aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas <>2022-04-05 09:14:17 +0200
committerThomas <>2022-04-05 09:14:17 +0200
commit9d1e1294c2825c6f9a422c9f9c51f9965258d19e (patch)
tree489c11343c4911cfda0a78974bdb51724c264f47
parentecc1dd834c5af467a5aa0f77e5dc6d986c6af418 (diff)
parent791dc8acd7edbf22b98c2be111d420e61ebb39e6 (diff)
downloadNational_eIDAS_Gateway-9d1e1294c2825c6f9a422c9f9c51f9965258d19e.tar.gz
National_eIDAS_Gateway-9d1e1294c2825c6f9a422c9f9c51f9965258d19e.tar.bz2
National_eIDAS_Gateway-9d1e1294c2825c6f9a422c9f9c51f9965258d19e.zip
Merge branch 'master' into nightlybuild
# Conflicts: # build_reporting/pom.xml # connector/pom.xml # infos/history.txt # infos/readme_1.2.4.md # modules/authmodule-eIDAS-v2/pom.xml # modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java # modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java # modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java # modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java # modules/core_common_lib/pom.xml # modules/pom.xml # pom.xml
-rw-r--r--README.md17
-rw-r--r--connector/pom.xml24
-rw-r--r--connector/src/assembly/assembly_dir.xml1
-rw-r--r--connector/src/assembly/assembly_zip.xml1
-rw-r--r--connector/src/main/resources/application.properties2
-rw-r--r--infos/Handbuch_MS-eIDAS-Node.docxbin58160 -> 44039 bytes
-rw-r--r--infos/handbook/Handbuch_MS-eIDAS-Node.pdfbin162244 -> 432764 bytes
-rw-r--r--infos/history.txt13
-rw-r--r--infos/readme_1.2.4.md13
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java4
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java20
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java28
-rw-r--r--modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java3
-rw-r--r--modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java135
-rw-r--r--pom.xml26
15 files changed, 216 insertions, 71 deletions
diff --git a/README.md b/README.md
index 2afa0deb..62f3ec33 100644
--- a/README.md
+++ b/README.md
@@ -92,6 +92,23 @@ The full release package will be located add
## Changelog
+**v1.2.4**
+
+- Bugfix
+ - Mögliche RCE Schwachstelle in Spring Framework behoben ([CVE-2022-22965](https://tanzu.vmware.com/security/cve-2022-22965))
+ - Work-Around für insertErnp im ID Austria Betriebsmodus
+- Akutalisierung von Drittherstellerbibliotheken
+ - Spring-Core 5.3.18
+ - Spring-Boot 2.5.12
+ - thymeleaf-spring5 3.0.15.RELEASE
+ - Apache CXF 3.4.6
+ - Google Guava 31.1-jre
+ - Jackson 2.13.2
+ - Joda-Time 2.10.14
+ - jose4j 0.7.11
+ - log4j 2.17.2
+ - slf4j 1.7.36
+
**v1.2.3**
- Logging optimiert und Beispielkonfiguration um TransactionsId erweitert
diff --git a/connector/pom.xml b/connector/pom.xml
index 08e83cd8..9ffc4969 100644
--- a/connector/pom.xml
+++ b/connector/pom.xml
@@ -63,15 +63,15 @@
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-web</artifactId>
+ <exclusions>
+ <exclusion>
<groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-web</artifactId>
- <exclusions>
- <exclusion>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-tomcat</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
+ <artifactId>spring-boot-starter-tomcat</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
<dependency>
<groupId>de.codecentric</groupId>
<artifactId>spring-boot-admin-starter-client</artifactId>
@@ -100,10 +100,10 @@
<groupId>org.apache.commons</groupId>
<artifactId>commons-collections4</artifactId>
</dependency>
- <dependency>
- <groupId>org.hibernate.validator</groupId>
- <artifactId>hibernate-validator</artifactId>
- </dependency>
+ <dependency>
+ <groupId>org.hibernate.validator</groupId>
+ <artifactId>hibernate-validator</artifactId>
+ </dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
diff --git a/connector/src/assembly/assembly_dir.xml b/connector/src/assembly/assembly_dir.xml
index 59437be6..bc12a470 100644
--- a/connector/src/assembly/assembly_dir.xml
+++ b/connector/src/assembly/assembly_dir.xml
