fix possible NullPointerException1.1.0

add jUnit test
author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2019-12-13 08:36:02 +0100
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2019-12-13 08:36:02 +0100
commit: d0f580d24d52f56b3a66e1d63f9e668a1ebcd721 (patch)
tree: fcdf0dea949c647f8da4e79d3860b1b2c5322529
parent: ed3410c2cf6a38e9f3c7d986853bd454e15f4637 (diff)
download: National_eIDAS_Gateway-d0f580d24d52f56b3a66e1d63f9e668a1ebcd721.tar.gz
National_eIDAS_Gateway-d0f580d24d52f56b3a66e1d63f9e668a1ebcd721.tar.bz2
National_eIDAS_Gateway-d0f580d24d52f56b3a66e1d63f9e668a1ebcd721.zip
7 files changed, 302 insertions, 33 deletions
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
index 2e58d863..482e6761 100644
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
@@ -162,47 +162,50 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
 
       // validate and process requested attributes
       boolean sectorDetected = false;
-      final List<XMLObject> requestedAttributes = authnReq.getExtensions().getUnknownXMLObjects();
-      for (final XMLObject reqAttrObj : requestedAttributes) {
-        if (reqAttrObj instanceof EaafRequestedAttributes) {
-          final EaafRequestedAttributes reqAttr = (EaafRequestedAttributes) reqAttrObj;
-          if (reqAttr.getAttributes() != null && reqAttr.getAttributes().size() != 0) {
-            for (final EaafRequestedAttribute el : reqAttr.getAttributes()) {
-              log.trace("Processing req. attribute '" + el.getName() + "' ... ");
-              if (el.getName().equals(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
-                if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) {
-                  final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent();
-                  final ServiceProviderConfiguration spConfig = pendingReq.getServiceProviderConfiguration(
-                      ServiceProviderConfiguration.class);
-
-                  try {
-                    spConfig.setBpkTargetIdentifier(sectorId);
-                    sectorDetected = true;
-
-                  } catch (final EaafException e) {
-                    log.info("Requested sector: " + sectorId + " DOES NOT match to allowed sectors for SP: "
-                        + spConfig.getUniqueIdentifier());
+      
+      if (authnReq.getExtensions() != null) {
+        final List<XMLObject> requestedAttributes = authnReq.getExtensions().getUnknownXMLObjects();
+        for (final XMLObject reqAttrObj : requestedAttributes) {
+          if (reqAttrObj instanceof EaafRequestedAttributes) {
+            final EaafRequestedAttributes reqAttr = (EaafRequestedAttributes) reqAttrObj;
+            if (reqAttr.getAttributes() != null && reqAttr.getAttributes().size() != 0) {
+              for (final EaafRequestedAttribute el : reqAttr.getAttributes()) {
+                log.trace("Processing req. attribute '" + el.getName() + "' ... ");
+                if (el.getName().equals(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
+                  if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) {
+                    final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent();
+                    final ServiceProviderConfiguration spConfig = pendingReq.getServiceProviderConfiguration(
+                        ServiceProviderConfiguration.class);
+  
+                    try {
+                      spConfig.setBpkTargetIdentifier(sectorId);
+                      sectorDetected = true;
+  
+                    } catch (final EaafException e) {
+                      log.info("Requested sector: " + sectorId + " DOES NOT match to allowed sectors for SP: "
+                          + spConfig.getUniqueIdentifier());
