aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorlalber <lukas.alber@iaik.tugraz.at>2020-10-20 16:57:45 +0200
committerlalber <lukas.alber@iaik.tugraz.at>2020-10-20 16:57:45 +0200
commitd42ef2bccc0acd4e1ee830f42956a5cafb863299 (patch)
treeaca5e0f56116e7d6f823fc1c0ff13a783fb09d73
parent3332e8c363b624e7478f303c403ea709844e822f (diff)
downloadNational_eIDAS_Gateway-d42ef2bccc0acd4e1ee830f42956a5cafb863299.tar.gz
National_eIDAS_Gateway-d42ef2bccc0acd4e1ee830f42956a5cafb863299.tar.bz2
National_eIDAS_Gateway-d42ef2bccc0acd4e1ee830f42956a5cafb863299.zip
cyclic depend
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/pom.xml6
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java5
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java98
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java21
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test_2.xml77
5 files changed, 160 insertions, 47 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml
index 4fe2bb36..9eeb0994 100644
--- a/eidas_modules/authmodule-eIDAS-v2/pom.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml
@@ -183,6 +183,12 @@
<artifactId>jose4j</artifactId>
<version>0.7.2</version>
</dependency>
+ <dependency>
+ <groupId>at.asitplus.eidas.ms_specific</groupId>
+ <artifactId>ms_specific_connector</artifactId>
+ <version>1.1.1-SNAPSHOT</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index 3eec12bd..eac62aae 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -156,6 +156,11 @@ public class Constants {
// Default values for SZR communication
public static final String SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE = "ELEKTR_DOKUMENT";
+ // AuthBlock
+ public static final String SZR_AUTHBLOCK = "AUTHBLOCK";
+ public static final String EIDAS_BIND = "EIDAS_BIND";
+
+
// TODO remove!!!
public static final String SZR_CONSTANTS_DEFAULT_ISSUING_DATE = "2014-01-01";
public static final String SZR_CONSTANTS_DEFAULT_ISSUING_AUTHORITY = "ms-specific eIDAS-Node for AT";
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index 93813ff5..b141402a 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -32,6 +32,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicati
import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils;
import at.gv.e_government.reference.namespace.persondata._20020228.AlternativeNameType;
import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType;
import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType;
@@ -61,6 +62,7 @@ import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
import lombok.extern.slf4j.Slf4j;
import lombok.val;
import org.apache.commons.lang3.StringUtils;
+import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.joda.time.DateTime;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@@ -72,8 +74,10 @@ import szrservices.TravelDocumentType;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import java.io.InputStream;
+import java.io.*;
+import java.security.KeyStore;
import java.security.KeyStoreException;
+import java.security.Provider;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
@@ -98,6 +102,10 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
@Autowired
EaafKeyStoreFactory keyStoreFactory;
+ Pair<KeyStore, Provider> ks;
+ private final String KSPASSWORD = "f/+saJBc3a}*/T^s";
+ private final String KSALIAS = "connectorkeypair";
+
/*
* (non-Javadoc)
*
@@ -114,6 +122,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
final ILightResponse eidasResponse = authProcessData.getGenericDataFromSession(
Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class);
+ String eidMode = pendingReq.getServiceProviderConfiguration()
+ .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old");
+
final Map<String, Object> simpleAttrMap = convertEidasAttrToSimpleMap(eidasResponse.getAttributes()
.getAttributeMap());
@@ -222,7 +233,6 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
}
- String eidMode = pendingReq.getServiceProviderConfiguration().getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old");
if (eidMode.equals("new")) {
String vsz = szrClient.getEncryptedStammzahl(personInfo);
@@ -239,8 +249,10 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
ObjectMapper mapper = new ObjectMapper();
String jwsPayload = mapper.writeValueAsString(pendingReq.getUniqueTransactionIdentifier());
-// JoseUtils.createSignature(new Pair<>(ks, ks.getProvider()), "connectorkeypair", passord.chararray(), jwsPayload, false, ); //TODO joseutils kopiern
+ String jwsSignature = JoseUtils.createSignature(ks, KSALIAS, KSPASSWORD.toCharArray(), jwsPayload, false, KSALIAS);//TODO joseutils kopiern
+ authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature);
+ authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, jwsSignature);
} else {
final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo);
@@ -282,44 +294,46 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
}