@@ -44,6 +44,7 @@
<!-- include>README.md</include-->
<include>readme_${project.version}.txt</include>
<include>readme_${project.version}.md</include>
+ <include>history.txt</include>
<include>eIDAS_Ref_Impl/*</include>
<include>handbook/*</include>
</includes>
diff --git a/connector/src/assembly/assembly_zip.xml b/connector/src/assembly/assembly_zip.xml
index 43877283..dcb7dab0 100644
--- a/connector/src/assembly/assembly_zip.xml
+++ b/connector/src/assembly/assembly_zip.xml
@@ -44,6 +44,7 @@
<!-- include>README.md</include -->
<include>readme_${project.version}.txt</include>
<include>readme_${project.version}.md</include>
+ <include>history.txt</include>
<include>eIDAS_Ref_Impl/*</include>
<include>handbook/*</include>
</includes>
diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties
index e7437840..73a258d7 100644
--- a/connector/src/main/resources/application.properties
+++ b/connector/src/main/resources/application.properties
@@ -100,7 +100,7 @@ eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject=false
#Raw eIDAS Id data storage
eidas.ms.auth.eIDAS.szrclient.workarounds.eidmapping.revisionlog.active=true
-
+eidas.ms.auth.eIDAS.szrclient.workarounds.use.getidentitylink.for.ida=true
eidas.ms.auth.eIDAS.szrclient.params.setPlaceOfBirthIfAvailable=true
eidas.ms.auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true
diff --git a/infos/Handbuch_MS-eIDAS-Node.docx b/infos/Handbuch_MS-eIDAS-Node.docx
index aacb3828..0401fea9 100644
--- a/infos/Handbuch_MS-eIDAS-Node.docx
+++ b/infos/Handbuch_MS-eIDAS-Node.docx
Binary files differ
diff --git a/infos/handbook/Handbuch_MS-eIDAS-Node.pdf b/infos/handbook/Handbuch_MS-eIDAS-Node.pdf
index 1d4195bb..b35a77bc 100644
--- a/infos/handbook/Handbuch_MS-eIDAS-Node.pdf
+++ b/infos/handbook/Handbuch_MS-eIDAS-Node.pdf
Binary files differ
diff --git a/infos/history.txt b/infos/history.txt
index ac815270..9c6f06d1 100644
--- a/infos/history.txt
+++ b/infos/history.txt
@@ -1,9 +1,20 @@
Dieses Dokument zeigt die Veränderungen und Erweiterungen am eIDAS MS-Connector
-Version 1.2.4 (2022-03-17):
+Version 1.2.4 (2022-04-05):
- Bugfix
+ - Mögliche RCE Schwachstelle via Spring Framework behoben (CVE-2022-22965)
- Work-Around für insertErnp im ID Austria Betriebsmodus
- Akutalisierung von Drittherstellerbibliotheken
+ - Spring-Core 5.3.18
+ - Spring-Boot 2.5.12
+ - thymeleaf-spring5 3.0.15.RELEASE
+ - Apache CXF 3.4.6
+ - Google Guava 31.1-jre
+ - Jackson 2.13.2
+ - Joda-Time 2.10.14
+ - jose4j 0.7.11
+ - log4j 2.17.2
+ - slf4j 1.7.36
Version 1.2.3 (2021-10-21):
- Bugfix
diff --git a/infos/readme_1.2.4.md b/infos/readme_1.2.4.md
index 9213a76a..fd393a10 100644
--- a/infos/readme_1.2.4.md
+++ b/infos/readme_1.2.4.md
@@ -1,14 +1,14 @@
-# MS-Connector v1.2.4 Release vom 17.03.2022
+# MS-Connector v1.2.4 Release vom 05.04.2022
Der MS-Connector implementiert eine Bridge zwischen dem österreichischen E-ID System und dem eIDAS Framework um ausländischen Benutzern eine Anmeldung am österreichischen Service-Providern zu ermöglichen.
### Änderungen in dieser Version
- Bugfix
-
+ - Mögliche RCE Schwachstelle in Spring Framework behoben ([CVE-2022-22965](https://tanzu.vmware.com/security/cve-2022-22965))
- Work-Around für insertErnp im ID Austria Betriebsmodus
- - Mögliche RCE Schwachstelle via Spring Framework behoben ([CVE-2022-22965](https://tanzu.vmware.com/security/cve-2022-22965))
-- Akutalisierung von Drittherstellerbibliotheken
+
+ - Akutalisierung von Drittherstellerbibliotheken
@@ -22,6 +22,9 @@ Nachfolgend finden Sie die erforderlichen Schritte für das Update eines bestehe
1. Stoppen Sie die *MS-Connector* Applikation und fertigen Sie eine Sicherungskopie Ihrer Applikation inklusive Konfiguration an
2. Entpacken Sie das Releasepacket *ms_specific_connector-1.2.4-dist.zip* in ein temporäres Verzeichnis welches in weiterer Folge __MsConnectorPackage__ bezeichnet wird.
