diff options
| author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2019-12-10 07:39:27 +0100 |
|---|---|---|
| committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2019-12-10 07:39:27 +0100 |
| commit | e443168b481bb88fecbad73084147e7e8c882908 (patch) | |
| tree | 52812f6555c4efaaf84253a3fb068cd73ff08a30 | |
| parent | 0224cdf7be78cf0778f0b832a42c18c480c4b784 (diff) | |
| download | National_eIDAS_Gateway-e443168b481bb88fecbad73084147e7e8c882908.tar.gz National_eIDAS_Gateway-e443168b481bb88fecbad73084147e7e8c882908.tar.bz2 National_eIDAS_Gateway-e443168b481bb88fecbad73084147e7e8c882908.zip | |
refactoring to new EGIZ code requirements
136 files changed, 10202 insertions, 9359 deletions
diff --git a/checks/checkstyleSuppress.xml b/checks/checkstyleSuppress.xml index 68a23260..e461a860 100644 --- a/checks/checkstyleSuppress.xml +++ b/checks/checkstyleSuppress.xml @@ -4,6 +4,5 @@ "http://www.puppycrawl.com/dtds/suppressions_1_1.dtd"> <suppressions> <suppress checks=".*" files="[/\\]target[/\\]" /> - <suppress checks="." files=".[\\/]data[\\/]"/> - <suppress checks="." files="[\\/]process/spring/test[\\/]"/> + <suppress checks=".*" files=".[\\/]data[\\/]"/> </suppressions>
\ No newline at end of file diff --git a/connector/pom.xml b/connector/pom.xml index 2b1f4ee8..af1d5947 100644 --- a/connector/pom.xml +++ b/connector/pom.xml @@ -1,100 +1,114 @@ -<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" +<?xml version="1.0" encoding="UTF-8"?> +<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <parent> - <groupId>at.asitplus.eidas</groupId> - <artifactId>ms_specific</artifactId> - <version>1.0.3-snapshot</version> - </parent> - + <groupId>at.asitplus.eidas</groupId> + <artifactId>ms_specific</artifactId> + <version>1.0.3-snapshot</version> + </parent> + <groupId>at.asitplus.eidas.ms_specific</groupId> <artifactId>ms_specific_connector</artifactId> - <packaging>war</packaging> + <packaging>war</packaging> <name>Connector Maven Webapp</name> <url>http://maven.apache.org</url> - + <dependencies> - <!-- Web application --> - - <dependency> - <groupId>at.gv.egiz.components</groupId> - <artifactId>egiz-spring-api</artifactId> - </dependency> - <dependency> - <groupId>at.gv.egiz.components</groupId> - <artifactId>eventlog-slf4j</artifactId> - </dependency> - <dependency> - <groupId>at.gv.egiz.eaaf</groupId> - <artifactId>eaaf-core</artifactId> - </dependency> - <dependency> - <groupId>at.gv.egiz.eaaf</groupId> - <artifactId>eaaf_module_pvp2_idp</artifactId> - <exclusions> - <exclusion> - <groupId>org.slf4j</groupId> - <artifactId>log4j-over-slf4j</artifactId> - </exclusion> - </exclusions> - </dependency> - <dependency> - <groupId>at.asitplus.eidas.ms_specific</groupId> - <artifactId>connector_lib</artifactId> - </dependency> - <dependency> - <groupId>at.asitplus.eidas.ms_specific.modules</groupId> - <artifactId>authmodule-eIDAS-v2</artifactId> - </dependency> - - <!-- Third party libs --> - <dependency> - <groupId>org.springframework</groupId> - <artifactId>spring-webmvc</artifactId> - </dependency> - <dependency> - <groupId>org.springframework</groupId> - <artifactId>spring-context</artifactId> - </dependency> - <dependency> - <groupId>org.thymeleaf</groupId> - <artifactId>thymeleaf-spring5</artifactId> - </dependency> - <dependency> - <groupId>org.slf4j</groupId> - <artifactId>slf4j-api</artifactId> - </dependency> - <dependency> - <groupId>org.slf4j</groupId> - <artifactId>slf4j-log4j12</artifactId> - </dependency> - <dependency> - <groupId>org.apache.commons</groupId> - <artifactId>commons-collections4</artifactId> - </dependency> - <dependency> - <groupId>javax.servlet</groupId> - <artifactId>javax.servlet-api</artifactId> - <scope>provided</scope> - </dependency> - - - <!-- Testing --> - <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.springframework</groupId> - <artifactId>spring-test</artifactId> - <scope>test</scope> - </dependency> - + <!-- Web application --> + + <dependency> + <groupId>at.gv.egiz.components</groupId> + <artifactId>egiz-spring-api</artifactId> + </dependency> + <dependency> + <groupId>at.gv.egiz.components</groupId> + <artifactId>eventlog-slf4j</artifactId> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf-core</artifactId> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_module_pvp2_idp</artifactId> + <exclusions> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>log4j-over-slf4j</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>at.asitplus.eidas.ms_specific</groupId> + <artifactId>connector_lib</artifactId> + </dependency> + <dependency> + <groupId>at.asitplus.eidas.ms_specific.modules</groupId> + <artifactId>authmodule-eIDAS-v2</artifactId> + </dependency> + + <!-- Third party libs --> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-webmvc</artifactId> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-context</artifactId> + </dependency> + <dependency> + <groupId>org.thymeleaf</groupId> + <artifactId>thymeleaf-spring5</artifactId> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-log4j12</artifactId> + </dependency> + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-collections4</artifactId> + </dependency> + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>javax.servlet-api</artifactId> + <scope>provided</scope> + </dependency> + + + <!-- Testing --> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-test</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_core_utils</artifactId> + <scope>test</scope> + <type>test-jar</type> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf-core</artifactId> + <scope>test</scope> + <type>test-jar</type> + </dependency> + </dependencies> <build> <finalName>ms_connector</finalName> - + <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> @@ -104,22 +118,22 @@ <target>1.8</target> </configuration> </plugin> - + <!-- enable co-existence of testng and junit --> - <plugin> - <artifactId>maven-surefire-plugin</artifactId> - <configuration> - <threadCount>1</threadCount> - </configuration> - <dependencies> - <dependency> - <groupId>org.apache.maven.surefire</groupId> - <artifactId>surefire-junit47</artifactId> - <version>${surefire.version}</version> - </dependency> - </dependencies> - </plugin> - + <plugin> + <artifactId>maven-surefire-plugin</artifactId> + <configuration> + <threadCount>1</threadCount> + </configuration> + <dependencies> + <dependency> + <groupId>org.apache.maven.surefire</groupId> + <artifactId>surefire-junit47</artifactId> + <version>${surefire.version}</version> + </dependency> + </dependencies> + </plugin> + </plugins> </build> </project> diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/MSSpecificeIDASNodeSpringResourceProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/MSSpecificeIDASNodeSpringResourceProvider.java deleted file mode 100644 index 346c4fd7..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/MSSpecificeIDASNodeSpringResourceProvider.java +++ /dev/null @@ -1,51 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ -package at.asitplus.eidas.specific.connector; - -import org.springframework.core.io.ClassPathResource; -import org.springframework.core.io.Resource; - -import at.gv.egiz.components.spring.api.SpringResourceProvider; - -public class MSSpecificeIDASNodeSpringResourceProvider implements SpringResourceProvider { - - @Override - public Resource[] getResourcesToLoad() { - ClassPathResource mseIDASNode = new ClassPathResource("/specific_eIDAS_connector.beans.xml", MSSpecificeIDASNodeSpringResourceProvider.class); - ClassPathResource mseIDASNodeStorage = new ClassPathResource("/specific_eIDAS_connector.storage.beans.xml", MSSpecificeIDASNodeSpringResourceProvider.class); - return new Resource[] {mseIDASNode, mseIDASNodeStorage}; - } - - @Override - public String[] getPackagesToScan() { - return null; - } - - @Override - public String getName() { - return "MS-specific eIDAS Node SpringResourceProvider"; - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationSpringResourceProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificEidasNodeSpringResourceProvider.java index b5321cc9..6e8e06ef 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationSpringResourceProvider.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/MsSpecificEidasNodeSpringResourceProvider.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,34 +19,34 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2; + */ + +package at.asitplus.eidas.specific.connector; import org.springframework.core.io.ClassPathResource; import org.springframework.core.io.Resource; import at.gv.egiz.components.spring.api.SpringResourceProvider; -public class eIDASAuthenticationSpringResourceProvider implements SpringResourceProvider { - - @Override - public String getName() { - return "Auth. module for eIDAS Ref. Impl. v2.x"; - } - - @Override - public String[] getPackagesToScan() { - // TODO Auto-generated method stub - return null; - } - - @Override - public Resource[] getResourcesToLoad() { - ClassPathResource eIDASAuthConfig = new ClassPathResource("/eidas_v2_auth.beans.xml", eIDASAuthenticationSpringResourceProvider.class); - - return new Resource[] {eIDASAuthConfig}; - } +public class MsSpecificEidasNodeSpringResourceProvider implements SpringResourceProvider { + + @Override + public Resource[] getResourcesToLoad() { + final ClassPathResource msEidasNode = new ClassPathResource("/specific_eIDAS_connector.beans.xml", + MsSpecificEidasNodeSpringResourceProvider.class); + final ClassPathResource msEidasNodeStorage = new ClassPathResource( + "/specific_eIDAS_connector.storage.beans.xml", MsSpecificEidasNodeSpringResourceProvider.class); + return new Resource[] { msEidasNode, msEidasNodeStorage }; + } + + @Override + public String[] getPackagesToScan() { + return null; + } + + @Override + public String getName() { + return "MS-specific eIDAS Node SpringResourceProvider"; + } } diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/SpringInitializer.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/SpringInitializer.java index 083b668c..76802825 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/SpringInitializer.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/SpringInitializer.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,9 +19,8 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ +*/ + package at.asitplus.eidas.specific.connector; import java.util.Arrays; @@ -33,7 +32,6 @@ import javax.servlet.ServletRegistration; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.config.BeanDefinition; -import org.springframework.beans.factory.support.BeanDefinitionRegistry; import org.springframework.beans.factory.xml.XmlBeanDefinitionReader; import org.springframework.context.ApplicationContext; import org.springframework.context.support.ClassPathXmlApplicationContext; @@ -53,142 +51,136 @@ import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap; /** - * Web application initializer - * + * Web application initializer. + * * @author Thomas Lenz */ public class SpringInitializer implements WebApplicationInitializer { - private static final Logger log = LoggerFactory.getLogger(SpringInitializer.class); - - private String[] rootServletContexts = null; - private String[] servletContexts = null; - private String[] activeProfiles = null; - - public SpringInitializer() { - this.rootServletContexts = null; - this.servletContexts = new String[] { - "/applicationContext.xml", - - }; - this.activeProfiles = null; - } - - - /* (non-Javadoc) - * @see org.springframework.web.WebApplicationInitializer#onStartup(javax.servlet.ServletContext) - */ - @Override - public void onStartup(ServletContext servletContext) throws ServletException { - try { - log.info("=============== Loading Config Root Context! ==============="); - ApplicationContext cfgRootContext = - new ClassPathXmlApplicationContext(new String[] { - "/applicationContext.xml" - }); - - - log.info("=============== Loading Root Context! ==============="); - GenericWebApplicationContext rootContext = new GenericWebApplicationContext(); - rootContext.setServletContext(servletContext); - rootContext.setParent(cfgRootContext); - -// log.info("=============== Setting active profiles! ==============="); -// if (this.activeProfiles != null) { -// for (String profile : this.activeProfiles) { -// rootContext.getEnvironment().addActiveProfile(profile); -// } -// } - - log.info("Spring-context was initialized with active profiles: " + - Arrays.asList(rootContext.getEnvironment().getActiveProfiles())); - - log.info("=============== Loading Local Contexts! ==============="); - XmlBeanDefinitionReader xmlReader = new XmlBeanDefinitionReader( - rootContext); - if (rootServletContexts != null) { - for (String rootServletContext : rootServletContexts) { - log.debug("Loading: "+ rootServletContext); - xmlReader.loadBeanDefinitions(new ServletContextResource( - servletContext, rootServletContext)); - } - } - // Manage the lifecycle of the root application context - servletContext.addListener(new ContextLoaderListener(rootContext)); - - // log.debug("Beans after logAMQP in {}", rootContext); - // dumpBeanDefinitions(rootContext); - - log.info("=============== Loading SPI Context! ==============="); - if (rootContext instanceof BeanDefinitionRegistry) { - log.debug("Loading modules and components"); - SpringLoader.loadSpringServices(rootContext); - - } else - log.warn("Failed to load external Spring since no BeanDefinitionRegistry"); - - log.trace("Beans after SPI in "+ rootContext); - dumpBeanDefinitions(rootContext); - - log.debug("Loading servlet config in "+ rootContext); - if (servletContexts != null) { - for (String servletContextString : servletContexts) - xmlReader.loadBeanDefinitions(new ClassPathResource(servletContextString, SpringInitializer.class)); - - } - - log.debug("Refreshing context "+ rootContext); - rootContext.refresh(); - - log.info("=============== Register Dispatcher Servlet! ==============="); - - log.trace("Final Beans in "+ rootContext); - dumpBeanDefinitions(rootContext); - - log.info("Registering dispatcher configuration"); - ServletRegistration.Dynamic dispatcher = servletContext.addServlet("dispatcher", new DispatcherServlet(rootContext)); - if (dispatcher != null) { - dispatcher.setLoadOnStartup(1); - dispatcher.addMapping("/"); - dispatcher.setAsyncSupported(true); - - } else - log.error("Failed to register dispatcher server in servlet context!"); - - - log.info("=============== Register RequestContextListener! ==============="); - servletContext.addListener(new RequestContextListener()); - - //initialize status messenger - LogMessageProviderFactory.setStatusMessager(rootContext.getBean(IStatusMessenger.class)); - - log.info("Bootstrap openSAML .... "); - EaafDefaultSaml2Bootstrap.bootstrap(); - - log.info("Seed random number generator ... "); - Random.seedRandom(); - - log.info("Initialization of MS-specific eIDAS-connector finished."); - - - } catch (Throwable e) { - log.error("MS-specific eIDAS-connector initialization FAILED!", e); - - } - - } - - private void dumpBeanDefinitions(GenericApplicationContext context) { - log.trace("Registered Bean in context " + context.toString()); - - String[] registeredBeans = context.getBeanDefinitionNames(); - for (String registeredBean : registeredBeans) { - BeanDefinition beanDefinition = context - .getBeanDefinition(registeredBean); - log.trace(registeredBean + " -> " + beanDefinition.getBeanClassName()); - - } - - log.trace("Registered Bean in context --"+ context); - } + private static final Logger log = LoggerFactory.getLogger(SpringInitializer.class); + + private String[] rootServletContexts = null; + private String[] servletContexts = null; + + /** + * Application specific Spring initializer. + * + */ + public SpringInitializer() { + this.rootServletContexts = null; + this.servletContexts = new String[] { + "/applicationContext.xml", + + }; + } + + /* + * (non-Javadoc) + * + * @see + * org.springframework.web.WebApplicationInitializer#onStartup(javax.servlet. + * ServletContext) + */ + @Override + public void onStartup(ServletContext servletContext) throws ServletException { + try { + log.info("=============== Loading Config Root Context! ==============="); + final ApplicationContext cfgRootContext = + new ClassPathXmlApplicationContext(new String[] { + "/applicationContext.xml" + }); + + log.info("=============== Loading Root Context! ==============="); + final GenericWebApplicationContext rootContext = new GenericWebApplicationContext(); + rootContext.setServletContext(servletContext); + rootContext.setParent(cfgRootContext); + + log.info("Spring-context was initialized with active profiles: {}", + Arrays.asList(rootContext.getEnvironment().getActiveProfiles())); + + log.info("=============== Loading Local Contexts! ==============="); + final XmlBeanDefinitionReader xmlReader = new XmlBeanDefinitionReader( + rootContext); + if (rootServletContexts != null) { + for (final String rootServletContext : rootServletContexts) { + log.debug("Loading: " + rootServletContext); + xmlReader.loadBeanDefinitions(new ServletContextResource( + servletContext, rootServletContext)); + } + } + // Manage the lifecycle of the root application context + servletContext.addListener(new ContextLoaderListener(rootContext)); + + // log.debug("Beans after logAMQP in {}", rootContext); + // dumpBeanDefinitions(rootContext); + + log.info("=============== Loading SPI Context! ==============="); + log.debug("Loading modules and components"); + SpringLoader.loadSpringServices(rootContext); + + log.trace("Beans after SPI in " + rootContext); + dumpBeanDefinitions(rootContext); + + log.debug("Loading servlet config in " + rootContext); + if (servletContexts != null) { + for (final String servletContextString : servletContexts) { + xmlReader.loadBeanDefinitions(new ClassPathResource(servletContextString, SpringInitializer.class)); + } + + } + + log.debug("Refreshing context " + rootContext); + rootContext.refresh(); + + log.info("=============== Register Dispatcher Servlet! ==============="); + + log.trace("Final Beans in " + rootContext); + dumpBeanDefinitions(rootContext); + + log.info("Registering dispatcher configuration"); + final ServletRegistration.Dynamic dispatcher = servletContext.addServlet("dispatcher", + new DispatcherServlet(rootContext)); + if (dispatcher != null) { + dispatcher.setLoadOnStartup(1); + dispatcher.addMapping("/"); + dispatcher.setAsyncSupported(true); + + } else { + log.error("Failed to register dispatcher server in servlet context!"); + } + + log.info("=============== Register RequestContextListener! ==============="); + servletContext.addListener(new RequestContextListener()); + + // initialize status messenger + LogMessageProviderFactory.setStatusMessager(rootContext.getBean(IStatusMessenger.class)); + + log.info("Bootstrap openSAML .... "); + EaafDefaultSaml2Bootstrap.bootstrap(); + + log.info("Seed random number generator ... "); + Random.seedRandom(); + + log.info("Initialization of MS-specific eIDAS-connector finished."); + + } catch (final Throwable e) { + log.error("MS-specific eIDAS-connector initialization FAILED!", e); + + } + + } + + private void dumpBeanDefinitions(GenericApplicationContext context) { + log.trace("Registered Bean in context " + context.toString()); + + final String[] registeredBeans = context.getBeanDefinitionNames(); + for (final String registeredBean : registeredBeans) { + final BeanDefinition beanDefinition = context + .getBeanDefinition(registeredBean); + log.trace(registeredBean + " -> " + beanDefinition.getBeanClassName()); + + } + + log.trace("Registered Bean in context --" + context); + } } diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/auth/AuthenticationManager.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/auth/AuthenticationManager.java index b4944675..abda468d 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/auth/AuthenticationManager.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/auth/AuthenticationManager.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,9 +19,8 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ +*/ + package at.asitplus.eidas.specific.connector.auth; import javax.servlet.http.HttpServletRequest; @@ -40,21 +39,22 @@ import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; @Service("AuthenticationManager") public class AuthenticationManager extends AbstractAuthenticationManager { - private static final Logger log = LoggerFactory.getLogger(AuthenticationManager.class); - - @Override - public ISloInformationContainer performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, - IRequest pendingReq, String internalSSOId) throws EaafException { - throw new RuntimeException("Single LogOut is NOT supported by this implementation"); - - } - - @Override - protected void populateExecutionContext(ExecutionContext executionContext, - RequestImpl pendingReq, HttpServletRequest httpReq) - throws EaafException { - log.trace("No implementation-specific population of execution-context required ... "); - - } + private static final Logger log = LoggerFactory.getLogger(AuthenticationManager.class); + + @Override + public ISloInformationContainer performSingleLogOut(HttpServletRequest httpReq, + HttpServletResponse httpResp, + IRequest pendingReq, String internalSsoId) throws EaafException { + throw new RuntimeException("Single LogOut is NOT supported by this implementation"); + + } + + @Override + protected void populateExecutionContext(ExecutionContext executionContext, + RequestImpl pendingReq, HttpServletRequest httpReq) + throws EaafException { + log.trace("No implementation-specific population of execution-context required ... "); + + } } diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java index 0688a13f..b14faa62 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,9 +19,8 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ +*/ + package at.asitplus.eidas.specific.connector.builder; import java.util.Date; @@ -31,7 +30,7 @@ import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; import org.w3c.dom.DOMException; -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; @@ -49,70 +48,70 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; @Service("AuthenticationDataBuilder") public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder { - private static final Logger log = LoggerFactory.getLogger(AuthenticationDataBuilder.class); - - @Override - public IAuthData buildAuthenticationData(IRequest pendingReq) throws EaafAuthenticationException { - - IAuthProcessDataContainer authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); - AuthenticationData authData = new AuthenticationData(); - - try { - generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData); - - //set specific informations - authData.setSsoSessionValidTo(new Date(new Date().getTime() - + MSeIDASNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); - - } catch (EaafBuilderException | EaafParserException | EaafConfigurationException - | XPathException | DOMException e) { - log.warn("Can not build authentication data from auth. process information"); - throw new EaafAuthenticationException("builder.11", new Object[]{e.getMessage()}, e); - - } - - return authData; - - } - - @Override - protected IAuthData buildDeprecatedAuthData(IRequest arg0) throws EaafException { - // TODO Auto-generated method stub - return null; - } - - @Override - protected void buildServiceSpecificAuthenticationData(IAuthData arg0, IRequest arg1) throws EaafException { - // TODO Auto-generated method stub - - } - - @Override - protected IAuthData getAuthDataInstance(IRequest arg0) throws EaafException { - return new AuthenticationData(); - - } - - @Override - protected Pair<String, String> buildOAspecificbPK(IRequest pendingReq, AuthenticationData authData) throws EaafBuilderException { - //TODO: check if bPK already exists - - - return super.buildOAspecificbPK(pendingReq, authData); - - } - - @Override - protected Pair<String, String> getEncryptedBpkFromPvpAttribute(IAuthProcessDataContainer arg0, - AuthenticationData arg1, ISpConfiguration arg2) throws EaafBuilderException { - return null; - - } - - @Override - protected Pair<String, String> getbaseIdFromSzr(AuthenticationData arg0, String arg1, String arg2) { - return null; - - } + private static final Logger log = LoggerFactory.getLogger(AuthenticationDataBuilder.class); + + @Override + public IAuthData buildAuthenticationData(IRequest pendingReq) throws EaafAuthenticationException { + + final IAuthProcessDataContainer authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + final AuthenticationData authData = new AuthenticationData(); + + try { + generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData); + + // set specific informations + authData.setSsoSessionValidTo(new Date(new Date().getTime() + + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000)); + + } catch (EaafBuilderException | EaafParserException | EaafConfigurationException + | XPathException | DOMException e) { + log.warn("Can not build authentication data from auth. process information"); + throw new EaafAuthenticationException("builder.11", new Object[] { e.getMessage() }, e); + + } + + return authData; + + } + + @Override + protected IAuthData buildDeprecatedAuthData(IRequest arg0) throws EaafException { + return new AuthenticationData(); + + } + + @Override + protected void buildServiceSpecificAuthenticationData(IAuthData arg0, IRequest arg1) throws EaafException { + // TODO Auto-generated method stub + + } + + @Override + protected IAuthData getAuthDataInstance(IRequest arg0) throws EaafException { + return new AuthenticationData(); + + } + + @Override + protected Pair<String, String> buildOAspecificbPK(IRequest pendingReq, AuthenticationData authData) + throws EaafBuilderException { + // TODO: check if bPK already exists + + return super.buildOAspecificbPK(pendingReq, authData); + + } + + @Override + protected Pair<String, String> getEncryptedBpkFromPvpAttribute(IAuthProcessDataContainer arg0, + AuthenticationData arg1, ISpConfiguration arg2) throws EaafBuilderException { + return null; + + } + + @Override + protected Pair<String, String> getbaseIdFromSzr(AuthenticationData arg0, String arg1, String arg2) { + return null; + + } } diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/PvpSubjectNameGenerator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/PvpSubjectNameGenerator.java index bb43ee08..d4e97433 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/PvpSubjectNameGenerator.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/PvpSubjectNameGenerator.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,9 +19,8 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ +*/ + package at.asitplus.eidas.specific.connector.builder; import at.gv.egiz.eaaf.core.api.idp.IAuthData; @@ -32,9 +31,10 @@ import at.gv.egiz.eaaf.modules.pvp2.idp.api.builder.ISubjectNameIdGenerator; public class PvpSubjectNameGenerator implements ISubjectNameIdGenerator { - @Override - public Pair<String, String> generateSubjectNameId(IAuthData authData, ISpConfiguration spConfig) throws Pvp2Exception { - return Pair.newInstance(authData.getBpk(), authData.getBpkType()); - } + @Override + public Pair<String, String> generateSubjectNameId(IAuthData authData, ISpConfiguration spConfig) + throws Pvp2Exception { + return Pair.newInstance(authData.getBpk(), authData.getBpkType()); + } } diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PVPEndPointConfiguration.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PVPEndPointConfiguration.java deleted file mode 100644 index 4086ef7e..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PVPEndPointConfiguration.java +++ /dev/null @@ -1,90 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ -package at.asitplus.eidas.specific.connector.config; - -import java.util.List; - -import org.opensaml.saml2.metadata.ContactPerson; -import org.opensaml.saml2.metadata.Organization; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; - -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; - -@Service("PVPEndPointConfiguration") -public class PVPEndPointConfiguration implements IPvp2BasicConfiguration { - private static final Logger log = LoggerFactory.getLogger(PVPEndPointConfiguration.class); - - @Autowired(required=true) IConfiguration basicConfiguration; - - @Override - public String getIdpEntityId(String authURL) throws EaafException { - return removePostFix(authURL) + MSeIDASNodeConstants.ENDPOINT_PVP_METADATA; - - } - - @Override - public String getIdpSsoPostService(String authURL) throws EaafException { - return removePostFix(authURL) + MSeIDASNodeConstants.ENDPOINT_PVP_POST; - - } - - @Override - public String getIdpSsoRedirectService(String authURL) throws EaafException { - return removePostFix(authURL) + MSeIDASNodeConstants.ENDPOINT_PVP_REDIRECT; - - } - - @Override - public Object getIdpSsoSoapService(String extractAuthURLFromRequest) throws EaafException { - log.warn("PVP S-Profile End-Point does NOT support SOAP Binding"); - return null; - - } - - @Override - public List<ContactPerson> getIdpContacts() throws EaafException { - // Return contact person, if it shall be included in metadata - return null; - } - - @Override - public Organization getIdpOrganisation() throws EaafException { - // Return organization, if it shall be included in metadata - return null; - } - - private String removePostFix(String url) { - if (url != null && url.endsWith("/")) - return url.substring(0, url.length() - 1); - else - return url; - } -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PVPMetadataConfiguration.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PVPMetadataConfiguration.java deleted file mode 100644 index 62ca42ac..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PVPMetadataConfiguration.java +++ /dev/null @@ -1,262 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ -package at.asitplus.eidas.specific.connector.config; - -import java.util.Arrays; -import java.util.List; - -import org.opensaml.saml2.core.Attribute; -import org.opensaml.saml2.core.NameIDType; -import org.opensaml.saml2.metadata.ContactPerson; -import org.opensaml.saml2.metadata.Organization; -import org.opensaml.saml2.metadata.RequestedAttribute; -import org.opensaml.xml.security.credential.Credential; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; - -public class PVPMetadataConfiguration implements IPvpMetadataBuilderConfiguration{ - private static final Logger log = LoggerFactory.getLogger(PVPMetadataConfiguration.class); - - private IConfiguration basicConfig; - private String authUrl; - private AbstractCredentialProvider pvpIDPCredentials; - private IPvp2BasicConfiguration pvpBasicConfig; - - public PVPMetadataConfiguration(IConfiguration basicConfig, String authURL, IPvp2BasicConfiguration pvpBasicConfig, AbstractCredentialProvider pvpIDPCredentials) { - this.authUrl = authURL; - this.pvpIDPCredentials = pvpIDPCredentials; - this.basicConfig = basicConfig; - this.pvpBasicConfig = pvpBasicConfig; - - } - - @Override - public String getSpNameForLogging() { - return "PVP2 S-Profile IDP"; - } - - @Override - public int getMetadataValidUntil() { - return Integer.valueOf(basicConfig.getBasicConfiguration( - MSeIDASNodeConstants.PROP_CONFIG_PVP2_METADATA_VALIDITY, - String.valueOf(MSeIDASNodeConstants.DEFAULT_PVP_METADATA_VALIDITY))); - - } - - @Override - public boolean buildEntitiesDescriptorAsRootElement() { - return false; - - } - - @Override - public boolean buildIdpSsoDescriptor() { - return true; - - } - - @Override - public boolean buildSpSsoDescriptor() { - return false; - - } - - @Override - public String getEntityID() { - try { - return pvpBasicConfig.getIdpEntityId(authUrl); - - } catch (EaafException e) { - log.error("Can NOT build PVP metadata configuration.", e); - throw new RuntimeException("Can NOT build PVP metadata configuration."); - - } - - } - - @Override - public String getEntityFriendlyName() { - return null; - - } - - @Override - public List<ContactPerson> getContactPersonInformation() { - try { - return pvpBasicConfig.getIdpContacts(); - - } catch (EaafException e) { - log.error("Can NOT build PVP metadata configuration.", e); - throw new RuntimeException("Can NOT build PVP metadata configuration."); - - } - - } - - @Override - public Organization getOrgansiationInformation() { - try { - return pvpBasicConfig.getIdpOrganisation(); - - } catch (EaafException e) { - log.error("Can NOT build PVP metadata configuration.", e); - throw new RuntimeException("Can NOT build PVP metadata configuration."); - - } - } - - @Override - public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException { - return pvpIDPCredentials.getIdpMetaDataSigningCredential(); - - } - - @Override - public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException { - return pvpIDPCredentials.getIdpAssertionSigningCredential(); - - } - - @Override - public Credential getEncryptionCredentials() throws CredentialsNotAvailableException { - return null; - - - } - - @Override - public String getIdpWebSsoPostBindingUrl() { - try { - return pvpBasicConfig.getIdpSsoPostService(authUrl); - - } catch (EaafException e) { - log.error("Can NOT build PVP metadata configuration.", e); - throw new RuntimeException("Can NOT build PVP metadata configuration."); - - } - - } - - @Override - public String getIdpWebSsoRedirectBindingUrl() { - try { - return pvpBasicConfig.getIdpSsoRedirectService(authUrl); - - } catch (EaafException e) { - log.error("Can NOT build PVP metadata configuration.", e); - throw new RuntimeException("Can NOT build PVP metadata configuration."); - - } - } - - @Override - public String getIdpSloPostBindingUrl() { - return null; - - } - - @Override - public String getIdpSloRedirectBindingUrl() { - return null; - - } - - @Override - public String getSpAssertionConsumerServicePostBindingUrl() { - return null; - - } - - @Override - public String getSpAssertionConsumerServiceRedirectBindingUrl() { - return null; - - } - - @Override - public String getSpSloPostBindingUrl() { - return null; - - } - - @Override - public String getSpSloRedirectBindingUrl() { - return null; - - } - - @Override - public String getSpSloSoapBindingUrl() { - return null; - - } - - @Override - public List<Attribute> getIdpPossibleAttributes() { - return PvpAttributeBuilder.buildSupportedEmptyAttributes(); - - } - - @Override - public List<String> getIdpPossibleNameIdTypes() { - return Arrays.asList(NameIDType.PERSISTENT, - NameIDType.TRANSIENT, - NameIDType.UNSPECIFIED); - } - - @Override - public List<RequestedAttribute> getSpRequiredAttributes() { - return null; - - } - - @Override - public List<String> getSpAllowedNameIdTypes() { - return null; - - } - - @Override - public boolean wantAssertionSigned() { - return false; - - } - - @Override - public boolean wantAuthnRequestSigned() { - return true; - - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpEndPointConfiguration.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpEndPointConfiguration.java new file mode 100644 index 00000000..fb7cb625 --- /dev/null +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpEndPointConfiguration.java @@ -0,0 +1,91 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.connector.config; + +import java.util.List; + +import org.opensaml.saml2.metadata.ContactPerson; +import org.opensaml.saml2.metadata.Organization; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; + +@Service("PVPEndPointConfiguration") +public class PvpEndPointConfiguration implements IPvp2BasicConfiguration { + private static final Logger log = LoggerFactory.getLogger(PvpEndPointConfiguration.class); + + @Autowired(required = true) + IConfiguration basicConfiguration; + + @Override + public String getIdpEntityId(String authUrl) throws EaafException { + return removePostFix(authUrl) + MsEidasNodeConstants.ENDPOINT_PVP_METADATA; + + } + + @Override + public String getIdpSsoPostService(String authUrl) throws EaafException { + return removePostFix(authUrl) + MsEidasNodeConstants.ENDPOINT_PVP_POST; + + } + + @Override + public String getIdpSsoRedirectService(String authUrl) throws EaafException { + return removePostFix(authUrl) + MsEidasNodeConstants.ENDPOINT_PVP_REDIRECT; + + } + + @Override + public Object getIdpSsoSoapService(String extractAuthUrlFromRequest) throws EaafException { + log.warn("PVP S-Profile End-Point does NOT support SOAP Binding"); + return null; + + } + + @Override + public List<ContactPerson> getIdpContacts() throws EaafException { + // Return contact person, if it shall be included in metadata + return null; + } + + @Override + public Organization getIdpOrganisation() throws EaafException { + // Return organization, if it shall be included in metadata + return null; + } + + private String removePostFix(String url) { + if (url != null && url.endsWith("/")) { + return url.substring(0, url.length() - 1); + } else { + return url; + } + } +} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpMetadataConfiguration.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpMetadataConfiguration.java new file mode 100644 index 00000000..f1828f87 --- /dev/null +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpMetadataConfiguration.java @@ -0,0 +1,269 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.connector.config; + +import java.util.Arrays; +import java.util.List; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.NameIDType; +import org.opensaml.saml2.metadata.ContactPerson; +import org.opensaml.saml2.metadata.Organization; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.xml.security.credential.Credential; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; + +public class PvpMetadataConfiguration implements IPvpMetadataBuilderConfiguration { + private static final Logger log = LoggerFactory.getLogger(PvpMetadataConfiguration.class); + + private final IConfiguration basicConfig; + private final String authUrl; + private final AbstractCredentialProvider pvpIdpCredentials; + private final IPvp2BasicConfiguration pvpBasicConfig; + + /** + * Configuration object to create PVP2 S-Profile metadata. + * + * @param basicConfig Application configuration + * @param authUrl Public-URL Prefix of the application + * @param pvpBasicConfig PVP2 configuration object + * @param pvpIdpCredentials PVP2 credentials + */ + public PvpMetadataConfiguration(IConfiguration basicConfig, String authUrl, + IPvp2BasicConfiguration pvpBasicConfig, AbstractCredentialProvider pvpIdpCredentials) { + this.authUrl = authUrl; + this.pvpIdpCredentials = pvpIdpCredentials; + this.basicConfig = basicConfig; + this.pvpBasicConfig = pvpBasicConfig; + + } + + @Override + public String getSpNameForLogging() { + return "PVP2 S-Profile IDP"; + } + + @Override + public int getMetadataValidUntil() { + return Integer.parseInt(basicConfig.getBasicConfiguration( + MsEidasNodeConstants.PROP_CONFIG_PVP2_METADATA_VALIDITY, + String.valueOf(MsEidasNodeConstants.DEFAULT_PVP_METADATA_VALIDITY))); + + } + + @Override + public boolean buildEntitiesDescriptorAsRootElement() { + return false; + + } + + @Override + public boolean buildIdpSsoDescriptor() { + return true; + + } + + @Override + public boolean buildSpSsoDescriptor() { + return false; + + } + + @Override + public String getEntityID() { + try { + return pvpBasicConfig.getIdpEntityId(authUrl); + + } catch (final EaafException e) { + log.error("Can NOT build PVP metadata configuration.", e); + throw new RuntimeException("Can NOT build PVP metadata configuration."); + + } + + } + + @Override + public String getEntityFriendlyName() { + return null; + + } + + @Override + public List<ContactPerson> getContactPersonInformation() { + try { + return pvpBasicConfig.getIdpContacts(); + + } catch (final EaafException e) { + log.error("Can NOT build PVP metadata configuration.", e); + throw new RuntimeException("Can NOT build PVP metadata configuration."); + + } + + } + + @Override + public Organization getOrgansiationInformation() { + try { + return pvpBasicConfig.getIdpOrganisation(); + + } catch (final EaafException e) { + log.error("Can NOT build PVP metadata configuration.", e); + throw new RuntimeException("Can NOT build PVP metadata configuration."); + + } + } + + @Override + public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException { + return pvpIdpCredentials.getIdpMetaDataSigningCredential(); + + } + + @Override + public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException { + return pvpIdpCredentials.getIdpAssertionSigningCredential(); + + } + + @Override + public Credential getEncryptionCredentials() throws CredentialsNotAvailableException { + return null; + + } + + @Override + public String getIdpWebSsoPostBindingUrl() { + try { + return pvpBasicConfig.getIdpSsoPostService(authUrl); + + } catch (final EaafException e) { + log.error("Can NOT build PVP metadata configuration.", e); + throw new RuntimeException("Can NOT build PVP metadata configuration."); + + } + + } + + @Override + public String getIdpWebSsoRedirectBindingUrl() { + try { + return pvpBasicConfig.getIdpSsoRedirectService(authUrl); + + } catch (final EaafException e) { + log.error("Can NOT build PVP metadata configuration.", e); + throw new RuntimeException("Can NOT build PVP metadata configuration."); + + } + } + + @Override + public String getIdpSloPostBindingUrl() { + return null; + + } + + @Override + public String getIdpSloRedirectBindingUrl() { + return null; + + } + + @Override + public String getSpAssertionConsumerServicePostBindingUrl() { + return null; + + } + + @Override + public String getSpAssertionConsumerServiceRedirectBindingUrl() { + return null; + + } + + @Override + public String getSpSloPostBindingUrl() { + return null; + + } + + @Override + public String getSpSloRedirectBindingUrl() { + return null; + + } + + @Override + public String getSpSloSoapBindingUrl() { + return null; + + } + + @Override + public List<Attribute> getIdpPossibleAttributes() { + return PvpAttributeBuilder.buildSupportedEmptyAttributes(); + + } + + @Override + public List<String> getIdpPossibleNameIdTypes() { + return Arrays.asList(NameIDType.PERSISTENT, + NameIDType.TRANSIENT, + NameIDType.UNSPECIFIED); + } + + @Override + public List<RequestedAttribute> getSpRequiredAttributes() { + return null; + + } + + @Override + public List<String> getSpAllowedNameIdTypes() { + return null; + + } + + @Override + public boolean wantAssertionSigned() { + return false; + + } + + @Override + public boolean wantAuthnRequestSigned() { + return true; + + } + +} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/StaticResourceConfiguration.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/config/StaticResourceConfiguration.java index 97842262..81ab02ce 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/StaticResourceConfiguration.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/config/StaticResourceConfiguration.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2019 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,7 +19,8 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ + */ + package at.asitplus.eidas.specific.connector.config; import java.net.MalformedURLException; @@ -33,129 +34,164 @@ import org.springframework.context.annotation.Configuration; import org.springframework.context.support.ReloadableResourceBundleMessageSource; import org.springframework.web.servlet.config.annotation.EnableWebMvc; import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; -import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import org.springframework.web.servlet.i18n.CookieLocaleResolver; import org.thymeleaf.templateresolver.FileTemplateResolver; -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; /** + * Spring configurator for Web resources. + * * @author tlenz * */ @Configuration @EnableWebMvc -public class StaticResourceConfiguration extends WebMvcConfigurerAdapter { - private static final Logger log = LoggerFactory.getLogger(StaticResourceConfiguration.class); - private static final String[] CLASSPATH_RESOURCE_LOCATIONS = { - "/" - }; - - private static final String DEFAULT_MESSAGE_SOURCE = "classpath:properties/status_messages"; - - @Autowired private IConfiguration basicConfig; - - - @Override - public void addResourceHandlers(ResourceHandlerRegistry registry) { - String staticResources = basicConfig.getBasicConfiguration(MSeIDASNodeConstants.PROP_CONFIG_WEBCONTENT_STATIC_PATH); - try { - if (StringUtils.isNotEmpty(staticResources)) { - String absPath = FileUtils.makeAbsoluteUrl(staticResources , basicConfig.getConfigurationRootDirectory()); - if (!absPath.endsWith("/")) - absPath += "/"; - - registry.addResourceHandler("/static/**").addResourceLocations(absPath); - log.info("Add Ressourcefolder: " + absPath + " for static Web content"); - - } else - log.debug("No Ressourcefolder for static Web content"); - - } catch (MalformedURLException e) { - log.warn("Can NOT initialize ressourcefolder for static Web content", e); - - } - - registry.addResourceHandler("/**").addResourceLocations(CLASSPATH_RESOURCE_LOCATIONS); - - } - - @Bean - public ReloadableResourceBundleMessageSource internalMessageSource(){ - final ReloadableResourceBundleMessageSource messageSource = new ReloadableResourceBundleMessageSource(); - - //add default message source - messageSource.setBasename(DEFAULT_MESSAGE_SOURCE); - messageSource.setDefaultEncoding("UTF-8"); - return messageSource; - - } - - @Bean - public ReloadableResourceBundleMessageSource messageSource(){ - final ReloadableResourceBundleMessageSource messageSource = new ReloadableResourceBundleMessageSource(); - messageSource.setDefaultEncoding("UTF-8"); - messageSource.setParentMessageSource(internalMessageSource()); - - final String staticResources = basicConfig.getBasicConfiguration(MSeIDASNodeConstants.PROP_CONFIG_WEBCONTENT_PROPERTIES_PATH); - try { - if (StringUtils.isNotEmpty(staticResources)) { - final String absPath = FileUtils.makeAbsoluteUrl(staticResources , basicConfig.getConfigurationRootDirectory()); - messageSource.setBasename(absPath); - - } else - log.debug("No Ressourcefolder for dynamic Web content templates"); - - } catch (final MalformedURLException e) { - log.warn("Can NOT initialize ressourcefolder for dynamic Web content templates", e); - - } - - return messageSource; - - } - - @Bean - public CookieLocaleResolver localeResolver(){ - final CookieLocaleResolver localeResolver = new CookieLocaleResolver(); - localeResolver.setCookieName("currentLanguage"); - localeResolver.setCookieMaxAge(3600); - return localeResolver; - } - - @Bean(name="templateResolver") - public FileTemplateResolver templateResolver() { - final String staticResources = basicConfig.getBasicConfiguration(MSeIDASNodeConstants.PROP_CONFIG_WEBCONTENT_TEMPLATES_PATH); - try { - if (StringUtils.isNotEmpty(staticResources)) { - String absPath = FileUtils.makeAbsoluteUrl(staticResources , basicConfig.getConfigurationRootDirectory()); - if (!absPath.endsWith("/")) - absPath += "/"; - - if (absPath.startsWith("file:")) - absPath = absPath.substring("file:".length()); - - final FileTemplateResolver viewResolver = new FileTemplateResolver(); - viewResolver.setPrefix(absPath); - viewResolver.setSuffix(".html"); - viewResolver.setTemplateMode("HTML5"); - viewResolver.setCacheable(false); - - log.info("Add Ressourcefolder: " + absPath + " for dynamic Web content templates"); - return viewResolver ; - - } else - log.debug("No Ressourcefolder for dynamic Web content templates"); - - } catch (final MalformedURLException e) { - log.warn("Can NOT initialize ressourcefolder for dynamic Web content templates", e); - - } - - //TODO: implement some backup solution - return null; - - } +public class StaticResourceConfiguration implements WebMvcConfigurer { + private static final Logger log = LoggerFactory.getLogger(StaticResourceConfiguration.class); + private static final String[] CLASSPATH_RESOURCE_LOCATIONS = { + "/" + }; + + private static final String DEFAULT_MESSAGE_SOURCE = "classpath:properties/status_messages"; + + @Autowired + private IConfiguration basicConfig; + + @Override + public void addResourceHandlers(ResourceHandlerRegistry registry) { + final String staticResources = basicConfig.getBasicConfiguration( + MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_STATIC_PATH); + try { + if (StringUtils.isNotEmpty(staticResources)) { + String absPath = FileUtils.makeAbsoluteUrl(staticResources, basicConfig + .getConfigurationRootDirectory()); + if (!absPath.endsWith("/")) { + absPath += "/"; + } + + registry.addResourceHandler("/static/**").addResourceLocations(absPath); + log.info("Add Ressourcefolder: " + absPath + " for static Web content"); + + } else { + log.debug("No Ressourcefolder for static Web content"); + } + + } catch (final MalformedURLException e) { + log.warn("Can NOT initialize ressourcefolder for static Web content", e); + + } + + registry.addResourceHandler("/**").addResourceLocations(CLASSPATH_RESOURCE_LOCATIONS); + + } + + /** + * Internal i18n message source. + * + * @return + */ + @Bean + public ReloadableResourceBundleMessageSource internalMessageSource() { + final ReloadableResourceBundleMessageSource messageSource = new ReloadableResourceBundleMessageSource(); + + // add default message source + messageSource.setBasename(DEFAULT_MESSAGE_SOURCE); + messageSource.setDefaultEncoding("UTF-8"); + return messageSource; + + } + + /** + * External i18n message source. + * + * @return + */ + @Bean + public ReloadableResourceBundleMessageSource messageSource() { + final ReloadableResourceBundleMessageSource messageSource = new ReloadableResourceBundleMessageSource(); + messageSource.setDefaultEncoding("UTF-8"); + messageSource.setParentMessageSource(internalMessageSource()); + + final String staticResources = basicConfig.getBasicConfiguration( + MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_PROPERTIES_PATH); + try { + if (StringUtils.isNotEmpty(staticResources)) { + final String absPath = FileUtils.makeAbsoluteUrl(staticResources, basicConfig + .getConfigurationRootDirectory()); + messageSource.setBasename(absPath); + + } else { + log.debug("No Ressourcefolder for dynamic Web content templates"); + } + + } catch (final MalformedURLException e) { + log.warn("Can NOT initialize ressourcefolder for dynamic Web content templates", e); + + } + + return messageSource; + + } + + /** + * Cookie based i18n language selector. + * + * @return + */ + @Bean + public CookieLocaleResolver localeResolver() { + final CookieLocaleResolver localeResolver = new CookieLocaleResolver(); + localeResolver.setCookieName("currentLanguage"); + localeResolver.setCookieMaxAge(3600); + return localeResolver; + } + + + /** + * Thymeleaf based template resolver. + * + * @return + */ + @Bean(name = "templateResolver") + public FileTemplateResolver templateResolver() { + final String staticResources = basicConfig.getBasicConfiguration( + MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_TEMPLATES_PATH); + try { + if (StringUtils.isNotEmpty(staticResources)) { + String absPath = FileUtils.makeAbsoluteUrl(staticResources, basicConfig + .getConfigurationRootDirectory()); + if (!absPath.endsWith("/")) { + absPath += "/"; + } + + if (absPath.startsWith("file:")) { + absPath = absPath.substring("file:".length()); + } + + final FileTemplateResolver viewResolver = new FileTemplateResolver(); + viewResolver.setPrefix(absPath); + viewResolver.setSuffix(".html"); + viewResolver.setTemplateMode("HTML5"); + viewResolver.setCacheable(false); + + log.info("Add Ressourcefolder: " + absPath + " for dynamic Web content templates"); + return viewResolver; + + } else { + log.debug("No Ressourcefolder for dynamic Web content templates"); + } + + } catch (final MalformedURLException e) { + log.warn("Can NOT initialize ressourcefolder for dynamic Web content templates", e); + + } + + // TODO: implement some backup solution + return null; + + } } diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/MonitoringController.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/MonitoringController.java index 14095ffc..2776ec53 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/MonitoringController.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/MonitoringController.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,7 +19,8 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ +*/ + package at.asitplus.eidas.specific.connector.controller; import java.io.IOException; @@ -42,7 +43,7 @@ import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; @@ -56,197 +57,225 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; @Controller public class MonitoringController { - private static final Logger log = LoggerFactory.getLogger(MonitoringController.class); - - private static final String MESSAGE_OK = "OK"; - private static final String MESSAGE_ERROR = "ERROR"; - private static final String MESSAGE_SKIPPED = "SKIPPED"; - - private static final String TEST_STORAGE = "Storage: "; - private static final String TEST_CONFIG = "Config: "; - private static final String TEST_PVPMETADATA = "PVP_metadata: "; - private static final String TEST_EIDASNODEMETADATA = "eIDASNode_metadata: "; - - @Autowired private ITransactionStorage storage; - @Autowired private IConfigurationWithSP config; - - @Autowired private PvpMetadataBuilder metadatabuilder; - @Autowired private IPvpMetadataConfigurationFactory configFactory; - private AbstractCredentialProvider pvpIDPCredentials; - - /** - * Sets a specific credential provider for PVP S-Profile IDP component. - * @param pvpIDPCredentials credential provider - */ - public void setPvpIDPCredentials(AbstractCredentialProvider pvpIDPCredentials) { - this.pvpIDPCredentials = pvpIDPCredentials; - - } - - @ExceptionHandler({Throwable.class}) - public void genericExceptionHandler(HttpServletResponse resp, Exception exception) throws IOException { - log.error("Monitoring Servlet receives an error." , exception); - resp.setContentType(EaafConstants.CONTENTTYPE_HTML_UTF8); - resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - resp.getWriter().write("Reason: " - + StringEscapeUtils.escapeHtml4(StringEscapeUtils.escapeEcmaScript(exception.getMessage()))); - return; - - } - - @RequestMapping(value = {MSeIDASNodeConstants.ENDPOINT_MONITORING_MONITOR}, - method = {RequestMethod.GET} ) - public void startFullTest(HttpServletRequest req, HttpServletResponse resp) throws IOException { - resp.setContentType(EaafConstants.CONTENTTYPE_HTML_UTF8); - - try { - testConfig(); - testStorage(); - testPVPMetadata(); - testEidasNodeMetadata(); - resp.setStatus(HttpServletResponse.SC_OK); - resp.getWriter().write(MESSAGE_OK); - - } catch (Exception e) { - resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - resp.getWriter().write(MESSAGE_ERROR); - - } - - - } - - @RequestMapping(value = {MSeIDASNodeConstants.ENDPOINT_MONITORING_VERIFY}, - method = {RequestMethod.GET} ) - - public void startSingleTests(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String result = StringUtils.EMPTY; - try { - result += testConfig() + "<br>"; - } catch (Exception e) { - result += e.getMessage() + "<br>"; - } - - try { - result += testStorage() + "<br>"; - } catch (Exception e) { - result += e.getMessage() + "<br>"; - } - - try { - result += testPVPMetadata() + "<br>"; - } catch (Exception e) { - result += e.getMessage() + "<br>"; - } - - try { - result += testEidasNodeMetadata() + "<br>"; - } catch (Exception e) { - result += e.getMessage() + "<br>"; - } - - resp.setContentType(EaafConstants.CONTENTTYPE_HTML_UTF8); - resp.setStatus(HttpServletResponse.SC_OK); - resp.getWriter().write(result); - - } - - private String testStorage( ) throws Exception { - try { - String key = Random.nextHexRandom16(); - String value = Random.nextHexRandom16(); - - storage.put(key, value, -1); - String result = storage.get(key, String.class); - storage.remove(key); - - if (result != null && result.equals(value)) - return TEST_STORAGE + MESSAGE_OK; - else - log.warn("Montioring: TestValue: " + value + " does NOT match in Storage test"); - - } catch (EaafException e) { - log.warn("Montioring: Can not read/write to storage.", e); - - } - - throw new Exception(TEST_STORAGE + MESSAGE_ERROR); - - } - - private String testConfig( ) throws Exception { - try { - if (config.getBasicConfigurationWithPrefix(MSeIDASNodeConstants.PROP_CONFIG_SP_LIST_PREFIX) != null - && config.getBasicConfigurationWithPrefix(MSeIDASNodeConstants.PROP_CONFIG_SP_LIST_PREFIX).size() > 0) - return TEST_CONFIG + MESSAGE_OK; - - else - log.warn("Montioring: Can not read from configuration file."); - - } catch (Exception e) { - log.warn("Montioring: Can not read from configuration file.", e); - } - - throw new Exception(TEST_CONFIG + MESSAGE_ERROR); - - } - - private String testPVPMetadata() throws Exception { - try { - //build metadata - IPvpMetadataBuilderConfiguration metadataConfig = - configFactory.generateMetadataBuilderConfiguration( - "http://localhost/monitoring", - pvpIDPCredentials); - metadatabuilder.buildPvpMetadata(metadataConfig); - return TEST_PVPMETADATA + MESSAGE_OK; - - } catch (Exception | TransformerFactoryConfigurationError e) { - log.warn("Monitoring: Has an error in '" + TEST_PVPMETADATA + "': " + e.getMessage(), e); - throw new Exception(TEST_PVPMETADATA + MESSAGE_ERROR, e); - - } - - } - - private String testEidasNodeMetadata() throws Exception { - try { - String urlString = config.getBasicConfiguration(MSeIDASNodeConstants.PROP_CONFIG_MONITORING_EIDASNODE_METADATAURL); - if (StringUtils.isEmpty(urlString)) { - log.debug("No eIDASNode metadata URL. Skipping test ... "); - return TEST_EIDASNODEMETADATA + MESSAGE_SKIPPED; - - } - - //create HTTP client - //TODO: update if we switch to openSAML3 - HttpClient httpClient = new HttpClient(); - - //set parameters - HttpClientParams params = new HttpClientParams(); - params.setSoTimeout(5*1000); - httpClient.setParams(params ); - - //request URL - HttpMethod method = new GetMethod(urlString); - int respCode = httpClient.executeMethod(method); - if (respCode != 200) { - log.warn("Monitoring: Has an error in '" + TEST_EIDASNODEMETADATA + "': " + " HTTP responsecode: " + respCode); - throw new Exception(TEST_EIDASNODEMETADATA + MESSAGE_ERROR); - - } - - //parse metadata - DomUtils.parseXmlNonValidating(method.getResponseBodyAsStream()); - - return TEST_EIDASNODEMETADATA + MESSAGE_OK; - - } catch (Exception | TransformerFactoryConfigurationError e) { - log.warn("Monitoring: Has an error in '" + TEST_EIDASNODEMETADATA + "': " + e.getMessage(), e); - throw new Exception(TEST_EIDASNODEMETADATA + MESSAGE_ERROR, e); - - } - - } - + private static final Logger log = LoggerFactory.getLogger(MonitoringController.class); + + private static final String MESSAGE_OK = "OK"; + private static final String MESSAGE_ERROR = "ERROR"; + private static final String MESSAGE_SKIPPED = "SKIPPED"; + + private static final String TEST_STORAGE = "Storage: "; + private static final String TEST_CONFIG = "Config: "; + private static final String TEST_PVPMETADATA = "PVP_metadata: "; + private static final String TEST_EIDASNODEMETADATA = "eIDASNode_metadata: "; + + @Autowired + private ITransactionStorage storage; + @Autowired + private IConfigurationWithSP config; + + @Autowired + private PvpMetadataBuilder metadatabuilder; + @Autowired + private IPvpMetadataConfigurationFactory configFactory; + private AbstractCredentialProvider pvpIdpCredentials; + + /** + * Sets a specific credential provider for PVP S-Profile IDP component. + * + * @param pvpIdpCredentials credential provider + */ + public void setPvpIdpCredentials(AbstractCredentialProvider pvpIdpCredentials) { + this.pvpIdpCredentials = pvpIdpCredentials; + + } + + /** + * Generic exception handling that wrote an error-message to html response. + * + * @param resp Http response object + * @param exception Error + * @throws IOException In case of a html response error. + */ + @ExceptionHandler({ Throwable.class }) + public void genericExceptionHandler(HttpServletResponse resp, Exception exception) throws IOException { + log.error("Monitoring Servlet receives an error.", exception); + resp.setContentType(EaafConstants.CONTENTTYPE_HTML_UTF8); + resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + resp.getWriter().write("Reason: " + + StringEscapeUtils.escapeHtml4(StringEscapeUtils.escapeEcmaScript(exception.getMessage()))); + + } + + /** + * MS-Connector status-monitoring end-point. + * + * @param req http request + * @param resp http response + * @throws IOException In case of a general processing error + */ + @RequestMapping(value = { MsEidasNodeConstants.ENDPOINT_MONITORING_MONITOR }, + method = { RequestMethod.GET }) + public void startFullTest(HttpServletRequest req, HttpServletResponse resp) throws IOException { + resp.setContentType(EaafConstants.CONTENTTYPE_HTML_UTF8); + + try { + testConfig(); + testStorage(); + testPvpMetadata(); + testEidasNodeMetadata(); + resp.setStatus(HttpServletResponse.SC_OK); + resp.getWriter().write(MESSAGE_OK); + + } catch (final Exception e) { + resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + resp.getWriter().write(MESSAGE_ERROR); + + } + + } + + /** + * MS-Connector internal verify monitoring end-point. + * + * @param req http request object + * @param resp http response object + * @throws IOException In case of an internal processing error + */ + @RequestMapping(value = { MsEidasNodeConstants.ENDPOINT_MONITORING_VERIFY }, + method = { RequestMethod.GET }) + + public void startSingleTests(HttpServletRequest req, HttpServletResponse resp) throws IOException { + String result = StringUtils.EMPTY; + try { + result += testConfig() + "<br>"; + } catch (final Exception e) { + result += e.getMessage() + "<br>"; + } + + try { + result += testStorage() + "<br>"; + } catch (final Exception e) { + result += e.getMessage() + "<br>"; + } + + try { + result += testPvpMetadata() + "<br>"; + } catch (final Exception e) { + result += e.getMessage() + "<br>"; + } + + try { + result += testEidasNodeMetadata() + "<br>"; + } catch (final Exception e) { + result += e.getMessage() + "<br>"; + } + + resp.setContentType(EaafConstants.CONTENTTYPE_HTML_UTF8); + resp.setStatus(HttpServletResponse.SC_OK); + resp.getWriter().write(result); + + } + + private String testStorage() throws Exception { + try { + final String key = Random.nextHexRandom16(); + final String value = Random.nextHexRandom16(); + + storage.put(key, value, -1); + final String result = storage.get(key, String.class); + storage.remove(key); + + if (result != null && result.equals(value)) { + return TEST_STORAGE + MESSAGE_OK; + } else { + log.warn("Montioring: TestValue: " + value + " does NOT match in Storage test"); + } + + } catch (final EaafException e) { + log.warn("Montioring: Can not read/write to storage.", e); + + } + + throw new Exception(TEST_STORAGE + MESSAGE_ERROR); + + } + + private String testConfig() throws Exception { + try { + if (config.getBasicConfigurationWithPrefix(MsEidasNodeConstants.PROP_CONFIG_SP_LIST_PREFIX) != null + && config.getBasicConfigurationWithPrefix(MsEidasNodeConstants.PROP_CONFIG_SP_LIST_PREFIX) + .size() > 0) { + return TEST_CONFIG + MESSAGE_OK; + } else { + log.warn("Montioring: Can not read from configuration file."); + } + + } catch (final Exception e) { + log.warn("Montioring: Can not read from configuration file.", e); + } + + throw new Exception(TEST_CONFIG + MESSAGE_ERROR); + + } + + private String testPvpMetadata() throws Exception { + try { + // build metadata + final IPvpMetadataBuilderConfiguration metadataConfig = + configFactory.generateMetadataBuilderConfiguration( + "http://localhost/monitoring", + pvpIdpCredentials); + metadatabuilder.buildPvpMetadata(metadataConfig); + return TEST_PVPMETADATA + MESSAGE_OK; + + } catch (Exception | TransformerFactoryConfigurationError e) { + log.warn("Monitoring: Has an error in '" + TEST_PVPMETADATA + "': " + e.getMessage(), e); + throw new Exception(TEST_PVPMETADATA + MESSAGE_ERROR, e); + + } + + } + + private String testEidasNodeMetadata() throws Exception { + try { + final String urlString = config.getBasicConfiguration( + MsEidasNodeConstants.PROP_CONFIG_MONITORING_EIDASNODE_METADATAURL); + if (StringUtils.isEmpty(urlString)) { + log.debug("No eIDASNode metadata URL. Skipping test ... "); + return TEST_EIDASNODEMETADATA + MESSAGE_SKIPPED; + + } + + // create HTTP client + // TODO: update if we switch to openSAML3 + final HttpClient httpClient = new HttpClient(); + + // set parameters + final HttpClientParams params = new HttpClientParams(); + params.setSoTimeout(5 * 1000); + httpClient.setParams(params); + + // request URL + final HttpMethod method = new GetMethod(urlString); + final int respCode = httpClient.executeMethod(method); + if (respCode != 200) { + log.warn("Monitoring: Has an error in '" + TEST_EIDASNODEMETADATA + "': " + " HTTP responsecode: " + + respCode); + throw new Exception(TEST_EIDASNODEMETADATA + MESSAGE_ERROR); + + } + + // parse metadata + DomUtils.parseXmlNonValidating(method.getResponseBodyAsStream()); + + return TEST_EIDASNODEMETADATA + MESSAGE_OK; + + } catch (Exception | TransformerFactoryConfigurationError e) { + log.warn("Monitoring: Has an error in '" + TEST_EIDASNODEMETADATA + "': " + e.getMessage(), e); + throw new Exception(TEST_EIDASNODEMETADATA + MESSAGE_ERROR, e); + + } + + } + } diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/PVP2SProfileEndpoint.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/PVP2SProfileEndpoint.java deleted file mode 100644 index 19230c62..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/PVP2SProfileEndpoint.java +++ /dev/null @@ -1,81 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ -package at.asitplus.eidas.specific.connector.controller; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; - -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.modules.pvp2.idp.impl.AbstractPvp2XProtocol; -import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PvpSProfilePendingRequest; - -@Controller -public class PVP2SProfileEndpoint extends AbstractPvp2XProtocol{ - - public static final String NAME = PVP2SProfileEndpoint.class.getName(); - public static final String PROTOCOL_ID = "pvp2-s"; - - @RequestMapping(value = MSeIDASNodeConstants.ENDPOINT_PVP_METADATA, method = {RequestMethod.POST, RequestMethod.GET}) - public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EaafException { - super.pvpMetadataRequest(req, resp); - - } - - @RequestMapping(value = MSeIDASNodeConstants.ENDPOINT_PVP_POST, method = {RequestMethod.POST}) - public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws EaafException { - super.pvpIdpPostRequest(req, resp); - - } - - @RequestMapping(value = MSeIDASNodeConstants.ENDPOINT_PVP_REDIRECT, method = {RequestMethod.GET}) - public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws EaafException { - super.pvpIdpRedirecttRequest(req, resp); - - } - - - @Override - public String getAuthProtocolIdentifier() { - return PROTOCOL_ID; - } - - @Override - public String getName() { - return NAME; - } - - @Override - protected boolean childPreProcess(HttpServletRequest arg0, HttpServletResponse arg1, PvpSProfilePendingRequest arg2) - throws Throwable { - return false; - } - - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java index bb98f483..1bf1ad67 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,7 +19,8 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ + */ + package at.asitplus.eidas.specific.connector.controller; import java.io.IOException; @@ -31,23 +32,26 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; /** + * Default process-engine signaling controller. + * * @author tlenz * */ @Controller public class ProcessEngineSignalController extends AbstractProcessEngineSignalController { - - @RequestMapping(value = {MSeIDASNodeConstants.ENDPOINT_COUNTRYSELECTION - }, - method = {RequestMethod.POST, RequestMethod.GET}) - public void performGenericAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException, EaafException { - signalProcessManagement(req, resp); - - } + + @RequestMapping(value = { + MsEidasNodeConstants.ENDPOINT_COUNTRYSELECTION + }, + method = { RequestMethod.POST, RequestMethod.GET }) + public void performGenericAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp) + throws IOException, EaafException { + signalProcessManagement(req, resp); + + } } -
