diff options
author | lalber <lukas.alber@iaik.tugraz.at> | 2020-11-02 23:29:54 +0100 |
---|---|---|
committer | lalber <lukas.alber@iaik.tugraz.at> | 2020-11-02 23:29:54 +0100 |
commit | 8e239b9cb072e62d693f3d54a6a9ad2d9983cc71 (patch) | |
tree | 50c71f74f6a48d502d354a689994418a2a2771f7 | |
parent | 608b9ac7a9f4d3ebdb6efa2d4e5453d5a015be3a (diff) | |
download | National_eIDAS_Gateway-8e239b9cb072e62d693f3d54a6a9ad2d9983cc71.tar.gz National_eIDAS_Gateway-8e239b9cb072e62d693f3d54a6a9ad2d9983cc71.tar.bz2 National_eIDAS_Gateway-8e239b9cb072e62d693f3d54a6a9ad2d9983cc71.zip |
AuthDataBuilder and AttributeBuilder
9 files changed, 503 insertions, 20 deletions
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java new file mode 100644 index 00000000..ab5db0a6 --- /dev/null +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/AuthBlockAttributeBuilder.java @@ -0,0 +1,64 @@ +/* + * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a + * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European + * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in + * compliance with the Licence. You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software distributed under the Licence + * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the Licence for the specific language governing permissions and limitations under + * the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text file for details on the + * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative + * works that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.connector.attributes; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata; + +import java.text.DateFormat; +import java.text.SimpleDateFormat; + +@PvpMetadata +public class AuthBlockAttributeBuilder implements IPvpAttributeBuilder { + + private static final String AUTHBLOCK_FRIENDLY_NAME = "AUTHBLOCK"; + private static final String AUTHBLOCK_NAME = "urn:oid:x.x.x.x"; //TODO set oid + + @Override + public String getName() { + return AUTHBLOCK_NAME; + } + + @Override + public <ATT> ATT build(final ISpConfiguration oaParam, final IAuthData authData, + final IAttributeGenerator<ATT> g) throws AttributeBuilderException { + + String authBlock = authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class); + if (authBlock != null) { + return g.buildStringAttribute(AUTHBLOCK_FRIENDLY_NAME, AUTHBLOCK_NAME, authBlock); + + } else { + throw new UnavailableAttributeException(AUTHBLOCK_NAME); + } + + } + + @Override + public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(AUTHBLOCK_FRIENDLY_NAME, AUTHBLOCK_NAME); + } + +} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java new file mode 100644 index 00000000..c6dfed1a --- /dev/null +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/attributes/EidasBindAttributeBuilder.java @@ -0,0 +1,64 @@ +/* + * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a + * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European + * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in + * compliance with the Licence. You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software distributed under the Licence + * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the Licence for the specific language governing permissions and limitations under + * the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text file for details on the + * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative + * works that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.connector.attributes; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata; + +import java.text.DateFormat; +import java.text.SimpleDateFormat; + +@PvpMetadata +public class EidasBindAttributeBuilder implements IPvpAttributeBuilder { + + private static final String EIDASBIND_FRIENDLY_NAME = "EIDASBIND"; + private static final String EIDASBIND_NAME = "urn:oid:x.x.x.x"; //TODO set oid + + @Override + public String getName() { + return EIDASBIND_NAME; + } + + @Override + public <ATT> ATT build(final ISpConfiguration oaParam, final IAuthData authData, + final IAttributeGenerator<ATT> g) throws AttributeBuilderException { + + String eidasBind = authData.getGenericData(Constants.EIDAS_BIND, String.class); + if (eidasBind != null) { + return g.buildStringAttribute(EIDASBIND_FRIENDLY_NAME, EIDASBIND_NAME, eidasBind); + + } else { + throw new UnavailableAttributeException(EIDASBIND_NAME); + } + + } + + @Override + public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(EIDASBIND_FRIENDLY_NAME, EIDASBIND_NAME); + } + +} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java index b14faa62..51b89120 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java @@ -19,7 +19,7 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. -*/ + */ package at.asitplus.eidas.specific.connector.builder; @@ -54,30 +54,37 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder public IAuthData buildAuthenticationData(IRequest pendingReq) throws EaafAuthenticationException { final IAuthProcessDataContainer authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); - final AuthenticationData authData = new AuthenticationData(); + AuthenticationData authData = new AuthenticationData(); - try { - generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData); + String eidMode = pendingReq.getServiceProviderConfiguration() + .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old"); - // set specific informations - authData.setSsoSessionValidTo(new Date(new Date().getTime() - + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); + if (eidMode.equals("new")) { - } catch (EaafBuilderException | EaafParserException | EaafConfigurationException - | XPathException | DOMException e) { - log.warn("Can not build authentication data from auth. process information"); - throw new EaafAuthenticationException("builder.11", new Object[] { e.getMessage() }, e); + authData = (AuthenticationData) super.buildAuthenticationData(pendingReq); - } + } else { + try { + generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData); - return authData; + // set specific informations + authData.setSsoSessionValidTo(new Date(new Date().getTime() + + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); + + } catch (EaafBuilderException | EaafParserException | EaafConfigurationException + | XPathException | DOMException e) { + log.warn("Can not build authentication data from auth. process information"); + throw new EaafAuthenticationException("builder.11", new Object[]{e.getMessage()}, e); + } + } + return authData; } @Override protected IAuthData buildDeprecatedAuthData(IRequest arg0) throws EaafException { return new AuthenticationData(); - + } @Override @@ -103,7 +110,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder @Override protected Pair<String, String> getEncryptedBpkFromPvpAttribute(IAuthProcessDataContainer arg0, - AuthenticationData arg1, ISpConfiguration arg2) throws EaafBuilderException { + AuthenticationData arg1, ISpConfiguration arg2) throws EaafBuilderException { return null; } diff --git a/connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder new file mode 100644 index 00000000..8508cc4b --- /dev/null +++ b/connector/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -0,0 +1,2 @@ +at.asitplus.eidas.specific.connector.attributes.AuthBlockAttributeBuilder +at.asitplus.eidas.specific.connector.attributes.EidasBindAttributeBuilder diff --git a/connector/src/main/resources/SpringTest_connector.beans.xml b/connector/src/main/resources/SpringTest_connector.beans.xml new file mode 100644 index 00000000..5cf0d5b8 --- /dev/null +++ b/connector/src/main/resources/SpringTest_connector.beans.xml @@ -0,0 +1,129 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xmlns:mvc="http://www.springframework.org/schema/mvc" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd + http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd"> + + <context:annotation-config /> + <mvc:annotation-driven /> + <mvc:default-servlet-handler /> + + <bean id="WebResourceConfiguration" + class="at.asitplus.eidas.specific.connector.config.StaticResourceConfiguration" /> + + <bean id="ProcessEngineSignalController" + class="at.asitplus.eidas.specific.connector.controller.ProcessEngineSignalController" /> + + <bean id="MonitoringController" + class="at.asitplus.eidas.specific.connector.controller.MonitoringController"> + <property name="pvpIdpCredentials"> + <ref bean="PVPEndPointCredentialProvider" /> + </property> + </bean> + + <bean id="AuthenticationManager" + class="at.asitplus.eidas.specific.connector.auth.AuthenticationManager" /> + + <bean id="AuthenticationDataBuilder" + class="at.asitplus.eidas.specific.connector.builder.AuthenticationDataBuilder" /> + + <bean