3. Kopieren sie die Applikation __MsConnectorPackage__/ms_connector.war nach in das Applikationsverzeichnis ihres Applikationsservers
+4. Neue optionale Konfigurationsparameter
+ - *SZR Kommunikation*
+ - ```eidas.ms.auth.eIDAS.szrclient.workarounds.use.getidentitylink.for.ida```
### Ausgehend von einer bestehenden Version 1.1.0
@@ -58,3 +61,5 @@ Nachfolgend finden Sie die erforderlichen Schritte für das Update eines bestehe
- *ID Austria Umsetzung*
- ```eidas.ms.auth.eIDAS.eid.testidentity.default```
- ```eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject```
+ - *SZR Kommunikation*
+ - ```eidas.ms.auth.eIDAS.szrclient.workarounds.use.getidentitylink.for.ida```
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index be20e632..40b953b1 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -138,6 +138,10 @@ public class Constants {
public static final String CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_SQLLITEDATASTORE_ACTIVE =
CONIG_PROPS_EIDAS_SZRCLIENT + ".workarounds.datastore.sqlite.active";
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_IDA_VSZ_IDL =
+ CONIG_PROPS_EIDAS_SZRCLIENT + ".workarounds.use.getidentitylink.for.ida";
+
+
// http endpoint descriptions
public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/light/sp/post";
public static final String eIDAS_HTTP_ENDPOINT_SP_REDIRECT = "/eidas/light/sp/redirect";
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
index 5558fdfd..11ea2843 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
@@ -226,15 +226,15 @@ public class SzrClient {
* Request a encryped baseId from SRZ.
*
* @param personInfo Minimum dataset of person
+ * @param insertErnp insertErnp flag on SZR request
* @return encrypted baseId
* @throws SzrCommunicationException In case of a SZR error
*/
- public String getEncryptedStammzahl(final PersonInfoType personInfo)
+ public String getEncryptedStammzahl(final PersonInfoType personInfo, boolean insertErnp)
throws SzrCommunicationException {
-
final String resp;
try {
- resp = this.szr.getStammzahlEncrypted(personInfo, false);
+ resp = this.szr.getStammzahlEncrypted(personInfo, insertErnp);
} catch (SZRException_Exception e) {
throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e);
}
@@ -243,7 +243,19 @@ public class SzrClient {
throw new SzrCommunicationException("ernb.01", new Object[]{"Stammzahl response empty"}); // TODO error handling
}
- return resp;
+ return resp;
+ }
+
+ /**
+ * Request a encrypted baseId from SRZ without insertErnp.
+ *
+ * @param personInfo Minimum dataset of person
+ * @return encrypted baseId
+ * @throws SzrCommunicationException In case of a SZR error
+ */
+ public String getEncryptedStammzahl(final PersonInfoType personInfo)
+ throws SzrCommunicationException {
+ return getEncryptedStammzahl(personInfo, false);
}
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index 18ddab42..ce737526 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -150,12 +150,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
if (pendingReq.getServiceProviderConfiguration()
.isConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE, false)) {
- // work-around, because getEncryptedStammzahl does not support insertERnP for eIDAS entities
- SzrResultHolder idlResult = requestSzrForIdentityLink(personInfo);
-
- // get encrypted baseId
- String vsz = szrClient.getEncryptedStammzahl(buildGetEncryptedBaseIdReq(idlResult.identityLink));
-
+ // get VSZ
+ String vsz = getVszForPerson(personInfo);
+
//write revision-Log entry and extended infos personal-identifier mapping
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_VSZ_RECEIVED);
writeExtendedRevisionLogEntry(simpleAttrMap, eidData);
@@ -224,6 +221,25 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
}
+
+ private String getVszForPerson(PersonInfoType personInfo) throws SzrCommunicationException, EaafException {
+ if (basicConfig.getBasicConfigurationBoolean(
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_IDA_VSZ_IDL, true)) {
+ log.debug("IDA workaround is active. Requesting IDL to insert person into ERnP .... ");
+