\ No newline at end of file diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/Pvp2SProfileEndpoint.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/Pvp2SProfileEndpoint.java new file mode 100644 index 00000000..d2ec5a7c --- /dev/null +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/Pvp2SProfileEndpoint.java @@ -0,0 +1,80 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.connector.controller; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.modules.pvp2.idp.impl.AbstractPvp2XProtocol; +import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PvpSProfilePendingRequest; + +@Controller +public class Pvp2SProfileEndpoint extends AbstractPvp2XProtocol { + + public static final String NAME = Pvp2SProfileEndpoint.class.getName(); + public static final String PROTOCOL_ID = "pvp2-s"; + + @RequestMapping(value = MsEidasNodeConstants.ENDPOINT_PVP_METADATA, method = { RequestMethod.POST, + RequestMethod.GET }) + public void pvpMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EaafException { + super.pvpMetadataRequest(req, resp); + + } + + @RequestMapping(value = MsEidasNodeConstants.ENDPOINT_PVP_POST, method = { RequestMethod.POST }) + public void pvpIdpPostRequest(HttpServletRequest req, HttpServletResponse resp) throws EaafException { + super.pvpIdpPostRequest(req, resp); + + } + + @RequestMapping(value = MsEidasNodeConstants.ENDPOINT_PVP_REDIRECT, method = { RequestMethod.GET }) + public void pvpIdpRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws EaafException { + super.pvpIdpRedirecttRequest(req, resp); + + } + + @Override + public String getAuthProtocolIdentifier() { + return PROTOCOL_ID; + } + + @Override + public String getName() { + return NAME; + } + + @Override + protected boolean childPreProcess(HttpServletRequest arg0, HttpServletResponse arg1, + PvpSProfilePendingRequest arg2) + throws Throwable { + return false; + } + +} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java index e60b535c..d90cd22b 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,7 +19,8 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ +*/ + package at.asitplus.eidas.specific.connector.interceptor; import javax.servlet.http.HttpServletRequest; @@ -29,47 +30,61 @@ import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; /** + * Spring interceptor to inject securtiy headers into http response. + * * @author tlenz * */ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor { - - /* (non-Javadoc) - * @see org.springframework.web.servlet.HandlerInterceptor#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object) - */ - @Override - public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) - throws Exception { - //set security headers - response.setHeader("Expires", "Sat, 6 May 1995 12:00:00 GMT"); - response.setHeader("Pragma", "no-cache"); - response.setHeader("Cache-control", "no-store, no-cache, must-revalidate"); - - return true; - - } + /* + * (non-Javadoc) + * + * @see + * org.springframework.web.servlet.HandlerInterceptor#preHandle(javax.servlet. + * http.HttpServletRequest, javax.servlet.http.HttpServletResponse, + * java.lang.Object) + */ + @Override + public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) + throws Exception { + + // set security headers + response.setHeader("Expires", "Sat, 6 May 1995 12:00:00 GMT"); + response.setHeader("Pragma", "no-cache"); + response.setHeader("Cache-control", "no-store, no-cache, must-revalidate"); - /* (non-Javadoc) - * @see org.springframework.web.servlet.HandlerInterceptor#postHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object, org.springframework.web.servlet.ModelAndView) - */ - @Override - public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, - ModelAndView modelAndView) throws Exception { + return true; - - + } + /* + * (non-Javadoc) + * + * @see + * org.springframework.web.servlet.HandlerInterceptor#postHandle(javax.servlet. + * http.HttpServletRequest, javax.servlet.http.HttpServletResponse, + * java.lang.Object, org.springframework.web.servlet.ModelAndView) + */ + @Override + public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, + ModelAndView modelAndView) throws Exception { - } + } - /* (non-Javadoc) - * @see org.springframework.web.servlet.HandlerInterceptor#afterCompletion(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object, java.lang.Exception) - */ - @Override - public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) - throws Exception { + /* + * (non-Javadoc) + * + * @see + * org.springframework.web.servlet.HandlerInterceptor#afterCompletion(javax. + * servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, + * java.lang.Object, java.lang.Exception) + */ + @Override + public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, + Exception ex) + throws Exception { - } + } } diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/logger/RevisionLogger.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/logger/RevisionLogger.java index faaf1e57..16385e10 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/logger/RevisionLogger.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/logger/RevisionLogger.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,7 +19,8 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ +*/ + package at.asitplus.eidas.specific.connector.logger; import java.util.Date; @@ -28,7 +29,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.gv.egiz.components.eventlog.api.Event; import at.gv.egiz.components.eventlog.api.EventConstants; import at.gv.egiz.components.eventlog.api.EventLogFactory; @@ -39,68 +40,71 @@ import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; public class RevisionLogger extends EventLogFactory implements IRevisionLogger { - private static final Logger log = LoggerFactory.getLogger(RevisionLogger.class); - - @Autowired private IConfiguration basicConfig; - - @Override - public void logEvent(ISpConfiguration oaConfig, int eventCode, String message) { - logEvent(createNewEvent(new Date().getTime(), eventCode, message)); - - } - - @Override - public void logEvent(IRequest pendingRequest, int eventCode) { - logEvent(createNewEvent(new Date().getTime(), eventCode, - pendingRequest.getUniqueSessionIdentifier(), pendingRequest.getUniqueTransactionIdentifier())); - - } - - @Override - public void logEvent(IRequest pendingRequest, int eventCode, String message) { - logEvent(createNewEvent(new Date().getTime(), eventCode, message, - pendingRequest.getUniqueSessionIdentifier(), pendingRequest.getUniqueTransactionIdentifier())); - - } - - @Override - public void logEvent(int eventCode, String message) { - logEvent(createNewEvent(new Date().getTime(), eventCode, message)); - - } - - @Override - public void logEvent(String sessionID, String transactionID, int eventCode, String message) { - logEvent(createNewEvent(new Date().getTime(), eventCode, message, sessionID, transactionID)); - - } - - @Override - public void logEvent(String sessionID, String transactionID, int eventCode) { - logEvent(createNewEvent(new Date().getTime(), eventCode, sessionID, transactionID)); - - } - - private void logEvent(Event event) { - try { - if (event.getEventCode() >= 1100) { - if ( (event.getEventCode() == EventConstants.TRANSACTION_IP) - && !basicConfig.getBasicConfigurationBoolean( - MSeIDASNodeConstants.PROP_CONFIG_REVISIONLOG_LOG_IP_ADDRESS_OF_USER, true) ) { - log.trace("Ignore Event: " + event.getEventCode() + " because IP adresse logging prohibited"); - return; - - } - - getEventLog().logEvent(event); - - } else - log.trace("Ignore Event: " + event.getEventCode() + " because session functionallity is not implemented"); - - } catch (EventLoggingException e) { - log.warn("Event logging FAILED! Reason: " + e.getMessage()); - - } - - } + private static final Logger log = LoggerFactory.getLogger(RevisionLogger.class); + + @Autowired + private IConfiguration basicConfig; + + @Override + public void logEvent(ISpConfiguration oaConfig, int eventCode, String message) { + logEvent(createNewEvent(new Date().getTime(), eventCode, message)); + + } + + @Override + public void logEvent(IRequest pendingRequest, int eventCode) { + logEvent(createNewEvent(new Date().getTime(), eventCode, + pendingRequest.getUniqueSessionIdentifier(), pendingRequest.getUniqueTransactionIdentifier())); + + } + + @Override + public void logEvent(IRequest pendingRequest, int eventCode, String message) { + logEvent(createNewEvent(new Date().getTime(), eventCode, message, + pendingRequest.getUniqueSessionIdentifier(), pendingRequest.getUniqueTransactionIdentifier())); + + } + + @Override + public void logEvent(int eventCode, String message) { + logEvent(createNewEvent(new Date().getTime(), eventCode, message)); + + } + + @Override + public void logEvent(String sessionID, String transactionID, int eventCode, String message) { + logEvent(createNewEvent(new Date().getTime(), eventCode, message, sessionID, transactionID)); + + } + + @Override + public void logEvent(String sessionID, String transactionID, int eventCode) { + logEvent(createNewEvent(new Date().getTime(), eventCode, sessionID, transactionID)); + + } + + private void logEvent(Event event) { + try { + if (event.getEventCode() >= 1100) { + if (event.getEventCode() == EventConstants.TRANSACTION_IP + && !basicConfig.getBasicConfigurationBoolean( + MsEidasNodeConstants.PROP_CONFIG_REVISIONLOG_LOG_IP_ADDRESS_OF_USER, true)) { + log.trace("Ignore Event: " + event.getEventCode() + " because IP adresse logging prohibited"); + return; + + } + + getEventLog().logEvent(event); + + } else { + log.trace("Ignore Event: " + event.getEventCode() + + " because session functionallity is not implemented"); + } + + } catch (final EventLoggingException e) { + log.warn("Event logging FAILED! Reason: " + e.getMessage()); + + } + + } } diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/logger/StatisticLogger.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/logger/StatisticLogger.java index e742c748..3483f367 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/logger/StatisticLogger.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/logger/StatisticLogger.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,7 +19,8 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ +*/ + package at.asitplus.eidas.specific.connector.logger; import org.apache.commons.lang3.StringUtils; @@ -27,7 +28,7 @@ import org.joda.time.DateTime; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger; @@ -35,104 +36,106 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException; public class StatisticLogger implements IStatisticLogger { - private static final Logger log = LoggerFactory.getLogger(StatisticLogger.class); - - private static final String DATEFORMATER = "yyyy.MM.dd-HH:mm:ss+z"; - private static final String STATUS_SUCCESS = "success"; - private static final String STATUS_ERROR = "error"; - - @Override - public void logSuccessOperation(IRequest protocolRequest, IAuthData authData, boolean isSSOSession) { - log.info(buildLogMessage( - protocolRequest.getUniqueTransactionIdentifier(), - protocolRequest.getSpEntityId(), - protocolRequest.getRawData(MSeIDASNodeConstants.DATA_REQUESTERID), - protocolRequest.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), - authData.getCiticenCountryCode(), - STATUS_SUCCESS , - StringUtils.EMPTY, - StringUtils.EMPTY)); - - - } - - @Override - public void logErrorOperation(Throwable throwable) { - String errorId = "TODO"; - if (throwable instanceof EaafException) - errorId = ((EaafException) throwable).getErrorId(); - - log.info(buildLogMessage( - StringUtils.EMPTY, - StringUtils.EMPTY, - StringUtils.EMPTY, - StringUtils.EMPTY, - StringUtils.EMPTY, - STATUS_ERROR, - errorId, - throwable.getMessage())); - - - } - - @Override - public void logErrorOperation(Throwable throwable, IRequest errorRequest) { - String errorId = "TODO"; - if (throwable instanceof EaafException) - errorId = ((EaafException) throwable).getErrorId(); - - if (errorRequest != null) - log.info(buildLogMessage( - errorRequest.getUniqueTransactionIdentifier(), - errorRequest.getSpEntityId(), - errorRequest.getRawData(MSeIDASNodeConstants.DATA_REQUESTERID), - errorRequest.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), - StringUtils.EMPTY, - STATUS_ERROR, - errorId, - throwable.getMessage())); - - else - log.info(buildLogMessage( - StringUtils.EMPTY, - StringUtils.EMPTY, - StringUtils.EMPTY, - StringUtils.EMPTY, - StringUtils.EMPTY, - STATUS_ERROR, - errorId, - throwable.getMessage())); - - } - - @Override - public void internalTesting() throws Exception { - log.trace("Not implemented for a File-based logger"); - - } - - private String buildLogMessage(String tId, String moaIDEntityId, Object requesterId, String target, String cc, - String status, String errorCode, String errorMsg) { - String logMsg = StringUtils.EMPTY; - - //data,tId,MOAID-Id,SP-Id,bPKTarget,CC,status,error-code,error-msg - - logMsg += DateTime.now().toString(DATEFORMATER ) + ","; - logMsg += tId + ","; - logMsg += moaIDEntityId + ","; - - if (requesterId instanceof String && StringUtils.isNotEmpty((String)requesterId)) - logMsg += (String)requesterId + ","; - else - logMsg += StringUtils.EMPTY + ","; - - logMsg += target + ","; - logMsg += cc + ","; - - logMsg += status + ","; - logMsg += errorCode + ","; - logMsg += errorMsg; - - return logMsg; - } + private static final Logger log = LoggerFactory.getLogger(StatisticLogger.class); + + private static final String DATEFORMATER = "yyyy.MM.dd-HH:mm:ss+z"; + private static final String STATUS_SUCCESS = "success"; + private static final String STATUS_ERROR = "error"; + + @Override + public void logSuccessOperation(IRequest protocolRequest, IAuthData authData, boolean isSsoSession) { + log.info(buildLogMessage( + protocolRequest.getUniqueTransactionIdentifier(), + protocolRequest.getSpEntityId(), + protocolRequest.getRawData(MsEidasNodeConstants.DATA_REQUESTERID), + protocolRequest.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), + authData.getCiticenCountryCode(), + STATUS_SUCCESS, + StringUtils.EMPTY, + StringUtils.EMPTY)); + + } + + @Override + public void logErrorOperation(Throwable throwable) { + String errorId = "TODO"; + if (throwable instanceof EaafException) { + errorId = ((EaafException) throwable).getErrorId(); + } + + log.info(buildLogMessage( + StringUtils.EMPTY, + StringUtils.EMPTY, + StringUtils.EMPTY, + StringUtils.EMPTY, + StringUtils.EMPTY, + STATUS_ERROR, + errorId, + throwable.getMessage())); + + } + + @Override + public void logErrorOperation(Throwable throwable, IRequest errorRequest) { + String errorId = "TODO"; + if (throwable instanceof EaafException) { + errorId = ((EaafException) throwable).getErrorId(); + } + + if (errorRequest != null) { + log.info(buildLogMessage( + errorRequest.getUniqueTransactionIdentifier(), + errorRequest.getSpEntityId(), + errorRequest.getRawData(MsEidasNodeConstants.DATA_REQUESTERID), + errorRequest.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), + StringUtils.EMPTY, + STATUS_ERROR, + errorId, + throwable.getMessage())); + } else { + log.info(buildLogMessage( + StringUtils.EMPTY, + StringUtils.EMPTY, + StringUtils.EMPTY, + StringUtils.EMPTY, + StringUtils.EMPTY, + STATUS_ERROR, + errorId, + throwable.getMessage())); + } + + } + + @Override + public void internalTesting() throws Exception { + log.trace("Not implemented for a File-based logger"); + + } + + private String buildLogMessage(String transId, String entityId, Object requesterId, String target, + String cc, + String status, String errorCode, String errorMsg) { + String logMsg = StringUtils.EMPTY; + + // data,tId,MOAID-Id,SP-Id,bPKTarget,CC,status,error-code,error-msg + + logMsg += DateTime.now().toString(DATEFORMATER) + ","; + logMsg += transId + ","; + logMsg += entityId + ","; + + if (requesterId instanceof String && StringUtils.isNotEmpty((String) requesterId)) { + logMsg += (String) requesterId + ","; + } else { + logMsg += StringUtils.EMPTY + ","; + } + + logMsg += target + ","; + logMsg += cc + ","; + + logMsg += status + ","; + logMsg += errorCode + ","; + logMsg += errorMsg; + + return logMsg; + } } diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/mapper/LoALevelMapper.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/mapper/LoALevelMapper.java index f92ccf28..564160be 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/mapper/LoALevelMapper.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/mapper/LoALevelMapper.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,9 +19,8 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ +*/ + package at.asitplus.eidas.specific.connector.mapper; import org.slf4j.Logger; @@ -32,30 +31,30 @@ import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; @Service("LoALevelMapper") -public class LoALevelMapper implements ILoALevelMapper{ - private static final Logger log = LoggerFactory.getLogger(LoALevelMapper.class); - - @Override - public String mapToSecClass(String LoA) { - log.info("Mapping to PVP SecClass is NOT supported"); - return null; - } - - @Override - public String mapToEidasLoa(String LoA) { - if (LoA.startsWith(EaafConstants.EIDAS_LOA_PREFIX)) - return LoA; - - else - log.info("Can NOT map '" + LoA + "' to eIDAS LoA"); - - return null; - - } - - @Override - public String mapEidasQaaToStorkQaa(String eidasqaaLevel) { - return null; - } +public class LoALevelMapper implements ILoALevelMapper { + private static final Logger log = LoggerFactory.getLogger(LoALevelMapper.class); + + @Override + public String mapToSecClass(String loa) { + log.info("Mapping to PVP SecClass is NOT supported"); + return null; + } + + @Override + public String mapToEidasLoa(String loa) { + if (loa.startsWith(EaafConstants.EIDAS_LOA_PREFIX)) { + return loa; + } else { + log.info("Can NOT map '" + loa + "' to eIDAS LoA"); + } + + return null; + + } + + @Override + public String mapEidasQaaToStorkQaa(String eidasqaaLevel) { + return null; + } } diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/CountrySelectionProcessImpl.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/CountrySelectionProcessImpl.java index e4492a3f..805148f7 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/CountrySelectionProcessImpl.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/CountrySelectionProcessImpl.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,47 +19,50 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ +*/ + package at.asitplus.eidas.specific.connector.processes; import org.apache.commons.lang3.StringUtils; -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; /** + * Auth-Process selector for User's country selection. + * * @author tlenz * */ public class CountrySelectionProcessImpl implements AuthModule { - @Override - public int getPriority() { - return 0; - - } + @Override + public int getPriority() { + return 0; + + } + + @Override + public String selectProcess(ExecutionContext context, IRequest pendingReq) { + final Object selectedCountryObj = context.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY); + if (selectedCountryObj != null && selectedCountryObj instanceof String) { + final String selectedCountry = (String) selectedCountryObj; + if (StringUtils.isNotEmpty(selectedCountry)) { + return null; + } + + } + + return "CountrySelectionProcess"; + + } - @Override - public String selectProcess(ExecutionContext context, IRequest pendingReq) { - Object selectedCountryObj = context.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY); - if (selectedCountryObj != null && selectedCountryObj instanceof String) { - String selectedCountry = (String) selectedCountryObj; - if (StringUtils.isNotEmpty(selectedCountry)) - return null; - - } - - return "CountrySelectionProcess"; - - - } + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:processes/CountrySelection.process.xml" }; - @Override - public String[] getProcessDefinitions() { - return new String[] { "classpath:processes/CountrySelection.process.xml" }; - - } + } } diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java index 9a91d407..727653b3 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/EvaluateCountrySelectionTask.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,7 +19,8 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ +*/ + package at.asitplus.eidas.specific.connector.processes.tasks; import java.util.Enumeration; @@ -33,48 +34,50 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Component; -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.controller.tasks.AbstractLocaleAuthServletTask; /** + * Evaluate the User's country selection. + * * @author tlenz * */ @Component("EvaluateCountrySelectionTask") -public class EvaluateCountrySelectionTask extends AbstractLocaleAuthServletTask { - private static final Logger log = LoggerFactory.getLogger(EvaluateCountrySelectionTask.class); - - - @Override - public void executeWithLocale(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { - try { - - // set parameter execution context - Enumeration<String> reqParamNames = request.getParameterNames(); - while(reqParamNames.hasMoreElements()) { - String paramName = reqParamNames.nextElement(); - if (StringUtils.isNotEmpty(paramName) && - !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName)) { - for (String el : MSeIDASNodeConstants.COUNTRY_SELECTION_PARAM_WHITELIST) { - if (el.equalsIgnoreCase(paramName)) - executionContext.put(paramName, - StringEscapeUtils.escapeHtml(request.getParameter(paramName))); - } - } - } - - log.info("Country selection finished. Starting auth. process for country ... "); - - - } catch (Exception e) { - log.warn("EvaluateBKUSelectionTask has an internal error", e); - throw new TaskExecutionException(pendingReq, e.getMessage(), e); - - } - } +public class EvaluateCountrySelectionTask extends AbstractLocaleAuthServletTask { + private static final Logger log = LoggerFactory.getLogger(EvaluateCountrySelectionTask.class); + + @Override + public void executeWithLocale(ExecutionContext executionContext, HttpServletRequest request, + HttpServletResponse response) + throws TaskExecutionException { + try { + + // set parameter execution context + final Enumeration<String> reqParamNames = request.getParameterNames(); + while (reqParamNames.hasMoreElements()) { + final String paramName = reqParamNames.nextElement(); + if (StringUtils.isNotEmpty(paramName) + && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName)) { + for (final String el : MsEidasNodeConstants.COUNTRY_SELECTION_PARAM_WHITELIST) { + if (el.equalsIgnoreCase(paramName)) { + executionContext.put(paramName, + StringEscapeUtils.escapeHtml(request.getParameter(paramName))); + } + } + } + } + + log.info("Country selection finished. Starting auth. process for country ... "); + + } catch (final Exception e) { + log.warn("EvaluateBKUSelectionTask has an internal error", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + } } diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java index 5f3fb20a..bf7453de 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/processes/tasks/GenerateCountrySelectionFrameTask.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,7 +19,8 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ +*/ + package at.asitplus.eidas.specific.connector.processes.tasks; import javax.servlet.http.HttpServletRequest; @@ -30,8 +31,8 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.asitplus.eidas.specific.connector.MSConnectorEventCodes; -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; +import at.asitplus.eidas.specific.connector.MsConnectorEventCodes; +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.asitplus.eidas.specific.connector.gui.StaticGuiBuilderConfiguration; import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration; import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; @@ -43,42 +44,49 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; /** + * Create country-selection page. + * * @author tlenz * */ @Component("GenerateCountrySelectionFrameTask") public class GenerateCountrySelectionFrameTask extends AbstractAuthServletTask { - private static final Logger log = LoggerFactory.getLogger(GenerateCountrySelectionFrameTask.class); - - @Autowired ISpringMvcGuiFormBuilder guiBuilder; - @Autowired IConfiguration basicConfig; - - @Override - public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { - try { - revisionsLogger.logEvent(pendingReq, MSConnectorEventCodes.STARTING_COUNTRY_SELECTION); - - IGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( - basicConfig, - pendingReq, - MSeIDASNodeConstants.TEMPLATE_HTML_COUNTRYSELECTION, - MSeIDASNodeConstants.ENDPOINT_COUNTRYSELECTION); - - guiBuilder.build(request, response, config, "BKU-Selection form"); - - } catch (GuiBuildException e) { - log.warn("Can not build GUI:'BKU-Selection'. Msg:" + e.getMessage()); - throw new TaskExecutionException(pendingReq, - "Can not build GUI. Msg:" + e.getMessage(), - new EaafException("gui.00", new Object[]{e.getMessage()}, e)); - - } catch (Exception e) { - log.warn("FinalizeAuthenticationTask has an internal error", e); - throw new TaskExecutionException(pendingReq, e.getMessage(), e); - - } - - } + private static final Logger log = LoggerFactory.getLogger(GenerateCountrySelectionFrameTask.class); + + @Autowired + ISpringMvcGuiFormBuilder guiBuilder; + @Autowired + IConfiguration basicConfig; + + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, + HttpServletResponse response) + throws TaskExecutionException { + try { + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.STARTING_COUNTRY_SELECTION); + + final IGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( + basicConfig, + pendingReq, + MsEidasNodeConstants.TEMPLATE_HTML_COUNTRYSELECTION, + MsEidasNodeConstants.ENDPOINT_COUNTRYSELECTION, + resourceLoader); + + guiBuilder.build(request, response, config, "BKU-Selection form"); + + } catch (final GuiBuildException e) { + log.warn("Can not build GUI:'BKU-Selection'. Msg:" + e.getMessage()); + throw new TaskExecutionException(pendingReq, + "Can not build GUI. Msg:" + e.getMessage(), + new EaafException("gui.00", new Object[] { e.getMessage() }, e)); + + } catch (final Exception e) { + log.warn("FinalizeAuthenticationTask has an internal error", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + + } } diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PVPEndPointCredentialProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PVPEndPointCredentialProvider.java deleted file mode 100644 index 2259acd5..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PVPEndPointCredentialProvider.java +++ /dev/null @@ -1,116 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ -package at.asitplus.eidas.specific.connector.provider; - -import java.net.MalformedURLException; - -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; - -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.utils.FileUtils; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; - -public class PVPEndPointCredentialProvider extends AbstractCredentialProvider { - private static final Logger log = LoggerFactory.getLogger(PVPEndPointCredentialProvider.class); - - @Autowired(required=true) IConfiguration basicConfiguration; - - @Override - public String getFriendlyName() { - return "PVP2 S-Profile EndPoint"; - } - - @Override - public String getKeyStoreFilePath() throws EaafException { - try { - String path = basicConfiguration.getBasicConfiguration(MSeIDASNodeConstants.PROP_CONFIG_PVP2_KEYSTORE_PATH); - if (StringUtils.isEmpty(path)) { - log.error(getFriendlyName() + " | Path to keyStore is NULL or EMPTY"); - throw new EaafConfigurationException("config.27", - new Object[] {getFriendlyName() + " | Path to keyStore is NULL or EMPTY"}); - - } - - return FileUtils.makeAbsoluteUrl( - path, - basicConfiguration.getConfigurationRootDirectory()); - - } catch (MalformedURLException e) { - log.error(getFriendlyName() + " | Path to keyStore NOT valid.", e); - throw new EaafConfigurationException("config.27", - new Object[] {getFriendlyName() + " | Path to keyStore NOT valid."}, e); - - } - - } - - @Override - public String getKeyStorePassword() { - return basicConfiguration.getBasicConfiguration(MSeIDASNodeConstants.PROP_CONFIG_PVP2_KEYSTORE_PASSWORD); - - } - - @Override - public String getMetadataKeyAlias() { - return basicConfiguration.getBasicConfiguration(MSeIDASNodeConstants.PROP_CONFIG_PVP2_KEY_METADATA_ALIAS); - } - - @Override - public String getMetadataKeyPassword() { - return basicConfiguration.getBasicConfiguration(MSeIDASNodeConstants.PROP_CONFIG_PVP2_KEY_METADATA_PASSWORD); - - } - - @Override - public String getSignatureKeyAlias() { - return basicConfiguration.getBasicConfiguration(MSeIDASNodeConstants.PROP_CONFIG_PVP2_KEY_SIGNING_ALIAS); - - } - - @Override - public String getSignatureKeyPassword() { - return basicConfiguration.getBasicConfiguration(MSeIDASNodeConstants.PROP_CONFIG_PVP2_KEY_SIGNING_PASSWORD); - - } - - @Override - public String getEncryptionKeyAlias() { - return null; - - } - - @Override - public String getEncryptionKeyPassword() { - return null; - - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PVPMetadataProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PVPMetadataProvider.java deleted file mode 100644 index 4db6ac5a..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PVPMetadataProvider.java +++ /dev/null @@ -1,146 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ -package at.asitplus.eidas.specific.connector.provider; - -import java.io.IOException; -import java.security.cert.CertificateException; -import java.util.List; - -import org.apache.commons.httpclient.HttpClient; -import org.apache.commons.httpclient.params.HttpClientParams; -import org.apache.commons.lang3.StringUtils; -import org.opensaml.saml2.metadata.provider.MetadataProvider; -import org.opensaml.xml.parse.BasicParserPool; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; - -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; -import at.asitplus.eidas.specific.connector.verification.MetadataSignatureVerificationFilter; -import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; -import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.impl.utils.FileUtils; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PvpEntityCategoryFilter; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; - -@Service("PVPMetadataProvider") -public class PVPMetadataProvider extends AbstractChainingMetadataProvider{ - private static final Logger log = LoggerFactory.getLogger(PVPMetadataProvider.class); - - @Autowired(required=true) IConfigurationWithSP basicConfig; - - @Override - protected String getMetadataUrl(String entityId) throws EaafConfigurationException { - ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration(entityId); - if (spConfig != null) { - String metadataURL = entityId; - - String metadataURLFromConfig = spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_URL); - if (StringUtils.isNotEmpty(metadataURLFromConfig)) { - log.debug("Use metdataURL from configuration for EntityId: " + entityId); - metadataURL = metadataURLFromConfig; - - } - - return metadataURL; - - } else - log.info("No ServiceProvider with entityId: " + entityId + " in configuration."); - - return null; - } - - @Override - protected MetadataProvider createNewMetadataProvider(String entityId) - throws EaafConfigurationException, IOException, CertificateException { - ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration(entityId); - if (spConfig != null) { - try { - String metadataURL = spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_URL); - if (StringUtils.isEmpty(metadataURL)) { - log.debug("Use EntityId: " + entityId + " instead of explicite metadataURL ... "); - metadataURL = entityId; - - } - String trustStoreUrl = FileUtils.makeAbsoluteUrl( - spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE), - authConfig.getConfigurationRootDirectory()); - String trustStorePassword = spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE_PASSWORD); - - return createNewSimpleMetadataProvider(metadataURL, - buildMetadataFilterChain(spConfig, metadataURL, trustStoreUrl, trustStorePassword), - spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_UNIQUEIDENTIFIER), - getTimer(), - new BasicParserPool(), - createHttpClient(metadataURL)); - - } catch (Pvp2MetadataException e) { - log.info("Can NOT initialize Metadata signature-verification filter. Reason: " + e.getMessage()); - throw new EaafConfigurationException("config.27", - new Object[] {"Can NOT initialize Metadata signature-verification filter. Reason: " + e.getMessage()}, e); - - } - - } else - log.info("No ServiceProvider with entityId: " + entityId + " in configuration."); - - return null; - } - - @Override - protected List<String> getAllMetadataUrlsFromConfiguration() throws EaafConfigurationException { - // TODO Auto-generated method stub - return null; - } - - private HttpClient createHttpClient(String metadataURL) { - HttpClient httpClient = new HttpClient(); - HttpClientParams httpClientParams = new HttpClientParams(); - httpClientParams.setSoTimeout(MSeIDASNodeConstants.METADATA_SOCKED_TIMEOUT); - httpClient.setParams(httpClientParams); - return httpClient; - - } - - private MetadataFilterChain buildMetadataFilterChain(ISpConfiguration oaParam, String metadataURL, String trustStoreUrl, String trustStorePassword) throws CertificateException, Pvp2MetadataException{ - MetadataFilterChain filterChain = new MetadataFilterChain(); - filterChain.getFilters().add(new SchemaValidationFilter( - basicConfig.getBasicConfigurationBoolean(MSeIDASNodeConstants.PROP_CONFIG_PVP_SCHEME_VALIDATION, true))); - - filterChain.getFilters().add( - new MetadataSignatureVerificationFilter( - trustStoreUrl, trustStorePassword, metadataURL)); - - filterChain.getFilters().add(new PvpEntityCategoryFilter( - basicConfig.getBasicConfigurationBoolean(MSeIDASNodeConstants.PROP_CONFIG_PVP_ENABLE_ENTITYCATEGORIES, true))); - - return filterChain; - } -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpEndPointCredentialProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpEndPointCredentialProvider.java new file mode 100644 index 00000000..92373328 --- /dev/null +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpEndPointCredentialProvider.java @@ -0,0 +1,119 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.connector.provider; + +import java.net.MalformedURLException; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; + +public class PvpEndPointCredentialProvider extends AbstractCredentialProvider { + private static final Logger log = LoggerFactory.getLogger(PvpEndPointCredentialProvider.class); + + @Autowired(required = true) + IConfiguration basicConfiguration; + + @Override + public String getFriendlyName() { + return "PVP2 S-Profile EndPoint"; + } + + @Override + public String getKeyStoreFilePath() throws EaafException { + try { + final String path = basicConfiguration.getBasicConfiguration( + MsEidasNodeConstants.PROP_CONFIG_PVP2_KEYSTORE_PATH); + if (StringUtils.isEmpty(path)) { + log.error(getFriendlyName() + " | Path to keyStore is NULL or EMPTY"); + throw new EaafConfigurationException("config.27", + new Object[] { getFriendlyName() + " | Path to keyStore is NULL or EMPTY" }); + + } + + return FileUtils.makeAbsoluteUrl( + path, + basicConfiguration.getConfigurationRootDirectory()); + + } catch (final MalformedURLException e) { + log.error(getFriendlyName() + " | Path to keyStore NOT valid.", e); + throw new EaafConfigurationException("config.27", + new Object[] { getFriendlyName() + " | Path to keyStore NOT valid." }, e); + + } + + } + + @Override + public String getKeyStorePassword() { + return basicConfiguration.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_PVP2_KEYSTORE_PASSWORD); + + } + + @Override + public String getMetadataKeyAlias() { + return basicConfiguration.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_PVP2_KEY_METADATA_ALIAS); + } + + @Override + public String getMetadataKeyPassword() { + return basicConfiguration.getBasicConfiguration( + MsEidasNodeConstants.PROP_CONFIG_PVP2_KEY_METADATA_PASSWORD); + + } + + @Override + public String getSignatureKeyAlias() { + return basicConfiguration.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_PVP2_KEY_SIGNING_ALIAS); + + } + + @Override + public String getSignatureKeyPassword() { + return basicConfiguration.getBasicConfiguration( + MsEidasNodeConstants.PROP_CONFIG_PVP2_KEY_SIGNING_PASSWORD); + + } + + @Override + public String getEncryptionKeyAlias() { + return null; + + } + + @Override + public String getEncryptionKeyPassword() { + return null; + + } + +} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PVPMetadataConfigurationFactory.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataConfigurationFactory.java index 6965a407..8b0419d0 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PVPMetadataConfigurationFactory.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataConfigurationFactory.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,15 +19,14 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ +*/ + package at.asitplus.eidas.specific.connector.provider; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.asitplus.eidas.specific.connector.config.PVPMetadataConfiguration; +import at.asitplus.eidas.specific.connector.config.PvpMetadataConfiguration; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; @@ -35,16 +34,18 @@ import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataConfigurationFactor import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; @Service("PVPMetadataConfigurationFactory") -public class PVPMetadataConfigurationFactory implements IPvpMetadataConfigurationFactory { - - @Autowired private IConfiguration basicConfig; - @Autowired private IPvp2BasicConfiguration pvpBasicConfig; - - @Override - public IPvpMetadataBuilderConfiguration generateMetadataBuilderConfiguration(String authURL, - AbstractCredentialProvider pvpIDPCredentials) { - return new PVPMetadataConfiguration(basicConfig, authURL, pvpBasicConfig, pvpIDPCredentials); - - } +public class PvpMetadataConfigurationFactory implements IPvpMetadataConfigurationFactory { + + @Autowired + private IConfiguration basicConfig; + @Autowired + private IPvp2BasicConfiguration pvpBasicConfig; + + @Override + public IPvpMetadataBuilderConfiguration generateMetadataBuilderConfiguration(String authUrl, + AbstractCredentialProvider pvpIdpCredentials) { + return new PvpMetadataConfiguration(basicConfig, authUrl, pvpBasicConfig, pvpIdpCredentials); + + } } diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java new file mode 100644 index 00000000..6a223fd0 --- /dev/null +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java @@ -0,0 +1,155 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.connector.provider; + +import java.io.IOException; +import java.security.cert.CertificateException; +import java.util.List; + +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.params.HttpClientParams; +import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml2.metadata.provider.MetadataProvider; +import org.opensaml.xml.parse.BasicParserPool; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.connector.verification.MetadataSignatureVerificationFilter; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PvpEntityCategoryFilter; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; + +@Service("PVPMetadataProvider") +public class PvpMetadataProvider extends AbstractChainingMetadataProvider { + private static final Logger log = LoggerFactory.getLogger(PvpMetadataProvider.class); + + @Autowired(required = true) + IConfigurationWithSP basicConfig; + + @Override + protected String getMetadataUrl(String entityId) throws EaafConfigurationException { + final ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration(entityId); + if (spConfig != null) { + String metadataUrl = entityId; + + final String metadataUrlFromConfig = spConfig.getConfigurationValue( + MsEidasNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_URL); + if (StringUtils.isNotEmpty(metadataUrlFromConfig)) { + log.debug("Use metdataURL from configuration for EntityId: " + entityId); + metadataUrl = metadataUrlFromConfig; + + } + + return metadataUrl; + + } else { + log.info("No ServiceProvider with entityId: " + entityId + " in configuration."); + } + + return null; + } + + @Override + protected MetadataProvider createNewMetadataProvider(String entityId) + throws EaafConfigurationException, IOException, CertificateException { + final ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration(entityId); + if (spConfig != null) { + try { + String metadataUrl = spConfig.getConfigurationValue( + MsEidasNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_URL); + if (StringUtils.isEmpty(metadataUrl)) { + log.debug("Use EntityId: " + entityId + " instead of explicite metadataURL ... "); + metadataUrl = entityId; + + } + final String trustStoreUrl = FileUtils.makeAbsoluteUrl( + spConfig.getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE), + authConfig.getConfigurationRootDirectory()); + final String trustStorePassword = spConfig.getConfigurationValue( + MsEidasNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE_PASSWORD); + + return createNewSimpleMetadataProvider(metadataUrl, + buildMetadataFilterChain(metadataUrl, trustStoreUrl, trustStorePassword), + spConfig.getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_UNIQUEIDENTIFIER), + getTimer(), + new BasicParserPool(), + createHttpClient()); + + } catch (final Pvp2MetadataException e) { + log.info("Can NOT initialize Metadata signature-verification filter. Reason: " + e.getMessage()); + throw new EaafConfigurationException("config.27", + new Object[] { "Can NOT initialize Metadata signature-verification filter. Reason: " + e + .getMessage() }, e); + + } + + } else { + log.info("No ServiceProvider with entityId: " + entityId + " in configuration."); + } + + return null; + } + + @Override + protected List<String> getAllMetadataUrlsFromConfiguration() throws EaafConfigurationException { + // TODO Auto-generated method stub + return null; + } + + private HttpClient createHttpClient() { + final HttpClient httpClient = new HttpClient(); + final HttpClientParams httpClientParams = new HttpClientParams(); + httpClientParams.setSoTimeout(MsEidasNodeConstants.METADATA_SOCKED_TIMEOUT); + httpClient.setParams(httpClientParams); + return httpClient; + + } + + private MetadataFilterChain buildMetadataFilterChain(String metadataUrl, + String trustStoreUrl, String trustStorePassword) throws CertificateException, Pvp2MetadataException { + final MetadataFilterChain filterChain = new MetadataFilterChain(); + filterChain.getFilters().add(new SchemaValidationFilter( + basicConfig.getBasicConfigurationBoolean(MsEidasNodeConstants.PROP_CONFIG_PVP_SCHEME_VALIDATION, + true))); + + filterChain.getFilters().add( + new MetadataSignatureVerificationFilter( + trustStoreUrl, trustStorePassword, metadataUrl)); + + filterChain.getFilters().add(new PvpEntityCategoryFilter( + basicConfig.getBasicConfigurationBoolean(MsEidasNodeConstants.PROP_CONFIG_PVP_ENABLE_ENTITYCATEGORIES, + true))); + + return filterChain; + } +} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java index f4dee848..d38da6fe 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,15 +19,13 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ +*/ + package at.asitplus.eidas.specific.connector.provider; import java.text.MessageFormat; import java.util.Locale; import java.util.MissingResourceException; -import java.util.PropertyResourceBundle; import java.util.ResourceBundle; import org.slf4j.Logger; @@ -39,94 +37,97 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException; @Service("StatusMessageProvider") public class StatusMessageProvider implements IStatusMessenger { - private static final Logger log = LoggerFactory.getLogger(StatusMessageProvider.class); - - private static final String ERROR_MESSAGES_UNAVAILABLE = "Error messages can NOT be load from application. Only errorCode: {0} is availabe" ; - private static final String ERROR_NO_MESSAGE = "No errormesseage for error with number.={0}"; - - private static final String ERROR_EXTERNALERROR_CODES_UNAVAILABLE = "External error-codes can NOT be load from application. Only internal errorCode: {0} is availabe" ; - private static final String ERROR_NO_EXTERNALERROR_CODE = "No external error for internal error with number.={0}"; - - //internal messanges - private static final String DEFAULT_MESSAGE_RESOURCES = "properties/status_messages_en"; - private static final Locale DEFAULT_MESSAGE_LOCALES = new Locale("en", "GB"); - private ResourceBundle messages; - - //external error codes - private static final String DEFAULT_EXTERNALERROR_RESOURCES = "properties/external_statuscodes_map"; - private static final Locale DEFAULT_EXTERNALERROR_LOCALES = new Locale("en", "GB"); - private ResourceBundle externalError = null; - - @Override - public String getMessageWithoutDefault(String messageId, Object[] parameters) { - // initialize messages - if (messages == null) { - this.messages = PropertyResourceBundle.getBundle( - DEFAULT_MESSAGE_RESOURCES, - DEFAULT_MESSAGE_LOCALES); - - } - - // create the message - if (messages == null) { - return MessageFormat.format(ERROR_MESSAGES_UNAVAILABLE, new Object[] { messageId }); - - } else { - String rawMessage = messages.getString(messageId); - return MessageFormat.format(rawMessage, parameters); - - } - } - - @Override - public String getMessage(String messageId, Object[] parameters) { - try { - return getMessageWithoutDefault(messageId, parameters); - - } catch (MissingResourceException e2) { - return MessageFormat.format(ERROR_NO_MESSAGE, new Object[] { messageId }); - - } - } - - @Override - public String getResponseErrorCode(Throwable throwable) { - String errorCode = IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; - if (throwable instanceof EaafException) { - errorCode = ((EaafException) throwable).getErrorId(); - - } - //TODO: maybe more internal switches are required - - return errorCode; - - } - - @Override - public String mapInternalErrorToExternalError(String intErrorCode) { - // initialize messages - if (externalError == null) { - this.externalError = PropertyResourceBundle.getBundle( - DEFAULT_EXTERNALERROR_RESOURCES, - DEFAULT_EXTERNALERROR_LOCALES); - - } - - // create the message - if (externalError == null) { - log.warn(MessageFormat.format(ERROR_EXTERNALERROR_CODES_UNAVAILABLE, new Object[] { intErrorCode })); - return IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; - - } else { - try { - return externalError.getString(intErrorCode); - - } catch (MissingResourceException e2) { - log.info(MessageFormat.format(ERROR_NO_EXTERNALERROR_CODE, new Object[] { intErrorCode })); - return IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; - - } - } - } + private static final Logger log = LoggerFactory.getLogger(StatusMessageProvider.class); + + private static final String ERROR_MESSAGES_UNAVAILABLE = + "Error messages can NOT be load from application. Only errorCode: {0} is availabe"; + private static final String ERROR_NO_MESSAGE = "No errormesseage for error with number.={0}"; + + private static final String ERROR_EXTERNALERROR_CODES_UNAVAILABLE = + "External error-codes can NOT be load from application. Only internal errorCode: {0} is availabe"; + private static final String ERROR_NO_EXTERNALERROR_CODE = + "No external error for internal error with number.={0}"; + + // internal messanges + private static final String DEFAULT_MESSAGE_RESOURCES = "properties/status_messages_en"; + private static final Locale DEFAULT_MESSAGE_LOCALES = new Locale("en", "GB"); + private ResourceBundle messages; + + // external error codes + private static final String DEFAULT_EXTERNALERROR_RESOURCES = "properties/external_statuscodes_map"; + private static final Locale DEFAULT_EXTERNALERROR_LOCALES = new Locale("en", "GB"); + private ResourceBundle externalError = null; + + @Override + public String getMessageWithoutDefault(String messageId, Object[] parameters) { + // initialize messages + if (messages == null) { + this.messages = ResourceBundle.getBundle( + DEFAULT_MESSAGE_RESOURCES, + DEFAULT_MESSAGE_LOCALES); + + } + + // create the message + if (messages == null) { + return MessageFormat.format(ERROR_MESSAGES_UNAVAILABLE, new Object[] { messageId }); + + } else { + final String rawMessage = messages.getString(messageId); + return MessageFormat.format(rawMessage, parameters); + + } + } + + @Override + public String getMessage(String messageId, Object[] parameters) { + try { + return getMessageWithoutDefault(messageId, parameters); + + } catch (final MissingResourceException e2) { + return MessageFormat.format(ERROR_NO_MESSAGE, new Object[] { messageId }); + + } + } + + @Override + public String getResponseErrorCode(Throwable throwable) { + String errorCode = IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; + if (throwable instanceof EaafException) { + errorCode = ((EaafException) throwable).getErrorId(); + + } + // TODO: maybe more internal switches are required + + return errorCode; + + } + + @Override + public String mapInternalErrorToExternalError(String intErrorCode) { + // initialize messages + if (externalError == null) { + this.externalError = ResourceBundle.getBundle( + DEFAULT_EXTERNALERROR_RESOURCES, + DEFAULT_EXTERNALERROR_LOCALES); + + } + + // create the message + if (externalError == null) { + log.warn(MessageFormat.format(ERROR_EXTERNALERROR_CODES_UNAVAILABLE, new Object[] { intErrorCode })); + return IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; + + } else { + try { + return externalError.getString(intErrorCode); + + } catch (final MissingResourceException e2) { + log.info(MessageFormat.format(ERROR_NO_EXTERNALERROR_CODE, new Object[] { intErrorCode })); + return IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC; + + } + } + } } diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/CacheWithEidasBackend.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/CacheWithEidasBackend.java new file mode 100644 index 00000000..87ebda92 --- /dev/null +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/CacheWithEidasBackend.java @@ -0,0 +1,35 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.connector.storage; + +import eu.eidas.auth.commons.cache.ConcurrentCacheService; +import eu.eidas.auth.commons.tx.AbstractCache; + +public class CacheWithEidasBackend extends AbstractCache<String, TransactionStoreElement> { + + protected CacheWithEidasBackend(ConcurrentCacheService concurrentMapService) { + super(concurrentMapService); + } + +} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/CacheWitheIDASBackend.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/CacheWitheIDASBackend.java deleted file mode 100644 index 4bcced82..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/CacheWitheIDASBackend.java +++ /dev/null @@ -1,50 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.eidas.specific.connector.storage; - -import eu.eidas.auth.commons.cache.ConcurrentCacheService; -import eu.eidas.auth.commons.tx.AbstractCache; - -public class CacheWitheIDASBackend extends AbstractCache<String, TransactionStoreElement> { - - protected CacheWitheIDASBackend(ConcurrentCacheService concurrentMapService) { - super(concurrentMapService); - } - -// public List<String> clean(Date now, long dataTimeOut) { -// List<String> result = new ArrayList<String>(); -// Iterator<String> iterator = map.keySet().iterator(); -// while (iterator.hasNext()) { -// String key = iterator.next(); -// if (map.containsKey(key)) { -// TransactionStoreElement element = map.get(key); -// if (now.getTime() - element.getCreated().getTime() > dataTimeOut) -// result.add(key); -// } -// } -// -// return result; -// -// } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/EidasCacheTransactionStoreDecorator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/EidasCacheTransactionStoreDecorator.java new file mode 100644 index 00000000..557e245a --- /dev/null +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/EidasCacheTransactionStoreDecorator.java @@ -0,0 +1,152 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.connector.storage; + +import java.util.Arrays; +import java.util.Date; +import java.util.List; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; + +public class EidasCacheTransactionStoreDecorator implements ITransactionStorage { + private static final Logger log = LoggerFactory.getLogger(EidasCacheTransactionStoreDecorator.class); + + @Autowired(required = true) + private CacheWithEidasBackend storage; + + @Override + public void changeKey(String oldKey, String newKey, Object value) throws EaafException { + if (containsKey(oldKey)) { + final TransactionStoreElement el = storage.get(oldKey); + el.setKey(newKey); + el.setData(value); + storage.put(newKey, el); + boolean delResult = storage.remove(oldKey); + log.trace("Object: {} removed from cache: {}", oldKey, delResult); + + } else { + throw new EaafStorageException("No element in TransactionStorage with key: " + oldKey); + } + + } + + @Override + public List<String> clean(Date now, long dataTimeOut) { + log.info("Clean is NOT implemented, because its not needed"); + return Arrays.asList(); + + } + + @Override + public boolean containsKey(String key) { + return storage.containsKey(key); + + } + + @Override + public Object get(String key) throws EaafException { + if (key != null && containsKey(key)) { + final TransactionStoreElement element = storage.get(key); + return element.getData(); + + } else { + return null; + } + } + + @Override + public <T> T get(String key, Class<T> type) throws EaafException { + return get(key, type, -1); + + } + + @Override + public <T> T get(String key, Class<T> type, long dataTimeOut) throws EaafException { + if (key != null && containsKey(key)) { + final TransactionStoreElement value = storage.get(key); + + if (dataTimeOut > -1) { + final long now = new Date().getTime(); + if (now - value.getCreated().getTime() > dataTimeOut) { + log.info("Transaction-Data with key: " + key + " is out of time."); + throw new EaafStorageException("Transaction-Data with key: " + key + " is out of time."); + + } + } + + if (type.isAssignableFrom(value.getData().getClass())) { + return (T) value.getData(); + + } else { + log.warn("Can NOT cast '" + value.getClass() + "' to '" + type + "'"); + } + + } + + return null; + } + + @Override + public Object getRaw(String key) throws EaafException { + return storage.get(key); + + } + + @Override + public void put(String key, Object value, int dataTimeOut) throws EaafException { + final TransactionStoreElement element = new TransactionStoreElement(); + element.setKey(key); + element.setData(value); + storage.put(key, element); + + } + + @Override + public void putRaw(String key, Object value) throws EaafException { + if (value instanceof TransactionStoreElement) { + storage.put(((TransactionStoreElement) value).getKey(), (TransactionStoreElement) value); + } else { + log.info(value.getClass().getName() + " is NOT a RAW element of " + ITransactionStorage.class + .getName()); + } + + } + + @Override + public void remove(String key) { + if (containsKey(key)) { + log.debug("Remove element with key: " + key + " from " + ITransactionStorage.class.getName()); + boolean delResult = storage.remove(key); + log.trace("Object: {} removed from cache: {}", key, delResult); + + } + } + +} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/SimpleInMemoryTransactionStorage.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/SimpleInMemoryTransactionStorage.java index 58ab7930..26d442cb 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/SimpleInMemoryTransactionStorage.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/SimpleInMemoryTransactionStorage.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,9 +19,8 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ +*/ + package at.asitplus.eidas.specific.connector.storage; import java.util.ArrayList; @@ -29,6 +28,7 @@ import java.util.Date; import java.util.Iterator; import java.util.List; import java.util.Map; +import java.util.Map.Entry; import java.util.concurrent.ConcurrentHashMap; import org.slf4j.Logger; @@ -40,124 +40,132 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; @Service("SimpleInMemoryTransactionStorage") -public class SimpleInMemoryTransactionStorage implements ITransactionStorage{ - private static final Logger log = LoggerFactory.getLogger(SimpleInMemoryTransactionStorage.class); - - private Map<String, TransactionStoreElement> storage = new ConcurrentHashMap<String, TransactionStoreElement>(); - - @Override - public void changeKey(String oldKey, String newKey, Object value) throws EaafException { - if (containsKey(oldKey)) { - TransactionStoreElement el = storage.get(oldKey); - el.setKey(newKey); - storage.put(newKey, el); - storage.remove(oldKey); - - } else - throw new EaafStorageException("No element in TransactionStorage with key: " + oldKey); - - } - - @Override - public List<String> clean(Date now, long dataTimeOut) { - List<String> result = new ArrayList<String>(); - Iterator<String> iterator = storage.keySet().iterator(); - while (iterator.hasNext()) { - String key = iterator.next(); - synchronized (storage) { - if (storage.containsKey(key)) { - TransactionStoreElement element = storage.get(key); - if (now.getTime() - element.getCreated().getTime() > dataTimeOut) - result.add(key); - } - } - } - - return result; - - } - - @Override - public boolean containsKey(String key) { - if (key != null) - return storage.containsKey(key); - else - return false; - - } - - @Override - public Object get(String key) throws EaafException { - if (key != null && containsKey(key)) { - TransactionStoreElement element = storage.get(key); - return element.getData(); - - } else - return null; - } - - @Override - public <T> T get(String key, Class<T> type) throws EaafException { - return get(key, type, -1); - - } - - @Override - public <T> T get(String key, Class<T> type, long dataTimeOut) throws EaafException { - if (key != null && containsKey(key)) { - TransactionStoreElement value = storage.get(key); - - if (dataTimeOut > -1) { - long now = new Date().getTime(); - if (now - value.getCreated().getTime() > dataTimeOut) { - log.info("Transaction-Data with key: " + key + " is out of time."); - throw new EaafStorageException("Transaction-Data with key: " + key + " is out of time."); - - } - } - - if (type.isAssignableFrom(value.getData().getClass())) { - return (T) value.getData(); - - } else - log.warn("Can NOT cast '" + value.getClass() + "' to '" + type + "'"); - - } - - return null; - } - - @Override - public Object getRaw(String key) throws EaafException { - return storage.get(key); - - } - - @Override - public void put(String key, Object value, int dataTimeOut) throws EaafException { - TransactionStoreElement element = new TransactionStoreElement(); - element.setKey(key); - element.setData(value); - storage.put(key, element); - - } - - @Override - public void putRaw(String key, Object value) throws EaafException { - if (value instanceof TransactionStoreElement) - storage.put(((TransactionStoreElement) value).getKey(), (TransactionStoreElement) value); - else - log.info(value.getClass().getName() + " is NOT a RAW element of " + ITransactionStorage.class.getName()); - - } - - @Override - public void remove(String key) { - if (containsKey(key)) { - log.debug("Remove element with key: " + key + " from " + ITransactionStorage.class.getName()); - storage.remove(key); - - } - } +public class SimpleInMemoryTransactionStorage implements ITransactionStorage { + private static final Logger log = LoggerFactory.getLogger(SimpleInMemoryTransactionStorage.class); + + private final Map<String, TransactionStoreElement> storage = + new ConcurrentHashMap<>(); + + @Override + public void changeKey(String oldKey, String newKey, Object value) throws EaafException { + if (containsKey(oldKey)) { + final TransactionStoreElement el = storage.get(oldKey); + el.setKey(newKey); + storage.put(newKey, el); + storage.remove(oldKey); + + } else { + throw new EaafStorageException("No element in TransactionStorage with key: " + oldKey); + } + + } + + @Override + public List<String> clean(Date now, long dataTimeOut) { + final List<String> result = new ArrayList<>(); + final Iterator<Entry<String, TransactionStoreElement>> iterator = storage.entrySet().iterator(); + while (iterator.hasNext()) { + final Entry<String, TransactionStoreElement> key = iterator.next(); + synchronized (storage) { + if (storage.containsKey(key.getKey())) { + final TransactionStoreElement element = key.getValue(); + if (now.getTime() - element.getCreated().getTime() > dataTimeOut) { + result.add(key.getKey()); + } + } + } + } + + return result; + + } + + @Override + public boolean containsKey(String key) { + if (key != null) { + return storage.containsKey(key); + } else { + return false; + } + + } + + @Override + public Object get(String key) throws EaafException { + if (key != null && containsKey(key)) { + final TransactionStoreElement element = storage.get(key); + return element.getData(); + + } else { + return null; + } + } + + @Override + public <T> T get(String key, Class<T> type) throws EaafException { + return get(key, type, -1); + + } + + @Override + public <T> T get(String key, Class<T> type, long dataTimeOut) throws EaafException { + if (key != null && containsKey(key)) { + final TransactionStoreElement value = storage.get(key); + + if (dataTimeOut > -1) { + final long now = new Date().getTime(); + if (now - value.getCreated().getTime() > dataTimeOut) { + log.info("Transaction-Data with key: " + key + " is out of time."); + throw new EaafStorageException("Transaction-Data with key: " + key + " is out of time."); + + } + } + + if (type.isAssignableFrom(value.getData().getClass())) { + return (T) value.getData(); + + } else { + log.warn("Can NOT cast '" + value.getClass() + "' to '" + type + "'"); + } + + } + + return null; + } + + @Override + public Object getRaw(String key) throws EaafException { + return storage.get(key); + + } + + @Override + public void put(String key, Object value, int dataTimeOut) throws EaafException { + final TransactionStoreElement element = new TransactionStoreElement(); + element.setKey(key); + element.setData(value); + storage.put(key, element); + + } + + @Override + public void putRaw(String key, Object value) throws EaafException { + if (value instanceof TransactionStoreElement) { + storage.put(((TransactionStoreElement) value).getKey(), (TransactionStoreElement) value); + } else { + log.info(value.getClass().getName() + " is NOT a RAW element of " + ITransactionStorage.class + .getName()); + } + + } + + @Override + public void remove(String key) { + if (containsKey(key)) { + log.debug("Remove element with key: " + key + " from " + ITransactionStorage.class.getName()); + storage.remove(key); + + } + } } diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/TransactionStoreElement.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/TransactionStoreElement.java index d0907f20..4e9e737f 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/TransactionStoreElement.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/TransactionStoreElement.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,40 +19,52 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ +*/ + package at.asitplus.eidas.specific.connector.storage; import java.io.Serializable; import java.util.Date; -public class TransactionStoreElement implements Serializable{ - - private static final long serialVersionUID = 1L; - private String key = null; - private Object data = null; - private Date created; - - public String getKey() { - return key; - } - public void setKey(String key) { - this.key = key; - } - public Object getData() { - return data; - } - public void setData(Object data) { - this.data = data; - } - public Date getCreated() { - return created; - } - public void setCreated(Date created) { - this.created = created; - } - - - +public class TransactionStoreElement implements Serializable { + + private static final long serialVersionUID = 1L; + private String key = null; + private Object data = null; + private Date created; + + public String getKey() { + return key; + } + + public void setKey(String key) { + this.key = key; + } + + public Object getData() { + return data; + } + + public void setData(Object data) { + this.data = data; + } + + public Date getCreated() { + return copyOrNull(created); + } + + public void setCreated(Date created) { + this.created = copyOrNull(created); + } + + private Date copyOrNull(Date in) { + if (in != null) { + return new Date(in.getTime()); + + } + + return null; + + } + } diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/eIDASCacheTransactionStoreDecorator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/eIDASCacheTransactionStoreDecorator.java deleted file mode 100644 index be7812f4..00000000 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/storage/eIDASCacheTransactionStoreDecorator.java +++ /dev/null @@ -1,143 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.eidas.specific.connector.storage; - -import java.util.Arrays; -import java.util.Date; -import java.util.List; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; - -import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; - -public class eIDASCacheTransactionStoreDecorator implements ITransactionStorage{ - private static final Logger log = LoggerFactory.getLogger(eIDASCacheTransactionStoreDecorator.class); - - @Autowired(required=true) private CacheWitheIDASBackend storage; - - @Override - public void changeKey(String oldKey, String newKey, Object value) throws EaafException { - if (containsKey(oldKey)) { - TransactionStoreElement el = storage.get(oldKey); - el.setKey(newKey); - el.setData(value); - storage.put(newKey, el); - storage.remove(oldKey); - - } else - throw new EaafStorageException("No element in TransactionStorage with key: " + oldKey); - - } - - @Override - public List<String> clean(Date now, long dataTimeOut) { - log.info("Clean is NOT implemented, because its not needed"); - return Arrays.asList(); - - } - - @Override - public boolean containsKey(String key) { - return storage.containsKey(key); - - } - - @Override - public Object get(String key) throws EaafException { - if (key != null && containsKey(key)) { - TransactionStoreElement element = storage.get(key); - return element.getData(); - - } else - return null; - } - - @Override - public <T> T get(String key, Class<T> type) throws EaafException { - return get(key, type, -1); - - } - - @Override - public <T> T get(String key, Class<T> type, long dataTimeOut) throws EaafException { - if (key != null && containsKey(key)) { - TransactionStoreElement value = storage.get(key); - - if (dataTimeOut > -1) { - long now = new Date().getTime(); - if (now - value.getCreated().getTime() > dataTimeOut) { - log.info("Transaction-Data with key: " + key + " is out of time."); - throw new EaafStorageException("Transaction-Data with key: " + key + " is out of time."); - - } - } - - if (type.isAssignableFrom(value.getData().getClass())) { - return (T) value.getData(); - - } else - log.warn("Can NOT cast '" + value.getClass() + "' to '" + type + "'"); - - } - - return null; - } - - @Override - public Object getRaw(String key) throws EaafException { - return storage.get(key); - - } - - @Override - public void put(String key, Object value, int dataTimeOut) throws EaafException { - TransactionStoreElement element = new TransactionStoreElement(); - element.setKey(key); - element.setData(value); - storage.put(key, element); - - } - - @Override - public void putRaw(String key, Object value) throws EaafException { - if (value instanceof TransactionStoreElement) - storage.put(((TransactionStoreElement) value).getKey(), (TransactionStoreElement) value); - else - log.info(value.getClass().getName() + " is NOT a RAW element of " + ITransactionStorage.class.getName()); - - } - - @Override - public void remove(String key) { - if (containsKey(key)) { - log.debug("Remove element with key: " + key + " from " + ITransactionStorage.class.getName()); - storage.remove(key); - - } - } - -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java index c49c0b28..0230521c 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,7 +19,8 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ +*/ + package at.asitplus.eidas.specific.connector.verification; import java.util.ArrayList; @@ -31,8 +32,8 @@ import org.apache.commons.lang3.StringUtils; import org.opensaml.saml2.core.AuthnContextClassRef; import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; import org.opensaml.saml2.core.AuthnRequest; -import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.core.NameIDPolicy; +import org.opensaml.saml2.core.NameIDType; import org.opensaml.saml2.core.RequestedAuthnContext; import org.opensaml.saml2.core.Scoping; import org.opensaml.saml2.metadata.SPSSODescriptor; @@ -41,7 +42,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.EaafConstants; @@ -58,215 +59,230 @@ import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance; public class AuthnRequestValidator implements IAuthnRequestValidator { - private static final Logger log = LoggerFactory.getLogger(AuthnRequestValidator.class); - - @Autowired(required=true) private IConfiguration basicConfig; - - @Override - public void validate(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authnReq, - SPSSODescriptor spSSODescriptor) throws AuthnRequestValidatorException { - try { - //validate NameIDPolicy - NameIDPolicy nameIDPolicy = authnReq.getNameIDPolicy(); - if (nameIDPolicy != null) { - String nameIDFormat = nameIDPolicy.getFormat(); - if (nameIDFormat != null) { - if ( !(NameID.TRANSIENT.equals(nameIDFormat) || - NameID.PERSISTENT.equals(nameIDFormat)) ) { - - throw new NameIdFormatNotSupportedException(nameIDFormat); - - } - - } else - log.trace("Find NameIDPolicy, but NameIDFormat is 'null'"); - } else - log.trace("AuthnRequest includes no 'NameIDPolicy'"); - - - //post-process RequesterId - String spEntityId = extractScopeRequsterId(authnReq); - if (StringUtils.isEmpty(spEntityId)) { - log.info("NO service-provider entityID in Authn. request. Stop authn. process ... "); - throw new AuthnRequestValidatorException("pvp2.22", - new Object[] {"NO relaying-party entityID in Authn. request"}, pendingReq); - - } else - pendingReq.setRawDataToTransaction(MSeIDASNodeConstants.DATA_REQUESTERID, spEntityId); - - - //post-process ProviderName - String providerName = authnReq.getProviderName(); - if (StringUtils.isEmpty(providerName)) - log.info("Authn. request contains NO SP friendlyName"); - else - pendingReq.setRawDataToTransaction(MSeIDASNodeConstants.DATA_PROVIDERNAME, spEntityId); - - //post-process requested LoA - List<String> reqLoA = extractLoA(authnReq); - - LevelOfAssurance minimumLoAFromConfig = LevelOfAssurance.fromString(basicConfig.getBasicConfiguration( - MSeIDASNodeConstants.PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL, - EaafConstants.EIDAS_LOA_HIGH)); - if (minimumLoAFromConfig == null) { - log.warn("Can not load minimum LoA from configuration. Use LoA: {} as default", EaafConstants.EIDAS_LOA_HIGH); - minimumLoAFromConfig = LevelOfAssurance.HIGH; - - } - - log.trace("Validate requested LoA to connector configuration minimum LoA: {} ...", minimumLoAFromConfig); - List<String> allowedLoA = new ArrayList<>(); - for (String loa : reqLoA) { - try { - LevelOfAssurance intLoa = LevelOfAssurance.fromString(loa); - String selectedLoA = EaafConstants.EIDAS_LOA_HIGH; - if (intLoa != null && - intLoa.numericValue() >= minimumLoAFromConfig.numericValue()) { - log.info("Client: {} requested LoA: {} will be upgraded to: {}", - pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(), - loa, - minimumLoAFromConfig); - selectedLoA = intLoa.getValue(); - - } - - if (!allowedLoA.contains(selectedLoA)) { - log.debug("Allow LoA: {} for Client: {}", - selectedLoA, - pendingReq.getServiceProviderConfiguration().getUniqueIdentifier()); - allowedLoA.add(selectedLoA); - - } - - } catch (IllegalArgumentException e) { - log.warn("LoA: {} is currently NOT supported and it will be ignored.", loa); - - } - - } - - pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA(allowedLoA); - - //post-process requested LoA comparison-level - String reqLoAComperison = extractComparisonLevel(authnReq); - pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setLoAMachtingMode(reqLoAComperison); - - //validate and process requested attributes - boolean sectorDetected = false; - List<XMLObject> requestedAttributes = authnReq.getExtensions().getUnknownXMLObjects(); - for (XMLObject reqAttrObj : requestedAttributes) { - if (reqAttrObj instanceof EaafRequestedAttributes) { - EaafRequestedAttributes reqAttr = (EaafRequestedAttributes)reqAttrObj; - if (reqAttr.getAttributes() != null && reqAttr.getAttributes().size() != 0 ) { - for (EaafRequestedAttribute el : reqAttr.getAttributes()) { - log.trace("Processing req. attribute '" + el.getName() + "' ... "); - if (el.getName().equals(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) { - if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) { - String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent(); - ServiceProviderConfiguration spConfig = pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class); - - try { - spConfig.setbPKTargetIdentifier(sectorId); - sectorDetected = true; - - } catch (EaafException e) { - log.info("Requested sector: " + sectorId + " DOES NOT match to allowed sectors for SP: " + spConfig.getUniqueIdentifier()); - } - - } else - log.info("Req. attribute '" + el.getName() + "' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute"); - - } else - log.debug("Ignore req. attribute: " + el.getName()); - - } - - } else - log.debug("No requested Attributes in Authn. Request"); - - } else - log.info("Ignore unknown requested attribute: " + reqAttrObj.getElementQName().toString()); - - } - - if (!sectorDetected) { - log.info("Authn.Req validation FAILED. Reason: Contains NO or NO VALID target-sector information."); - throw new AuthnRequestValidatorException("pvp2.22", new Object[] {"NO or NO VALID target-sector information"}); - - } - - } catch (EaafStorageException e) { - log.info("Can NOT store Authn. Req. data into pendingRequest." , e); - throw new AuthnRequestValidatorException("internal.02", null, e); - - } - - } - - private String extractComparisonLevel(AuthnRequest authnReq) { - if (authnReq.getRequestedAuthnContext() != null) { - RequestedAuthnContext authContext = authnReq.getRequestedAuthnContext(); - return authContext.getComparison().toString(); - - } - - return null; - } - - private List<String> extractLoA(AuthnRequest authnReq) throws AuthnRequestValidatorException { - List<String> result = new ArrayList<String>(); - if (authnReq.getRequestedAuthnContext() != null) { - RequestedAuthnContext authContext = authnReq.getRequestedAuthnContext(); - if (authContext.getComparison().equals(AuthnContextComparisonTypeEnumeration.MINIMUM)) { - if (authContext.getAuthnContextClassRefs().isEmpty()) { - log.debug("Authn. Req. contains no requested LoA"); - - } else if (authContext.getAuthnContextClassRefs().size() > 1) { - log.info("Authn. Req. contains MORE THAN ONE requested LoA, but " - + AuthnContextComparisonTypeEnumeration.MINIMUM + " allows only one" ); - throw new AuthnRequestValidatorException("pvp2.22", - new Object[] {"Authn. Req. contains MORE THAN ONE requested LoA, but " - + AuthnContextComparisonTypeEnumeration.MINIMUM + " allows only one"}); - - } else - result.add(authContext.getAuthnContextClassRefs().get(0).getAuthnContextClassRef()); - - } else if (authContext.getComparison().equals(AuthnContextComparisonTypeEnumeration.EXACT)) { - for (AuthnContextClassRef el : authContext.getAuthnContextClassRefs()) - result.add(el.getAuthnContextClassRef()); - - } else { - log.info("Currently only '" + AuthnContextComparisonTypeEnumeration.MINIMUM + "' and '" - + AuthnContextComparisonTypeEnumeration.EXACT + "' are supported"); - throw new AuthnRequestValidatorException("pvp2.22", - new Object[] {"Currently only '" + AuthnContextComparisonTypeEnumeration.MINIMUM + "' and '" - + AuthnContextComparisonTypeEnumeration.EXACT + "' are supported"}); - - } - - } - - return result; - } - - private String extractScopeRequsterId(AuthnRequest authnReq) { - if (authnReq.getScoping() != null) { - Scoping scoping = authnReq.getScoping(); - if (scoping.getRequesterIDs() != null && - scoping.getRequesterIDs().size() > 0) { - if (scoping.getRequesterIDs().size() == 1) - return scoping.getRequesterIDs().get(0).getRequesterID(); - - else { - log.info("Authn. request contains more than on RequesterIDs! Only use first one"); - return scoping.getRequesterIDs().get(0).getRequesterID(); - - } - } - } - - return null; - } - + private static final Logger log = LoggerFactory.getLogger(AuthnRequestValidator.class); + + @Autowired(required = true) + private IConfiguration basicConfig; + + @Override + public void validate(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authnReq, + SPSSODescriptor spSsoDescriptor) throws AuthnRequestValidatorException { + try { + // validate NameIDPolicy + final NameIDPolicy nameIdPolicy = authnReq.getNameIDPolicy(); + if (nameIdPolicy != null) { + final String nameIdFormat = nameIdPolicy.getFormat(); + if (nameIdFormat != null) { + if (!(NameIDType.TRANSIENT.equals(nameIdFormat) + || NameIDType.PERSISTENT.equals(nameIdFormat))) { + + throw new NameIdFormatNotSupportedException(nameIdFormat); + + } + + } else { + log.trace("Find NameIDPolicy, but NameIDFormat is 'null'"); + } + } else { + log.trace("AuthnRequest includes no 'NameIDPolicy'"); + } + + // post-process RequesterId + final String spEntityId = extractScopeRequsterId(authnReq); + if (StringUtils.isEmpty(spEntityId)) { + log.info("NO service-provider entityID in Authn. request. Stop authn. process ... "); + throw new AuthnRequestValidatorException("pvp2.22", + new Object[] { "NO relaying-party entityID in Authn. request" }, pendingReq); + + } else { + pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, spEntityId); + } + + // post-process ProviderName + final String providerName = authnReq.getProviderName(); + if (StringUtils.isEmpty(providerName)) { + log.info("Authn. request contains NO SP friendlyName"); + } else { + pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_PROVIDERNAME, spEntityId); + } + + // post-process requested LoA + final List<String> reqLoA = extractLoA(authnReq); + + LevelOfAssurance minimumLoAFromConfig = LevelOfAssurance.fromString(basicConfig.getBasicConfiguration( + MsEidasNodeConstants.PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL, + EaafConstants.EIDAS_LOA_HIGH)); + if (minimumLoAFromConfig == null) { + log.warn("Can not load minimum LoA from configuration. Use LoA: {} as default", + EaafConstants.EIDAS_LOA_HIGH); + minimumLoAFromConfig = LevelOfAssurance.HIGH; + + } + + log.trace("Validate requested LoA to connector configuration minimum LoA: {} ...", + minimumLoAFromConfig); + final List<String> allowedLoA = new ArrayList<>(); + for (final String loa : reqLoA) { + try { + final LevelOfAssurance intLoa = LevelOfAssurance.fromString(loa); + String selectedLoA = EaafConstants.EIDAS_LOA_HIGH; + if (intLoa != null + && intLoa.numericValue() >= minimumLoAFromConfig.numericValue()) { + log.info("Client: {} requested LoA: {} will be upgraded to: {}", + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(), + loa, + minimumLoAFromConfig); + selectedLoA = intLoa.getValue(); + + } + + if (!allowedLoA.contains(selectedLoA)) { + log.debug("Allow LoA: {} for Client: {}", + selectedLoA, + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier()); + allowedLoA.add(selectedLoA); + + } + + } catch (final IllegalArgumentException e) { + log.warn("LoA: {} is currently NOT supported and it will be ignored.", loa); + + } + + } + + pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA( + allowedLoA); + + // post-process requested LoA comparison-level + final String reqLoAComperison = extractComparisonLevel(authnReq); + pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setLoAMachtingMode( + reqLoAComperison); + + // validate and process requested attributes + boolean sectorDetected = false; + final List<XMLObject> requestedAttributes = authnReq.getExtensions().getUnknownXMLObjects(); + for (final XMLObject reqAttrObj : requestedAttributes) { + if (reqAttrObj instanceof EaafRequestedAttributes) { + final EaafRequestedAttributes reqAttr = (EaafRequestedAttributes) reqAttrObj; + if (reqAttr.getAttributes() != null && reqAttr.getAttributes().size() != 0) { + for (final EaafRequestedAttribute el : reqAttr.getAttributes()) { + log.trace("Processing req. attribute '" + el.getName() + "' ... "); + if (el.getName().equals(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) { + if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) { + final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent(); + final ServiceProviderConfiguration spConfig = pendingReq.getServiceProviderConfiguration( + ServiceProviderConfiguration.class); + + try { + spConfig.setBpkTargetIdentifier(sectorId); + sectorDetected = true; + + } catch (final EaafException e) { + log.info("Requested sector: " + sectorId + " DOES NOT match to allowed sectors for SP: " + + spConfig.getUniqueIdentifier()); + } + + } else { + log.info("Req. attribute '" + el.getName() + + "' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute"); + } + + } else { + log.debug("Ignore req. attribute: " + el.getName()); + } + + } + + } else { + log.debug("No requested Attributes in Authn. Request"); + } + + } else { + log.info("Ignore unknown requested attribute: " + reqAttrObj.getElementQName().toString()); + } + + } + + if (!sectorDetected) { + log.info("Authn.Req validation FAILED. Reason: Contains NO or NO VALID target-sector information."); + throw new AuthnRequestValidatorException("pvp2.22", new Object[] { + "NO or NO VALID target-sector information" }); + + } + + } catch (final EaafStorageException e) { + log.info("Can NOT store Authn. Req. data into pendingRequest.", e); + throw new AuthnRequestValidatorException("internal.02", null, e); + + } + + } + + private String extractComparisonLevel(AuthnRequest authnReq) { + if (authnReq.getRequestedAuthnContext() != null) { + final RequestedAuthnContext authContext = authnReq.getRequestedAuthnContext(); + return authContext.getComparison().toString(); + + } + + return null; + } + + private List<String> extractLoA(AuthnRequest authnReq) throws AuthnRequestValidatorException { + final List<String> result = new ArrayList<>(); + if (authnReq.getRequestedAuthnContext() != null) { + final RequestedAuthnContext authContext = authnReq.getRequestedAuthnContext(); + if (authContext.getComparison().equals(AuthnContextComparisonTypeEnumeration.MINIMUM)) { + if (authContext.getAuthnContextClassRefs().isEmpty()) { + log.debug("Authn. Req. contains no requested LoA"); + + } else if (authContext.getAuthnContextClassRefs().size() > 1) { + log.info("Authn. Req. contains MORE THAN ONE requested LoA, but " + + AuthnContextComparisonTypeEnumeration.MINIMUM + " allows only one"); + throw new AuthnRequestValidatorException("pvp2.22", + new Object[] { "Authn. Req. contains MORE THAN ONE requested LoA, but " + + AuthnContextComparisonTypeEnumeration.MINIMUM + " allows only one" }); + + } else { + result.add(authContext.getAuthnContextClassRefs().get(0).getAuthnContextClassRef()); + } + + } else if (authContext.getComparison().equals(AuthnContextComparisonTypeEnumeration.EXACT)) { + for (final AuthnContextClassRef el : authContext.getAuthnContextClassRefs()) { + result.add(el.getAuthnContextClassRef()); + } + + } else { + log.info("Currently only '" + AuthnContextComparisonTypeEnumeration.MINIMUM + "' and '" + + AuthnContextComparisonTypeEnumeration.EXACT + "' are supported"); + throw new AuthnRequestValidatorException("pvp2.22", + new Object[] { "Currently only '" + AuthnContextComparisonTypeEnumeration.MINIMUM + "' and '" + + AuthnContextComparisonTypeEnumeration.EXACT + "' are supported" }); + + } + + } + + return result; + } + + private String extractScopeRequsterId(AuthnRequest authnReq) { + if (authnReq.getScoping() != null) { + final Scoping scoping = authnReq.getScoping(); + if (scoping.getRequesterIDs() != null + && scoping.getRequesterIDs().size() > 0) { + if (scoping.getRequesterIDs().size() == 1) { + return scoping.getRequesterIDs().get(0).getRequesterID(); + } else { + log.info("Authn. request contains more than on RequesterIDs! Only use first one"); + return scoping.getRequesterIDs().get(0).getRequesterID(); + + } + } + } + + return null; + } } diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/MetadataSignatureVerificationFilter.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/MetadataSignatureVerificationFilter.java index eeaea135..b6dd249a 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/MetadataSignatureVerificationFilter.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/MetadataSignatureVerificationFilter.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,9 +19,8 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ +*/ + package at.asitplus.eidas.specific.connector.verification; import java.io.IOException; @@ -49,116 +48,128 @@ import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; import at.gv.egiz.eaaf.modules.pvp2.idp.exception.SamlRequestNotSignedException; import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.AbstractMetadataSignatureFilter; -public class MetadataSignatureVerificationFilter extends AbstractMetadataSignatureFilter{ - private static final Logger log = LoggerFactory.getLogger(MetadataSignatureVerificationFilter.class); - - private String metadataURL; - private List<BasicX509Credential> trustedCredential = new ArrayList<BasicX509Credential>(); - - public MetadataSignatureVerificationFilter(String trustStorePath, String trustStorePassword, String metadataURL) - throws Pvp2MetadataException { - this.metadataURL = metadataURL; - - log.trace("Initialize metadata signature-verification filter with truststore: " + trustStorePath + " ... "); - try { - KeyStore keyStore = KeyStoreUtils.loadKeyStore(trustStorePath, trustStorePassword); - if (keyStore != null) { - //load trusted certificates - Enumeration<String> aliases = keyStore.aliases(); - while(aliases.hasMoreElements()) { - String el = aliases.nextElement(); - log.trace("Process TrustStoreEntry: " + el); - if (keyStore.isCertificateEntry(el)) { - Certificate cert = keyStore.getCertificate(el); - if (cert != null && cert instanceof X509Certificate) { - BasicX509Credential trustedCert = new BasicX509Credential(); - trustedCert.setEntityCertificate((X509Certificate) cert); - this.trustedCredential.add(trustedCert); - log.debug("Add cert: " + ((X509Certificate) cert).getSubjectDN() + " as trusted for metadata: " + metadataURL); - - } else - log.info("Can not process entry: " + el + ". Reason: " + cert.toString()); - - } - } - - - } else - throw new Pvp2MetadataException("pvp2.26", - new Object[] {"Can not open trustStore: " + trustStorePath + " for metadata: " + metadataURL}); - - } catch (KeyStoreException | IOException e) { - log.warn("Can not open trustStore: " + trustStorePath + " for metadata: " + metadataURL + " Reason: " + e.getMessage(), e); - throw new Pvp2MetadataException("pvp2.26", - new Object[] {"Can not open trustStore: " + trustStorePath + " for metadata"}, e); - - } - - - } - - - @Override - protected void verify(EntityDescriptor desc) throws Pvp2MetadataException { - try { - internalVerify(desc); - - } catch (EaafException e) { - log.info("Metadata verification FAILED for: " + metadataURL + " Reason: " +e.getMessage()); - throw new Pvp2MetadataException("pvp2.26", - new Object[] {"Metadata verification FAILED for: " + metadataURL + " Reason: " +e.getMessage()}, e); - - } - } - - @Override - protected void verify(EntitiesDescriptor desc) throws Pvp2MetadataException { - throw new Pvp2MetadataException("pvp2.26", - new Object[] {"EntitiesDescritors are NOT supported"}); - - } - - @Override - protected void verify(EntityDescriptor entity, EntitiesDescriptor desc) throws Pvp2MetadataException { - throw new Pvp2MetadataException("pvp2.26", - new Object[] {"EntitiesDescritors are NOT supported"}); - - } - - private void internalVerify(SignableSAMLObject signedElement) - throws EaafException { - if (signedElement.getSignature() == null) { - throw new SamlRequestNotSignedException(); - } - - try { - SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); - sigValidator.validate(signedElement.getSignature()); - } catch (ValidationException e) { - log.error("Failed to validate Signature", e); - throw new SamlRequestNotSignedException(e); - } - - boolean isTrusted = false; - for (BasicX509Credential cred : trustedCredential) { - SignatureValidator sigValidator = new SignatureValidator(cred); - try { - sigValidator.validate(signedElement.getSignature()); - isTrusted = true; - - } catch (ValidationException e) { - log.info("Failed to verfiy Signature with cert: " + cred.getEntityCertificate().getSubjectDN() - + " Reason: " + e.getMessage()); - - } - } - - if (!isTrusted) { - log.warn("PVP2 metadata: " + metadataURL + " are NOT trusted!"); - throw new SamlRequestNotSignedException(); - - } - - } +public class MetadataSignatureVerificationFilter extends AbstractMetadataSignatureFilter { + private static final Logger log = LoggerFactory.getLogger(MetadataSignatureVerificationFilter.class); + + private final String metadataUrl; + private final List<BasicX509Credential> trustedCredential = new ArrayList<>(); + + /** + * SAML2 Metadata signature verifier that checks signer certificates based on local TrustStores. + * + * @param trustStorePath Path to truststore + * @param trustStorePassword TrustStore password + * @param metadataUrl URL to PVP2 metadata + * @throws Pvp2MetadataException In case of a verification error + */ + public MetadataSignatureVerificationFilter(String trustStorePath, String trustStorePassword, + String metadataUrl) + throws Pvp2MetadataException { + this.metadataUrl = metadataUrl; + + log.trace("Initialize metadata signature-verification filter with truststore: " + trustStorePath + + " ... "); + try { + final KeyStore keyStore = KeyStoreUtils.loadKeyStore(trustStorePath, trustStorePassword); + if (keyStore != null) { + // load trusted certificates + final Enumeration<String> aliases = keyStore.aliases(); + while (aliases.hasMoreElements()) { + final String el = aliases.nextElement(); + log.trace("Process TrustStoreEntry: " + el); + if (keyStore.isCertificateEntry(el)) { + final Certificate cert = keyStore.getCertificate(el); + if (cert != null && cert instanceof X509Certificate) { + final BasicX509Credential trustedCert = new BasicX509Credential(); + trustedCert.setEntityCertificate((X509Certificate) cert); + this.trustedCredential.add(trustedCert); + log.debug("Add cert: " + ((X509Certificate) cert).getSubjectDN() + " as trusted for metadata: " + + metadataUrl); + + } else { + log.info("Can not process entry: " + el + ". Reason: is null"); + } + + } + } + + } else { + throw new Pvp2MetadataException("pvp2.26", + new Object[] { "Can not open trustStore: " + trustStorePath + " for metadata: " + metadataUrl }); + } + + } catch (KeyStoreException | IOException e) { + log.warn("Can not open trustStore: " + trustStorePath + " for metadata: " + metadataUrl + " Reason: " + + e.getMessage(), e); + throw new Pvp2MetadataException("pvp2.26", + new Object[] { "Can not open trustStore: " + trustStorePath + " for metadata" }, e); + + } + + } + + @Override + protected void verify(EntityDescriptor desc) throws Pvp2MetadataException { + try { + internalVerify(desc); + + } catch (final EaafException e) { + log.info("Metadata verification FAILED for: " + metadataUrl + " Reason: " + e.getMessage()); + throw new Pvp2MetadataException("pvp2.26", + new Object[] { "Metadata verification FAILED for: " + metadataUrl + " Reason: " + e.getMessage() }, + e); + + } + } + + @Override + protected void verify(EntitiesDescriptor desc) throws Pvp2MetadataException { + throw new Pvp2MetadataException("pvp2.26", + new Object[] { "EntitiesDescritors are NOT supported" }); + + } + + @Override + protected void verify(EntityDescriptor entity, EntitiesDescriptor desc) throws Pvp2MetadataException { + throw new Pvp2MetadataException("pvp2.26", + new Object[] { "EntitiesDescritors are NOT supported" }); + + } + + private void internalVerify(SignableSAMLObject signedElement) + throws EaafException { + if (signedElement.getSignature() == null) { + throw new SamlRequestNotSignedException(); + } + + try { + final SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); + sigValidator.validate(signedElement.getSignature()); + } catch (final ValidationException e) { + log.error("Failed to validate Signature", e); + throw new SamlRequestNotSignedException(e); + } + + boolean isTrusted = false; + for (final BasicX509Credential cred : trustedCredential) { + final SignatureValidator sigValidator = new SignatureValidator(cred); + try { + sigValidator.validate(signedElement.getSignature()); + isTrusted = true; + + } catch (final ValidationException e) { + log.info("Failed to verfiy Signature with cert: " + cred.getEntityCertificate().getSubjectDN() + + " Reason: " + e.getMessage()); + + } + } + + if (!isTrusted) { + log.warn("PVP2 metadata: " + metadataUrl + " are NOT trusted!"); + throw new SamlRequestNotSignedException(); + + } + + } } diff --git a/connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider index d68a187a..4c2aef74 100644 --- a/connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider +++ b/connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -1 +1 @@ -at.asitplus.eidas.specific.connector.MSSpecificeIDASNodeSpringResourceProvider