+                    }
+  
+                  } else {
+                    log.info("Req. attribute '" + el.getName()
+                        + "' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute");
                   }
-
+  
                 } else {
-                  log.info("Req. attribute '" + el.getName()
-                      + "' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute");
+                  log.debug("Ignore req. attribute: " + el.getName());
                 }
-
-              } else {
-                log.debug("Ignore req. attribute: " + el.getName());
+  
               }
-
+  
+            } else {
+              log.debug("No requested Attributes in Authn. Request");
             }
-
+  
           } else {
-            log.debug("No requested Attributes in Authn. Request");
+            log.info("Ignore unknown requested attribute: " + reqAttrObj.getElementQName().toString());
           }
-
-        } else {
-          log.info("Ignore unknown requested attribute: " + reqAttrObj.getElementQName().toString());
+  
         }
-
       }
 
       if (!sectorDetected) {
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthnRequestValidatorTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthnRequestValidatorTest.java
index 9c5d6036..db863815 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthnRequestValidatorTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthnRequestValidatorTest.java
@@ -200,6 +200,87 @@ public class AuthnRequestValidatorTest {
         
   }
   
+  @Test
+  public void invalidBpkTarget_1() throws ParserConfigurationException, 
+      SAXException, IOException, UnmarshallingException {
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_4.xml");
+    
+    //test
+    try {
+      authRequestValidator.process(httpReq, pendingReq, authReq, null);
+      Assert.fail("Invalid or missing bPK target not detected");
+      
+    } catch (AuthnRequestValidatorException e) {
+      Assert.assertEquals("Wrong errorCode", "pvp2.22", e.getErrorId());
+      
+    }              
+  }
+  
+  @Test
+  public void invalidBpkTarget_2() throws ParserConfigurationException, 
+      SAXException, IOException, UnmarshallingException {
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_5.xml");
+    
+    //test
+    try {
+      authRequestValidator.process(httpReq, pendingReq, authReq, null);
+      Assert.fail("Invalid or missing bPK target not detected");
+      
+    } catch (AuthnRequestValidatorException e) {
+      Assert.assertEquals("Wrong errorCode", "pvp2.22", e.getErrorId());
+      
+    }              
+  }
+  
+  @Test
+  public void invalidBpkTarget_3() throws ParserConfigurationException, 
+      SAXException, IOException, UnmarshallingException {
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_6.xml");
+    
+    //test
+    try {
+      authRequestValidator.process(httpReq, pendingReq, authReq, null);
+      Assert.fail("Invalid or missing bPK target not detected");
+      
+    } catch (AuthnRequestValidatorException e) {
+      Assert.assertEquals("Wrong errorCode", "pvp2.22", e.getErrorId());
+      
+    }              
+  }
+  
+  @Test
+  public void invalidBpkTarget_4() throws ParserConfigurationException, 
+      SAXException, IOException, UnmarshallingException {
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_7.xml");
+    
+    //test
+    try {
+      authRequestValidator.process(httpReq, pendingReq, authReq, null);
+      Assert.fail("Invalid or missing bPK target not detected");
+      
+    } catch (AuthnRequestValidatorException e) {
+      Assert.assertEquals("Wrong errorCode", "pvp2.22", e.getErrorId());
+      
+    }              
+  }
+  
+  @Test
