
-import at.gv.egiz.components.spring.api.IDestroyableObject;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter;
-
import org.apache.http.client.HttpClient;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.saml.metadata.resolver.ExtendedRefreshableMetadataResolver;
@@ -30,6 +21,15 @@ import org.springframework.core.io.ResourceLoader;
import com.google.common.base.Predicates;
import com.google.common.base.Throwables;
import com.google.common.collect.FluentIterable;
+
+import at.gv.egiz.components.spring.api.IDestroyableObject;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter;
import lombok.extern.slf4j.Slf4j;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
@@ -90,6 +90,7 @@ public class PvpMetadataResolverFactory implements IDestroyableObject {
* @param filter Filters, which should be used to validate the
* metadata
* @param idForLogging Id, which is used for Logging
+ * @param pool XML parser-pool to parse SAML2 Metadaten
* @param httpClient Apache commons 4.x http client
*
* @return SAML2 Metadata Provider, or null if the metadata provider can not
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java
index b94ed8cc..88106e5b 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java
@@ -2,8 +2,6 @@ package at.gv.egiz.eaaf.modules.pvp2.test;
import java.util.List;
-import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation;
-
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -14,10 +12,12 @@ import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation;
+
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml",
-"/spring/test_eaaf_core_spring_config.beans.xml",
-"/spring/eaaf_utils.beans.xml" })
+ "/spring/test_eaaf_core_spring_config.beans.xml",
+ "/spring/eaaf_utils.beans.xml" })
@TestPropertySource(locations = { "/config/config_1.props" })
public class PvpCoreMessageSourceTest {
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
index ee601c73..2449c73c 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
@@ -9,33 +9,6 @@ import java.util.Map;
import javax.xml.parsers.ParserConfigurationException;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
-import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
-import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory;
-import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
-import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
-import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest;
-
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.RandomStringUtils;
import org.joda.time.DateTime;
@@ -69,6 +42,32 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
+import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest;
import net.shibboleth.utilities.java.support.net.URIComparator;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
@@ -357,7 +356,8 @@ public class PostBindingTest {
@Test
public void decodeRequestSuccessWithRequestAttributes() throws MessageDecodingException, SecurityException,
- IOException, Pvp2Exception, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, MarshallingException {
+ IOException, Pvp2Exception, CredentialsNotAvailableException, XMLParserException,
+ UnmarshallingException, MarshallingException {
final String serviceUrl = "https://eidas-test.bmi.gv.at/ms_connector/pvp/post";
final String relayState = RandomStringUtils.randomAlphanumeric(10);
@@ -369,7 +369,8 @@ public class PostBindingTest {
issuer.setValue("https://demo.egiz.gv.at/demoportal_demologin/");
authnReq.setIssuer(issuer);
- final RequestAbstractType signedAuthn = Saml2Utils.signSamlObject(authnReq, credentialProvider.getMessageSigningCredential(), true);
+ final RequestAbstractType signedAuthn = Saml2Utils.signSamlObject(
+ authnReq, credentialProvider.getMessageSigningCredential(), true);
final Element signedElement = XMLObjectSupport.getMarshaller(signedAuthn).marshall(signedAuthn);
final String b64AuthnReq =
Base64.getEncoder().encodeToString(SerializeSupport.nodeToString(signedElement).getBytes("UTF-8"));
@@ -404,7 +405,8 @@ public class PostBindingTest {
Assert.assertEquals("extension child size", 1, parsedAuthnReq.getExtensions().getUnknownXMLObjects().size());
final XMLObject reqAttrs = parsedAuthnReq.getExtensions().getUnknownXMLObjects().get(0);
- org.springframework.util.Assert.isInstanceOf(EaafRequestedAttributes.class, reqAttrs, "Wrong requested Attributes type");
+ org.springframework.util.Assert.isInstanceOf(
+ EaafRequestedAttributes.class, reqAttrs, "Wrong requested Attributes type");
final EaafRequestedAttributes eaafReqAttrs = (EaafRequestedAttributes) reqAttrs;
Assert.assertNotNull("Req attr is null", eaafReqAttrs.getAttributes());
Assert.assertFalse("Req attr is empty", eaafReqAttrs.getAttributes().isEmpty());