id="PVPEndPointConfiguration" + class="at.asitplus.eidas.specific.connector.config.PvpEndPointConfiguration" /> + + <bean id="PVPEndPointCredentialProvider" + class="at.asitplus.eidas.specific.connector.provider.PvpEndPointCredentialProvider" /> + + <bean id="PVPMetadataConfigurationFactory" + class="at.asitplus.eidas.specific.connector.provider.PvpMetadataConfigurationFactory" /> + + <bean id="PVP2XProtocol" + class="at.asitplus.eidas.specific.connector.controller.Pvp2SProfileEndpoint"> + <property name="pvpIdpCredentials"> + <ref bean="PVPEndPointCredentialProvider" /> + </property> + </bean> + + <bean id="AuthnRequestValidator" + class="at.asitplus.eidas.specific.connector.verification.AuthnRequestValidator" /> + + <bean id="SAMLVerificationEngine" + class="at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine" /> + + <bean id="pvpMetadataService" + class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.MetadataAction"> + <property name="pvpIdpCredentials"> + <ref bean="PVPEndPointCredentialProvider" /> + </property> + </bean> + + <bean id="PVPAuthenticationRequestAction" + class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.AuthenticationAction"> + <property name="pvpIdpCredentials"> + <ref bean="PVPEndPointCredentialProvider" /> + </property> + </bean> + + <bean id="eaafProtocolAuthenticationService" + class="at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService"> + <property name="guiBuilder" ref="mvcGUIBuilderImpl" /> + </bean> + + <bean id="securePendingRequestIdGeneration" + class="at.gv.egiz.eaaf.core.impl.utils.SecurePendingRequestIdGenerationStrategy" /> + + <bean id="PVPMetadataProvider" + class="at.asitplus.eidas.specific.connector.provider.PvpMetadataProvider" /> + + <bean id="PVPSubjectNameGenerator" + class="at.asitplus.eidas.specific.connector.builder.PvpSubjectNameGenerator" /> + + <bean id="LoALevelMapper" + class="at.asitplus.eidas.specific.connector.mapper.LoALevelMapper" /> + + <bean id="GUIBuilderConfigurationFactory" + class="at.asitplus.eidas.specific.connector.gui.GuiBuilderConfigurationFactory" /> + + <bean id="velocityGUIBuilderImpl" + class="at.asitplus.eidas.specific.connector.gui.DefaultVelocityGuiBuilderImpl" /> + + <bean id="mvcGUIBuilderImpl" + class="at.asitplus.eidas.specific.connector.gui.SpringMvcGuiFormBuilderImpl" /> + + <bean id="templateEngine" + class="org.thymeleaf.spring5.SpringTemplateEngine"> + <property name="templateResolver" ref="templateResolver" /> + </bean> + + <bean class="org.thymeleaf.spring5.view.ThymeleafViewResolver"> + <property name="order" value="2" /> + <property name="templateEngine" ref="templateEngine" /> + <property name="characterEncoding" value="UTF-8" /> + </bean> + + <bean id="StatusMessageProvider" + class="at.asitplus.eidas.specific.connector.provider.StatusMessageProvider" /> + + <bean id="eidasRevisionLogger" + class="at.asitplus.eidas.specific.connector.logger.RevisionLogger" /> + + <bean id="eidasStatisticLogger" + class="at.asitplus.eidas.specific.connector.logger.StatisticLogger" /> + + + <!-- Tasks --> + <bean id="GenerateCountrySelectionFrameTask" + class="at.asitplus.eidas.specific.connector.processes.tasks.GenerateCountrySelectionFrameTask" + scope="prototype" /> + + <bean id="EvaluateCountrySelectionTask" + class="at.asitplus.eidas.specific.connector.processes.tasks.EvaluateCountrySelectionTask" + scope="prototype" /> + +</beans>
\ No newline at end of file diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthenticationDataBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthenticationDataBuilderTest.java new file mode 100644 index 00000000..4ae2a34d --- /dev/null +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthenticationDataBuilderTest.java @@ -0,0 +1,95 @@ +package at.asitplus.eidas.specific.connector.test; + + +import at.asitplus.eidas.specific.connector.builder.AuthenticationDataBuilder; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import net.shibboleth.utilities.java.support.component.ComponentInitializationException; +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.config.InitializationException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.i18n.LocaleContextHolder; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.web.WebAppConfiguration; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import java.util.HashMap; +import