aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-12-14 12:14:39 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-12-14 12:14:39 +0100
commite50146d903bde90b9d90dd41f35b0652ff8345ae (patch)
tree37f9643f9860639097495b9cb00818a2264a91f5
parent583c57b9eb692c7db34b618116294796e527eafe (diff)
downloadNational_eIDAS_Gateway-e50146d903bde90b9d90dd41f35b0652ff8345ae.tar.gz
National_eIDAS_Gateway-e50146d903bde90b9d90dd41f35b0652ff8345ae.tar.bz2
National_eIDAS_Gateway-e50146d903bde90b9d90dd41f35b0652ff8345ae.zip
add some more jUnit tests
-rw-r--r--basicConfig/default_config.properties2
-rw-r--r--connector/src/test/java/at/asitplus/eidas/specific/connector/test/BasicConfigurationTest.java135
-rw-r--r--connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java43
-rw-r--r--connector/src/test/resources/config/junit_config_1.properties14
-rw-r--r--connector/src/test/resources/data/metadata_expired.xml (renamed from connector/src/test/resources/data/metadata.xml)0
-rw-r--r--connector/src/test/resources/data/metadata_valid.xml106
-rw-r--r--connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java4
7 files changed, 296 insertions, 8 deletions
diff --git a/basicConfig/default_config.properties b/basicConfig/default_config.properties
index 483e9c97..fabfdfef 100644
--- a/basicConfig/default_config.properties
+++ b/basicConfig/default_config.properties
@@ -119,7 +119,7 @@ eidas.ms.sp.0.pvp2.metadata.truststore.password=
##only for advanced config
eidas.ms.configuration.sp.disableRegistrationRequirement=
-eidas.ms.configuration.restrictions.baseID.spTransmission=
+#eidas.ms.configuration.restrictions.baseID.spTransmission=
eidas.ms.configuration.auth.default.countrycode=
eidas.ms.configuration.pvp.scheme.validation=
eidas.ms.configuration.pvp.enable.entitycategories= \ No newline at end of file
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/BasicConfigurationTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/BasicConfigurationTest.java
new file mode 100644
index 00000000..6e52f113
--- /dev/null
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/BasicConfigurationTest.java
@@ -0,0 +1,135 @@
+package at.asitplus.eidas.specific.connector.test;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.cert.CertificateException;
+
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.config.InitializationException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.web.WebAppConfiguration;
+
+import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+ "/applicationContext.xml",
+ "/specific_eIDAS_connector.beans.xml",
+ "/eaaf_core.beans.xml",
+ "/eaaf_pvp.beans.xml",
+ "/eaaf_pvp_idp.beans.xml",
+ "/spring/SpringTest-context_simple_storage.xml" })
+@WebAppConfiguration
+@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
+public class BasicConfigurationTest {
+
+ @Autowired private IConfigurationWithSP basicConfig;
+
+ /**
+ * jUnit class initializer.
+ * @throws ComponentInitializationException In case of an error
+ * @throws InitializationException In case of an error
+ * @throws CertificateException
+ *
+ */
+ @BeforeClass
+ public static void classInitializer() throws InitializationException,
+ ComponentInitializationException, CertificateException {
+ final String current = new java.io.File(".").toURI().toString();
+ System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1.properties");
+
+ }
+
+
+ @Test
+ public void basicConfig() throws MalformedURLException, EaafException {
+ Assert.assertEquals("validate req. URL", "http://localhost",
+ basicConfig.validateIdpUrl(new URL("http://junit/test")));
+
+ Assert.assertEquals("validate req. URL", "http://localhost",
+ basicConfig.validateIdpUrl(new URL("http://localhost/test1/test")));
+
+ }
+
+ @Test
+ public void loadSpNotExist() throws EaafConfigurationException {
+ //check
+ ISpConfiguration sp = basicConfig.getServiceProviderConfiguration(
+ "https://not/exist");
+
+ //validate state
+ Assert.assertNull("spConfig", sp);
+
+
+ }
+
+ @Test
+ public void loadSpDefault() throws EaafConfigurationException {
+ //check
+ ISpConfiguration sp = basicConfig.getServiceProviderConfiguration(
+ "https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata");
+
+ //validate state
+ Assert.assertNotNull("spConfig", sp);
+ Assert.assertEquals("BaseId transfare restrication", true, sp.hasBaseIdTransferRestriction());
+ Assert.assertEquals("BaseId process restrication", false, sp.hasBaseIdInternalProcessingRestriction());
+
+ Assert.assertEquals("req. LoA size", 1, sp.getRequiredLoA().size());
+ Assert.assertEquals("req. LoA", EaafConstants.EIDAS_LOA_HIGH, sp.getRequiredLoA().get(0));