- if (identityLink == null) {
- log.error("ERnB did not return an identity link.");
- throw new SzrCommunicationException("ernb.00", null);
+ if (eidMode.equals("new")) {}
+ else {
+ if (identityLink == null) {
+ log.error("ERnB did not return an identity link.");
+ throw new SzrCommunicationException("ernb.00", null);
- }
- revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_IDL_RECEIVED,
- identityLink.getSamlAssertion().getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID));
+ }
+ revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_IDL_RECEIVED,
+ identityLink.getSamlAssertion().getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID));
- if (bpk == null) {
- log.error("ERnB did not return a bPK for target: " + pendingReq.getServiceProviderConfiguration()
- .getAreaSpecificTargetIdentifier());
- throw new SzrCommunicationException("ernb.01", null);
+ if (bpk == null) {
+ log.error("ERnB did not return a bPK for target: " + pendingReq.getServiceProviderConfiguration()
+ .getAreaSpecificTargetIdentifier());
+ throw new SzrCommunicationException("ernb.01", null);
- }
- revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_BPK_RECEIVED);
-
- log.debug("ERnB communication was successfull");
-
- authProcessData.setForeigner(true);
- authProcessData.setIdentityLink(identityLink);
- authProcessData.setGenericDataToSession(
- PvpAttributeDefinitions.EID_ISSUING_NATION_NAME,
- EidasResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get(
- Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst());
-
- // set bPK and bPKType into auth session
- authProcessData.setGenericDataToSession(
- PvpAttributeDefinitions.BPK_NAME,
- extendBpkByPrefix(
- bpk,
- pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()));
- authProcessData.setGenericDataToSession(
- PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME,
- pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
-
- // store pending-request
- requestStoreage.storePendingRequest(pendingReq);
+ }
+ revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_BPK_RECEIVED);
+
+ log.debug("ERnB communication was successfull");
+
+ authProcessData.setForeigner(true);
+ authProcessData.setIdentityLink(identityLink);
+ authProcessData.setGenericDataToSession(
+ PvpAttributeDefinitions.EID_ISSUING_NATION_NAME,
+ EidasResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get(
+ Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst());
+
+ // set bPK and bPKType into auth session
+ authProcessData.setGenericDataToSession(
+ PvpAttributeDefinitions.BPK_NAME,
+ extendBpkByPrefix(
+ bpk,
+ pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()));
+ authProcessData.setGenericDataToSession(
+ PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME,
+ pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+ // store pending-request
+ requestStoreage.storePendingRequest(pendingReq);
+ }
} catch (final EidasAttributeException e) {
throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e);
@@ -338,12 +352,12 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
final String current = new java.io.File(".").toURI().toString();
configuration.setSoftKeyStoreFilePath(current + "src/test/resources/keystore/teststore.jks");
- configuration.setSoftKeyStorePassword("f/+saJBc3a}*/T^s");
+ configuration.setSoftKeyStorePassword(KSPASSWORD); //TODO from config
configuration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.JKS);
- configuration.setFriendlyName("connectorkeypair");
- configuration.setKeyStoreName("connectorkeypair");
- val ks = keyStoreFactory.buildNewKeyStore(configuration);
- val publicKey = ks.getFirst().getCertificate("connectorkeypair").getPublicKey();
+ configuration.setFriendlyName(KSALIAS);
+ configuration.setKeyStoreName(KSALIAS);
+ ks = keyStoreFactory.buildNewKeyStore(configuration);
+ val publicKey = ks.getFirst().getCertificate(KSALIAS).getPublicKey();
return Base64.getEncoder().encodeToString(publicKey.getEncoded());
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
index f674b6b1..028210cb 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
@@ -9,6 +9,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnReque
import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService;
import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType;
import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
@@ -16,6 +17,7 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.controller.tasks.FinalizeAuthenticationTask;
import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration;
import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
@@ -63,9 +65,7 @@ import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
-import szrservices.PersonInfoType;
-import szrservices.SZR;
-import szrservices.SZRException_Exception;
+import szrservices.*;
import javax.xml.namespace.QName;
import java.io.IOException;
@@ -83,13 +83,15 @@ import static org.powermock.api.mockito.PowerMockito.*;