@@ -418,7 +420,8 @@ public class PostBindingTest {
Assert.assertEquals("Req. Attr. Value size", 1, eaafReqAttr.getAttributeValues().size());
org.springframework.util.Assert.isInstanceOf(XSString.class, eaafReqAttr.getAttributeValues().get(0),
"Wrong requested Attributes Value type");
- Assert.assertEquals("Req. Attr. Value", "urn:publicid:gv.at:cdid+BF", ((XSString)eaafReqAttr.getAttributeValues().get(0)).getValue());
+ Assert.assertEquals("Req. Attr. Value", "urn:publicid:gv.at:cdid+BF",
+ ((XSString)eaafReqAttr.getAttributeValues().get(0)).getValue());
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
index 8657bc60..5b09d50d 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
@@ -159,7 +159,8 @@ public class MetadataBuilderTest {
return entity;
}
- public static IPvpMetadataBuilderConfiguration idpMetadataConfig(IPvp2CredentialProvider credentialProvider, boolean buildSpInfos, boolean buildIdpInfos) {
+ public static IPvpMetadataBuilderConfiguration idpMetadataConfig(
+ IPvp2CredentialProvider credentialProvider, boolean buildSpInfos, boolean buildIdpInfos) {
return new IPvpMetadataBuilderConfiguration() {
@Override
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java
index a88fa869..df5c15f8 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java
@@ -39,6 +39,7 @@ public class AuthenticationActionTest {
protected MockHttpServletRequest httpReq;
protected MockHttpServletResponse httpResp;
private PvpSProfilePendingRequest pendingReq;
+
/**
* JUnit class initializer.
*
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/MetadataActionTest.java b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/MetadataActionTest.java
index 8436a43d..51b4eaef 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/MetadataActionTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/MetadataActionTest.java
@@ -35,6 +35,7 @@ public class MetadataActionTest {
protected MockHttpServletRequest httpReq;
protected MockHttpServletResponse httpResp;
private TestRequestImpl pendingReq;
+
/**
* JUnit class initializer.
*
--
cgit v1.2.3
From c7bcb18c30f1a80e23c53bb72bee13d93210041b Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Thu, 26 Mar 2020 16:47:40 +0100
Subject: some more editorial changes
---
.../eaaf/modules/pvp2/test/QaaLevelVerifierTest.java | 20 ++++++++++----------
.../modules/pvp2/test/binding/PostBindingTest.java | 4 +++-
.../pvp2/test/dummy/DummyCredentialProvider.java | 9 +++++++--
.../pvp2/test/metadata/MetadataBuilderTest.java | 8 ++++++++
4 files changed, 28 insertions(+), 13 deletions(-)
(limited to 'eaaf_modules')
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java
index 44cdf111..c2530004 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java
@@ -27,7 +27,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
try {
@@ -35,7 +35,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
}
@@ -54,7 +54,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
}
@@ -69,7 +69,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_SUBSTANTIAL, requiredLoAs, matchingMode);
@@ -80,7 +80,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
}
@@ -95,7 +95,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
try {
@@ -103,7 +103,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_HIGH, requiredLoAs, matchingMode);
@@ -113,7 +113,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
}
@@ -128,7 +128,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_LOW, requiredLoAs, matchingMode);
@@ -139,7 +139,7 @@ public class QaaLevelVerifierTest {
Assert.fail("LoA should not be allowed");
} catch (QaaNotAllowedException e) {
-
+ Assert.assertNotNull("No errorMsg", e.getMessage());
}
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
index 2449c73c..f14a9093 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
@@ -457,7 +457,9 @@ public class PostBindingTest {
try {
Assert.assertNotNull("AuthnReq is null", msg.getInboundMessage());
- } catch (final RuntimeException e) { }
+ } catch (final RuntimeException e) {
+ Assert.assertNotNull("No errorMsg", e.getMessage());
+ }
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java
index 7418e1b3..1fe9afcf 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java
@@ -1,13 +1,13 @@
package at.gv.egiz.eaaf.modules.pvp2.test.dummy;
+import org.springframework.beans.factory.annotation.Autowired;
+
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
-import org.springframework.beans.factory.annotation.Autowired;
-
public class DummyCredentialProvider extends AbstractCredentialProvider {
@Autowired IConfiguration basicConfig;
@@ -49,6 +49,11 @@ public class DummyCredentialProvider extends AbstractCredentialProvider {
}
+ /**
+ * Get Path to keystore.