+ Assert.assertEquals("LoA matching mode",
+ EaafConstants.EIDAS_LOA_MATCHING_MINIMUM, sp.getLoAMatchingMode());
+
+ }
+
+ @Test
+ public void loadSpNoBaseIdTransferRestriction() throws EaafException {
+ //check
+ ServiceProviderConfiguration sp = basicConfig.getServiceProviderConfiguration(
+ "https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata", ServiceProviderConfiguration.class);
+
+ //validate state
+ Assert.assertNotNull("spConfig", sp);
+ Assert.assertNull("bPKTarget already set", sp.getAreaSpecificTargetIdentifier());
+
+ //validate baseId transfer restriction
+ sp.setBpkTargetIdentifier(EaafConstants.URN_PREFIX_CDID + "ZP");
+ Assert.assertEquals("BaseId restrication", false, sp.hasBaseIdTransferRestriction());
+ Assert.assertEquals("bPKTarget", EaafConstants.URN_PREFIX_CDID + "ZP", sp.getAreaSpecificTargetIdentifier());
+
+ sp.setBpkTargetIdentifier(EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+123456h");
+ Assert.assertEquals("BaseId restrication", true, sp.hasBaseIdTransferRestriction());
+
+ }
+
+ @Test
+ public void loadSpWithMsSpecificConfig() throws EaafConfigurationException {
+ //check
+ ServiceProviderConfiguration sp = basicConfig.getServiceProviderConfiguration(
+ "https://demo.egiz.gv.at/junit_test", ServiceProviderConfiguration.class);
+
+ //validate state
+ Assert.assertNotNull("spConfig", sp);
+ Assert.assertEquals("friendlyName", "jUnit test", sp.getFriendlyName());
+ Assert.assertEquals("UniqueId", "https://demo.egiz.gv.at/junit_test", sp.getUniqueIdentifier());
+ Assert.assertEquals("BaseId restrication", true, sp.hasBaseIdTransferRestriction());
+ Assert.assertEquals("generic config value", false,
+ sp.isConfigurationValue("policy.allowed.requested.targets"));
+ Assert.assertEquals("generic config value", "test",
+ sp.getConfigurationValue("policy.allowed.requested.targets"));
+ Assert.assertEquals("not_exist_value", "true", sp.getConfigurationValue("not.exist", "true"));
+
+ }
+}
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java
index da5693f3..81ee2625 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java
@@ -135,7 +135,7 @@ public class Pvp2SProfileEndPointTest {
httpReq.setParameter("SAMLRequest", b64);
final org.springframework.core.io.Resource resource = resourceLoader.getResource(
- "classpath:/data/metadata.xml");
+ "classpath:/data/metadata_valid.xml");
Timer timer = new Timer("PVP metadata-resolver refresh");
ResourceBackedMetadataResolver fileSystemResolver =
new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource));
@@ -172,7 +172,44 @@ public class Pvp2SProfileEndPointTest {
httpReq.setParameter("SAMLRequest", b64);
final org.springframework.core.io.Resource resource = resourceLoader.getResource(
- "classpath:/data/metadata.xml");
+ "classpath:/data/metadata_valid.xml");
+ Timer timer = new Timer("PVP metadata-resolver refresh");
+ ResourceBackedMetadataResolver fileSystemResolver =
+ new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource));
+ fileSystemResolver.setId("test");
+ fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool());
+ fileSystemResolver.initialize();
+ metadataProvider.addMetadataResolverIntoChain(fileSystemResolver);
+
+
+ //request SAML2 authentication
+ try {
+ controller.pvpIdpPostRequest(httpReq, httpResp);
+ Assert.fail("wrong AuthnRequest not detected");
+
+ }catch (EaafException e) {
+ Assert.assertEquals("wrong errorId", "pvp2.21", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ public void authnReqMetadataExpired() throws EaafException, XMLParserException, UnmarshallingException,
+ UnsupportedEncodingException, TransformerException, IOException, MarshallingException,
+ ComponentInitializationException {
+ //initialize test
+ final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+ XMLObjectProviderRegistrySupport.getParserPool(),
+ Pvp2SProfileEndPointTest.class.getResourceAsStream("/data/pvp2_authn_1.xml"));
+ authnReq.setIssueInstant(DateTime.now());
+ RequestAbstractType signedAuthnReq =
+ Saml2Utils.signSamlObject(authnReq, credentialProvider.getMetaDataSigningCredential(), true);
+ String b64 = Base64Utils.encodeToString(DomUtils.serializeNode(
+ XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8"));
+ httpReq.setParameter("SAMLRequest", b64);
+
+ final org.springframework.core.io.Resource resource = resourceLoader.getResource(
+ "classpath:/data/metadata_expired.xml");
Timer timer = new Timer("PVP metadata-resolver refresh");
ResourceBackedMetadataResolver fileSystemResolver =
new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource));
@@ -209,7 +246,7 @@ public class Pvp2SProfileEndPointTest {
httpReq.setParameter("SAMLRequest", b64);