//@PowerMockRunnerDelegate(SpringJUnit4ClassRunner.class)
@PrepareForTest(CreateIdentityLinkTask.class)
@DirtiesContext(classMode = DirtiesContext.ClassMode.BEFORE_CLASS)
-@ContextConfiguration("/SpringTest-context_tasks_test.xml")
+@ContextConfiguration("/SpringTest-context_tasks_test_2.xml")
public class CreateIdentityLinkTaskEidNewTest {
@Autowired(required = true)
private CreateIdentityLinkTask task;
@Autowired(required = true)
+ private FinalizeAuthenticationTask authTask;
+ @Autowired(required = true)
private DummySpecificCommunicationService commService;
@Autowired(required = true)
private IConfiguration basicConfig;
@@ -142,8 +144,10 @@ public class CreateIdentityLinkTaskEidNewTest {
pendingReq.setSpConfig(oaParam);
pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue());
pendingReq.setAuthUrl("http://test.com/");
+ pendingReq.setTransactionId("avaasbav");
executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "XX");
+ executionContext.put(EaafConstants.PROCESS_ENGINE_REQUIRES_NO_POSTAUTH_REDIRECT, true);
szrMock = soap.mock(SZR.class, "http://localhost:1234/demoszr");
}
@@ -179,7 +183,7 @@ public class CreateIdentityLinkTaskEidNewTest {
.subjectNameIdFormat("afaf").attributes(attributeMap).build();
}
- @Test(expected = RuntimeException.class)
+ @Test
public void firstTest() {
// keystore password f/+saJBc3a}*/T^s
try {
@@ -188,10 +192,17 @@ public class CreateIdentityLinkTaskEidNewTest {
// SZR szrMock2 = Mockito.mock(SZR.class, Mockito.CALLS_REAL_METHODS);
when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(RandomStringUtils.randomNumeric(10));
+ val signContentResp = new SignContentResponseType();
+ SignContentEntry signContentEntry = new SignContentEntry();
+ signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10));
+ signContentResp.getOut().add(signContentEntry);
+ when(szrMock, "signContent", any(), any(), any()).thenReturn(signContentResp);
// when(szrMock2, "getStammzahlEncrypted", any(), any()).thenReturn(RandomStringUtils.randomNumeric(10));
// Wie kann ich das vom Bean rein gehängte SZR mit dem Mock überschreiben?
task.execute(pendingReq, executionContext);
+
+ authTask.execute(pendingReq, executionContext);
} catch (Exception e) {
e.printStackTrace();
Assert.fail();
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test_2.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test_2.xml
new file mode 100644
index 00000000..93b12a7c
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test_2.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xmlns:mvc="http://www.springframework.org/schema/mvc"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
+ http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
+
+ <context:annotation-config />
+ <mvc:annotation-driven />
+ <mvc:default-servlet-handler />
+
+
+ <import resource="SpringTest-context_authManager.xml" />
+ <import resource="SpringTest-context_basic_test.xml" />
+
+ <bean id="mvcGUIBuilderImpl"
+ class="at.asitplus.eidas.specific.connector.gui.SpringMvcGuiFormBuilderImpl" />
+
+ <bean id="springManagedSpecificConnectorCommunicationService"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService" />
+
+ <bean id="specificConnectorAttributesFileWithPath"
+ class="java.lang.String">
+ <constructor-arg
+ value="src/test/resources/config/eidas-attributes.xml" />
+ </bean>
+
+ <bean id="specificConnectorAdditionalAttributesFileWithPath"
+ class="java.lang.String">
+ <constructor-arg
+ value="src/test/resources/config/additional-attributes.xml" />
+ </bean>
+
+ <bean id="attributeRegistry"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry">
+ <property name="eidasAttributesFile"
+ ref="specificConnectorAttributesFileWithPath" />
+ <property name="additionalAttributesFile"
+ ref="specificConnectorAdditionalAttributesFileWithPath" />
+ </bean>
+
+ <!-- Authentication Process Tasks -->
+ <bean id="ConnecteIDASNodeTask"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask"
+ scope="prototype" />
+
+ <bean id="ReceiveResponseFromeIDASNodeTask"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAuthnResponseTask"
+ scope="prototype" />
+
+ <bean id="CreateIdentityLinkTask"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask"
+ scope="prototype" />
+
+ <bean id="FinalizeAuthenticationTask"
+ class="at.gv.egiz.eaaf.core.impl.idp.controller.tasks.FinalizeAuthenticationTask"
+ scope="prototype" />
+
+ <bean id="DummyProtocolAuthService"
+ class="at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService" />
+
+ <bean id="DummyGuiBuilderConfigurationFactory"
+ class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory" />
+
+ <bean id="StatisticLogger"
+ class="at.gv.egiz.eaaf.core.impl.logging.DummyStatisticLogger" />
+
+ <bean id="TestAuthenticationDataBuilder"
+ class="at.asitplus.eidas.specific.connector.builder.AuthenticationDataBuilder" />
+
+</beans> \ No newline at end of file