+ // work-around, because getEncryptedStammzahl does not support insertERnP for eIDAS entities
+ SzrResultHolder idlResult = requestSzrForIdentityLink(personInfo);
+
+ // get encrypted baseId
+ return szrClient.getEncryptedStammzahl(buildGetEncryptedBaseIdReq(idlResult.identityLink));
+
+
+ } else {
+ return szrClient.getEncryptedStammzahl(personInfo, true);
+
+ }
+ }
+
private PersonInfoType buildGetEncryptedBaseIdReq(IIdentityLink identityLink) throws EaafBuilderException {
log.debug("Generating getVsz request from identityLink information ... ");
final PersonInfoType personInfo = new PersonInfoType();
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java
index 83d7866e..5b8bd8fd 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java
@@ -139,7 +139,7 @@ public class SzrClientTestProduction {
Assert.assertNotNull("vsz", vsz);
}
-
+
@Test
public void getEidasBind() throws SzrCommunicationException, EidasSAuthenticationException {
String vsz = RandomStringUtils.randomAlphanumeric(10);
@@ -246,7 +246,6 @@ public class SzrClientTestProduction {
private PersonInfoType getPersonInfo(String familyName, String givenName, String dateOfBirth, String eIDASeID)
throws EidasSAuthenticationException {
-
final PersonInfoType personInfo = new PersonInfoType();
final PersonNameType personName = new PersonNameType();
final PhysicalPersonType naturalPerson = new PhysicalPersonType();
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
index fd2e589b..10595402 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
@@ -141,6 +141,7 @@ public class CreateIdentityLinkTaskEidNewTest {
RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false");
+ basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.workarounds.use.getidentitylink.for.ida", "true");
final Map<String, String> spConfig = new HashMap<>();
spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp");
@@ -302,6 +303,106 @@ public class CreateIdentityLinkTaskEidNewTest {
}
+
+
+ @Test
+ public void successfulProcessWithStandardInfosWithoutIdl() throws Exception {
+ //initialize test
+ basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.workarounds.use.getidentitylink.for.ida", "false");
+
+ String vsz = RandomStringUtils.randomNumeric(10);
+ when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(vsz);
+ val signContentResp = new SignContentResponseType();
+ final SignContentEntry signContentEntry = new SignContentEntry();
+ signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10));
+ signContentResp.getOut().add(signContentEntry);
+ when(szrMock, "signContent", any(), any(), any()).thenReturn(signContentResp);
+
+ String randomTestSp = RandomStringUtils.randomAlphabetic(10);
+ String bindingPubKey = RandomStringUtils.randomAlphabetic(10);
+ pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp);
+ pendingReq.setRawDataToTransaction(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, bindingPubKey);
+
+ //perform test
+ task.execute(pendingReq, executionContext);
+
+ //validate state
+ // check if pendingRequest was stored
+ IRequest storedPendingReq = requestStorage.getPendingRequest(pendingReq.getPendingRequestId());
+ Assert.assertNotNull("pendingReq not stored", storedPendingReq);
+
+ //check data in session
+ final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class);
+ Assert.assertNotNull("AuthProcessData", authProcessData);
+ Assert.assertNotNull("eidasBind", authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class));
+
+ // check authblock signature
+ String authBlock = authProcessData.getGenericDataFromSession(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class);
+ Assert.assertNotNull("AuthBlock", authBlock);
+ final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT,
+ BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.toArray(new String[BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.size()]));
+ Pair<KeyStore, Provider> keyStore = getKeyStore();
+ X509Certificate[] trustedCerts = EaafKeyStoreUtils
+ .getPrivateKeyAndCertificates(keyStore.getFirst(), ALIAS, PW.toCharArray(), true, "junit").getSecond();
+ JwsResult result = JoseUtils.validateSignature(authBlock, Arrays.asList(trustedCerts), constraints);