final org.springframework.core.io.Resource resource = resourceLoader.getResource(
- "classpath:/data/metadata.xml");
+ "classpath:/data/metadata_valid.xml");
Timer timer = new Timer("PVP metadata-resolver refresh");
ResourceBackedMetadataResolver fileSystemResolver =
new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource));
diff --git a/connector/src/test/resources/config/junit_config_1.properties b/connector/src/test/resources/config/junit_config_1.properties
index ab6782a7..78981b6a 100644
--- a/connector/src/test/resources/config/junit_config_1.properties
+++ b/connector/src/test/resources/config/junit_config_1.properties
@@ -100,16 +100,24 @@ eidas.ms.pvp2.metadata.contact.email=max@junit.test
eidas.ms.sp.0.uniqueID=https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata
eidas.ms.sp.0.pvp2.metadata.truststore=keys/junit.jks
eidas.ms.sp.0.pvp2.metadata.truststore.password=password
-
-#eidas.ms.sp.0.friendlyName=
+eidas.ms.sp.0.friendlyName=jUnit test
#eidas.ms.sp.0.pvp2.metadata.url=
#eidas.ms.sp.0.policy.allowed.requested.targets=.*
#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false
+## Service Provider configuration
+eidas.ms.sp.1.uniqueID=https://demo.egiz.gv.at/junit_test
+eidas.ms.sp.1.pvp2.metadata.truststore=keys/junit.jks
+eidas.ms.sp.1.pvp2.metadata.truststore.password=password
+eidas.ms.sp.1.friendlyName=jUnit test
+eidas.ms.sp.1.pvp2.metadata.url=http://junit.test/metadata
+eidas.ms.sp.1.policy.allowed.requested.targets=test
+eidas.ms.sp.1.policy.hasBaseIdTransferRestriction=true
+
##only for advanced config
eidas.ms.configuration.sp.disableRegistrationRequirement=
-eidas.ms.configuration.restrictions.baseID.spTransmission=
+#eidas.ms.configuration.restrictions.baseID.spTransmission=
eidas.ms.configuration.auth.default.countrycode=
eidas.ms.configuration.pvp.scheme.validation=
eidas.ms.configuration.pvp.enable.entitycategories= \ No newline at end of file
diff --git a/connector/src/test/resources/data/metadata.xml b/connector/src/test/resources/data/metadata_expired.xml
index 16364c05..16364c05 100644
--- a/connector/src/test/resources/data/metadata.xml
+++ b/connector/src/test/resources/data/metadata_expired.xml
diff --git a/connector/src/test/resources/data/metadata_valid.xml b/connector/src/test/resources/data/metadata_valid.xml
new file mode 100644
index 00000000..06e1e785
--- /dev/null
+++ b/connector/src/test/resources/data/metadata_valid.xml
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_b67c160c0ad7b4ebd430581df167ac23" entityID="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata">
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:SignedInfo>
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+ <ds:Reference URI="#_b67c160c0ad7b4ebd430581df167ac23">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <ds:DigestValue>00SaL0XjeknOb/DttutP50lTyAux1jaRPJIVdSupWvU=</ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue>PfEBmLMX/ZgL6ViXghyWtal5MaMoW8k3zjw+54+WK1OAtVsVgOsIDRJE0M/a/VXBbMSifgY6J1gN23xhr61jkrjRQEkbDzLpWZLzWAJ65YqqUQo8wsKI2Gz0j12yY5D8/GOamKOH9KDi5ba1veXR/fnxRINoy7nZo4tcUWZChdl8BWkMN5ugr6dORNIQg/Ym3GabQ/hR5z+9FmveAKphdH63MC6qW3EgM9EMvOVkrLBTP92sNMAAJeaawui9tlxi9anVQ0OqwZsgKLvI7fyV4CM/0sd/ELjeReIlWlHk07Nz4eltMq3eOx3q1YurYvhE8XapHiQMehOtCS+Fzh10sw==</ds:SignatureValue>
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH
+SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W
+ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w
+CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ
+RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq
+UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+
+M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F
+Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt
+1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq
+nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC
+VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq
+itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc
+2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O
+fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy
+4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </ds:Signature>
+ <md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ <md:KeyDescriptor use="signing">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>MIIBbTCCARKgAwIBAgIEXjF+qTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJBVDEN
+MAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcw
+HhcNMjAwMTI5MTI0NjMzWhcNMjcwMTI4MTI0NjMzWjA+MQswCQYDVQQGEwJBVDEN
+MAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcw
+WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASRt7gZRrr4rSEE7Q922oKQJF+mlkwC