+ *
+ * @return
+ */
public String getKeyStoreFilePath() {
final String path = basicConfig.getBasicConfiguration(KEYSTORE_PATH);
return path;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
index 5b09d50d..3cc0a908 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
@@ -159,6 +159,14 @@ public class MetadataBuilderTest {
return entity;
}
+ /**
+ * Dummy Metadata builder configuration.
+ *
+ * @param credentialProvider Credentialprovider
+ * @param buildSpInfos Sp metadata flag
+ * @param buildIdpInfos IDP metadata flag
+ * @return
+ */
public static IPvpMetadataBuilderConfiguration idpMetadataConfig(
IPvp2CredentialProvider credentialProvider, boolean buildSpInfos, boolean buildIdpInfos) {
return new IPvpMetadataBuilderConfiguration() {
--
cgit v1.2.3
From 5945c62128c2cb9d552ad7b4c085c09d046d2d56 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Wed, 1 Apr 2020 17:22:28 +0200
Subject: switch to next release version 1.1.1
---
eaaf_modules/eaaf_module_auth_sl20/pom.xml | 2 +-
eaaf_modules/eaaf_module_moa-sig/pom.xml | 2 +-
eaaf_modules/eaaf_module_pvp2_core/pom.xml | 2 +-
eaaf_modules/eaaf_module_pvp2_idp/pom.xml | 2 +-
eaaf_modules/eaaf_module_pvp2_sp/pom.xml | 2 +-
eaaf_modules/pom.xml | 2 +-
6 files changed, 6 insertions(+), 6 deletions(-)
(limited to 'eaaf_modules')
diff --git a/eaaf_modules/eaaf_module_auth_sl20/pom.xml b/eaaf_modules/eaaf_module_auth_sl20/pom.xml
index 482596a2..c113ef98 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/pom.xml
+++ b/eaaf_modules/eaaf_module_auth_sl20/pom.xml
@@ -6,7 +6,7 @@
at.gv.egiz.eaaf
eaaf_modules
- 1.1.1-SNAPSHOT
+ 1.1.1
eaaf_module_auth_sl20
Generic SL2.0 authentication
diff --git a/eaaf_modules/eaaf_module_moa-sig/pom.xml b/eaaf_modules/eaaf_module_moa-sig/pom.xml
index eb2cdae8..aa63b3c3 100644
--- a/eaaf_modules/eaaf_module_moa-sig/pom.xml
+++ b/eaaf_modules/eaaf_module_moa-sig/pom.xml
@@ -5,7 +5,7 @@
at.gv.egiz.eaaf
eaaf_modules
- 1.1.1-SNAPSHOT
+ 1.1.1
eaaf_module_moa-sig
MOA-Sig signature verification module
diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
index efc359aa..253d0afb 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
@@ -7,7 +7,7 @@
at.gv.egiz.eaaf
eaaf_modules
- 1.1.1-SNAPSHOT
+ 1.1.1
eaaf_module_pvp2_core
eaaf_module_pvp2_core
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
index b570c88a..e8fb2acc 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
@@ -5,7 +5,7 @@
at.gv.egiz.eaaf
eaaf_modules
- 1.1.1-SNAPSHOT
+ 1.1.1
eaaf_module_pvp2_idp
eaaf_module_pvp2_idp
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
index cf2ac340..3b661c7b 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
@@ -5,7 +5,7 @@
at.gv.egiz.eaaf
eaaf_modules
- 1.1.1-SNAPSHOT
+ 1.1.1
eaaf_module_pvp2_sp
eaaf_module_pvp2_sp
diff --git a/eaaf_modules/pom.xml b/eaaf_modules/pom.xml
index 3addb4b5..84f4163d 100644
--- a/eaaf_modules/pom.xml
+++ b/eaaf_modules/pom.xml
@@ -4,7 +4,7 @@
at.gv.egiz
eaaf
- 1.1.1-SNAPSHOT
+ 1.1.1
at.gv.egiz.eaaf
--
cgit v1.2.3