\ No newline at end of file +at.asitplus.eidas.specific.connector.MsSpecificEidasNodeSpringResourceProvider
\ No newline at end of file diff --git a/connector/src/main/resources/applicationContext.xml b/connector/src/main/resources/applicationContext.xml index 9105bb56..76682a2e 100644 --- a/connector/src/main/resources/applicationContext.xml +++ b/connector/src/main/resources/applicationContext.xml @@ -1,37 +1,39 @@ <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xmlns:context="http://www.springframework.org/schema/context" - xmlns:mvc="http://www.springframework.org/schema/mvc" - xsi:schemaLocation=" - http://www.springframework.org/schema/beans - http://www.springframework.org/schema/beans/spring-beans.xsd - http://www.springframework.org/schema/context - http://www.springframework.org/schema/context/spring-context.xsd - http://www.springframework.org/schema/mvc - http://www.springframework.org/schema/mvc/spring-mvc.xsd - http://www.springframework.org/schema/tx - http://www.springframework.org/schema/tx/spring-tx.xsd - " -> + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:mvc="http://www.springframework.org/schema/mvc" + xsi:schemaLocation=" + http://www.springframework.org/schema/beans + http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context + http://www.springframework.org/schema/context/spring-context.xsd + http://www.springframework.org/schema/mvc + http://www.springframework.org/schema/mvc/spring-mvc.xsd + http://www.springframework.org/schema/tx + http://www.springframework.org/schema/tx/spring-tx.xsd"> - <context:annotation-config /> - <mvc:annotation-driven /> - - <mvc:default-servlet-handler/> - - <mvc:interceptors> - <bean class="at.asitplus.eidas.specific.connector.interceptor.WebFrontEndSecurityInterceptor" /> - <bean class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor"> - <property name="paramName" value="lang" /> - </bean> - </mvc:interceptors> + <context:annotation-config /> + <mvc:annotation-driven /> - <context:property-placeholder location="${eidas.ms.configuration}"/> + <mvc:default-servlet-handler /> + + <mvc:interceptors> + <bean + class="at.asitplus.eidas.specific.connector.interceptor.WebFrontEndSecurityInterceptor" /> + <bean + class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor"> + <property name="paramName" value="lang" /> + </bean> + </mvc:interceptors> + + <context:property-placeholder + location="${eidas.ms.configuration}" /> + + <bean id="BasicMSSpecificNodeConfig" + class="at.asitplus.eidas.specific.connector.config.BasicConfigurationProvider"> + <constructor-arg + value="#{systemProperties['eidas.ms.configuration']}" /> + </bean> - <bean id="BasicMSSpecificNodeConfig" - class="at.asitplus.eidas.specific.connector.config.BasicConfigurationProvider"> - <constructor-arg value="#{systemProperties['eidas.ms.configuration']}"/> - </bean> - </beans> diff --git a/connector/src/main/resources/logback.xml b/connector/src/main/resources/logback.xml index b46c95de..a0a9995e 100644 --- a/connector/src/main/resources/logback.xml +++ b/connector/src/main/resources/logback.xml @@ -1,105 +1,131 @@ <?xml version="1.0" encoding="UTF-8"?> -<!-- For assistance related to logback-translator or configuration --> +<!-- For assistance related to logback-translator or configuration --> <!-- files in general, please contact the logback user mailing list --> -<!-- at http://www.qos.ch/mailman/listinfo/logback-user --> -<!-- --> -<!-- For professional support please see --> -<!-- http://www.qos.ch/shop/products/professionalSupport --> -<!-- --> +<!-- at http://www.qos.ch/mailman/listinfo/logback-user --> +<!-- --> +<!-- For professional support please see --> +<!-- http://www.qos.ch/shop/products/professionalSupport --> +<!-- --> <configuration> - <appender name="msnode" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> + <appender name="msnode" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender --> <File>${catalina.base}/logs/eidas-ms-reversion.log</File> <encoder> <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern> </encoder> - <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <rollingPolicy + class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> <maxIndex>9999</maxIndex> - <FileNamePattern>${catalina.base}/logs/eidas-ms-reversion.log.%i</FileNamePattern> + <FileNamePattern>${catalina.base}/logs/eidas-ms-reversion.log.%i + </FileNamePattern> </rollingPolicy> - <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <triggeringPolicy + class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <MaxFileSize>10000KB</MaxFileSize> </triggeringPolicy> </appender> - <appender name="EIDASNODE" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> + <appender name="EIDASNODE" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender --> <File>${catalina.base}/logs/eIDAS_node.log</File> <encoder> <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern> </encoder> - <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <rollingPolicy + class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> <maxIndex>9999</maxIndex> - <FileNamePattern>${catalina.base}/logs/eIDAS_node.log.%i</FileNamePattern> + <FileNamePattern>${catalina.base}/logs/eIDAS_node.log.%i + </FileNamePattern> </rollingPolicy> - <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <triggeringPolicy + class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <MaxFileSize>10000KB</MaxFileSize> </triggeringPolicy> </appender> - <appender name="reversion" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> + <appender name="reversion" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender --> <File>${catalina.base}/logs/eidas-ms-reversion.log</File> <encoder> <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern> </encoder> - <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <rollingPolicy + class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> <maxIndex>9999</maxIndex> - <FileNamePattern>${catalina.base}/logs/eidas-ms-reversion.log.%i</FileNamePattern> + <FileNamePattern>${catalina.base}/logs/eidas-ms-reversion.log.%i + </FileNamePattern> </rollingPolicy> - <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <triggeringPolicy + class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <MaxFileSize>10000KB</MaxFileSize> </triggeringPolicy> </appender> - <appender name="statistic" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> + <appender name="statistic" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender --> <File>${catalina.base}/logs/eidas-ms-statistic.log</File> <encoder> <pattern>%m%n</pattern> </encoder> - <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <rollingPolicy + class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> <maxIndex>9999</maxIndex> - <FileNamePattern>${catalina.base}/logs/eidas-ms-statistic.log.%i</FileNamePattern> + <FileNamePattern>${catalina.base}/logs/eidas-ms-statistic.log.%i + </FileNamePattern> </rollingPolicy> - <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <triggeringPolicy + class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <MaxFileSize>10000KB</MaxFileSize> </triggeringPolicy> </appender> - <appender name="stdout" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> + <appender name="stdout" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender --> <File>${catalina.base}/logs/console.log</File> <encoder> <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern> </encoder> - <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <rollingPolicy + class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> <maxIndex>9999</maxIndex> - <FileNamePattern>${catalina.base}/logs/console.log.%i</FileNamePattern> + <FileNamePattern>${catalina.base}/logs/console.log.%i + </FileNamePattern> </rollingPolicy> - <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <triggeringPolicy + class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <MaxFileSize>10000KB</MaxFileSize> </triggeringPolicy> </appender> - <appender name="console" class="ch.qos.logback.core.ConsoleAppender"> + <appender name="console" + class="ch.qos.logback.core.ConsoleAppender"> <encoder> <pattern>%5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n</pattern> </encoder> </appender> <logger name="at.gv.egiz.eaaf" level="info"> - <appender-ref ref="msnode"/> + <appender-ref ref="msnode" /> </logger> <logger name="eu.eidas" additivity="false" level="info"> - <appender-ref ref="EIDASNODE"/> + <appender-ref ref="EIDASNODE" /> </logger> - <logger name="at.gv.egiz.eidas.specific" additivity="false" level="info"> - <appender-ref ref="msnode"/> + <logger name="at.gv.egiz.eidas.specific" additivity="false" + level="info"> + <appender-ref ref="msnode" /> </logger> - <logger name="at.gv.egiz.eidas.specific.connector.logger.RevisionLogger" additivity="false" level="info"> - <appender-ref ref="reversion"/> + <logger + name="at.gv.egiz.eidas.specific.connector.logger.RevisionLogger" + additivity="false" level="info"> + <appender-ref ref="reversion" /> </logger> - <logger name="at.gv.egiz.eidas.specific.connector.logger.StatisticLogger" additivity="false" level="info"> - <appender-ref ref="statistic"/> + <logger + name="at.gv.egiz.eidas.specific.connector.logger.StatisticLogger" + additivity="false" level="info"> + <appender-ref ref="statistic" /> </logger> <root level="info"> - <appender-ref ref="stdout"/> - <appender-ref ref="console"/> + <appender-ref ref="stdout" /> + <appender-ref ref="console" /> </root> </configuration> diff --git a/connector/src/main/resources/processes/CountrySelection.process.xml b/connector/src/main/resources/processes/CountrySelection.process.xml index 575bbf0d..9c76e9a9 100644 --- a/connector/src/main/resources/processes/CountrySelection.process.xml +++ b/connector/src/main/resources/processes/CountrySelection.process.xml @@ -1,17 +1,29 @@ <?xml version="1.0" encoding="UTF-8"?> -<pd:ProcessDefinition id="CountrySelectionProcess" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> +<pd:ProcessDefinition id="CountrySelectionProcess" + xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> - <pd:Task id="initializeCountrySelection" class="GenerateCountrySelectionFrameTask"/> - <pd:Task id="parseCountrySelection" class="EvaluateCountrySelectionTask" async="true"/> - <pd:Task id="restartAuthProzessManagement" class="RestartAuthProzessManagement"/> + <pd:Task id="initializeCountrySelection" + class="GenerateCountrySelectionFrameTask" /> + <pd:Task id="parseCountrySelection" + class="EvaluateCountrySelectionTask" async="true" /> + <pd:Task id="restartAuthProzessManagement" + class="RestartAuthProzessManagement" /> - <pd:StartEvent id="start" /> - <pd:Transition from="start" to="initializeCountrySelection" /> - <pd:Transition from="initializeCountrySelection" to="parseCountrySelection" /> - - <pd:Transition from="parseCountrySelection" to="initializeCountrySelection" conditionExpression="ctx['changeLanguage']"/> - <pd:Transition from="parseCountrySelection" to="restartAuthProzessManagement" /> - <pd:Transition from="restartAuthProzessManagement" to="end" /> - <pd:EndEvent id="end" /> + <pd:StartEvent id="start" /> + + <pd:Transition from="start" + to="initializeCountrySelection" /> + <pd:Transition from="initializeCountrySelection" + to="parseCountrySelection" /> + + <pd:Transition from="parseCountrySelection" + to="initializeCountrySelection" + conditionExpression="ctx['changeLanguage']" /> + <pd:Transition from="parseCountrySelection" + to="restartAuthProzessManagement" /> + <pd:Transition from="restartAuthProzessManagement" + to="end" /> + + <pd:EndEvent id="end" /> </pd:ProcessDefinition> diff --git a/connector/src/main/resources/specific_eIDAS_connector.beans.xml b/connector/src/main/resources/specific_eIDAS_connector.beans.xml index 32b1685d..e7a46657 100644 --- a/connector/src/main/resources/specific_eIDAS_connector.beans.xml +++ b/connector/src/main/resources/specific_eIDAS_connector.beans.xml @@ -1,129 +1,129 @@ <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xmlns:context="http://www.springframework.org/schema/context" - xmlns:tx="http://www.springframework.org/schema/tx" - xmlns:aop="http://www.springframework.org/schema/aop" - xmlns:mvc="http://www.springframework.org/schema/mvc" - xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd - http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd - http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd - http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd - http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd"> - - <context:annotation-config /> - <mvc:annotation-driven /> - <mvc:default-servlet-handler/> - - <bean id="WebResourceConfiguration" - class="at.asitplus.eidas.specific.connector.config.StaticResourceConfiguration" /> - - <bean id="ProcessEngineSignalController" - class="at.asitplus.eidas.specific.connector.controller.ProcessEngineSignalController" /> - - <bean id="MonitoringController" - class="at.asitplus.eidas.specific.connector.controller.MonitoringController"> - <property name="pvpIDPCredentials"> - <ref bean="PVPEndPointCredentialProvider" /> - </property> - </bean> - - <bean id="AuthenticationManager" - class="at.asitplus.eidas.specific.connector.auth.AuthenticationManager" /> - - <bean id="AuthenticationDataBuilder" - class="at.asitplus.eidas.specific.connector.builder.AuthenticationDataBuilder" /> - - <bean id="PVPEndPointConfiguration" - class="at.asitplus.eidas.specific.connector.config.PVPEndPointConfiguration"/> - - <bean id="PVPEndPointCredentialProvider" - class="at.asitplus.eidas.specific.connector.provider.PVPEndPointCredentialProvider" /> - - <bean id="PVPMetadataConfigurationFactory" - class="at.asitplus.eidas.specific.connector.provider.PVPMetadataConfigurationFactory" /> - - <bean id="PVP2XProtocol" - class="at.asitplus.eidas.specific.connector.controller.PVP2SProfileEndpoint"> - <property name="pvpIDPCredentials"> - <ref bean="PVPEndPointCredentialProvider" /> - </property> - </bean> - - <bean id="AuthnRequestValidator" - class="at.asitplus.eidas.specific.connector.verification.AuthnRequestValidator" /> - - <bean id="SAMLVerificationEngine" - class="at.gv.egiz.eaaf.modules.pvp2.impl.verification.SAMLVerificationEngine" /> - - <bean id="pvpMetadataService" - class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.MetadataAction"> - <property name="pvpIDPCredentials"> - <ref bean="PVPEndPointCredentialProvider" /> - </property> - </bean> - - <bean id="PVPAuthenticationRequestAction" - class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.AuthenticationAction"> - <property name="pvpIDPCredentials"> - <ref bean="PVPEndPointCredentialProvider" /> - </property> - </bean> - - <bean id="eaafProtocolAuthenticationService" - class="at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService"> - <property name="guiBuilder" ref="mvcGUIBuilderImpl"/> - </bean> - - <bean id="securePendingRequestIdGeneration" - class="at.gv.egiz.eaaf.core.impl.utils.SecurePendingRequestIdGenerationStrategy"/> - - <bean id="PVPMetadataProvider" - class="at.asitplus.eidas.specific.connector.provider.PVPMetadataProvider" /> - - <bean id="PVPSubjectNameGenerator" - class="at.asitplus.eidas.specific.connector.builder.PVPSubjectNameGenerator"/> - - <bean id="LoALevelMapper" - class="at.asitplus.eidas.specific.connector.mapper.LoALevelMapper"/> - - <bean id="GUIBuilderConfigurationFactory" - class="at.asitplus.eidas.specific.connector.gui.GUIBuilderConfigurationFactory" /> - - <bean id="velocityGUIBuilderImpl" - class="at.asitplus.eidas.specific.connector.gui.DefaultVelocityGUIBuilderImpl"/> - - <bean id="mvcGUIBuilderImpl" - class="at.asitplus.eidas.specific.connector.gui.SpringMVCGUIFormBuilderImpl"/> - - <bean id="templateEngine" - class="org.thymeleaf.spring5.SpringTemplateEngine"> - <property name="templateResolver" ref="templateResolver" /> - </bean> - - <bean class="org.thymeleaf.spring5.view.ThymeleafViewResolver"> - <property name="order" value="2"/> - <property name="templateEngine" ref="templateEngine" /> - <property name="characterEncoding" value="UTF-8"/> - </bean> - - <bean id="StatusMessageProvider" - class="at.asitplus.eidas.specific.connector.provider.StatusMessageProvider" /> - - <bean id="eidasRevisionLogger" - class="at.asitplus.eidas.specific.connector.logger.RevisionLogger" /> - - <bean id="eidasStatisticLogger" - class="at.asitplus.eidas.specific.connector.logger.StatisticLogger" /> - - - <!-- Tasks --> - <bean id="GenerateCountrySelectionFrameTask" - class="at.asitplus.eidas.specific.connector.processes.tasks.GenerateCountrySelectionFrameTask" - scope="prototype"/> - - <bean id="EvaluateCountrySelectionTask" - class="at.asitplus.eidas.specific.connector.processes.tasks.EvaluateCountrySelectionTask" - scope="prototype"/> - + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xmlns:mvc="http://www.springframework.org/schema/mvc" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd + http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd"> + + <context:annotation-config /> + <mvc:annotation-driven /> + <mvc:default-servlet-handler /> + + <bean id="WebResourceConfiguration" + class="at.asitplus.eidas.specific.connector.config.StaticResourceConfiguration" /> + + <bean id="ProcessEngineSignalController" + class="at.asitplus.eidas.specific.connector.controller.ProcessEngineSignalController" /> + + <bean id="MonitoringController" + class="at.asitplus.eidas.specific.connector.controller.MonitoringController"> + <property name="pvpIDPCredentials"> + <ref bean="PVPEndPointCredentialProvider" /> + </property> + </bean> + + <bean id="AuthenticationManager" + class="at.asitplus.eidas.specific.connector.auth.AuthenticationManager" /> + + <bean id="AuthenticationDataBuilder" + class="at.asitplus.eidas.specific.connector.builder.AuthenticationDataBuilder" /> + + <bean id="PVPEndPointConfiguration" + class="at.asitplus.eidas.specific.connector.config.PVPEndPointConfiguration" /> + + <bean id="PVPEndPointCredentialProvider" + class="at.asitplus.eidas.specific.connector.provider.PVPEndPointCredentialProvider" /> + + <bean id="PVPMetadataConfigurationFactory" + class="at.asitplus.eidas.specific.connector.provider.PVPMetadataConfigurationFactory" /> + + <bean id="PVP2XProtocol" + class="at.asitplus.eidas.specific.connector.controller.PVP2SProfileEndpoint"> + <property name="pvpIDPCredentials"> + <ref bean="PVPEndPointCredentialProvider" /> + </property> + </bean> + + <bean id="AuthnRequestValidator" + class="at.asitplus.eidas.specific.connector.verification.AuthnRequestValidator" /> + + <bean id="SAMLVerificationEngine" + class="at.gv.egiz.eaaf.modules.pvp2.impl.verification.SAMLVerificationEngine" /> + + <bean id="pvpMetadataService" + class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.MetadataAction"> + <property name="pvpIDPCredentials"> + <ref bean="PVPEndPointCredentialProvider" /> + </property> + </bean> + + <bean id="PVPAuthenticationRequestAction" + class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.AuthenticationAction"> + <property name="pvpIDPCredentials"> + <ref bean="PVPEndPointCredentialProvider" /> + </property> + </bean> + + <bean id="eaafProtocolAuthenticationService" + class="at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService"> + <property name="guiBuilder" ref="mvcGUIBuilderImpl" /> + </bean> + + <bean id="securePendingRequestIdGeneration" + class="at.gv.egiz.eaaf.core.impl.utils.SecurePendingRequestIdGenerationStrategy" /> + + <bean id="PVPMetadataProvider" + class="at.asitplus.eidas.specific.connector.provider.PVPMetadataProvider" /> + + <bean id="PVPSubjectNameGenerator" + class="at.asitplus.eidas.specific.connector.builder.PVPSubjectNameGenerator" /> + + <bean id="LoALevelMapper" + class="at.asitplus.eidas.specific.connector.mapper.LoALevelMapper" /> + + <bean id="GUIBuilderConfigurationFactory" + class="at.asitplus.eidas.specific.connector.gui.GUIBuilderConfigurationFactory" /> + + <bean id="velocityGUIBuilderImpl" + class="at.asitplus.eidas.specific.connector.gui.DefaultVelocityGUIBuilderImpl" /> + + <bean id="mvcGUIBuilderImpl" + class="at.asitplus.eidas.specific.connector.gui.SpringMVCGUIFormBuilderImpl" /> + + <bean id="templateEngine" + class="org.thymeleaf.spring5.SpringTemplateEngine"> + <property name="templateResolver" ref="templateResolver" /> + </bean> + + <bean class="org.thymeleaf.spring5.view.ThymeleafViewResolver"> + <property name="order" value="2" /> + <property name="templateEngine" ref="templateEngine" /> + <property name="characterEncoding" value="UTF-8" /> + </bean> + + <bean id="StatusMessageProvider" + class="at.asitplus.eidas.specific.connector.provider.StatusMessageProvider" /> + + <bean id="eidasRevisionLogger" + class="at.asitplus.eidas.specific.connector.logger.RevisionLogger" /> + + <bean id="eidasStatisticLogger" + class="at.asitplus.eidas.specific.connector.logger.StatisticLogger" /> + + + <!-- Tasks --> + <bean id="GenerateCountrySelectionFrameTask" + class="at.asitplus.eidas.specific.connector.processes.tasks.GenerateCountrySelectionFrameTask" + scope="prototype" /> + + <bean id="EvaluateCountrySelectionTask" + class="at.asitplus.eidas.specific.connector.processes.tasks.EvaluateCountrySelectionTask" + scope="prototype" /> + </beans>
\ No newline at end of file diff --git a/connector/src/main/resources/specific_eIDAS_connector.storage.beans.xml b/connector/src/main/resources/specific_eIDAS_connector.storage.beans.xml index a460dea6..9ee5cf88 100644 --- a/connector/src/main/resources/specific_eIDAS_connector.storage.beans.xml +++ b/connector/src/main/resources/specific_eIDAS_connector.storage.beans.xml @@ -1,51 +1,49 @@ <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xmlns:context="http://www.springframework.org/schema/context" - xmlns:tx="http://www.springframework.org/schema/tx" - xmlns:aop="http://www.springframework.org/schema/aop" - xmlns:mvc="http://www.springframework.org/schema/mvc" - xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd - http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd - http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd - http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd - http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd"> - - <import resource="classpath:specificCommunicationDefinitionApplicationContext.xml"/> - -<!-- <bean id="SimpleInMemoryTransactionStorage" - class="at.asitplus.eidas.specific.connector.storage.SimpleInMemoryTransactionStorage" /> --> - - <bean id="eIDASCacheTransactionStoreDecorator" - class="at.asitplus.eidas.specific.connector.storage.eIDASCacheTransactionStoreDecorator"/> - - <bean id="CacheWitheIDASBackend" class="at.asitplus.eidas.specific.connector.storage.CacheWitheIDASBackend"> - <constructor-arg ref="msNodeCacheImpl"/> - </bean> - - <bean id="msNodeCacheImpl" class="eu.eidas.auth.cache.ConcurrentCacheServiceIgniteSpecificCommunicationImpl"> - <property name="igniteInstanceInitializerSpecificCommunication" ref="eidasIgniteInstanceInitializerSpecificCommunication"/> - <property name="cacheName" value="msConnectorCache"/> - </bean> - - - <!-- bean id="defaultHazelcastInstance" class="java.lang.String"> - <constructor-arg value="eidasHazelcastInstance"/> - </bean> - - <bean id="eidasHazelcastInstanceInitializer" class=" eu.eidas.auth.commons.cache.HazelcastInstanceInitializer" init-method="initializeInstance" lazy-init="true"> - <property name="hazelcastConfigfileName" value="#{eidasConfigRepository}hazelcast.xml"/> - <property name="hazelcastInstanceName" ref="defaultHazelcastInstance"/> - </bean> - - <bean id="springServiceCMapspecificMSSpCorProviderProd" class="eu.eidas.auth.commons.cache.ConcurrentMapServiceDistributedImpl" lazy-init="true"> - <property name="hazelcastInstanceInitializer" ref="eidasHazelcastInstanceInitializer"/> - <property name="cacheName" value="specificSpRequestCorrelationCacheService"/> - </bean> - - <bean id="springServiceCMapspecificMSSpCorProviderDev" class="eu.eidas.auth.commons.cache.ConcurrentMapServiceDefaultImpl"> - <property name="expireAfterAccess" value="1800"/> - <property name="maximumSize" value="1000"/> - </bean --> - + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xmlns:mvc="http://www.springframework.org/schema/mvc" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd + http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd"> + + <import + resource="classpath:specificCommunicationDefinitionApplicationContext.xml" /> + + <!-- <bean id="SimpleInMemoryTransactionStorage" class="at.asitplus.eidas.specific.connector.storage.SimpleInMemoryTransactionStorage" + /> --> + + <bean id="eIDASCacheTransactionStoreDecorator" + class="at.asitplus.eidas.specific.connector.storage.eIDASCacheTransactionStoreDecorator" /> + + <bean id="CacheWitheIDASBackend" + class="at.asitplus.eidas.specific.connector.storage.CacheWitheIDASBackend"> + <constructor-arg ref="msNodeCacheImpl" /> + </bean> + + <bean id="msNodeCacheImpl" + class="eu.eidas.auth.cache.ConcurrentCacheServiceIgniteSpecificCommunicationImpl"> + <property + name="igniteInstanceInitializerSpecificCommunication" + ref="eidasIgniteInstanceInitializerSpecificCommunication" /> + <property name="cacheName" value="msConnectorCache" /> + </bean> + + + <!-- bean id="defaultHazelcastInstance" class="java.lang.String"> <constructor-arg + value="eidasHazelcastInstance"/> </bean> <bean id="eidasHazelcastInstanceInitializer" + class=" eu.eidas.auth.commons.cache.HazelcastInstanceInitializer" init-method="initializeInstance" + lazy-init="true"> <property name="hazelcastConfigfileName" value="#{eidasConfigRepository}hazelcast.xml"/> + <property name="hazelcastInstanceName" ref="defaultHazelcastInstance"/> </bean> + <bean id="springServiceCMapspecificMSSpCorProviderProd" class="eu.eidas.auth.commons.cache.ConcurrentMapServiceDistributedImpl" + lazy-init="true"> <property name="hazelcastInstanceInitializer" ref="eidasHazelcastInstanceInitializer"/> + <property name="cacheName" value="specificSpRequestCorrelationCacheService"/> + </bean> <bean id="springServiceCMapspecificMSSpCorProviderDev" class="eu.eidas.auth.commons.cache.ConcurrentMapServiceDefaultImpl"> + <property name="expireAfterAccess" value="1800"/> <property name="maximumSize" + value="1000"/> </bean --> + </beans>
\ No newline at end of file diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/CountrySelectionProcessImplTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/CountrySelectionProcessImplTest.java new file mode 100644 index 00000000..9e6e1003 --- /dev/null +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/CountrySelectionProcessImplTest.java @@ -0,0 +1,115 @@ +package at.asitplus.eidas.specific.connector.test; + +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.connector.processes.CountrySelectionProcessImpl; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.ModuleRegistration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/spring/SpringTest-context_basic_test.xml") +public class CountrySelectionProcessImplTest { + + @Autowired ModuleRegistration moduleReg; + @Autowired ResourceLoader loader; + + private final ExecutionContext executionContext = new ExecutionContextImpl(); + private DummySpConfiguration oaParam; + private TestRequestImpl pendingReq; + private CountrySelectionProcessImpl authProcess = new CountrySelectionProcessImpl(); + + /** + * jUnit class initializer. + * + */ + public static void classInitializer() { + final String current = new java.io.File(".").toURI().toString(); + System.setProperty("eidas.ms.configuration", current + "../basicConfig/default_config.properties"); + + } + + /** + * jUnit test set-up. + * + */ + @Before + public void initialize() { + Map<String, String> configMap = new HashMap<String, String>(); + configMap.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "http://test.com/test"); + IConfiguration basicConfig = new DummyConfiguration(); + oaParam = new DummySpConfiguration(configMap, basicConfig); + pendingReq = new TestRequestImpl(); + pendingReq.setSpConfig(oaParam); + } + + @Test + public void checkProcessDefinition() { + Assert.assertNotNull("AuthModule is null", authProcess); + Assert.assertNotNull("AuthModule process is null", authProcess.getProcessDefinitions()); + + for (String el : authProcess.getProcessDefinitions()) { + Resource res = loader.getResource(el); + Assert.assertTrue("AuthProcess description not extist", res.exists()); + + } + } + + @Test + public void noCountrySelected() throws Exception { + final String result = + moduleReg.selectProcess(executionContext, pendingReq); + Assert.assertNotNull("Process is null", result); + Assert.assertEquals("Process Id not match", "CountrySelectionProcess", result); + + } + + @Test + public void selectCountryValid() throws Exception { + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, RandomStringUtils.randomAlphanumeric(2)); + final String result = + moduleReg.selectProcess(executionContext, pendingReq); + + Assert.assertNull("Select wrong process", result); + + } + + @Test + public void selectCountryWrongType() throws Exception { + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, 1); + final String result = + moduleReg.selectProcess(executionContext, pendingReq); + Assert.assertNotNull("Process is null", result); + Assert.assertEquals("Process Id not match", "CountrySelectionProcess", result); + + } + + @Test + public void selectCountryEmpty() throws Exception { + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, ""); + final String result = + moduleReg.selectProcess(executionContext, pendingReq); + Assert.assertNotNull("Process is null", result); + Assert.assertEquals("Process Id not match", "CountrySelectionProcess", result); + + } + +} diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MsConnectorSpringResourceProviderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MsConnectorSpringResourceProviderTest.java new file mode 100644 index 00000000..5d73e3de --- /dev/null +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/MsConnectorSpringResourceProviderTest.java @@ -0,0 +1,56 @@ +package at.asitplus.eidas.specific.connector.test; + +import java.io.IOException; +import java.io.InputStream; + +import org.apache.commons.io.IOUtils; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; +import org.springframework.core.io.Resource; + +import at.asitplus.eidas.specific.connector.MsSpecificEidasNodeSpringResourceProvider; +import at.gv.egiz.eaaf.core.test.TestConstants; + + + +@RunWith(BlockJUnit4ClassRunner.class) +public class MsConnectorSpringResourceProviderTest { + + @Test + public void testSpringConfig() { + final MsSpecificEidasNodeSpringResourceProvider test = + new MsSpecificEidasNodeSpringResourceProvider(); + for (final Resource el : test.getResourcesToLoad()) { + try { + IOUtils.toByteArray(el.getInputStream()); + + } catch (final IOException e) { + Assert.fail("Ressouce: " + el.getFilename() + " not found"); + } + + } + + Assert.assertNotNull("no Name", test.getName()); + Assert.assertNull("Find package definitions", test.getPackagesToScan()); + + } + + @Test + public void testSpILoaderConfig() { + final InputStream el = this.getClass().getResourceAsStream(TestConstants.TEST_SPI_LOADER_PATH); + try { + final String spiFile = IOUtils.toString(el, "UTF-8"); + + Assert.assertEquals("Wrong classpath in SPI file", + MsSpecificEidasNodeSpringResourceProvider.class.getName(), spiFile); + + + } catch (final IOException e) { + Assert.fail("Ressouce: " + TestConstants.TEST_SPI_LOADER_PATH + " not found"); + + } + } + +} diff --git a/connector/src/test/resources/spring/SpringTest-context_basic_test.xml b/connector/src/test/resources/spring/SpringTest-context_basic_test.xml new file mode 100644 index 00000000..8121c0b5 --- /dev/null +++ b/connector/src/test/resources/spring/SpringTest-context_basic_test.xml @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <context:annotation-config /> + + <import resource="classpath:/SpringTest-context_authManager.xml" /> + + <bean id="BasicMSSpecificNodeConfig" + class="at.asitplus.eidas.specific.connector.config.BasicConfigurationProvider"> + <constructor-arg + value="#{systemProperties['eidas.ms.configuration'] != null ? systemProperties['eidas.ms.configuration'] : 'file:/F:/Projekte/configs/ms_connector/default_config.properties' }" /> + </bean> + +</beans>
\ No newline at end of file diff --git a/connector_lib/pom.xml b/connector_lib/pom.xml index 0771f3e5..ec9e57f7 100644 --- a/connector_lib/pom.xml +++ b/connector_lib/pom.xml @@ -1,6 +1,8 @@ <?xml version="1.0"?> -<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> +<project + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" + xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <modelVersion>4.0.0</modelVersion> <parent> <groupId>at.asitplus.eidas</groupId> @@ -11,33 +13,33 @@ <artifactId>connector_lib</artifactId> <name>ms_specific_connector_lib</name> <packaging>jar</packaging> - + <url>http://maven.apache.org</url> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> </properties> <dependencies> <dependency> - <groupId>at.gv.egiz.eaaf</groupId> - <artifactId>eaaf-core</artifactId> - </dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf-core</artifactId> + </dependency> + + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>javax.servlet-api</artifactId> + <scope>provided</scope> + </dependency> - <dependency> - <groupId>javax.servlet</groupId> - <artifactId>javax.servlet-api</artifactId> - <scope>provided</scope> - </dependency> - <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <scope>test</scope> </dependency> </dependencies> - - <build> + + <build> <finalName>msConnectorLib</finalName> - + <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> @@ -47,23 +49,23 @@ <target>1.8</target> </configuration> </plugin> - + <!-- enable co-existence of testng and junit --> - <plugin> - <artifactId>maven-surefire-plugin</artifactId> - <configuration> - <threadCount>1</threadCount> - </configuration> - <dependencies> - <dependency> - <groupId>org.apache.maven.surefire</groupId> - <artifactId>surefire-junit47</artifactId> - <version>${surefire.version}</version> - </dependency> - </dependencies> - </plugin> - + <plugin> + <artifactId>maven-surefire-plugin</artifactId> + <configuration> + <threadCount>1</threadCount> + </configuration> + <dependencies> + <dependency> + <groupId>org.apache.maven.surefire</groupId> + <artifactId>surefire-junit47</artifactId> + <version>${surefire.version}</version> + </dependency> + </dependencies> + </plugin> + </plugins> </build> - + </project> diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MSConnectorEventCodes.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MSConnectorEventCodes.java deleted file mode 100644 index ac0d35ef..00000000 --- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MSConnectorEventCodes.java +++ /dev/null @@ -1,44 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.eidas.specific.connector; - -public class MSConnectorEventCodes { - - public static final int STARTING_COUNTRY_SELECTION = 4100; - public static final int COUNTRY_SELECTED = 4101; - - public static final int PROCESS_STOPPED_BY_USER = 4102; - - public static final int EIDAS_NODE_CONNECTED = 6101; - public static final int RESPONSE_FROM_EIDAS_NODE = 6102; - public static final int RESPONSE_FROM_EIDAS_NODE_VALID = 6103; - public static final int RESPONSE_FROM_EIDAS_NODE_NOT_VALID = 6104; - public static final int RESPONSE_FROM_EIDAS_MDSDATA = 6105; - - public static final int SZR_IDL_RECEIVED = 6200; - public static final int SZR_BPK_RECEIVED = 6201; - - public static final int SZR_ERNB_EIDAS_RAW_ID = 6210; - public static final int SZR_ERNB_EIDAS_ERNB_ID = 6211; - -} diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MSeIDASNodeConstants.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MSeIDASNodeConstants.java deleted file mode 100644 index 9e6c1a3b..00000000 --- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MSeIDASNodeConstants.java +++ /dev/null @@ -1,123 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ -package at.asitplus.eidas.specific.connector; - -import java.util.Arrays; -import java.util.List; - -import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; - -public class MSeIDASNodeConstants { - // ************ configuration properties ************ - public static final String PROP_CONFIG_APPLICATION_PREFIX = "eidas.ms."; - public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX = "context.url.prefix"; - public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_REQUEST_VALIDATION = "context.url.request.validation"; - public static final String PROP_CONFIG_REVISIONLOG_LOG_IP_ADDRESS_OF_USER = "revisionlog.logIPAddressOfUser"; - public static final String PROP_CONFIG_REVISIONLOG_WRITE_MDS_INTO_REVISION_LOG = "revisionlog.write.MDS.into.revisionlog"; - public static final String PROP_CONFIG_TECHNICALLOG_WRITE_MDS_INTO_TECH_LOG = "technicallog.write.MDS.into.techlog"; - - public static final String PROP_CONFIG_WEBCONTENT_STATIC_PATH = "webcontent.static.directory"; - public static final String PROP_CONFIG_WEBCONTENT_PROPERTIES_PATH = "webcontent.properties"; - public static final String PROP_CONFIG_WEBCONTENT_TEMPLATES_PATH = "webcontent.templates"; - - public static final String PROP_CONFIG_MONITORING_EIDASNODE_METADATAURL = "monitoring.eIDASNode.metadata.url"; - - private static final String PROP_CONFIG_PVP2_PREFIX = "pvp2."; - public static final String PROP_CONFIG_PVP2_KEYSTORE_PATH = PROP_CONFIG_PVP2_PREFIX + "keystore.path"; - public static final String PROP_CONFIG_PVP2_KEYSTORE_PASSWORD = PROP_CONFIG_PVP2_PREFIX + "keystore.password"; - public static final String PROP_CONFIG_PVP2_KEY_METADATA_ALIAS = PROP_CONFIG_PVP2_PREFIX + "key.metadata.alias"; - public static final String PROP_CONFIG_PVP2_KEY_METADATA_PASSWORD = PROP_CONFIG_PVP2_PREFIX + "key.metadata.password"; - public static final String PROP_CONFIG_PVP2_KEY_SIGNING_ALIAS = PROP_CONFIG_PVP2_PREFIX + "key.signing.alias"; - public static final String PROP_CONFIG_PVP2_KEY_SIGNING_PASSWORD = PROP_CONFIG_PVP2_PREFIX + "key.signing.password"; - public static final String PROP_CONFIG_PVP2_METADATA_VALIDITY = PROP_CONFIG_PVP2_PREFIX + "metadata.validity"; - - //TODO: is not implemented yet - public static final String PROP_CONFIG_SP_VALIDATION_DISABLED = "configuration.sp.disableRegistrationRequirement"; - - public static final String PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL = "auth.eIDAS.node_v2.loa.requested.minimum"; - - public static final String PROP_CONFIG_SP_LIST_PREFIX = "sp."; - public static final String PROP_CONFIG_SP_UNIQUEIDENTIFIER = EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER; - public static final String PROP_CONFIG_SP_FRIENDLYNAME = "friendlyName"; - public static final String PROP_CONFIG_SP_PVP2_METADATA_URL = "pvp2.metadata.url"; - public static final String PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE = "pvp2.metadata.truststore"; - public static final String PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE_PASSWORD = "pvp2.metadata.truststore.password"; - public static final String PROP_CONFIG_SP_POLICY_ALLOWED_TARGETS = "policy.allowed.requested.targets"; - public static final String PROP_CONFIG_SP_POLICY_BASEIDTRANSFER_RESTRICTION = "policy.hasBaseIdTransferRestriction"; - - public static final String PROP_CONFIG_PVP_SCHEME_VALIDATION = "configuration.pvp.scheme.validation"; - public static final String PROP_CONFIG_PVP_ENABLE_ENTITYCATEGORIES = "configuration.pvp.enable.entitycategories"; - - // ********** default values *************** - - //Default policy for SP-targets requested by MOA-ID to ms-specific eIDAS Connector - public static final String POLICY_DEFAULT_ALLOWED_TARGETS = ".*"; - // EAAFConstants.URN_PREFIX_CDID.replaceAll("\\.", "\\\\.").replaceAll("\\+", "\\\\+") + ".*"; - - public static final int METADATA_SOCKED_TIMEOUT = 20 * 1000; //20 seconds metadata socked timeout - public static final int DEFAULT_PVP_METADATA_VALIDITY = 24; //24 hours - public static final int DEFAULT_PVP_ASSERTION_VALIDITY = 5; //5 minutes - - - // ************ application end-points ************* - public static final String ENDPOINT_PVP_METADATA = "/pvp/metadata"; - public static final String ENDPOINT_PVP_POST = "/pvp/post"; - public static final String ENDPOINT_PVP_REDIRECT = "/pvp/redirect"; - - public static final String ENDPOINT_COUNTRYSELECTION = "/myHomeCountry"; - - public static final String ENDPOINT_MONITORING_MONITOR = "/monitoring"; - public static final String ENDPOINT_MONITORING_VERIFY = "/verify"; - - - // ************ paths and templates ************ - public static final String CLASSPATH_TEMPLATE_DIR = "/templates/"; - public static final String FILESYSTEM_TEMPLATE_DIR = "./templates/"; - - public static final String TEMPLATE_HTML_ERROR = "error_message.html"; - public static final String TEMPLATE_HTML_PVP_POSTBINDING = "pvp2_post_binding.html"; - public static final String TEMPLATE_HTML_COUNTRYSELECTION = "countrySelection.html"; - - - // ************ execution context and generic data ************ - public static final String REQ_PARAM_SELECTED_COUNTRY = "selectedCountry"; - public static final String REQ_PARAM_SELECTED_ENVIRONMENT = "selectedEnvironment"; - public static final String REQ_PARAM_STOP_PROCESS = "stopAuthProcess"; - - public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_PRODUCTION = "prod"; - public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS = "qs"; - public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING = "test"; - public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT = "dev"; - - public static final String DATA_REQUESTERID = "req_requesterId"; - public static final String DATA_PROVIDERNAME = "req_providerName"; - public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA"; - public static final String DATA_REQUESTED_LOA_COMPERISON = "req_requestedLoAComperision"; - - public static final List<String> COUNTRY_SELECTION_PARAM_WHITELIST = - Arrays.asList(REQ_PARAM_SELECTED_COUNTRY, REQ_PARAM_SELECTED_ENVIRONMENT); - - -} diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsConnectorEventCodes.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsConnectorEventCodes.java new file mode 100644 index 00000000..9c80f4ad --- /dev/null +++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsConnectorEventCodes.java @@ -0,0 +1,45 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.connector; + +public class MsConnectorEventCodes { + + public static final int STARTING_COUNTRY_SELECTION = 4100; + public static final int COUNTRY_SELECTED = 4101; + + public static final int PROCESS_STOPPED_BY_USER = 4102; + + public static final int EIDAS_NODE_CONNECTED = 6101; + public static final int RESPONSE_FROM_EIDAS_NODE = 6102; + public static final int RESPONSE_FROM_EIDAS_NODE_VALID = 6103; + public static final int RESPONSE_FROM_EIDAS_NODE_NOT_VALID = 6104; + public static final int RESPONSE_FROM_EIDAS_MDSDATA = 6105; + + public static final int SZR_IDL_RECEIVED = 6200; + public static final int SZR_BPK_RECEIVED = 6201; + + public static final int SZR_ERNB_EIDAS_RAW_ID = 6210; + public static final int SZR_ERNB_EIDAS_ERNB_ID = 6211; + +} diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java new file mode 100644 index 00000000..c13fcbf2 --- /dev/null +++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MsEidasNodeConstants.java @@ -0,0 +1,136 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.connector; + +import java.util.Arrays; +import java.util.List; + +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; + +public class MsEidasNodeConstants { + // ************ configuration properties ************ + public static final String PROP_CONFIG_APPLICATION_PREFIX = "eidas.ms."; + public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX = "context.url.prefix"; + public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_REQUEST_VALIDATION = + "context.url.request.validation"; + public static final String PROP_CONFIG_REVISIONLOG_LOG_IP_ADDRESS_OF_USER = + "revisionlog.logIPAddressOfUser"; + public static final String PROP_CONFIG_REVISIONLOG_WRITE_MDS_INTO_REVISION_LOG = + "revisionlog.write.MDS.into.revisionlog"; + public static final String PROP_CONFIG_TECHNICALLOG_WRITE_MDS_INTO_TECH_LOG = + "technicallog.write.MDS.into.techlog"; + + public static final String PROP_CONFIG_WEBCONTENT_STATIC_PATH = "webcontent.static.directory"; + public static final String PROP_CONFIG_WEBCONTENT_PROPERTIES_PATH = "webcontent.properties"; + public static final String PROP_CONFIG_WEBCONTENT_TEMPLATES_PATH = "webcontent.templates"; + + public static final String PROP_CONFIG_MONITORING_EIDASNODE_METADATAURL = + "monitoring.eIDASNode.metadata.url"; + + private static final String PROP_CONFIG_PVP2_PREFIX = "pvp2."; + public static final String PROP_CONFIG_PVP2_KEYSTORE_PATH = PROP_CONFIG_PVP2_PREFIX + "keystore.path"; + public static final String PROP_CONFIG_PVP2_KEYSTORE_PASSWORD = PROP_CONFIG_PVP2_PREFIX + + "keystore.password"; + public static final String PROP_CONFIG_PVP2_KEY_METADATA_ALIAS = PROP_CONFIG_PVP2_PREFIX + + "key.metadata.alias"; + public static final String PROP_CONFIG_PVP2_KEY_METADATA_PASSWORD = PROP_CONFIG_PVP2_PREFIX + + "key.metadata.password"; + public static final String PROP_CONFIG_PVP2_KEY_SIGNING_ALIAS = PROP_CONFIG_PVP2_PREFIX + + "key.signing.alias"; + public static final String PROP_CONFIG_PVP2_KEY_SIGNING_PASSWORD = PROP_CONFIG_PVP2_PREFIX + + "key.signing.password"; + public static final String PROP_CONFIG_PVP2_METADATA_VALIDITY = PROP_CONFIG_PVP2_PREFIX + + "metadata.validity"; + + // TODO: is not implemented yet + public static final String PROP_CONFIG_SP_VALIDATION_DISABLED = + "configuration.sp.disableRegistrationRequirement"; + + public static final String PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL = + "auth.eIDAS.node_v2.loa.requested.minimum"; + + public static final String PROP_CONFIG_SP_LIST_PREFIX = "sp."; + public static final String PROP_CONFIG_SP_UNIQUEIDENTIFIER = EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER; + public static final String PROP_CONFIG_SP_FRIENDLYNAME = "friendlyName"; + public static final String PROP_CONFIG_SP_PVP2_METADATA_URL = "pvp2.metadata.url"; + public static final String PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE = "pvp2.metadata.truststore"; + public static final String PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE_PASSWORD = + "pvp2.metadata.truststore.password"; + public static final String PROP_CONFIG_SP_POLICY_ALLOWED_TARGETS = "policy.allowed.requested.targets"; + public static final String PROP_CONFIG_SP_POLICY_BASEIDTRANSFER_RESTRICTION = + "policy.hasBaseIdTransferRestriction"; + + public static final String PROP_CONFIG_PVP_SCHEME_VALIDATION = "configuration.pvp.scheme.validation"; + public static final String PROP_CONFIG_PVP_ENABLE_ENTITYCATEGORIES = + "configuration.pvp.enable.entitycategories"; + + // ********** default values *************** + + // Default policy for SP-targets requested by MOA-ID to ms-specific eIDAS + // Connector + public static final String POLICY_DEFAULT_ALLOWED_TARGETS = ".*"; + // EAAFConstants.URN_PREFIX_CDID.replaceAll("\\.", "\\\\.").replaceAll("\\+", + // "\\\\+") + ".*"; + + public static final int METADATA_SOCKED_TIMEOUT = 20 * 1000; // 20 seconds metadata socked timeout + public static final int DEFAULT_PVP_METADATA_VALIDITY = 24; // 24 hours + public static final int DEFAULT_PVP_ASSERTION_VALIDITY = 5; // 5 minutes + + // ************ application end-points ************* + public static final String ENDPOINT_PVP_METADATA = "/pvp/metadata"; + public static final String ENDPOINT_PVP_POST = "/pvp/post"; + public static final String ENDPOINT_PVP_REDIRECT = "/pvp/redirect"; + + public static final String ENDPOINT_COUNTRYSELECTION = "/myHomeCountry"; + + public static final String ENDPOINT_MONITORING_MONITOR = "/monitoring"; + public static final String ENDPOINT_MONITORING_VERIFY = "/verify"; + + // ************ paths and templates ************ + public static final String CLASSPATH_TEMPLATE_DIR = "/templates/"; + public static final String FILESYSTEM_TEMPLATE_DIR = "./templates/"; + + public static final String TEMPLATE_HTML_ERROR = "error_message.html"; + public static final String TEMPLATE_HTML_PVP_POSTBINDING = "pvp2_post_binding.html"; + public static final String TEMPLATE_HTML_COUNTRYSELECTION = "countrySelection.html"; + + // ************ execution context and generic data ************ + public static final String REQ_PARAM_SELECTED_COUNTRY = "selectedCountry"; + public static final String REQ_PARAM_SELECTED_ENVIRONMENT = "selectedEnvironment"; + public static final String REQ_PARAM_STOP_PROCESS = "stopAuthProcess"; + + public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_PRODUCTION = "prod"; + public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS = "qs"; + public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING = "test"; + public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT = "dev"; + + public static final String DATA_REQUESTERID = "req_requesterId"; + public static final String DATA_PROVIDERNAME = "req_providerName"; + public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA"; + public static final String DATA_REQUESTED_LOA_COMPERISON = "req_requestedLoAComperision"; + + public static final List<String> COUNTRY_SELECTION_PARAM_WHITELIST = + Arrays.asList(REQ_PARAM_SELECTED_COUNTRY, REQ_PARAM_SELECTED_ENVIRONMENT); + +} diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/BasicConfigurationProvider.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/BasicConfigurationProvider.java index 4a9bc8e4..355c63f2 100644 --- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/BasicConfigurationProvider.java +++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/BasicConfigurationProvider.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,21 +19,21 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ +*/ + package at.asitplus.eidas.specific.connector.config; import java.net.URL; import java.util.HashMap; import java.util.Map; +import java.util.Map.Entry; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.exceptions.EaafException; @@ -41,104 +41,113 @@ import at.gv.egiz.eaaf.core.impl.idp.conf.AbstractConfigurationImpl; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; @Service("BasicMSSpecificNodeConfig") -public class BasicConfigurationProvider extends AbstractConfigurationImpl{ - private static final Logger log = LoggerFactory.getLogger(BasicConfigurationProvider.class); - - private Map<String, ISpConfiguration> spConfigCache = new HashMap<String, ISpConfiguration>(); - - public BasicConfigurationProvider(String configPath) throws EaafConfigurationException { - super(configPath); - - } - - @Override - public ISpConfiguration getServiceProviderConfiguration(String entityId) throws EaafConfigurationException { - if (!spConfigCache.containsKey(entityId)) { - log.debug("SP: " + entityId + " is NOT cached. Starting load operation ... "); - Map<String, String> allSPs = getBasicConfigurationWithPrefix(MSeIDASNodeConstants.PROP_CONFIG_SP_LIST_PREFIX); - for (String key : allSPs.keySet()) { - if (key.endsWith(MSeIDASNodeConstants.PROP_CONFIG_SP_UNIQUEIDENTIFIER) && - allSPs.get(key).equals(entityId)) { - String listId = KeyValueUtils.getParentKey(key); - log.trace("Find SP configuration with list-Id: " + listId + ". Extracting configuration elements ... "); - Map<String, String> spConfig = KeyValueUtils.getSubSetWithPrefix(allSPs, listId + KeyValueUtils.KEY_DELIMITER); - spConfigCache.put(entityId, - new ServiceProviderConfiguration(spConfig, this)); - break; - } - } - - if (spConfigCache.containsKey(entityId)) - log.info("SP: " + entityId + " is loaded. Continuing auth. process ... "); - else { - log.warn("SP: " + entityId + " is NOT found in configuration. Stopping auth. process ... "); - return null; - - } - - } else - log.trace("SP: " + entityId + " is already cached. Use configuration from there ... "); - - - return spConfigCache.get(entityId); - } - - @Override - public <T> T getServiceProviderConfiguration(String entityId, Class<T> decorator) throws EaafConfigurationException { - ISpConfiguration spConfig = getServiceProviderConfiguration(entityId); - if (spConfig != null && decorator != null) { - if (decorator.isInstance(spConfig)) - return (T)spConfig; - else - log.error("SPConfig: " + spConfig.getClass().getName() + " is NOT instance of: " + decorator.getName()); - - } - - return null; - - } - - @Override - public String validateIdpUrl(URL url) throws EaafException { - log.trace("Validate requested URL: " + url); - String urlPrefixFromConfig = getBasicConfiguration(MSeIDASNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX); - if (StringUtils.isEmpty(urlPrefixFromConfig)) { - log.warn("Application config containts NO URL prefix"); - throw new EaafConfigurationException("config.27", - new Object[] {"Application config containts NO " - + getApplicationSpecificKeyPrefix() + MSeIDASNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX }); - - } - - //remove last slash - if (urlPrefixFromConfig.endsWith("/")) - urlPrefixFromConfig = urlPrefixFromConfig.substring(0, urlPrefixFromConfig.length()-1); - - if (getBasicConfigurationBoolean( - MSeIDASNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_REQUEST_VALIDATION, false)) { - if (url != null && url.toExternalForm().startsWith(urlPrefixFromConfig)) - return urlPrefixFromConfig; - - log.info("URL: " + url + " does NOT match to allowed application prefix: " + urlPrefixFromConfig); - return null; - - } else { - return urlPrefixFromConfig; - - } - } - - @Override - public String getApplicationSpecificKeyPrefix() { - return MSeIDASNodeConstants.PROP_CONFIG_APPLICATION_PREFIX; - - } - - @Override - protected String getBackupConfigPath() { - return null; - - } - +public class BasicConfigurationProvider extends AbstractConfigurationImpl { + private static final Logger log = LoggerFactory.getLogger(BasicConfigurationProvider.class); + + private final Map<String, ISpConfiguration> spConfigCache = new HashMap<>(); + + public BasicConfigurationProvider(String configPath) throws EaafConfigurationException { + super(configPath); + + } + + @Override + public ISpConfiguration getServiceProviderConfiguration(String entityId) throws EaafConfigurationException { + if (!spConfigCache.containsKey(entityId)) { + log.debug("SP: " + entityId + " is NOT cached. Starting load operation ... "); + final Map<String, String> allSPs = getBasicConfigurationWithPrefix( + MsEidasNodeConstants.PROP_CONFIG_SP_LIST_PREFIX); + for (Entry<String, String> entry : allSPs.entrySet()) { + if (entry.getKey().endsWith(MsEidasNodeConstants.PROP_CONFIG_SP_UNIQUEIDENTIFIER) + && entry.getValue().equals(entityId)) { + final String listId = KeyValueUtils.getParentKey(entry.getKey()); + log.trace("Find SP configuration with list-Id: " + listId + + ". Extracting configuration elements ... "); + final Map<String, String> spConfig = KeyValueUtils.getSubSetWithPrefix(allSPs, listId + + KeyValueUtils.KEY_DELIMITER); + spConfigCache.put(entityId, + new ServiceProviderConfiguration(spConfig, this)); + break; + } + } + + if (spConfigCache.containsKey(entityId)) { + log.info("SP: " + entityId + " is loaded. Continuing auth. process ... "); + } else { + log.warn("SP: " + entityId + " is NOT found in configuration. Stopping auth. process ... "); + return null; + + } + + } else { + log.trace("SP: " + entityId + " is already cached. Use configuration from there ... "); + } + + return spConfigCache.get(entityId); + } + + @Override + public <T> T getServiceProviderConfiguration(String entityId, Class<T> decorator) + throws EaafConfigurationException { + final ISpConfiguration spConfig = getServiceProviderConfiguration(entityId); + if (spConfig != null && decorator != null) { + if (decorator.isInstance(spConfig)) { + return (T) spConfig; + } else { + log.error("SPConfig: " + spConfig.getClass().getName() + " is NOT instance of: " + decorator + .getName()); + } + + } + + return null; + + } + + @Override + public String validateIdpUrl(URL url) throws EaafException { + log.trace("Validate requested URL: " + url); + String urlPrefixFromConfig = getBasicConfiguration( + MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX); + if (StringUtils.isEmpty(urlPrefixFromConfig)) { + log.warn("Application config containts NO URL prefix"); + throw new EaafConfigurationException("config.27", + new Object[] { "Application config containts NO " + + getApplicationSpecificKeyPrefix() + + MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX }); + + } + + // remove last slash + if (urlPrefixFromConfig.endsWith("/")) { + urlPrefixFromConfig = urlPrefixFromConfig.substring(0, urlPrefixFromConfig.length() - 1); + } + + if (getBasicConfigurationBoolean( + MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_REQUEST_VALIDATION, false)) { + if (url != null && url.toExternalForm().startsWith(urlPrefixFromConfig)) { + return urlPrefixFromConfig; + } + + log.info("URL: " + url + " does NOT match to allowed application prefix: " + urlPrefixFromConfig); + return null; + + } else { + return urlPrefixFromConfig; + + } + } + + @Override + public String getApplicationSpecificKeyPrefix() { + return MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PREFIX; + + } + + @Override + protected String getBackupConfigPath() { + return null; + + } } diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java index f5b52fa4..6f7eace3 100644 --- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java +++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,9 +19,8 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ +*/ + package at.asitplus.eidas.specific.connector.config; import java.util.Arrays; @@ -33,130 +32,127 @@ import java.util.regex.Pattern; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.idp.conf.SpConfigurationImpl; -public class ServiceProviderConfiguration extends SpConfigurationImpl { - private static final long serialVersionUID = 1L; - private static final Logger log = LoggerFactory.getLogger(ServiceProviderConfiguration.class); - - private List<String> minimumLoA = Arrays.asList(EaafConstants.EIDAS_LOA_HIGH); - private String bPKTargetIdentifier; - private String loaMachtingMode = EaafConstants.EIDAS_LOA_MATCHING_MINIMUM; - - public ServiceProviderConfiguration(Map<String, String> spConfig, IConfiguration authConfig) { - super(spConfig, authConfig); - - } - - @Override - public boolean hasBaseIdInternalProcessingRestriction() { - return false; - - } - - @Override - public boolean hasBaseIdTransferRestriction() { - Boolean spConfigPolicy = isConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_POLICY_BASEIDTRANSFER_RESTRICTION); - if (spConfigPolicy != null) - return spConfigPolicy; - - else { - log.trace("SP configuration defines no baseID transfer restriction. Enforce default policy ..."); - for (String el : getTargetsWithNoBaseIdTransferRestriction()) { - if (this.bPKTargetIdentifier != null && this.bPKTargetIdentifier.startsWith(el)) { - log.debug("SP-Target: " + this.bPKTargetIdentifier + " has NO baseID transfer restriction in default policy"); - return false; - - } - } - } - - log.debug("Default-policy defines baseID transfer restriction for SP-Target: " + this.bPKTargetIdentifier); - return true; - } - - @Override - public List<String> getRequiredLoA() { - return minimumLoA; - - } - - public String getLoAMatchingMode() { - return loaMachtingMode; - - } - - - @Override - public String getAreaSpecificTargetIdentifier() { - return bPKTargetIdentifier; - } - - - @Override - public String getFriendlyName() { - return getConfigurationValue( - MSeIDASNodeConstants.PROP_CONFIG_SP_FRIENDLYNAME, - "NO FRIENDLYNAME SET"); - - } - - /** - * Set the minimum level of eIDAS authentication for this SP - * <br> - * <b>Default:</b> http://eidas.europa.eu/LoA/high - * <br> - * <b>Info:</b> In case of MINIMUM matching-mode, only one entry is allowed - * - * @param minimumLoA eIDAS LoA URIs - */ - - public void setRequiredLoA(List<String> minimumLoA) { - this.minimumLoA = minimumLoA; - } - - /** - * Set the mode of operation for LoA matching for this SP - * <b> - * <b>Default: minimum</b> - * <br> - * <b>Info:</b> Currently only 'minimum' and 'exact' are supported - * - * @param mode LoA matching mode according to SAML2 core specification - */ - public void setLoAMachtingMode(String mode) { - this.loaMachtingMode = mode; - } - - - /** - * Set the bPK Target for this service provider - * - * @param bPKTargetIdentifier - * @throws EAAFException If the bPKTargetIdentifier is NOT ALLOWED for this service provider - */ - public void setbPKTargetIdentifier(String bPKTargetIdentifier) throws EaafException { - String allowedTargetIdentifierRegExPattern = getConfigurationValue( - MSeIDASNodeConstants.PROP_CONFIG_SP_POLICY_ALLOWED_TARGETS, - MSeIDASNodeConstants.POLICY_DEFAULT_ALLOWED_TARGETS); - log.trace("Use bPK-target regex pattern: " + allowedTargetIdentifierRegExPattern); - - Pattern p = Pattern.compile(allowedTargetIdentifierRegExPattern); - Matcher m = p.matcher(bPKTargetIdentifier); - if (m.matches()) { - log.debug("Requested bPK-target: " + bPKTargetIdentifier + " matches regex pattern"); - this.bPKTargetIdentifier = bPKTargetIdentifier; - - } else { - log.warn("Requested bPK-target: " + bPKTargetIdentifier + " does NOT match regex pattern."); - throw new EaafException("auth.37", new Object[] {bPKTargetIdentifier, getUniqueIdentifier()}); - - } - - } - +public class ServiceProviderConfiguration extends SpConfigurationImpl { + private static final long serialVersionUID = 1L; + private static final Logger log = LoggerFactory.getLogger(ServiceProviderConfiguration.class); + + private List<String> minimumLoA = Arrays.asList(EaafConstants.EIDAS_LOA_HIGH); + private String bpkTargetIdentifier; + private String loaMachtingMode = EaafConstants.EIDAS_LOA_MATCHING_MINIMUM; + + public ServiceProviderConfiguration(Map<String, String> spConfig, IConfiguration authConfig) { + super(spConfig, authConfig); + + } + + @Override + public boolean hasBaseIdInternalProcessingRestriction() { + return false; + + } + + @Override + public boolean hasBaseIdTransferRestriction() { + final Boolean spConfigPolicy = isConfigurationValue( + MsEidasNodeConstants.PROP_CONFIG_SP_POLICY_BASEIDTRANSFER_RESTRICTION); + if (spConfigPolicy != null) { + return spConfigPolicy; + } else { + log.trace("SP configuration defines no baseID transfer restriction. Enforce default policy ..."); + for (final String el : getTargetsWithNoBaseIdTransferRestriction()) { + if (this.bpkTargetIdentifier != null && this.bpkTargetIdentifier.startsWith(el)) { + log.debug("SP-Target: " + this.bpkTargetIdentifier + + " has NO baseID transfer restriction in default policy"); + return false; + + } + } + } + + log.debug("Default-policy defines baseID transfer restriction for SP-Target: " + + this.bpkTargetIdentifier); + return true; + } + + @Override + public List<String> getRequiredLoA() { + return minimumLoA; + + } + + @Override + public String getLoAMatchingMode() { + return loaMachtingMode; + + } + + @Override + public String getAreaSpecificTargetIdentifier() { + return bpkTargetIdentifier; + } + + @Override + public String getFriendlyName() { + return getConfigurationValue( + MsEidasNodeConstants.PROP_CONFIG_SP_FRIENDLYNAME, + "NO FRIENDLYNAME SET"); + + } + + /** + * Set the minimum level of eIDAS authentication for this SP <br> + * <b>Default:</b> http://eidas.europa.eu/LoA/high <br> + * <b>Info:</b> In case of MINIMUM matching-mode, only one entry is allowed + * + * @param minimumLoA eIDAS LoA URIs + */ + + public void setRequiredLoA(List<String> minimumLoA) { + this.minimumLoA = minimumLoA; + } + + /** + * Set the mode of operation for LoA matching for this SP. <b>Default: + * minimum</b> <br> + * <b>Info:</b> Currently only 'minimum' and 'exact' are supported + * + * @param mode LoA matching mode according to SAML2 core specification + */ + public void setLoAMachtingMode(String mode) { + this.loaMachtingMode = mode; + } + + /** + * Set the bPK Target for this service provider. + * + * @param bpkTargetIdentifier Set the bPK sector + * @throws EAAFException If the bPKTargetIdentifier is NOT ALLOWED for this + * service provider + */ + public void setBpkTargetIdentifier(String bpkTargetIdentifier) throws EaafException { + final String allowedTargetIdentifierRegExPattern = getConfigurationValue( + MsEidasNodeConstants.PROP_CONFIG_SP_POLICY_ALLOWED_TARGETS, + MsEidasNodeConstants.POLICY_DEFAULT_ALLOWED_TARGETS); + log.trace("Use bPK-target regex pattern: " + allowedTargetIdentifierRegExPattern); + + final Pattern p = Pattern.compile(allowedTargetIdentifierRegExPattern); + final Matcher m = p.matcher(bpkTargetIdentifier); + if (m.matches()) { + log.debug("Requested bPK-target: " + bpkTargetIdentifier + " matches regex pattern"); + this.bpkTargetIdentifier = bpkTargetIdentifier; + + } else { + log.warn("Requested bPK-target: " + bpkTargetIdentifier + " does NOT match regex pattern."); + throw new EaafException("auth.37", new Object[] { bpkTargetIdentifier, getUniqueIdentifier() }); + + } + + } + } diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/DefaultVelocityGUIBuilderImpl.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/DefaultVelocityGuiBuilderImpl.java index 802a22ff..7abc6fcb 100644 --- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/DefaultVelocityGUIBuilderImpl.java +++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/DefaultVelocityGuiBuilderImpl.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,7 +19,8 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ +*/ + package at.asitplus.eidas.specific.connector.gui; import java.io.InputStream; @@ -33,31 +34,33 @@ import at.gv.egiz.eaaf.core.exceptions.GuiBuildException; import at.gv.egiz.eaaf.core.impl.gui.AbstractVelocityGuiFormBuilderImpl; @Service("DefaultVelocityGUIBuilderImpl") -public class DefaultVelocityGUIBuilderImpl extends AbstractVelocityGuiFormBuilderImpl { - private static final Logger log = LoggerFactory.getLogger(DefaultVelocityGUIBuilderImpl.class); - - private static final String CLASSPATH_HTMLTEMPLATES_DIR = "templates/"; - - public DefaultVelocityGUIBuilderImpl() throws GuiBuildException { - super(); - - } - - @Override - protected InputStream getInternalTemplate(IVelocityGuiBuilderConfiguration config) throws GuiBuildException { - String viewName = config.getViewName(); - log.debug("GUI template:" + viewName + " is not found in configuration directory. " - + " Load template from project library ... "); - String pathLocation = getInternalClasspathTemplateDir(config, CLASSPATH_HTMLTEMPLATES_DIR) + viewName; - try { - InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(pathLocation); - return is; - - } catch (Exception e1) { - log.error("GUI template:" + pathLocation + " is NOT loadable from classpath!", e1); - throw new GuiBuildException("GUI template:" + pathLocation + " is NOT loadable from classpath!", e1); - - } - } +public class DefaultVelocityGuiBuilderImpl extends AbstractVelocityGuiFormBuilderImpl { + private static final Logger log = LoggerFactory.getLogger(DefaultVelocityGuiBuilderImpl.class); + + private static final String CLASSPATH_HTMLTEMPLATES_DIR = "templates/"; + + public DefaultVelocityGuiBuilderImpl() throws GuiBuildException { + super(); + + } + + @Override + protected InputStream getInternalTemplate(IVelocityGuiBuilderConfiguration config) + throws GuiBuildException { + final String viewName = config.getViewName(); + log.debug("GUI template:" + viewName + " is not found in configuration directory. " + + " Load template from project library ... "); + final String pathLocation = getInternalClasspathTemplateDir(config, CLASSPATH_HTMLTEMPLATES_DIR) + + viewName; + try { + final InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(pathLocation); + return is; + + } catch (final Exception e1) { + log.error("GUI template:" + pathLocation + " is NOT loadable from classpath!", e1); + throw new GuiBuildException("GUI template:" + pathLocation + " is NOT loadable from classpath!", e1); + + } + } } diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/GuiBuilderConfigurationFactory.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/GuiBuilderConfigurationFactory.java index 14198892..9cef3db3 100644 --- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/GuiBuilderConfigurationFactory.java +++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/GuiBuilderConfigurationFactory.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,18 +19,18 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ +*/ + package at.asitplus.eidas.specific.connector.gui; import java.net.MalformedURLException; import java.net.URI; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.ResourceLoader; import org.springframework.stereotype.Service; -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration; import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfigurationFactory; @@ -39,17 +39,21 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration; @Service("GUIBuilderConfigurationFactory") public class GuiBuilderConfigurationFactory implements IGuiBuilderConfigurationFactory { - @Autowired(required=true) private IConfiguration basicConfig; - - @Override - public IGuiBuilderConfiguration getDefaultErrorGui(String authURL) { - return new StaticGuiBuilderConfiguration(basicConfig, authURL, MSeIDASNodeConstants.TEMPLATE_HTML_ERROR, null); - } - - @Override - public IVelocityGuiBuilderConfiguration getSpSpecificSaml2PostConfiguration(IRequest pendingReq, String viewName, URI configRootContextDir) - throws MalformedURLException { - return new StaticGuiBuilderConfiguration(basicConfig, pendingReq,MSeIDASNodeConstants.TEMPLATE_HTML_PVP_POSTBINDING , null); - } + @Autowired(required = true) private IConfiguration basicConfig; + @Autowired(required = true) private ResourceLoader resourceLoader; + + @Override + public IGuiBuilderConfiguration getDefaultErrorGui(String authUrl) { + return new StaticGuiBuilderConfiguration(basicConfig, authUrl, MsEidasNodeConstants.TEMPLATE_HTML_ERROR, + null, resourceLoader); + } + + @Override + public IVelocityGuiBuilderConfiguration getSpSpecificSaml2PostConfiguration(IRequest pendingReq, + String viewName, URI configRootContextDir) + throws MalformedURLException { + return new StaticGuiBuilderConfiguration(basicConfig, pendingReq, + MsEidasNodeConstants.TEMPLATE_HTML_PVP_POSTBINDING, null, resourceLoader); + } } diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/SpringMvcGuiFormBuilderImpl.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/SpringMvcGuiFormBuilderImpl.java index 63028db2..70ab73ad 100644 --- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/SpringMvcGuiFormBuilderImpl.java +++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/SpringMvcGuiFormBuilderImpl.java @@ -11,6 +11,7 @@ import javax.servlet.http.HttpServletResponse; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; import org.springframework.web.servlet.LocaleResolver; import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.View; @@ -21,90 +22,102 @@ import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; import at.gv.egiz.eaaf.core.exceptions.GuiBuildException; public class SpringMvcGuiFormBuilderImpl implements ISpringMvcGuiFormBuilder { - private static final Logger log = LoggerFactory.getLogger(SpringMvcGuiFormBuilderImpl.class); - - private @Autowired(required=false) ViewResolver[] viewResolvers; - private @Autowired(required=false) LocaleResolver localeResolver; - - @Override - public void build(HttpServletRequest httpReq, HttpServletResponse httpResp, IGuiBuilderConfiguration config, - String loggerName) throws GuiBuildException { - build(httpReq, httpResp, config, null, loggerName); - - } - - @Override - public void build(HttpServletRequest httpReq, HttpServletResponse httpResp, IGuiBuilderConfiguration config, - String contentType, String loggerName) throws GuiBuildException { - try { - final ModelAndView mav = new ModelAndView(config.getViewName()); - if (config.getViewParameters() != null) - mav.addAllObjects(config.getViewParameters()); - - render(mav, httpReq, httpResp); - - } catch (final Exception e) { - log.info("Can NOT generate GUI for illustration", e); - throw new GuiBuildException(e.getMessage(), e); - - } - - } - - protected void render(ModelAndView mv, HttpServletRequest request, HttpServletResponse response) throws Exception { - // Determine locale for request and apply it to the response. - final Locale locale = - (this.localeResolver != null ? this.localeResolver.resolveLocale(request) : request.getLocale()); - response.setLocale(locale); - - View view; - final String viewName = mv.getViewName(); - if (viewName != null) { - // We need to resolve the view name. - view = resolveViewName(viewName, mv.getModelMap(), locale, request); - if (view == null) - throw new ServletException("Could not resolve view with name '" + mv.getViewName() + "' "); - - } else { - // No need to lookup: the ModelAndView object contains the actual View object. - view = mv.getView(); - if (view == null) - throw new ServletException("ModelAndView [" + mv + "] neither contains a view name nor a " + "View object "); - - } - - // Delegate to the View object for rendering. - if (log.isTraceEnabled()) - log.trace("Rendering view [" + view + "] "); - - try { - if (mv.getStatus() != null) - response.setStatus(mv.getStatus().value()); - - view.render(mv.getModelMap(), request, response); - - } catch (final Exception ex) { - if (log.isDebugEnabled()) - log.debug("Error rendering view [" + view + "]", ex); - - throw ex; - - } - - } - - protected View resolveViewName(String viewName, @Nullable Map<String, Object> model, - Locale locale, HttpServletRequest request) throws Exception { - if (viewResolvers != null) { - for (final ViewResolver viewResolver : this.viewResolvers) { - final View view = viewResolver.resolveViewName(viewName, locale); - if (view != null) - return view; - - } - } - - return null; - } + private static final Logger log = LoggerFactory.getLogger(SpringMvcGuiFormBuilderImpl.class); + + private @Autowired(required = false) ViewResolver[] viewResolvers; + private @Autowired(required = false) LocaleResolver localeResolver; + + @Override + public void build(HttpServletRequest httpReq, HttpServletResponse httpResp, IGuiBuilderConfiguration config, + String loggerName) throws GuiBuildException { + build(httpReq, httpResp, config, null, loggerName); + + } + + @Override + public void build(HttpServletRequest httpReq, HttpServletResponse httpResp, IGuiBuilderConfiguration config, + String contentType, String loggerName) throws GuiBuildException { + try { + final ModelAndView mav = new ModelAndView(config.getViewName()); + if (config.getViewParameters() != null) { + mav.addAllObjects(config.getViewParameters()); + } + + render(mav, httpReq, httpResp); + + } catch (final Exception e) { + log.info("Can NOT generate GUI for illustration", e); + throw new GuiBuildException(e.getMessage(), e); + + } + + } + + protected void render(ModelAndView mv, HttpServletRequest request, HttpServletResponse response) + throws Exception { + // Determine locale for request and apply it to the response. + final Locale locale = + this.localeResolver != null ? this.localeResolver.resolveLocale(request) : request.getLocale(); + response.setLocale(locale); + + View view; + final String viewName = mv.getViewName(); + if (viewName != null) { + // We need to resolve the view name. + view = resolveViewName(viewName, mv.getModelMap(), locale, request); + if (view == null) { + throw new ServletException("Could not resolve view with name '" + mv.getViewName() + "' "); + } + + } else { + // No need to lookup: the ModelAndView object contains the actual View object. + view = mv.getView(); + if (view == null) { + throw new ServletException("ModelAndView [" + mv + "] neither contains a view name nor a " + + "View object "); + } + + } + + // Delegate to the View object for rendering. + if (log.isTraceEnabled()) { + log.trace("Rendering view [{}] ", view); + + } + + try { + HttpStatus status = mv.getStatus(); + if (status != null) { + response.setStatus(status.value()); + + } + + view.render(mv.getModelMap(), request, response); + + } catch (final Exception ex) { + if (log.isDebugEnabled()) { + log.debug("Error rendering view [" + view + "]", ex); + } + + throw ex; + + } + + } + + protected View resolveViewName(String viewName, @Nullable Map<String, Object> model, + Locale locale, HttpServletRequest request) throws Exception { + if (viewResolvers != null) { + for (final ViewResolver viewResolver : this.viewResolvers) { + final View view = viewResolver.resolveViewName(viewName, locale); + if (view != null) { + return view; + } + + } + } + + return null; + } } diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/StaticGuiBuilderConfiguration.