+  public void invalidBpkTarget_5() throws ParserConfigurationException, 
+      SAXException, IOException, UnmarshallingException {
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_8.xml");
+    
+    //test
+    try {
+      authRequestValidator.process(httpReq, pendingReq, authReq, null);
+      Assert.fail("Invalid or missing bPK target not detected");
+      
+    } catch (AuthnRequestValidatorException e) {
+      Assert.assertEquals("Wrong errorCode", "pvp2.22", e.getErrorId());
+      
+    }              
+  }
+  
+  
   private AuthnRequest getAuthRequest(String resource) throws 
       ParserConfigurationException, SAXException, IOException, UnmarshallingException {
     final Element authBlockDom =
diff --git a/connector/src/test/resources/data/pvp2_authn_4.xml b/connector/src/test/resources/data/pvp2_authn_4.xml
new file mode 100644
index 00000000..0950e35e
--- /dev/null
+++ b/connector/src/test/resources/data/pvp2_authn_4.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceIndex="0" Destination="https://vidp.gv.at/ms_connector/pvp/post" ID="_27f4ce57e524e483446654a34cf886e2" IsPassive="false" IssueInstant="2019-12-11T10:50:19.032Z" ProviderName="OpenID Connect Demo" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata</saml2:Issuer>
+  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#_27f4ce57e524e483446654a34cf886e2">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue>OTDjTr2Y/xyuiHiisFcjOUlEcOCRxdgZfukAV8g7WnQ=</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>BPvuK5PY1Sjp96U4Xt/153XfGqGegYJlndjiKfZLSG5tZC/mYLE6HCsRtm9a71pbOpuVwBMkTIclVuAskEfRBxLEZyb04xENUY6fMbypdGMXsBCO3Dn46XuEibLmkLJFoIRQKoejmR3uJKvOKrJtsY7xDXvOT8GZehYJlK2Qcr3V7fZu93ZrISnhFRZVkcBWRk6BOTgtHuDK+QjEa81UNijNWoaQcKfXZkUIOX9ge+2hWF75CTsxHUmDg/E9neAgzRfozGcvmdo6BZHXbFRekoHozMBEtg7qy4HWMUz2ckz7xNnHcb0H8QGIioOTqzozegiDfZfX/Q3h8ZPOjKoapw==</ds:SignatureValue>
+    <ds:KeyInfo>
+      <ds:X509Data>
+        <ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate>
+      </ds:X509Data>
+    </ds:KeyInfo>
+  </ds:Signature>
+  <saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
+  <saml2p:RequestedAuthnContext Comparison="minimum">
+    <saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://eidas.europa.eu/LoA/high</saml2:AuthnContextClassRef>
+  </saml2p:RequestedAuthnContext>
+  <saml2p:Scoping>
+    <saml2p:RequesterID>https://demo.egiz.gv.at/demoportal-openID_demo</saml2p:RequesterID>
+  </saml2p:Scoping>
+</saml2p:AuthnRequest>
+\ No newline at end of file
diff --git a/connector/src/test/resources/data/pvp2_authn_5.xml b/connector/src/test/resources/data/pvp2_authn_5.xml
new file mode 100644
index 00000000..b19e711b
--- /dev/null
+++ b/connector/src/test/resources/data/pvp2_authn_5.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceIndex="0" Destination="https://vidp.gv.at/ms_connector/pvp/post" ID="_27f4ce57e524e483446654a34cf886e2" IsPassive="false" IssueInstant="2019-12-11T10:50:19.032Z" ProviderName="OpenID Connect Demo" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata</saml2:Issuer>
+  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#_27f4ce57e524e483446654a34cf886e2">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue>OTDjTr2Y/xyuiHiisFcjOUlEcOCRxdgZfukAV8g7WnQ=</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>BPvuK5PY1Sjp96U4Xt/153XfGqGegYJlndjiKfZLSG5tZC/mYLE6HCsRtm9a71pbOpuVwBMkTIclVuAskEfRBxLEZyb04xENUY6fMbypdGMXsBCO3Dn46XuEibLmkLJFoIRQKoejmR3uJKvOKrJtsY7xDXvOT8GZehYJlK2Qcr3V7fZu93ZrISnhFRZVkcBWRk6BOTgtHuDK+QjEa81UNijNWoaQcKfXZkUIOX9ge+2hWF75CTsxHUmDg/E9neAgzRfozGcvmdo6BZHXbFRekoHozMBEtg7qy4HWMUz2ckz7xNnHcb0H8QGIioOTqzozegiDfZfX/Q3h8ZPOjKoapw==</ds:SignatureValue>
+    <ds:KeyInfo>
+      <ds:X509Data>
