diff options
| author | lalber <lukas.alber@iaik.tugraz.at> | 2020-11-02 23:29:54 +0100 | 
|---|---|---|
| committer | lalber <lukas.alber@iaik.tugraz.at> | 2020-11-02 23:29:54 +0100 | 
| commit | 8e239b9cb072e62d693f3d54a6a9ad2d9983cc71 (patch) | |
| tree | 50c71f74f6a48d502d354a689994418a2a2771f7 | |
| parent | 608b9ac7a9f4d3ebdb6efa2d4e5453d5a015be3a (diff) | |
| download | National_eIDAS_Gateway-8e239b9cb072e62d693f3d54a6a9ad2d9983cc71.tar.gz National_eIDAS_Gateway-8e239b9cb072e62d693f3d54a6a9ad2d9983cc71.tar.bz2 National_eIDAS_Gateway-8e239b9cb072e62d693f3d54a6a9ad2d9983cc71.zip | |
AuthDataBuilder and AttributeBuilder
9 files changed, 503 insertions, 20 deletions
| diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java new file mode 100644 index 00000000..ab5db0a6 --- /dev/null +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java @@ -0,0 +1,64 @@ +/* + * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a + * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European + * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in + * compliance with the Licence. You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software distributed under the Licence + * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the Licence for the specific language governing permissions and limitations under + * the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text file for details on the + * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative + * works that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.connector.attributes; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata; + +import java.text.DateFormat; +import java.text.SimpleDateFormat; + +@PvpMetadata +public class AuthBlockAttributeBuilder implements IPvpAttributeBuilder { + +  private static final String AUTHBLOCK_FRIENDLY_NAME = "AUTHBLOCK"; +  private static final String AUTHBLOCK_NAME = "urn:oid:x.x.x.x"; //TODO set oid + +  @Override +  public String getName() { +    return AUTHBLOCK_NAME; +  } + +  @Override +  public <ATT> ATT build(final ISpConfiguration oaParam, final IAuthData authData, +      final IAttributeGenerator<ATT> g) throws AttributeBuilderException { + +    String authBlock = authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class); +    if (authBlock != null) { +      return g.buildStringAttribute(AUTHBLOCK_FRIENDLY_NAME, AUTHBLOCK_NAME, authBlock); + +    } else { +      throw new UnavailableAttributeException(AUTHBLOCK_NAME); +    } + +  } + +  @Override +  public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g) { +    return g.buildEmptyAttribute(AUTHBLOCK_FRIENDLY_NAME, AUTHBLOCK_NAME); +  } + +} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java new file mode 100644 index 00000000..c6dfed1a --- /dev/null +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java @@ -0,0 +1,64 @@ +/* + * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a + * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European + * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in + * compliance with the Licence. You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software distributed under the Licence + * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the Licence for the specific language governing permissions and limitations under + * the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text file for details on the + * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative + * works that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.connector.attributes; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata; + +import java.text.DateFormat; +import java.text.SimpleDateFormat; + +@PvpMetadata +public class EidasBindAttributeBuilder implements IPvpAttributeBuilder { + +  private static final String EIDASBIND_FRIENDLY_NAME = "EIDASBIND"; +  private static final String EIDASBIND_NAME = "urn:oid:x.x.x.x"; //TODO set oid + +  @Override +  public String getName() { +    return EIDASBIND_NAME; +  } + +  @Override +  public <ATT> ATT build(final ISpConfiguration oaParam, final IAuthData authData, +      final IAttributeGenerator<ATT> g) throws AttributeBuilderException { + +    String eidasBind = authData.getGenericData(Constants.EIDAS_BIND, String.class); +    if (eidasBind != null) { +      return g.buildStringAttribute(EIDASBIND_FRIENDLY_NAME, EIDASBIND_NAME, eidasBind); + +    } else { +      throw new UnavailableAttributeException(EIDASBIND_NAME); +    } + +  } + +  @Override +  public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g) { +    return g.buildEmptyAttribute(EIDASBIND_FRIENDLY_NAME, EIDASBIND_NAME); +  } + +} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java index b14faa62..51b89120 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java @@ -19,7 +19,7 @@   * file for details on the various modules and licenses.   * The "NOTICE" text file is part of the distribution. Any derivative works   * that you distribute must include a readable copy of the "NOTICE" text file. -*/ + */  package at.asitplus.eidas.specific.connector.builder; @@ -54,30 +54,37 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder    public IAuthData buildAuthenticationData(IRequest pendingReq) throws EaafAuthenticationException {      final IAuthProcessDataContainer authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); -    final AuthenticationData authData = new AuthenticationData(); +    AuthenticationData authData = new AuthenticationData(); -    try { -      generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData); +    String eidMode = pendingReq.getServiceProviderConfiguration() +        .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old"); -      // set specific informations -      authData.setSsoSessionValidTo(new Date(new Date().getTime() -          + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); +    if (eidMode.equals("new")) { -    } catch (EaafBuilderException | EaafParserException | EaafConfigurationException -        | XPathException | DOMException e) { -      log.warn("Can not build authentication data from auth. process information"); -      throw new EaafAuthenticationException("builder.11", new Object[] { e.getMessage() }, e); +      authData = (AuthenticationData) super.buildAuthenticationData(pendingReq); -    } +    } else { +      try { +        generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData); -    return authData; +        // set specific informations +        authData.setSsoSessionValidTo(new Date(new Date().getTime() +            + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); + +      } catch (EaafBuilderException | EaafParserException | EaafConfigurationException +          | XPathException | DOMException e) { +        log.warn("Can not build authentication data from auth. process information"); +        throw new EaafAuthenticationException("builder.11", new Object[]{e.getMessage()}, e); +      } +    } +    return authData;    }    @Override    protected IAuthData buildDeprecatedAuthData(IRequest arg0) throws EaafException {      return new AuthenticationData(); -     +    }    @Override @@ -103,7 +110,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder    @Override    protected Pair<String, String> getEncryptedBpkFromPvpAttribute(IAuthProcessDataContainer arg0, -      AuthenticationData arg1, ISpConfiguration arg2) throws EaafBuilderException { +                                                                 AuthenticationData arg1, ISpConfiguration arg2) throws EaafBuilderException {      return null;    } diff --git a/connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder new file mode 100644 index 00000000..8508cc4b --- /dev/null +++ b/connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -0,0 +1,2 @@ +at.asitplus.eidas.specific.connector.attributes.AuthBlockAttributeBuilder +at.asitplus.eidas.specific.connector.attributes.EidasBindAttributeBuilder diff --git a/connector/src/main/resources/SpringTest_connector.beans.xml b/connector/src/main/resources/SpringTest_connector.beans.xml new file mode 100644 index 00000000..5cf0d5b8 --- /dev/null +++ b/connector/src/main/resources/SpringTest_connector.beans.xml @@ -0,0 +1,129 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" +  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" +  xmlns:context="http://www.springframework.org/schema/context" +  xmlns:tx="http://www.springframework.org/schema/tx" +  xmlns:aop="http://www.springframework.org/schema/aop" +  xmlns:mvc="http://www.springframework.org/schema/mvc" +  xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd +    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd +    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd +    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd +    http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd"> + +  <context:annotation-config /> +  <mvc:annotation-driven /> +  <mvc:default-servlet-handler /> + +  <bean id="WebResourceConfiguration" +    class="at.asitplus.eidas.specific.connector.config.StaticResourceConfiguration" /> + +  <bean id="ProcessEngineSignalController" +    class="at.asitplus.eidas.specific.connector.controller.ProcessEngineSignalController" /> + +  <bean id="MonitoringController" +    class="at.asitplus.eidas.specific.connector.controller.MonitoringController"> +    <property name="pvpIdpCredentials"> +      <ref bean="PVPEndPointCredentialProvider" /> +    </property> +  </bean> + +  <bean id="AuthenticationManager" +    class="at.asitplus.eidas.specific.connector.auth.AuthenticationManager" /> + +  <bean id="AuthenticationDataBuilder" +    class="at.asitplus.eidas.specific.connector.builder.AuthenticationDataBuilder" /> + +  <bean id="PVPEndPointConfiguration" +    class="at.asitplus.eidas.specific.connector.config.PvpEndPointConfiguration" /> + +  <bean id="PVPEndPointCredentialProvider" +    class="at.asitplus.eidas.specific.connector.provider.PvpEndPointCredentialProvider" /> + +  <bean id="PVPMetadataConfigurationFactory" +    class="at.asitplus.eidas.specific.connector.provider.PvpMetadataConfigurationFactory" /> + +  <bean id="PVP2XProtocol" +    class="at.asitplus.eidas.specific.connector.controller.Pvp2SProfileEndpoint"> +    <property name="pvpIdpCredentials"> +      <ref bean="PVPEndPointCredentialProvider" /> +    </property> +  </bean> + +  <bean id="AuthnRequestValidator" +    class="at.asitplus.eidas.specific.connector.verification.AuthnRequestValidator" /> + +  <bean id="SAMLVerificationEngine" +    class="at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine" /> + +  <bean id="pvpMetadataService" +    class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.MetadataAction"> +    <property name="pvpIdpCredentials"> +      <ref bean="PVPEndPointCredentialProvider" /> +    </property> +  </bean> + +  <bean id="PVPAuthenticationRequestAction" +    class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.AuthenticationAction"> +    <property name="pvpIdpCredentials"> +      <ref bean="PVPEndPointCredentialProvider" /> +    </property> +  </bean> + +  <bean id="eaafProtocolAuthenticationService" +    class="at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService"> +    <property name="guiBuilder" ref="mvcGUIBuilderImpl" /> +  </bean> + +  <bean id="securePendingRequestIdGeneration" +    class="at.gv.egiz.eaaf.core.impl.utils.SecurePendingRequestIdGenerationStrategy" /> + +  <bean id="PVPMetadataProvider" +    class="at.asitplus.eidas.specific.connector.provider.PvpMetadataProvider" /> + +  <bean id="PVPSubjectNameGenerator" +    class="at.asitplus.eidas.specific.connector.builder.PvpSubjectNameGenerator" /> + +  <bean id="LoALevelMapper" +    class="at.asitplus.eidas.specific.connector.mapper.LoALevelMapper" /> + +  <bean id="GUIBuilderConfigurationFactory" +    class="at.asitplus.eidas.specific.connector.gui.GuiBuilderConfigurationFactory" /> + +  <bean id="velocityGUIBuilderImpl" +    class="at.asitplus.eidas.specific.connector.gui.DefaultVelocityGuiBuilderImpl" /> + +  <bean id="mvcGUIBuilderImpl" +    class="at.asitplus.eidas.specific.connector.gui.SpringMvcGuiFormBuilderImpl" /> + +  <bean id="templateEngine" +    class="org.thymeleaf.spring5.SpringTemplateEngine"> +    <property name="templateResolver" ref="templateResolver" /> +  </bean> + +  <bean class="org.thymeleaf.spring5.view.ThymeleafViewResolver"> +    <property name="order" value="2" /> +    <property name="templateEngine" ref="templateEngine" /> +    <property name="characterEncoding" value="UTF-8" /> +  </bean> + +  <bean id="StatusMessageProvider" +    class="at.asitplus.eidas.specific.connector.provider.StatusMessageProvider" /> + +  <bean id="eidasRevisionLogger" +    class="at.asitplus.eidas.specific.connector.logger.RevisionLogger" /> + +  <bean id="eidasStatisticLogger" +    class="at.asitplus.eidas.specific.connector.logger.StatisticLogger" /> + + +  <!-- Tasks --> +  <bean id="GenerateCountrySelectionFrameTask" +    class="at.asitplus.eidas.specific.connector.processes.tasks.GenerateCountrySelectionFrameTask" +    scope="prototype" /> + +  <bean id="EvaluateCountrySelectionTask" +    class="at.asitplus.eidas.specific.connector.processes.tasks.EvaluateCountrySelectionTask" +    scope="prototype" /> + +</beans>
\ No newline at end of file diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthenticationDataBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthenticationDataBuilderTest.java new file mode 100644 index 00000000..4ae2a34d --- /dev/null +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthenticationDataBuilderTest.java @@ -0,0 +1,95 @@ +package at.asitplus.eidas.specific.connector.test; + + +import at.asitplus.eidas.specific.connector.builder.AuthenticationDataBuilder; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import net.shibboleth.utilities.java.support.component.ComponentInitializationException; +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.config.InitializationException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.i18n.LocaleContextHolder; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.web.WebAppConfiguration; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import