java.util.Map; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({"/applicationContext.xml", + "/SpringTest_connector.beans.xml", + "/eaaf_core.beans.xml", + "/eaaf_pvp.beans.xml", + "/eaaf_pvp_idp.beans.xml", + "/spring/SpringTest-context_simple_storage.xml" }) +@WebAppConfiguration +public class AuthenticationDataBuilderTest { + + @Autowired + private AuthenticationDataBuilder authenticationDataBuilder; + + @Autowired(required = true) + private IConfiguration basicConfig; + + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + private TestRequestImpl pendingReq; + + private DummySpConfiguration oaParam; + + + @BeforeClass + public static void classInitializer() throws InitializationException, ComponentInitializationException { + final String current = new java.io.File(".").toURI().toString(); + System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_3.properties"); + + EaafOpenSaml3xInitializer.eaafInitialize(); + } + + @Before + public void initialize() throws EaafStorageException { + httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + final Map<String, String> spConfig = new HashMap<>(); + spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); + spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); + spConfig.put("eidMode", "new"); + oaParam = new DummySpConfiguration(spConfig, basicConfig); + + pendingReq = new TestRequestImpl(); + pendingReq.setAuthUrl("https://localhost/ms_connector"); + pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setSpConfig(oaParam); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(Constants.SZR_AUTHBLOCK, RandomStringUtils.randomAlphanumeric(20)); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(Constants.EIDAS_BIND, RandomStringUtils.randomAlphanumeric(20)); + + + LocaleContextHolder.resetLocaleContext(); + } + + @Test + public void first() throws EaafAuthenticationException { + authenticationDataBuilder.buildAuthenticationData(pendingReq); + } + +} diff --git a/connector/src/test/resources/config/junit_config_3.properties b/connector/src/test/resources/config/junit_config_3.properties new file mode 100644 index 00000000..2abda7db --- /dev/null +++ b/connector/src/test/resources/config/junit_config_3.properties @@ -0,0 +1,115 @@ +## Basic service configuration +eidas.ms.context.url.prefix= +eidas.ms.context.url.request.validation=false + +eidas.ms.context.use.clustermode=true + +##Monitoring +eidas.ms.monitoring.eIDASNode.metadata.url= + + +##Specific logger configuration +eidas.ms.technicallog.write.MDS.into.techlog=true +eidas.ms.revisionlog.write.MDS.into.revisionlog=true +eidas.ms.revisionlog.logIPAddressOfUser=true + +##Directory for static Web content +eidas.ms.webcontent.static.directory=webcontent/ +eidas.ms.webcontent.templates=templates/ +eidas.ms.webcontent.properties=properties/messages +eidas.ms.webcontent.templates.countryselection=countrySelection.html + +## extended validation of pending-request Id's +eidas.ms.core.pendingrequestid.maxlifetime=300 +eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256 +eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret + +## eIDAS Ref. Implementation connector ### +eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector +eidas.ms.auth.eIDAS.node_v2.forward.endpoint= +eidas.ms.auth.eIDAS.node_v2.forward.method=POST +eidas.ms.auth.eIDAS.node_v2.countrycode=AT +eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.* +eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=true +eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true +eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=true + +eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/substantial + +eidas.ms.auth.eIDAS.szrclient.useTestService=true +eidas.ms.auth.eIDAS.szrclient.endpoint.prod= +eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/junit.jks +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password=password +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path= +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password= +eidas.ms.auth.eIDAS.szrclient.timeout.connection=15 +eidas.ms.auth.eIDAS.szrclient.timeout.response=30 +eidas.ms.auth.eIDAS.szrclient.params.vkz= + +eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation=false + + +#Raw eIDAS Id data storage +eidas.ms.auth.eIDAS.szrclient.workarounds.eidmapping.revisionlog.active=true + +eidas.ms.auth.eIDAS.szrclient.params.setPlaceOfBirthIfAvailable=true +eidas.ms.auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true + +eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true +eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=true + +##without mandates +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.2=FirstName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.3=DateOfBirth,true + +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.4=PlaceOfBirth,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.5=BirthName,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.6=Gender,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.7=CurrentAddress,false + +##with mandates ---- NOT FULLY SUPPORTED AT THE MOMENT ----- +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.0=PersonIdentifier,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.1=FamilyName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.2=FirstName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.3=DateOfBirth,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.4=LegalPerson,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true + + +## PVP2 S-Profile end-point configuration +eidas.ms.pvp2.keystore.path=keys/junit.jks +eidas.ms.pvp2.keystore.password=password +eidas.ms.pvp2.key.metadata.alias= +eidas.ms.pvp2.key.metadata.password= +eidas.ms.pvp2.key.signing.alias= +eidas.ms.pvp2.key.signing.password= +eidas.ms.pvp2.metadata.validity=24 + +eidas.ms.pvp2.metadata.organisation.name=JUnit +eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit +eidas.ms.pvp2.metadata.organisation.url=http://junit.test +eidas.ms.pvp2.metadata.contact.givenname=Max +eidas.ms.pvp2.metadata.contact.surname=Mustermann +eidas.ms.pvp2.metadata.contact.email=max@junit.test + +## Service Provider configuration +eidas.ms.sp.0.uniqueID= +eidas.ms.sp.0.pvp2.metadata.truststore=keys/junit.jks +eidas.ms.sp.0.pvp2.metadata.truststore.password=password +eidas.ms.sp.0.eidMode=new + +#eidas.ms.sp.0.friendlyName= +#eidas.ms.sp.0.pvp2.metadata.url= +#eidas.ms.sp.0.policy.allowed.requested.targets=.* +#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false + + +##only for advanced config +eidas.ms.configuration.sp.disableRegistrationRequirement= +eidas.ms.configuration.restrictions.baseID.spTransmission= +eidas.ms.configuration.auth.default.countrycode= +eidas.ms.configuration.pvp.scheme.validation= +eidas.ms.configuration.pvp.enable.entitycategories=
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index eac62aae..83a2afa6 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -157,8 +157,8 @@ public class Constants { public static final String SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE = "ELEKTR_DOKUMENT"; // AuthBlock - public static final String SZR_AUTHBLOCK = "AUTHBLOCK"; - public static final String EIDAS_BIND = "EIDAS_BIND"; + public static final String SZR_AUTHBLOCK = "authData_AUTHBLOCK"; + public static final String EIDAS_BIND = "authData_EIDAS_BIND"; // TODO remove!!! diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java index b141402a..86f28561 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -249,10 +249,10 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { ObjectMapper mapper = new ObjectMapper(); String jwsPayload = mapper.writeValueAsString(pendingReq.getUniqueTransactionIdentifier()); - String jwsSignature = JoseUtils.createSignature(ks, KSALIAS, KSPASSWORD.toCharArray(), jwsPayload, false, KSALIAS);//TODO joseutils kopiern + String jwsSignature = JoseUtils.createSignature(ks, KSALIAS, KSPASSWORD.toCharArray(), jwsPayload, false, KSALIAS); authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature); - authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, jwsSignature); + authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind); } else { final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo); @@ -294,7 +294,14 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } - if (eidMode.equals("new")) {} + if (eidMode.equals("new")) { + authProcessData.setForeigner(true); + authProcessData.setGenericDataToSession( + PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, + EidasResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get( + Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst()); + authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance()); + } else { if (identityLink == null) { log.error("ERnB did not return an identity link."); |