+        <ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate>
+      </ds:X509Data>
+    </ds:KeyInfo>
+  </ds:Signature>
+  <saml2p:Extensions>
+  </saml2p:Extensions>
+  <saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
+  <saml2p:RequestedAuthnContext Comparison="minimum">
+    <saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://eidas.europa.eu/LoA/high</saml2:AuthnContextClassRef>
+  </saml2p:RequestedAuthnContext>
+  <saml2p:Scoping>
+    <saml2p:RequesterID>https://demo.egiz.gv.at/demoportal-openID_demo</saml2p:RequesterID>
+  </saml2p:Scoping>
+</saml2p:AuthnRequest>
+\ No newline at end of file
diff --git a/connector/src/test/resources/data/pvp2_authn_6.xml b/connector/src/test/resources/data/pvp2_authn_6.xml
new file mode 100644
index 00000000..8accdb58
--- /dev/null
+++ b/connector/src/test/resources/data/pvp2_authn_6.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceIndex="0" Destination="https://vidp.gv.at/ms_connector/pvp/post" ID="_27f4ce57e524e483446654a34cf886e2" IsPassive="false" IssueInstant="2019-12-11T10:50:19.032Z" ProviderName="OpenID Connect Demo" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata</saml2:Issuer>
+  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#_27f4ce57e524e483446654a34cf886e2">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue>OTDjTr2Y/xyuiHiisFcjOUlEcOCRxdgZfukAV8g7WnQ=</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>BPvuK5PY1Sjp96U4Xt/153XfGqGegYJlndjiKfZLSG5tZC/mYLE6HCsRtm9a71pbOpuVwBMkTIclVuAskEfRBxLEZyb04xENUY6fMbypdGMXsBCO3Dn46XuEibLmkLJFoIRQKoejmR3uJKvOKrJtsY7xDXvOT8GZehYJlK2Qcr3V7fZu93ZrISnhFRZVkcBWRk6BOTgtHuDK+QjEa81UNijNWoaQcKfXZkUIOX9ge+2hWF75CTsxHUmDg/E9neAgzRfozGcvmdo6BZHXbFRekoHozMBEtg7qy4HWMUz2ckz7xNnHcb0H8QGIioOTqzozegiDfZfX/Q3h8ZPOjKoapw==</ds:SignatureValue>
+    <ds:KeyInfo>
+      <ds:X509Data>
+        <ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate>
+      </ds:X509Data>
+    </ds:KeyInfo>
+  </ds:Signature>
+  <saml2p:Extensions>
+    <eid:RequestedAttributes xmlns:eid="http://eid.gv.at/eID/attributes/saml-extensions">
+    </eid:RequestedAttributes>
+  </saml2p:Extensions>
+  <saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
+  <saml2p:RequestedAuthnContext Comparison="minimum">
+    <saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://eidas.europa.eu/LoA/high</saml2:AuthnContextClassRef>
+  </saml2p:RequestedAuthnContext>
+  <saml2p:Scoping>
+    <saml2p:RequesterID>https://demo.egiz.gv.at/demoportal-openID_demo</saml2p:RequesterID>
+  </saml2p:Scoping>
+</saml2p:AuthnRequest>
+\ No newline at end of file
diff --git a/connector/src/test/resources/data/pvp2_authn_7.xml b/connector/src/test/resources/data/pvp2_authn_7.xml
new file mode 100644
index 00000000..1f736fae
--- /dev/null
+++ b/connector/src/test/resources/data/pvp2_authn_7.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceIndex="0" Destination="https://vidp.gv.at/ms_connector/pvp/post" ID="_27f4ce57e524e483446654a34cf886e2" IsPassive="false" IssueInstant="2019-12-11T10:50:19.032Z" ProviderName="OpenID Connect Demo" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata</saml2:Issuer>
+  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#_27f4ce57e524e483446654a34cf886e2">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue>OTDjTr2Y/xyuiHiisFcjOUlEcOCRxdgZfukAV8g7WnQ=</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>BPvuK5PY1Sjp96U4Xt/153XfGqGegYJlndjiKfZLSG5tZC/mYLE6HCsRtm9a71pbOpuVwBMkTIclVuAskEfRBxLEZyb04xENUY6fMbypdGMXsBCO3Dn46XuEibLmkLJFoIRQKoejmR3uJKvOKrJtsY7xDXvOT8GZehYJlK2Qcr3V7fZu93ZrISnhFRZVkcBWRk6BOTgtHuDK+QjEa81UNijNWoaQcKfXZkUIOX9ge+2hWF75CTsxHUmDg/E9neAgzRfozGcvmdo6BZHXbFRekoHozMBEtg7qy4HWMUz2ckz7xNnHcb0H8QGIioOTqzozegiDfZfX/Q3h8ZPOjKoapw==</ds:SignatureValue>