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/StaticGuiBuilderConfiguration.java index db35c6e6..65000ffa 100644 --- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/StaticGuiBuilderConfiguration.java +++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/StaticGuiBuilderConfiguration.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,25 +19,20 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ +*/ + package at.asitplus.eidas.specific.connector.gui; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; +import java.io.IOException; import java.io.InputStream; -import java.net.MalformedURLException; -import java.net.URI; -import java.net.URISyntaxException; -import java.net.URL; import org.apache.commons.lang.StringEscapeUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.gui.GroupDefinition; import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; @@ -46,87 +41,108 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.impl.gui.AbstractGuiFormBuilderConfiguration; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; -public class StaticGuiBuilderConfiguration extends AbstractGuiFormBuilderConfiguration implements IVelocityGuiBuilderConfiguration, ModifyableGuiBuilderConfiguration { - private static final Logger log = LoggerFactory.getLogger(StaticGuiBuilderConfiguration.class); - - private IRequest pendingReq = null; - private IConfiguration basicConfig = null; - - public StaticGuiBuilderConfiguration(IConfiguration basicConfig, String authURL, String viewName, String formSubmitEndpoint) { - super(authURL, viewName, formSubmitEndpoint); - this.basicConfig = basicConfig; - } - - public StaticGuiBuilderConfiguration(IConfiguration basicConfig, IRequest pendingReq, String viewName, String formSubmitEndpoint) { - super(pendingReq.getAuthUrl(), viewName, formSubmitEndpoint); - this.pendingReq = pendingReq; - this.basicConfig = basicConfig; - - } - - @Override - public String getClasspathTemplateDir() { - return MSeIDASNodeConstants.CLASSPATH_TEMPLATE_DIR; - - } - - @Override - public String getDefaultContentType() { - return null; - - } - - @Override - public InputStream getTemplate(String viewName) { - String templateURL = MSeIDASNodeConstants.FILESYSTEM_TEMPLATE_DIR + viewName; - try { - String absURL = FileUtils.makeAbsoluteUrl(templateURL, this.basicConfig.getConfigurationRootDirectory()); - if (!absURL.startsWith("file:")) { - log.warn("Path to template looks like NOT absolut: " + absURL + ". Template loading FAILED"); - - } else { - log.debug("Load template URL for view: " + viewName + " from: " + absURL); - URI uri = new URL(absURL).toURI(); - return new FileInputStream(new File(uri)); - - } - - - } catch (MalformedURLException | URISyntaxException | FileNotFoundException e) { - log.info("Can can build filesytem path to template: " + templateURL - + " Reason: " + e.getMessage()); - - } - - return null; - } - - @Override - public void putCustomParameterWithOutEscaption(GroupDefinition group, String key, Object value) { - log.info("Add GUI-Template parameters WITHOUT escaption ARE NOT supported!!!!!"); - - } - - @Override - public void putCustomParameter(GroupDefinition group, String key, String value) { - setViewParameter(getFromGroup(), key, StringEscapeUtils.escapeHtml(value)); - - } - - @Override - protected void putSpecificViewParameters() { - if (pendingReq != null) { - setViewParameter(getFromGroup(), PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml(pendingReq.getPendingRequestId())); - setViewParameter(getFromGroup(), PARAM_PENDINGREQUESTID_DEPRECATED, StringEscapeUtils.escapeHtml(pendingReq.getPendingRequestId())); - - } - - } - - @Override - protected GroupDefinition getFromGroup() { - return null; - - } +public class StaticGuiBuilderConfiguration extends AbstractGuiFormBuilderConfiguration implements + IVelocityGuiBuilderConfiguration, ModifyableGuiBuilderConfiguration { + private static final Logger log = LoggerFactory.getLogger(StaticGuiBuilderConfiguration.class); + + private IRequest pendingReq = null; + private IConfiguration basicConfig = null; + private ResourceLoader resourceLoader; + + /** + * Static resource configuration for GUI Builder implementations. + * + * @param basicConfig basicConfig + * @param authUrl Public URL of the application + * @param viewName Name of the template + * @param formSubmitEndpoint Form Submit end-point, if template contains a form. + * @param resourceLoader Spring ResourceLoader implementation + */ + public StaticGuiBuilderConfiguration(IConfiguration basicConfig, String authUrl, String viewName, + String formSubmitEndpoint, ResourceLoader resourceLoader) { + super(authUrl, viewName, formSubmitEndpoint); + this.basicConfig = basicConfig; + this.resourceLoader = resourceLoader; + + } + + /** + * Static resource configuration for GUI Builder implementations. + * + * @param basicConfig Application configuration + * @param pendingReq Current pending request + * @param viewName Name of the template + * @param formSubmitEndpoint Form Submit end-point, if template contains a form. + * @param resourceLoader Spring ResourceLoader implementation + */ + public StaticGuiBuilderConfiguration(IConfiguration basicConfig, IRequest pendingReq, String viewName, + String formSubmitEndpoint, ResourceLoader resourceLoader) { + super(pendingReq.getAuthUrl(), viewName, formSubmitEndpoint); + this.pendingReq = pendingReq; + this.basicConfig = basicConfig; + this.resourceLoader = resourceLoader; + + } + + @Override + public String getClasspathTemplateDir() { + return MsEidasNodeConstants.CLASSPATH_TEMPLATE_DIR; + + } + + @Override + public String getDefaultContentType() { + return null; + + } + + @Override + public InputStream getTemplate(String viewName) { + final String templateUrl = MsEidasNodeConstants.FILESYSTEM_TEMPLATE_DIR + viewName; + try { + final String absUrl = FileUtils.makeAbsoluteUrl(templateUrl, this.basicConfig + .getConfigurationRootDirectory()); + log.debug("Load template URL for view: " + viewName + " from: " + absUrl); + Resource resource = resourceLoader.getResource(absUrl); + return resource.getInputStream(); + + } catch (IOException e) { + log.info("Can can build filesytem path to template: " + templateUrl + + " Reason: " + e.getMessage()); + + } + + return null; + } + + @Override + public void putCustomParameterWithOutEscaption(GroupDefinition group, String key, Object value) { + log.info("Add GUI-Template parameters WITHOUT escaption ARE NOT supported!!!!!"); + + } + + @Override + public void putCustomParameter(GroupDefinition group, String key, String value) { + setViewParameter(getFromGroup(), key, StringEscapeUtils.escapeHtml(value)); + + } + + @Override + protected void putSpecificViewParameters() { + if (pendingReq != null) { + setViewParameter(getFromGroup(), PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml(pendingReq + .getPendingRequestId())); + setViewParameter(getFromGroup(), PARAM_PENDINGREQUESTID_DEPRECATED, StringEscapeUtils.escapeHtml( + pendingReq.getPendingRequestId())); + + } + + } + + @Override + protected GroupDefinition getFromGroup() { + return null; + + } } diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml index 069684e3..3e37d2fb 100644 --- a/eidas_modules/authmodule-eIDAS-v2/pom.xml +++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml @@ -1,238 +1,261 @@ -<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> - <modelVersion>4.0.0</modelVersion> - <parent> - <groupId>at.asitplus.eidas.ms_specific</groupId> - <artifactId>modules</artifactId> - <version>1.0.3-snapshot</version> - </parent> - <groupId>at.asitplus.eidas.ms_specific.modules</groupId> - <artifactId>authmodule-eIDAS-v2</artifactId> - <name>eIDAS v2 authentication module</name> - <description>eIDAS module based on eIDAS node reference implementation v2.x</description> +<?xml version="1.0" encoding="UTF-8"?> +<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>at.asitplus.eidas.ms_specific</groupId> + <artifactId>modules</artifactId> + <version>1.0.3-snapshot</version> + </parent> + <groupId>at.asitplus.eidas.ms_specific.modules</groupId> + <artifactId>authmodule-eIDAS-v2</artifactId> + <name>eIDAS v2 authentication module</name> + <description>eIDAS module based on eIDAS node reference implementation v2.x</description> - <properties> - <eidas-commons.version>2.3.0</eidas-commons.version> - <eidas-light-commons.version>2.3.0</eidas-light-commons.version> - <eidas-specific-communication-definition.version>2.3.0</eidas-specific-communication-definition.version> - <eidas-jcache-ignite-specific-communication.version>2.3.0</eidas-jcache-ignite-specific-communication.version> - <org.xerial.sqlite-jdbc.version>3.23.1</org.xerial.sqlite-jdbc.version> - </properties> + <properties> + <eidas-commons.version>2.3.0</eidas-commons.version> + <eidas-light-commons.version>2.3.0</eidas-light-commons.version> + <eidas-specific-communication-definition.version>2.3.0</eidas-specific-communication-definition.version> + <eidas-jcache-ignite-specific-communication.version>2.3.0</eidas-jcache-ignite-specific-communication.version> + <org.xerial.sqlite-jdbc.version>3.23.1</org.xerial.sqlite-jdbc.version> + </properties> - <profiles> - <profile> - <id>default</id> - <activation> - <activeByDefault>true</activeByDefault> - </activation> - <repositories> - <repository> - <id>egiz-commons</id> - <url>https://apps.egiz.gv.at/maven/</url> - <releases> - <enabled>true</enabled> - </releases> - </repository> - <repository> - <id>eIDASNode-local</id> - <name>local</name> - <url>file:${basedir}/repository</url> - </repository> - </repositories> - </profile> - </profiles> + <profiles> + <profile> + <id>default</id> + <activation> + <activeByDefault>true</activeByDefault> + </activation> + <repositories> + <repository> + <id>egiz-commons</id> + <url>https://apps.egiz.gv.at/maven/</url> + <releases> + <enabled>true</enabled> + </releases> + </repository> + <repository> + <id>eIDASNode-local</id> + <name>local</name> + <url>file:${basedir}/repository</url> + </repository> + </repositories> + </profile> + </profiles> - <dependencies> - <dependency> - <groupId>at.gv.egiz.components</groupId> - <artifactId>egiz-spring-api</artifactId> - </dependency> - <dependency> - <groupId>at.asitplus.eidas.ms_specific</groupId> - <artifactId>connector_lib</artifactId> - </dependency> - <dependency> - <groupId>at.gv.egiz.eaaf</groupId> - <artifactId>eaaf-core</artifactId> - </dependency> + <dependencies> + <dependency> + <groupId>at.gv.egiz.components</groupId> + <artifactId>egiz-spring-api</artifactId> + </dependency> + <dependency> + <groupId>at.asitplus.eidas.ms_specific</groupId> + <artifactId>connector_lib</artifactId> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf-core</artifactId> + </dependency> - <!-- eIDAS reference implemenation libs --> - <dependency> - <groupId>eu.eidas</groupId> - <artifactId>eidas-commons</artifactId> - <version>${eidas-commons.version}</version> - <!--scope>provided</scope --> - <exclusions> - <exclusion> - <groupId>log4j</groupId> - <artifactId>log4j</artifactId> - </exclusion> - <exclusion> - <artifactId>log4j-over-slf4j</artifactId> - <groupId>org.slf4j</groupId> - </exclusion> - </exclusions> - </dependency> + <!-- eIDAS reference implemenation libs --> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-commons</artifactId> + <version>${eidas-commons.version}</version> + <!--scope>provided</scope --> + <exclusions> + <exclusion> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + </exclusion> + <exclusion> + <artifactId>log4j-over-slf4j</artifactId> + <groupId>org.slf4j</groupId> + </exclusion> + </exclusions> + </dependency> - <dependency> - <groupId>eu.eidas</groupId> - <artifactId>eidas-light-commons</artifactId> - <version>${eidas-light-commons.version}</version> - </dependency> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-light-commons</artifactId> + <version>${eidas-light-commons.version}</version> + </dependency> - <dependency> - <groupId>eu.eidas</groupId> - <artifactId>eidas-specific-communication-definition</artifactId> - <version>${eidas-specific-communication-definition.version}</version> - </dependency> - - <dependency> - <groupId>eu.eidas</groupId> - <artifactId>eidas-jcache-ignite-specific-communication</artifactId> - <version>${eidas-jcache-ignite-specific-communication.version}</version> - </dependency> - - <!-- other third party libs --> - <dependency> - <groupId>org.apache.commons</groupId> - <artifactId>commons-lang3</artifactId> - </dependency> - <dependency> - <groupId>com.google.guava</groupId> - <artifactId>guava</artifactId> - </dependency> - <dependency> - <groupId>joda-time</groupId> - <artifactId>joda-time</artifactId> - </dependency> - <dependency> - <groupId>org.apache.commons</groupId> - <artifactId>commons-text</artifactId> - </dependency> - <dependency> - <groupId>org.springframework</groupId> - <artifactId>spring-webmvc</artifactId> - </dependency> - <dependency> - <groupId>org.apache.cxf</groupId> - <artifactId>cxf-rt-frontend-jaxws</artifactId> - </dependency> - <dependency> - <groupId>org.apache.cxf</groupId> - <artifactId>cxf-rt-transports-http</artifactId> - </dependency> -<!-- <dependency> - <groupId>org.xerial</groupId> - <artifactId>sqlite-jdbc</artifactId> - <version>${org.xerial.sqlite-jdbc.version}</version> - </dependency> --> - - <dependency> - <groupId>javax.servlet</groupId> - <artifactId>javax.servlet-api</artifactId> - <scope>provided</scope> - </dependency> - - <!-- Testing --> - <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.springframework</groupId> - <artifactId>spring-test</artifactId> - <scope>test</scope> - </dependency> - <dependency> - <groupId>com.github.skjolber</groupId> - <artifactId>mockito-soap-cxf</artifactId> - <scope>test</scope> - </dependency> - <dependency> - <groupId>at.gv.egiz.eaaf</groupId> - <artifactId>eaaf-core</artifactId> - <scope>test</scope> - <type>test-jar</type> - </dependency> - </dependencies> - - <build> - <resources> - <resource> - <directory>src/main/resources</directory> - </resource> - <resource> - <directory>target/generated/cxf</directory> - </resource> - </resources> - - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-compiler-plugin</artifactId> - <configuration> - <source>1.8</source> - <target>1.8</target> - </configuration> - </plugin> - <plugin> - <groupId>org.apache.cxf</groupId> - <artifactId>cxf-codegen-plugin</artifactId> - <dependencies> - <dependency> - <groupId>xerces</groupId> - <artifactId>xercesImpl</artifactId> - <version>2.8.1</version> - </dependency> - <dependency> - <groupId>com.sun.xml.bind</groupId> - <artifactId>jaxb-impl</artifactId> - <version>2.2.5</version> - </dependency> - <dependency> - <groupId>com.sun.xml.bind</groupId> - <artifactId>jaxb-xjc</artifactId> - <version>2.2.5</version> - </dependency> - </dependencies> - <executions> - <execution> - <id>generate-sources</id> - <phase>generate-sources</phase> - <configuration> - <sourceRoot>${project.build.directory}/generated/cxf</sourceRoot> - <wsdlOptions> - <wsdlOption> - <wsdl>${basedir}/src/main/resources/szr_client/SZR-1.1.WSDL</wsdl> - <extraargs> - <extraarg>-verbose </extraarg> - </extraargs> - </wsdlOption> - </wsdlOptions> - </configuration> - <goals> - <goal>wsdl2java</goal> - </goals> - </execution> - </executions> - </plugin> - + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-specific-communication-definition</artifactId> + <version>${eidas-specific-communication-definition.version}</version> + </dependency> + + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-jcache-ignite-specific-communication</artifactId> + <version>${eidas-jcache-ignite-specific-communication.version}</version> + </dependency> + + <!-- other third party libs --> + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-lang3</artifactId> + </dependency> + <dependency> + <groupId>com.google.guava</groupId> + <artifactId>guava</artifactId> + </dependency> + <dependency> + <groupId>joda-time</groupId> + <artifactId>joda-time</artifactId> + </dependency> + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-text</artifactId> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-webmvc</artifactId> + </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-frontend-jaxws</artifactId> + </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-transports-http</artifactId> + </dependency> + <!-- <dependency> <groupId>org.xerial</groupId> <artifactId>sqlite-jdbc</artifactId> + <version>${org.xerial.sqlite-jdbc.version}</version> </dependency> --> + + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>javax.servlet-api</artifactId> + <scope>provided</scope> + </dependency> + + <!-- Testing --> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-test</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>com.github.skjolber</groupId> + <artifactId>mockito-soap-cxf</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_core_utils</artifactId> + <scope>test</scope> + <type>test-jar</type> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf-core</artifactId> + <scope>test</scope> + <type>test-jar</type> + </dependency> + </dependencies> + + <build> + <resources> + <resource> + <directory>src/main/resources</directory> + </resource> + <resource> + <directory>target/generated/cxf</directory> + </resource> + </resources> + + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-compiler-plugin</artifactId> + <configuration> + <source>1.8</source> + <target>1.8</target> + </configuration> + </plugin> + <plugin> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-codegen-plugin</artifactId> + <dependencies> + <dependency> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + <version>2.8.1</version> + </dependency> + <dependency> + <groupId>com.sun.xml.bind</groupId> + <artifactId>jaxb-impl</artifactId> + <version>2.2.5</version> + </dependency> + <dependency> + <groupId>com.sun.xml.bind</groupId> + <artifactId>jaxb-xjc</artifactId> + <version>2.2.5</version> + </dependency> + </dependencies> + <executions> + <execution> + <id>generate-sources</id> + <phase>generate-sources</phase> + <configuration> + <sourceRoot>${project.build.directory}/generated/cxf</sourceRoot> + <wsdlOptions> + <wsdlOption> + <wsdl>${basedir}/src/main/resources/szr_client/SZR-1.1.WSDL</wsdl> + <extraargs> + <extraarg>-verbose </extraarg> + </extraargs> + </wsdlOption> + </wsdlOptions> + </configuration> + <goals> + <goal>wsdl2java</goal> + </goals> + </execution> + </executions> + </plugin> + <plugin> + <groupId>com.github.spotbugs</groupId> + <artifactId>spotbugs-maven-plugin</artifactId> + <executions> + <execution> + <id>spotbugs_validate</id> + <phase>test</phase> + <goals> + <goal>check</goal> + </goals> + </execution> + </executions> + <configuration> + <failOnError>true</failOnError> + <excludeFilterFile>spotbugs_exclude.xml</excludeFilterFile> + </configuration> + </plugin> + + <!-- enable co-existence of testng and junit --> - <plugin> - <artifactId>maven-surefire-plugin</artifactId> - <configuration> - <threadCount>1</threadCount> - </configuration> - <dependencies> - <dependency> - <groupId>org.apache.maven.surefire</groupId> - <artifactId>surefire-junit47</artifactId> - <version>${surefire.version}</version> - </dependency> - </dependencies> - </plugin> - </plugins> - </build> + <plugin> + <artifactId>maven-surefire-plugin</artifactId> + <configuration> + <threadCount>1</threadCount> + </configuration> + <dependencies> + <dependency> + <groupId>org.apache.maven.surefire</groupId> + <artifactId>surefire-junit47</artifactId> + <version>${surefire.version}</version> + </dependency> + </dependencies> + </plugin> + </plugins> + </build> </project>
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/spotbugs_exclude.xml b/eidas_modules/authmodule-eIDAS-v2/spotbugs_exclude.xml new file mode 100644 index 00000000..90d418ff --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/spotbugs_exclude.xml @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="UTF-8"?> +<FindBugsFilter> + <Match> + <Class name="~szrservices.SZRException"/> + </Match> +</FindBugsFilter>
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java new file mode 100644 index 00000000..b0eb8fc1 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -0,0 +1,167 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2; + +import at.gv.egiz.eaaf.core.api.data.EaafConstants; + +public class Constants { + + public static final String DATA_REQUESTERID = "req_requesterId"; + public static final String DATA_PROVIDERNAME = "req_providerName"; + public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA"; + public static final String DATA_REQUESTED_LOA_COMPERISON = "req_requestedLoAComperision"; + public static final String DATA_FULL_EIDAS_RESPONSE = "resp_fulleIDASResponse"; + + // templates for post-binding forwarding + public static final String TEMPLATE_POST_FORWARD_NAME = "eidas_node_forward.html"; + public static final String TEMPLATE_POST_FORWARD_ENDPOINT = "endPoint"; + public static final String TEMPLATE_POST_FORWARD_TOKEN_NAME = "tokenName"; + public static final String TEMPLATE_POST_FORWARD_TOKEN_VALUE = "tokenValue"; + + // configuration properties + public static final String CONIG_PROPS_EIDAS_PREFIX = "auth.eIDAS"; + public static final String CONIG_PROPS_EIDAS_NODE = CONIG_PROPS_EIDAS_PREFIX + ".node_v2"; + public static final String CONIG_PROPS_EIDAS_NODE_COUNTRYCODE = CONIG_PROPS_EIDAS_NODE + ".countrycode"; + public static final String CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS = CONIG_PROPS_EIDAS_NODE + + ".publicSectorTargets"; + public static final String CONIG_PROPS_EIDAS_NODE_ENTITYID = CONIG_PROPS_EIDAS_NODE + ".entityId"; + public static final String CONIG_PROPS_EIDAS_NODE_FORWARD_URL = CONIG_PROPS_EIDAS_NODE + + ".forward.endpoint"; + public static final String CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD = CONIG_PROPS_EIDAS_NODE + + ".forward.method"; + public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_DEFAULT_ONLYNATURAL = + CONIG_PROPS_EIDAS_NODE + ".attributes.requested.onlynatural."; + public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_CC_SPECIFIC_ONLYNATURAL = + CONIG_PROPS_EIDAS_NODE + ".attributes.requested.{0}.onlynatural."; + public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_REPRESENTATION = + CONIG_PROPS_EIDAS_NODE + ".attributes.requested.representation."; + public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME = + CONIG_PROPS_EIDAS_NODE + ".workarounds.addAlwaysProviderName"; + public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER = + CONIG_PROPS_EIDAS_NODE + ".workarounds.useRequestIdAsTransactionIdentifier"; + public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = + CONIG_PROPS_EIDAS_NODE + ".workarounds.useStaticProviderNameForPublicSPs"; + public static final String CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = CONIG_PROPS_EIDAS_NODE + + ".staticProviderNameForPublicSPs"; + public static final String DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = "ERnB"; + + public static final String FORWARD_METHOD_POST = "POST"; + public static final String FORWARD_METHOD_GET = "GET"; + + public static final String CONIG_PROPS_EIDAS_SZRCLIENT = CONIG_PROPS_EIDAS_PREFIX + ".szrclient"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE = CONIG_PROPS_EIDAS_SZRCLIENT + + ".useTestService"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_TRACEMESSAGES = CONIG_PROPS_EIDAS_SZRCLIENT + + ".debug.logfullmessages"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY = CONIG_PROPS_EIDAS_SZRCLIENT + + ".debug.useDummySolution"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_CONNECTION = CONIG_PROPS_EIDAS_SZRCLIENT + + ".timeout.connection"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_RESPONSE = CONIG_PROPS_EIDAS_SZRCLIENT + + ".timeout.response"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_ENDPOINT_PROD = CONIG_PROPS_EIDAS_SZRCLIENT + + ".endpoint.prod"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_ENDPOINT_TEST = CONIG_PROPS_EIDAS_SZRCLIENT + + ".endpoint.test"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PATH = CONIG_PROPS_EIDAS_SZRCLIENT + + ".ssl.keyStore.path"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PASSWORD = CONIG_PROPS_EIDAS_SZRCLIENT + + ".ssl.keyStore.password"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PATH = CONIG_PROPS_EIDAS_SZRCLIENT + + ".ssl.trustStore.path"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PASSWORD = CONIG_PROPS_EIDAS_SZRCLIENT + + ".ssl.trustStore.password"; + + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE = CONIG_PROPS_EIDAS_SZRCLIENT + + ".params.documenttype"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ = CONIG_PROPS_EIDAS_SZRCLIENT + + ".params.vkz"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_DATE = CONIG_PROPS_EIDAS_SZRCLIENT + + ".params.issuingdate"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_AUTHORITY = + CONIG_PROPS_EIDAS_SZRCLIENT + ".params.issuingauthority"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_KEYS_USEDUMMY = CONIG_PROPS_EIDAS_SZRCLIENT + + ".params.usedummykeys"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION = + CONIG_PROPS_EIDAS_SZRCLIENT + ".params.useSZRForbPKCalculation"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE = + CONIG_PROPS_EIDAS_SZRCLIENT + ".params.setPlaceOfBirthIfAvailable"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE = + CONIG_PROPS_EIDAS_SZRCLIENT + ".params.setBirthNameIfAvailable"; + + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE = + CONIG_PROPS_EIDAS_SZRCLIENT + ".revisionlog.eidmapping.active"; + + @Deprecated + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_SQLLITEDATASTORE_URL = + CONIG_PROPS_EIDAS_SZRCLIENT + ".workarounds.datastore.sqlite.url"; + @Deprecated + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_SQLLITEDATASTORE_ACTIVE = + CONIG_PROPS_EIDAS_SZRCLIENT + ".workarounds.datastore.sqlite.active"; + + // http endpoint descriptions + public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/light/sp/post"; + public static final String eIDAS_HTTP_ENDPOINT_SP_REDIRECT = "/eidas/light/sp/redirect"; + public static final String eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST = "/eidas/light/ColleagueRequest"; + public static final String eIDAS_HTTP_ENDPOINT_METADATA = "/eidas/light/metadata"; + + // eIDAS request parameters + public static final String eIDAS_REQ_NAMEID_FORMAT = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"; + + // eIDAS attribute names + public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier"; + public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth"; + public static final String eIDAS_ATTR_CURRENTGIVENNAME = "FirstName"; + public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "FamilyName"; + public static final String eIDAS_ATTR_PLACEOFBIRTH = "PlaceOfBirth"; + public static final String eIDAS_ATTR_BIRTHNAME = "BirthName"; + public static final String eIDAS_ATTR_CURRENTADDRESS = "CurrentAddress"; + + public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier"; + public static final String eIDAS_ATTR_LEGALNAME = "LegalName"; + + public static final String POLICY_DEFAULT_ALLOWED_TARGETS = + EaafConstants.URN_PREFIX_CDID.replaceAll("\\.", "\\\\.").replaceAll("\\+", "\\\\+") + ".*"; + + // SAML2 Constants + public static final String SUCCESS_URI = "urn:oasis:names:tc:SAML:2.0:status:Success"; + + public static final String HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION = "30"; // seconds + public static final String HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE = "60"; // seconds + + public static final String SZR_SCHEMA_LOCATIONS = + "urn:SZRServices" + " " + "/szr_client/szr.xsd"; + + // Default values for SZR communication + public static final String SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE = "ELEKTR_DOKUMENT"; + + // TODO remove!!! + public static final String SZR_CONSTANTS_DEFAULT_ISSUING_DATE = "2014-01-01"; + public static final String SZR_CONSTANTS_DEFAULT_ISSUING_AUTHORITY = "ms-specific eIDAS-Node for AT"; + public static final String SZR_CONSTANTS_DEFAULT_PUBKEY_EXPONENT = "AQAB"; + public static final String SZR_CONSTANTS_DEFAULT_PUBKEY_MODULUS = + "AJZyj/+sdCMDRq9RkvbFcgSTVn/OfS8EUE81ddwP8MNuJ1kd1SWBUJPaQX2JLJHrL54mkOhrkhH2M/zcuOTu8nW9TOEg" + + "XGjrRB/0HpiYKpV+VDJViyyc/GacNLxN4Anw4pima6gHYaJIw9hQkL/nuO2hyh8PGJd7rxeFXJmbLy+X"; + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationModulImpl.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationModulImpl.java new file mode 100644 index 00000000..41c74217 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationModulImpl.java @@ -0,0 +1,84 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2; + +import org.apache.commons.lang3.StringUtils; + +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; + +/** + * eIDAS authentication-process selector. + * + * @author tlenz + * + */ +public class EidasAuthenticationModulImpl implements AuthModule { + + private int priority = 1; + + @Override + public int getPriority() { + return priority; + } + + /** + * Sets the priority of this module. Default value is {@code 0}. + * + * @param priority The priority. + */ + public void setPriority(int priority) { + this.priority = priority; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv. + * egovernment.moa.id.process.api.ExecutionContext) + */ + @Override + public String selectProcess(ExecutionContext context, IRequest pendingReq) { + if (StringUtils.isNotBlank((String) context.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY)) + || StringUtils.isNotBlank((String) context.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY))) { + return "eIDASAuthentication_v2"; + } else { + return null; + } + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:eIDAS.Authentication.process.xml" }; + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationSpringResourceProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationSpringResourceProvider.java new file mode 100644 index 00000000..535e4f97 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationSpringResourceProvider.java @@ -0,0 +1,52 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +public class EidasAuthenticationSpringResourceProvider implements SpringResourceProvider { + + @Override + public String getName() { + return "Auth. module for eIDAS Ref. Impl. v2.x"; + } + + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Resource[] getResourcesToLoad() { + final ClassPathResource eidasAuthConfig = new ClassPathResource("/eidas_v2_auth.beans.xml", + EidasAuthenticationSpringResourceProvider.class); + + return new Resource[] { eidasAuthConfig }; + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java new file mode 100644 index 00000000..e9302f6d --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java @@ -0,0 +1,161 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import com.google.common.collect.ImmutableSortedSet; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; +import eu.eidas.auth.commons.EidasParameterKeys; +import eu.eidas.auth.commons.light.ILightResponse; +import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; +import eu.eidas.specificcommunication.exception.SpecificCommunicationException; +import eu.eidas.specificcommunication.protocol.impl.SpecificConnectorCommunicationServiceImpl; + +/** + * Controler implementation for eIDAS Node communication. + * + * @author tlenz + * + */ +@Controller +public class EidasSignalServlet extends AbstractProcessEngineSignalController { + + private static final Logger log = LoggerFactory.getLogger(EidasSignalServlet.class); + @Autowired + private ApplicationContext context; + @Autowired + private EidasAttributeRegistry attrRegistry; + + /** + * eIDAS Node communication end-point implementation. + * + */ + public EidasSignalServlet() { + super(); + log.debug("Registering servlet {} with mappings '{}' and '{}'.", + getClass().getName(), Constants.eIDAS_HTTP_ENDPOINT_SP_POST, + Constants.eIDAS_HTTP_ENDPOINT_SP_REDIRECT); + + } + + @RequestMapping(value = { + Constants.eIDAS_HTTP_ENDPOINT_SP_POST, + Constants.eIDAS_HTTP_ENDPOINT_SP_REDIRECT + }, + method = { RequestMethod.POST, RequestMethod.GET }) + public void restoreEidasAuthProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException, + EaafException { + signalProcessManagement(req, resp); + } + + /** + * Protocol specific implementation to get the pending-requestID from http + * request object. + * + * @param request The http Servlet-Request object + * @return The Pending-request id + * + */ + @Override + public String getPendingRequestId(HttpServletRequest request) { + // String sessionId = super.getPendingRequestId(request); + + try { + // get token from Request + final String tokenBase64 = request.getParameter(EidasParameterKeys.TOKEN.toString()); + if (StringUtils.isEmpty(tokenBase64)) { + log.warn("NO eIDAS message token found."); + throw new EidasSAuthenticationException("eidas.04", null); + + } + log.trace("Receive eIDAS-node token: " + tokenBase64 + " Starting transaction-restore process ... "); + + final SpecificConnectorCommunicationServiceImpl specificConnectorCommunicationService = + (SpecificConnectorCommunicationServiceImpl) context.getBean( + SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString()); + final ILightResponse eidasResponse = specificConnectorCommunicationService.getAndRemoveResponse( + tokenBase64, + ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes())); + + String pendingReqId = null; + if (StringUtils.isEmpty(eidasResponse.getRelayState())) { + log.debug("eIDAS Node returns no RelayState. "); + + if (authConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER, + false)) { + log.trace("Use lightRequestId to recover session ... "); + pendingReqId = transactionStorage.get(eidasResponse.getInResponseToId(), String.class); + if (StringUtils.isNotEmpty(pendingReqId)) { + log.debug("Restoring session with lightRequestId ... "); + transactionStorage.remove(eidasResponse.getInResponseToId()); + + } + } + + } else { + log.debug("Find transaction identifier in SAML2 'RelayState': " + eidasResponse.getRelayState()); + pendingReqId = eidasResponse.getRelayState(); + + } + + if (StringUtils.isNotEmpty(pendingReqId)) { + request.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse); + return pendingReqId; + + } + + log.info("NO transaction identifier found! Stopping process ...."); + log.trace("FullResponse: " + eidasResponse.toString()); + + } catch (final SpecificCommunicationException e) { + log.warn("Can NOT load eIDAS Response from cache.", e); + log.debug("eIDAS response token was: " + request.getParameter(EidasParameterKeys.TOKEN.toString())); + + } catch (final Exception e) { + log.warn("Unable to retrieve moa session id.", e); + + } + + return null; + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/EidasPersonalIdStoreDao.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/EidasPersonalIdStoreDao.java new file mode 100644 index 00000000..c7acdb15 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/EidasPersonalIdStoreDao.java @@ -0,0 +1,158 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.Iterator; +import java.util.List; + +import at.gv.egiz.eaaf.core.impl.data.Pair; + +@Deprecated +public class EidasPersonalIdStoreDao { + public static final String NAME = "foreigneIDMap"; + + // Enum with all cols of this table + public enum Cols { + timestamp, transactionId, eidasId, eidasSourceCountry, eidasDestinationCountry, ernbId + } + + public enum T { + ID("INTEGER"), + BIGINT("VARCHAR(265)"), + URI("VARCHAR(256)"), + DATE("Long"), + TEXT("TEXT"), + Long("BIGINT"), + Int("INTEGER"), + BLOB("BLOB"), + CC("CHAR(2)"), + BOOL("INTEGER"); + + private final String type; + + T(String el) { + type = el; + } + + @Override + public String toString() { + return type; + } + } + + // define Cols of the table + public static final List<Pair<String, T>> TABLE_COLS; + + static { + final List<Pair<String, T>> cols = new ArrayList<>(); + cols.add(Pair.newInstance(Cols.timestamp.name(), T.DATE)); + cols.add(Pair.newInstance(Cols.transactionId.name(), T.TEXT)); + cols.add(Pair.newInstance(Cols.eidasId.name(), T.TEXT)); + cols.add(Pair.newInstance(Cols.eidasSourceCountry.name(), T.CC)); + cols.add(Pair.newInstance(Cols.eidasDestinationCountry.name(), T.CC)); + cols.add(Pair.newInstance(Cols.ernbId.name(), T.TEXT)); + + TABLE_COLS = Collections.unmodifiableList(cols); + + } + + public static final String CREATE = "CREATE TABLE " + NAME + + " (" + "id" + " " + T.ID.toString() + + " PRIMARY KEY AUTOINCREMENT, " + buildCreateTableQuery(TABLE_COLS) + ")"; + + public static final String INSERT = "INSERT INTO " + NAME + + "(" + buildInsertQueryKeys(TABLE_COLS) + ")" + + " VALUES (" + buildInsertQueryValues(TABLE_COLS) + ");"; + + public static final String SELECT_BY_ERNB_ID = "SELECT * FROM " + NAME + + " WHERE " + Cols.ernbId.name() + "=?;"; + + public static final String SELECT_BY_EIDAS_RAW_ID = "SELECT * FROM " + NAME + + " WHERE " + Cols.eidasId.name() + "=?" + + " and " + Cols.eidasSourceCountry.name() + "=?" + ";"; + + /** + * Build a part of a SQL query, which contains the cols of a table that should + * be created. + * + * @param cols List of DB col definitions {@link Pair} + * @return Part of a SQL query, which contains cols that should be created + */ + private static String buildCreateTableQuery(List<Pair<String, T>> cols) { + StringBuffer buf = new StringBuffer(); + for (final Pair<String, T> el : cols) { + buf.append(el.getFirst()); + buf.append(" "); + buf.append(el.getSecond()); + buf.append(","); + + } + String sql = buf.toString(); + return sql.substring(0, sql.length() - 1); + + } + + /** + * Build a part of a SQL query, which contains the cols keys of a table for + * insert operation. + * + * @param cols List of DB col definitions {@link Pair} + * @return Part of a SQL query, which contains cols that should be created + */ + protected static String buildInsertQueryKeys(List<Pair<String, T>> cols) { + + StringBuffer buf = new StringBuffer(); + for (final Pair<String, T> el : cols) { + buf.append(el.getFirst()); + buf.append(","); + + } + String sql = buf.toString(); + return sql.substring(0, sql.length() - 1); + } + + /** + * Build a part of a SQL query, which contains the cols values of a table for + * insert operation. + * + * @param cols List of DB col definitions {@link Pair} + * @return Part of a SQL query, which contains cols that should be created + */ + protected static String buildInsertQueryValues(List<Pair<String, T>> cols) { + + StringBuffer buf = new StringBuffer(); + Iterator<Pair<String, T>> it = cols.iterator(); + while (it.hasNext()) { + buf.append("?,"); + it.next(); + + } + + String sql = buf.toString(); + return sql.substring(0, sql.length() - 1); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/ErnbEidData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/ErnbEidData.java new file mode 100644 index 00000000..6c7eeb6b --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/ErnbEidData.java @@ -0,0 +1,115 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; + +import java.text.SimpleDateFormat; + +import org.joda.time.DateTime; + +import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; + +public class ErnbEidData { + + private String citizenCountryCode = null; + + // MDS + private String pseudonym = null; + private String givenName = null; + private String familyName = null; + private DateTime dateOfBirth = null; + + // additional attributes + private String placeOfBirth = null; + private String birthName = null; + private PostalAddressType address = null; + + public String getCitizenCountryCode() { + return citizenCountryCode; + } + + public void setCitizenCountryCode(String citizenCountryCode) { + this.citizenCountryCode = citizenCountryCode; + } + + public String getPseudonym() { + return pseudonym; + } + + public void setPseudonym(String pseudonym) { + this.pseudonym = pseudonym; + } + + public String getGivenName() { + return givenName; + } + + public void setGivenName(String givenName) { + this.givenName = givenName; + } + + public String getFamilyName() { + return familyName; + } + + public void setFamilyName(String familyName) { + this.familyName = familyName; + } + + public DateTime getDateOfBirth() { + return dateOfBirth; + } + + public void setDateOfBirth(DateTime dateOfBirth) { + this.dateOfBirth = dateOfBirth; + } + + public String getPlaceOfBirth() { + return placeOfBirth; + } + + public void setPlaceOfBirth(String placeOfBirth) { + this.placeOfBirth = placeOfBirth; + } + + public String getBirthName() { + return birthName; + } + + public void setBirthName(String birthName) { + this.birthName = birthName; + } + + public PostalAddressType getAddress() { + return address; + } + + public void setAddress(PostalAddressType address) { + this.address = address; + } + + public String getFormatedDateOfBirth() { + return new SimpleDateFormat("yyyy-MM-dd").format(dateOfBirth.toDate()); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/exception/SQLiteServiceException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPostProcessingException.java index 181dc5e2..f4c0be67 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/exception/SQLiteServiceException.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidPostProcessingException.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,21 +19,22 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception; +*/ -public class SQLiteServiceException extends eIDASAuthenticationException { +package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; - private static final long serialVersionUID = 2278259367925102676L; +public class EidPostProcessingException extends EidasSAuthenticationException { - public SQLiteServiceException(String internalMsgId, Object[] params, Throwable e) { - super(internalMsgId, params, e); - - } + private static final long serialVersionUID = 6780652273831172456L; - public SQLiteServiceException(String internalMsgId, Object[] params) { - super(internalMsgId, params); - - } + public EidPostProcessingException(String internalMsgId, Object[] params) { + super(internalMsgId, params); + + } + + public EidPostProcessingException(String internalMsgId, Object[] params, Throwable e) { + super(internalMsgId, params, e); + + } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASValidationException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidasAttributeException.java index d41f5aad..49736d58 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASValidationException.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidasAttributeException.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,18 +19,16 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception; +*/ -public class eIDASValidationException extends eIDASAuthenticationException { +package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; - /** - * - */ - private static final long serialVersionUID = 1L; +public class EidasAttributeException extends EidasSAuthenticationException { + private static final long serialVersionUID = 1L; - public eIDASValidationException(String internalMsgId, Object[] params) { - super(internalMsgId, params); - } + public EidasAttributeException(String attrbuteName) { + super("eidas.00", new Object[] { attrbuteName }); + + } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASAuthenticationException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidasSAuthenticationException.java index e468fd72..8ff218e3 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASAuthenticationException.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidasSAuthenticationException.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,24 +19,23 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception; +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; -public class eIDASAuthenticationException extends EaafAuthenticationException{ +public class EidasSAuthenticationException extends EaafAuthenticationException { + + + private static final long serialVersionUID = 1L; - /** - * - */ - private static final long serialVersionUID = 1L; + public EidasSAuthenticationException(String internalMsgId, Object[] params) { + super(internalMsgId, params); + } - public eIDASAuthenticationException(String internalMsgId, Object[] params) { - super(internalMsgId, params); - } - - public eIDASAuthenticationException(String internalMsgId, Object[] params, Throwable e) { - super(internalMsgId, params, e); - } + public EidasSAuthenticationException(String internalMsgId, Object[] params, Throwable e) { + super(internalMsgId, params, e); + } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/exception/SZRCommunicationException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidasValidationException.java index ea9fa6ce..2988dd6f 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/exception/SZRCommunicationException.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/EidasValidationException.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,19 +19,16 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception; +*/ -public class SZRCommunicationException extends eIDASAuthenticationException { +package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; - private static final long serialVersionUID = 1L; +public class EidasValidationException extends EidasSAuthenticationException { - public SZRCommunicationException(String internalMsgId, Object[] params) { - super(internalMsgId, params); - } + private static final long serialVersionUID = 1L; - public SZRCommunicationException(String internalMsgId, Object[] params, Throwable e) { - super(internalMsgId, params, e); - } + public EidasValidationException(String internalMsgId, Object[] params) { + super(internalMsgId, params); + } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASAttributeException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/SqliteServiceException.java index ec307b7d..d48abec9 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/exception/eIDASAttributeException.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/SqliteServiceException.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,19 +19,22 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception; +*/ -public class eIDASAttributeException extends eIDASAuthenticationException { +package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; - /** - * - */ - private static final long serialVersionUID = 1L; +public class SqliteServiceException extends EidasSAuthenticationException { - public eIDASAttributeException(String attrbuteName) { - super("eidas.00", new Object[] {attrbuteName}); + private static final long serialVersionUID = 2278259367925102676L; - } + public SqliteServiceException(String internalMsgId, Object[] params, Throwable e) { + super(internalMsgId, params, e); + + } + + public SqliteServiceException(String internalMsgId, Object[] params) { + super(internalMsgId, params); + + } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/exception/eIDPostProcessingException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/SzrCommunicationException.java index 05e12dbd..c736cadb 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/exception/eIDPostProcessingException.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/SzrCommunicationException.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,21 +19,20 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception; +*/ -public class eIDPostProcessingException extends eIDASAuthenticationException { +package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; - private static final long serialVersionUID = 6780652273831172456L; +public class SzrCommunicationException extends EidasSAuthenticationException { - public eIDPostProcessingException(String internalMsgId, Object[] params) { - super(internalMsgId, params); - - } - - public eIDPostProcessingException(String internalMsgId, Object[] params, Throwable e) { - super(internalMsgId, params, e); - - } + private static final long serialVersionUID = 1L; + + public SzrCommunicationException(String internalMsgId, Object[] params) { + super(internalMsgId, params); + } + + public SzrCommunicationException(String internalMsgId, Object[] params, Throwable e) { + super(internalMsgId, params, e); + } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java new file mode 100644 index 00000000..2b0e0d2f --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java @@ -0,0 +1,357 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; + +import java.util.Map; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import org.apache.commons.lang3.StringUtils; +import org.joda.time.DateTime; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + +import com.google.common.collect.ImmutableSortedSet; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import edu.umd.cs.findbugs.annotations.NonNull; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.light.impl.LightRequest.Builder; +import eu.eidas.auth.commons.protocol.eidas.SpType; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; + +public abstract class AbstractEidProcessor implements INationalEidProcessor { + private static final Logger log = LoggerFactory.getLogger(AbstractEidProcessor.class); + + @Autowired + protected EidasAttributeRegistry attrRegistry; + @Autowired + protected IConfigurationWithSP basicConfig; + + @Override + public final void preProcess(IRequest pendingReq, Builder authnRequestBuilder) { + + buildProviderNameAttribute(pendingReq, authnRequestBuilder); + buildRequestedAttributes(authnRequestBuilder); + + } + + @Override + public final ErnbEidData postProcess(Map<String, Object> eidasAttrMap) throws EidPostProcessingException, + EidasAttributeException { + final ErnbEidData result = new ErnbEidData(); + + final Object eIdentifierObj = eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + final Trible<String, String, String> eIdentifier = + EidasResponseUtils.parseEidasPersonalIdentifier((String) eIdentifierObj); + result.setCitizenCountryCode(eIdentifier.getFirst()); + + // MDS attributes + result.setPseudonym(processPseudonym(eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))); + result.setFamilyName(processFamilyName(eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME))); + result.setGivenName(processGivenName(eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME))); + result.setDateOfBirth(processDateOfBirth(eidasAttrMap.get(Constants.eIDAS_ATTR_DATEOFBIRTH))); + + // additional attributes + result.setPlaceOfBirth(processPlaceOfBirth(eidasAttrMap.get(Constants.eIDAS_ATTR_PLACEOFBIRTH))); + result.setBirthName(processBirthName(eidasAttrMap.get(Constants.eIDAS_ATTR_BIRTHNAME))); + result.setAddress(processAddress(eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTADDRESS))); + + return result; + + } + + + /** + * Get a Map of country-specific requested attributes. + * + * @return + */ + @NonNull + protected abstract Map<String, Boolean> getCountrySpecificRequestedAttributes(); + + /** + * Post-Process the eIDAS CurrentAddress attribute. + * + * @param currentAddressObj eIDAS current address information + * @return current address or null if no attribute is available + * @throws EidPostProcessingException if post-processing fails + * @throws EidasAttributeException if eIDAS attribute is of a wrong type + */ + protected PostalAddressType processAddress(Object currentAddressObj) throws EidPostProcessingException, + EidasAttributeException { + + if (currentAddressObj != null) { + if (currentAddressObj instanceof PostalAddress) { + final PostalAddressType result = new PostalAddressType(); + result.setPostalCode(((PostalAddress) currentAddressObj).getPostCode()); + result.setMunicipality(((PostalAddress) currentAddressObj).getPostName()); + + // TODO: add more mappings + + return result; + + } else { + log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_CURRENTADDRESS + " is of WRONG type"); + throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTADDRESS); + + } + + } else { + log.debug("NO '" + Constants.eIDAS_ATTR_CURRENTADDRESS + "' attribute. Post-Processing skipped ... "); + } + + return null; + + } + + /** + * Post-Process the eIDAS BirthName attribute. + * + * @param birthNameObj eIDAS birthname information + * @return birthName or null if no attribute is available + * @throws EidPostProcessingException if post-processing fails + * @throws EidasAttributeException if eIDAS attribute is of a wrong type + */ + protected String processBirthName(Object birthNameObj) throws EidPostProcessingException, + EidasAttributeException { + if (birthNameObj != null) { + if (birthNameObj instanceof String) { + return (String) birthNameObj; + + } else { + log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_BIRTHNAME + " is of WRONG type"); + throw new EidasAttributeException(Constants.eIDAS_ATTR_BIRTHNAME); + + } + + } else { + log.debug("NO '" + Constants.eIDAS_ATTR_BIRTHNAME + "' attribute. Post-Processing skipped ... "); + } + + return null; + + } + + /** + * Post-Process the eIDAS PlaceOfBirth attribute. + * + * @param placeOfBirthObj eIDAS Place-of-Birth information + * @return place of Birth or null if no attribute is available + * @throws EidPostProcessingException if post-processing fails + * @throws EidasAttributeException if eIDAS attribute is of a wrong type + */ + protected String processPlaceOfBirth(Object placeOfBirthObj) throws EidPostProcessingException, + EidasAttributeException { + if (placeOfBirthObj != null) { + if (placeOfBirthObj instanceof String) { + return (String) placeOfBirthObj; + + } else { + log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_PLACEOFBIRTH + " is of WRONG type"); + throw new EidasAttributeException(Constants.eIDAS_ATTR_PLACEOFBIRTH); + + } + + } else { + log.debug("NO '" + Constants.eIDAS_ATTR_PLACEOFBIRTH + "' attribute. Post-Processing skipped ... "); + } + + return null; + + } + + /** + * Post-Process the eIDAS DateOfBirth attribute. + * + * @param dateOfBirthObj eIDAS date-of-birth attribute information + * @return formated user's date-of-birth + * @throws EidasAttributeException if NO attribute is available + * @throws EidPostProcessingException if post-processing fails + */ + protected DateTime processDateOfBirth(Object dateOfBirthObj) throws EidPostProcessingException, + EidasAttributeException { + if (dateOfBirthObj == null || !(dateOfBirthObj instanceof DateTime)) { + throw new EidasAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); + } + + return (DateTime) dateOfBirthObj; + + } + + /** + * Post-Process the eIDAS GivenName attribute. + * + * @param givenNameObj eIDAS givenName attribute information + * @return formated user's givenname + * @throws EidasAttributeException if NO attribute is available + * @throws EidPostProcessingException if post-processing fails + */ + protected String processGivenName(Object givenNameObj) throws EidPostProcessingException, + EidasAttributeException { + if (givenNameObj == null || !(givenNameObj instanceof String)) { + throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME); + } + + return (String) givenNameObj; + + } + + /** + * Post-Process the eIDAS FamilyName attribute. + * + * @param familyNameObj eIDAS familyName attribute information + * @return formated user's familyname + * @throws EidasAttributeException if NO attribute is available + * @throws EidPostProcessingException if post-processing fails + */ + protected String processFamilyName(Object familyNameObj) throws EidPostProcessingException, + EidasAttributeException { + if (familyNameObj == null || !(familyNameObj instanceof String)) { + throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME); + } + + return (String) familyNameObj; + + } + + /** + * Post-Process the eIDAS pseudonym to ERnB unique identifier. + * + * @param personalIdObj eIDAS PersonalIdentifierAttribute + * @return Unique personal identifier without country-code information + * @throws EidasAttributeException if NO attribute is available + * @throws EidPostProcessingException if post-processing fails + */ + protected String processPseudonym(Object personalIdObj) throws EidPostProcessingException, + EidasAttributeException { + if (personalIdObj == null || !(personalIdObj instanceof String)) { + throw new EidasAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + } + + final Trible<String, String, String> eIdentifier = + EidasResponseUtils.parseEidasPersonalIdentifier((String) personalIdObj); + + return eIdentifier.getThird(); + + } + + private void buildRequestedAttributes(Builder authnRequestBuilder) { + // build and add requested attribute set + final Map<String, Boolean> ccSpecificReqAttr = getCountrySpecificRequestedAttributes(); + log.debug("Get #{} country-specific requested attributes", ccSpecificReqAttr.size()); + + final Map<String, Boolean> mdsReqAttr = attrRegistry.getDefaultAttributeSetFromConfiguration(); + log.trace("Get #{} default requested attributes", mdsReqAttr.size()); + + // put it together + ccSpecificReqAttr.putAll(mdsReqAttr); + + // convert it to eIDAS attributes + final ImmutableAttributeMap reqAttrMap = translateToEidasAttributes(ccSpecificReqAttr); + authnRequestBuilder.requestedAttributes(reqAttrMap); + + } + + private ImmutableAttributeMap translateToEidasAttributes(final Map<String, Boolean> requiredAttributes) { + final ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder(); + for (final Map.Entry<String, Boolean> attribute : requiredAttributes.entrySet()) { + final String name = attribute.getKey(); + final ImmutableSortedSet<AttributeDefinition<?>> byFriendlyName = attrRegistry + .getCoreAttributeRegistry().getByFriendlyName(name); + if (!byFriendlyName.isEmpty()) { + final AttributeDefinition<?> attributeDefinition = byFriendlyName.first(); + builder.put(AttributeDefinition.builder(attributeDefinition).required(attribute.getValue()).build()); + + } else { + log.warn("Can NOT request UNKNOWN attribute: " + attribute.getKey() + " Ignore it!"); + } + + } + + return builder.build(); + + } + + private void buildProviderNameAttribute(IRequest pendingReq, Builder authnRequestBuilder) { + final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); + + // set correct SPType for requested target sector + final String publicSectorTargetSelector = basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS, + Constants.POLICY_DEFAULT_ALLOWED_TARGETS); + final Pattern p = Pattern.compile(publicSectorTargetSelector); + final Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier()); + if (m.matches()) { + log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PublicSector'"); + authnRequestBuilder.spType(SpType.PUBLIC.getValue()); + + if (basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, + false)) { + authnRequestBuilder.providerName(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, + Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP)); + + } else { + // TODO: only for eIDAS ref. node 2.0 and 2.1 because it need 'Providername' for + // any SPType + final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class); + if (StringUtils.isNotEmpty(providerName) + && basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME, + false)) { + authnRequestBuilder.providerName(providerName); + + } + } + + } else { + log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PrivateSector'"); + authnRequestBuilder.spType(SpType.PRIVATE.getValue()); + + // TODO: switch to RequesterId in further version + // set provider name for private sector applications + final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class); + if (StringUtils.isNotEmpty(providerName)) { + authnRequestBuilder.providerName(providerName); + } + + } + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeEidProcessor.java new file mode 100644 index 00000000..8d8cc6b0 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeEidProcessor.java @@ -0,0 +1,112 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; + +import java.io.UnsupportedEncodingException; +import java.util.Base64; +import java.util.Map; + +import org.apache.commons.codec.DecoderException; +import org.apache.commons.codec.binary.Hex; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.gv.egiz.eaaf.core.impl.data.Trible; + +public class DeEidProcessor extends AbstractEidProcessor { + private static final Logger log = LoggerFactory.getLogger(DeEidProcessor.class); + private static final String canHandleCC = "DE"; + + private int priority = 1; + + @Override + public int getPriority() { + return priority; + } + + @Override + public boolean canHandle(String countryCode) { + return countryCode != null && countryCode.equalsIgnoreCase(canHandleCC); + + } + + public void setPriority(int priority) { + this.priority = priority; + } + + @Override + public String getName() { + return "DE-PostProcessor"; + + } + + @Override + protected String processPseudonym(Object uniqeIdentifierObj) throws EidPostProcessingException, + EidasAttributeException { + if (uniqeIdentifierObj == null || !(uniqeIdentifierObj instanceof String)) { + throw new EidasAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + } + + final Trible<String, String, String> eIdentifier = + EidasResponseUtils.parseEidasPersonalIdentifier((String) uniqeIdentifierObj); + + log.trace(getName() + " starts processing of attribute: " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + final String result = convertDeIdentifier(eIdentifier.getThird()); + log.debug(getName() + " finished processing of attribute: " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + + return result; + + } + + private String convertDeIdentifier(String hexEncodedDeIdentifier) throws EidPostProcessingException { + if (hexEncodedDeIdentifier.length() != 64) { + throw new EidPostProcessingException("ernb.03", new Object[] { + "Input has wrong length, expected 64 chars" }); + } + + byte[] data; + try { + data = Hex.decodeHex(hexEncodedDeIdentifier); + final byte[] encoded = Base64.getEncoder().encode(data); + return new String(encoded, "UTF-8"); + + } catch (final DecoderException | UnsupportedEncodingException e) { + throw new EidPostProcessingException("ernb.03", null, e); + + } + + + } + + @Override + protected Map<String, Boolean> getCountrySpecificRequestedAttributes() { + return attrRegistry.getAttributeSetFromConfiguration(canHandleCC); + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/GenericEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/GenericEidProcessor.java new file mode 100644 index 00000000..69949435 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/GenericEidProcessor.java @@ -0,0 +1,61 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; + +import java.util.HashMap; +import java.util.Map; + +public class GenericEidProcessor extends AbstractEidProcessor { + + private int priority = 0; + + @Override + public int getPriority() { + return priority; + + } + + @Override + public boolean canHandle(String countryCode) { + return true; + + } + + public void setPriority(int priority) { + this.priority = priority; + } + + @Override + public String getName() { + return "Default-PostProcessor"; + + } + + @Override + protected Map<String, Boolean> getCountrySpecificRequestedAttributes() { + return new HashMap<>(); + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/INationalEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/INationalEidProcessor.java new file mode 100644 index 00000000..577efbcd --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/INationalEidProcessor.java @@ -0,0 +1,81 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; + +import java.util.Map; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.gv.egiz.eaaf.core.api.IRequest; +import eu.eidas.auth.commons.light.ILightRequest; +import eu.eidas.auth.commons.light.impl.LightRequest.Builder; + +public interface INationalEidProcessor { + + /** + * Get a friendlyName of this post-processor implementation. + * + * @return + */ + String getName(); + + /** + * Get the priority of this eID Post-Processor <br> + * If more than one Post-Processor implementations can handle the eID data, the + * post-processor with the highest priority are selected. The Default-Processor + * has priority '0' + * + * @return Priority of this handler + */ + int getPriority(); + + /** + * Check if this postProcessor is sensitive for a specific country. + * + * @param countryCode of the eID data that should be processed + * @return true if this implementation can handle the country, otherwise false + * + */ + boolean canHandle(String countryCode); + + /** + * Post-Process eIDAS eID data into national format. + * + * @param eidasAttrMap Map of eIDAS attributes in format friendlyName and + * attribute + * @throws EidPostProcessingException In case of a post-processing error + * @throws EidasAttributeException In case of an invalid eIDAS attribute + */ + ErnbEidData postProcess(Map<String, Object> eidasAttrMap) throws EidPostProcessingException, + EidasAttributeException; + + /** + * Pre-Process eIDAS Request to national requirements. + * + * @param pendingReq current pending request + * @param authnRequestBuilder eIDAS {@link ILightRequest} builder + */ + void preProcess(IRequest pendingReq, Builder authnRequestBuilder); +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java new file mode 100644 index 00000000..09bb09d6 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java @@ -0,0 +1,135 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.service; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; + +import javax.annotation.PostConstruct; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.stereotype.Service; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.INationalEidProcessor; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import eu.eidas.auth.commons.light.impl.LightRequest.Builder; + +@Service +public class CcSpecificEidProcessingService implements ICcSpecificEidProcessingService { + private static final Logger log = LoggerFactory.getLogger(CcSpecificEidProcessingService.class); + + @Autowired + private ApplicationContext context; + + private final List<INationalEidProcessor> handlers = new ArrayList<>(); + + @PostConstruct + private void initialize() { + log.debug("Initialize eID PostProcessing-Service ... "); + final Map<String, INationalEidProcessor> postProcessors = context.getBeansOfType( + INationalEidProcessor.class); + final Iterator<Entry<String, INationalEidProcessor>> iterator = postProcessors.entrySet().iterator(); + while (iterator.hasNext()) { + final Entry<String, INationalEidProcessor> el = iterator.next(); + log.debug("Find eID-PostProcessor with name: " + el.getKey()); + handlers.add(el.getValue()); + + } + + log.trace("Sorting eID-PostProcessors on priority ... "); + Collections.sort(handlers, (thisAuthModule, otherAuthModule) -> { + final int thisOrder = thisAuthModule.getPriority(); + final int otherOrder = otherAuthModule.getPriority(); + return thisOrder < otherOrder ? 1 : thisOrder == otherOrder ? 0 : -1; + }); + + log.info("# " + handlers.size() + " eID PostProcessing services are registrated"); + + } + + @Override + public void preProcess(String selectedCitizenCountry, IRequest pendingReq, Builder authnRequestBuilder) + throws EidPostProcessingException { + if (StringUtils.isEmpty(selectedCitizenCountry)) { + log.info("No CountryCode for eID Pre-Processor. Default Pre-Processor will be used"); + } + + for (final INationalEidProcessor el : handlers) { + if (el.canHandle(selectedCitizenCountry)) { + log.debug("Pre-Process eIDAS request for " + selectedCitizenCountry + " by using: " + el.getName()); + el.preProcess(pendingReq, authnRequestBuilder); + return; + + } + } + + log.error("NO eID PostProcessor FOUND. Looks like a depentency problem!"); + throw new EidPostProcessingException("internal.00", null); + + } + + @Override + public ErnbEidData postProcess(Map<String, Object> eidasAttrMap) throws EidPostProcessingException, + EidasAttributeException { + // extract citizen country from eIDAS unique identifier + final Object eIdentifierObj = eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + if (eIdentifierObj == null || !(eIdentifierObj instanceof String)) { + throw new EidasAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + } + + final Trible<String, String, String> eIdentifier = + EidasResponseUtils.parseEidasPersonalIdentifier((String) eIdentifierObj); + final String citizenCountry = eIdentifier.getFirst(); + + if (StringUtils.isEmpty(citizenCountry)) { + log.info("No CountryCode for eID PostProcessor. Default-PostProcessor will be used"); + } + + for (final INationalEidProcessor el : handlers) { + if (el.canHandle(citizenCountry)) { + log.debug("Post-Process eIDAS eID from " + citizenCountry + " by using: " + el.getName()); + return el.postProcess(eidasAttrMap); + + } + } + + log.error("NO eID PostProcessor FOUND. Looks like a depentency problem!"); + throw new EidPostProcessingException("internal.00", null); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasAttributeRegistry.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasAttributeRegistry.java new file mode 100644 index 00000000..98c4c2de --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasAttributeRegistry.java @@ -0,0 +1,180 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.service; + +import java.io.File; +import java.text.MessageFormat; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.annotation.PostConstruct; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import edu.umd.cs.findbugs.annotations.NonNull; +import eu.eidas.auth.commons.attribute.AttributeRegistries; +import eu.eidas.auth.commons.attribute.AttributeRegistry; + +@Service("attributeRegistry") +public class EidasAttributeRegistry { + private static final Logger log = LoggerFactory.getLogger(EidasAttributeRegistry.class); + @Autowired + private IConfigurationWithSP basicConfig; + + private AttributeRegistry coreAttributeRegistry; + + private String eidasAttributesFile; + private String additionalAttributesFile; + + @PostConstruct + private void initialize() throws RuntimeException { + try { + if (eidasAttributesFile.isEmpty()) { + log.error("Basic eIDAS addribute definition NOT defined"); + throw new EaafConfigurationException("config.30", + new Object[] { "eidas-attributes.xml" }); + + } + + boolean additionalAttrAvailabe = false; + if (!additionalAttributesFile.isEmpty()) { + final File file = new File(additionalAttributesFile); + if (file.exists()) { + additionalAttrAvailabe = true; + } + + } + + if (!additionalAttrAvailabe) { + log.info("Start eIDAS ref. impl. Core without additional eIDAS attribute definitions ... "); + coreAttributeRegistry = AttributeRegistries.fromFiles(eidasAttributesFile, null); + + } else { + // load attribute definitions + log.info("Start eIDAS ref. impl. Core with additional eIDAS attribute definitions ... "); + coreAttributeRegistry = AttributeRegistries.fromFiles(eidasAttributesFile, null, + additionalAttributesFile); + + } + + } catch (final Throwable e) { + log.error("Can NOT initialize eIDAS attribute definition.", e); + throw new RuntimeException("Can NOT initialize eIDAS attribute definition.", e); + + } + } + + public AttributeRegistry getCoreAttributeRegistry() { + return coreAttributeRegistry; + } + + /** + * Get Map of attributes that are requested by default. + * + * @return Map of AttributeIdentifier, isRequired flag + */ + @NonNull + public Map<String, Boolean> getDefaultAttributeSetFromConfiguration() { + /* + * TODO: select set for representation if mandates should be used. It's an open + * task in respect to requested eIDAS attributes and isRequired flag, because + * there can be a decision problem in case of natural or legal person + * representation! From an Austrian use-case point of view, an Austrian service + * provider can support mandates for natural and legal persons at the same time. + * However, we CAN NOT request attributes for natural AND legal persons on the + * same time, because it's not possible to represent both simultaneously. + */ + final Map<String, String> configAttributes = + basicConfig.getBasicConfigurationWithPrefix( + Constants.CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_DEFAULT_ONLYNATURAL); + return processAttributeInfosFromConfig(configAttributes); + + } + + /** + * Get a Map of attributes that are additionally requested for a specific country. + * + * @param countryCode Country Code + * @return Map of AttributeIdentifier, isRequired flag + */ + @NonNull + public Map<String, Boolean> getAttributeSetFromConfiguration(String countryCode) { + + /* + * TODO: select set for representation if mandates should be used. It's an open + * task in respect to requested eIDAS attributes and isRequired flag, because + * there can be a decision problem in case of natural or legal person + * representation! From an Austrian use-case point of view, an Austrian service + * provider can support mandates for natural and legal persons at the same time. + * However, we CAN NOT request attributes for natural AND legal persons on the + * same time, because it's not possible to represent both simultaneously. + */ + final Map<String, String> configAttributes = + basicConfig.getBasicConfigurationWithPrefix( + MessageFormat.format( + Constants.CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_CC_SPECIFIC_ONLYNATURAL, + countryCode.toLowerCase())); + return processAttributeInfosFromConfig(configAttributes); + + } + + private Map<String, Boolean> processAttributeInfosFromConfig(Map<String, String> configAttributes) { + + final Map<String, Boolean> result = new HashMap<>(); + for (final String el : configAttributes.values()) { + if (StringUtils.isNotEmpty(el.trim())) { + final List<String> attrDef = KeyValueUtils.getListOfCsvValues(el.trim()); + boolean isRequired = false; + if (attrDef.size() == 2) { + isRequired = Boolean.parseBoolean(attrDef.get(1)); + } + + result.put(attrDef.get(0), isRequired); + + } + } + + log.trace("Load #" + result.size() + " requested attributes from configuration"); + return result; + + } + + public void setEidasAttributesFile(String eidasAttributesFile) { + this.eidasAttributesFile = eidasAttributesFile; + } + + public void setAdditionalAttributesFile(String additionalAttributesFile) { + this.additionalAttributesFile = additionalAttributesFile; + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasDataStore.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasDataStore.java new file mode 100644 index 00000000..549aa65c --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasDataStore.java @@ -0,0 +1,363 @@ +/* + * Copyright 2018 A-SIT Plus GmbH AT-specific eIDAS Connector has been developed + * in a cooperation between EGIZ, A-SIT Plus GmbH, A-SIT, and Graz University of + * Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. You may + * obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. The "NOTICE" text file + * is part of the distribution. Any derivative works that you distribute must + * include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.service; + +//import java.io.File; +//import java.io.IOException; +//import java.sql.Connection; +//import java.sql.DriverManager; +//import java.sql.PreparedStatement; +//import java.sql.ResultSet; +//import java.sql.SQLException; +//import java.sql.Statement; +//import java.time.Instant; +//import java.util.Properties; +// +//import javax.annotation.PostConstruct; +// +//import org.slf4j.Logger; +//import org.slf4j.LoggerFactory; +//import org.springframework.beans.factory.annotation.Autowired; +//import org.springframework.stereotype.Component; +//import org.sqlite.SQLiteConfig; +//import org.sqlite.SQLiteConfig.LockingMode; +//import org.sqlite.SQLiteConfig.SynchronousMode; +//import org.sqlite.SQLiteErrorCode; +// +//import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +//import at.asitplus.eidas.specific.modules.auth.eidas.v2.DAO.eIDASPersonalIdStoreDAO; +//import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SQLiteServiceException; +//import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +//import at.gv.egiz.eaaf.core.impl.data.Pair; +//import at.gv.egiz.eaaf.core.impl.data.Trible; +// +//@Component +//@Deprecated +//public class EidasDataStore { +// +// private static final String SQLITE_JDBC_DRIVER_CLASS = "org.sqlite.JDBC"; +// private static final String SQLITE_CONNECTION_PARAM = "jdbc:sqlite:%s"; +// private static final boolean sleep = true; +// private static final int howLongToSleepOnBusyLock_ = 100; +// +// private static final Logger log = LoggerFactory.getLogger(EidasDataStore.class); +// +// @Autowired +// private IConfiguration basicConfig; +// +// private String connectionUrl; +// private Connection conn = null; +// +// @PostConstruct +// private void initialize() throws SQLiteServiceException { +// try { +// final String sqlLiteDbUrl = basicConfig.getBasicConfiguration( +// Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_SQLLITEDATASTORE_URL, +// basicConfig.getConfigurationRootDirectory().toString() + "/sqlite/database.db" +// +// ); +// +// log.info("Use SQLite database with URL: " + sqlLiteDbUrl); +// +// // check if SQLite lib is in Classpath +// Class.forName(SQLITE_JDBC_DRIVER_CLASS); +// +// // open DB connection +// boolean isNewFileCreated = false; +// +// // open file or create file if not already exists +// final File dbFile = new File(sqlLiteDbUrl); +// if (!dbFile.exists()) { +// log.info("SQLite database does not exist. Creating new database file ... "); +// dbFile.createNewFile(); +// isNewFileCreated = true; +// +// } +// +// // open database connection +// connectionUrl = String.format(SQLITE_CONNECTION_PARAM, dbFile.getPath()); +// +// // create DB scheme if new DB file was created +// if (isNewFileCreated) { +// executeUpdate(startConnection().createStatement(), eIDASPersonalIdStoreDAO.CREATE); +// log.debug("SQLite db scheme created"); +// +// } +// +// } catch (final ClassNotFoundException e) { +// log.warn("Can NOT initialize SQLite database for temporarly identity mapping. ", e); +// throw new SQLiteServiceException("internal.05", new Object[] { e.getMessage() }, e); +// +// } catch (SQLException | IOException e) { +// log.warn("Can NOT initialize SQLite database for temporarly identity mapping. ", e); +// throw new SQLiteServiceException("internal.05", new Object[] { e.getMessage() }, e); +// +// } +// +// } +// +// /** +// * Store a mapping entry with eIDAS personal identifier (source country / +// * destination country / personal identifier) and the identifier that is used +// * for ERnB communication. +// * +// * @param transactionId Id of this authentication transaction +// * @param eidasId eIDAS personal identifier without country prefixes +// * @param ernbId personal identifier that is used to request the ERnB +// * @throws SQLiteServiceException In case of a database error +// */ +// public void storeNationalId(String transactionId, Trible<String, String, String> eidasId, String ernbId) +// throws SQLiteServiceException { +// try { +// final PreparedStatement preStatment = startConnection().prepareStatement( +// eIDASPersonalIdStoreDAO.INSERT, +// Statement.RETURN_GENERATED_KEYS); +// +// for (int i = 1; i <= eIDASPersonalIdStoreDAO.TABLE_COLS.size(); i++) { +// final Pair<String, eIDASPersonalIdStoreDAO.T> col = eIDASPersonalIdStoreDAO.TABLE_COLS.get(i - 1); +// if (col.getFirst().equals(eIDASPersonalIdStoreDAO.COLS.timestamp.name())) { +// preStatment.setDate(i, new java.sql.Date(Instant.now().toEpochMilli())); +// } else if (col.getFirst().equals(eIDASPersonalIdStoreDAO.COLS.transactionId.name())) { +// preStatment.setString(i, transactionId); +// } else if (col.getFirst().equals(eIDASPersonalIdStoreDAO.COLS.eidasId.name())) { +// preStatment.setString(i, eidasId.getThird()); +// } else if (col.getFirst().equals(eIDASPersonalIdStoreDAO.COLS.eidasSourceCountry.name())) { +// preStatment.setString(i, eidasId.getFirst()); +// } else if (col.getFirst().equals(eIDASPersonalIdStoreDAO.COLS.eidasDestinationCountry.name())) { +// preStatment.setString(i, eidasId.getSecond()); +// } else if (col.getFirst().equals(eIDASPersonalIdStoreDAO.COLS.ernbId.name())) { +// preStatment.setString(i, ernbId); +// } else { +// log.warn("SQLite table:" + eIDASPersonalIdStoreDAO.NAME + " contains no col with name:" + col +// .getFirst()); +// } +// +// } +// +// // execute SQL query +// final int sqlResult = preStatment.executeUpdate(); +// +// if (sqlResult != 1) { +// log.warn("SQLite query execution FAILED!"); +// throw new SQLiteServiceException("internal.06", new Object[] { "Queryresult is '-1'" }); +// +// } +// +// } catch (SQLiteServiceException | SQLException e) { +// log.warn("SQLite query execution FAILED!", e); +// throw new SQLiteServiceException("internal.05", new Object[] { e.getMessage() }, e); +// +// } +// +// } +// +// /** +// * Get the ERnB related national identifier from mapping database. +// * +// * @param eidasId eIDAS related identifier +// * @return Mapped ERnB identifier +// * @throws SQLiteServiceException In case of a database error +// */ +// public String getErnbNationalId(Trible<String, String, String> eidasId) throws SQLiteServiceException { +// try { +// final PreparedStatement preStatment = startConnection().prepareStatement( +// eIDASPersonalIdStoreDAO.SELECT_BY_EIDAS_RAW_ID, +// Statement.RETURN_GENERATED_KEYS); +// +// preStatment.setString(1, eidasId.getThird()); +// preStatment.setString(2, eidasId.getFirst()); +// +// final ResultSet rs = preStatment.executeQuery(); +// +// if (!rs.next()) { +// return null; +// } else { +// return rs.getString(eIDASPersonalIdStoreDAO.COLS.ernbId.name()); +// } +// +// } catch (SQLiteServiceException | SQLException e) { +// log.warn("SQLite query execution FAILED!", e); +// throw new SQLiteServiceException("internal.05", new Object[] { e.getMessage() }, e); +// +// } +// +// } +// +// /** +// * Get the eIDAS identifier from an ERnB identifier. +// * +// * @param ernbId ERnB specific identifier +// * @return eIDAS unqiue identifier +// * @throws SQLiteServiceException In case of a database error +// */ +// public String getEidasRawNationalId(String ernbId) throws SQLiteServiceException { +// try { +// final PreparedStatement preStatment = startConnection().prepareStatement( +// eIDASPersonalIdStoreDAO.SELECT_BY_ERNB_ID, +// Statement.RETURN_GENERATED_KEYS); +// +// preStatment.setString(1, ernbId); +// +// final ResultSet rs = preStatment.executeQuery(); +// +// if (!rs.next()) { +// return null; +// } else { +// return rs.getString(eIDASPersonalIdStoreDAO.COLS.eidasId.name()); +// } +// +// } catch (SQLiteServiceException | SQLException e) { +// log.warn("SQLite query execution FAILED!", e); +// throw new SQLiteServiceException("internal.05", new Object[] { e.getMessage() }, e); +// +// } +// +// } +// +// private Connection startConnection() throws SQLiteServiceException { +// int i = howLongToSleepOnBusyLock_; +// +// while (true) { +// try { +// if (conn == null) { +// log.info("Initializing SQLite database with URL: " + connectionUrl + " ... "); +// conn = DriverManager.getConnection(connectionUrl, getConnectionProperties()); +// +// } else { +// if (!conn.isValid(10)) { +// log.info("SQLite connection is not valid any more --> restarting connection ..."); +// conn.close(); +// conn = DriverManager.getConnection(connectionUrl, getConnectionProperties()); +// } +// } +// +// log.info("SQLite database connected"); +// return conn; +// +// } catch (final SQLException e) { +// final String msg = e.getLocalizedMessage(); +// if (isBusyLocked(e)) { +// log.warn(msg, e); +// try { +// if (sleep) { +// Thread.sleep(i++); +// } +// +// } catch (final InterruptedException e1) { +// throw new SQLiteServiceException("internal.05", new Object[] { e1.getMessage() }, e1); +// +// } +// continue; +// +// } +// throw new SQLiteServiceException("internal.05", new Object[] { e.getMessage() }, e); +// +// } +// } +// } +// +// /* +// * SQLite query code +// */ +// +// protected Properties getConnectionProperties() { +// final SQLiteConfig config = new SQLiteConfig(); +// config.enforceForeignKeys(true); +// config.setCacheSize(8000); +// config.setLockingMode(LockingMode.NORMAL); +// config.setSharedCache(false); +// config.setReadUncommited(true); +// config.setSynchronous(SynchronousMode.NORMAL); +// return config.toProperties(); +// +// } +// +// private int executeUpdate(Statement statement, String sql) throws SQLiteServiceException { +// final int i = 10; +// +// int rc = -1; +// while (true) { +// try { +// rc = statement.executeUpdate(sql); +// break; +// +// } catch (final SQLException e) { +// try { +// if (executeUpdateError(e, i)) { +// continue; +// } else { +// throw new SQLiteServiceException("internal.06", +// new Object[] { e.getMessage() }, e); +// } +// +// } catch (final SQLiteServiceException e1) { +// log.warn("\n" + sql + "\n" + e1.getMessage()); +// throw e1; +// +// } +// } +// } +// +// return rc; +// +// } +// +// private boolean isBusyLocked(SQLException e) { +// final int eC = e.getErrorCode(); +// +// if (eC == SQLiteErrorCode.SQLITE_LOCKED.code +// || eC == SQLiteErrorCode.SQLITE_BUSY.code) { +// log.trace("SQLite db is busy looked"); +// return true; +// +// } +// +// final String msg = e.getMessage(); +// if (msg.contains("[SQLITE_LOCKED]") || msg.contains("[SQLITE_BUSY]")) { +// log.trace("SQLite db is busy looked"); +// return true; +// } +// +// return false; +// } +// +// private boolean executeUpdateError(SQLException e, int theadSleepCounter) throws SQLiteServiceException { +// if (isBusyLocked(e)) { +// try { +// if (sleep) { +// Thread.sleep(theadSleepCounter++); +// } +// +// } catch (final InterruptedException e1) { +// throw new SQLiteServiceException("internal.05", new Object[] { e1.getMessage() }, e1); +// +// } +// +// return true; +// } +// +// return false; +// +// } +//} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ICcSpecificEidProcessingService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ICcSpecificEidProcessingService.java new file mode 100644 index 00000000..ebbc15e4 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ICcSpecificEidProcessingService.java @@ -0,0 +1,61 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.service; + +import java.util.Map; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.gv.egiz.eaaf.core.api.IRequest; +import eu.eidas.auth.commons.light.ILightRequest; +import eu.eidas.auth.commons.light.impl.LightRequest.Builder; + +public interface ICcSpecificEidProcessingService { + + /** + * Post-process eIDAS eID attributes into national format. + * + * @param eidasAttrMap Map of eIDAS attributes in format friendlyName and + * attribute + * + * @return eID attributes for SZR request + * @throws EidPostProcessingException In case of a post-processing error + * @throws EidasAttributeException In case of an invalid eIDAS attribute value + */ + ErnbEidData postProcess(Map<String, Object> eidasAttrMap) throws EidPostProcessingException, + EidasAttributeException; + + /** + * Pre Process eIDAS request into national requirements. + * + * @param selectedCC Citizen Country from selection + * @param pendingReq current pending request + * @param authnRequestBuilder eIDAS {@link ILightRequest} builder + * @throws EidPostProcessingException In case of a pre-processing error + */ + void preProcess(String selectedCC, IRequest pendingReq, Builder authnRequestBuilder) + throws EidPostProcessingException; + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java new file mode 100644 index 00000000..763d8dab --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java @@ -0,0 +1,408 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.szr; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.net.URL; +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.security.UnrecoverableKeyException; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.annotation.PostConstruct; +import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.Marshaller; +import javax.xml.namespace.QName; +import javax.xml.transform.Source; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.stream.StreamResult; +import javax.xml.transform.stream.StreamSource; +import javax.xml.ws.BindingProvider; +import javax.xml.ws.Dispatch; +import javax.xml.ws.handler.Handler; + +import org.apache.commons.lang3.StringUtils; +import org.apache.cxf.configuration.jsse.TLSClientParameters; +import org.apache.cxf.endpoint.Client; +import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.jaxws.DispatchImpl; +import org.apache.cxf.transport.http.HTTPConduit; +import org.apache.cxf.transports.http.configuration.HTTPClientPolicy; +import org.apache.xpath.XPathAPI; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.LoggingHandler; +import at.gv.egiz.eaaf.core.api.data.XmlNamespaceConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; +import szrservices.GetBPK; +import szrservices.GetBPKResponse; +import szrservices.GetIdentityLinkEidas; +import szrservices.GetIdentityLinkEidasResponse; +import szrservices.IdentityLinkType; +import szrservices.ObjectFactory; +import szrservices.PersonInfoType; +import szrservices.SZR; +import szrservices.SZRException_Exception; + +@Service("SZRClientForeIDAS") +public class SzrClient { + private static final Logger log = LoggerFactory.getLogger(SzrClient.class); + + private static final String CLIENT_DEFAULT = "DefaultClient"; + private static final String CLIENT_RAW = "RawClient"; + + @Autowired + private IConfiguration basicConfig; + + // client for anything, without identitylink + private SZR szr = null; + + // RAW client is needed for identitylink + private Dispatch<Source> dispatch = null; + + private SzrService szrService = null; + private String szrUrl = null; + private QName qname = null; + + /** + * Get IdentityLink of a person. + * + * @param personInfo Person identification information + * @return IdentityLink + * @throws SzrCommunicationException In case of a SZR error + */ + public IdentityLinkType getIdentityLinkInRawMode(PersonInfoType personInfo) + throws SzrCommunicationException { + try { + final GetIdentityLinkEidas getIdl = new GetIdentityLinkEidas(); + getIdl.setPersonInfo(personInfo); + + final JAXBContext jaxbContext = JAXBContext.newInstance(ObjectFactory.class); + final Marshaller jaxbMarshaller = jaxbContext.createMarshaller(); + + final ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); + jaxbMarshaller.marshal(getIdl, outputStream); + outputStream.flush(); + + final Source source = new StreamSource(new ByteArrayInputStream(outputStream.toByteArray())); + outputStream.close(); + + log.trace("Requesting SZR ... "); + final Source response = dispatch.invoke(source); + log.trace("Receive RAW response from SZR"); + + final byte[] szrResponse = sourceToByteArray(response); + final GetIdentityLinkEidasResponse jaxbElement = (GetIdentityLinkEidasResponse) jaxbContext + .createUnmarshaller().unmarshal(new ByteArrayInputStream(szrResponse)); + + // build response + log.trace(new String(szrResponse, "UTF-8")); + + // ok, we have success + final Document doc = DomUtils.parseDocument( + new ByteArrayInputStream(szrResponse), + true, + XmlNamespaceConstants.ALL_SCHEMA_LOCATIONS + " " + Constants.SZR_SCHEMA_LOCATIONS, + null, null); + final String xpathExpression = "//saml:Assertion"; + final Element nsNode = doc.createElementNS("urn:oasis:names:tc:SAML:1.0:assertion", "saml:NSNode"); + + log.trace("Selecting signed doc " + xpathExpression); + final Element documentNode = (Element) XPathAPI.selectSingleNode(doc, + xpathExpression, nsNode); + log.trace("Signed document: " + DomUtils.serializeNode(documentNode)); + + final IdentityLinkType idl = new IdentityLinkType(); + idl.setAssertion(documentNode); + idl.setPersonInfo(jaxbElement.getGetIdentityLinkReturn().getPersonInfo()); + + return idl; + + } catch (final Exception e) { + log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e); + throw new SzrCommunicationException("ernb.02", new Object[] { e.getMessage() }, e); + + } + + } + + /** + * Get bPK of person. + * + * @param personInfo Person identification information + * @param target requested bPK target + * @param vkz Verfahrenskennzeichen + * @return bPK for this person + * @throws SzrCommunicationException In case of a SZR error + */ + public String getBpk(PersonInfoType personInfo, String target, String vkz) + throws SzrCommunicationException { + try { + final GetBPK parameters = new GetBPK(); + parameters.setPersonInfo(personInfo); + parameters.setBereichsKennung(target); + parameters.setVKZ(vkz); + final GetBPKResponse result = this.szr.getBPK(parameters); + + return result.getGetBPKReturn(); + + } catch (final SZRException_Exception e) { + log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e); + throw new SzrCommunicationException("ernb.02", new Object[] { e.getMessage() }, e); + + } + + } + + @PostConstruct + private void initialize() { + log.info("Starting SZR-Client initialization .... "); + final URL url = SzrClient.class.getResource("/szr_client/SZR-1.1.WSDL"); + + final boolean useTestSzr = basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE, + true); + + if (useTestSzr) { + log.debug("Initializing SZR test environment configuration."); + qname = SzrService.SZRTestumgebung; + szrService = new SzrService(url, new QName("urn:SZRServices", "SZRService")); + szr = szrService.getSzrTestumgebung(); + szrUrl = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_ENDPOINT_TEST); + + } else { + log.debug("Initializing SZR productive configuration."); + qname = SzrService.SZRProduktionsumgebung; + szrService = new SzrService(url, new QName("urn:SZRServices", "SZRService")); + szr = szrService.getSzrProduktionsumgebung(); + szrUrl = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_ENDPOINT_PROD); + + } + + // create raw client; + dispatch = szrService.createDispatch(qname, Source.class, javax.xml.ws.Service.Mode.PAYLOAD); + + if (StringUtils.isEmpty(szrUrl)) { + log.error("No SZR service-URL found. SZR-Client initalisiation failed."); + throw new RuntimeException("No SZR service URL found. SZR-Client initalisiation failed."); + + } + + // check if Clients can be initialized + if (szr == null) { + log.error("SZR " + CLIENT_DEFAULT + " is 'NULL'. Something goes wrong"); + throw new RuntimeException("SZR " + CLIENT_DEFAULT + " is 'NULL'. Something goes wrong"); + + } + if (dispatch == null) { + log.error("SZR " + CLIENT_RAW + " is 'NULL'. Something goes wrong"); + throw new RuntimeException("SZR " + CLIENT_RAW + " is 'NULL'. Something goes wrong"); + + } + + // inject handler + log.info("Use SZR service-URL: " + szrUrl); + injectBindingProvider((BindingProvider) szr, CLIENT_DEFAULT); + injectBindingProvider(dispatch, CLIENT_RAW); + + // inject http parameters and SSL context + log.debug("Inject HTTP client settings ... "); + injectHttpClient(szr, CLIENT_DEFAULT); + injectHttpClient(dispatch, CLIENT_RAW); + + log.info("SZR-Client initialization successfull"); + } + + private void injectHttpClient(Object raw, String clientType) { + // extract client from implementation + Client client = null; + if (raw instanceof DispatchImpl<?>) { + client = ((DispatchImpl<?>) raw).getClient(); + } else if (raw instanceof Client) { + client = ClientProxy.getClient(raw); + } else { + throw new RuntimeException("SOAP Client for SZR connection is of UNSUPPORTED type: " + raw.getClass() + .getName()); + } + + // set basic connection policies + final HTTPConduit http = (HTTPConduit) client.getConduit(); + + // set timeout policy + final HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); + httpClientPolicy.setConnectionTimeout( + Integer.parseInt(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_CONNECTION, + Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION)) * 1000); + httpClientPolicy.setReceiveTimeout( + Integer.parseInt(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_RESPONSE, + Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE)) * 1000); + http.setClient(httpClientPolicy); + + // inject SSL context in case of https + if (szrUrl.toLowerCase().startsWith("https")) { + log.debug("Adding SSLContext to client: " + clientType + " ... "); + final TLSClientParameters tlsParams = new TLSClientParameters(); + tlsParams.setSSLSocketFactory(createSslContext(clientType).getSocketFactory()); + http.setTlsClientParameters(tlsParams); + log.info("SSLContext initialized for client: " + clientType); + + } + + } + + private void injectBindingProvider(BindingProvider bindingProvider, String clientType) { + final Map<String, Object> requestContext = bindingProvider.getRequestContext(); + requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, szrUrl); + + log.trace("Adding JAX-WS request/response trace handler to client: " + clientType); + List<Handler> handlerList = bindingProvider.getBinding().getHandlerChain(); + if (handlerList == null) { + handlerList = new ArrayList<>(); + bindingProvider.getBinding().setHandlerChain(handlerList); + + } + + // add logging handler to trace messages if required + if (basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_TRACEMESSAGES, + false)) { + final LoggingHandler loggingHandler = new LoggingHandler(); + handlerList.add(loggingHandler); + + } + bindingProvider.getBinding().setHandlerChain(handlerList); + } + + private SSLContext createSslContext(String clientType) { + try { + final SSLContext context = SSLContext.getInstance("TLS"); + + // initialize key-mangager for SSL client-authentication + KeyManager[] keyManager = null; + final String keyStorePath = basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PATH); + final String keyStorePassword = basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PASSWORD); + if (StringUtils.isNotEmpty(keyStorePath)) { + log.trace("Find keyStore path: " + keyStorePath + " Injecting SSL client certificate ... "); + try { + final KeyStore keyStore = KeyStoreUtils.loadKeyStore( + FileUtils.makeAbsoluteUrl(keyStorePath, basicConfig.getConfigurationRootDirectory()), + keyStorePassword); + + final KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); + kmf.init(keyStore, keyStorePassword.toCharArray()); + keyManager = kmf.getKeyManagers(); + log.debug("SSL client certificate injected to client: " + clientType); + + } catch (KeyStoreException | IOException | UnrecoverableKeyException e) { + log.error("Can NOT load SSL client certificate from path: " + keyStorePath); + throw new RuntimeException("Can NOT load SSL client certificate from path: " + keyStorePath, e); + + } + } else { + log.debug( + "No KeyStore for SSL Client Auth. found. Initializing SSLContext without authentication ... "); + + } + + // initialize SSL TrustStore + TrustManager[] trustManager = null; + final String trustStorePath = basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PATH); + final String trustStorePassword = basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PASSWORD); + if (StringUtils.isNotEmpty(trustStorePath)) { + log.trace("Find trustStore path: " + trustStorePath + " Injecting SSL TrustStore ... "); + try { + final KeyStore trustStore = KeyStoreUtils.loadKeyStore( + FileUtils.makeAbsoluteUrl(trustStorePath, basicConfig.getConfigurationRootDirectory()), + trustStorePassword); + + final TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); + tmf.init(trustStore); + trustManager = tmf.getTrustManagers(); + log.debug("SSL TrustStore injected to client: " + clientType); + + } catch (KeyStoreException | IOException e) { + log.error("Can NOT open SSL TrustStore from path: " + trustStorePath); + throw new RuntimeException("Can NOT open SSL TrustStore from path: " + trustStorePath, e); + + } + + } else { + log.debug("No custom SSL TrustStore found. Initializing SSLContext with JVM default truststore ... "); + + } + + context.init(keyManager, trustManager, new SecureRandom()); + return context; + + } catch (NoSuchAlgorithmException | KeyManagementException e) { + log.error("SSLContext initialization FAILED.", e); + throw new RuntimeException("SSLContext initialization FAILED.", e); + + } + + } + + private byte[] sourceToByteArray(Source result) throws TransformerException { + final TransformerFactory factory = TransformerFactory.newInstance(); + final Transformer transformer = factory.newTransformer(); + transformer.setOutputProperty("omit-xml-declaration", "yes"); + transformer.setOutputProperty("method", "xml"); + final ByteArrayOutputStream out = new ByteArrayOutputStream(); + final StreamResult streamResult = new StreamResult(); + streamResult.setOutputStream(out); + transformer.transform(result, streamResult); + return out.toByteArray(); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrService.java new file mode 100644 index 00000000..dde868b1 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrService.java @@ -0,0 +1,164 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.szr; + +import java.net.URL; + +import javax.xml.namespace.QName; +import javax.xml.ws.Service; +import javax.xml.ws.WebEndpoint; +import javax.xml.ws.WebServiceClient; +import javax.xml.ws.WebServiceFeature; + +import szrservices.SZR; + +/** + * This class was generated by Apache CXF 3.1.16 2018-07-10T09:36:01.466+02:00 + * Generated source version: 3.1.16 + * + */ +@WebServiceClient(name = "SZRService", + wsdlLocation = "./src/main/resources/szr_client/SZR-1.WSDL", + targetNamespace = "urn:SZRServices") +public class SzrService extends Service { + + public static final URL WSDL_LOCATION; + + public static final QName SERVICE = new QName("urn:SZRServices", "SZRService"); + public static final QName SZRProduktionsumgebung = new QName("urn:SZRServices", "SZRProduktionsumgebung"); + public static final QName SZRTestumgebung = new QName("urn:SZRServices", "SZRTestumgebung"); + public static final QName SZRBusinesspartnerTestumgebung = new QName("urn:SZRServices", + "SZRBusinesspartnerTestumgebung"); + + static { + URL url = SzrService.class.getResource("./src/main/resources/szr_client/SZR-1.WSDL"); + if (url == null) { + url = SzrService.class.getClassLoader().getResource("/szr_client/SZR-1.WSDL"); + } + if (url == null) { + java.util.logging.Logger.getLogger(SzrService.class.getName()) + .log(java.util.logging.Level.INFO, + "Can not initialize the default wsdl from {0}", "/szr_client/SZR-1.WSDL"); + } + WSDL_LOCATION = url; + + } + + public SzrService(URL wsdlLocation) { + super(wsdlLocation, SERVICE); + } + + public SzrService(URL wsdlLocation, QName serviceName) { + super(wsdlLocation, serviceName); + } + + public SzrService() { + super(WSDL_LOCATION, SERVICE); + } + + public SzrService(WebServiceFeature... features) { + super(WSDL_LOCATION, SERVICE, features); + } + + public SzrService(URL wsdlLocation, WebServiceFeature... features) { + super(wsdlLocation, SERVICE, features); + } + + public SzrService(URL wsdlLocation, QName serviceName, WebServiceFeature... features) { + super(wsdlLocation, serviceName, features); + } + + /** + * Get SZR Web-Service. + * + * @return returns SZR + */ + @WebEndpoint(name = "SZRProduktionsumgebung") + public SZR getSzrProduktionsumgebung() { + return super.getPort(SZRProduktionsumgebung, SZR.class); + } + + /** + * Get SZR Web-Service. + * + * @param features A list of {@link javax.xml.ws.WebServiceFeature} to configure + * on the proxy. Supported features not in the + * <code>features</code> parameter will have their default + * values. + * @return returns SZR + */ + @WebEndpoint(name = "SZRProduktionsumgebung") + public SZR getSzrProduktionsumgebung(WebServiceFeature... features) { + return super.getPort(SZRProduktionsumgebung, SZR.class, features); + } + + /** + *Get SZR Web-Service. + * + * @return returns SZR + */ + @WebEndpoint(name = "SZRTestumgebung") + public SZR getSzrTestumgebung() { + return super.getPort(SZRTestumgebung, SZR.class); + } + + /** + * Get SZR Web-Service. + * + * @param features A list of {@link javax.xml.ws.WebServiceFeature} to configure + * on the proxy. Supported features not in the + * <code>features</code> parameter will have their default + * values. + * @return returns SZR + */ + @WebEndpoint(name = "SZRTestumgebung") + public SZR getSzrTestumgebung(WebServiceFeature... features) { + return super.getPort(SZRTestumgebung, SZR.class, features); + } + + /** + * Get SZR Web-Service. + * + * @return returns SZR + */ + @WebEndpoint(name = "SZRBusinesspartnerTestumgebung") + public SZR getSzrBusinesspartnerTestumgebung() { + return super.getPort(SZRBusinesspartnerTestumgebung, SZR.class); + } + + /** + * Get SZR Web-Service. + * + * @param features A list of {@link javax.xml.ws.WebServiceFeature} to configure + * on the proxy. Supported features not in the + * <code>features</code> parameter will have their default + * values. + * @return returns SZR + */ + @WebEndpoint(name = "SZRBusinesspartnerTestumgebung") + public SZR getSzrBusinesspartnerTestumgebung(WebServiceFeature... features) { + return super.getPort(SZRBusinesspartnerTestumgebung, SZR.class, features); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java new file mode 100644 index 00000000..8f49d57d --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -0,0 +1,406 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; + +import java.io.InputStream; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.joda.time.DateTime; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.ImmutableSet; + +import at.asitplus.eidas.specific.connector.MsConnectorEventCodes; +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.gv.e_government.reference.namespace.persondata._20020228.AlternativeNameType; +import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType; +import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.AttributeValue; +import eu.eidas.auth.commons.light.ILightResponse; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; +import szrservices.IdentityLinkType; +import szrservices.PersonInfoType; +import szrservices.TravelDocumentType; + +/** + * Task that creates the IdentityLink for an eIDAS authenticated person. + * + * @author tlenz + * + */ +@Component("CreateIdentityLinkTask") +public class CreateIdentityLinkTask extends AbstractAuthServletTask { + private static final Logger log = LoggerFactory.getLogger(CreateIdentityLinkTask.class); + + @Autowired + private IConfiguration basicConfig; + @Autowired + private SzrClient szrClient; + @Autowired + private ICcSpecificEidProcessingService eidPostProcessor; + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv. + * egovernment.moa.id.process.api.ExecutionContext, + * javax.servlet.http.HttpServletRequest, + * javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, + HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + final ILightResponse eidasResponse = authProcessData.getGenericDataFromSession( + Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); + + final Map<String, Object> simpleAttrMap = convertEidasAttrToSimpleMap(eidasResponse.getAttributes() + .getAttributeMap()); + + IIdentityLink identityLink = null; + String bpk = null; + + // post-process eIDAS attributes + final ErnbEidData eidData = eidPostProcessor.postProcess(simpleAttrMap); + + // write MDS into technical log and revision log + writeMdsLogInformation(eidData); + + // connect SZR-Gateway + if (basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) { + log.warn("SZR-Dummy IS ACTIVE! IdentityLink is NOT VALID!!!!"); + // create fake IdL + // - fetch IdL template from resources + final InputStream s = CreateIdentityLinkTask.class.getResourceAsStream( + "/resources/xmldata/fakeIdL_IdL_template.xml"); + final Element idlTemplate = DomUtils.parseXmlValidating(s); + + identityLink = new SimpleIdentityLinkAssertionParser(idlTemplate).parseIdentityLink(); + + // replace data + final Element idlassertion = identityLink.getSamlAssertion(); + + // - set fake baseID; + final Node prIdentification = XPathUtils.selectSingleNode(idlassertion, + SimpleIdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); + prIdentification.getFirstChild().setNodeValue(eidData.getPseudonym()); + + // - set last name + final Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, + SimpleIdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH); + prFamilyName.getFirstChild().setNodeValue(eidData.getFamilyName()); + + // - set first name + final Node prGivenName = XPathUtils.selectSingleNode(idlassertion, + SimpleIdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH); + prGivenName.getFirstChild().setNodeValue(eidData.getGivenName()); + + // - set date of birth + final Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, + SimpleIdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH); + + prDateOfBirth.getFirstChild().setNodeValue(eidData.getFormatedDateOfBirth()); + + identityLink = new SimpleIdentityLinkAssertionParser(idlassertion).parseIdentityLink(); + + new BpkBuilder(); + final Pair<String, String> bpkCalc = BpkBuilder.generateAreaSpecificPersonIdentifier( + identityLink.getIdentificationValue(), + identityLink.getIdentificationType(), + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + bpk = bpkCalc.getFirst(); + + } else { + // contact SZR Gateway + log.debug("Starting connecting SZR Gateway"); + final PersonInfoType personInfo = new PersonInfoType(); + final PersonNameType personName = new PersonNameType(); + final PhysicalPersonType naturalPerson = new PhysicalPersonType(); + final TravelDocumentType eDocument = new TravelDocumentType(); + + naturalPerson.setName(personName); + personInfo.setPerson(naturalPerson); + personInfo.setTravelDocument(eDocument); + + // person information + personName.setFamilyName(eidData.getFamilyName()); + personName.setGivenName(eidData.getGivenName()); + naturalPerson.setDateOfBirth(eidData.getFormatedDateOfBirth()); + eDocument.setIssuingCountry(eidData.getCitizenCountryCode()); + eDocument.setDocumentNumber(eidData.getPseudonym()); + + // eID document information + eDocument.setDocumentType(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE, + Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE)); + + // set PlaceOfBirth if available + if (eidData.getPlaceOfBirth() != null) { + log.trace("Find 'PlaceOfBirth' attribute: " + eidData.getPlaceOfBirth()); + if (basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE, + true)) { + naturalPerson.setPlaceOfBirth(eidData.getPlaceOfBirth()); + log.trace("Adding 'PlaceOfBirth' to ERnB request ... "); + + } + } + + // set BirthName if available + if (eidData.getBirthName() != null) { + log.trace("Find 'BirthName' attribute: " + eidData.getBirthName()); + if (basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE, + true)) { + final AlternativeNameType alternativeName = new AlternativeNameType(); + naturalPerson.setAlternativeName(alternativeName); + alternativeName.setFamilyName(eidData.getBirthName()); + log.trace("Adding 'BirthName' to ERnB request ... "); + + } + } + + final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo); + + final Element idlFromSzr = (Element) result.getAssertion(); + identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink(); + + // write ERnB inputdata into revisionlog + if (basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) { + revisionsLogger.logEvent(pendingReq, + MsConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID, + (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); + revisionsLogger.logEvent(pendingReq, + MsConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eidData.getPseudonym()); + + } + + // get bPK from SZR + if (basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) { + bpk = szrClient.getBpk( + personInfo, + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), + basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, + "no VKZ defined")); + + } else { + log.debug("Calculating bPK from baseId ... "); + new BpkBuilder(); + final Pair<String, String> bpkCalc = BpkBuilder.generateAreaSpecificPersonIdentifier( + identityLink.getIdentificationValue(), + identityLink.getIdentificationType(), + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + bpk = bpkCalc.getFirst(); + + } + + } + + if (identityLink == null) { + log.error("ERnB did not return an identity link."); + throw new SzrCommunicationException("ernb.00", null); + + } + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_IDL_RECEIVED, + identityLink.getSamlAssertion().getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID)); + + if (bpk == null) { + log.error("ERnB did not return a bPK for target: " + pendingReq.getServiceProviderConfiguration() + .getAreaSpecificTargetIdentifier()); + throw new SzrCommunicationException("ernb.01", null); + + } + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_BPK_RECEIVED); + + log.debug("ERnB communication was successfull"); + + authProcessData.setForeigner(true); + authProcessData.setIdentityLink(identityLink); + authProcessData.setGenericDataToSession( + PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, + EidasResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get( + Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst()); + + // set bPK and bPKType into auth session + authProcessData.setGenericDataToSession( + PvpAttributeDefinitions.BPK_NAME, + extendBpkByPrefix( + bpk, + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier())); + authProcessData.setGenericDataToSession( + PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + + // store pending-request + requestStoreage.storePendingRequest(pendingReq); + + } catch (final EidasAttributeException e) { + throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e); + + } catch (final EaafException e) { + throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + + } catch (final Exception e) { + log.error("IdentityLink generation for foreign person FAILED.", e); + throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + + } + } + + private String extendBpkByPrefix(String bpk, String type) { + String bpkType = null; + + if (type.startsWith(EaafConstants.URN_PREFIX_WBPK)) { + bpkType = type.substring(EaafConstants.URN_PREFIX_WBPK.length()); + } else if (type.startsWith(EaafConstants.URN_PREFIX_CDID)) { + bpkType = type.substring(EaafConstants.URN_PREFIX_CDID.length()); + } else if (type.startsWith(EaafConstants.URN_PREFIX_EIDAS)) { + bpkType = type.substring(EaafConstants.URN_PREFIX_EIDAS.length()); + } + + if (bpkType != null) { + log.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + bpkType); + return bpkType + ":" + bpk; + + } else { + log.warn("Service Provider Target with: " + type + " is NOT supported. Set bPK as it is ..."); + return bpk; + + } + + } + + private Map<String, Object> convertEidasAttrToSimpleMap( + ImmutableMap<AttributeDefinition<?>, ImmutableSet<? extends AttributeValue<?>>> attributeMap) { + final Map<String, Object> result = new HashMap<>(); + + for (final AttributeDefinition<?> el : attributeMap.keySet()) { + + final Class parameterizedType = el.getParameterizedType(); + if (DateTime.class.equals(parameterizedType)) { + final DateTime attribute = EidasResponseUtils.translateDateAttribute(el, attributeMap.get(el) + .asList()); + if (attribute != null) { + result.put(el.getFriendlyName(), attribute); + log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + attribute.toString()); + + } else { + log.info("Ignore empty 'DateTime' attribute"); + } + + } else if (PostalAddress.class.equals(parameterizedType)) { + final PostalAddress addressAttribute = EidasResponseUtils.translateAddressAttribute(el, attributeMap + .get(el).asList()); + if (addressAttribute != null) { + result.put(el.getFriendlyName(), addressAttribute); + log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + addressAttribute.toString()); + + } else { + log.info("Ignore empty 'PostalAddress' attribute"); + } + + } else { + final List<String> natPersonIdObj = EidasResponseUtils.translateStringListAttribute(el, attributeMap + .get(el).asList()); + final String stringAttr = natPersonIdObj.get(0); + if (StringUtils.isNotEmpty(stringAttr)) { + result.put(el.getFriendlyName(), stringAttr); + log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + stringAttr); + + } else { + log.info("Ignore empty 'String' attribute"); + } + + } + } + + log.debug("Receive #" + result.size() + " attributes with names: " + result.keySet().toString()); + + return result; + } + + private void writeMdsLogInformation(ErnbEidData eidData) { + // log MDS and country code into technical log + if (basicConfig.getBasicConfigurationBoolean( + MsEidasNodeConstants.PROP_CONFIG_TECHNICALLOG_WRITE_MDS_INTO_TECH_LOG, false)) { + log.info("eIDAS Auth. for user: " + + eidData.getGivenName() + " " + + eidData.getFamilyName() + " " + + eidData.getFormatedDateOfBirth() + " " + + "from " + eidData.getCitizenCountryCode()); + } + + // log MDS and country code into revision log + if (basicConfig.getBasicConfigurationBoolean( + MsEidasNodeConstants.PROP_CONFIG_REVISIONLOG_WRITE_MDS_INTO_REVISION_LOG, false)) { + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_MDSDATA, + "{" + eidData.getGivenName() + "," + + eidData.getFamilyName() + "," + + eidData.getFormatedDateOfBirth() + "," + + eidData.getCitizenCountryCode() + "}"); + } + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java new file mode 100644 index 00000000..da849c8f --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java @@ -0,0 +1,288 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; + +import java.util.UUID; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.stereotype.Component; +import org.springframework.web.util.UriComponentsBuilder; + +import at.asitplus.eidas.specific.connector.MsConnectorEventCodes; +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.connector.gui.StaticGuiBuilderConfiguration; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import eu.eidas.auth.commons.EidasParameterKeys; +import eu.eidas.auth.commons.light.ILightRequest; +import eu.eidas.auth.commons.light.impl.LightRequest; +import eu.eidas.auth.commons.tx.BinaryLightToken; +import eu.eidas.specificcommunication.BinaryLightTokenHelper; +import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; +import eu.eidas.specificcommunication.exception.SpecificCommunicationException; +import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; + +/** + * Authentication-process task that generates the Authn. Request to eIDAS Node. + * + * @author tlenz + * + */ +@Component("ConnecteIDASNodeTask") +public class GenerateAuthnRequestTask extends AbstractAuthServletTask { + private static final Logger log = LoggerFactory.getLogger(GenerateAuthnRequestTask.class); + + @Autowired + IConfiguration basicConfig; + @Autowired + ApplicationContext context; + @Autowired + ITransactionStorage transactionStore; + @Autowired + ISpringMvcGuiFormBuilder guiBuilder; + @Autowired + ICcSpecificEidProcessingService ccSpecificProcessing; + + @Override + public void execute(ExecutionContext executionContext, + HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + + try { + // get service-provider configuration + final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); + + // get target, environment and validate citizen countryCode + final String citizenCountryCode = (String) executionContext.get( + MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY); + final String environment = (String) executionContext.get( + MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT); + + if (StringUtils.isEmpty(citizenCountryCode)) { + // illegal state; task should not have been executed without a selected country + throw new EidasSAuthenticationException("eidas.03", new Object[] { "" }); + + } + + // TODO: maybe add countryCode validation before request ref. impl. eIDAS node + log.info("Request eIDAS auth. for citizen of country: " + citizenCountryCode); + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.COUNTRY_SELECTED, citizenCountryCode); + + // build eIDAS AuthnRequest + final LightRequest.Builder authnRequestBuilder = LightRequest.builder(); + authnRequestBuilder.id(UUID.randomUUID().toString()); + + final String issur = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_ENTITYID); + if (StringUtils.isEmpty(issur)) { + log.error("Found NO 'eIDAS node issuer' in configuration. Authentication NOT possible!"); + throw new EaafConfigurationException("config.27", + new Object[] { "Application config containts NO " + Constants.CONIG_PROPS_EIDAS_NODE_ENTITYID }); + + } + authnRequestBuilder.issuer(issur); + + // TODO: set matching mode if eIDAS ref. impl. support this method + + // TODO: update if eIDAS ref. impl. supports exact matching for non-notified LoA + // schemes + String loa = EaafConstants.EIDAS_LOA_HIGH; + if (spConfig.getRequiredLoA() != null) { + if (spConfig.getRequiredLoA().isEmpty()) { + log.info("No eIDAS LoA requested. Use LoA HIGH as default"); + } else { + if (spConfig.getRequiredLoA().size() > 1) { + log.info( + "Currently only ONE requested LoA is supported for service provider. Use first one ... "); + } + + loa = spConfig.getRequiredLoA().get(0); + + } + } + + log.debug("Request eIdAS node with LoA: " + loa); + authnRequestBuilder.levelOfAssurance(loa); + + // set nameIDFormat + authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT); + + // set citizen country code for foreign uses + authnRequestBuilder.citizenCountryCode(citizenCountryCode); + + // set relay state + /* + * TODO: SecureToken PendingRequestId generates a validation exception in + * eIDASNode because eIDASNode implements limit on size for RelayState + * (80characaters) + */ + // authnRequestBuilder.relayState(pendingReq.getPendingRequestId()); + + // Add country-specific informations into eIDAS request + ccSpecificProcessing.preProcess(citizenCountryCode, pendingReq, authnRequestBuilder); + + // build request + final LightRequest lightAuthnReq = authnRequestBuilder.build(); + + // put request into Hazelcast cache + final BinaryLightToken token = putRequestInCommunicationCache(lightAuthnReq); + final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token); + + // Workaround, because eIDAS node ref. impl. does not return relayState + if (basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER, + false)) { + log.trace("Put lightRequestId into transactionstore as session-handling backup"); + transactionStore.put(lightAuthnReq.getId(), pendingReq.getPendingRequestId(), -1); + + } + + // select forward URL regarding the selected environment + String forwardUrl = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL); + if (StringUtils.isNotEmpty(environment)) { + forwardUrl = selectedForwardUrlForEnvironment(environment); + } + + if (StringUtils.isEmpty(forwardUrl)) { + log.warn("NO ForwardURL defined in configuration. Can NOT forward to eIDAS node! Process stops"); + throw new EaafConfigurationException("config.08", new Object[] { + environment == null ? Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + : Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + "." + environment + }); + + } + log.debug("ForwardURL: " + forwardUrl + " selected to forward eIDAS request"); + + if (basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD, + Constants.FORWARD_METHOD_GET).equals(Constants.FORWARD_METHOD_GET)) { + + log.debug("Use http-redirect for eIDAS node forwarding ... "); + // send redirect + final UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(forwardUrl); + redirectUrl.queryParam(EidasParameterKeys.TOKEN.toString(), tokenBase64); + response.sendRedirect(redirectUrl.build().encode().toString()); + + } else { + log.debug("Use http-post for eIDAS node forwarding ... "); + final StaticGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( + basicConfig, + pendingReq, + Constants.TEMPLATE_POST_FORWARD_NAME, + null, + resourceLoader); + + config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_ENDPOINT, forwardUrl); + config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_TOKEN_NAME, + EidasParameterKeys.TOKEN.toString()); + config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_TOKEN_VALUE, + tokenBase64); + + guiBuilder.build(request, response, config, "Forward to eIDASNode form"); + + } + + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.EIDAS_NODE_CONNECTED, lightAuthnReq.getId()); + + } catch (final EidasSAuthenticationException e) { + throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", e); + + } catch (final Exception e) { + log.warn("eIDAS AuthnRequest generation FAILED.", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + + } + + /** + * Select a forward URL from configuration for a specific environment <br> + * <br> + * <b>Info: </b> This method is needed, because eIDAS Ref. Impl only supports + * one countrycode on each instance. In consequence, more than one eIDAS Ref. + * Impl nodes are required to support producation, testing, or QS stages for one + * country by using one ms-specific eIDAS connector + * + * @param environment Environment selector from CountrySlection page + * @return + */ + private String selectedForwardUrlForEnvironment(String environment) { + log.trace("Starting endpoint selection process for environment: " + environment + " ... "); + if (environment.equalsIgnoreCase(MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_PRODUCTION)) { + return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL); + } else if (environment.equalsIgnoreCase(MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS)) { + return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + + "." + MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS); + } else if (environment.equalsIgnoreCase( + MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING)) { + return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + + "." + MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING); + } else if (environment.equalsIgnoreCase( + MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT)) { + return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL + + "." + MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT); + } + + log.info("Environment selector: " + environment + " is not supported"); + return null; + + } + + private BinaryLightToken putRequestInCommunicationCache(ILightRequest lightRequest) + throws ServletException { + final BinaryLightToken binaryLightToken; + try { + final SpecificCommunicationService springManagedSpecificConnectorCommunicationService = + (SpecificCommunicationService) context.getBean( + SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString()); + + binaryLightToken = springManagedSpecificConnectorCommunicationService.putRequest(lightRequest); + + } catch (final SpecificCommunicationException e) { + log.error("Unable to process specific request"); + throw new ServletException(e); + + } + + return binaryLightToken; + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java new file mode 100644 index 00000000..60049323 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java @@ -0,0 +1,126 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.asitplus.eidas.specific.connector.MsConnectorEventCodes; +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.validator.EidasResponseValidator; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import eu.eidas.auth.commons.light.ILightResponse; + +@Component("ReceiveResponseFromeIDASNodeTask") +public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { + private static final Logger log = LoggerFactory.getLogger(ReceiveAuthnResponseTask.class); + + @Autowired + private IConfiguration basicConfig; + @Autowired + private EidasAttributeRegistry attrRegistry; + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, + HttpServletResponse response) throws TaskExecutionException { + try { + final ILightResponse eidasResponse = (ILightResponse) request.getAttribute( + Constants.DATA_FULL_EIDAS_RESPONSE); + if (eidasResponse == null) { + log.warn("NO eIDAS response-message found."); + throw new EidasSAuthenticationException("eidas.01", null); + + } + + log.debug("Receive eIDAS response with RespId:" + eidasResponse.getId() + " for ReqId:" + eidasResponse + .getInResponseToId()); + log.trace("Full eIDAS-Resp: " + eidasResponse.toString()); + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE, eidasResponse + .getId()); + + // check response StatusCode + if (!eidasResponse.getStatus().getStatusCode().equals(Constants.SUCCESS_URI)) { + log.info("Receice eIDAS Response with StatusCode:" + eidasResponse.getStatus().getStatusCode() + + " Subcode:" + eidasResponse.getStatus().getSubStatusCode() + " Msg:" + eidasResponse.getStatus() + .getStatusMessage()); + throw new EidasSAuthenticationException("eidas.02", new Object[] { eidasResponse.getStatus() + .getStatusCode(), eidasResponse.getStatus().getStatusMessage() }); + + } + + // extract all Attributes from response + + // ********************************************************** + // ******* MS-specificresponse validation ********** + // ********************************************************** + final String spCountry = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, + "AT"); + final String citizenCountryCode = (String) executionContext.get( + MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY); + EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode, + attrRegistry); + + // ********************************************************** + // ******* Store resonse infos into session object ********** + // ********************************************************** + + // update MOA-Session data with received information + log.debug("Store eIDAS response information into pending-request."); + final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance()); + authProcessData.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse); + + // store MOA-session to database + requestStoreage.storePendingRequest(pendingReq); + + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_VALID); + + } catch (final EaafException e) { + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_NOT_VALID); + throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e); + + } catch (final Exception e) { + log.warn("eIDAS Response processing FAILED.", e); + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_NOT_VALID); + throw new TaskExecutionException(pendingReq, e.getMessage(), + new EidasSAuthenticationException("eidas.05", new Object[] { e.getMessage() }, e)); + + } + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java new file mode 100644 index 00000000..17efc2ff --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java @@ -0,0 +1,172 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.utils; + +import java.util.ArrayList; +import java.util.List; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import javax.annotation.Nullable; + +import org.apache.commons.lang3.StringUtils; +import org.joda.time.DateTime; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.google.common.collect.ImmutableList; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.AttributeValue; +import eu.eidas.auth.commons.attribute.AttributeValueMarshaller; +import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException; +import eu.eidas.auth.commons.attribute.AttributeValueTransliterator; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; + +public class EidasResponseUtils { + private static final Logger log = LoggerFactory.getLogger(EidasResponseUtils.class); + + public static final String PERSONALIDENIFIER_VALIDATION_PATTERN = "^[A-Z,a-z]{2}/[A-Z,a-z]{2}/.*"; + + /** + * Validate a eIDAS PersonalIdentifier attribute value This validation is done + * according to eIDAS SAML Attribute Profile - Section 2.2.3 Unique Identifier + * + * @param uniqueID eIDAS attribute value of a unique identifier + * @return true if the uniqueID matches to eIDAS to Unique Identifier + * specification, otherwise false + */ + public static boolean validateEidasPersonalIdentifier(String uniqueID) { + final Pattern pattern = Pattern.compile(PERSONALIDENIFIER_VALIDATION_PATTERN); + final Matcher matcher = pattern.matcher(uniqueID); + return matcher.matches(); + + } + + /** + * Parse an eIDAS PersonalIdentifier attribute value into it components. This + * processing is done according to eIDAS SAML Attribute Profile - Section 2.2.3 + * Unique Identifier + * + * @param uniqueID eIDAS attribute value of a unique identifier + * @return {@link Trible} that contains: <br> + * First : citizen country <br> + * Second: destination country <br> + * Third : unique identifier <br> + * or null if the attribute value has a wrong format + */ + public static Trible<String, String, String> parseEidasPersonalIdentifier(String uniqueID) { + if (!validateEidasPersonalIdentifier(uniqueID)) { + log.error("eIDAS attribute value for {} looks wrong formated. Value: {}", + Constants.eIDAS_ATTR_PERSONALIDENTIFIER, uniqueID); + return null; + + } + return Trible.newInstance(uniqueID.substring(0, 2), uniqueID.substring(3, 5), uniqueID.substring(6)); + + } + + /** + * Get eIDAS attribute-values from eIDAS Node attributes. + * + * @param attributeDefinition eIDAS attribute definition + * @param attributeValues Attributes from eIDAS response + * @return Set of attribute values. If more then one value than the first value contains the 'Latin' value. + */ + // TODO: check possible problem with nonLatinCharacters + public static List<String> translateStringListAttribute(AttributeDefinition<?> attributeDefinition, + ImmutableList<? extends AttributeValue<?>> attributeValues) { + final List<String> stringListAttribute = new ArrayList<>(); + final AttributeValueMarshaller<?> attributeValueMarshaller = attributeDefinition + .getAttributeValueMarshaller(); + for (final AttributeValue<?> attributeValue : attributeValues) { + String valueString = null; + try { + valueString = attributeValueMarshaller.marshal((AttributeValue) attributeValue); + + log.trace("Find attr: {} with value: {} nonLatinFlag: {} needTransliteration: {}", + attributeDefinition.getFriendlyName(), attributeValue.toString(), + attributeValue.isNonLatinScriptAlternateVersion(), + AttributeValueTransliterator.needsTransliteration(valueString)); + + // if (attributeValue.isNonLatinScriptAlternateVersion()) { + if (!AttributeValueTransliterator.needsTransliteration(valueString)) { + stringListAttribute.add(0, valueString); + + } else { + log.trace("Find 'needsTransliteration' flag. Setting this value at last list element ... "); + stringListAttribute.add(valueString); + + } + + } catch (final AttributeValueMarshallingException e) { + throw new IllegalStateException(e); + + } + } + + log.trace("Extract values: {} for attr: {}", + StringUtils.join(stringListAttribute, ","), attributeDefinition.getFriendlyName()); + + return stringListAttribute; + + } + + /** + * Convert eIDAS DateTime attribute to Java Object. + * + * @param attributeDefinition eIDAS attribute definition. + * @param attributeValues eIDAS attribute value + * @return + */ + @Nullable + public static DateTime translateDateAttribute(AttributeDefinition<?> attributeDefinition, + ImmutableList<? extends AttributeValue<?>> attributeValues) { + if (attributeValues.size() != 0) { + final AttributeValue<?> firstAttributeValue = attributeValues.get(0); + return (DateTime) firstAttributeValue.getValue(); + + } + + return null; + } + + /** + * Concert eIDAS Address attribute to Java object. + * + * @param attributeDefinition eIDAS attribute definition + * @param attributeValues eIDAS attribute value + * @return + */ + @Nullable + public static PostalAddress translateAddressAttribute(AttributeDefinition<?> attributeDefinition, + ImmutableList<? extends AttributeValue<?>> attributeValues) { + final AttributeValue<?> firstAttributeValue = attributeValues.get(0); + return (PostalAddress) firstAttributeValue.getValue(); + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/utils/LoggingHandler.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/LoggingHandler.java index 5ca3a25a..70290cd3 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/utils/LoggingHandler.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/LoggingHandler.java @@ -1,6 +1,6 @@ -/******************************************************************************* +/* * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by @@ -19,8 +19,9 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.utils; +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.utils; import java.io.ByteArrayOutputStream; import java.util.Set; @@ -36,39 +37,36 @@ import org.slf4j.LoggerFactory; public class LoggingHandler implements SOAPHandler<SOAPMessageContext> { - Logger log = LoggerFactory.getLogger(LoggingHandler.class); + Logger log = LoggerFactory.getLogger(LoggingHandler.class); + + @Override + public boolean handleMessage(SOAPMessageContext context) { + final SOAPMessage msg = context.getMessage(); + final ByteArrayOutputStream bos = new ByteArrayOutputStream(); - public boolean handleMessage(SOAPMessageContext context) { - SOAPMessage msg = context.getMessage(); - boolean request = ((Boolean) context - .get(SOAPMessageContext.MESSAGE_OUTBOUND_PROPERTY)).booleanValue(); - ByteArrayOutputStream bos = new ByteArrayOutputStream(); + try { + msg.writeTo(bos); + log.trace(bos.toString("UTF-8")); + log.trace(new String(bos.toByteArray(), "UTF-8")); - try { - if (request) { - msg.writeTo(bos); - } else { // This is the response message - msg.writeTo(bos); - } - - log.trace(bos.toString()); - log.trace(new String(bos.toByteArray())); - - } catch (Exception e) { - log.trace(e.getMessage(), e); - } - return true; - } + } catch (final Exception e) { + log.trace(e.getMessage(), e); + } + return true; + } - public boolean handleFault(SOAPMessageContext context) { - return handleMessage(context); - } + @Override + public boolean handleFault(SOAPMessageContext context) { + return handleMessage(context); + } - public void close(MessageContext context) { - } + @Override + public void close(MessageContext context) { + } - public Set<QName> getHeaders() { - return null; - } + @Override + public Set<QName> getHeaders() { + return null; + } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/validator/EidasResponseValidator.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/validator/EidasResponseValidator.java new file mode 100644 index 00000000..053694cf --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/validator/EidasResponseValidator.java @@ -0,0 +1,175 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.validator; + +import java.util.List; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.google.common.collect.ImmutableList; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasValidationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.AttributeValue; +import eu.eidas.auth.commons.light.ILightResponse; +import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance; + +/** + * eIDAS Response validator implementation. + * + * @author tlenz + * + */ +public class EidasResponseValidator { + private static final Logger log = LoggerFactory.getLogger(EidasResponseValidator.class); + + /** + * Validate an eIDAS Response according to internal state. + * + * @param pendingReq Current pending request + * @param eidasResponse eIDAS response object + * @param spCountry Country-Code of the Service Provider + * @param citizenCountryCode Country-Code of the Citizen + * @param attrRegistry eIDAS Attribute registry implementation + * @throws EidasValidationException In case of an validation error + */ + public static void validateResponse(IRequest pendingReq, ILightResponse eidasResponse, String spCountry, + String citizenCountryCode, EidasAttributeRegistry attrRegistry) throws EidasValidationException { + + /*-----------------------------------------------------| + * validate received LoA against minimum required LoA | + *_____________________________________________________| + */ + final LevelOfAssurance respLoA = LevelOfAssurance.fromString(eidasResponse.getLevelOfAssurance()); + final List<String> allowedLoAs = pendingReq.getServiceProviderConfiguration().getRequiredLoA(); + boolean loaValid = false; + for (final String allowedLoaString : allowedLoAs) { + final LevelOfAssurance allowedLoa = LevelOfAssurance.fromString(allowedLoaString); + if (respLoA.numericValue() >= allowedLoa.numericValue()) { + log.debug("Response contains valid LoA. Resume process ... "); + loaValid = true; + break; + + } else { + log.trace("Allowed LoA: " + allowedLoaString + " DOES NOT match response LoA: " + eidasResponse + .getLevelOfAssurance()); + } + + } + + if (!loaValid) { + log.error("eIDAS Response LevelOfAssurance is lower than the required! " + + "(Resp-LoA:{} Req-LoA:{} )", respLoA.getValue(), allowedLoAs.toArray()); + throw new EidasValidationException("eidas.06", new Object[] { respLoA.getValue() }); + + } + + /*-----------------------------------------------------| + * validate 'PersonalIdentifier' attribute | + *_____________________________________________________| + */ + final AttributeDefinition<?> attrDefinition = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( + Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); + final ImmutableList<? extends AttributeValue<?>> attributeValues = eidasResponse.getAttributes() + .getAttributeMap().get(attrDefinition).asList(); + final List<String> personalIdObj = EidasResponseUtils.translateStringListAttribute(attrDefinition, + attributeValues); + + // check if attribute exists + if (personalIdObj == null || personalIdObj.isEmpty()) { + log.warn("eIDAS Response include NO 'PersonalIdentifier' attriubte " + + ".... That can be a BIG problem in further processing steps"); + throw new EidasValidationException("eidas.05", new Object[] { "NO 'PersonalIdentifier' attriubte" }); + + } else if (personalIdObj.size() > 1) { + log.warn("eIDAS Response include MORE THAN ONE 'PersonalIdentifier' attriubtes " + + ".... That can be a BIG problem in further processing steps"); + throw new EidasValidationException("eidas.05", new Object[] { + "MORE THAN ONE 'PersonalIdentifier' attriubtes" }); + + } else { + final String natPersId = personalIdObj.get(0); + // validate attribute value format + final Trible<String, String, String> split = + EidasResponseUtils.parseEidasPersonalIdentifier(natPersId); + if (split == null) { + throw new EidasValidationException("eidas.07", + new Object[] { + Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + "Wrong identifier format" }); + + } else { + // validation according to eIDAS SAML Attribute Profile, Section 2.2.3 + if (StringUtils.isEmpty(split.getSecond())) { + log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + + " includes NO destination country. Value:" + natPersId); + throw new EidasValidationException("eidas.07", + new Object[] { + Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + "No or empty destination country" }); + + } + if (!split.getSecond().equalsIgnoreCase(spCountry)) { + log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + + " includes wrong destination country. Value:" + natPersId + + " SP-Country:" + spCountry); + throw new EidasValidationException("eidas.07", + new Object[] { + Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + "Destination country does not match to SP country" }); + + } + + if (StringUtils.isEmpty(split.getFirst())) { + log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + + " includes NO citizen country. Value:" + natPersId); + throw new EidasValidationException("eidas.07", + new Object[] { + Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + "No or empty citizen country" }); + + } + if (!split.getFirst().equalsIgnoreCase(citizenCountryCode)) { + log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + + " includes a citizen country that does not match to service-provider country. " + + " Value:" + natPersId + + " citiczen Country:" + spCountry); + throw new EidasValidationException("eidas.07", + new Object[] { + Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + "Citizen country does not match to eIDAS-node country that generates the response" }); + + } + } + } + + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/Constants.java deleted file mode 100644 index 79515032..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/Constants.java +++ /dev/null @@ -1,157 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2; - -import java.net.URI; -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; - -import at.gv.egiz.eaaf.core.api.data.EaafConstants; - -public class Constants { - - public static final String DATA_REQUESTERID = "req_requesterId"; - public static final String DATA_PROVIDERNAME = "req_providerName"; - public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA"; - public static final String DATA_REQUESTED_LOA_COMPERISON = "req_requestedLoAComperision"; - public static final String DATA_FULL_EIDAS_RESPONSE = "resp_fulleIDASResponse"; - - - //templates for post-binding forwarding - public static final String TEMPLATE_POST_FORWARD_NAME = "eidas_node_forward.html"; - public static final String TEMPLATE_POST_FORWARD_ENDPOINT = "endPoint"; - public static final String TEMPLATE_POST_FORWARD_TOKEN_NAME = "tokenName"; - public static final String TEMPLATE_POST_FORWARD_TOKEN_VALUE = "tokenValue"; - - - //configuration properties - public static final String CONIG_PROPS_EIDAS_PREFIX="auth.eIDAS"; - public static final String CONIG_PROPS_EIDAS_NODE= CONIG_PROPS_EIDAS_PREFIX + ".node_v2"; - public static final String CONIG_PROPS_EIDAS_NODE_COUNTRYCODE = CONIG_PROPS_EIDAS_NODE + ".countrycode"; - public static final String CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS = CONIG_PROPS_EIDAS_NODE + ".publicSectorTargets"; - public static final String CONIG_PROPS_EIDAS_NODE_ENTITYID = CONIG_PROPS_EIDAS_NODE + ".entityId"; - public static final String CONIG_PROPS_EIDAS_NODE_FORWARD_URL = CONIG_PROPS_EIDAS_NODE + ".forward.endpoint"; - public static final String CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD = CONIG_PROPS_EIDAS_NODE + ".forward.method"; - public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_DEFAULT_ONLYNATURAL = CONIG_PROPS_EIDAS_NODE + ".attributes.requested.onlynatural."; - public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_CC_SPECIFIC_ONLYNATURAL = CONIG_PROPS_EIDAS_NODE + ".attributes.requested.{0}.onlynatural."; - public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_REPRESENTATION = CONIG_PROPS_EIDAS_NODE + ".attributes.requested.representation."; - public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME = CONIG_PROPS_EIDAS_NODE + ".workarounds.addAlwaysProviderName"; - public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER = CONIG_PROPS_EIDAS_NODE + ".workarounds.useRequestIdAsTransactionIdentifier"; - public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = CONIG_PROPS_EIDAS_NODE + ".workarounds.useStaticProviderNameForPublicSPs"; - public static final String CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = CONIG_PROPS_EIDAS_NODE + ".staticProviderNameForPublicSPs";; - public static final String DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = "ERnB"; - - public static final String FORWARD_METHOD_POST = "POST"; - public static final String FORWARD_METHOD_GET = "GET"; - - public static final String CONIG_PROPS_EIDAS_SZRCLIENT= CONIG_PROPS_EIDAS_PREFIX + ".szrclient"; - public static final String CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE= CONIG_PROPS_EIDAS_SZRCLIENT + ".useTestService"; - public static final String CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_TRACEMESSAGES= CONIG_PROPS_EIDAS_SZRCLIENT + ".debug.logfullmessages"; - public static final String CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY= CONIG_PROPS_EIDAS_SZRCLIENT + ".debug.useDummySolution"; - public static final String CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_CONNECTION= CONIG_PROPS_EIDAS_SZRCLIENT + ".timeout.connection"; - public static final String CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_RESPONSE= CONIG_PROPS_EIDAS_SZRCLIENT + ".timeout.response"; - public static final String CONIG_PROPS_EIDAS_SZRCLIENT_ENDPOINT_PROD= CONIG_PROPS_EIDAS_SZRCLIENT + ".endpoint.prod"; - public static final String CONIG_PROPS_EIDAS_SZRCLIENT_ENDPOINT_TEST= CONIG_PROPS_EIDAS_SZRCLIENT + ".endpoint.test"; - public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PATH = CONIG_PROPS_EIDAS_SZRCLIENT + ".ssl.keyStore.path"; - public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PASSWORD = CONIG_PROPS_EIDAS_SZRCLIENT + ".ssl.keyStore.password"; - public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PATH = CONIG_PROPS_EIDAS_SZRCLIENT + ".ssl.trustStore.path"; - public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PASSWORD = CONIG_PROPS_EIDAS_SZRCLIENT + ".ssl.trustStore.password"; - - public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE = CONIG_PROPS_EIDAS_SZRCLIENT + ".params.documenttype"; - public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ = CONIG_PROPS_EIDAS_SZRCLIENT + ".params.vkz"; - public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_DATE = CONIG_PROPS_EIDAS_SZRCLIENT + ".params.issuingdate"; - public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_AUTHORITY = CONIG_PROPS_EIDAS_SZRCLIENT + ".params.issuingauthority"; - public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_KEYS_USEDUMMY= CONIG_PROPS_EIDAS_SZRCLIENT + ".params.usedummykeys"; - public static final String CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION= CONIG_PROPS_EIDAS_SZRCLIENT + ".params.useSZRForbPKCalculation"; - public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE= CONIG_PROPS_EIDAS_SZRCLIENT + ".params.setPlaceOfBirthIfAvailable"; - public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE = CONIG_PROPS_EIDAS_SZRCLIENT + ".params.setBirthNameIfAvailable"; - - public static final String CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE = CONIG_PROPS_EIDAS_SZRCLIENT + ".revisionlog.eidmapping.active"; - - - @Deprecated public static final String CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_SQLLITEDATASTORE_URL = CONIG_PROPS_EIDAS_SZRCLIENT + ".workarounds.datastore.sqlite.url"; - @Deprecated public static final String CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_SQLLITEDATASTORE_ACTIVE = CONIG_PROPS_EIDAS_SZRCLIENT + ".workarounds.datastore.sqlite.active"; - - - //http endpoint descriptions - public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/light/sp/post"; - public static final String eIDAS_HTTP_ENDPOINT_SP_REDIRECT = "/eidas/light/sp/redirect"; - public static final String eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST = "/eidas/light/ColleagueRequest"; - public static final String eIDAS_HTTP_ENDPOINT_METADATA = "/eidas/light/metadata"; - - //eIDAS request parameters - public static final String eIDAS_REQ_NAMEID_FORMAT = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"; - - //eIDAS attribute names - public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier"; - public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth"; - public static final String eIDAS_ATTR_CURRENTGIVENNAME = "FirstName"; - public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "FamilyName"; - public static final String eIDAS_ATTR_PLACEOFBIRTH = "PlaceOfBirth"; - public static final String eIDAS_ATTR_BIRTHNAME = "BirthName"; - public static final String eIDAS_ATTR_CURRENTADDRESS = "CurrentAddress"; - - public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier"; - public static final String eIDAS_ATTR_LEGALNAME = "LegalName"; - - public static final List<URI> NATURALPERSONMINIMUMDATASETLIST = Collections.unmodifiableList(new ArrayList<URI>() { - private static final long serialVersionUID = 1L; - { - //TODO: find correct location of attribute definitions -// add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_FAMILY_NAME.getNameUri()); -// add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_GIVEN_NAME.getNameUri()); -// add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.DATE_OF_BIRTH.getNameUri()); -// add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PERSON_IDENTIFIER.getNameUri()); - } - }); - - public static final String POLICY_DEFAULT_ALLOWED_TARGETS = - EaafConstants.URN_PREFIX_CDID.replaceAll("\\.", "\\\\.").replaceAll("\\+", "\\\\+") + ".*"; - - //SAML2 Constants - public static final String SUCCESS_URI = "urn:oasis:names:tc:SAML:2.0:status:Success"; - - public static final String HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION = "30"; //seconds - public static final String HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE = "60"; //seconds - - - public static final String SZR_SCHEMA_LOCATIONS = - ("urn:SZRServices" + " " + "/szr_client/szr.xsd"); - - //Default values for SZR communication - public static final String SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE = "ELEKTR_DOKUMENT"; - - //TODO remove!!! - public static final String SZR_CONSTANTS_DEFAULT_ISSUING_DATE = "2014-01-01"; - public static final String SZR_CONSTANTS_DEFAULT_ISSUING_AUTHORITY = "ms-specific eIDAS-Node for AT"; - public static final String SZR_CONSTANTS_DEFAULT_PUBKEY_EXPONENT = "AQAB"; - public static final String SZR_CONSTANTS_DEFAULT_PUBKEY_MODULUS = "AJZyj/+sdCMDRq9RkvbFcgSTVn/OfS8EUE81ddwP8MNuJ1kd1SWBUJPaQX2JLJHrL54mkOhrkhH2M/zcuOTu8nW9TOEgXGjrRB/0HpiYKpV+VDJViyyc/GacNLxN4Anw4pima6gHYaJIw9hQkL/nuO2hyh8PGJd7rxeFXJmbLy+X"; - - - - - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/DAO/ERnBeIDData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/DAO/ERnBeIDData.java deleted file mode 100644 index 53711070..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/DAO/ERnBeIDData.java +++ /dev/null @@ -1,107 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.DAO; - -import java.text.SimpleDateFormat; - -import org.joda.time.DateTime; - -import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; - -public class ERnBeIDData { - - private String citizenCountryCode = null; - - //MDS - private String pseudonym = null; - private String givenName = null; - private String familyName = null; - private DateTime dateOfBirth = null; - - //additional attributes - private String placeOfBirth = null; - private String birthName = null; - private PostalAddressType address = null; - - - - - - public String getCitizenCountryCode() { - return citizenCountryCode; - } - public void setCitizenCountryCode(String citizenCountryCode) { - this.citizenCountryCode = citizenCountryCode; - } - public String getPseudonym() { - return pseudonym; - } - public void setPseudonym(String pseudonym) { - this.pseudonym = pseudonym; - } - public String getGivenName() { - return givenName; - } - public void setGivenName(String givenName) { - this.givenName = givenName; - } - public String getFamilyName() { - return familyName; - } - public void setFamilyName(String familyName) { - this.familyName = familyName; - } - public DateTime getDateOfBirth() { - return dateOfBirth; - } - public void setDateOfBirth(DateTime dateOfBirth) { - this.dateOfBirth = dateOfBirth; - } - public String getPlaceOfBirth() { - return placeOfBirth; - } - public void setPlaceOfBirth(String placeOfBirth) { - this.placeOfBirth = placeOfBirth; - } - public String getBirthName() { - return birthName; - } - public void setBirthName(String birthName) { - this.birthName = birthName; - } - public PostalAddressType getAddress() { - return address; - } - public void setAddress(PostalAddressType address) { - this.address = address; - } - - public String getFormatedDateOfBirth() { - return new SimpleDateFormat("yyyy-MM-dd").format(dateOfBirth.toDate()); - } - - - - - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/DAO/eIDASPersonalIdStoreDAO.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/DAO/eIDASPersonalIdStoreDAO.java deleted file mode 100644 index ae96f805..