+ Assert.assertTrue("AuthBlock not valid", result.isValid());
+ JsonNode authBlockJson = mapper.readTree(result.getPayLoad());
+ Assert.assertNotNull("deserialized AuthBlock", authBlockJson);
+
+ Assert.assertNotNull("no piiTransactionId in pendingRequesdt",
+ storedPendingReq.getUniquePiiTransactionIdentifier());
+ Assert.assertEquals("piiTransactionId", storedPendingReq.getUniquePiiTransactionIdentifier(),
+ authBlockJson.get("piiTransactionId").asText());
+ Assert.assertEquals("appId", randomTestSp, authBlockJson.get("appId").asText());
+ Assert.assertFalse("'challenge' is null", authBlockJson.get("challenge").asText().isEmpty());
+ Assert.assertFalse("'timestamp' is null", authBlockJson.get("timestamp").asText().isEmpty());
+ Assert.assertTrue("binding pubKey", authBlockJson.has("bindingPublicKey"));
+ Assert.assertEquals("binding PubKey", bindingPubKey, authBlockJson.get("bindingPublicKey").asText());
+
+ Assert.assertTrue("EID process", authProcessData.isEidProcess());
+ Assert.assertTrue("foreigner process", authProcessData.isForeigner());
+ Assert.assertEquals("EID-ISSUING_NATION", "LU",
+ authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class));
+ Assert.assertNotNull("LoA is null", authProcessData.getQaaLevel());
+ Assert.assertEquals("LoA", response.getLevelOfAssurance(),
+ authProcessData.getQaaLevel());
+
+ // check vsz request
+ ArgumentCaptor<PersonInfoType> argument4 = ArgumentCaptor.forClass(PersonInfoType.class);
+ ArgumentCaptor<Boolean> argument5 = ArgumentCaptor.forClass(Boolean.class);
+ verify(szrMock, times(1)).getStammzahlEncrypted(argument4.capture(), argument5.capture());
+
+ Boolean param5 = argument5.getValue();
+ Assert.assertTrue("insertERnP flag", param5);
+ PersonInfoType person = argument4.getValue();
+ Assert.assertEquals("FamilyName",
+ response.getAttributes().getAttributeValuesByFriendlyName("FamilyName").getFirstValue(
+ response.getAttributes().getDefinitionsByFriendlyName("FamilyName").iterator().next()),
+ person.getPerson().getName().getFamilyName());
+ Assert.assertEquals("GivenName",
+ response.getAttributes().getAttributeValuesByFriendlyName("FirstName").getFirstValue(
+ response.getAttributes().getDefinitionsByFriendlyName("FirstName").iterator().next()),
+ person.getPerson().getName().getGivenName());
+ Assert.assertEquals("DateOfBirth",
+ response.getAttributes().getAttributeValuesByFriendlyName("DateOfBirth").getFirstValue(
+ response.getAttributes().getDefinitionsByFriendlyName("DateOfBirth").iterator().next())
+ .toString().split("T")[0],
+ person.getPerson().getDateOfBirth());
+
+ Assert.assertNull("PlaceOfBirth", person.getPerson().getPlaceOfBirth());
+ Assert.assertNull("BirthName", person.getPerson().getAlternativeName());
+
+ Assert.assertEquals("CitizenCountry", "LU", person.getTravelDocument().getIssuingCountry());
+ Assert.assertEquals("DocumentType", "ELEKTR_DOKUMENT", person.getTravelDocument().getDocumentType());
+
+ Assert.assertEquals("Identifier",
+ response.getAttributes().getAttributeValuesByFriendlyName("PersonIdentifier").getFirstValue(
+ response.getAttributes().getDefinitionsByFriendlyName("PersonIdentifier").iterator().next())
+ .toString().split("/")[2],
+ person.getTravelDocument().getDocumentNumber());
+
+ }
+
@Test
public void successfulProcessWithStandardInfos() throws Exception {
//initialize test
@@ -367,37 +468,7 @@ public class CreateIdentityLinkTaskEidNewTest {
ArgumentCaptor<PersonInfoType> argument4 = ArgumentCaptor.forClass(PersonInfoType.class);
ArgumentCaptor<Boolean> argument5 = ArgumentCaptor.forClass(Boolean.class);
verify(szrMock, times(1)).getStammzahlEncrypted(argument4.capture(), argument5.capture());
-
-// Boolean param5 = argument5.getValue();
-// Assert.assertTrue("insertERnP flag", param5);
-// PersonInfoType person = argument4.getValue();
-// Assert.assertEquals("FamilyName",
-// response.getAttributes().getAttributeValuesByFriendlyName("FamilyName").getFirstValue(
-// response.getAttributes().getDefinitionsByFriendlyName("FamilyName").iterator().next()),
-// person.getPerson().getName().getFamilyName());