+LZnv8ZzHtH54s4VdyQFIBjQF1PPf9PTn+5tid8QJehZPndcoeD7J8fPJMAoGCCqG
+SM49BAMCA0kAMEYCIQDFUO0owvqMVRO2FmD+vb8mqJBpWCE6Cl5pEHaygTa5LwIh
+ANsmjI2azWiTSFjb7Ou5fnCfbeiJUP0s66m8qS4rYl9L</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </md:KeyDescriptor>
+ <md:KeyDescriptor use="encryption">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH
+SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W
+ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w
+CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ
+RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq
+UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+
+M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F
+Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt
+1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq
+nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC
+VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq
+itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc
+2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O
+fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy
+4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </md:KeyDescriptor>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
+ <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/post" index="0" isDefault="true"/>
+ <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/redirect" index="1"/>
+ <md:AttributeConsumingService index="0" isDefault="true">
+ <md:ServiceName xml:lang="en">Default Service</md:ServiceName>
+ <md:RequestedAttribute FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+ <md:RequestedAttribute FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+ <md:RequestedAttribute FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+ <md:RequestedAttribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+ <md:RequestedAttribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+ <md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-SOURCE-PIN-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.76" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
+ <md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-FULL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.84" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
+ <md:RequestedAttribute FriendlyName="MANDATE-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.68" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
+ <md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-SOURCE-PIN" Name="urn:oid:1.2.40.0.10.2.1.1.261.100" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
+ <md:RequestedAttribute FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+ <md:RequestedAttribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+ <md:RequestedAttribute FriendlyName="MANDATE-TYPE-OID" Name="urn:oid:1.2.40.0.10.2.1.1.261.106" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
+ <md:RequestedAttribute FriendlyName="EID-IDENTITY-LINK" Name="urn:oid:1.2.40.0.10.2.1.1.261.38" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
+ <md:RequestedAttribute FriendlyName="EID-CITIZEN-QAA-EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+ </md:AttributeConsumingService>
+ </md:SPSSODescriptor>
+ <md:Organization>
+ <md:OrganizationName xml:lang="de">EGIZ</md:OrganizationName>
+ <md:OrganizationDisplayName xml:lang="de">E-Government Innovationszentrum</md:OrganizationDisplayName>
+ <md:OrganizationURL xml:lang="de">http://www.egiz.gv.at</md:OrganizationURL>
+ </md:Organization>
+ <md:ContactPerson contactType="technical">
+ <md:Company>E-Government Innovationszentrum</md:Company>
+ <md:GivenName>Lenz</md:GivenName>
+ <md:SurName>Thomas</md:SurName>
+ <md:EmailAddress>thomas.lenz@egiz.gv.at</md:EmailAddress>
+ <md:TelephoneNumber>+43 316 873 5525</md:TelephoneNumber>
+ </md:ContactPerson>
+</md:EntityDescriptor>
diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java
index 6f7eace3..362d0244 100644
--- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java
+++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/config/ServiceProviderConfiguration.java
@@ -57,12 +57,14 @@ public class ServiceProviderConfiguration extends SpConfigurationImpl {
}
+
@Override
public boolean hasBaseIdTransferRestriction() {
final Boolean spConfigPolicy = isConfigurationValue(
MsEidasNodeConstants.PROP_CONFIG_SP_POLICY_BASEIDTRANSFER_RESTRICTION);
- if (spConfigPolicy != null) {
+ if (spConfigPolicy) {
return spConfigPolicy;
+
} else {
log.trace("SP configuration defines no baseID transfer restriction. Enforce default policy ...");
for (final String el : getTargetsWithNoBaseIdTransferRestriction()) {