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/DAO/eIDASPersonalIdStoreDAO.java +++ /dev/null @@ -1,146 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.DAO; - -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; - -import at.gv.egiz.eaaf.core.impl.data.Pair; - -@Deprecated -public class eIDASPersonalIdStoreDAO { - public static final String NAME = "foreigneIDMap"; - - //Enum with all cols of this table - public enum COLS { - timestamp, transactionId, eidasId, eidasSourceCountry, eidasDestinationCountry, ernbId - } - - public enum T { - ID("INTEGER"), - BIGINT("VARCHAR(265)"), - URI("VARCHAR(256)"), - DATE("Long"), - TEXT("TEXT"), - Long("BIGINT"), - Int("INTEGER"), - BLOB("BLOB"), - CC("CHAR(2)"), - BOOL("INTEGER"); - - public String s_; - - private T(String s) { - s_ = s; - } - - @Override - public String toString() { - return s_; - } - } - - //define Cols of the table - public static final List<Pair<String, T>> TABLE_COLS; - static { - List<Pair<String, T>> cols = new ArrayList<Pair<String, T>>(); - cols.add(Pair.newInstance(COLS.timestamp.name(), T.DATE)); - cols.add(Pair.newInstance(COLS.transactionId.name(), T.TEXT)); - cols.add(Pair.newInstance(COLS.eidasId.name(), T.TEXT)); - cols.add(Pair.newInstance(COLS.eidasSourceCountry.name(), T.CC)); - cols.add(Pair.newInstance(COLS.eidasDestinationCountry.name(), T.CC)); - cols.add(Pair.newInstance(COLS.ernbId.name(), T.TEXT)); - - TABLE_COLS = Collections.unmodifiableList(cols); - - } - - public static final String CREATE = "CREATE TABLE " + NAME - + " (" + "id" + " " + T.ID.toString() - + " PRIMARY KEY AUTOINCREMENT, " + buildCreateTableQuery(TABLE_COLS) + ")"; - - public static final String INSERT = "INSERT INTO " + NAME - + "(" + buildInsertQueryKeys(TABLE_COLS) + ")" - + " VALUES (" + buildInsertQueryValues(TABLE_COLS) + ");"; - - public static final String SELECT_BY_ERNB_ID = "SELECT * FROM " + NAME - + " WHERE " + COLS.ernbId.name() + "=?;"; - - public static final String SELECT_BY_EIDAS_RAW_ID = "SELECT * FROM " + NAME - + " WHERE " + COLS.eidasId.name() + "=?" - + " and " + COLS.eidasSourceCountry.name() + "=?" + ";"; - - - /** - * Build a part of a SQL query, which contains the cols of a table that should be created - * - * @param cols List of DB col definitions {@link Pair} - * @return Part of a SQL query, which contains cols that should be created - */ - private static String buildCreateTableQuery(List<Pair<String, T>> cols) { - String sql = ""; - - for (Pair<String, T> el : cols) { - sql += el.getFirst() + " " + el.getSecond().toString() + ","; - - } - - return sql.substring(0, sql.length()-1); - } - - /** - * Build a part of a SQL query, which contains the cols keys of a table for insert operation - * - * @param cols List of DB col definitions {@link Pair} - * @return Part of a SQL query, which contains cols that should be created - */ - protected static String buildInsertQueryKeys(List<Pair<String, T>> cols) { - String sql = ""; - - for (Pair<String, T> el : cols) { - sql += el.getFirst() + ","; - - } - - return sql.substring(0, sql.length()-1); - } - - /** - * Build a part of a SQL query, which contains the cols values of a table for insert operation - * - * @param cols List of DB col definitions {@link Pair} - * @return Part of a SQL query, which contains cols that should be created - */ - protected static String buildInsertQueryValues(List<Pair<String, T>> cols) { - String sql = ""; - - for (Pair<String, T> el : cols) { - sql += "?,"; - - } - - return sql.substring(0, sql.length()-1); - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java deleted file mode 100644 index 43222931..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/eIDASAuthenticationModulImpl.java +++ /dev/null @@ -1,76 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2; - -import org.apache.commons.lang3.StringUtils; - -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; - -/** - * @author tlenz - * - */ -public class eIDASAuthenticationModulImpl implements AuthModule { - - private int priority = 1; - - @Override - public int getPriority() { - return priority; - } - - /** - * Sets the priority of this module. Default value is {@code 0}. - * @param priority The priority. - */ - public void setPriority(int priority) { - this.priority = priority; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) - */ - @Override - public String selectProcess(ExecutionContext context, IRequest pendingReq) { - if (StringUtils.isNotBlank((String) context.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY)) || - StringUtils.isNotBlank((String) context.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY))) - return "eIDASAuthentication_v2"; - else - return null; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() - */ - @Override - public String[] getProcessDefinitions() { - return new String[] { "classpath:eIDAS.Authentication.process.xml" }; - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java deleted file mode 100644 index 0f4a3710..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java +++ /dev/null @@ -1,154 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2; - -import java.io.IOException; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; - -import com.google.common.collect.ImmutableSortedSet; - -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; -import eu.eidas.auth.commons.EidasParameterKeys; -import eu.eidas.auth.commons.light.ILightResponse; -import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; -import eu.eidas.specificcommunication.exception.SpecificCommunicationException; -import eu.eidas.specificcommunication.protocol.impl.SpecificConnectorCommunicationServiceImpl; - - -/** - * @author tlenz - * - */ -@Controller -public class eIDASSignalServlet extends AbstractProcessEngineSignalController { - - private static final Logger log = LoggerFactory.getLogger(eIDASSignalServlet.class); - @Autowired private ApplicationContext context; - @Autowired private eIDASAttributeRegistry attrRegistry; - - public eIDASSignalServlet() { - super(); - log.debug("Registering servlet " + getClass().getName() + - " with mappings '"+ Constants.eIDAS_HTTP_ENDPOINT_SP_POST + - "' and '"+ Constants.eIDAS_HTTP_ENDPOINT_SP_REDIRECT + "'."); - - } - - @RequestMapping(value = { Constants.eIDAS_HTTP_ENDPOINT_SP_POST, - Constants.eIDAS_HTTP_ENDPOINT_SP_REDIRECT - }, - method = {RequestMethod.POST, RequestMethod.GET}) - public void restoreEidasAuthProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException, EaafException { - signalProcessManagement(req, resp); - } - - - /** - * Protocol specific implementation to get the pending-requestID - * from http request object - * - * @param request The http Servlet-Request object - * @return The Pending-request id - * - */ - @Override - public String getPendingRequestId(HttpServletRequest request) { - //String sessionId = super.getPendingRequestId(request); - - try { - //get token from Request - final String tokenBase64 = request.getParameter(EidasParameterKeys.TOKEN.toString()); - if (StringUtils.isEmpty(tokenBase64)) { - log.warn("NO eIDAS message token found."); - throw new eIDASAuthenticationException("eidas.04", null); - - } - log.trace("Receive eIDAS-node token: " + tokenBase64 + " Starting transaction-restore process ... "); - - - - final SpecificConnectorCommunicationServiceImpl specificConnectorCommunicationService = - (SpecificConnectorCommunicationServiceImpl) context.getBean(SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString()); - ILightResponse eIDASResponse = specificConnectorCommunicationService.getAndRemoveResponse(tokenBase64, - ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes())); - - String pendingReqId = null; - if (StringUtils.isEmpty(eIDASResponse.getRelayState())) { - log.debug("eIDAS Node returns no RelayState. "); - - if (authConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER, - false)) { - log.trace("Use lightRequestId to recover session ... "); - pendingReqId = transactionStorage.get(eIDASResponse.getInResponseToId(), String.class); - if (StringUtils.isNotEmpty(pendingReqId)) { - log.debug("Restoring session with lightRequestId ... "); - transactionStorage.remove(eIDASResponse.getInResponseToId()); - - } - } - - } else { - log.debug("Find transaction identifier in SAML2 'RelayState': " + eIDASResponse.getRelayState()); - pendingReqId = eIDASResponse.getRelayState(); - - } - - if (StringUtils.isNotEmpty(pendingReqId)) { - request.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eIDASResponse); - return pendingReqId; - - } - - log.info("NO transaction identifier found! Stopping process ...."); - log.trace("FullResponse: " + eIDASResponse.toString()); - - } catch (SpecificCommunicationException e) { - log.warn("Can NOT load eIDAS Response from cache.", e); - log.debug("eIDAS response token was: " + request.getParameter(EidasParameterKeys.TOKEN.toString())); - - } catch (Exception e) { - log.warn("Unable to retrieve moa session id.", e); - - } - - return null; - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/AbstracteIDProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/AbstracteIDProcessor.java deleted file mode 100644 index 01f7c1fa..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/AbstracteIDProcessor.java +++ /dev/null @@ -1,337 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.handler; - -import java.util.Map; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -import org.apache.commons.lang3.StringUtils; -import org.joda.time.DateTime; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; - -import com.google.common.collect.ImmutableSortedSet; - -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.DAO.ERnBeIDData; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAttributeException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDPostProcessingException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils; -import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; -import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; -import at.gv.egiz.eaaf.core.impl.data.Trible; -import edu.umd.cs.findbugs.annotations.NonNull; -import eu.eidas.auth.commons.attribute.AttributeDefinition; -import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; -import eu.eidas.auth.commons.light.impl.LightRequest.Builder; -import eu.eidas.auth.commons.protocol.eidas.SpType; -import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; - -public abstract class AbstracteIDProcessor implements INationaleIDProcessor { - private static final Logger log = LoggerFactory.getLogger(AbstracteIDProcessor.class); - - @Autowired protected eIDASAttributeRegistry attrRegistry; - @Autowired protected IConfigurationWithSP basicConfig; - - @Override - public final void preProcess(IRequest pendingReq, Builder authnRequestBuilder) { - - buildProviderNameAttribute(pendingReq, authnRequestBuilder); - buildRequestedAttributes(pendingReq, authnRequestBuilder); - - - } - - @Override - public final ERnBeIDData postProcess(Map<String, Object> eIDASAttrMap) throws eIDPostProcessingException, eIDASAttributeException{ - ERnBeIDData result = new ERnBeIDData(); - - Object eIdentifierObj = eIDASAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); - Trible<String, String, String> eIdentifier = - eIDASResponseUtils.parseEidasPersonalIdentifier((String)eIdentifierObj); - result.setCitizenCountryCode(eIdentifier.getFirst()); - - //MDS attributes - result.setPseudonym(processPseudonym(eIDASAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))); - result.setFamilyName(processFamilyName(eIDASAttrMap.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME))); - result.setGivenName(processGivenName(eIDASAttrMap.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME))); - result.setDateOfBirth(processDateOfBirth(eIDASAttrMap.get(Constants.eIDAS_ATTR_DATEOFBIRTH))); - - //additional attributes - result.setPlaceOfBirth(processPlaceOfBirth(eIDASAttrMap.get(Constants.eIDAS_ATTR_PLACEOFBIRTH))); - result.setBirthName(processBirthName(eIDASAttrMap.get(Constants.eIDAS_ATTR_BIRTHNAME))); - result.setAddress(processAddress(eIDASAttrMap.get(Constants.eIDAS_ATTR_CURRENTADDRESS))); - - return result; - - } - - @NonNull - /** - * Get a Map of country-specific requested attributes - * - * @return - */ - protected abstract Map<String, Boolean> getCountrySpecificRequestedAttributes(); - - /** - * Post-Process the eIDAS CurrentAddress attribute - * - * @param currentAddressObj - * @return current address or null if no attribute is available - * @throws eIDPostProcessingException if post-processing fails - * @throws eIDASAttributeException if eIDAS attribute is of a wrong type - */ - protected PostalAddressType processAddress(Object currentAddressObj) throws eIDPostProcessingException, eIDASAttributeException { - - if (currentAddressObj != null) { - if ((currentAddressObj instanceof PostalAddress)) { - PostalAddressType result = new PostalAddressType(); - result.setPostalCode(((PostalAddress)currentAddressObj).getPostCode()); - result.setMunicipality(((PostalAddress)currentAddressObj).getPostName()); - - //TODO: add more mappings - - } else { - log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_CURRENTADDRESS + " is of WRONG type"); - throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTADDRESS); - - } - - } else - log.debug("NO '" + Constants.eIDAS_ATTR_CURRENTADDRESS + "' attribute. Post-Processing skipped ... "); - - return null; - - } - - /** - * Post-Process the eIDAS BirthName attribute - * - * @param birthNameObj - * @return birthName or null if no attribute is available - * @throws eIDPostProcessingException if post-processing fails - * @throws eIDASAttributeException if eIDAS attribute is of a wrong type - */ - protected String processBirthName(Object birthNameObj) throws eIDPostProcessingException, eIDASAttributeException { - if (birthNameObj != null) { - if ((birthNameObj instanceof String)) { - return (String)birthNameObj; - - } else { - log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_BIRTHNAME + " is of WRONG type"); - throw new eIDASAttributeException(Constants.eIDAS_ATTR_BIRTHNAME); - - } - - } else - log.debug("NO '" + Constants.eIDAS_ATTR_BIRTHNAME + "' attribute. Post-Processing skipped ... "); - - - return null; - - } - - /** - * Post-Process the eIDAS PlaceOfBirth attribute - * - * @param placeOfBirthObj - * @return place of Birth or null if no attribute is available - * @throws eIDPostProcessingException if post-processing fails - * @throws eIDASAttributeException if eIDAS attribute is of a wrong type - */ - protected String processPlaceOfBirth(Object placeOfBirthObj) throws eIDPostProcessingException, eIDASAttributeException { - if (placeOfBirthObj != null) { - if ((placeOfBirthObj instanceof String)) { - return (String)placeOfBirthObj; - - } else { - log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_PLACEOFBIRTH + " is of WRONG type"); - throw new eIDASAttributeException(Constants.eIDAS_ATTR_PLACEOFBIRTH); - - } - - } else - log.debug("NO '" + Constants.eIDAS_ATTR_PLACEOFBIRTH + "' attribute. Post-Processing skipped ... "); - - - return null; - - } - - /** - * Post-Process the eIDAS DateOfBirth attribute - * - * @param dateOfBirthObj - * @return - * @throws eIDASAttributeException if NO attribute is available - * @throws eIDPostProcessingException if post-processing fails - */ - protected DateTime processDateOfBirth(Object dateOfBirthObj) throws eIDPostProcessingException, eIDASAttributeException { - if (dateOfBirthObj == null || !(dateOfBirthObj instanceof DateTime)) - throw new eIDASAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); - - return (DateTime)dateOfBirthObj; - - } - - /** - * Post-Process the eIDAS GivenName attribute - * - * @param givenNameObj - * @return - * @throws eIDASAttributeException if NO attribute is available - * @throws eIDPostProcessingException if post-processing fails - */ - protected String processGivenName(Object givenNameObj) throws eIDPostProcessingException, eIDASAttributeException { - if (givenNameObj == null || !(givenNameObj instanceof String)) - throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME); - - return (String)givenNameObj; - - } - - /** - * Post-Process the eIDAS FamilyName attribute - * - * @param familyNameObj - * @return - * @throws eIDASAttributeException if NO attribute is available - * @throws eIDPostProcessingException if post-processing fails - */ - protected String processFamilyName(Object familyNameObj) throws eIDPostProcessingException, eIDASAttributeException { - if (familyNameObj == null || !(familyNameObj instanceof String)) - throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME); - - return (String) familyNameObj; - - } - - /** - * Post-Process the eIDAS pseudonym to ERnB unique identifier - * - * @param eIdentifierObj eIDAS PersonalIdentifierAttribute - * @return - * @throws eIDPostProcessingException - * @throws eIDASAttributeException if NO attribute is available - * @throws eIDPostProcessingException if post-processing fails - */ - protected String processPseudonym(Object eIdentifierObj) throws eIDPostProcessingException, eIDASAttributeException { - if (eIdentifierObj == null || !(eIdentifierObj instanceof String)) - throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); - - Trible<String, String, String> eIdentifier = - eIDASResponseUtils.parseEidasPersonalIdentifier((String)eIdentifierObj); - - return eIdentifier.getThird(); - - } - - private void buildRequestedAttributes(IRequest pendingReq, Builder authnRequestBuilder) { - //build and add requested attribute set - Map<String, Boolean> ccSpecificReqAttr = getCountrySpecificRequestedAttributes(); - log.debug("Get #{} country-specific requested attributes", ccSpecificReqAttr.size()); - - Map<String, Boolean> mdsReqAttr = attrRegistry.getDefaultAttributeSetFromConfiguration(); - log.trace("Get #{} default requested attributes", mdsReqAttr.size()); - - //put it together - ccSpecificReqAttr.putAll(mdsReqAttr); - - //convert it to eIDAS attributes - ImmutableAttributeMap reqAttrMap = translateToEidasAttributes(ccSpecificReqAttr); - authnRequestBuilder.requestedAttributes(reqAttrMap); - - } - - private ImmutableAttributeMap translateToEidasAttributes(final Map<String, Boolean> requiredAttributes) { - ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder(); - for (Map.Entry<String,Boolean> attribute : requiredAttributes.entrySet()) { - final String name = attribute.getKey(); - final ImmutableSortedSet<AttributeDefinition<?>> byFriendlyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(name); - if (!byFriendlyName.isEmpty()) { - final AttributeDefinition<?> attributeDefinition = byFriendlyName.first(); - builder.put(AttributeDefinition.builder(attributeDefinition).required(attribute.getValue()).build()); - - } else - log.warn("Can NOT request UNKNOWN attribute: " + attribute.getKey() + " Ignore it!"); - - } - - return builder.build(); - - } - - private void buildProviderNameAttribute(IRequest pendingReq, Builder authnRequestBuilder) { - ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); - - //set correct SPType for requested target sector - String publicSectorTargetSelector = basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS, - Constants.POLICY_DEFAULT_ALLOWED_TARGETS); - Pattern p = Pattern.compile(publicSectorTargetSelector); - Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier()); - if (m.matches()) { - log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PublicSector'"); - authnRequestBuilder.spType(SpType.PUBLIC.getValue()); - - if ( basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, - false) ) { - authnRequestBuilder.providerName(basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, - Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP)); - - } else { - //TODO: only for eIDAS ref. node 2.0 and 2.1 because it need 'Providername' for any SPType - String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class); - if ( StringUtils.isNotEmpty(providerName) - && basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME, - false) - ) { - authnRequestBuilder.providerName(providerName); - - } - } - - } else { - log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PrivateSector'"); - authnRequestBuilder.spType(SpType.PRIVATE.getValue()); - - //TODO: switch to RequesterId in further version - //set provider name for private sector applications - String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class); - if (StringUtils.isNotEmpty(providerName)) - authnRequestBuilder.providerName(providerName); - - } - - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/DEeIDProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/DEeIDProcessor.java deleted file mode 100644 index a3880b3f..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/DEeIDProcessor.java +++ /dev/null @@ -1,108 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.handler; - -import java.util.Base64; -import java.util.Map; - -import org.apache.commons.codec.DecoderException; -import org.apache.commons.codec.binary.Hex; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAttributeException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDPostProcessingException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils; -import at.gv.egiz.eaaf.core.impl.data.Trible; - -public class DEeIDProcessor extends AbstracteIDProcessor { - private static final Logger log = LoggerFactory.getLogger(DEeIDProcessor.class); - private static final String canHandleCC = "DE"; - - private int priority = 1; - - @Override - public int getPriority() { - return priority; - } - - @Override - public boolean canHandle(String countryCode) { - return countryCode != null && countryCode.equalsIgnoreCase(canHandleCC); - - } - - - public void setPriority(int priority) { - this.priority = priority; - } - - @Override - public String getName() { - return "DE-PostProcessor"; - - } - - @Override - protected String processPseudonym(Object eIdentifierObj) throws eIDPostProcessingException, eIDASAttributeException { - if (eIdentifierObj == null || !(eIdentifierObj instanceof String)) - throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); - - Trible<String, String, String> eIdentifier = - eIDASResponseUtils.parseEidasPersonalIdentifier((String)eIdentifierObj); - - log.trace(getName() + " starts processing of attribute: " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER); - String result = convertDEIdentifier(eIdentifier.getThird()); - log.debug(getName() + " finished processing of attribute: " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER); - - return result; - - - } - - private String convertDEIdentifier(String hexEncodedDEIdentifier) throws eIDPostProcessingException - { - if(hexEncodedDEIdentifier.length() != 64) - throw new eIDPostProcessingException("ernb.03", new Object[] {"Input has wrong length, expected 64 chars"}); - - byte[] data; - try { - data = Hex.decodeHex(hexEncodedDEIdentifier); - - } catch (DecoderException e) { - throw new eIDPostProcessingException("ernb.03", null, e); - - } - - byte[] encoded = Base64.getEncoder().encode(data); - return new String(encoded); - } - - @Override - protected Map<String, Boolean> getCountrySpecificRequestedAttributes() { - return attrRegistry.getAttributeSetFromConfiguration(canHandleCC); - - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/GenericeIDProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/GenericeIDProcessor.java deleted file mode 100644 index 110635d9..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/GenericeIDProcessor.java +++ /dev/null @@ -1,60 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.handler; - -import java.util.HashMap; -import java.util.Map; - -public class GenericeIDProcessor extends AbstracteIDProcessor { - - private int priority = 0; - - @Override - public int getPriority() { - return priority; - - } - - @Override - public boolean canHandle(String countryCode) { - return true; - - } - - public void setPriority(int priority) { - this.priority = priority; - } - - @Override - public String getName() { - return "Default-PostProcessor"; - - } - - @Override - protected Map<String, Boolean> getCountrySpecificRequestedAttributes() { - return new HashMap<>(); - - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/INationaleIDProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/INationaleIDProcessor.java deleted file mode 100644 index 46cfcb2b..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/INationaleIDProcessor.java +++ /dev/null @@ -1,81 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.handler; - -import java.util.Map; - -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.DAO.ERnBeIDData; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAttributeException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDPostProcessingException; -import at.gv.egiz.eaaf.core.api.IRequest; -import eu.eidas.auth.commons.light.ILightRequest; -import eu.eidas.auth.commons.light.impl.LightRequest.Builder; - -public interface INationaleIDProcessor { - - /** - * Get a friendlyName of this post-processor implementation - * - * @return - */ - public String getName(); - - /** - * Get the priority of this eID Post-Processor - * <br> - * If more than one Post-Processor implementations can handle the eID data, the post-processor with the highest priority are selected. - * The Default-Processor has priority '0' - * - * @return Priority of this handler - */ - public int getPriority(); - - /** - * Check if this postProcessor is sensitive for a specific country - * - * @param countryCode of the eID data that should be processed - * @return true if this implementation can handle the country, otherwise false - * - */ - public boolean canHandle(String countryCode); - - - - - /** - * Post-Process eIDAS eID data into national format - * @param eIDASAttrMap Map of eIDAS attributes in format friendlyName and attribute - * @throws eIDPostProcessingException - * @throws eIDASAttributeException - * - */ - public ERnBeIDData postProcess(Map<String, Object> eIDASAttrMap) throws eIDPostProcessingException, eIDASAttributeException; - - /** - * Pre-Process eIDAS Request to national requirements - * - * @param pendingReq current pending request - * @param authnRequestBuilder eIDAS {@link ILightRequest} builder - */ - public void preProcess(IRequest pendingReq, Builder authnRequestBuilder); -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/CCSpecificEIDProcessingService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/CCSpecificEIDProcessingService.java deleted file mode 100644 index 602982d6..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/CCSpecificEIDProcessingService.java +++ /dev/null @@ -1,131 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service; - -import java.util.ArrayList; -import java.util.Collections; -import java.util.Comparator; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; - -import javax.annotation.PostConstruct; - -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; -import org.springframework.stereotype.Service; - -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.DAO.ERnBeIDData; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAttributeException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDPostProcessingException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.handler.INationaleIDProcessor; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.impl.data.Trible; -import eu.eidas.auth.commons.light.impl.LightRequest.Builder; - -@Service -public class CCSpecificEIDProcessingService implements ICCSpecificEIDProcessingService{ - private static final Logger log = LoggerFactory.getLogger(CCSpecificEIDProcessingService.class); - - @Autowired private ApplicationContext context; - - private List<INationaleIDProcessor> handlers = new ArrayList<INationaleIDProcessor>(); - - @PostConstruct - private void initialize() { - log.debug("Initialize eID PostProcessing-Service ... "); - Map<String, INationaleIDProcessor> postProcessors = context.getBeansOfType(INationaleIDProcessor.class); - Iterator<Entry<String, INationaleIDProcessor>> iterator = postProcessors.entrySet().iterator(); - while (iterator.hasNext()) { - Entry<String, INationaleIDProcessor> el = iterator.next(); - log.debug("Find eID-PostProcessor with name: " + el.getKey()); - handlers.add(el.getValue()); - - } - - log.trace("Sorting eID-PostProcessors on priority ... "); - Collections.sort(handlers, new Comparator<INationaleIDProcessor>() { - @Override - public int compare(INationaleIDProcessor thisAuthModule, INationaleIDProcessor otherAuthModule) { - int thisOrder = thisAuthModule.getPriority(); - int otherOrder = otherAuthModule.getPriority(); - return (thisOrder < otherOrder ? 1 : (thisOrder == otherOrder ? 0 : -1)); - } - }); - - log.info("# " + handlers.size() + " eID PostProcessing services are registrated"); - - } - - @Override - public void preProcess(String selectedCitizenCountry, IRequest pendingReq, Builder authnRequestBuilder) throws eIDPostProcessingException { - if (StringUtils.isEmpty(selectedCitizenCountry)) - log.info("No CountryCode for eID Pre-Processor. Default Pre-Processor will be used"); - - for (INationaleIDProcessor el : handlers) { - if (el.canHandle(selectedCitizenCountry)) { - log.debug("Pre-Process eIDAS request for " + selectedCitizenCountry + " by using: " + el.getName()); - el.preProcess(pendingReq, authnRequestBuilder); - return; - - } - } - - log.error("NO eID PostProcessor FOUND. Looks like a depentency problem!"); - throw new eIDPostProcessingException("internal.00", null); - - } - - @Override - public ERnBeIDData postProcess(Map<String, Object> eIDASAttrMap) throws eIDPostProcessingException, eIDASAttributeException { - //extract citizen country from eIDAS unique identifier - Object eIdentifierObj = eIDASAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); - if (eIdentifierObj == null || !(eIdentifierObj instanceof String)) - throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); - - Trible<String, String, String> eIdentifier = - eIDASResponseUtils.parseEidasPersonalIdentifier((String)eIdentifierObj); - String citizenCountry = eIdentifier.getFirst(); - - if (StringUtils.isEmpty(citizenCountry)) - log.info("No CountryCode for eID PostProcessor. Default-PostProcessor will be used"); - - for (INationaleIDProcessor el : handlers) { - if (el.canHandle(citizenCountry)) { - log.debug("Post-Process eIDAS eID from " + citizenCountry + " by using: " + el.getName()); - return el.postProcess(eIDASAttrMap); - - } - } - - log.error("NO eID PostProcessor FOUND. Looks like a depentency problem!"); - throw new eIDPostProcessingException("internal.00", null); - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/ICCSpecificEIDProcessingService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/ICCSpecificEIDProcessingService.java deleted file mode 100644 index 02802126..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/ICCSpecificEIDProcessingService.java +++ /dev/null @@ -1,57 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service; - -import java.util.Map; - -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.DAO.ERnBeIDData; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAttributeException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDPostProcessingException; -import at.gv.egiz.eaaf.core.api.IRequest; -import eu.eidas.auth.commons.light.ILightRequest; -import eu.eidas.auth.commons.light.impl.LightRequest.Builder; - -public interface ICCSpecificEIDProcessingService { - - /** - * Post-process eIDAS eID attributes into national format - * - * @param eIDASAttrMap Map of eIDAS attributes in format friendlyName and attribute - * - * @return eID attributes for SZR request - * @throws eIDPostProcessingException - * @throws eIDASAttributeException - */ - public ERnBeIDData postProcess(Map<String, Object> eIDASAttrMap) throws eIDPostProcessingException, eIDASAttributeException; - - /** - * Pre Process eIDAS request into national requirements - * - * @param selectedCC Citizen Country from selection - * @param pendingReq current pending request - * @param authnRequestBuilder eIDAS {@link ILightRequest} builder - * @throws eIDPostProcessingException - */ - public void preProcess(String selectedCC, IRequest pendingReq, Builder authnRequestBuilder) throws eIDPostProcessingException; - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/eIDASAttributeRegistry.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/eIDASAttributeRegistry.java deleted file mode 100644 index a093800e..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/eIDASAttributeRegistry.java +++ /dev/null @@ -1,164 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service; - -import java.io.File; -import java.text.MessageFormat; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import javax.annotation.PostConstruct; - -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; - -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; -import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; -import edu.umd.cs.findbugs.annotations.NonNull; -import eu.eidas.auth.commons.attribute.AttributeRegistries; -import eu.eidas.auth.commons.attribute.AttributeRegistry; - -@Service("attributeRegistry") -public class eIDASAttributeRegistry { - private static final Logger log = LoggerFactory.getLogger(eIDASAttributeRegistry.class); - @Autowired private IConfigurationWithSP basicConfig; - - private AttributeRegistry coreAttributeRegistry; - - private String eidasAttributesFile; - private String additionalAttributesFile; - - @PostConstruct - private void initialize() throws RuntimeException { - try { - if (eidasAttributesFile.isEmpty()) { - log.error("Basic eIDAS addribute definition NOT defined"); - throw new EaafConfigurationException("config.30", - new Object[] {"eidas-attributes.xml"}); - - } - - boolean additionalAttrAvailabe = false; - if (!additionalAttributesFile.isEmpty()) { - File file = new File(additionalAttributesFile); - if (file.exists()) - additionalAttrAvailabe = true; - - } - - if (!additionalAttrAvailabe) { - log.info("Start eIDAS ref. impl. Core without additional eIDAS attribute definitions ... "); - coreAttributeRegistry = AttributeRegistries.fromFiles(eidasAttributesFile, null); - - } else { - //load attribute definitions - log.info("Start eIDAS ref. impl. Core with additional eIDAS attribute definitions ... "); - coreAttributeRegistry = AttributeRegistries.fromFiles(eidasAttributesFile, null, additionalAttributesFile); - - } - - } catch (Throwable e) { - log.error("Can NOT initialize eIDAS attribute definition." , e); - new RuntimeException("Can NOT initialize eIDAS attribute definition.", e); - - } - } - - - public AttributeRegistry getCoreAttributeRegistry() { - return coreAttributeRegistry; - } - - @NonNull - public Map<String, Boolean> getDefaultAttributeSetFromConfiguration() { - /*TODO: select set for representation if mandates should be used. - * It's an open task in respect to requested eIDAS attributes and isRequired flag, - * because there can be a decision problem in case of natural or legal person representation! - * From an Austrian use-case point of view, an Austrian service provider can support mandates for - * natural and legal persons at the same time. However, we CAN NOT request attributes for natural AND - * legal persons on the same time, because it's not possible to represent both simultaneously. - */ - Map<String, String> configAttributes = - basicConfig.getBasicConfigurationWithPrefix( - Constants.CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_DEFAULT_ONLYNATURAL); - return processAttributeInfosFromConfig(configAttributes); - - } - - @NonNull - public Map<String, Boolean> getAttributeSetFromConfiguration(String countryCode) { - - - /*TODO: select set for representation if mandates should be used. - * It's an open task in respect to requested eIDAS attributes and isRequired flag, - * because there can be a decision problem in case of natural or legal person representation! - * From an Austrian use-case point of view, an Austrian service provider can support mandates for - * natural and legal persons at the same time. However, we CAN NOT request attributes for natural AND - * legal persons on the same time, because it's not possible to represent both simultaneously. - */ - Map<String, String> configAttributes = - basicConfig.getBasicConfigurationWithPrefix( - MessageFormat.format( - Constants.CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_CC_SPECIFIC_ONLYNATURAL, - countryCode.toLowerCase())); - return processAttributeInfosFromConfig(configAttributes); - - } - - private Map<String, Boolean> processAttributeInfosFromConfig(Map<String, String> configAttributes) { - - Map<String, Boolean> result = new HashMap<String, Boolean>(); - for (String el: configAttributes.values()) { - if (StringUtils.isNotEmpty(el.trim())) { - List<String> attrDef = KeyValueUtils.getListOfCsvValues(el.trim()); - boolean isRequired = false; - if (attrDef.size() == 2) - isRequired = Boolean.parseBoolean(attrDef.get(1)); - - result.put(attrDef.get(0), isRequired); - - } - } - - log.trace("Load #" + result.size() + " requested attributes from configuration"); - return result; - - } - - public void setEidasAttributesFile(String eidasAttributesFile) { - this.eidasAttributesFile = eidasAttributesFile; - } - - public void setAdditionalAttributesFile(String additionalAttributesFile) { - this.additionalAttributesFile = additionalAttributesFile; - } - - -} - diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/eIDASDataStore.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/eIDASDataStore.java deleted file mode 100644 index 5c5c5270..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/eIDASDataStore.java +++ /dev/null @@ -1,351 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -//package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service; -// -//import java.io.File; -//import java.io.IOException; -//import java.sql.Connection; -//import java.sql.DriverManager; -//import java.sql.PreparedStatement; -//import java.sql.ResultSet; -//import java.sql.SQLException; -//import java.sql.Statement; -//import java.time.Instant; -//import java.util.Properties; -// -//import javax.annotation.PostConstruct; -// -//import org.slf4j.Logger; -//import org.slf4j.LoggerFactory; -//import org.springframework.beans.factory.annotation.Autowired; -//import org.springframework.stereotype.Component; -//import org.sqlite.SQLiteConfig; -//import org.sqlite.SQLiteConfig.LockingMode; -//import org.sqlite.SQLiteConfig.SynchronousMode; -//import org.sqlite.SQLiteErrorCode; -// -//import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; -//import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.DAO.eIDASPersonalIdStoreDAO; -//import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.SQLiteServiceException; -//import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -//import at.gv.egiz.eaaf.core.impl.data.Pair; -//import at.gv.egiz.eaaf.core.impl.data.Trible; -// -//@Component -//@Deprecated -//public class eIDASDataStore { -// -// private static final String SQLITE_JDBC_DRIVER_CLASS = "org.sqlite.JDBC"; -// private static final String SQLITE_CONNECTION_PARAM = "jdbc:sqlite:%s"; -// private static final boolean sleep = true; -// private static final int howLongToSleepOnBusyLock_ = 100; -// -// private static final Logger log = LoggerFactory.getLogger(eIDASDataStore.class); -// -// @Autowired private IConfiguration basicConfig; -// -// private String connectionURL; -// private Connection conn = null; -// -// @PostConstruct -// private void initialize() throws SQLiteServiceException { -// try { -// String sqlLiteDBUrl = basicConfig.getBasicConfiguration( -// Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_SQLLITEDATASTORE_URL, -// basicConfig.getConfigurationRootDirectory().toString() + "/sqlite/database.db" -// -// ); -// -// log.info("Use SQLite database with URL: " + sqlLiteDBUrl); -// -// //check if SQLite lib is in Classpath -// Class.forName(SQLITE_JDBC_DRIVER_CLASS); -// -// //open DB connection -// boolean isNewFileCreated = false; -// -// //open file or create file if not already exists -// File dbFile = new File(sqlLiteDBUrl); -// if (!dbFile.exists()) { -// log.info("SQLite database does not exist. Creating new database file ... "); -// dbFile.createNewFile(); -// isNewFileCreated = true; -// -// } -// -// //open database connection -// connectionURL = String.format(SQLITE_CONNECTION_PARAM, dbFile.getPath()); -// -// //create DB scheme if new DB file was created -// if (isNewFileCreated) { -// executeUpdate(startConnection().createStatement(), eIDASPersonalIdStoreDAO.CREATE); -// log.debug("SQLite db scheme created"); -// -// } -// -// } catch (ClassNotFoundException e) { -// log.warn("Can NOT initialize SQLite database for temporarly identity mapping. ", e); -// throw new SQLiteServiceException("internal.05", new Object[] {e.getMessage()}, e); -// -// } catch (SQLException | IOException e) { -// log.warn("Can NOT initialize SQLite database for temporarly identity mapping. ", e); -// throw new SQLiteServiceException("internal.05", new Object[] {e.getMessage()}, e); -// -// } -// -// } -// -// -// -// -// /** -// * Store a mapping entry with eIDAS personal identifier (source country / destination country / personal identifier) -// * and the identifier that is used for ERnB communication -// * -// * @param transactionId Id of this authentication transaction -// * @param eIDASId eIDAS personal identifier without country prefixes -// * @param ernbId personal identifier that is used to request the ERnB -// * @throws SQLiteServiceException -// */ -// public void storeNationalId(String transactionId, Trible<String, String, String> eIDASId, String ernbId) throws SQLiteServiceException { -// try { -// PreparedStatement preStatment = startConnection().prepareStatement( -// eIDASPersonalIdStoreDAO.INSERT, -// Statement.RETURN_GENERATED_KEYS); -// -// for (int i=1; i<=eIDASPersonalIdStoreDAO.TABLE_COLS.size(); i++) { -// Pair<String, eIDASPersonalIdStoreDAO.T> col = eIDASPersonalIdStoreDAO.TABLE_COLS.get(i-1); -// if (col.getFirst().equals(eIDASPersonalIdStoreDAO.COLS.timestamp.name())) -// preStatment.setDate(i, new java.sql.Date(Instant.now().toEpochMilli())); -// -// else if (col.getFirst().equals(eIDASPersonalIdStoreDAO.COLS.transactionId.name())) -// preStatment.setString(i, transactionId); -// -// else if (col.getFirst().equals(eIDASPersonalIdStoreDAO.COLS.eidasId.name())) -// preStatment.setString(i, eIDASId.getThird()); -// -// else if (col.getFirst().equals(eIDASPersonalIdStoreDAO.COLS.eidasSourceCountry.name())) -// preStatment.setString(i, eIDASId.getFirst()); -// -// else if (col.getFirst().equals(eIDASPersonalIdStoreDAO.COLS.eidasDestinationCountry.name())) -// preStatment.setString(i, eIDASId.getSecond()); -// -// else if (col.getFirst().equals(eIDASPersonalIdStoreDAO.COLS.ernbId.name())) -// preStatment.setString(i, ernbId); -// -// else -// log.warn("SQLite table:" + eIDASPersonalIdStoreDAO.NAME + " contains no col with name:" + col.getFirst()); -// -// } -// -// //execute SQL query -// int sqlResult = preStatment.executeUpdate(); -// -// if (sqlResult != 1) { -// log.warn("SQLite query execution FAILED!"); -// throw new SQLiteServiceException("internal.06", new Object[] {"Queryresult is '-1'"}); -// -// } -// -// } catch (SQLiteServiceException | SQLException e) { -// log.warn("SQLite query execution FAILED!", e); -// throw new SQLiteServiceException("internal.05", new Object[] {e.getMessage()}, e); -// -// } -// -// } -// -// public String getErnbNationalId(Trible<String, String, String> eIDASId) throws SQLiteServiceException { -// try { -// PreparedStatement preStatment = startConnection().prepareStatement( -// eIDASPersonalIdStoreDAO.SELECT_BY_EIDAS_RAW_ID, -// Statement.RETURN_GENERATED_KEYS); -// -// preStatment.setString(1, eIDASId.getThird()); -// preStatment.setString(2, eIDASId.getFirst()); -// -// ResultSet rs = preStatment.executeQuery(); -// -// if(!rs.next()) -// return null; -// -// else -// return rs.getString(eIDASPersonalIdStoreDAO.COLS.ernbId.name()); -// -// } catch (SQLiteServiceException | SQLException e) { -// log.warn("SQLite query execution FAILED!", e); -// throw new SQLiteServiceException("internal.05", new Object[] {e.getMessage()}, e); -// -// } -// -// -// } -// -// public String getEidasRawNationalId(String ernbId) throws SQLiteServiceException { -// try { -// PreparedStatement preStatment = startConnection().prepareStatement( -// eIDASPersonalIdStoreDAO.SELECT_BY_ERNB_ID, -// Statement.RETURN_GENERATED_KEYS); -// -// preStatment.setString(1, ernbId); -// -// ResultSet rs = preStatment.executeQuery(); -// -// if(!rs.next()) -// return null; -// -// else -// return rs.getString(eIDASPersonalIdStoreDAO.COLS.eidasId.name()); -// -// } catch (SQLiteServiceException | SQLException e) { -// log.warn("SQLite query execution FAILED!", e); -// throw new SQLiteServiceException("internal.05", new Object[] {e.getMessage()}, e); -// -// } -// -// } -// -// private Connection startConnection() throws SQLiteServiceException { -// int i = howLongToSleepOnBusyLock_; -// -// while (true) { -// try { -// if (conn == null) { -// log.info("Initializing SQLite database with URL: " + connectionURL + " ... "); -// conn = DriverManager.getConnection(connectionURL, getConnectionProperties()); -// -// } else { -// if (!conn.isValid(10)) { -// log.info("SQLite connection is not valid any more --> restarting connection ..."); -// conn.close(); -// conn = DriverManager.getConnection(connectionURL, getConnectionProperties()); -// } -// } -// -// log.info("SQLite database connected"); -// return conn; -// -// } catch (SQLException e) { -// String msg = e.getLocalizedMessage(); -// if (isBusyLocked( e)) { -// log.warn(msg, e); -// try { -// if (sleep) -// Thread.sleep(i++); -// -// } catch (InterruptedException e1) { -// throw new SQLiteServiceException("internal.05", new Object[] {e1.getMessage()}, e1); -// -// } -// continue; -// -// } -// throw new SQLiteServiceException("internal.05", new Object[] {e.getMessage()}, e); -// -// } -// } -// } -// -// -// /* -// * SQLite query code -// */ -// -// protected Properties getConnectionProperties() { -// SQLiteConfig config = new SQLiteConfig(); -// config.enforceForeignKeys(true); -// config.setCacheSize(8000); -// config.setLockingMode(LockingMode.NORMAL); -// config.setSharedCache(false); -// config.setReadUncommited(true); -// config.setSynchronous(SynchronousMode.NORMAL); -// return config.toProperties(); -// -// } -// -// private int executeUpdate(Statement statement, String sql) throws SQLiteServiceException { -// int i = 10; -// -// int rc = -1; -// while (true) { -// try { -// rc = statement.executeUpdate(sql); -// break; -// -// } catch (SQLException e) { -// try { -// if (executeUpdateError(e, i)) -// continue; -// else -// throw new SQLiteServiceException("internal.06", -// new Object[] {e.getMessage()}, e); -// -// } catch (SQLiteServiceException e1) { -// log.warn("\n" + sql + "\n" + e1.getMessage()); -// throw e1; -// -// } -// } -// } -// -// return rc; -// -// } -// -// private boolean isBusyLocked(SQLException e) { -// int eC = e.getErrorCode(); -// -// if (eC == SQLiteErrorCode.SQLITE_LOCKED.code -// || eC == SQLiteErrorCode.SQLITE_BUSY.code) { -// log.trace("SQLite db is busy looked"); -// return true; -// -// } -// -// String msg = e.getMessage(); -// if ( msg.contains("[SQLITE_LOCKED]") || msg.contains("[SQLITE_BUSY]")) { -// log.trace("SQLite db is busy looked"); -// return true; -// } -// -// return false; -// } -// -// private boolean executeUpdateError(SQLException e, int theadSleepCounter) throws SQLiteServiceException { -// if (isBusyLocked(e)) { -// try { -// if (sleep) Thread.sleep(theadSleepCounter++); -// -// } catch (InterruptedException e1) { -// throw new SQLiteServiceException("internal.05", new Object[] {e1.getMessage()}, e1); -// -// } -// -// return true; -// } -// -// return false; -// -// } -//} -// diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java deleted file mode 100644 index 6bffef3b..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java +++ /dev/null @@ -1,398 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.szr; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.net.URL; -import java.security.KeyManagementException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.SecureRandom; -import java.security.UnrecoverableKeyException; -import java.util.ArrayList; -import java.util.List; -import java.util.Map; - -import javax.annotation.PostConstruct; -import javax.annotation.Resource; -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.SSLContext; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.Marshaller; -import javax.xml.namespace.QName; -import javax.xml.transform.Source; -import javax.xml.transform.Transformer; -import javax.xml.transform.TransformerException; -import javax.xml.transform.TransformerFactory; -import javax.xml.transform.stream.StreamResult; -import javax.xml.transform.stream.StreamSource; -import javax.xml.ws.BindingProvider; -import javax.xml.ws.Dispatch; -import javax.xml.ws.WebServiceContext; -import javax.xml.ws.handler.Handler; - -import org.apache.commons.lang3.StringUtils; -import org.apache.cxf.configuration.jsse.TLSClientParameters; -import org.apache.cxf.endpoint.Client; -import org.apache.cxf.frontend.ClientProxy; -import org.apache.cxf.jaxws.DispatchImpl; -import org.apache.cxf.transport.http.HTTPConduit; -import org.apache.cxf.transports.http.configuration.HTTPClientPolicy; -import org.apache.xpath.XPathAPI; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; -import org.w3c.dom.Document; -import org.w3c.dom.Element; - -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.SZRCommunicationException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.utils.LoggingHandler; -import at.gv.egiz.eaaf.core.api.data.XmlNamespaceConstants; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.impl.utils.DomUtils; -import at.gv.egiz.eaaf.core.impl.utils.FileUtils; -import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; -import szrservices.GetBPK; -import szrservices.GetBPKResponse; -import szrservices.GetIdentityLinkEidas; -import szrservices.GetIdentityLinkEidasResponse; -import szrservices.IdentityLinkType; -import szrservices.ObjectFactory; -import szrservices.PersonInfoType; -import szrservices.SZR; -import szrservices.SZRException_Exception; - -@Service("SZRClientForeIDAS") -public class SZRClient { - private static final Logger log = LoggerFactory.getLogger(SZRClient.class); - - private static final String CLIENT_DEFAULT = "DefaultClient"; - private static final String CLIENT_RAW = "RawClient"; - - @Autowired private IConfiguration basicConfig; - @Resource private WebServiceContext wsContext; - - //client for anything, without identitylink - private SZR szr = null; - - //RAW client is needed for identitylink - private Dispatch<Source> dispatch = null; - - - private SZRService szrService = null; - private String szrURL = null; - private QName qname = null; - - public IdentityLinkType getIdentityLinkInRawMode(PersonInfoType personInfo) throws SZRCommunicationException { - try { - GetIdentityLinkEidas getIDL = new GetIdentityLinkEidas(); - getIDL.setPersonInfo(personInfo); - - JAXBContext jaxbContext = JAXBContext.newInstance(ObjectFactory.class); - Marshaller jaxbMarshaller = jaxbContext.createMarshaller(); - - final ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); - jaxbMarshaller.marshal(getIDL, outputStream); - outputStream.flush(); - - Source source = new StreamSource(new ByteArrayInputStream(outputStream.toByteArray())); - outputStream.close(); - - log.trace("Requesting SZR ... "); - Source response = dispatch.invoke(source); - log.trace("Receive RAW response from SZR"); - - byte[] szrResponse = sourceToByteArray(response); - //JAXBContext ctx = JAXBContext.newInstance(IdentityLinkType.class -// .getPackage().getName()); - GetIdentityLinkEidasResponse jaxbElement = (GetIdentityLinkEidasResponse) jaxbContext - .createUnmarshaller().unmarshal(new ByteArrayInputStream(szrResponse)); - - - //build response - log.trace(new String(szrResponse)); - - // ok, we have success - Document doc = DomUtils.parseDocument( - new ByteArrayInputStream(szrResponse), - true, - XmlNamespaceConstants.ALL_SCHEMA_LOCATIONS + " " + Constants.SZR_SCHEMA_LOCATIONS, - null, null - ); - String xpathExpression = "//saml:Assertion"; - Element nsNode = doc.createElementNS("urn:oasis:names:tc:SAML:1.0:assertion", "saml:NSNode"); - - log.trace("Selecting signed doc " + xpathExpression); - Element documentNode = (Element) XPathAPI.selectSingleNode(doc, - xpathExpression, nsNode); - log.trace("Signed document: " + DomUtils.serializeNode(documentNode)); - - - IdentityLinkType idl = new IdentityLinkType(); - idl.setAssertion(documentNode); - idl.setPersonInfo(jaxbElement.getGetIdentityLinkReturn().getPersonInfo()); - - return idl; - - } catch ( Exception e) { - log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e); - throw new SZRCommunicationException("ernb.02", new Object[] {e.getMessage()}, e); - - } - - } - - public String getBPK(PersonInfoType personInfo, String target, String vkz) throws SZRCommunicationException { - try { - GetBPK parameters = new GetBPK(); - parameters.setPersonInfo(personInfo); - parameters.setBereichsKennung(target); - parameters.setVKZ(vkz); - GetBPKResponse result = this.szr.getBPK(parameters); - - return result.getGetBPKReturn(); - - } catch (SZRException_Exception e) { - log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e); - throw new SZRCommunicationException("ernb.02", new Object[] {e.getMessage()}, e); - - } - - } - - - @PostConstruct - private void initialize() { - log.info("Starting SZR-Client initialization .... "); - URL url = SZRClient.class.getResource("/szr_client/SZR-1.1.WSDL"); - - boolean useTestSZR = basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE, - true); - - if (useTestSZR) { - log.debug("Initializing SZR test environment configuration."); - qname = SZRService.SZRTestumgebung; - szrService = new SZRService(url, new QName("urn:SZRServices", "SZRService")); - szr = szrService.getSZRTestumgebung(); - szrURL = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_ENDPOINT_TEST); - - - } else { - log.debug("Initializing SZR productive configuration."); - qname = SZRService.SZRProduktionsumgebung; - szrService = new SZRService(url, new QName("urn:SZRServices", "SZRService")); - szr = szrService.getSZRProduktionsumgebung(); - szrURL = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_ENDPOINT_PROD); - - } - - //create raw client; - dispatch = szrService.createDispatch(qname, Source.class, javax.xml.ws.Service.Mode.PAYLOAD); - - if (StringUtils.isEmpty(szrURL)) { - log.error("No SZR service-URL found. SZR-Client initalisiation failed."); - throw new RuntimeException("No SZR service URL found. SZR-Client initalisiation failed."); - - } - - //check if Clients can be initialized - if (szr == null ) { - log.error("SZR " + CLIENT_DEFAULT + " is 'NULL'. Something goes wrong"); - throw new RuntimeException("SZR " + CLIENT_DEFAULT + " is 'NULL'. Something goes wrong"); - - } - if (dispatch == null ) { - log.error("SZR " + CLIENT_RAW + " is 'NULL'. Something goes wrong"); - throw new RuntimeException("SZR " + CLIENT_RAW + " is 'NULL'. Something goes wrong"); - - } - - //inject handler - log.info("Use SZR service-URL: " + szrURL); - injectBindingProvider((BindingProvider) szr, CLIENT_DEFAULT); - injectBindingProvider((BindingProvider) dispatch, CLIENT_RAW); - - //inject http parameters and SSL context - log.debug("Inject HTTP client settings ... "); - injectHTTPClient(szr, CLIENT_DEFAULT); - injectHTTPClient(dispatch, CLIENT_RAW); - - - - log.info("SZR-Client initialization successfull"); - } - - private void injectHTTPClient(Object raw, String clientType) { - //extract client from implementation - Client client = null; - if (raw instanceof DispatchImpl<?>) - client = ((DispatchImpl<?>)raw).getClient(); - else if (raw instanceof Client) - client = ClientProxy.getClient(raw); - else - throw new RuntimeException("SOAP Client for SZR connection is of UNSUPPORTED type: " + raw.getClass().getName()); - - //set basic connection policies - HTTPConduit http = (HTTPConduit) client.getConduit(); - - //set timeout policy - HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); - httpClientPolicy.setConnectionTimeout( - Integer.parseInt(basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_CONNECTION, - Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION)) * 1000); - httpClientPolicy.setReceiveTimeout( - Integer.parseInt(basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_RESPONSE, - Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE)) * 1000); - http.setClient(httpClientPolicy); - - //inject SSL context in case of https - if (szrURL.toLowerCase().startsWith("https")) { - log.debug("Adding SSLContext to client: " + clientType +" ... "); - TLSClientParameters tlsParams = new TLSClientParameters(); - tlsParams.setSSLSocketFactory(createSSLContext(clientType).getSocketFactory()); - http.setTlsClientParameters(tlsParams ); - log.info("SSLContext initialized for client: " + clientType); - - } - - } - - private void injectBindingProvider(BindingProvider bindingProvider, String clientType) { - Map<String, Object> requestContext = bindingProvider.getRequestContext(); - requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, szrURL); - - log.trace("Adding JAX-WS request/response trace handler to client: " + clientType); - List<Handler> handlerList = bindingProvider.getBinding().getHandlerChain(); - if (handlerList == null) { - handlerList = new ArrayList<Handler>(); - bindingProvider.getBinding().setHandlerChain(handlerList); - - } - - //add logging handler to trace messages if required - if (basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_TRACEMESSAGES, - false)) { - LoggingHandler loggingHandler = new LoggingHandler(); - handlerList.add(loggingHandler); - - } - bindingProvider.getBinding().setHandlerChain(handlerList); - } - - private SSLContext createSSLContext(String clientType) { - try { - SSLContext context = SSLContext.getInstance("TLS"); - - //initialize key-mangager for SSL client-authentication - KeyManager[] keyManager = null; - String keyStorePath = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PATH); - String keyStorePassword = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PASSWORD); - if (StringUtils.isNotEmpty(keyStorePath)) { - log.trace("Find keyStore path: " + keyStorePath + " Injecting SSL client certificate ... "); - try { - KeyStore keyStore = KeyStoreUtils.loadKeyStore( - FileUtils.makeAbsoluteUrl(keyStorePath, basicConfig.getConfigurationRootDirectory()), - keyStorePassword); - - KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); - kmf.init(keyStore, keyStorePassword.toCharArray()); - keyManager = kmf.getKeyManagers(); - log.debug("SSL client certificate injected to client: " + clientType); - - } catch (KeyStoreException | IOException | UnrecoverableKeyException e) { - log.error("Can NOT load SSL client certificate from path: " + keyStorePath); - throw new RuntimeException("Can NOT load SSL client certificate from path: " + keyStorePath, e); - - } - } else { - log.debug("No KeyStore for SSL Client Auth. found. Initializing SSLContext without authentication ... "); - - } - - - //initialize SSL TrustStore - TrustManager[] trustManager = null; - String trustStorePath = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PATH); - String trustStorePassword = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PASSWORD); - if (StringUtils.isNotEmpty(trustStorePath)) { - log.trace("Find trustStore path: " + trustStorePath + " Injecting SSL TrustStore ... "); - try { - KeyStore trustStore = KeyStoreUtils.loadKeyStore( - FileUtils.makeAbsoluteUrl(trustStorePath, basicConfig.getConfigurationRootDirectory()), - trustStorePassword); - - TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); - tmf.init(trustStore); - trustManager = tmf.getTrustManagers(); - log.debug("SSL TrustStore injected to client: " + clientType); - - } catch (KeyStoreException | IOException e) { - log.error("Can NOT open SSL TrustStore from path: " + trustStorePath); - throw new RuntimeException("Can NOT open SSL TrustStore from path: " + trustStorePath, e); - - } - - } else { - log.debug("No custom SSL TrustStore found. Initializing SSLContext with JVM default truststore ... "); - - } - - - context.init(keyManager, trustManager, new SecureRandom()); - return context; - - } catch (NoSuchAlgorithmException | KeyManagementException e) { - log.error("SSLContext initialization FAILED.", e); - throw new RuntimeException("SSLContext initialization FAILED.", e); - - } - - } - - private byte[] sourceToByteArray(Source result) throws TransformerException { - TransformerFactory factory = TransformerFactory.newInstance(); - Transformer transformer = factory.newTransformer(); - transformer.setOutputProperty("omit-xml-declaration", "yes"); - transformer.setOutputProperty("method", "xml"); - ByteArrayOutputStream out = new ByteArrayOutputStream(); - StreamResult streamResult = new StreamResult(); - streamResult.setOutputStream(out); - transformer.transform(result, streamResult); - return out.toByteArray(); - } - - - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRService.java deleted file mode 100644 index a5a2d31e..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRService.java +++ /dev/null @@ -1,161 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.szr; - -import java.net.URL; - -import javax.xml.namespace.QName; -import javax.xml.ws.Service; -import javax.xml.ws.WebEndpoint; -import javax.xml.ws.WebServiceClient; -import javax.xml.ws.WebServiceFeature; - -import szrservices.SZR; - -/** - * This class was generated by Apache CXF 3.1.16 - * 2018-07-10T09:36:01.466+02:00 - * Generated source version: 3.1.16 - * - */ -@WebServiceClient(name = "SZRService", - wsdlLocation = "./src/main/resources/szr_client/SZR-1.WSDL", - targetNamespace = "urn:SZRServices") -public class SZRService extends Service { - - public final static URL WSDL_LOCATION; - - public final static QName SERVICE = new QName("urn:SZRServices", "SZRService"); - public final static QName SZRProduktionsumgebung = new QName("urn:SZRServices", "SZRProduktionsumgebung"); - public final static QName SZRTestumgebung = new QName("urn:SZRServices", "SZRTestumgebung"); - public final static QName SZRBusinesspartnerTestumgebung = new QName("urn:SZRServices", "SZRBusinesspartnerTestumgebung"); - static { - URL url = SZRService.class.getResource("./src/main/resources/szr_client/SZR-1.WSDL"); - if (url == null) { - url = SZRService.class.getClassLoader().getResource("/szr_client/SZR-1.WSDL"); - } - if (url == null) { - java.util.logging.Logger.getLogger(SZRService.class.getName()) - .log(java.util.logging.Level.INFO, - "Can not initialize the default wsdl from {0}", "/szr_client/SZR-1.WSDL"); - } - WSDL_LOCATION = url; - - } - - public SZRService(URL wsdlLocation) { - super(wsdlLocation, SERVICE); - } - - public SZRService(URL wsdlLocation, QName serviceName) { - super(wsdlLocation, serviceName); - } - - public SZRService() { - super(WSDL_LOCATION, SERVICE); - } - - public SZRService(WebServiceFeature ... features) { - super(WSDL_LOCATION, SERVICE, features); - } - - public SZRService(URL wsdlLocation, WebServiceFeature ... features) { - super(wsdlLocation, SERVICE, features); - } - - public SZRService(URL wsdlLocation, QName serviceName, WebServiceFeature ... features) { - super(wsdlLocation, serviceName, features); - } - - - - - /** - * - * @return - * returns SZR - */ - @WebEndpoint(name = "SZRProduktionsumgebung") - public SZR getSZRProduktionsumgebung() { - return super.getPort(SZRProduktionsumgebung, SZR.class); - } - - /** - * - * @param features - * A list of {@link javax.xml.ws.WebServiceFeature} to configure on the proxy. Supported features not in the <code>features</code> parameter will have their default values. - * @return - * returns SZR - */ - @WebEndpoint(name = "SZRProduktionsumgebung") - public SZR getSZRProduktionsumgebung(WebServiceFeature... features) { - return super.getPort(SZRProduktionsumgebung, SZR.class, features); - } - - - /** - * - * @return - * returns SZR - */ - @WebEndpoint(name = "SZRTestumgebung") - public SZR getSZRTestumgebung() { - return super.getPort(SZRTestumgebung, SZR.class); - } - - /** - * - * @param features - * A list of {@link javax.xml.ws.WebServiceFeature} to configure on the proxy. Supported features not in the <code>features</code> parameter will have their default values. - * @return - * returns SZR - */ - @WebEndpoint(name = "SZRTestumgebung") - public SZR getSZRTestumgebung(WebServiceFeature... features) { - return super.getPort(SZRTestumgebung, SZR.class, features); - } - - - /** - * - * @return - * returns SZR - */ - @WebEndpoint(name = "SZRBusinesspartnerTestumgebung") - public SZR getSZRBusinesspartnerTestumgebung() { - return super.getPort(SZRBusinesspartnerTestumgebung, SZR.class); - } - - /** - * - * @param features - * A list of {@link javax.xml.ws.WebServiceFeature} to configure on the proxy. Supported features not in the <code>features</code> parameter will have their default values. - * @return - * returns SZR - */ - @WebEndpoint(name = "SZRBusinesspartnerTestumgebung") - public SZR getSZRBusinesspartnerTestumgebung(WebServiceFeature... features) { - return super.getPort(SZRBusinesspartnerTestumgebung, SZR.class, features); - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java deleted file mode 100644 index 26dab045..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java +++ /dev/null @@ -1,392 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.tasks; - -import java.io.InputStream; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang3.StringUtils; -import org.joda.time.DateTime; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; -import org.w3c.dom.Element; -import org.w3c.dom.Node; - -import com.google.common.collect.ImmutableMap; -import com.google.common.collect.ImmutableSet; - -import at.asitplus.eidas.specific.connector.MSConnectorEventCodes; -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.DAO.ERnBeIDData; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.SZRCommunicationException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAttributeException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.ICCSpecificEIDProcessingService; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.szr.SZRClient; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils; -import at.gv.e_government.reference.namespace.persondata._20020228.AlternativeNameType; -import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType; -import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import at.gv.egiz.eaaf.core.impl.utils.DomUtils; -import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; -import eu.eidas.auth.commons.attribute.AttributeDefinition; -import eu.eidas.auth.commons.attribute.AttributeValue; -import eu.eidas.auth.commons.light.ILightResponse; -import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; -import szrservices.IdentityLinkType; -import szrservices.PersonInfoType; -import szrservices.TravelDocumentType; - -/** - * @author tlenz - * - */ -@Component("CreateIdentityLinkTask") -public class CreateIdentityLinkTask extends AbstractAuthServletTask { - private static final Logger log = LoggerFactory.getLogger(CreateIdentityLinkTask.class); - - @Autowired private IConfiguration basicConfig; - @Autowired private SZRClient szrClient; - @Autowired private ICCSpecificEIDProcessingService eIDPostProcessor; - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ - @Override - public void execute(ExecutionContext executionContext, - HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { - try{ - AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); - ILightResponse eIDASResponse = authProcessData.getGenericDataFromSession( - Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); - - Map<String, Object> simpleAttrMap = converteIDASAttrToSimpleMap(eIDASResponse.getAttributes().getAttributeMap()); - - IIdentityLink identityLink = null; - String bPK = null; - - //post-process eIDAS attributes - ERnBeIDData eIDData = eIDPostProcessor.postProcess(simpleAttrMap); - - //write MDS into technical log and revision log - writeMDSLogInformation(eIDData); - - //connect SZR-Gateway - if(basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) { - log.warn("SZR-Dummy IS ACTIVE! IdentityLink is NOT VALID!!!!"); - // create fake IdL - // - fetch IdL template from resources - InputStream s = CreateIdentityLinkTask.class.getResourceAsStream("/resources/xmldata/fakeIdL_IdL_template.xml"); - Element idlTemplate = DomUtils.parseXmlValidating(s); - - identityLink = new SimpleIdentityLinkAssertionParser(idlTemplate).parseIdentityLink(); - - // replace data - Element idlassertion = identityLink.getSamlAssertion(); - - // - set fake baseID; - Node prIdentification = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); - prIdentification.getFirstChild().setNodeValue(eIDData.getPseudonym()); - - //build personal identifier which looks like a baseID -// String fakeBaseID = new BPKBuilder().buildBPK(eIdentifier, "baseID"); -// Logger.info("Map eIDAS eIdentifier:" + eIdentifier + " to fake baseID:" + fakeBaseID); -// prIdentification.getFirstChild().setNodeValue(fakeBaseID); - - // - set last name - Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH); - prFamilyName.getFirstChild().setNodeValue(eIDData.getFamilyName()); - - // - set first name - Node prGivenName = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH); - prGivenName.getFirstChild().setNodeValue(eIDData.getGivenName()); - - // - set date of birth - Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH); - - prDateOfBirth.getFirstChild().setNodeValue(eIDData.getFormatedDateOfBirth()); - - identityLink = new SimpleIdentityLinkAssertionParser(idlassertion).parseIdentityLink(); - - Pair<String, String> bPKCalc = new BpkBuilder().generateAreaSpecificPersonIdentifier( - identityLink.getIdentificationValue(), - identityLink.getIdentificationType(), - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); - bPK = bPKCalc.getFirst(); - - - } else { - //contact SZR Gateway - log.debug("Starting connecting SZR Gateway"); - PersonInfoType personInfo = new PersonInfoType(); - PersonNameType personName = new PersonNameType(); - PhysicalPersonType naturalPerson = new PhysicalPersonType(); - TravelDocumentType eDocument = new TravelDocumentType(); - - naturalPerson.setName(personName ); - personInfo.setPerson(naturalPerson ); - personInfo.setTravelDocument(eDocument ); - - //person information - personName.setFamilyName(eIDData.getFamilyName()); - personName.setGivenName(eIDData.getGivenName()); - naturalPerson.setDateOfBirth(eIDData.getFormatedDateOfBirth()); - eDocument.setIssuingCountry(eIDData.getCitizenCountryCode()); - eDocument.setDocumentNumber(eIDData.getPseudonym()); - - //eID document information - eDocument.setDocumentType(basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE, - Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE)); - - //set PlaceOfBirth if available - if (eIDData.getPlaceOfBirth() != null) { - log.trace("Find 'PlaceOfBirth' attribute: " + eIDData.getPlaceOfBirth()); - if (basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE, - true)) { - naturalPerson.setPlaceOfBirth(eIDData.getPlaceOfBirth()); - log.trace("Adding 'PlaceOfBirth' to ERnB request ... "); - - } - } - - //set BirthName if available - if (eIDData.getBirthName() != null) { - log.trace("Find 'BirthName' attribute: " + eIDData.getBirthName()); - if (basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE, - true)) { - AlternativeNameType alternativeName = new AlternativeNameType(); - naturalPerson.setAlternativeName(alternativeName ); - alternativeName.setFamilyName(eIDData.getBirthName()); - log.trace("Adding 'BirthName' to ERnB request ... "); - - } - } - - - IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo); - - Element idlFromSZR = (Element)result.getAssertion(); - identityLink = new SimpleIdentityLinkAssertionParser(idlFromSZR).parseIdentityLink(); - - //write ERnB inputdata into revisionlog - if (basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) { - revisionsLogger.logEvent(pendingReq, - MSConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID, - (String)simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); - revisionsLogger.logEvent(pendingReq, - MSConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eIDData.getPseudonym()); - - } - - //get bPK from SZR - if (basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) { - bPK = szrClient.getBPK( - personInfo, - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), - basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, - "no VKZ defined")); - - } else { - log.debug("Calculating bPK from baseId ... "); - Pair<String, String> bPKCalc = new BpkBuilder().generateAreaSpecificPersonIdentifier( - identityLink.getIdentificationValue(), - identityLink.getIdentificationType(), - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); - bPK = bPKCalc.getFirst(); - - } - - } - - if (identityLink == null) { - log.error("ERnB did not return an identity link."); - throw new SZRCommunicationException("ernb.00", null); - - } - revisionsLogger.logEvent(pendingReq, MSConnectorEventCodes.SZR_IDL_RECEIVED, - identityLink.getSamlAssertion().getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID)); - - - if (bPK == null) { - log.error("ERnB did not return a bPK for target: " + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); - throw new SZRCommunicationException("ernb.01", null); - - } - revisionsLogger.logEvent(pendingReq, MSConnectorEventCodes.SZR_BPK_RECEIVED); - - log.debug("ERnB communication was successfull"); - - authProcessData.setForeigner(true); - authProcessData.setIdentityLink(identityLink); - authProcessData.setGenericDataToSession( - PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, - eIDASResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst()); - - //set bPK and bPKType into auth session - authProcessData.setGenericDataToSession( - PvpAttributeDefinitions.BPK_NAME, - extendBPKbyPrefix( - bPK, - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()) - ); - authProcessData.setGenericDataToSession( - PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); - - - - //store pending-request - requestStoreage.storePendingRequest(pendingReq); - - } catch (eIDASAttributeException e) { - throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e); - - } catch (EaafException e) { - throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); - - } catch (Exception e) { - log.error("IdentityLink generation for foreign person FAILED.", e); - throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); - - } - } - - private String extendBPKbyPrefix(String bpk, String type) { - String bPKType = null; - - if (type.startsWith(EaafConstants.URN_PREFIX_WBPK)) - bPKType = type.substring((EaafConstants.URN_PREFIX_WBPK).length()); - - else if (type.startsWith(EaafConstants.URN_PREFIX_CDID)) - bPKType = type.substring((EaafConstants.URN_PREFIX_CDID).length()); - - else if (type.startsWith(EaafConstants.URN_PREFIX_EIDAS)) - bPKType = type.substring((EaafConstants.URN_PREFIX_EIDAS).length()); - - - if (bPKType != null ) { - log.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + bPKType); - return bPKType + ":" + bpk; - - } else { - log.warn("Service Provider Target with: " + type + " is NOT supported. Set bPK as it is ..."); - return bpk; - - } - - } - - private Map<String, Object> converteIDASAttrToSimpleMap( - ImmutableMap<AttributeDefinition<?>, ImmutableSet<? extends AttributeValue<?>>> attributeMap) { - Map<String, Object> result = new HashMap<String, Object>(); - - for (AttributeDefinition<?> el : attributeMap.keySet()) { - - final Class parameterizedType = el.getParameterizedType(); - if ((DateTime.class).equals(parameterizedType)) { - DateTime attribute = eIDASResponseUtils.translateDateAttribute(el, attributeMap.get(el).asList()); - if (attribute != null) { - result.put(el.getFriendlyName(), attribute); - log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + attribute.toString() ); - - } else - log.info("Ignore empty 'DateTime' attribute"); - - } else if ((PostalAddress.class).equals(parameterizedType)) { - PostalAddress addressAttribute = eIDASResponseUtils.translateAddressAttribute(el, attributeMap.get(el).asList()); - if (addressAttribute != null) { - result.put(el.getFriendlyName(), addressAttribute); - log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + addressAttribute.toString() ); - - } else - log.info("Ignore empty 'PostalAddress' attribute"); - - } else { - List<String> natPersonIdObj = eIDASResponseUtils.translateStringListAttribute(el, attributeMap.get(el).asList()); - String stringAttr = natPersonIdObj.get(0); - if (StringUtils.isNotEmpty(stringAttr)) { - result.put(el.getFriendlyName(), stringAttr); - log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + stringAttr ); - - } else - log.info("Ignore empty 'String' attribute"); - - } - } - - log.debug("Receive #" + result.size() + " attributes with names: " + result.keySet().toString()); - - return result; - } - - private void writeMDSLogInformation(ERnBeIDData eIDData) { - //log MDS and country code into technical log - if (basicConfig.getBasicConfigurationBoolean( - MSeIDASNodeConstants.PROP_CONFIG_TECHNICALLOG_WRITE_MDS_INTO_TECH_LOG, false)) - log.info("eIDAS Auth. for user: " - + eIDData.getGivenName() + " " - + eIDData.getFamilyName() + " " - + eIDData.getFormatedDateOfBirth() + " " - + "from " + eIDData.getCitizenCountryCode()); - - //log MDS and country code into revision log - if (basicConfig.getBasicConfigurationBoolean( - MSeIDASNodeConstants.PROP_CONFIG_REVISIONLOG_WRITE_MDS_INTO_REVISION_LOG, false)) - revisionsLogger.logEvent(pendingReq, MSConnectorEventCodes.RESPONSE_FROM_EIDAS_MDSDATA, - "{" + eIDData.getGivenName() + "," - + eIDData.getFamilyName() + "," - + eIDData.getFormatedDateOfBirth() + "," - + eIDData.getCitizenCountryCode() + "}"); - - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java deleted file mode 100644 index 7b61ef7e..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java +++ /dev/null @@ -1,275 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.tasks; - -import java.util.UUID; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; -import org.springframework.stereotype.Component; -import org.springframework.web.util.UriComponentsBuilder; - -import at.asitplus.eidas.specific.connector.MSConnectorEventCodes; -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; -import at.asitplus.eidas.specific.connector.gui.StaticGuiBuilderConfiguration; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.ICCSpecificEIDProcessingService; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import eu.eidas.auth.commons.EidasParameterKeys; -import eu.eidas.auth.commons.light.ILightRequest; -import eu.eidas.auth.commons.light.impl.LightRequest; -import eu.eidas.auth.commons.tx.BinaryLightToken; -import eu.eidas.specificcommunication.BinaryLightTokenHelper; -import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; -import eu.eidas.specificcommunication.exception.SpecificCommunicationException; -import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; - -/** - * @author tlenz - * - */ -@Component("ConnecteIDASNodeTask") -public class GenerateAuthnRequestTask extends AbstractAuthServletTask { - private static final Logger log = LoggerFactory.getLogger(GenerateAuthnRequestTask.class); - - @Autowired IConfiguration basicConfig; - @Autowired ApplicationContext context; - @Autowired ITransactionStorage transactionStore; - @Autowired ISpringMvcGuiFormBuilder guiBuilder; - @Autowired ICCSpecificEIDProcessingService ccSpecificProcessing; - - @Override - public void execute(ExecutionContext executionContext, - HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { - - try{ - //get service-provider configuration - ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); - - // get target, environment and validate citizen countryCode - String citizenCountryCode = (String) executionContext.