+    <ds:KeyInfo>
+      <ds:X509Data>
+        <ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate>
+      </ds:X509Data>
+    </ds:KeyInfo>
+  </ds:Signature>
+  <saml2p:Extensions>
+    <eid:RequestedAttributes xmlns:eid="http://eid.gv.at/eID/attributes/saml-extensions">
+      <eid:RequestedAttribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
+      </eid:RequestedAttribute>
+    </eid:RequestedAttributes>
+  </saml2p:Extensions>
+  <saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
+  <saml2p:RequestedAuthnContext Comparison="minimum">
+    <saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://eidas.europa.eu/LoA/high</saml2:AuthnContextClassRef>
+  </saml2p:RequestedAuthnContext>
+  <saml2p:Scoping>
+    <saml2p:RequesterID>https://demo.egiz.gv.at/demoportal-openID_demo</saml2p:RequesterID>
+  </saml2p:Scoping>
+</saml2p:AuthnRequest>
+\ No newline at end of file
diff --git a/connector/src/test/resources/data/pvp2_authn_8.xml b/connector/src/test/resources/data/pvp2_authn_8.xml
new file mode 100644
index 00000000..e3bd609a
--- /dev/null
+++ b/connector/src/test/resources/data/pvp2_authn_8.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceIndex="0" Destination="https://vidp.gv.at/ms_connector/pvp/post" ID="_27f4ce57e524e483446654a34cf886e2" IsPassive="false" IssueInstant="2019-12-11T10:50:19.032Z" ProviderName="OpenID Connect Demo" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata</saml2:Issuer>
+  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#_27f4ce57e524e483446654a34cf886e2">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue>OTDjTr2Y/xyuiHiisFcjOUlEcOCRxdgZfukAV8g7WnQ=</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>BPvuK5PY1Sjp96U4Xt/153XfGqGegYJlndjiKfZLSG5tZC/mYLE6HCsRtm9a71pbOpuVwBMkTIclVuAskEfRBxLEZyb04xENUY6fMbypdGMXsBCO3Dn46XuEibLmkLJFoIRQKoejmR3uJKvOKrJtsY7xDXvOT8GZehYJlK2Qcr3V7fZu93ZrISnhFRZVkcBWRk6BOTgtHuDK+QjEa81UNijNWoaQcKfXZkUIOX9ge+2hWF75CTsxHUmDg/E9neAgzRfozGcvmdo6BZHXbFRekoHozMBEtg7qy4HWMUz2ckz7xNnHcb0H8QGIioOTqzozegiDfZfX/Q3h8ZPOjKoapw==</ds:SignatureValue>
+    <ds:KeyInfo>
+      <ds:X509Data>
+        <ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate>
+      </ds:X509Data>
+    </ds:KeyInfo>
+  </ds:Signature>
+  <saml2p:Extensions>
+    <eid:RequestedAttributes xmlns:eid="http://eid.gv.at/eID/attributes/saml-extensions">
+      <eid:RequestedAttribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
+        <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:publicid:gv.at:cdid+XX</eid:AttributeValue>
+        <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:publicid:gv.at:cdid+EE</eid:AttributeValue>
+      </eid:RequestedAttribute>
+    </eid:RequestedAttributes>
+  </saml2p:Extensions>
+  <saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
+  <saml2p:RequestedAuthnContext Comparison="minimum">
+    <saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://eidas.europa.eu/LoA/high</saml2:AuthnContextClassRef>
+  </saml2p:RequestedAuthnContext>
+  <saml2p:Scoping>
+    <saml2p:RequesterID>https://demo.egiz.gv.at/demoportal-openID_demo</saml2p:RequesterID>
+  </saml2p:Scoping>
+</saml2p:AuthnRequest>
+\ No newline at end of file
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2019-12-13 08:36:02 +0100
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2019-12-13 08:36:02 +0100
commit	d0f580d24d52f56b3a66e1d63f9e668a1ebcd721 (patch)
tree	fcdf0dea949c647f8da4e79d3860b1b2c5322529
parent	ed3410c2cf6a38e9f3c7d986853bd454e15f4637 (diff)
download	National_eIDAS_Gateway-d0f580d24d52f56b3a66e1d63f9e668a1ebcd721.tar.gz National_eIDAS_Gateway-d0f580d24d52f56b3a66e1d63f9e668a1ebcd721.tar.bz2 National_eIDAS_Gateway-d0f580d24d52f56b3a66e1d63f9e668a1ebcd721.zip