-// Assert.assertEquals("GivenName",
-// response.getAttributes().getAttributeValuesByFriendlyName("FirstName").getFirstValue(
-// response.getAttributes().getDefinitionsByFriendlyName("FirstName").iterator().next()),
-// person.getPerson().getName().getGivenName());
-// Assert.assertEquals("DateOfBirth",
-// response.getAttributes().getAttributeValuesByFriendlyName("DateOfBirth").getFirstValue(
-// response.getAttributes().getDefinitionsByFriendlyName("DateOfBirth").iterator().next())
-// .toString().split("T")[0],
-// person.getPerson().getDateOfBirth());
-//
-// Assert.assertNull("PlaceOfBirth", person.getPerson().getPlaceOfBirth());
-// Assert.assertNull("BirthName", person.getPerson().getAlternativeName());
-//
-// Assert.assertEquals("CitizenCountry", "LU", person.getTravelDocument().getIssuingCountry());
-// Assert.assertEquals("DocumentType", "ELEKTR_DOKUMENT", person.getTravelDocument().getDocumentType());
-//
-// Assert.assertEquals("Identifier",
-// response.getAttributes().getAttributeValuesByFriendlyName("PersonIdentifier").getFirstValue(
-// response.getAttributes().getDefinitionsByFriendlyName("PersonIdentifier").iterator().next())
-// .toString().split("/")[2],
-// person.getTravelDocument().getDocumentNumber());
-
-
+
}
@Test
@@ -453,7 +524,6 @@ public class CreateIdentityLinkTaskEidNewTest {
}
-
@Nonnull
private void setSzrResponseIdentityLink(String responseXmlPath) throws JAXBException, SZRException_Exception {
final JAXBContext jaxbContext = JAXBContext
@@ -467,6 +537,7 @@ public class CreateIdentityLinkTaskEidNewTest {
}
+
@Nonnull
private AuthenticationResponse buildDummyAuthResponse(boolean withAll) throws URISyntaxException {
final AttributeDefinition attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
diff --git a/pom.xml b/pom.xml
index c632f42c..a8eb854c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -27,28 +27,29 @@
<spring-boot-starter-web.version>2.5.12</spring-boot-starter-web.version>
<spring-boot-admin-starter-client.version>2.5.4</spring-boot-admin-starter-client.version>
<org.springframework.version>5.3.18</org.springframework.version>
- <org.thymeleaf-spring5.version>3.0.14.RELEASE</org.thymeleaf-spring5.version>
+ <org.thymeleaf-spring5.version>3.0.15.RELEASE</org.thymeleaf-spring5.version>
<apache.cxf.version>3.5.0</apache.cxf.version>
-
+
<eidas-ref.version>2.5.0</eidas-ref.version>
<org.apache.commons-lang3.version>3.12.0</org.apache.commons-lang3.version>
<org.apache.commons-text.version>1.9</org.apache.commons-text.version>
<commons-collections4.version>4.4</commons-collections4.version>
+
<commons-io.version>2.11.0</commons-io.version>
- <com.google.guava.version>31.0.1-jre</com.google.guava.version>
- <joda-time.version>2.10.13</joda-time.version>
+ <com.google.guava.version>31.1-jre</com.google.guava.version>
+ <joda-time.version>2.10.14</joda-time.version>
+ <jackson-datatype-jsr310.version>2.13.2</jackson-datatype-jsr310.version>
- <org.slf4j.version>1.7.32</org.slf4j.version>
- <log4j.version>2.17.1</log4j.version>
+ <org.slf4j.version>1.7.36</org.slf4j.version>
+ <log4j.version>2.17.2</log4j.version>
<ch.qos.logback.version>1.2.10</ch.qos.logback.version>
-
- <jackson-datatype-jsr310.version>2.13.1</jackson-datatype-jsr310.version>
+
<!-- org.xerial.sqlite-jdbc.version>3.34.0</org.xerial.sqlite-jdbc.version -->
<javax.validation-api.version>2.0.1.Final</javax.validation-api.version>
<hibernate-validator.version>6.1.5.Final</hibernate-validator.version>
- <org.bitbucket.b_c.jose4j.version>0.7.9</org.bitbucket.b_c.jose4j.version>
+ <org.bitbucket.b_c.jose4j.version>0.7.11</org.bitbucket.b_c.jose4j.version>
<!-- For software testing only -->
@@ -365,6 +366,13 @@
<version>${jackson-datatype-jsr310.version}</version>
</dependency>
<dependency>
+ <groupId>com.fasterxml.jackson.module</groupId>
+ <artifactId>jackson-modules-java8</artifactId>
+ <version>${jackson-datatype-jsr310.version}</version>
+ <type>pom</type>
+ <scope>runtime</scope>
+ </dependency>
+ <dependency>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
<version>${javax.validation-api.version}</version>