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY); - String environment = (String) executionContext.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT); - - if (StringUtils.isEmpty(citizenCountryCode)) { - // illegal state; task should not have been executed without a selected country - throw new eIDASAuthenticationException("eidas.03", new Object[] { "" }); - - } - - //TODO: maybe add countryCode validation before request ref. impl. eIDAS node - log.info("Request eIDAS auth. for citizen of country: " + citizenCountryCode); - revisionsLogger.logEvent(pendingReq, MSConnectorEventCodes.COUNTRY_SELECTED, citizenCountryCode); - - //build eIDAS AuthnRequest - LightRequest.Builder authnRequestBuilder = LightRequest.builder(); - authnRequestBuilder.id(UUID.randomUUID().toString()); - - - String issur = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_ENTITYID); - if (StringUtils.isEmpty(issur)) { - log.error("Found NO 'eIDAS node issuer' in configuration. Authentication NOT possible!"); - throw new EaafConfigurationException("config.27", - new Object[] {"Application config containts NO " + Constants.CONIG_PROPS_EIDAS_NODE_ENTITYID }); - - } - authnRequestBuilder.issuer(issur); - - - //TODO: set matching mode if eIDAS ref. impl. support this method - - - //TODO: update if eIDAS ref. impl. supports exact matching for non-notified LoA schemes - String loa = EaafConstants.EIDAS_LOA_HIGH; - if (spConfig.getRequiredLoA() != null) { - if (spConfig.getRequiredLoA().isEmpty()) - log.info("No eIDAS LoA requested. Use LoA HIGH as default"); - - else { - if (spConfig.getRequiredLoA().size() > 1 ) - log.info("Currently only ONE requested LoA is supported for service provider. Use first one ... "); - - loa = spConfig.getRequiredLoA().get(0); - - } - } - - log.debug("Request eIdAS node with LoA: " + loa); - authnRequestBuilder.levelOfAssurance(loa); - - //set nameIDFormat - authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT); - - //set citizen country code for foreign uses - authnRequestBuilder.citizenCountryCode(citizenCountryCode); - - //set relay state - /*TODO: SecureToken PendingRequestId generates a validation exception in eIDASNode because - * eIDASNode implements limit on size for RelayState (80characaters) - */ - //authnRequestBuilder.relayState(pendingReq.getPendingRequestId()); - - //Add country-specific informations into eIDAS request - ccSpecificProcessing.preProcess(citizenCountryCode, pendingReq, authnRequestBuilder); - - //build request - LightRequest lightAuthnReq = authnRequestBuilder.build(); - - //put request into Hazelcast cache - BinaryLightToken token = putRequestInCommunicationCache(lightAuthnReq); - final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token); - - //Workaround, because eIDAS node ref. impl. does not return relayState - if (basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER, - false)) { - log.trace("Put lightRequestId into transactionstore as session-handling backup"); - transactionStore.put(lightAuthnReq.getId(), pendingReq.getPendingRequestId(), -1); - - } - - //select forward URL regarding the selected environment - String forwardURL = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL); - if (StringUtils.isNotEmpty(environment)) - forwardURL = selectedForwardURLForEnvironment(environment); - - if (StringUtils.isEmpty(forwardURL)) { - log.warn("NO ForwardURL defined in configuration. Can NOT forward to eIDAS node! Process stops"); - throw new EaafConfigurationException("config.08", new Object[] { - (environment==null)?Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL:Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL+"."+environment - }); - - } - log.debug("ForwardURL: " + forwardURL + " selected to forward eIDAS request"); - - if (basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD, - Constants.FORWARD_METHOD_GET - ).equals(Constants.FORWARD_METHOD_GET)) { - - log.debug("Use http-redirect for eIDAS node forwarding ... "); - //send redirect - UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(forwardURL); - redirectUrl.queryParam(EidasParameterKeys.TOKEN.toString(), tokenBase64); - response.sendRedirect(redirectUrl.build().encode().toString()); - - } else { - log.debug("Use http-post for eIDAS node forwarding ... "); - StaticGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( - basicConfig, - pendingReq, - Constants.TEMPLATE_POST_FORWARD_NAME, - null); - - config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_ENDPOINT, forwardURL); - config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_TOKEN_NAME, - EidasParameterKeys.TOKEN.toString()); - config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_TOKEN_VALUE, - tokenBase64); - - guiBuilder.build(request, response, config, "Forward to eIDASNode form"); - - } - - revisionsLogger.logEvent(pendingReq, MSConnectorEventCodes.EIDAS_NODE_CONNECTED, lightAuthnReq.getId()); - - - } catch (eIDASAuthenticationException e) { - throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", e); - - } catch (Exception e) { - log.warn("eIDAS AuthnRequest generation FAILED.", e); - throw new TaskExecutionException(pendingReq, e.getMessage(), e); - - } - - } - - /** - * Select a forward URL from configuration for a specific environment - * <br><br> - * <b>Info: </b> This method is needed, because eIDAS Ref. Impl only supports one countrycode on each instance. - * In consequence, more than one eIDAS Ref. Impl nodes are required to support producation, testing, or QS stages - * for one country by using one ms-specific eIDAS connector - * - * @param environment Environment selector from CountrySlection page - * @return - */ - private String selectedForwardURLForEnvironment(String environment) { - log.trace("Starting endpoint selection process for environment: " + environment + " ... "); - if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_PRODUCTION)) - return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL); - - else if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS)) - return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL - + "." + MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS); - - else if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING)) - return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL - + "." + MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING); - - else if (environment.equalsIgnoreCase(MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT)) - return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL - + "." + MSeIDASNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT); - - log.info("Environment selector: " + environment + " is not supported"); - return null; - - } - - private BinaryLightToken putRequestInCommunicationCache(ILightRequest iLightRequest) throws ServletException { - final BinaryLightToken binaryLightToken; - try { - final SpecificCommunicationService springManagedSpecificConnectorCommunicationService = - (SpecificCommunicationService) context.getBean(SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString()); - - binaryLightToken = springManagedSpecificConnectorCommunicationService.putRequest(iLightRequest); - - } catch (SpecificCommunicationException e) { - log.error("Unable to process specific request"); - throw new ServletException(e); - - } - - return binaryLightToken; - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java deleted file mode 100644 index 4dd50f9a..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java +++ /dev/null @@ -1,120 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.tasks; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - -import at.asitplus.eidas.specific.connector.MSConnectorEventCodes; -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.validator.eIDASResponseValidator; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import eu.eidas.auth.commons.light.ILightResponse; - -@Component("ReceiveResponseFromeIDASNodeTask") -public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { - private static final Logger log = LoggerFactory.getLogger(ReceiveAuthnResponseTask.class); - - @Autowired private IConfiguration basicConfig; - @Autowired private eIDASAttributeRegistry attrRegistry; - - @Override - public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - try{ - ILightResponse eIDASResponse = (ILightResponse) request.getAttribute(Constants.DATA_FULL_EIDAS_RESPONSE); - if (eIDASResponse == null) { - log.warn("NO eIDAS response-message found."); - throw new eIDASAuthenticationException("eidas.01", null); - - } - - log.debug("Receive eIDAS response with RespId:" + eIDASResponse.getId() + " for ReqId:" + eIDASResponse.getInResponseToId()); - log.trace("Full eIDAS-Resp: " + eIDASResponse.toString()); - revisionsLogger.logEvent(pendingReq, MSConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE, eIDASResponse.getId()); - - - //check response StatusCode - if (!eIDASResponse.getStatus().getStatusCode().equals(Constants.SUCCESS_URI)) { - log.info("Receice eIDAS Response with StatusCode:" + eIDASResponse.getStatus().getStatusCode() - + " Subcode:" + eIDASResponse.getStatus().getSubStatusCode() + " Msg:" + eIDASResponse.getStatus().getStatusMessage()); - throw new eIDASAuthenticationException("eidas.02", new Object[]{eIDASResponse.getStatus().getStatusCode(), eIDASResponse.getStatus().getStatusMessage()}); - - } - - // extract all Attributes from response - - - - // ********************************************************** - // ******* MS-specificresponse validation ********** - // ********************************************************** - String spCountry = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"); - String citizenCountryCode = (String) executionContext.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY); - eIDASResponseValidator.validateResponse(pendingReq, eIDASResponse, spCountry, citizenCountryCode, attrRegistry); - - - // ********************************************************** - // ******* Store resonse infos into session object ********** - // ********************************************************** - - //update MOA-Session data with received information - log.debug("Store eIDAS response information into pending-request."); - AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); - authProcessData.setQaaLevel(eIDASResponse.getLevelOfAssurance()); - authProcessData.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, eIDASResponse); - - //store MOA-session to database - requestStoreage.storePendingRequest(pendingReq); - - revisionsLogger.logEvent(pendingReq, MSConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_VALID); - - } catch (EaafException e) { - revisionsLogger.logEvent(pendingReq, MSConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_NOT_VALID); - throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e); - - } catch (Exception e) { - log.warn("eIDAS Response processing FAILED.", e); - revisionsLogger.logEvent(pendingReq, MSConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_NOT_VALID); - throw new TaskExecutionException(pendingReq, e.getMessage(), - new eIDASAuthenticationException("eidas.05", new Object[]{e.getMessage()}, e)); - - } - - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/utils/eIDASResponseUtils.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/utils/eIDASResponseUtils.java deleted file mode 100644 index 8422f204..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/utils/eIDASResponseUtils.java +++ /dev/null @@ -1,141 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.utils; - -import java.util.ArrayList; -import java.util.List; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -import org.apache.commons.lang3.StringUtils; -import org.joda.time.DateTime; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.collect.ImmutableList; - -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; -import at.gv.egiz.eaaf.core.impl.data.Trible; -import eu.eidas.auth.commons.attribute.AttributeDefinition; -import eu.eidas.auth.commons.attribute.AttributeValue; -import eu.eidas.auth.commons.attribute.AttributeValueMarshaller; -import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException; -import eu.eidas.auth.commons.attribute.AttributeValueTransliterator; -import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; - -public class eIDASResponseUtils { - private static final Logger log = LoggerFactory.getLogger(eIDASResponseUtils.class); - - public static final String PERSONALIDENIFIER_VALIDATION_PATTERN = "^[A-Z,a-z]{2}/[A-Z,a-z]{2}/.*"; - - /** - * Validate a eIDAS PersonalIdentifier attribute value - * This validation is done according to eIDAS SAML Attribute Profile - Section 2.2.3 Unique Identifier - * - * @param uniqueID eIDAS attribute value of a unique identifier - * @return true if the uniqueID matches to eIDAS to Unique Identifier specification, otherwise false - */ - public static boolean validateEidasPersonalIdentifier(String uniqueID) { - Pattern pattern = Pattern.compile(PERSONALIDENIFIER_VALIDATION_PATTERN ); - Matcher matcher = pattern.matcher(uniqueID); - return matcher.matches(); - - } - - - /** - * Parse an eIDAS PersonalIdentifier attribute value into it components. - * This processing is done according to eIDAS SAML Attribute Profile - Section 2.2.3 Unique Identifier - * - * @param uniqueID eIDAS attribute value of a unique identifier - * @return {@link Trible} that contains: - * <br> First : citizen country - * <br> Second: destination country - * <br> Third : unique identifier - * <br> or null if the attribute value has a wrong format - */ - public static Trible<String, String, String> parseEidasPersonalIdentifier(String uniqueID) { - if (!validateEidasPersonalIdentifier(uniqueID)) { - log.error("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER - + " looks wrong formated. Value:" + ((String)uniqueID)); - return null; - - } - return Trible.newInstance(uniqueID.substring(0, 2), uniqueID.substring(3, 5), uniqueID.substring(6)); - - } - - //TODO: check possible problem with nonLatinCharacters - public static List<String> translateStringListAttribute(AttributeDefinition<?> attributeDefinition, ImmutableList<? extends AttributeValue<?>> attributeValues) { - final List<String> stringListAttribute = new ArrayList<String>(); - AttributeValueMarshaller<?> attributeValueMarshaller = attributeDefinition.getAttributeValueMarshaller(); - for (AttributeValue<?> attributeValue : attributeValues) { - String valueString = null; - try { - valueString = attributeValueMarshaller.marshal((AttributeValue) attributeValue); - - log.trace("Find attr: " + attributeDefinition.getFriendlyName() - + " with value: " + attributeValue.toString() - + " nonLatinFlag: " + attributeValue.isNonLatinScriptAlternateVersion() - + " needTransliteration: " + AttributeValueTransliterator.needsTransliteration(valueString)); - - //if (attributeValue.isNonLatinScriptAlternateVersion()) { - if (!AttributeValueTransliterator.needsTransliteration(valueString)) { - stringListAttribute.add(0, valueString); - - } else { - log.trace("Find 'needsTransliteration' flag. Setting this value at last list element ... "); - stringListAttribute.add(valueString); - - } - - } catch (AttributeValueMarshallingException e) { - throw new IllegalStateException(e); - - } - } - - log.trace("Extract values: " + StringUtils.join(stringListAttribute, ",") - + " for attr: " + attributeDefinition.getFriendlyName()); - - return stringListAttribute; - - } - - public static DateTime translateDateAttribute(AttributeDefinition<?> attributeDefinition, ImmutableList<? extends AttributeValue<?>> attributeValues) { - if (attributeValues.size() != 0) { - final AttributeValue<?> firstAttributeValue = attributeValues.get(0); - return (DateTime) firstAttributeValue.getValue(); - - } - - return null; - } - - public static PostalAddress translateAddressAttribute(AttributeDefinition<?> attributeDefinition, ImmutableList<? extends AttributeValue<?>> attributeValues) { - final AttributeValue<?> firstAttributeValue = attributeValues.get(0); - return (PostalAddress) firstAttributeValue.getValue(); - - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/validator/eIDASResponseValidator.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/validator/eIDASResponseValidator.java deleted file mode 100644 index f974232b..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/validator/eIDASResponseValidator.java +++ /dev/null @@ -1,157 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.validator; - -import java.util.List; - -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.collect.ImmutableList; - -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASValidationException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.impl.data.Trible; -import eu.eidas.auth.commons.attribute.AttributeDefinition; -import eu.eidas.auth.commons.attribute.AttributeValue; -import eu.eidas.auth.commons.light.ILightResponse; -import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance; - -/** - * @author tlenz - * - */ -public class eIDASResponseValidator { - private static final Logger log = LoggerFactory.getLogger(eIDASResponseValidator.class); - - public static void validateResponse(IRequest pendingReq, ILightResponse eIDASResponse, String spCountry, String citizenCountryCode, eIDASAttributeRegistry attrRegistry) throws eIDASValidationException { - - /*-----------------------------------------------------| - * validate received LoA against minimum required LoA | - *_____________________________________________________| - */ - LevelOfAssurance respLoA = LevelOfAssurance.fromString(eIDASResponse.getLevelOfAssurance()); - List<String> allowedLoAs = pendingReq.getServiceProviderConfiguration().getRequiredLoA(); - boolean loaValid = false; - for (String allowedLoaString : allowedLoAs) { - LevelOfAssurance allowedLoa = LevelOfAssurance.fromString(allowedLoaString); - if (respLoA.numericValue() >= allowedLoa.numericValue()) { - log.debug("Response contains valid LoA. Resume process ... "); - loaValid = true; - break; - - } else - log.trace("Allowed LoA: " + allowedLoaString + " DOES NOT match response LoA: " + eIDASResponse.getLevelOfAssurance()); - - } - - if (!loaValid) { - log.error("eIDAS Response LevelOfAssurance is lower than the required! " - + "(Resp-LoA:" + respLoA.getValue() + " Req-LoA:" + allowedLoAs.toArray() + ")"); - throw new eIDASValidationException("eidas.06", new Object[]{respLoA.getValue()}); - - } - - - - /*-----------------------------------------------------| - * validate 'PersonalIdentifier' attribute | - *_____________________________________________________| - */ - AttributeDefinition<?> attrDefinition = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); - final ImmutableList<? extends AttributeValue<?>> attributeValues = eIDASResponse.getAttributes().getAttributeMap().get(attrDefinition).asList(); - List<String> personalIdObj = eIDASResponseUtils.translateStringListAttribute(attrDefinition, attributeValues); - - //check if attribute exists - if (personalIdObj == null || personalIdObj.isEmpty()) { - log.warn("eIDAS Response include NO 'PersonalIdentifier' attriubte " - + ".... That can be a BIG problem in further processing steps"); - throw new eIDASValidationException("eidas.05", new Object[] {"NO 'PersonalIdentifier' attriubte"}); - - } else if (personalIdObj.size() > 1) { - log.warn("eIDAS Response include MORE THAN ONE 'PersonalIdentifier' attriubtes " - + ".... That can be a BIG problem in further processing steps"); - throw new eIDASValidationException("eidas.05", new Object[] {"MORE THAN ONE 'PersonalIdentifier' attriubtes"}); - - } else { - String natPersId = personalIdObj.get(0); - //validate attribute value format - Trible<String, String, String> split = - eIDASResponseUtils.parseEidasPersonalIdentifier(natPersId); - if (split == null) { - throw new eIDASValidationException("eidas.07", - new Object[]{ - Constants.eIDAS_ATTR_PERSONALIDENTIFIER, - "Wrong identifier format"}); - - } else { - //validation according to eIDAS SAML Attribute Profile, Section 2.2.3 - if (StringUtils.isEmpty(split.getSecond())) { - log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER - + " includes NO destination country. Value:" + natPersId); - throw new eIDASValidationException("eidas.07", - new Object[]{ - Constants.eIDAS_ATTR_PERSONALIDENTIFIER, - "No or empty destination country"}); - - } - if (!split.getSecond().equalsIgnoreCase(spCountry)) { - log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER - + " includes wrong destination country. Value:" + natPersId - + " SP-Country:" + spCountry); - throw new eIDASValidationException("eidas.07", - new Object[]{ - Constants.eIDAS_ATTR_PERSONALIDENTIFIER, - "Destination country does not match to SP country"}); - - } - - if (StringUtils.isEmpty(split.getFirst())) { - log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER - + " includes NO citizen country. Value:" + natPersId); - throw new eIDASValidationException("eidas.07", - new Object[]{ - Constants.eIDAS_ATTR_PERSONALIDENTIFIER, - "No or empty citizen country"}); - - } - if (!split.getFirst().equalsIgnoreCase(citizenCountryCode)) { - log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER - + " includes a citizen country that does not match to service-provider country. " - + " Value:" + natPersId - + " citiczen Country:" + spCountry); - throw new eIDASValidationException("eidas.07", - new Object[]{ - Constants.eIDAS_ATTR_PERSONALIDENTIFIER, - "Citizen country does not match to eIDAS-node country that generates the response"}); - - } - } - } - - } -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider index 19134513..a8d2991d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -1 +1 @@ -at.asitplus.eidas.specific.modules.authmodule_eIDASv2.eIDASAuthenticationSpringResourceProvider
\ No newline at end of file +at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasAuthenticationSpringResourceProvider
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml index 14ef4b42..55bb1ace 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml @@ -1,19 +1,29 @@ <?xml version="1.0" encoding="UTF-8"?> <pd:ProcessDefinition id="eIDASAuthentication_v2" - xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> + xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> - <pd:Task id="createAuthnRequest" class="ConnecteIDASNodeTask" /> - <pd:Task id="receiveAuthnResponse" class="ReceiveResponseFromeIDASNodeTask" async="true" /> - <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> - <pd:Task id="generateIdentityLink" class="CreateIdentityLinkTask" /> + <pd:Task id="createAuthnRequest" class="ConnecteIDASNodeTask" /> + <pd:Task id="receiveAuthnResponse" + class="ReceiveResponseFromeIDASNodeTask" async="true" /> + <pd:Task id="finalizeAuthentication" + class="FinalizeAuthenticationTask" /> + <pd:Task id="generateIdentityLink" + class="CreateIdentityLinkTask" /> - <pd:StartEvent id="start" /> - <pd:Transition from="start" to="createAuthnRequest" /> - <pd:Transition from="createAuthnRequest" to="receiveAuthnResponse" /> - <pd:Transition from="receiveAuthnResponse" to="generateIdentityLink" /> - <pd:Transition from="generateIdentityLink" to="finalizeAuthentication" /> - <pd:Transition from="finalizeAuthentication" to="end" /> - <pd:EndEvent id="end" /> + <pd:StartEvent id="start" /> + + <pd:Transition from="start" + to="createAuthnRequest" /> + <pd:Transition from="createAuthnRequest" + to="receiveAuthnResponse" /> + <pd:Transition from="receiveAuthnResponse" + to="generateIdentityLink" /> + <pd:Transition from="generateIdentityLink" + to="finalizeAuthentication" /> + <pd:Transition from="finalizeAuthentication" + to="end" /> + + <pd:EndEvent id="end" /> </pd:ProcessDefinition> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 0a000112..708fd4e2 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -1,76 +1,87 @@ <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" - xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop" - xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd - http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd - http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd - http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> - - <context:annotation-config /> - - <import resource="classpath:specificCommunicationDefinitionApplicationContext.xml"/> - - <bean id="SZRClientForeIDAS" - class="at.asitplus.eidas.specific.modules.authmodule_eIDASv2.szr.SZRClient" /> - - <bean id="specificConnectorAttributesFile" class="java.lang.String"> - <constructor-arg value="eidas-attributes.xml"/> - </bean> - - <bean id="specificAdditionalAttributesFile" class="java.lang.String"> - <constructor-arg value="additional-attributes.xml"/> - </bean> - - <bean id="specificConnectorAttributesFileWithPath" class="java.lang.String"> - <constructor-arg value="#{specificConnectorConfigRepository}#{specificConnectorAttributesFile}"/> - </bean> - - <bean id="specificConnectorAdditionalAttributesFileWithPath" class="java.lang.String"> - <constructor-arg value="#{specificConnectorConfigRepository}#{specificAdditionalAttributesFile}"/> - </bean> - - <bean id="eIDASAuthModule" - class="at.asitplus.eidas.specific.modules.authmodule_eIDASv2.eIDASAuthenticationModulImpl"> - <property name="priority" value="2" /> - </bean> - - <bean id="eIDASSignalServlet" - class="at.asitplus.eidas.specific.modules.authmodule_eIDASv2.eIDASSignalServlet" /> - - <bean id="attributeRegistry" - class="at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry"> - <property name="eidasAttributesFile" ref="specificConnectorAttributesFileWithPath"/> - <property name="additionalAttributesFile" ref="specificConnectorAdditionalAttributesFileWithPath"/> - </bean> - - <!-- <bean id="eIDASDataStore" - class="at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.eIDASDataStore" /> --> - - <bean id="EIDPostProcessingService" - class="at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.CCSpecificEIDProcessingService" /> - - <bean id="DE-Processor" - class="at.asitplus.eidas.specific.modules.authmodule_eIDASv2.handler.DEeIDProcessor"> - <property name="priority" value="1" /> - </bean> - - <bean id="Default-Processor" - class="at.asitplus.eidas.specific.modules.authmodule_eIDASv2.handler.GenericeIDProcessor"> - <property name="priority" value="0" /> - </bean> - - <!-- Authentication Process Tasks --> - <bean id="ConnecteIDASNodeTask" - class="at.asitplus.eidas.specific.modules.authmodule_eIDASv2.tasks.GenerateAuthnRequestTask" - scope="prototype" /> - - <bean id="ReceiveResponseFromeIDASNodeTask" - class="at.asitplus.eidas.specific.modules.authmodule_eIDASv2.tasks.ReceiveAuthnResponseTask" - scope="prototype" /> - - <bean id="CreateIdentityLinkTask" - class="at.asitplus.eidas.specific.modules.authmodule_eIDASv2.tasks.CreateIdentityLinkTask" - scope="prototype" /> + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <context:annotation-config /> + + <import + resource="classpath:specificCommunicationDefinitionApplicationContext.xml" /> + + <bean id="SZRClientForeIDAS" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient" /> + + <bean id="specificConnectorAttributesFile" + class="java.lang.String"> + <constructor-arg value="eidas-attributes.xml" /> + </bean> + + <bean id="specificAdditionalAttributesFile" + class="java.lang.String"> + <constructor-arg value="additional-attributes.xml" /> + </bean> + + <bean id="specificConnectorAttributesFileWithPath" + class="java.lang.String"> + <constructor-arg + value="#{specificConnectorConfigRepository}#{specificConnectorAttributesFile}" /> + </bean> + + <bean id="specificConnectorAdditionalAttributesFileWithPath" + class="java.lang.String"> + <constructor-arg + value="#{specificConnectorConfigRepository}#{specificAdditionalAttributesFile}" /> + </bean> + + <bean id="eIDASAuthModule" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.eIDASAuthenticationModulImpl"> + <property name="priority" value="2" /> + </bean> + + <bean id="eIDASSignalServlet" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet" /> + + <bean id="attributeRegistry" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry"> + <property name="eidasAttributesFile" + ref="specificConnectorAttributesFileWithPath" /> + <property name="additionalAttributesFile" + ref="specificConnectorAdditionalAttributesFileWithPath" /> + </bean> + + <!-- <bean id="eIDASDataStore" class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.eIDASDataStore" + /> --> + + <bean id="EIDPostProcessingService" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.CcSpecificEidProcessingService" /> + + <bean id="DE-Processor" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.DeEidProcessor"> + <property name="priority" value="1" /> + </bean> + + <bean id="Default-Processor" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.GenericEidProcessor"> + <property name="priority" value="0" /> + </bean> + + <!-- Authentication Process Tasks --> + <bean id="ConnecteIDASNodeTask" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask" + scope="prototype" /> + + <bean id="ReceiveResponseFromeIDASNodeTask" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAuthnResponseTask" + scope="prototype" /> + + <bean id="CreateIdentityLinkTask" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask" + scope="prototype" /> </beans>
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml index 09084a34..91b8e5e4 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml @@ -1,51 +1,122 @@ -<?xml version="1.0" encoding="UTF-8"?><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:si="http://www.w3.org/2001/XMLSchema-instance" AssertionID="szr.bmi.gv.at-AssertionID13456264458587874" IssueInstant="2012-08-22T11:07:25+01:00" Issuer="http://portal.bmi.gv.at/ref/szr/issuer" MajorVersion="1" MinorVersion="0" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> - <saml:AttributeStatement> - <saml:Subject> - <saml:SubjectConfirmation> - <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> - <saml:SubjectConfirmationData> - <pr:Person si:type="pr:PhysicalPersonType"><pr:Identification><pr:Value>wJO/bvDJjUysG0yARn7I6w==</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type></pr:Identification><pr:Name><pr:GivenName>XXXRúùd</pr:GivenName><pr:FamilyName primary="undefined">XXXVà n Nisteĺrooy</pr:FamilyName></pr:Name><pr:DateOfBirth>1969-02-13</pr:DateOfBirth></pr:Person> - </saml:SubjectConfirmationData> - </saml:SubjectConfirmation> - </saml:Subject> - <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2"><saml:AttributeValue><ecdsa:ECDSAKeyValue><ecdsa:DomainParameters><ecdsa:NamedCurve URN="urn:oid:1.2.840.10045.3.1.7"/></ecdsa:DomainParameters><ecdsa:PublicKey><ecdsa:X Value="22280299907126338788314199678167217078072953115254374209747379168424021905237" si:type="ecdsa:PrimeFieldElemType"/><ecdsa:Y Value="40387096985250872237992703378062984723606079359080588656963239072881568409170" si:type="ecdsa:PrimeFieldElemType"/></ecdsa:PublicKey></ecdsa:ECDSAKeyValue></saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2"><saml:AttributeValue><dsig:RSAKeyValue><dsig:Modulus>4Y4FL09VhczsfYQgFPuycP8quJNZBAAu1R1rFXNodI2711B6BTMjAGQn6xuFWfd3/nyFav/MLTr/ -t2VazvANS4TRFxJAcWyIx7xbxCdzZr6gJ+FCmq4g5JPrQvt50v3JX+wKSYft1gHBOWlDn90Ia4Gm -P8MVuze21T+VVKM6ZklmS6d5PT1er/uYQFydGErmJ17xlSQG6Fi5xuftopBDyJxG1tL1KIebpLFg -gaM2EyuB1HxH8/+Mfqa4UgeqIH65</dsig:Modulus><dsig:Exponent>AQAB</dsig:Exponent></dsig:RSAKeyValue></saml:AttributeValue></saml:Attribute></saml:AttributeStatement> - <dsig:Signature> - <dsig:SignedInfo> - <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> - <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> - <dsig:Reference URI=""> - <dsig:Transforms> - <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> - <dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath> - </dsig:Transform> - <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> - </dsig:Transforms> - <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> - <dsig:DigestValue>KEQEPY2O3Z3IRaISSSoRZVPzsHE=</dsig:DigestValue> - </dsig:Reference> - <dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest"> - <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> - <dsig:DigestValue>gzGhjH1kdmPcPbgen0xojNIoJLk=</dsig:DigestValue> - </dsig:Reference> - </dsig:SignedInfo> - <dsig:SignatureValue> - 06wqWHgplwpu3N5HMhzb6QC5NkXMO1z4N4oc1L6eDqwZlvFJ9X1XGW//QqviKO9oog3il7IzdfJwnjygR4trgGCIqx+JYCDHJCrG9l8zlxlSW0ZqfsygGXthutcQ1aeUpfO6jYuhnWOUywa8BgzukRtWT+AOJBQZPRYTb8IBmey+uAwlhFLni94eMOd81l+efCvkWi3jRajwsG8ZOaNxSZT3aEV5vj+32Aqtx2MPEVzQWtIA7GqZi+EzcdSdHQvHhg7UB+8kqbU70ENAJbEMTANFZYvLOJ0Om9KfDtPf/+R2TvTc360fNo9RnPl04pHPhCIjcGZhFZorBpUhXFwd2Q== - </dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIF3TCCBMWgAwIBAgIDByniMA0GCSqGSIb3DQEBBQUAMIGfMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMSIwIAYDVQQLDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMSIwIAYDVQQDDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMB4XDTEwMDcyODExMzY0M1oXDTE1MDcyODExMzY0M1owgbYxCzAJBgNVBAYTAkFUMR4wHAYDVQQKDBVEYXRlbnNjaHV0emtvbW1pc3Npb24xIjAgBgNVBAsMGVN0YW1temFobHJlZ2lzdGVyYmVob2VyZGUxLjAsBgNVBAMMJVNpZ25hdHVyc2VydmljZSBEYXRlbnNjaHV0emtvbW1pc3Npb24xFTATBgNVBAUTDDMyNTkyODMyMzk5ODEcMBoGCSqGSIb3DQEJARYNZHNrQGRzay5ndi5hdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+dBSEBGj2jUXIK1Mp3lVxc/Za+pJMiyKrX3G1ZxgX/ikx7D9scsPYMt473LlAWl9cmCbHbJK+PV2XNNdURLMUCIX+4vUNs2MHeDTQtX8BXjJFpwJYSoaRJQ39FVS/1r5sWcra9Hhdm7w5Gtx/2ukyDX0kdkxawkhP4EQEzi/SI+Fugn+WqgQ1nAdlbxb/dcBw5w1h9b3lmuwUf4z3ooQWUD2DgA/kKd1KejNR43mLUsmvSzevPxT9zs78pOR1OacB7IszTVJPXeOEaaNZHnnB/UeO3g8LEV/3OkXcUgcMkbIIiaBHlll71Pq0COj9kqjXoe7OrRjLY5i3KwOpa6TMCAwEAAaOCAgcwggIDMBMGA1UdIwQMMAqACEkcWDpP6A0DMH8GCCsGAQUFBwEBBHMwcTAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AuYS10cnVzdC5hdC9vY3NwMEYGCCsGAQUFBzAChjpodHRwOi8vd3d3LmEtdHJ1c3QuYXQvY2VydHMvYS1zaWduLWNvcnBvcmF0ZS1saWdodC0wMmEuY3J0MFQGA1UdIARNMEswSQYGKigAEQESMD8wPQYIKwYBBQUHAgEWMWh0dHA6Ly93d3cuYS10cnVzdC5hdC9kb2NzL2NwL2Etc2lnbi1BbXRzc2lnbmF0dXIwgZ4GA1UdHwSBljCBkzCBkKCBjaCBioaBh2xkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLWNvcnBvcmF0ZS1saWdodC0wMixvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTARBgNVHQ4ECgQITAgOnhr0tbowDgYDVR0PAQH/BAQDAgSwMCAGA1UdEQQZMBeBFW1hcmN1cy5oaWxkQGRzay5ndi5hdDAJBgNVHRMEAjAAMA4GByooAAoBBwEEAwEB/zAUBgcqKAAKAQEBBAkMB0JTQi1EU0swDQYJKoZIhvcNAQEFBQADggEBAHTklnvPCH/bJSOlIPbLUEkSGuFHsektSZ8Vr22x/Yv7EzsxoQrJIiz2mQ2gQqFuExdWYxvsowjiSbiis9iUf1c0zscvDS3mIZxGs4M89XHsjHnIyb+Fuwnamw65QrFvM1tNB1ZMjxJ3x+YmHLHdtT3BEBcr3/NCRHd2S0HoBspNz9HVgJaZY1llR7poKBvnAc4g1i+QTvyVb00PtKxR9Lw/9ABInX/1pzpxqrPy7Ib2OP8z6dd3WHmIsCiSHUaj0Dxwwln6fYJjhxZ141SnbovlCLYtrsZLXoi9ljIqX4xO0PwMI2RfNc9cXxTRrRS6rEOvX7PpvgXiDXhp592Yyp4=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo> - <dsig:Object> - <dsig:Manifest Id="manifest"> - <dsig:Reference URI=""> - <dsig:Transforms> - <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> - <dsig:XPath>not(ancestor-or-self::dsig:Signature)</dsig:XPath> - </dsig:Transform> - </dsig:Transforms> - <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> - <dsig:DigestValue>8e7RjLnA4Mgltq5ruIJzheKGxu0=</dsig:DigestValue> - </dsig:Reference> - </dsig:Manifest> - </dsig:Object> - </dsig:Signature> +<?xml version="1.0" encoding="UTF-8"?> +<saml:Assertion + xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" + xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" + xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" + xmlns:si="http://www.w3.org/2001/XMLSchema-instance" + AssertionID="szr.bmi.gv.at-AssertionID13456264458587874" + IssueInstant="2012-08-22T11:07:25+01:00" + Issuer="http://portal.bmi.gv.at/ref/szr/issuer" MajorVersion="1" + MinorVersion="0" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches + </saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person si:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>wJO/bvDJjUysG0yARn7I6w==</pr:Value> + <pr:Type>urn:publicid:gv.at:baseid</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>XXXRúùd</pr:GivenName> + <pr:FamilyName primary="undefined">XXXVà n Nisteĺrooy + </pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1969-02-13</pr:DateOfBirth> + </pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="CitizenPublicKey" + AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2"> + <saml:AttributeValue> + <ecdsa:ECDSAKeyValue> + <ecdsa:DomainParameters> + <ecdsa:NamedCurve + URN="urn:oid:1.2.840.10045.3.1.7" /> + </ecdsa:DomainParameters> + <ecdsa:PublicKey> + <ecdsa:X + Value="22280299907126338788314199678167217078072953115254374209747379168424021905237" + si:type="ecdsa:PrimeFieldElemType" /> + <ecdsa:Y + Value="40387096985250872237992703378062984723606079359080588656963239072881568409170" + si:type="ecdsa:PrimeFieldElemType" /> + </ecdsa:PublicKey> + </ecdsa:ECDSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="CitizenPublicKey" + AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2"> + <saml:AttributeValue> + <dsig:RSAKeyValue> + <dsig:Modulus>4Y4FL09VhczsfYQgFPuycP8quJNZBAAu1R1rFXNodI2711B6BTMjAGQn6xuFWfd3/nyFav/MLTr/ + t2VazvANS4TRFxJAcWyIx7xbxCdzZr6gJ+FCmq4g5JPrQvt50v3JX+wKSYft1gHBOWlDn90Ia4Gm + P8MVuze21T+VVKM6ZklmS6d5PT1er/uYQFydGErmJ17xlSQG6Fi5xuftopBDyJxG1tL1KIebpLFg + gaM2EyuB1HxH8/+Mfqa4UgeqIH65 + </dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> + <dsig:Signature> + <dsig:SignedInfo> + <dsig:CanonicalizationMethod + Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> + <dsig:SignatureMethod + Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> + <dsig:Reference URI=""> + <dsig:Transforms> + <dsig:Transform + Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> + <dsig:XPath>not(ancestor-or-self::pr:Identification) + </dsig:XPath> + </dsig:Transform> + <dsig:Transform + Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> + </dsig:Transforms> + <dsig:DigestMethod + Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> + <dsig:DigestValue>KEQEPY2O3Z3IRaISSSoRZVPzsHE= + </dsig:DigestValue> + </dsig:Reference> + <dsig:Reference + Type="http://www.w3.org/2000/09/xmldsig#Manifest" + URI="#manifest"> + <dsig:DigestMethod + Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> + <dsig:DigestValue>gzGhjH1kdmPcPbgen0xojNIoJLk= + </dsig:DigestValue> + </dsig:Reference> + </dsig:SignedInfo> + <dsig:SignatureValue> + 06wqWHgplwpu3N5HMhzb6QC5NkXMO1z4N4oc1L6eDqwZlvFJ9X1XGW//QqviKO9oog3il7IzdfJwnjygR4trgGCIqx+JYCDHJCrG9l8zlxlSW0ZqfsygGXthutcQ1aeUpfO6jYuhnWOUywa8BgzukRtWT+AOJBQZPRYTb8IBmey+uAwlhFLni94eMOd81l+efCvkWi3jRajwsG8ZOaNxSZT3aEV5vj+32Aqtx2MPEVzQWtIA7GqZi+EzcdSdHQvHhg7UB+8kqbU70ENAJbEMTANFZYvLOJ0Om9KfDtPf/+R2TvTc360fNo9RnPl04pHPhCIjcGZhFZorBpUhXFwd2Q== + </dsig:SignatureValue> + <dsig:KeyInfo> + <dsig:X509Data> + <dsig:X509Certificate>MIIF3TCCBMWgAwIBAgIDByniMA0GCSqGSIb3DQEBBQUAMIGfMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMSIwIAYDVQQLDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMSIwIAYDVQQDDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMB4XDTEwMDcyODExMzY0M1oXDTE1MDcyODExMzY0M1owgbYxCzAJBgNVBAYTAkFUMR4wHAYDVQQKDBVEYXRlbnNjaHV0emtvbW1pc3Npb24xIjAgBgNVBAsMGVN0YW1temFobHJlZ2lzdGVyYmVob2VyZGUxLjAsBgNVBAMMJVNpZ25hdHVyc2VydmljZSBEYXRlbnNjaHV0emtvbW1pc3Npb24xFTATBgNVBAUTDDMyNTkyODMyMzk5ODEcMBoGCSqGSIb3DQEJARYNZHNrQGRzay5ndi5hdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+dBSEBGj2jUXIK1Mp3lVxc/Za+pJMiyKrX3G1ZxgX/ikx7D9scsPYMt473LlAWl9cmCbHbJK+PV2XNNdURLMUCIX+4vUNs2MHeDTQtX8BXjJFpwJYSoaRJQ39FVS/1r5sWcra9Hhdm7w5Gtx/2ukyDX0kdkxawkhP4EQEzi/SI+Fugn+WqgQ1nAdlbxb/dcBw5w1h9b3lmuwUf4z3ooQWUD2DgA/kKd1KejNR43mLUsmvSzevPxT9zs78pOR1OacB7IszTVJPXeOEaaNZHnnB/UeO3g8LEV/3OkXcUgcMkbIIiaBHlll71Pq0COj9kqjXoe7OrRjLY5i3KwOpa6TMCAwEAAaOCAgcwggIDMBMGA1UdIwQMMAqACEkcWDpP6A0DMH8GCCsGAQUFBwEBBHMwcTAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AuYS10cnVzdC5hdC9vY3NwMEYGCCsGAQUFBzAChjpodHRwOi8vd3d3LmEtdHJ1c3QuYXQvY2VydHMvYS1zaWduLWNvcnBvcmF0ZS1saWdodC0wMmEuY3J0MFQGA1UdIARNMEswSQYGKigAEQESMD8wPQYIKwYBBQUHAgEWMWh0dHA6Ly93d3cuYS10cnVzdC5hdC9kb2NzL2NwL2Etc2lnbi1BbXRzc2lnbmF0dXIwgZ4GA1UdHwSBljCBkzCBkKCBjaCBioaBh2xkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLWNvcnBvcmF0ZS1saWdodC0wMixvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTARBgNVHQ4ECgQITAgOnhr0tbowDgYDVR0PAQH/BAQDAgSwMCAGA1UdEQQZMBeBFW1hcmN1cy5oaWxkQGRzay5ndi5hdDAJBgNVHRMEAjAAMA4GByooAAoBBwEEAwEB/zAUBgcqKAAKAQEBBAkMB0JTQi1EU0swDQYJKoZIhvcNAQEFBQADggEBAHTklnvPCH/bJSOlIPbLUEkSGuFHsektSZ8Vr22x/Yv7EzsxoQrJIiz2mQ2gQqFuExdWYxvsowjiSbiis9iUf1c0zscvDS3mIZxGs4M89XHsjHnIyb+Fuwnamw65QrFvM1tNB1ZMjxJ3x+YmHLHdtT3BEBcr3/NCRHd2S0HoBspNz9HVgJaZY1llR7poKBvnAc4g1i+QTvyVb00PtKxR9Lw/9ABInX/1pzpxqrPy7Ib2OP8z6dd3WHmIsCiSHUaj0Dxwwln6fYJjhxZ141SnbovlCLYtrsZLXoi9ljIqX4xO0PwMI2RfNc9cXxTRrRS6rEOvX7PpvgXiDXhp592Yyp4= + </dsig:X509Certificate> + </dsig:X509Data> + </dsig:KeyInfo> + <dsig:Object> + <dsig:Manifest Id="manifest"> + <dsig:Reference URI=""> + <dsig:Transforms> + <dsig:Transform + Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> + <dsig:XPath>not(ancestor-or-self::dsig:Signature) + </dsig:XPath> + </dsig:Transform> + </dsig:Transforms> + <dsig:DigestMethod + Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> + <dsig:DigestValue>8e7RjLnA4Mgltq5ruIJzheKGxu0= + </dsig:DigestValue> + </dsig:Reference> + </dsig:Manifest> + </dsig:Object> + </dsig:Signature> </saml:Assertion>
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasAttributePostProcessingTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasAttributePostProcessingTest.java new file mode 100644 index 00000000..55a3ce99 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasAttributePostProcessingTest.java @@ -0,0 +1,458 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test; + +import static org.junit.Assert.fail; + +import java.io.IOException; +import java.text.SimpleDateFormat; +import java.util.HashMap; +import java.util.Map; + +import org.joda.time.DateTime; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.CcSpecificEidProcessingService; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_tasks_test.xml") +@DirtiesContext(classMode = ClassMode.AFTER_CLASS) +public class EidasAttributePostProcessingTest { + + @Autowired + private CcSpecificEidProcessingService postProcessor; + + // lower case + private static final String P1_eIDASID = + "DE/AT/532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25"; + private static final String P1_GIVENNAME = "Max"; + private static final String P1_FAMILYNAME = "Mustermann"; + private static final DateTime P1_DATEOFBIRTH = DateTime.now(); + private static final String P1_PLACEOFBIRTH = "Nirgendwo"; + private static final String P1_BIRTHNAME = "Musterkind"; + + // mixed + private static final String P3_eIDASID = + "DE/AT/532eaabd9574880dbf76b9b8cc00832c20A6ec113d682299550d7a6e0f345e25"; + private static final String P3_GIVENNAME = "Max"; + private static final String P3_FAMILYNAME = "Mustermann"; + private static final DateTime P3_DATEOFBIRTH = DateTime.now(); + private static final String P3_PLACEOFBIRTH = "Nirgendwo"; + private static final String P3_BIRTHNAME = "Musterkind"; + + // upper case + private static final String P4_eIDASID = + "DE/AT/532EAABD9574880DBF76B9B8CC00832C20A6EC113D682299550D7A6E0F345E25"; + private static final String P4_GIVENNAME = "Max"; + private static final String P4_FAMILYNAME = "Mustermann"; + private static final DateTime P4_DATEOFBIRTH = DateTime.now(); + private static final String P4_PLACEOFBIRTH = "Nirgendwo"; + private static final String P4_BIRTHNAME = "Musterkind"; + + // To long identifier + private static final String P5_eIDASID = + "DE/AT/532EAABD9574880DBF76B9B8CC00832C20A6EC113D682299550D7A6E0F345E251"; + private static final String P5_GIVENNAME = "Max"; + private static final String P5_FAMILYNAME = "Mustermann"; + private static final DateTime P5_DATEOFBIRTH = DateTime.now(); + private static final String P5_PLACEOFBIRTH = "Nirgendwo"; + private static final String P5_BIRTHNAME = "Musterkind"; + + // to short identifier + private static final String P6_eIDASID = "DE/AT/532EAABD9574880DBF76B9B8CC00832C20A6EC113D682299550D7A6E0F"; + private static final String P6_GIVENNAME = "Max"; + private static final String P6_FAMILYNAME = "Mustermann"; + private static final DateTime P6_DATEOFBIRTH = DateTime.now(); + private static final String P6_PLACEOFBIRTH = "Nirgendwo"; + private static final String P6_BIRTHNAME = "Musterkind"; + + // no hex encoded identifier + private static final String P7_eIDASID = "DE/AT/532EAABD9574880DBF76B9B8CC00832C20A6EC113D682299550D7A6E0F"; + private static final String P7_GIVENNAME = "Max"; + private static final String P7_FAMILYNAME = "Mustermann"; + private static final DateTime P7_DATEOFBIRTH = DateTime.now(); + private static final String P7_PLACEOFBIRTH = "Nirgendwo"; + private static final String P7_BIRTHNAME = "Musterkind"; + + private static final String P2_eIDASID = + "EE/AT/asfasfasdfasdfasdfasdfasdfasvafasdfasdfasdfasdfasdfasvascasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasd"; + private static final String P2_GIVENNAME = "Max"; + private static final String P2_FAMILYNAME = "Mustermann"; + private static final DateTime P2_DATEOFBIRTH = DateTime.now(); + private static final String P2_PLACEOFBIRTH = "Nirgendwo"; + private static final String P2_BIRTHNAME = "Musterkind"; + + /** + * jUnit class initializer. + * + * @throws IOException In case of an error + */ + @BeforeClass + public static void classInitializer() throws IOException { + final String current = new java.io.File(".").toURI().toString(); + System.setProperty("eidas.ms.configuration", current + "../../basicConfig/default_config.properties"); + + } + + @Test + public void deWithHexLowerCase() throws Exception { + try { + final ErnbEidData result = postProcessor.postProcess( + generateInputData( + P1_eIDASID, + P1_FAMILYNAME, + P1_GIVENNAME, + P1_DATEOFBIRTH, + P1_PLACEOFBIRTH, + P1_BIRTHNAME)); + + validate(result, + "Uy6qvZV0iA2/drm4zACDLCCm7BE9aCKZVQ16bg80XiU=", + P1_FAMILYNAME, + P1_GIVENNAME, + P1_DATEOFBIRTH, + P1_PLACEOFBIRTH, + P1_BIRTHNAME); + + } catch (final Exception e) { + e.printStackTrace(); + fail(e.getMessage()); + + } + } + + @Test + public void deWithHexMixedCase() throws Exception { + try { + final ErnbEidData result = postProcessor.postProcess( + generateInputData( + P3_eIDASID, + P3_FAMILYNAME, + P3_GIVENNAME, + P3_DATEOFBIRTH, + P3_PLACEOFBIRTH, + P3_BIRTHNAME)); + + validate(result, + "Uy6qvZV0iA2/drm4zACDLCCm7BE9aCKZVQ16bg80XiU=", + P3_FAMILYNAME, + P3_GIVENNAME, + P3_DATEOFBIRTH, + P3_PLACEOFBIRTH, + P3_BIRTHNAME); + + } catch (final Exception e) { + e.printStackTrace(); + fail(e.getMessage()); + + } + } + + @Test + public void deWithHexUpperCase() throws Exception { + try { + final ErnbEidData result = postProcessor.postProcess( + generateInputData( + P4_eIDASID, + P4_FAMILYNAME, + P4_GIVENNAME, + P4_DATEOFBIRTH, + P4_PLACEOFBIRTH, + P4_BIRTHNAME)); + + validate(result, + "Uy6qvZV0iA2/drm4zACDLCCm7BE9aCKZVQ16bg80XiU=", + P4_FAMILYNAME, + P4_GIVENNAME, + P4_DATEOFBIRTH, + P4_PLACEOFBIRTH, + P4_BIRTHNAME); + + } catch (final Exception e) { + e.printStackTrace(); + fail(e.getMessage()); + + } + } + + @Test + public void deWithHexTooLongCase() throws Exception { + try { + postProcessor.postProcess( + generateInputData( + P5_eIDASID, + P5_FAMILYNAME, + P5_GIVENNAME, + P5_DATEOFBIRTH, + P5_PLACEOFBIRTH, + P5_BIRTHNAME)); + + } catch (final Exception e) { + return; + + } + + fail("Too long input accepted"); + } + + @Test + public void deWithHexTooShortCase() throws Exception { + try { + postProcessor.postProcess( + generateInputData( + P6_eIDASID, + P6_FAMILYNAME, + P6_GIVENNAME, + P6_DATEOFBIRTH, + P6_PLACEOFBIRTH, + P6_BIRTHNAME)); + + } catch (final Exception e) { + return; + + } + + fail("Too short input accepted"); + } + + @Test + public void deWithNoHexCase() throws Exception { + try { + postProcessor.postProcess( + generateInputData( + P7_eIDASID, + P7_FAMILYNAME, + P7_GIVENNAME, + P7_DATEOFBIRTH, + P7_PLACEOFBIRTH, + P7_BIRTHNAME)); + + } catch (final Exception e) { + return; + + } + + fail("Not hex encoded input accepted"); + } + + @Test + public void eeTestCase() throws Exception { + try { + final ErnbEidData result = postProcessor.postProcess( + generateInputData( + P2_eIDASID, + P2_FAMILYNAME, + P2_GIVENNAME, + P2_DATEOFBIRTH, + P2_PLACEOFBIRTH, + P2_BIRTHNAME)); + + validate(result, + "asfasfasdfasdfasdfasdfasdfasvafasdfasdfasdfasdfasdfasvascasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasd", + P2_FAMILYNAME, + P2_GIVENNAME, + P2_DATEOFBIRTH, + P2_PLACEOFBIRTH, + P2_BIRTHNAME); + + } catch (final Exception e) { + e.printStackTrace(); + fail(e.getMessage()); + + } + } + + @Test + public void eeTestFamilyNameMissingCase() throws Exception { + try { + final ErnbEidData result = postProcessor.postProcess( + generateInputData( + P2_eIDASID, + null, + P2_GIVENNAME, + P2_DATEOFBIRTH, + P2_PLACEOFBIRTH, + P2_BIRTHNAME)); + + validate(result, + "asfasfasdfasdfasdfasdfasdfasvafasdfasdfasdfasdfasdfasvascasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasd", + P2_FAMILYNAME, + P2_GIVENNAME, + P2_DATEOFBIRTH, + P2_PLACEOFBIRTH, + P2_BIRTHNAME); + + } catch (final Exception e) { + return; + + } + + fail("FamilyName missing input accepted"); + + } + + @Test + public void eeTestGivenNameMissingCase() throws Exception { + try { + final ErnbEidData result = postProcessor.postProcess( + generateInputData( + P2_eIDASID, + P2_FAMILYNAME, + null, + P2_DATEOFBIRTH, + P2_PLACEOFBIRTH, + P2_BIRTHNAME)); + + validate(result, + "asfasfasdfasdfasdfasdfasdfasvafasdfasdfasdfasdfasdfasvascasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasd", + P2_FAMILYNAME, + P2_GIVENNAME, + P2_DATEOFBIRTH, + P2_PLACEOFBIRTH, + P2_BIRTHNAME); + + } catch (final Exception e) { + return; + + } + + fail("GivenName missing input accepted"); + + } + + @Test + public void eeTestDateOfBirthMissingCase() throws Exception { + try { + final ErnbEidData result = postProcessor.postProcess( + generateInputData( + P2_eIDASID, + P2_FAMILYNAME, + P2_GIVENNAME, + null, + P2_PLACEOFBIRTH, + P2_BIRTHNAME)); + + validate(result, + "asfasfasdfasdfasdfasdfasdfasvafasdfasdfasdfasdfasdfasvascasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasd", + P2_FAMILYNAME, + P2_GIVENNAME, + P2_DATEOFBIRTH, + P2_PLACEOFBIRTH, + P2_BIRTHNAME); + + } catch (final Exception e) { + return; + + } + + fail("DateOfBirth missing input accepted"); + + } + + @Test + public void eeTestIdMissingCase() throws Exception { + try { + final ErnbEidData result = postProcessor.postProcess( + generateInputData( + null, + P2_FAMILYNAME, + P2_GIVENNAME, + P2_DATEOFBIRTH, + P2_PLACEOFBIRTH, + P2_BIRTHNAME)); + + validate(result, + "asfasfasdfasdfasdfasdfasdfasvafasdfasdfasdfasdfasdfasvascasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasd", + P2_FAMILYNAME, + P2_GIVENNAME, + P2_DATEOFBIRTH, + P2_PLACEOFBIRTH, + P2_BIRTHNAME); + + } catch (final Exception e) { + return; + + } + + fail("eIDAS-Id missing input accepted"); + + } + + private Map<String, Object> generateInputData(String id, String familyName, String givenName, + DateTime dateOfBirth, String placeOfBirth, String birthName) { + final Map<String, Object> result = new HashMap<>(); + result.put(Constants.eIDAS_ATTR_PERSONALIDENTIFIER, id); + result.put(Constants.eIDAS_ATTR_CURRENTGIVENNAME, givenName); + result.put(Constants.eIDAS_ATTR_CURRENTFAMILYNAME, familyName); + result.put(Constants.eIDAS_ATTR_DATEOFBIRTH, dateOfBirth); + result.put(Constants.eIDAS_ATTR_PLACEOFBIRTH, placeOfBirth); + result.put(Constants.eIDAS_ATTR_BIRTHNAME, birthName); + return result; + + } + + private void validate(ErnbEidData result, String id, String familyName, String givenName, + DateTime dateOfBirth, String placeOfBirth, String birthName) { + if (!result.getPseudonym().equals(id)) { + fail(result.getPseudonym() + "is not equal to " + id); + } + + if (!result.getFamilyName().equals(familyName)) { + fail(result.getFamilyName() + "is not equal to " + familyName); + } + + if (!result.getGivenName().equals(givenName)) { + fail(result.getGivenName() + "is not equal to " + givenName); + } + + if (!result.getDateOfBirth().equals(dateOfBirth)) { + fail(result.getDateOfBirth() + "is not equal to " + dateOfBirth); + } + + if (!result.getFormatedDateOfBirth().equals(new SimpleDateFormat("yyyy-MM-dd").format(dateOfBirth + .toDate()))) { + fail(result.getDateOfBirth() + "is not equal to " + new SimpleDateFormat("yyyy-MM-dd").format( + dateOfBirth.toDate())); + } + + if (!result.getPlaceOfBirth().equals(placeOfBirth)) { + fail(result.getPlaceOfBirth() + "is not equal to " + placeOfBirth); + } + + if (!result.getBirthName().equals(birthName)) { + fail(result.getBirthName() + "is not equal to " + birthName); + } + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasAuthSpringResourceProviderTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasAuthSpringResourceProviderTest.java new file mode 100644 index 00000000..aef290f5 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasAuthSpringResourceProviderTest.java @@ -0,0 +1,56 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test; + +import java.io.IOException; +import java.io.InputStream; + +import org.apache.commons.io.IOUtils; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; +import org.springframework.core.io.Resource; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasAuthenticationSpringResourceProvider; +import at.gv.egiz.eaaf.core.test.TestConstants; + + + +@RunWith(BlockJUnit4ClassRunner.class) +public class EidasAuthSpringResourceProviderTest { + + @Test + public void testSpringConfig() { + final EidasAuthenticationSpringResourceProvider test = + new EidasAuthenticationSpringResourceProvider(); + for (final Resource el : test.getResourcesToLoad()) { + try { + IOUtils.toByteArray(el.getInputStream()); + + } catch (final IOException e) { + Assert.fail("Ressouce: " + el.getFilename() + " not found"); + } + + } + + Assert.assertNotNull("no Name", test.getName()); + Assert.assertNull("Find package definitions", test.getPackagesToScan()); + + } + + @Test + public void testSpILoaderConfig() { + final InputStream el = this.getClass().getResourceAsStream(TestConstants.TEST_SPI_LOADER_PATH); + try { + final String spiFile = IOUtils.toString(el, "UTF-8"); + + Assert.assertEquals("Wrong classpath in SPI file", + EidasAuthenticationSpringResourceProvider.class.getName(), spiFile); + + + } catch (final IOException e) { + Assert.fail("Ressouce: " + TestConstants.TEST_SPI_LOADER_PATH + " not found"); + + } + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasDataStoreTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasDataStoreTest.java new file mode 100644 index 00000000..1051bd9f --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasDataStoreTest.java @@ -0,0 +1,118 @@ +/* + * Copyright 2018 A-SIT Plus GmbH AT-specific eIDAS Connector has been developed + * in a cooperation between EGIZ, A-SIT Plus GmbH, A-SIT, and Graz University of + * Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. You may + * obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. The "NOTICE" text file + * is part of the distribution. Any derivative works that you distribute must + * include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test; + +//import java.security.MessageDigest; +// +//import org.apache.commons.lang3.StringUtils; +//import org.junit.Test; +//import org.junit.runner.RunWith; +//import org.springframework.beans.factory.annotation.Autowired; +//import org.springframework.test.context.ContextConfiguration; +//import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +//import org.springframework.util.Base64Utils; +// +//import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SQLiteServiceException; +//import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.eIDASAuthenticationException; +//import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.eIDASResponseUtils; +//import at.gv.egiz.eaaf.core.impl.data.Trible; +// +//@RunWith(SpringJUnit4ClassRunner.class) +//@ContextConfiguration("/SpringTest-context_basic_test.xml") +//public class EidasDataStoreTest { +// +// @Autowired +// private EidasDataStore dataStore; +// +// private static final String P1_TRANSID = "123456789"; +// private static final String P1_eIDASID = +// "DE/AT/121asdf1as5f1as6f1asd2f1asdf1asdf1asd23f1asdf1asdf4sd7fsdf1asdf1asd2f1asd56f7asdf4asdfasdf1"; +// +// private static final String P2_TRANSID = "987654321"; +// private static final String P2_eIDASID = +// "EE/AT/asfasfasdfasdfasdfasdfasdfasvafasdfasdfasdfasdfasdfasvascasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasd"; +// +// @Test +// public void dummyTest() { +// +// } +// +// @Test +// public void insertTestOne() throws SQLiteServiceException, eIDASAuthenticationException { +// Trible<String, String, String> eidasId = eIDASResponseUtils.parseEidasPersonalIdentifier(P1_eIDASID); +// String ernbId = createHashFromUniqueId(eidasId.getThird()); +// dataStore.storeNationalId( +// P1_TRANSID, +// eidasId, +// ernbId); +// +// if (StringUtils.isEmpty(dataStore.getEidasRawNationalId(ernbId)) { +// && dataStore.getEidasRawNationalId(ernbId).equals(eidasId.getThird())) +// throw new SQLiteServiceException("No eIDAS RAW Id in SQLite DB", null); +// +// } +// +// if (StringUtils.isEmpty(dataStore.getErnbNationalId(eidasId)) { +// && dataStore.getErnbNationalId(eidasId).equals(ernbId)) +// throw new SQLiteServiceException("No ERnB Id in SQLite DB", null); +// } +// +// } +// +// @Test +// public void insertTestTwo() throws SQLiteServiceException, eIDASAuthenticationException { +// Trible<String, String, String> eidasId = eIDASResponseUtils.parseEidasPersonalIdentifier(P2_eIDASID); +// String ernbId = createHashFromUniqueId(eidasId.getThird()); +// dataStore.storeNationalId( +// P2_TRANSID, +// eidasId, +// ernbId); +// +// if (StringUtils.isEmpty(dataStore.getEidasRawNationalId(ernbId)) { +// && dataStore.getEidasRawNationalId(ernbId).equals(eidasId.getThird())) +// throw new SQLiteServiceException("No eIDAS RAW Id in SQLite DB", null); +// +// } +// +// if (StringUtils.isEmpty(dataStore.getErnbNationalId(eidasId)) { +// && dataStore.getErnbNationalId(eidasId).equals(ernbId)) +// throw new SQLiteServiceException("No ERnB Id in SQLite DB", null); +// +// } +// +// } +// +// private String createHashFromUniqueId(String uniqueId) throws eIDASAuthenticationException { +// try { +// MessageDigest md = MessageDigest.getInstance("SHA-256"); +// byte[] hash = md.digest(uniqueId.getBytes("UTF-8")); +// String hashBase64 = new String(Base64Utils.encode(hash), "UTF-8").replaceAll("\r\n", ""); +// return hashBase64; +// +// } catch (Exception ex) { +// throw new eIDASAuthenticationException("internal.03", new Object[] {}, ex); +// +// } +// } +//} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasRequestPreProcessingFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasRequestPreProcessingFirstTest.java new file mode 100644 index 00000000..880c32ae --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasRequestPreProcessingFirstTest.java @@ -0,0 +1,147 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test; + +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; +import java.util.UUID; + +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.CcSpecificEidProcessingService; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import eu.eidas.auth.commons.light.impl.LightRequest; +import eu.eidas.auth.commons.light.impl.LightRequest.Builder; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_tasks_test.xml") +@DirtiesContext(classMode = ClassMode.AFTER_CLASS) +public class EidasRequestPreProcessingFirstTest { + + @Autowired + private IConfigurationWithSP basicConfig; + @Autowired + private CcSpecificEidProcessingService preProcessor; + + private TestRequestImpl pendingReq; + private DummySpConfiguration oaParam; + private Builder authnRequestBuilder; + + /** + * jUnit class initializer. + * + * @throws IOException In case of an error + */ + @BeforeClass + public static void classInitializer() throws IOException { + final String current = new java.io.File(".").toURI().toString(); + System.setProperty("eidas.ms.configuration", current + "../../basicConfig/default_config.properties"); + + } + + /** + * jUnit test set-up. + * + */ + @Before + public void setUp() { + + final Map<String, String> spConfig = new HashMap<>(); + spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); + spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); + oaParam = new DummySpConfiguration(spConfig, basicConfig); + + pendingReq = new TestRequestImpl(); + pendingReq.setSpConfig(oaParam); + pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); + pendingReq.setAuthUrl("http://test.com/"); + + authnRequestBuilder = LightRequest.builder(); + authnRequestBuilder.id(UUID.randomUUID().toString()); + authnRequestBuilder.issuer("Test"); + + } + + @Test + public void prePreProcessGeneric() throws EidPostProcessingException { + final String testCountry = "XX"; + authnRequestBuilder.citizenCountryCode(testCountry); + preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder); + + final LightRequest lightReq = authnRequestBuilder.build(); + + Assert.assertEquals("ProviderName is not Static", + Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, lightReq.getProviderName()); + Assert.assertEquals("no PublicSP", "public", lightReq.getSpType()); + Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size()); + + } + + @Test + public void prePreProcessGenericNoCountryCode() throws EidPostProcessingException { + final String testCountry = "XX"; + authnRequestBuilder.citizenCountryCode(testCountry); + preProcessor.preProcess(null, pendingReq, authnRequestBuilder); + + final LightRequest lightReq = authnRequestBuilder.build(); + + Assert.assertEquals("ProviderName is not Static", + Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, lightReq.getProviderName()); + Assert.assertEquals("no PublicSP", "public", lightReq.getSpType()); + Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size()); + + } + + @Test + public void prePreProcessDE() throws EidPostProcessingException { + + final String testCountry = "DE"; + authnRequestBuilder.citizenCountryCode(testCountry); + preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder); + + final LightRequest lightReq = authnRequestBuilder.build(); + + Assert.assertEquals("ProviderName is not Static", + Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, lightReq.getProviderName()); + Assert.assertEquals("no PublicSP", "public", lightReq.getSpType()); + Assert.assertEquals("Requested attribute size not match", 8, lightReq.getRequestedAttributes().size()); + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasRequestPreProcessingSecondTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasRequestPreProcessingSecondTest.java new file mode 100644 index 00000000..da7e3d85 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasRequestPreProcessingSecondTest.java @@ -0,0 +1,116 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test; + +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; +import java.util.UUID; + +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.CcSpecificEidProcessingService; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import eu.eidas.auth.commons.light.impl.LightRequest; +import eu.eidas.auth.commons.light.impl.LightRequest.Builder; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_tasks_test.xml") +@DirtiesContext(classMode = ClassMode.AFTER_CLASS) +public class EidasRequestPreProcessingSecondTest { + + @Autowired + private IConfigurationWithSP basicConfig; + @Autowired + private CcSpecificEidProcessingService preProcessor; + + private TestRequestImpl pendingReq; + private DummySpConfiguration oaParam; + private Builder authnRequestBuilder; + + /** + * jUnit class initializer. + * + * @throws IOException In case of an error + */ + @BeforeClass + public static void classInitializer() throws IOException { + final String current = new java.io.File(".").toURI().toString(); + System.setProperty("eidas.ms.configuration", current + + "src/test/resources/config/junit_config_1.properties"); + + } + + /** + * jUnit test set-up. + * + */ + @Before + public void setUp() { + + final Map<String, String> spConfig = new HashMap<>(); + spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); + spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); + oaParam = new DummySpConfiguration(spConfig, basicConfig); + + pendingReq = new TestRequestImpl(); + pendingReq.setSpConfig(oaParam); + pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); + pendingReq.setAuthUrl("http://test.com/"); + + authnRequestBuilder = LightRequest.builder(); + authnRequestBuilder.id(UUID.randomUUID().toString()); + authnRequestBuilder.issuer("Test"); + + } + + @Test + public void prePreProcessDeUnknownAttribute() throws EidPostProcessingException { + + final String testCountry = "DE"; + authnRequestBuilder.citizenCountryCode(testCountry); + preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder); + + final LightRequest lightReq = authnRequestBuilder.build(); + + Assert.assertEquals("ProviderName is not Static", "myNode", lightReq.getProviderName()); + Assert.assertEquals("no PublicSP", "public", lightReq.getSpType()); + Assert.assertEquals("Requested attribute size not match", 8, lightReq.getRequestedAttributes().size()); + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java new file mode 100644 index 00000000..81a61765 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java @@ -0,0 +1,272 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test; + +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.when; + +import java.io.IOException; +import java.security.InvalidKeyException; +import java.security.MessageDigest; +import java.security.NoSuchProviderException; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.ws.soap.SOAPFaultException; + +import org.apache.commons.lang3.StringUtils; +import org.apache.cxf.binding.soap.SoapFault; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Ignore; +import org.junit.Rule; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.util.Base64Utils; +import org.w3c.dom.Element; +import org.xml.sax.SAXException; + +import com.skjolberg.mockito.soap.SoapServiceRule; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType; +import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EaafParserException; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import szrservices.GetIdentityLinkEidasResponse; +import szrservices.IdentityLinkType; +import szrservices.PersonInfoType; +import szrservices.SZR; +import szrservices.SZRException_Exception; +import szrservices.TravelDocumentType; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_tasks_test.xml") +public class SzrClientTest { + private static final Logger log = LoggerFactory.getLogger(SzrClientTest.class); + + @Autowired + SzrClient szrClient; + @Autowired + IConfiguration basicConfig; + + private static final String givenName = "Franz"; + private static final String familyName = "Mustermann"; + private static final String dateOfBirth = "1989-05-05"; + private static final String eIDASeID = "IS/AT/1234sdgsdfg56789ABCDEF"; + + private static final String DUMMY_TARGET = EaafConstants.URN_PREFIX_CDID + "ZP"; + + /** + * jUnit class initializer. + * + * @throws IOException In case of an error + */ + @BeforeClass + public static void classInitializer() throws IOException { + final String current = new java.io.File(".").toURI().toString(); + System.setProperty("eidas.ms.configuration", current + "../../basicConfig/default_config.properties"); + + } + + @Rule + public SoapServiceRule soap = SoapServiceRule.newInstance(); + + @Test + public void getIdentityLinkRawModeValidResponse() throws SZRException_Exception, EaafParserException, + NoSuchProviderException, IOException, InvalidKeyException, EidasSAuthenticationException, JAXBException { + setSzrResponseIdentityLink("/data/szr/szr_resp_valid_1.xml", "http://localhost:1234/demoszr"); + + try { + log.debug("Starting connecting SZR Gateway"); + final IdentityLinkType result = szrClient.getIdentityLinkInRawMode( + getPersonInfo()); + + Assert.assertNotNull(result); + Assert.assertNotNull(result.getAssertion()); + + final IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser((Element) result + .getAssertion()).parseIdentityLink(); + Assert.assertNotNull(identityLink); + + System.out.println(identityLink.getSerializedSamlAssertion()); + + checkElement("Mustermann", identityLink.getFamilyName()); + checkElement("Hans", identityLink.getGivenName()); + checkElement("1989-05-05", identityLink.getDateOfBirth()); + checkElement("urn:publicid:gv.at:baseid", identityLink.getIdentificationType()); + checkElement("k+zDM1BVpN1WJO4x7ZQ3ng==", identityLink.getIdentificationValue()); + Assert.assertNotNull(identityLink.getSerializedSamlAssertion()); + Assert.assertNotNull(identityLink.getSamlAssertion()); + + } catch (final SzrCommunicationException e) { + Assert.fail(); + + } + + } + + @Test + public void getIdentityLinkRawModeErrorTravelerDocExists() throws SZRException_Exception, + EaafParserException, NoSuchProviderException, IOException, InvalidKeyException, + EidasSAuthenticationException, JAXBException, ParserConfigurationException, SAXException { + setSzrExceptionIdentityLink("/data/szr/szr_resp_error_travelerdocexists.xml", + "http://localhost:1234/demoszr"); + + try { + log.debug("Starting connecting SZR Gateway"); + szrClient.getIdentityLinkInRawMode( + getPersonInfo()); + Assert.fail(); + + } catch (final SzrCommunicationException e) { + checkElement("ernb.02", e.getErrorId()); + Assert.assertNotNull(e.getCause()); + org.springframework.util.Assert.isInstanceOf(SOAPFaultException.class, e.getCause()); + Assert.assertNotNull(((SOAPFaultException) e.getCause()).getFault()); + checkElement("p344:F455", ((SOAPFaultException) e.getCause()).getFault().getFaultCode()); + checkElement( + "The travel document you sent to insert a person already exists for another person. " + + "Either check the document or have the person altered accordingly", + ((SOAPFaultException) e.getCause()).getFault().getFaultString()); + + } + + } + + @Ignore + @Test + public void getBpkTest() throws SZRException_Exception, EidasSAuthenticationException { + final String bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET, + basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, + "no VKZ defined")); + + if (StringUtils.isEmpty(bPK)) { + throw new SzrCommunicationException("ernb.01", new Object[] { "bPK is null or empty" }); + } + + } + + private void checkElement(String expected, String value) { + Assert.assertNotNull(value); + Assert.assertEquals(expected, value); + + } + + private void setSzrResponseIdentityLink(String responseXmlPath, String serviceUrl) throws JAXBException, + SZRException_Exception { + final SZR szrServiceMock = soap.mock(SZR.class, serviceUrl); + final JAXBContext jaxbContext = JAXBContext.newInstance( + szrservices.ObjectFactory.class, + org.xmlsoap.schemas.ws._2002._04.secext.ObjectFactory.class, + org.w3._2001._04.xmldsig_more.ObjectFactory.class, + org.w3._2000._09.xmldsig.ObjectFactory.class, + at.gv.egov.pvp1.ObjectFactory.class, + at.gv.e_government.reference.namespace.persondata._20020228.ObjectFactory.class); + final Unmarshaller jaxbUnmarshaller = jaxbContext.createUnmarshaller(); + final GetIdentityLinkEidasResponse szrResponse = (GetIdentityLinkEidasResponse) jaxbUnmarshaller + .unmarshal(this.getClass().getResourceAsStream(responseXmlPath)); + when(szrServiceMock.getIdentityLinkEidas(any(PersonInfoType.class))).thenReturn(szrResponse + .getGetIdentityLinkReturn()); + + } + + private void setSzrExceptionIdentityLink(String responseXmlPath, String serviceUrl) throws JAXBException, + ParserConfigurationException, SAXException, IOException, SZRException_Exception { + final SZR szrServiceMock = soap.mock(SZR.class, serviceUrl); + final Element detailerror = DomUtils.parseXmlNonValidating(this.getClass().getResourceAsStream( + responseXmlPath)); + final javax.xml.namespace.QName qName = new javax.xml.namespace.QName("urn:SZRServices", "F455", "p344"); + final SoapFault fault = new SoapFault( + "The travel document you sent to insert a person already exists for another person. " + + "Either check the document or have the person altered accordingly", + qName); + fault.setRole("urn:SZRServices"); + fault.setDetail(detailerror); + when(szrServiceMock.getIdentityLinkEidas(any(PersonInfoType.class))).thenThrow(fault); + + } + + private String createHashFromUniqueId(String uniqueId) throws EidasSAuthenticationException { + try { + final MessageDigest md = MessageDigest.getInstance("SHA-256"); + final byte[] hash = md.digest(uniqueId.getBytes("UTF-8")); + final String hashBase64 = new String(Base64Utils.encode(hash), "UTF-8").replaceAll("\r\n", ""); + return hashBase64; + + } catch (final Exception ex) { + throw new EidasSAuthenticationException("internal.03", new Object[] {}, ex); + + } + } + + private PersonInfoType getPersonInfo() throws EidasSAuthenticationException { + final PersonInfoType personInfo = new PersonInfoType(); + final PersonNameType personName = new PersonNameType(); + final PhysicalPersonType naturalPerson = new PhysicalPersonType(); + final TravelDocumentType eDocument = new TravelDocumentType(); + + naturalPerson.setName(personName); + personInfo.setPerson(naturalPerson); + personInfo.setTravelDocument(eDocument); + + // parse some eID attributes + final Trible<String, String, String> eIdentifier = + EidasResponseUtils.parseEidasPersonalIdentifier(eIDASeID); + final String uniqueId = createHashFromUniqueId(eIdentifier.getThird()); + final String citizenCountry = eIdentifier.getFirst(); + + // person information + personName.setFamilyName(familyName); + personName.setGivenName(givenName); + naturalPerson.setDateOfBirth(dateOfBirth); + eDocument.setIssuingCountry(citizenCountry); + eDocument.setDocumentNumber(uniqueId); + + // eID document information + eDocument.setDocumentType(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE, + Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE)); + + return personInfo; + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java new file mode 100644 index 00000000..772f94b3 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java @@ -0,0 +1,189 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test; + +import java.io.IOException; +import java.security.InvalidKeyException; +import java.security.MessageDigest; +import java.security.NoSuchProviderException; + +import org.apache.commons.lang3.StringUtils; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.util.Base64Utils; +import org.w3c.dom.Element; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType; +import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EaafParserException; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; +import szrservices.IdentityLinkType; +import szrservices.PersonInfoType; +import szrservices.SZRException_Exception; +import szrservices.TravelDocumentType; + +@Ignore +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_basic_test.xml") +public class SzrClientTestProduction { + private static final Logger log = LoggerFactory.getLogger(SzrClientTestProduction.class); + + @Autowired + SzrClient szrClient; + @Autowired + IConfiguration basicConfig; + + private static final String givenName = "Franz"; + private static final String familyName = "Mustermann"; + // private static final String dateOfBirth = "1989-05-05"; + private static final String dateOfBirth = "1989-05-04"; + private static final String eIDASeID = "IS/AT/1234sdgsdfg56789ABCDEF"; + + private static final String DUMMY_TARGET = EaafConstants.URN_PREFIX_CDID + "ZP"; + + @Test + public void dummyTest() { + + } + + @Test + public void getIdentityLinkRawMode() throws SZRException_Exception, EaafParserException, + NoSuchProviderException, IOException, InvalidKeyException, EidasSAuthenticationException { + log.debug("Starting connecting SZR Gateway"); + final IdentityLinkType result = szrClient.getIdentityLinkInRawMode( + getPersonInfo()); + + final Element idlFromSzr = (Element) result.getAssertion(); + final IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink(); + + if (identityLink == null) { + throw new SzrCommunicationException("ernb.00", new Object[] { "NO IDL object" }); + } + + System.out.println(identityLink.getSerializedSamlAssertion()); + + if (StringUtils.isEmpty(identityLink.getFamilyName())) { + throw new SzrCommunicationException("ernb.00", new Object[] { "NO FamilyName from IDL" }); + } + + if (StringUtils.isEmpty(identityLink.getGivenName())) { + throw new SzrCommunicationException("ernb.00", new Object[] { "NO GivenName from IDL" }); + } + + if (StringUtils.isEmpty(identityLink.getDateOfBirth())) { + throw new SzrCommunicationException("ernb.00", new Object[] { "NO DateOfBirthName from IDL" }); + } + + if (StringUtils.isEmpty(identityLink.getIdentificationType())) { + throw new SzrCommunicationException("ernb.00", new Object[] { "NO baseIdType from IDL" }); + } + + if (StringUtils.isEmpty(identityLink.getIdentificationValue())) { + throw new SzrCommunicationException("ernb.00", new Object[] { "NO baseId from IDL" }); + } + + if (StringUtils.isEmpty(identityLink.getSerializedSamlAssertion())) { + throw new SzrCommunicationException("ernb.00", new Object[] { "NO serialized IDL" }); + } + + if (identityLink.getSamlAssertion() == null) { + throw new SzrCommunicationException("ernb.00", new Object[] { "NO raw IDL" }); + } + + } + + + @Ignore + @Test + public void getBpkTest() throws SZRException_Exception, EidasSAuthenticationException { + final String bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET, + basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, + "no VKZ defined")); + + if (StringUtils.isEmpty(bPK)) { + throw new SzrCommunicationException("ernb.01", new Object[] { "bPK is null or empty" }); + } + + } + + private String createHashFromUniqueId(String uniqueId) throws EidasSAuthenticationException { + try { + final MessageDigest md = MessageDigest.getInstance("SHA-256"); + final byte[] hash = md.digest(uniqueId.getBytes("UTF-8")); + final String hashBase64 = new String(Base64Utils.encode(hash), "UTF-8").replaceAll("\r\n", ""); + return hashBase64; + + } catch (final Exception ex) { + throw new EidasSAuthenticationException("internal.03", new Object[] {}, ex); + + } + } + + private PersonInfoType getPersonInfo() throws EidasSAuthenticationException { + final PersonInfoType personInfo = new PersonInfoType(); + final PersonNameType personName = new PersonNameType(); + final PhysicalPersonType naturalPerson = new PhysicalPersonType(); + final TravelDocumentType eDocument = new TravelDocumentType(); + + naturalPerson.setName(personName); + personInfo.setPerson(naturalPerson); + personInfo.setTravelDocument(eDocument); + + // parse some eID attributes + final Trible<String, String, String> eIdentifier = + EidasResponseUtils.parseEidasPersonalIdentifier(eIDASeID); + final String uniqueId = createHashFromUniqueId(eIdentifier.getThird()); + final String citizenCountry = eIdentifier.getFirst(); + + // person information + personName.setFamilyName(familyName); + personName.setGivenName(givenName); + naturalPerson.setDateOfBirth(dateOfBirth); + eDocument.setIssuingCountry(citizenCountry); + eDocument.setDocumentNumber(uniqueId); + + // eID document information + eDocument.setDocumentType(basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE, + Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE)); + + return personInfo; + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummySpecificCommunicationService.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummySpecificCommunicationService.java new file mode 100644 index 00000000..d2b0c1ae --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummySpecificCommunicationService.java @@ -0,0 +1,58 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy; + +import java.util.Collection; + +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.light.ILightRequest; +import eu.eidas.auth.commons.light.ILightResponse; +import eu.eidas.auth.commons.tx.BinaryLightToken; +import eu.eidas.specificcommunication.BinaryLightTokenHelper; +import eu.eidas.specificcommunication.exception.SpecificCommunicationException; +import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; + +public class DummySpecificCommunicationService implements SpecificCommunicationService { + + private ILightRequest lightRequest; + private ILightResponse lightResponse; + + @Override + public BinaryLightToken putRequest(ILightRequest lightRequest) throws SpecificCommunicationException { + this.lightRequest = lightRequest; + return BinaryLightTokenHelper.createBinaryLightToken("Test", "TestSecret", "SHA-256"); + } + + @Override + public ILightRequest getAndRemoveRequest(String tokenBase64, Collection<AttributeDefinition<?>> registry) + throws SpecificCommunicationException { + return lightRequest; + } + + @Override + public BinaryLightToken putResponse(ILightResponse lightResponse) throws SpecificCommunicationException { + this.lightResponse = lightResponse; + return BinaryLightTokenHelper.createBinaryLightToken("Test", "TestSecret", "SHA-256"); + } + + @Override + public ILightResponse getAndRemoveResponse(String tokenBase64, Collection<AttributeDefinition<?>> registry) + throws SpecificCommunicationException { + return lightResponse; + } + + public ILightRequest getiLightRequest() { + return lightRequest; + } + + public void setiLightRequest(ILightRequest lightReques) { + this.lightRequest = lightReques; + } + + public ILightResponse getiLightResponse() { + return lightResponse; + } + + public void setiLightResponse(ILightResponse lightResponse) { + this.lightResponse = lightResponse; + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskFirstTest.java new file mode 100644 index 00000000..e8fcdd3d --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskFirstTest.java @@ -0,0 +1,122 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; + +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; + +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import eu.eidas.auth.commons.light.ILightRequest; +import eu.eidas.specificcommunication.exception.SpecificCommunicationException; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_tasks_test.xml") +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) +public class GenerateAuthnRequestTaskFirstTest { + + @Autowired(required = true) + private GenerateAuthnRequestTask task; + @Autowired(required = true) + private DummySpecificCommunicationService commService; + @Autowired(required = true) + private IConfiguration basicConfig; + + final ExecutionContext executionContext = new ExecutionContextImpl(); + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + private TestRequestImpl pendingReq; + private DummySpConfiguration oaParam; + + /** + * jUnit class initializer. + * + * @throws IOException In case of an error + */ + @BeforeClass + public static void classInitializer() throws IOException { + final String current = new java.io.File(".").toURI().toString(); + System.setProperty("eidas.ms.configuration", current + + "src/test/resources/config/junit_config_1.properties"); + + } + + /** + * jUnit test set-up. + * + */ + @Before + public void setUp() { + + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + final Map<String, String> spConfig = new HashMap<>(); + spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); + spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); + oaParam = new DummySpConfiguration(spConfig, basicConfig); + + pendingReq = new TestRequestImpl(); + pendingReq.setSpConfig(oaParam); + pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); + pendingReq.setAuthUrl("http://test.com/"); + + } + + @Test + @DirtiesContext + public void withCustomStaticProviderNameForPublicSPs() throws TaskExecutionException, + SpecificCommunicationException { + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); + + try { + task.execute(pendingReq, executionContext); + + } catch (final TaskExecutionException e) { + // forward URL is not set in example config + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e.getOriginalException(), + "Wrong exception"); + Assert.assertEquals("wrong errorCode", "config.08", ((EaafException) e.getOriginalException()) + .getErrorId()); + Assert.assertEquals("wrong parameter size", 1, ((EaafException) e.getOriginalException()) + .getParams().length); + Assert.assertEquals("wrong errorMsg", Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL, ((EaafException) e + .getOriginalException()).getParams()[0]); + + } + + final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); + + Assert.assertEquals("ProviderName is not Static", "myNode", eidasReq.getProviderName()); + Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType()); + Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance()); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskSecondTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskSecondTest.java new file mode 100644 index 00000000..10896f48 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskSecondTest.java @@ -0,0 +1,140 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; + +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; + +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import eu.eidas.auth.commons.light.ILightRequest; +import eu.eidas.specificcommunication.exception.SpecificCommunicationException; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_tasks_test.xml") +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) +public class GenerateAuthnRequestTaskSecondTest { + + @Autowired(required = true) + private GenerateAuthnRequestTask task; + @Autowired(required = true) + private DummySpecificCommunicationService commService; + @Autowired(required = true) + private IConfiguration basicConfig; + + final ExecutionContext executionContext = new ExecutionContextImpl(); + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + private TestRequestImpl pendingReq; + private DummySpConfiguration oaParam; + + /** + * jUnit class initializer. + * + * @throws IOException In case of an error + */ + @BeforeClass + public static void classInitializer() throws IOException { + final String current = new java.io.File(".").toURI().toString(); + System.setProperty("eidas.ms.configuration", current + "../../basicConfig/default_config.properties"); + + } + + /** + * jUnit test set-up. + * + */ + @Before + public void setUp() { + + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + final Map<String, String> spConfig = new HashMap<>(); + spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); + spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); + oaParam = new DummySpConfiguration(spConfig, basicConfig); + + pendingReq = new TestRequestImpl(); + pendingReq.setSpConfig(oaParam); + pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); + pendingReq.setAuthUrl("http://test.com/"); + + } + + @Test + public void noCountryCode() { + try { + task.execute(pendingReq, executionContext); + Assert.fail("No countryCode not detected"); + + } catch (final TaskExecutionException e) { + Assert.assertEquals("wrong pendingReqId", pendingReq.getPendingRequestId(), e.getPendingRequestID()); + org.springframework.util.Assert.isInstanceOf(EidasSAuthenticationException.class, e + .getOriginalException(), "Wrong exception"); + Assert.assertEquals("wrong errorCode", "eidas.03", ((EaafException) e.getOriginalException()) + .getErrorId()); + + } + + } + + @Test + @DirtiesContext + public void withStaticProviderNameForPublicSPs() throws TaskExecutionException, + SpecificCommunicationException { + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); + + try { + task.execute(pendingReq, executionContext); + + } catch (final TaskExecutionException e) { + // forward URL is not set in example config + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e.getOriginalException(), + "Wrong exception"); + Assert.assertEquals("wrong errorCode", "config.08", ((EaafException) e.getOriginalException()) + .getErrorId()); + Assert.assertEquals("wrong parameter size", 1, ((EaafException) e.getOriginalException()) + .getParams().length); + Assert.assertEquals("wrong errorMsg", Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL, ((EaafException) e + .getOriginalException()).getParams()[0]); + + } + + final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); + + Assert.assertEquals("ProviderName is not Static", + Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, eidasReq.getProviderName()); + Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType()); + Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance()); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskThirdTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskThirdTest.java new file mode 100644 index 00000000..f2e44ed1 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskThirdTest.java @@ -0,0 +1,106 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; + +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; + +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import eu.eidas.auth.commons.light.ILightRequest; +import eu.eidas.specificcommunication.exception.SpecificCommunicationException; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_tasks_test.xml") +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) +public class GenerateAuthnRequestTaskThirdTest { + + @Autowired(required = true) + private GenerateAuthnRequestTask task; + @Autowired(required = true) + private DummySpecificCommunicationService commService; + @Autowired(required = true) + private IConfiguration basicConfig; + + final ExecutionContext executionContext = new ExecutionContextImpl(); + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + private TestRequestImpl pendingReq; + private DummySpConfiguration oaParam; + + /** + * jUnit class initializer. + * + * @throws IOException In case of an error + */ + @BeforeClass + public static void classInitializer() throws IOException { + final String current = new java.io.File(".").toURI().toString(); + System.setProperty("eidas.ms.configuration", current + + "src/test/resources/config/junit_config_2.properties"); + + } + + /** + * jUnit test set-up. + * + */ + @Before + public void setUp() { + + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + final Map<String, String> spConfig = new HashMap<>(); + spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); + spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); + oaParam = new DummySpConfiguration(spConfig, basicConfig); + + pendingReq = new TestRequestImpl(); + pendingReq.setSpConfig(oaParam); + pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); + pendingReq.setAuthUrl("http://test.com/"); + + } + + @Test + @DirtiesContext + public void withDynamicProviderNameForPublicSPs() throws TaskExecutionException, + SpecificCommunicationException { + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); + + task.execute(pendingReq, executionContext); + Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); + + final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); + + Assert.assertNull("ProviderName found", eidasReq.getProviderName()); + Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType()); + Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance()); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/SZRClientTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/SZRClientTest.java deleted file mode 100644 index 825fe205..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/SZRClientTest.java +++ /dev/null @@ -1,310 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.test.eidas.specific.modules.authmodule_eIDASv2; - -import static org.mockito.ArgumentMatchers.any; -import static org.mockito.Mockito.when; - -import java.io.IOException; -import java.security.InvalidKeyException; -import java.security.MessageDigest; -import java.security.NoSuchProviderException; -import java.util.List; - -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Unmarshaller; -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.ws.soap.SOAPFaultException; - -import org.apache.commons.lang3.StringUtils; -import org.apache.cxf.binding.soap.SoapFault; -import org.junit.Assert; -import org.junit.BeforeClass; -import org.junit.Ignore; -import org.junit.Rule; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.util.Base64Utils; -import org.w3._2000._09.xmldsig.KeyValueType; -import org.w3c.dom.Element; -import org.xml.sax.SAXException; - -import com.skjolberg.mockito.soap.SoapServiceRule; - -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.SZRCommunicationException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.szr.SZRClient; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils; -import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType; -import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; -import at.gv.egiz.eaaf.core.exceptions.EaafParserException; -import at.gv.egiz.eaaf.core.impl.data.Trible; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; -import at.gv.egiz.eaaf.core.impl.utils.DomUtils; -import szrservices.GetIdentityLinkEidasResponse; -import szrservices.IdentityLinkType; -import szrservices.PersonInfoType; -import szrservices.SZR; -import szrservices.SZRException_Exception; -import szrservices.TravelDocumentType; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration("/SpringTest-context_tasks_test.xml") -public class SZRClientTest { - private static final Logger log = LoggerFactory.getLogger(SZRClientTest.class); - - @Autowired SZRClient szrClient; - @Autowired IConfiguration basicConfig; - - private static final String givenName = "Franz"; - private static final String familyName = "Mustermann"; - private static final String dateOfBirth = "1989-05-05"; - private static final String eIDASeID = "IS/AT/1234sdgsdfg56789ABCDEF"; - - //Dummy public RSA Key - private static final String PUBKEY_EXPONENT = "AQAB"; - private static final String PUBKEY_MODULUS = "AJZyj/+sdCMDRq9RkvbFcgSTVn/OfS8EUE81ddwP8MNuJ1kd1SWBUJPaQX2JLJHrL54mkOhrkhH2M/zcuOTu8nW9TOEgXGjrRB/0HpiYKpV+VDJViyyc/GacNLxN4Anw4pima6gHYaJIw9hQkL/nuO2hyh8PGJd7rxeFXJmbLy+X"; - - private static final String DUMMY_TARGET = EaafConstants.URN_PREFIX_CDID + "ZP"; - - @BeforeClass - public static void classInitializer() throws IOException { - final String current = new java.io.File( "." ).toURI().toString(); - System.setProperty("eidas.ms.configuration", current + "../../basicConfig/default_config.properties"); - - } - - @Rule - public SoapServiceRule soap = SoapServiceRule.newInstance(); - - @Test - public void getIdentityLinkRawModeValidResponse() throws SZRException_Exception, EaafParserException, NoSuchProviderException, IOException, InvalidKeyException, eIDASAuthenticationException, JAXBException { - setSZRResponseIdentityLink("/data/szr/szr_resp_valid_1.xml", "http://localhost:1234/demoszr"); - - try { - log.debug("Starting connecting SZR Gateway"); - IdentityLinkType result = szrClient.getIdentityLinkInRawMode( - getPersonInfo()); - - Assert.assertNotNull(result); - Assert.assertNotNull(result.getAssertion()); - - IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser((Element)result.getAssertion()).parseIdentityLink(); - Assert.assertNotNull(identityLink); - - System.out.println(identityLink.getSerializedSamlAssertion()); - - checkElement("Mustermann", identityLink.getFamilyName()); - checkElement("Hans", identityLink.getGivenName()); - checkElement("1989-05-05", identityLink.getDateOfBirth()); - checkElement("urn:publicid:gv.at:baseid", identityLink.getIdentificationType()); - checkElement("k+zDM1BVpN1WJO4x7ZQ3ng==", identityLink.getIdentificationValue()); - Assert.assertNotNull(identityLink.getSerializedSamlAssertion()); - Assert.assertNotNull(identityLink.getSamlAssertion()); - - } catch (SZRCommunicationException e) { - Assert.fail(); - - } - - } - - @Test - public void getIdentityLinkRawModeErrorTravelerDocExists() throws SZRException_Exception, EaafParserException, NoSuchProviderException, IOException, InvalidKeyException, eIDASAuthenticationException, JAXBException, ParserConfigurationException, SAXException { - setSZRExceptionIdentityLink("/data/szr/szr_resp_error_travelerdocexists.xml", "http://localhost:1234/demoszr"); - - try { - log.debug("Starting connecting SZR Gateway"); - IdentityLinkType result = szrClient.getIdentityLinkInRawMode( - getPersonInfo()); - Assert.fail(); - - } catch (SZRCommunicationException e) { - checkElement("ernb.02", e.getErrorId()); - Assert.assertNotNull(e.getCause()); - org.springframework.util.Assert.isInstanceOf(SOAPFaultException.class, e.getCause()); - Assert.assertNotNull(((SOAPFaultException)e.getCause()).getFault()); - checkElement("p344:F455", ((SOAPFaultException)e.getCause()).getFault().getFaultCode()); - checkElement("The travel document you sent to insert a person already exists for another person. Either check the document or have the person altered accordingly", ((SOAPFaultException)e.getCause()).getFault().getFaultString()); - - } - - } - - @Ignore - @Test - public void getbPKTest() throws SZRException_Exception, eIDASAuthenticationException { - String bPK = szrClient.getBPK(getPersonInfo(), DUMMY_TARGET, - basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, - "no VKZ defined")); - - if (StringUtils.isEmpty(bPK)) - throw new SZRCommunicationException("ernb.01", new Object[] {"bPK is null or empty"}); - - - } - - private void checkElement(String expected, String value) { - Assert.assertNotNull(value); - Assert.assertEquals(expected, value); - - } - - - private void setSZRResponseIdentityLink(String responseXmlPath, String serviceURL) throws JAXBException, SZRException_Exception { - final SZR szrServiceMock = soap.mock(SZR.class, serviceURL); - final JAXBContext jaxbContext = JAXBContext.newInstance( - szrservices.ObjectFactory.class, - org.xmlsoap.schemas.ws._2002._04.secext.ObjectFactory.class, - org.w3._2001._04.xmldsig_more.ObjectFactory.class, - org.w3._2000._09.xmldsig.ObjectFactory.class, - at.gv.egov.pvp1.ObjectFactory.class, - at.gv.e_government.reference.namespace.persondata._20020228.ObjectFactory.class); - final Unmarshaller jaxbUnmarshaller = jaxbContext.createUnmarshaller(); - final GetIdentityLinkEidasResponse szrResponse= (GetIdentityLinkEidasResponse) jaxbUnmarshaller.unmarshal(this.getClass().getResourceAsStream(responseXmlPath)); - when(szrServiceMock.getIdentityLinkEidas(any(PersonInfoType.class))).thenReturn(szrResponse.getGetIdentityLinkReturn()); - - } - - private void setSZRExceptionIdentityLink(String responseXmlPath, String serviceURL) throws JAXBException,ParserConfigurationException, SAXException, IOException, SZRException_Exception { - final SZR szrServiceMock = soap.mock(SZR.class, serviceURL); - final Element detailerror = DomUtils.parseXmlNonValidating(this.getClass().getResourceAsStream(responseXmlPath)); - final javax.xml.namespace.QName qName = new javax.xml.namespace.QName("urn:SZRServices","F455", "p344"); - final SoapFault fault = new SoapFault("The travel document you sent to insert a person already exists for another person. Either check the document or have the person altered accordingly", qName); - fault.setRole("urn:SZRServices"); - fault.setDetail(detailerror); - when(szrServiceMock.getIdentityLinkEidas(any(PersonInfoType.class))).thenThrow(fault); - - } - - private String createHashFromUniqueId(String uniqueId) throws eIDASAuthenticationException { - try { - MessageDigest md = MessageDigest.getInstance("SHA-256"); - byte[] hash = md.digest(uniqueId.getBytes("UTF-8")); - String hashBase64 = new String(Base64Utils.encode(hash), "UTF-8").replaceAll("\r\n", ""); - return hashBase64; - - } catch (Exception ex) { - throw new eIDASAuthenticationException("internal.03", new Object[]{}, ex); - - } - } - - private PersonInfoType getPersonInfo() throws eIDASAuthenticationException { - PersonInfoType personInfo = new PersonInfoType(); - PersonNameType personName = new PersonNameType(); - PhysicalPersonType naturalPerson = new PhysicalPersonType(); - TravelDocumentType eDocument = new TravelDocumentType(); - - naturalPerson.setName(personName ); - personInfo.setPerson(naturalPerson ); - personInfo.setTravelDocument(eDocument ); - - //parse some eID attributes - Trible<String, String, String> eIdentifier = - eIDASResponseUtils.parseEidasPersonalIdentifier((String)eIDASeID); - String uniqueId = createHashFromUniqueId(eIdentifier.getThird()); - String citizenCountry = eIdentifier.getFirst(); - - //person information - personName.setFamilyName((String)familyName); - personName.setGivenName((String)givenName); - naturalPerson.setDateOfBirth(dateOfBirth); - eDocument.setIssuingCountry(citizenCountry); - eDocument.setDocumentNumber(uniqueId); - - //eID document information - eDocument.setDocumentType(basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE, - Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE)); - - //TODO: that should be removed -// eDocument.setIssueDate(basicConfig.getBasicConfiguration( -// Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_DATE)); -// eDocument.setIssuingAuthority(basicConfig.getBasicConfiguration( -// Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_AUTHORITY)); - - return personInfo; - } - - - private List<KeyValueType> dummyCodeForKeys() throws IOException, NoSuchProviderException, InvalidKeyException { -// if (basicConfig.getBasicMOAIDConfigurationBoolean( -// Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_KEYS_USEDUMMY, -// false)) { -// List<KeyValueType> keyvalueList = new ArrayList<KeyValueType>(); -// try { -// // set key values -// RSAKeyValueType rsa = new RSAKeyValueType(); -// rsa.setExponent(PUBKEY_EXPONENT); -// rsa.setModulus(PUBKEY_MODULUS); -// -// KeyValueType key = new KeyValueType(); -// key.setRSAKeyValue(rsa); -// keyvalueList.add(key); -// -// return keyvalueList; -// } catch (Exception e) { -// log.error("TestCode has an internal ERROR", e); -// throw e; -// -// } -// -// } - - return null; - - } - - /* - * getIdentityLink without RAW mode does not contain a valid signature - */ - //@Test -// public void getIdentityLink() throws SZRException_Exception, EAAFParserException, NoSuchProviderException, IOException, InvalidKeyException, eIDASAuthenticationException { -// log.debug("Starting connecting SZR Gateway"); -// IdentityLinkType result = szrClient.getIdentityLink( -// getPersonInfo(), -// dummyCodeForKeys(), -// basicConfig.getBasicMOAIDConfigurationBoolean( -// Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_INSERTERNB, -// true) -// ); -// -// Element idlFromSZR = (Element)result.getAssertion(); -// IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSZR).parseIdentityLink(); -// if (identityLink == null) -// throw new SZRCommunicationException("ernb.00", new Object[] {"bPK is null or empty"}); -// -// } -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/SZRClientTestProduction.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/SZRClientTestProduction.java deleted file mode 100644 index a4aa7ca0..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/SZRClientTestProduction.java +++ /dev/null @@ -1,240 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.test.eidas.specific.modules.authmodule_eIDASv2; - -import java.io.IOException; -import java.security.InvalidKeyException; -import java.security.MessageDigest; -import java.security.NoSuchProviderException; -import java.util.List; - -import org.apache.commons.lang3.StringUtils; -import org.junit.Ignore; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.util.Base64Utils; -import org.w3._2000._09.xmldsig.KeyValueType; -import org.w3c.dom.Element; - -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.SZRCommunicationException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.szr.SZRClient; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils; -import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType; -import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; -import at.gv.egiz.eaaf.core.exceptions.EaafParserException; -import at.gv.egiz.eaaf.core.impl.data.Trible; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; -import szrservices.IdentityLinkType; -import szrservices.PersonInfoType; -import szrservices.SZRException_Exception; -import szrservices.TravelDocumentType; - -@Ignore -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration("/SpringTest-context_basic_test.xml") -public class SZRClientTestProduction { - private static final Logger log = LoggerFactory.getLogger(SZRClientTestProduction.class); - - @Autowired SZRClient szrClient; - @Autowired IConfiguration basicConfig; - - private static final String givenName = "Franz"; - private static final String familyName = "Mustermann"; - //private static final String dateOfBirth = "1989-05-05"; - private static final String dateOfBirth = "1989-05-04"; - private static final String eIDASeID = "IS/AT/1234sdgsdfg56789ABCDEF"; - - //Dummy public RSA Key - private static final String PUBKEY_EXPONENT = "AQAB"; - private static final String PUBKEY_MODULUS = "AJZyj/+sdCMDRq9RkvbFcgSTVn/OfS8EUE81ddwP8MNuJ1kd1SWBUJPaQX2JLJHrL54mkOhrkhH2M/zcuOTu8nW9TOEgXGjrRB/0HpiYKpV+VDJViyyc/GacNLxN4Anw4pima6gHYaJIw9hQkL/nuO2hyh8PGJd7rxeFXJmbLy+X"; - - private static final String DUMMY_TARGET = EaafConstants.URN_PREFIX_CDID + "ZP"; - - @Test - public void dummyTest() { - - } - - - /* - * getIdentityLink without RAW mode does not contain a valid signature - */ - //@Test -// public void getIdentityLink() throws SZRException_Exception, EAAFParserException, NoSuchProviderException, IOException, InvalidKeyException, eIDASAuthenticationException { -// log.debug("Starting connecting SZR Gateway"); -// IdentityLinkType result = szrClient.getIdentityLink( -// getPersonInfo(), -// dummyCodeForKeys(), -// basicConfig.getBasicMOAIDConfigurationBoolean( -// Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_INSERTERNB, -// true) -// ); -// -// Element idlFromSZR = (Element)result.getAssertion(); -// IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSZR).parseIdentityLink(); -// if (identityLink == null) -// throw new SZRCommunicationException("ernb.00", new Object[] {"bPK is null or empty"}); -// -// } - - @Test - public void getIdentityLinkRawMode() throws SZRException_Exception, EaafParserException, NoSuchProviderException, IOException, InvalidKeyException, eIDASAuthenticationException { - log.debug("Starting connecting SZR Gateway"); - IdentityLinkType result = szrClient.getIdentityLinkInRawMode( - getPersonInfo()); - - Element idlFromSZR = (Element)result.getAssertion(); - IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSZR).parseIdentityLink(); - - if (identityLink == null) - throw new SZRCommunicationException("ernb.00", new Object[] {"NO IDL object"}); - - System.out.println(identityLink.getSerializedSamlAssertion()); - - if (StringUtils.isEmpty(identityLink.getFamilyName())) - throw new SZRCommunicationException("ernb.00", new Object[] {"NO FamilyName from IDL"}); - - if (StringUtils.isEmpty(identityLink.getGivenName())) - throw new SZRCommunicationException("ernb.00", new Object[] {"NO GivenName from IDL"}); - - if (StringUtils.isEmpty(identityLink.getDateOfBirth())) - throw new SZRCommunicationException("ernb.00", new Object[] {"NO DateOfBirthName from IDL"}); - - if (StringUtils.isEmpty(identityLink.getIdentificationType())) - throw new SZRCommunicationException("ernb.00", new Object[] {"NO baseIdType from IDL"}); - - if (StringUtils.isEmpty(identityLink.getIdentificationValue())) - throw new SZRCommunicationException("ernb.00", new Object[] {"NO baseId from IDL"}); - - if (StringUtils.isEmpty(identityLink.getSerializedSamlAssertion())) - throw new SZRCommunicationException("ernb.00", new Object[] {"NO serialized IDL"}); - - if (identityLink.getSamlAssertion() == null ) - throw new SZRCommunicationException("ernb.00", new Object[] {"NO raw IDL"}); - - - - } - -// @Test - public void getbPKTest() throws SZRException_Exception, eIDASAuthenticationException { - String bPK = szrClient.getBPK(getPersonInfo(), DUMMY_TARGET, - basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, - "no VKZ defined")); - - if (StringUtils.isEmpty(bPK)) - throw new SZRCommunicationException("ernb.01", new Object[] {"bPK is null or empty"}); - - - } - - private String createHashFromUniqueId(String uniqueId) throws eIDASAuthenticationException { - try { - MessageDigest md = MessageDigest.getInstance("SHA-256"); - byte[] hash = md.digest(uniqueId.getBytes("UTF-8")); - String hashBase64 = new String(Base64Utils.encode(hash), "UTF-8").replaceAll("\r\n", ""); - return hashBase64; - - } catch (Exception ex) { - throw new eIDASAuthenticationException("internal.03", new Object[]{}, ex); - - } - } - - private PersonInfoType getPersonInfo() throws eIDASAuthenticationException { - PersonInfoType personInfo = new PersonInfoType(); - PersonNameType personName = new PersonNameType(); - PhysicalPersonType naturalPerson = new PhysicalPersonType(); - TravelDocumentType eDocument = new TravelDocumentType(); - - naturalPerson.setName(personName ); - personInfo.setPerson(naturalPerson ); - personInfo.setTravelDocument(eDocument ); - - //parse some eID attributes - Trible<String, String, String> eIdentifier = - eIDASResponseUtils.parseEidasPersonalIdentifier((String)eIDASeID); - String uniqueId = createHashFromUniqueId(eIdentifier.getThird()); - String citizenCountry = eIdentifier.getFirst(); - - //person information - personName.setFamilyName((String)familyName); - personName.setGivenName((String)givenName); - naturalPerson.setDateOfBirth(dateOfBirth); - eDocument.setIssuingCountry(citizenCountry); - eDocument.setDocumentNumber(uniqueId); - - //eID document information - eDocument.setDocumentType(basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE, - Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE)); - - //TODO: that should be removed -// eDocument.setIssueDate(basicConfig.getBasicConfiguration( -// Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_DATE)); -// eDocument.setIssuingAuthority(basicConfig.getBasicConfiguration( -// Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_AUTHORITY)); - - return personInfo; - } - - - private List<KeyValueType> dummyCodeForKeys() throws IOException, NoSuchProviderException, InvalidKeyException { -// if (basicConfig.getBasicMOAIDConfigurationBoolean( -// Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_KEYS_USEDUMMY, -// false)) { -// List<KeyValueType> keyvalueList = new ArrayList<KeyValueType>(); -// try { -// // set key values -// RSAKeyValueType rsa = new RSAKeyValueType(); -// rsa.setExponent(PUBKEY_EXPONENT); -// rsa.setModulus(PUBKEY_MODULUS); -// -// KeyValueType key = new KeyValueType(); -// key.setRSAKeyValue(rsa); -// keyvalueList.add(key); -// -// return keyvalueList; -// } catch (Exception e) { -// log.error("TestCode has an internal ERROR", e); -// throw e; -// -// } -// -// } - - return null; - - } -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/dummy/DummySpecificCommunicationService.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/dummy/DummySpecificCommunicationService.java deleted file mode 100644 index c2b6f08f..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/dummy/DummySpecificCommunicationService.java +++ /dev/null @@ -1,60 +0,0 @@ -package at.asitplus.test.eidas.specific.modules.authmodule_eIDASv2.dummy; - -import java.util.Collection; - -import eu.eidas.auth.commons.attribute.AttributeDefinition; -import eu.eidas.auth.commons.light.ILightRequest; -import eu.eidas.auth.commons.light.ILightResponse; -import eu.eidas.auth.commons.tx.BinaryLightToken; -import eu.eidas.specificcommunication.BinaryLightTokenHelper; -import eu.eidas.specificcommunication.exception.SpecificCommunicationException; -import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; - -public class DummySpecificCommunicationService implements SpecificCommunicationService { - - private ILightRequest iLightRequest; - private ILightResponse iLightResponse; - - @Override - public BinaryLightToken putRequest(ILightRequest iLightRequest) throws SpecificCommunicationException { - this.iLightRequest = iLightRequest; - return BinaryLightTokenHelper.createBinaryLightToken("Test", "TestSecret", "SHA-256"); - } - - @Override - public ILightRequest getAndRemoveRequest(String tokenBase64, Collection<AttributeDefinition<?>> registry) - throws SpecificCommunicationException { - return iLightRequest; - } - - @Override - public BinaryLightToken putResponse(ILightResponse iLightResponse) throws SpecificCommunicationException { - this.iLightResponse = iLightResponse; - return BinaryLightTokenHelper.createBinaryLightToken("Test", "TestSecret", "SHA-256"); - } - - @Override - public ILightResponse getAndRemoveResponse(String tokenBase64, Collection<AttributeDefinition<?>> registry) - throws SpecificCommunicationException { - return iLightResponse; - } - - public ILightRequest getiLightRequest() { - return iLightRequest; - } - - public void setiLightRequest(ILightRequest iLightReques) { - this.iLightRequest = iLightReques; - } - - public ILightResponse getiLightResponse() { - return iLightResponse; - } - - public void setiLightResponse(ILightResponse iLightResponse) { - this.iLightResponse = iLightResponse; - } - - - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/eIDASAttributePostProcessingTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/eIDASAttributePostProcessingTest.java deleted file mode 100644 index 2b19e1e2..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/eIDASAttributePostProcessingTest.java +++ /dev/null @@ -1,463 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.test.eidas.specific.modules.authmodule_eIDASv2; - -import static org.junit.Assert.fail; - -import java.io.IOException; -import java.text.SimpleDateFormat; -import java.util.HashMap; -import java.util.Map; - -import org.joda.time.DateTime; -import org.junit.BeforeClass; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.annotation.DirtiesContext; -import org.springframework.test.annotation.DirtiesContext.ClassMode; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.DAO.ERnBeIDData; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.CCSpecificEIDProcessingService; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration("/SpringTest-context_tasks_test.xml") -@DirtiesContext(classMode = ClassMode.AFTER_CLASS) -public class eIDASAttributePostProcessingTest { - - @Autowired private CCSpecificEIDProcessingService postProcessor; - - //lower case - private static final String P1_eIDASID = "DE/AT/532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25"; - private static final String P1_GIVENNAME = "Max"; - private static final String P1_FAMILYNAME = "Mustermann"; - private static final DateTime P1_DATEOFBIRTH = DateTime.now(); - private static final String P1_PLACEOFBIRTH = "Nirgendwo"; - private static final String P1_BIRTHNAME = "Musterkind"; - - //mixed - private static final String P3_eIDASID = "DE/AT/532eaabd9574880dbf76b9b8cc00832c20A6ec113d682299550d7a6e0f345e25"; - private static final String P3_GIVENNAME = "Max"; - private static final String P3_FAMILYNAME = "Mustermann"; - private static final DateTime P3_DATEOFBIRTH = DateTime.now(); - private static final String P3_PLACEOFBIRTH = "Nirgendwo"; - private static final String P3_BIRTHNAME = "Musterkind"; - - //upper case - private static final String P4_eIDASID = "DE/AT/532EAABD9574880DBF76B9B8CC00832C20A6EC113D682299550D7A6E0F345E25"; - private static final String P4_GIVENNAME = "Max"; - private static final String P4_FAMILYNAME = "Mustermann"; - private static final DateTime P4_DATEOFBIRTH = DateTime.now(); - private static final String P4_PLACEOFBIRTH = "Nirgendwo"; - private static final String P4_BIRTHNAME = "Musterkind"; - - //To long identifier - private static final String P5_eIDASID = "DE/AT/532EAABD9574880DBF76B9B8CC00832C20A6EC113D682299550D7A6E0F345E251"; - private static final String P5_GIVENNAME = "Max"; - private static final String P5_FAMILYNAME = "Mustermann"; - private static final DateTime P5_DATEOFBIRTH = DateTime.now(); - private static final String P5_PLACEOFBIRTH = "Nirgendwo"; - private static final String P5_BIRTHNAME = "Musterkind"; - - //to short identifier - private static final String P6_eIDASID = "DE/AT/532EAABD9574880DBF76B9B8CC00832C20A6EC113D682299550D7A6E0F"; - private static final String P6_GIVENNAME = "Max"; - private static final String P6_FAMILYNAME = "Mustermann"; - private static final DateTime P6_DATEOFBIRTH = DateTime.now(); - private static final String P6_PLACEOFBIRTH = "Nirgendwo"; - private static final String P6_BIRTHNAME = "Musterkind"; - - //no hex encoded identifier - private static final String P7_eIDASID = "DE/AT/532EAABD9574880DBF76B9B8CC00832C20A6EC113D682299550D7A6E0F"; - private static final String P7_GIVENNAME = "Max"; - private static final String P7_FAMILYNAME = "Mustermann"; - private static final DateTime P7_DATEOFBIRTH = DateTime.now(); - private static final String P7_PLACEOFBIRTH = "Nirgendwo"; - private static final String P7_BIRTHNAME = "Musterkind"; - - - private static final String P2_eIDASID = "EE/AT/asfasfasdfasdfasdfasdfasdfasvafasdfasdfasdfasdfasdfasvascasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasd"; - private static final String P2_GIVENNAME = "Max"; - private static final String P2_FAMILYNAME = "Mustermann"; - private static final DateTime P2_DATEOFBIRTH = DateTime.now(); - private static final String P2_PLACEOFBIRTH = "Nirgendwo"; - private static final String P2_BIRTHNAME = "Musterkind"; - - - @BeforeClass - public static void classInitializer() throws IOException { - final String current = new java.io.File( "." ).toURI().toString(); - System.setProperty("eidas.ms.configuration", current + "../../basicConfig/default_config.properties"); - - } - - - @Test - public void DEWithHexLowerCase() throws Exception { - try { - ERnBeIDData result = postProcessor.postProcess( - generateInputData( - P1_eIDASID, - P1_FAMILYNAME, - P1_GIVENNAME, - P1_DATEOFBIRTH, - P1_PLACEOFBIRTH, - P1_BIRTHNAME) - ); - - validate(result, - "Uy6qvZV0iA2/drm4zACDLCCm7BE9aCKZVQ16bg80XiU=", - P1_FAMILYNAME, - P1_GIVENNAME, - P1_DATEOFBIRTH, - P1_PLACEOFBIRTH, - P1_BIRTHNAME - ); - - } catch (Exception e) { - e.printStackTrace(); - fail(e.getMessage()); - - } - } - - - @Test - public void DEWithHexMixedCase() throws Exception { - try { - ERnBeIDData result = postProcessor.postProcess( - generateInputData( - P3_eIDASID, - P3_FAMILYNAME, - P3_GIVENNAME, - P3_DATEOFBIRTH, - P3_PLACEOFBIRTH, - P3_BIRTHNAME) - ); - - validate(result, - "Uy6qvZV0iA2/drm4zACDLCCm7BE9aCKZVQ16bg80XiU=", - P3_FAMILYNAME, - P3_GIVENNAME, - P3_DATEOFBIRTH, - P3_PLACEOFBIRTH, - P3_BIRTHNAME - ); - - } catch (Exception e) { - e.printStackTrace(); - fail(e.getMessage()); - - } - } - - @Test - public void DEWithHexUpperCase() throws Exception { - try { - ERnBeIDData result = postProcessor.postProcess( - generateInputData( - P4_eIDASID, - P4_FAMILYNAME, - P4_GIVENNAME, - P4_DATEOFBIRTH, - P4_PLACEOFBIRTH, - P4_BIRTHNAME) - ); - - validate(result, - "Uy6qvZV0iA2/drm4zACDLCCm7BE9aCKZVQ16bg80XiU=", - P4_FAMILYNAME, - P4_GIVENNAME, - P4_DATEOFBIRTH, - P4_PLACEOFBIRTH, - P4_BIRTHNAME - ); - - } catch (Exception e) { - e.printStackTrace(); - fail(e.getMessage()); - - } - } - - @Test - public void DEWithHexTooLongCase() throws Exception { - try { - ERnBeIDData result = postProcessor.postProcess( - generateInputData( - P5_eIDASID, - P5_FAMILYNAME, - P5_GIVENNAME, - P5_DATEOFBIRTH, - P5_PLACEOFBIRTH, - P5_BIRTHNAME) - ); - - - - } catch (Exception e) { - return; - - } - - fail("Too long input accepted"); - } - - @Test - public void DEWithHexTooShortCase() throws Exception { - try { - ERnBeIDData result = postProcessor.postProcess( - generateInputData( - P6_eIDASID, - P6_FAMILYNAME, - P6_GIVENNAME, - P6_DATEOFBIRTH, - P6_PLACEOFBIRTH, - P6_BIRTHNAME) - ); - - - } catch (Exception e) { - return; - - } - - fail("Too short input accepted"); - } - - @Test - public void DEWithNoHexCase() throws Exception { - try { - ERnBeIDData result = postProcessor.postProcess( - generateInputData( - P7_eIDASID, - P7_FAMILYNAME, - P7_GIVENNAME, - P7_DATEOFBIRTH, - P7_PLACEOFBIRTH, - P7_BIRTHNAME) - ); - - - } catch (Exception e) { - return; - - } - - fail("Not hex encoded input accepted"); - } - - @Test - public void EETestCase() throws Exception { - try { - ERnBeIDData result = postProcessor.postProcess( - generateInputData( - P2_eIDASID, - P2_FAMILYNAME, - P2_GIVENNAME, - P2_DATEOFBIRTH, - P2_PLACEOFBIRTH, - P2_BIRTHNAME) - ); - - validate(result, - "asfasfasdfasdfasdfasdfasdfasvafasdfasdfasdfasdfasdfasvascasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasd", - P2_FAMILYNAME, - P2_GIVENNAME, - P2_DATEOFBIRTH, - P2_PLACEOFBIRTH, - P2_BIRTHNAME - ); - - } catch (Exception e) { - e.printStackTrace(); - fail(e.getMessage()); - - } - } - - - @Test - public void EETestFamilyNameMissingCase() throws Exception { - try { - ERnBeIDData result = postProcessor.postProcess( - generateInputData( - P2_eIDASID, - null, - P2_GIVENNAME, - P2_DATEOFBIRTH, - P2_PLACEOFBIRTH, - P2_BIRTHNAME) - ); - - validate(result, - "asfasfasdfasdfasdfasdfasdfasvafasdfasdfasdfasdfasdfasvascasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasd", - P2_FAMILYNAME, - P2_GIVENNAME, - P2_DATEOFBIRTH, - P2_PLACEOFBIRTH, - P2_BIRTHNAME - ); - - } catch (Exception e) { - return; - - } - - fail("FamilyName missing input accepted"); - - } - - @Test - public void EETestGivenNameMissingCase() throws Exception { - try { - ERnBeIDData result = postProcessor.postProcess( - generateInputData( - P2_eIDASID, - P2_FAMILYNAME, - null, - P2_DATEOFBIRTH, - P2_PLACEOFBIRTH, - P2_BIRTHNAME) - ); - - validate(result, - "asfasfasdfasdfasdfasdfasdfasvafasdfasdfasdfasdfasdfasvascasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasd", - P2_FAMILYNAME, - P2_GIVENNAME, - P2_DATEOFBIRTH, - P2_PLACEOFBIRTH, - P2_BIRTHNAME - ); - - } catch (Exception e) { - return; - - } - - fail("GivenName missing input accepted"); - - } - - @Test - public void EETestDateOfBirthMissingCase() throws Exception { - try { - ERnBeIDData result = postProcessor.postProcess( - generateInputData( - P2_eIDASID, - P2_FAMILYNAME, - P2_GIVENNAME, - null, - P2_PLACEOFBIRTH, - P2_BIRTHNAME) - ); - - validate(result, - "asfasfasdfasdfasdfasdfasdfasvafasdfasdfasdfasdfasdfasvascasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasd", - P2_FAMILYNAME, - P2_GIVENNAME, - P2_DATEOFBIRTH, - P2_PLACEOFBIRTH, - P2_BIRTHNAME - ); - - } catch (Exception e) { - return; - - } - - fail("DateOfBirth missing input accepted"); - - } - - @Test - public void EETestIDMissingCase() throws Exception { - try { - ERnBeIDData result = postProcessor.postProcess( - generateInputData( - null, - P2_FAMILYNAME, - P2_GIVENNAME, - P2_DATEOFBIRTH, - P2_PLACEOFBIRTH, - P2_BIRTHNAME) - ); - - validate(result, - "asfasfasdfasdfasdfasdfasdfasvafasdfasdfasdfasdfasdfasvascasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasd", - P2_FAMILYNAME, - P2_GIVENNAME, - P2_DATEOFBIRTH, - P2_PLACEOFBIRTH, - P2_BIRTHNAME - ); - - } catch (Exception e) { - return; - - } - - fail("eIDAS-Id missing input accepted"); - - } - - private Map<String, Object> generateInputData(String id, String familyName, String givenName, DateTime dateOfBirth, String placeOfBirth, String birthName) { - Map<String, Object> result = new HashMap<String, Object>(); - result.put(Constants.eIDAS_ATTR_PERSONALIDENTIFIER, id); - result.put(Constants.eIDAS_ATTR_CURRENTGIVENNAME, givenName); - result.put(Constants.eIDAS_ATTR_CURRENTFAMILYNAME, familyName); - result.put(Constants.eIDAS_ATTR_DATEOFBIRTH, dateOfBirth); - result.put(Constants.eIDAS_ATTR_PLACEOFBIRTH, placeOfBirth); - result.put(Constants.eIDAS_ATTR_BIRTHNAME, birthName); - return result; - - } - - private void validate(ERnBeIDData result, String id, String familyName, String givenName, DateTime dateOfBirth, String placeOfBirth, String birthName) { - if (!result.getPseudonym().equals(id)) - fail(result.getPseudonym() + "is not equal to " + id); - - if (!result.getFamilyName().equals(familyName)) - fail(result.getFamilyName() + "is not equal to " + familyName); - - if (!result.getGivenName().equals(givenName)) - fail(result.getGivenName() + "is not equal to " + givenName); - - if (!result.getDateOfBirth().equals(dateOfBirth)) - fail(result.getDateOfBirth() + "is not equal to " + dateOfBirth); - - if (!result.getFormatedDateOfBirth().equals(new SimpleDateFormat("yyyy-MM-dd").format(dateOfBirth.toDate()))) - fail(result.getDateOfBirth() + "is not equal to " + new SimpleDateFormat("yyyy-MM-dd").format(dateOfBirth.toDate())); - - if (!result.getPlaceOfBirth().equals(placeOfBirth)) - fail(result.getPlaceOfBirth() + "is not equal to " + placeOfBirth); - - if (!result.getBirthName().equals(birthName)) - fail(result.getBirthName() + "is not equal to " + birthName); - - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/eIDASDataStoreTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/eIDASDataStoreTest.java deleted file mode 100644 index dede8202..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/eIDASDataStoreTest.java +++ /dev/null @@ -1,109 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -//package at.asitplus.test.eidas.specific.modules.authmodule_eIDASv2; -// -//import java.security.MessageDigest; -// -//import org.apache.commons.lang3.StringUtils; -//import org.junit.Test; -//import org.junit.runner.RunWith; -//import org.springframework.beans.factory.annotation.Autowired; -//import org.springframework.test.context.ContextConfiguration; -//import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -//import org.springframework.util.Base64Utils; -// -//import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.SQLiteServiceException; -//import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException; -//import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.eIDASDataStore; -//import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils; -//import at.gv.egiz.eaaf.core.impl.data.Trible; -// -//@RunWith(SpringJUnit4ClassRunner.class) -//@ContextConfiguration("/SpringTest-context_basic_test.xml") -//public class eIDASDataStoreTest { -// -// @Autowired private eIDASDataStore dataStore; -// -// private static final String P1_TRANSID = "123456789"; -// private static final String P1_eIDASID = "DE/AT/121asdf1as5f1as6f1asd2f1asdf1asdf1asd23f1asdf1asdf4sd7fsdf1asdf1asd2f1asd56f7asdf4asdfasdf1"; -// -// private static final String P2_TRANSID = "987654321"; -// private static final String P2_eIDASID = "EE/AT/asfasfasdfasdfasdfasdfasdfasvafasdfasdfasdfasdfasdfasvascasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasd"; -// -// @Test -// public void dummyTest() { -// -// } -// -// @Test -// public void insertTestOne() throws SQLiteServiceException, eIDASAuthenticationException { -// Trible<String, String, String> eidasId = eIDASResponseUtils.parseEidasPersonalIdentifier(P1_eIDASID); -// String ernbId = createHashFromUniqueId(eidasId.getThird()); -// dataStore.storeNationalId( -// P1_TRANSID, -// eidasId, -// ernbId); -// -// -// if (StringUtils.isEmpty(dataStore.getEidasRawNationalId(ernbId)) -// && dataStore.getEidasRawNationalId(ernbId).equals(eidasId.getThird())) -// throw new SQLiteServiceException("No eIDAS RAW Id in SQLite DB", null); -// -// if (StringUtils.isEmpty(dataStore.getErnbNationalId(eidasId)) -// && dataStore.getErnbNationalId(eidasId).equals(ernbId) ) -// throw new SQLiteServiceException("No ERnB Id in SQLite DB", null); -// -// } -// -// @Test -// public void insertTestTwo() throws SQLiteServiceException, eIDASAuthenticationException { -// Trible<String, String, String> eidasId = eIDASResponseUtils.parseEidasPersonalIdentifier(P2_eIDASID); -// String ernbId = createHashFromUniqueId(eidasId.getThird()); -// dataStore.storeNationalId( -// P2_TRANSID, -// eidasId, -// ernbId); -// -// if (StringUtils.isEmpty(dataStore.getEidasRawNationalId(ernbId)) -// && dataStore.getEidasRawNationalId(ernbId).equals(eidasId.getThird())) -// throw new SQLiteServiceException("No eIDAS RAW Id in SQLite DB", null); -// -// if (StringUtils.isEmpty(dataStore.getErnbNationalId(eidasId)) -// && dataStore.getErnbNationalId(eidasId).equals(ernbId)) -// throw new SQLiteServiceException("No ERnB Id in SQLite DB", null); -// -// } -// -// private String createHashFromUniqueId(String uniqueId) throws eIDASAuthenticationException { -// try { -// MessageDigest md = MessageDigest.getInstance("SHA-256"); -// byte[] hash = md.digest(uniqueId.getBytes("UTF-8")); -// String hashBase64 = new String(Base64Utils.encode(hash), "UTF-8").replaceAll("\r\n", ""); -// return hashBase64; -// -// } catch (Exception ex) { -// throw new eIDASAuthenticationException("internal.03", new Object[]{}, ex); -// -// } -// } -//} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/eIDASRequestPreProcessingFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/eIDASRequestPreProcessingFirstTest.java deleted file mode 100644 index 09af53b7..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/eIDASRequestPreProcessingFirstTest.java +++ /dev/null @@ -1,133 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.test.eidas.specific.modules.authmodule_eIDASv2; - -import java.io.IOException; -import java.util.HashMap; -import java.util.Map; -import java.util.UUID; - -import org.junit.Assert; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.annotation.DirtiesContext; -import org.springframework.test.annotation.DirtiesContext.ClassMode; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDPostProcessingException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.CCSpecificEIDProcessingService; -import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; -import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; -import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; -import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; -import eu.eidas.auth.commons.light.impl.LightRequest; -import eu.eidas.auth.commons.light.impl.LightRequest.Builder; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration("/SpringTest-context_tasks_test.xml") -@DirtiesContext(classMode = ClassMode.AFTER_CLASS) -public class eIDASRequestPreProcessingFirstTest { - - @Autowired private IConfigurationWithSP basicConfig; - @Autowired private CCSpecificEIDProcessingService preProcessor; - - private TestRequestImpl pendingReq; - private DummySpConfiguration oaParam; - private Builder authnRequestBuilder; - - - @BeforeClass - public static void classInitializer() throws IOException { - final String current = new java.io.File( "." ).toURI().toString(); - System.setProperty("eidas.ms.configuration", current + "../../basicConfig/default_config.properties"); - - } - - @Before - public void setUp() { - - Map<String, String> spConfig = new HashMap<>(); - spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); - spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); - oaParam = new DummySpConfiguration(spConfig , basicConfig); - - pendingReq = new TestRequestImpl(); - pendingReq.setSpConfig(oaParam); - pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); - pendingReq.setAuthUrl("http://test.com/"); - - authnRequestBuilder = LightRequest.builder(); - authnRequestBuilder.id(UUID.randomUUID().toString()); - authnRequestBuilder.issuer("Test"); - - } - - @Test - public void prePreProcessGeneric() throws eIDPostProcessingException { - String testCountry = "XX"; - authnRequestBuilder.citizenCountryCode(testCountry); - preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder); - - LightRequest lightReq = authnRequestBuilder.build(); - - Assert.assertEquals("ProviderName is not Static", Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, lightReq.getProviderName()); - Assert.assertEquals("no PublicSP", "public", lightReq.getSpType()); - Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size()); - - } - - @Test - public void prePreProcessGenericNoCountryCode() throws eIDPostProcessingException { - String testCountry = "XX"; - authnRequestBuilder.citizenCountryCode(testCountry); - preProcessor.preProcess(null, pendingReq, authnRequestBuilder); - - LightRequest lightReq = authnRequestBuilder.build(); - - Assert.assertEquals("ProviderName is not Static", Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, lightReq.getProviderName()); - Assert.assertEquals("no PublicSP", "public", lightReq.getSpType()); - Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size()); - - } - - @Test - public void prePreProcessDE() throws eIDPostProcessingException { - - String testCountry = "DE"; - authnRequestBuilder.citizenCountryCode(testCountry); - preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder); - - LightRequest lightReq = authnRequestBuilder.build(); - - Assert.assertEquals("ProviderName is not Static", Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, lightReq.getProviderName()); - Assert.assertEquals("no PublicSP", "public", lightReq.getSpType()); - Assert.assertEquals("Requested attribute size not match", 8, lightReq.getRequestedAttributes().size()); - - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/eIDASRequestPreProcessingSecondTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/eIDASRequestPreProcessingSecondTest.java deleted file mode 100644 index c6b1c8d3..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/eIDASRequestPreProcessingSecondTest.java +++ /dev/null @@ -1,104 +0,0 @@ -/******************************************************************************* - * Copyright 2018 A-SIT Plus GmbH - * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, - * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "License"); - * You may not use this work except in compliance with the License. - * You may obtain a copy of the License at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.asitplus.test.eidas.specific.modules.authmodule_eIDASv2; - -import java.io.IOException; -import java.util.HashMap; -import java.util.Map; -import java.util.UUID; - -import org.junit.Assert; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.annotation.DirtiesContext; -import org.springframework.test.annotation.DirtiesContext.ClassMode; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDPostProcessingException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.CCSpecificEIDProcessingService; -import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; -import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; -import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; -import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; -import eu.eidas.auth.commons.light.impl.LightRequest; -import eu.eidas.auth.commons.light.impl.LightRequest.Builder; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration("/SpringTest-context_tasks_test.xml") -@DirtiesContext(classMode = ClassMode.AFTER_CLASS) -public class eIDASRequestPreProcessingSecondTest { - - @Autowired private IConfigurationWithSP basicConfig; - @Autowired private CCSpecificEIDProcessingService preProcessor; - - private TestRequestImpl pendingReq; - private DummySpConfiguration oaParam; - private Builder authnRequestBuilder; - - - @BeforeClass - public static void classInitializer() throws IOException { - final String current = new java.io.File( "." ).toURI().toString(); - System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1.properties"); - - } - - @Before - public void setUp() { - - Map<String, String> spConfig = new HashMap<>(); - spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); - spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); - oaParam = new DummySpConfiguration(spConfig , basicConfig); - - pendingReq = new TestRequestImpl(); - pendingReq.setSpConfig(oaParam); - pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); - pendingReq.setAuthUrl("http://test.com/"); - - authnRequestBuilder = LightRequest.builder(); - authnRequestBuilder.id(UUID.randomUUID().toString()); - authnRequestBuilder.issuer("Test"); - - } - - @Test - public void prePreProcessDEUnknownAttribute() throws eIDPostProcessingException { - - String testCountry = "DE"; - authnRequestBuilder.citizenCountryCode(testCountry); - preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder); - - LightRequest lightReq = authnRequestBuilder.build(); - - Assert.assertEquals("ProviderName is not Static", "myNode", lightReq.getProviderName()); - Assert.assertEquals("no PublicSP", "public", lightReq.getSpType()); - Assert.assertEquals("Requested attribute size not match", 8, lightReq.getRequestedAttributes().size()); - - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTaskFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTaskFirstTest.java deleted file mode 100644 index d89f7751..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTaskFirstTest.java +++ /dev/null @@ -1,104 +0,0 @@ -package at.asitplus.test.eidas.specific.modules.authmodule_eIDASv2.tasks; - -import java.io.IOException; -import java.util.HashMap; -import java.util.Map; - -import org.junit.Assert; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.test.annotation.DirtiesContext; -import org.springframework.test.annotation.DirtiesContext.ClassMode; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.web.context.request.RequestContextHolder; -import org.springframework.web.context.request.ServletRequestAttributes; - -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.tasks.GenerateAuthnRequestTask; -import at.asitplus.test.eidas.specific.modules.authmodule_eIDASv2.dummy.DummySpecificCommunicationService; -import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; -import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; -import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; -import eu.eidas.auth.commons.light.ILightRequest; -import eu.eidas.specificcommunication.exception.SpecificCommunicationException; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration("/SpringTest-context_tasks_test.xml") -@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) -public class GenerateAuthnRequestTaskFirstTest { - - @Autowired(required=true) private GenerateAuthnRequestTask task; - @Autowired(required=true) private DummySpecificCommunicationService commService; - @Autowired(required=true) private IConfiguration basicConfig; - - final ExecutionContext executionContext = new ExecutionContextImpl(); - private MockHttpServletRequest httpReq; - private MockHttpServletResponse httpResp; - private TestRequestImpl pendingReq; - private DummySpConfiguration oaParam; - - @BeforeClass - public static void classInitializer() throws IOException { - final String current = new java.io.File( "." ).toURI().toString(); - System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1.properties"); - - } - - @Before - public void setUp() { - - httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); - httpResp = new MockHttpServletResponse(); - RequestContextHolder.resetRequestAttributes(); - RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); - - Map<String, String> spConfig = new HashMap<>(); - spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); - spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); - oaParam = new DummySpConfiguration(spConfig , basicConfig); - - pendingReq = new TestRequestImpl(); - pendingReq.setSpConfig(oaParam); - pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); - pendingReq.setAuthUrl("http://test.com/"); - - } - - @Test - @DirtiesContext - public void withCustomStaticProviderNameForPublicSPs() throws TaskExecutionException, SpecificCommunicationException { - executionContext.put(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); - - try { - task.execute(pendingReq, executionContext); - - } catch (TaskExecutionException e) { - //forward URL is not set in example config - org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e.getOriginalException(), "Wrong exception"); - Assert.assertEquals("wrong errorCode", "config.08", ((EaafException) e.getOriginalException()).getErrorId()); - Assert.assertEquals("wrong parameter size", 1, ((EaafException) e.getOriginalException()).getParams().length); - Assert.assertEquals("wrong errorMsg", Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL, ((EaafException) e.getOriginalException()).getParams()[0]); - - } - - ILightRequest eIDASReq = commService.getAndRemoveRequest(null, null); - - Assert.assertEquals("ProviderName is not Static", "myNode", eIDASReq.getProviderName()); - Assert.assertEquals("no PublicSP", "public", eIDASReq.getSpType()); - Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eIDASReq.getLevelOfAssurance()); - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTaskSecondTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTaskSecondTest.java deleted file mode 100644 index 8eac7d3f..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTaskSecondTest.java +++ /dev/null @@ -1,120 +0,0 @@ -package at.asitplus.test.eidas.specific.modules.authmodule_eIDASv2.tasks; - -import java.io.IOException; -import java.util.HashMap; -import java.util.Map; - -import org.junit.Assert; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.test.annotation.DirtiesContext; -import org.springframework.test.annotation.DirtiesContext.ClassMode; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.web.context.request.RequestContextHolder; -import org.springframework.web.context.request.ServletRequestAttributes; - -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.tasks.GenerateAuthnRequestTask; -import at.asitplus.test.eidas.specific.modules.authmodule_eIDASv2.dummy.DummySpecificCommunicationService; -import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; -import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; -import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; -import eu.eidas.auth.commons.light.ILightRequest; -import eu.eidas.specificcommunication.exception.SpecificCommunicationException; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration("/SpringTest-context_tasks_test.xml") -@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) -public class GenerateAuthnRequestTaskSecondTest { - - @Autowired(required=true) private GenerateAuthnRequestTask task; - @Autowired(required=true) private DummySpecificCommunicationService commService; - @Autowired(required=true) private IConfiguration basicConfig; - - final ExecutionContext executionContext = new ExecutionContextImpl(); - private MockHttpServletRequest httpReq; - private MockHttpServletResponse httpResp; - private TestRequestImpl pendingReq; - private DummySpConfiguration oaParam; - - @BeforeClass - public static void classInitializer() throws IOException { - final String current = new java.io.File( "." ).toURI().toString(); - System.setProperty("eidas.ms.configuration", current + "../../basicConfig/default_config.properties"); - - } - - @Before - public void setUp() { - - httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); - httpResp = new MockHttpServletResponse(); - RequestContextHolder.resetRequestAttributes(); - RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); - - Map<String, String> spConfig = new HashMap<>(); - spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); - spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); - oaParam = new DummySpConfiguration(spConfig , basicConfig); - - pendingReq = new TestRequestImpl(); - pendingReq.setSpConfig(oaParam); - pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); - pendingReq.setAuthUrl("http://test.com/"); - - } - - @Test - public void noCountryCode() { - try { - task.execute(pendingReq, executionContext); - Assert.fail("No countryCode not detected"); - - } catch (TaskExecutionException e) { - Assert.assertEquals("wrong pendingReqId", pendingReq.getPendingRequestId(), e.getPendingRequestID()); - org.springframework.util.Assert.isInstanceOf(eIDASAuthenticationException.class, e.getOriginalException(), "Wrong exception"); - Assert.assertEquals("wrong errorCode", "eidas.03", ((EaafException) e.getOriginalException()).getErrorId()); - - } - - } - - @Test - @DirtiesContext - public void withStaticProviderNameForPublicSPs() throws TaskExecutionException, SpecificCommunicationException { - executionContext.put(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); - - try { - task.execute(pendingReq, executionContext); - - } catch (TaskExecutionException e) { - //forward URL is not set in example config - org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e.getOriginalException(), "Wrong exception"); - Assert.assertEquals("wrong errorCode", "config.08", ((EaafException) e.getOriginalException()).getErrorId()); - Assert.assertEquals("wrong parameter size", 1, ((EaafException) e.getOriginalException()).getParams().length); - Assert.assertEquals("wrong errorMsg", Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_URL, ((EaafException) e.getOriginalException()).getParams()[0]); - - } - - ILightRequest eIDASReq = commService.getAndRemoveRequest(null, null); - - Assert.assertEquals("ProviderName is not Static", Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, eIDASReq.getProviderName()); - Assert.assertEquals("no PublicSP", "public", eIDASReq.getSpType()); - Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eIDASReq.getLevelOfAssurance()); - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTaskThirdTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTaskThirdTest.java deleted file mode 100644 index 429b2aca..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTaskThirdTest.java +++ /dev/null @@ -1,93 +0,0 @@ -package at.asitplus.test.eidas.specific.modules.authmodule_eIDASv2.tasks; - -import java.io.IOException; -import java.util.HashMap; -import java.util.Map; - -import org.junit.Assert; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.test.annotation.DirtiesContext; -import org.springframework.test.annotation.DirtiesContext.ClassMode; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.web.context.request.RequestContextHolder; -import org.springframework.web.context.request.ServletRequestAttributes; - -import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.tasks.GenerateAuthnRequestTask; -import at.asitplus.test.eidas.specific.modules.authmodule_eIDASv2.dummy.DummySpecificCommunicationService; -import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; -import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; -import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; -import eu.eidas.auth.commons.light.ILightRequest; -import eu.eidas.specificcommunication.exception.SpecificCommunicationException; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration("/SpringTest-context_tasks_test.xml") -@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) -public class GenerateAuthnRequestTaskThirdTest { - - @Autowired(required=true) private GenerateAuthnRequestTask task; - @Autowired(required=true) private DummySpecificCommunicationService commService; - @Autowired(required=true) private IConfiguration basicConfig; - - final ExecutionContext executionContext = new ExecutionContextImpl(); - private MockHttpServletRequest httpReq; - private MockHttpServletResponse httpResp; - private TestRequestImpl pendingReq; - private DummySpConfiguration oaParam; - - @BeforeClass - public static void classInitializer() throws IOException { - final String current = new java.io.File( "." ).toURI().toString(); - System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_2.properties"); - - } - - @Before - public void setUp() { - - httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); - httpResp = new MockHttpServletResponse(); - RequestContextHolder.resetRequestAttributes(); - RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); - - Map<String, String> spConfig = new HashMap<>(); - spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); - spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); - oaParam = new DummySpConfiguration(spConfig , basicConfig); - - pendingReq = new TestRequestImpl(); - pendingReq.setSpConfig(oaParam); - pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); - pendingReq.setAuthUrl("http://test.com/"); - - - } - - @Test - @DirtiesContext - public void withDynamicProviderNameForPublicSPs() throws TaskExecutionException, SpecificCommunicationException { - executionContext.put(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); - - task.execute(pendingReq, executionContext); - Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); - - ILightRequest eIDASReq = commService.getAndRemoveRequest(null, null); - - Assert.assertNull("ProviderName found", eIDASReq.getProviderName()); - Assert.assertEquals("no PublicSP", "public", eIDASReq.getSpType()); - Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eIDASReq.getLevelOfAssurance()); - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml index 79256673..1f198e20 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml @@ -1,36 +1,39 @@ <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" - xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop" - xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd - http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd - http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd - http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> - - <context:annotation-config /> - - <bean id="SZRClientForeIDAS" - class="at.asitplus.eidas.specific.modules.authmodule_eIDASv2.szr.SZRClient" /> - -<!-- <bean id="eIDASDataStore" - class="at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.eIDASDataStore" /> --> - - <bean id="EIDPostProcessingService" - class="at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.CCSpecificEIDProcessingService" /> - - <bean id="DE-PostProcessor" - class="at.asitplus.eidas.specific.modules.authmodule_eIDASv2.handler.DEeIDProcessor"> - <property name="priority" value="1" /> - </bean> - - <bean id="Default-PostProcessor" - class="at.asitplus.eidas.specific.modules.authmodule_eIDASv2.handler.GenericeIDProcessor"> - <property name="priority" value="0" /> - </bean> - - <bean id="BasicMSSpecificNodeConfig" - class="at.asitplus.eidas.specific.connector.config.BasicConfigurationProvider"> - <constructor-arg value="#{systemProperties['eidas.ms.configuration'] != null ? systemProperties['eidas.ms.configuration'] : 'file:/F:/Projekte/configs/ms_connector/default_config.properties' }"/> - </bean> + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <context:annotation-config /> + + <bean id="SZRClientForeIDAS" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient" /> + + <!-- <bean id="eIDASDataStore" class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.eIDASDataStore" + /> --> + + <bean id="EIDPostProcessingService" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.CcSpecificEidProcessingService" /> + + <bean id="DE-PostProcessor" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.DeEidProcessor"> + <property name="priority" value="1" /> + </bean> + + <bean id="Default-PostProcessor" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.GenericEidProcessor"> + <property name="priority" value="0" /> + </bean> + + <bean id="BasicMSSpecificNodeConfig" + class="at.asitplus.eidas.specific.connector.config.BasicConfigurationProvider"> + <constructor-arg + value="#{systemProperties['eidas.ms.configuration'] != null ? systemProperties['eidas.ms.configuration'] : 'file:/F:/Projekte/configs/ms_connector/default_config.properties' }" /> + </bean> </beans>
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml index dafdcf94..dd116bd3 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml @@ -1,53 +1,61 @@ <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" - xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop" - xmlns:mvc="http://www.springframework.org/schema/mvc" - xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd - http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd - http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd - http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd - http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd"> - - <context:annotation-config /> - <mvc:annotation-driven /> - <mvc:default-servlet-handler/> - - - <import resource="SpringTest-context_authManager.xml"/> - <import resource="SpringTest-context_basic_test.xml"/> - - <bean id="mvcGUIBuilderImpl" - class="at.asitplus.eidas.specific.connector.gui.SpringMvcGuiFormBuilderImpl"/> - - <bean id="springManagedSpecificConnectorCommunicationService" - class="at.asitplus.test.eidas.specific.modules.authmodule_eIDASv2.dummy.DummySpecificCommunicationService" /> - - <bean id="specificConnectorAttributesFileWithPath" class="java.lang.String"> - <constructor-arg value="src/test/resources/config/eidas-attributes.xml"/> - </bean> - - <bean id="specificConnectorAdditionalAttributesFileWithPath" class="java.lang.String"> - <constructor-arg value="src/test/resources/config/additional-attributes.xml"/> - </bean> - - <bean id="attributeRegistry" - class="at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry"> - <property name="eidasAttributesFile" ref="specificConnectorAttributesFileWithPath"/> - <property name="additionalAttributesFile" ref="specificConnectorAdditionalAttributesFileWithPath"/> - </bean> - - <!-- Authentication Process Tasks --> - <bean id="ConnecteIDASNodeTask" - class="at.asitplus.eidas.specific.modules.authmodule_eIDASv2.tasks.GenerateAuthnRequestTask" - scope="prototype" /> - - <bean id="ReceiveResponseFromeIDASNodeTask" - class="at.asitplus.eidas.specific.modules.authmodule_eIDASv2.tasks.ReceiveAuthnResponseTask" - scope="prototype" /> - - <bean id="CreateIdentityLinkTask" - class="at.asitplus.eidas.specific.modules.authmodule_eIDASv2.tasks.CreateIdentityLinkTask" - scope="prototype" /> + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xmlns:mvc="http://www.springframework.org/schema/mvc" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd + http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd"> + + <context:annotation-config /> + <mvc:annotation-driven /> + <mvc:default-servlet-handler /> + + + <import resource="SpringTest-context_authManager.xml" /> + <import resource="SpringTest-context_basic_test.xml" /> + + <bean id="mvcGUIBuilderImpl" + class="at.asitplus.eidas.specific.connector.gui.SpringMvcGuiFormBuilderImpl" /> + + <bean id="springManagedSpecificConnectorCommunicationService" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService" /> + + <bean id="specificConnectorAttributesFileWithPath" + class="java.lang.String"> + <constructor-arg + value="src/test/resources/config/eidas-attributes.xml" /> + </bean> + + <bean id="specificConnectorAdditionalAttributesFileWithPath" + class="java.lang.String"> + <constructor-arg + value="src/test/resources/config/additional-attributes.xml" /> + </bean> + + <bean id="attributeRegistry" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry"> + <property name="eidasAttributesFile" + ref="specificConnectorAttributesFileWithPath" /> + <property name="additionalAttributesFile" + ref="specificConnectorAdditionalAttributesFileWithPath" /> + </bean> + + <!-- Authentication Process Tasks --> + <bean id="ConnecteIDASNodeTask" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask" + scope="prototype" /> + + <bean id="ReceiveResponseFromeIDASNodeTask" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAuthnResponseTask" + scope="prototype" /> + + <bean id="CreateIdentityLinkTask" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask" + scope="prototype" /> </beans>
\ No newline at end of file @@ -12,6 +12,7 @@ <properties> <!-- Project versions --> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <egiz.eidas.version>${project.version}</egiz.eidas.version> @@ -215,6 +216,13 @@ </dependency> <dependency> <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_core_utils</artifactId> + <version>${eaaf-core.version}</version> + <scope>test</scope> + <type>test-jar</type> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf-core</artifactId> <version>${eaaf-core.version}</version> <scope>test</scope> @@ -278,10 +286,9 @@ <configLocation>https://apps.egiz.gv.at/checkstyle/egiz_checks.xml</configLocation> <suppressionsLocation>checks/checkstyleSuppress.xml</suppressionsLocation> <failsOnError>false</failsOnError> - <failOnViolation>false</failOnViolation> + <failOnViolation>true</failOnViolation> <violationSeverity>warning</violationSeverity> <includeTestResources>false</includeTestResources> - <!-- excludes>**/moaspss_config/**,**/data/**</excludes --> </configuration> <executions> <execution> @@ -371,11 +378,14 @@ <sourceEncoding>utf-8</sourceEncoding> <minimumTokens>100</minimumTokens> <targetJdk>1.8</targetJdk> - <failOnViolation>false</failOnViolation> + <failOnViolation>true</failOnViolation> <printFailingErrors>true</printFailingErrors> <rulesets> <ruleset>${pmw_rules_location}</ruleset> </rulesets> + <excludeRoots> + <excludeRoot>target/generated/cxf</excludeRoot> + </excludeRoots> </configuration> </plugin> @@ -393,7 +403,7 @@ </execution> </executions> <configuration> - <failOnError>false</failOnError> + <failOnError>true</failOnError> </configuration> </plugin> </plugins> |