java.util.HashMap; +import java.util.Map; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({"/applicationContext.xml", +    "/SpringTest_connector.beans.xml", +    "/eaaf_core.beans.xml", +    "/eaaf_pvp.beans.xml", +    "/eaaf_pvp_idp.beans.xml", +    "/spring/SpringTest-context_simple_storage.xml" }) +@WebAppConfiguration +public class AuthenticationDataBuilderTest { + +  @Autowired +  private AuthenticationDataBuilder authenticationDataBuilder; + +  @Autowired(required = true) +  private IConfiguration basicConfig; + +  private MockHttpServletRequest httpReq; +  private MockHttpServletResponse httpResp; +  private TestRequestImpl pendingReq; + +  private DummySpConfiguration oaParam; + + +  @BeforeClass +  public static void classInitializer() throws InitializationException, ComponentInitializationException { +    final String current = new java.io.File(".").toURI().toString(); +    System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_3.properties"); + +    EaafOpenSaml3xInitializer.eaafInitialize(); +  } + +  @Before +  public void initialize() throws EaafStorageException { +    httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); +    httpResp = new MockHttpServletResponse(); +    RequestContextHolder.resetRequestAttributes(); +    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + +    final Map<String, String> spConfig = new HashMap<>(); +    spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); +    spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); +    spConfig.put("eidMode", "new"); +    oaParam = new DummySpConfiguration(spConfig, basicConfig); + +    pendingReq = new TestRequestImpl(); +    pendingReq.setAuthUrl("https://localhost/ms_connector"); +    pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); +    pendingReq.setSpConfig(oaParam); +    pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); +    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(Constants.SZR_AUTHBLOCK, RandomStringUtils.randomAlphanumeric(20)); +    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(Constants.EIDAS_BIND, RandomStringUtils.randomAlphanumeric(20)); + + +    LocaleContextHolder.resetLocaleContext(); +  } + +  @Test +  public void first() throws EaafAuthenticationException { +    authenticationDataBuilder.buildAuthenticationData(pendingReq); +  } + +} diff --git a/connector/src/test/resources/config/junit_config_3.properties b/connector/src/test/resources/config/junit_config_3.properties new file mode 100644 index 00000000..2abda7db --- /dev/null +++ b/connector/src/test/resources/config/junit_config_3.properties @@ -0,0 +1,115 @@ +## Basic service configuration +eidas.ms.context.url.prefix= +eidas.ms.context.url.request.validation=false + +eidas.ms.context.use.clustermode=true + +##Monitoring +eidas.ms.monitoring.eIDASNode.metadata.url= + + +##Specific logger configuration +eidas.ms.technicallog.write.MDS.into.techlog=true +eidas.ms.revisionlog.write.MDS.into.revisionlog=true +eidas.ms.revisionlog.logIPAddressOfUser=true + +##Directory for static Web content +eidas.ms.webcontent.static.directory=webcontent/ +eidas.ms.webcontent.templates=templates/ +eidas.ms.webcontent.properties=properties/messages +eidas.ms.webcontent.templates.countryselection=countrySelection.html + +## extended validation of pending-request Id's +eidas.ms.core.pendingrequestid.maxlifetime=300 +eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256 +eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret + +## eIDAS Ref. Implementation connector ### +eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector +eidas.ms.auth.eIDAS.node_v2.forward.endpoint= +eidas.ms.auth.eIDAS.node_v2.forward.method=POST +eidas.ms.auth.eIDAS.node_v2.countrycode=AT +eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.* +eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=true +eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true +eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=true + +eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/substantial + +eidas.ms.auth.eIDAS.szrclient.useTestService=true +eidas.ms.auth.eIDAS.szrclient.endpoint.prod= +eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/junit.jks +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password=password +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path= +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password= +eidas.ms.auth.eIDAS.szrclient.timeout.connection=15 +eidas.ms.auth.eIDAS.szrclient.timeout.response=30 +eidas.ms.auth.eIDAS.szrclient.params.vkz= + +eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation=false + + +#Raw eIDAS Id data storage +eidas.ms.auth.eIDAS.szrclient.workarounds.eidmapping.revisionlog.active=true + +eidas.ms.auth.eIDAS.szrclient.params.setPlaceOfBirthIfAvailable=true +eidas.ms.auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true + +eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true +eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=true + +##without mandates +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.2=FirstName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.3=DateOfBirth,true + +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.4=PlaceOfBirth,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.5=BirthName,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.6=Gender,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.7=CurrentAddress,false + +##with mandates ---- NOT FULLY SUPPORTED AT THE MOMENT ----- +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.0=PersonIdentifier,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.1=FamilyName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.2=FirstName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.3=DateOfBirth,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.4=LegalPerson,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true + + +## PVP2 S-Profile end-point configuration +eidas.ms.pvp2.keystore.path=keys/junit.jks +eidas.ms.pvp2.keystore.password=password +eidas.ms.pvp2.key.metadata.alias= +eidas.ms.pvp2.key.metadata.password= +eidas.ms.pvp2.key.signing.alias= +eidas.ms.pvp2.key.signing.password= +eidas.ms.pvp2.metadata.validity=24 + +eidas.ms.pvp2.metadata.organisation.name=JUnit +eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit +eidas.ms.pvp2.metadata.organisation.url=http://junit.test +eidas.ms.pvp2.metadata.contact.givenname=Max +eidas.ms.pvp2.metadata.contact.surname=Mustermann +eidas.ms.pvp2.metadata.contact.email=max@junit.test + +## Service Provider configuration +eidas.ms.sp.0.uniqueID= +eidas.ms.sp.0.pvp2.metadata.truststore=keys/junit.jks +eidas.ms.sp.0.pvp2.metadata.truststore.password=password +eidas.ms.sp.0.eidMode=new + +#eidas.ms.sp.0.friendlyName= +#eidas.ms.sp.0.pvp2.metadata.url= +#eidas.ms.sp.0.policy.allowed.requested.targets=.* +#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false + + +##only for advanced config +eidas.ms.configuration.sp.disableRegistrationRequirement= +eidas.ms.configuration.restrictions.baseID.spTransmission= +eidas.ms.configuration.auth.default.countrycode= +eidas.ms.configuration.pvp.scheme.validation= +eidas.ms.configuration.pvp.enable.entitycategories=
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index eac62aae..83a2afa6 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -157,8 +157,8 @@ public class Constants {    public static final String SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE = "ELEKTR_DOKUMENT";    // AuthBlock -  public static final String SZR_AUTHBLOCK = "AUTHBLOCK"; -  public static final String EIDAS_BIND = "EIDAS_BIND"; +  public static final String SZR_AUTHBLOCK = "authData_AUTHBLOCK"; +  public static final String EIDAS_BIND = "authData_EIDAS_BIND";    // TODO remove!!! diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java index b141402a..86f28561 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -249,10 +249,10 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {            ObjectMapper mapper = new ObjectMapper();            String jwsPayload = mapper.writeValueAsString(pendingReq.getUniqueTransactionIdentifier()); -          String jwsSignature = JoseUtils.createSignature(ks, KSALIAS, KSPASSWORD.toCharArray(), jwsPayload, false, KSALIAS);//TODO joseutils kopiern +          String jwsSignature = JoseUtils.createSignature(ks, KSALIAS, KSPASSWORD.toCharArray(), jwsPayload, false, KSALIAS);            authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature); -          authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, jwsSignature); +          authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind);          } else {            final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo); @@ -294,7 +294,14 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {          }        } -      if (eidMode.equals("new")) {} +      if (eidMode.equals("new")) { +        authProcessData.setForeigner(true); +        authProcessData.setGenericDataToSession( +            PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, +            EidasResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get( +                Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst()); +        authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance()); +      }        else {          if (identityLink == null) {            log.error("ERnB did not return an identity link."); | 
