Merge branch 'master' into feature/matching_rebased

# Conflicts:
#	connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java
#	connector/src/main/resources/specific_eIDAS_connector.beans.xml
#	connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
#	connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java
#	connector/src/test/resources/spring/SpringTest_connector.beans.xml
#	eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
#	eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
#	eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
#	eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientTest.java
#	eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
#	eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java
#	eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java
#	pom.xml

3 files changed, 97 insertions, 58 deletions

diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java
index c41660ce..3a93c1b8 100644
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/builder/AuthenticationDataBuilder.java
@@ -30,6 +30,7 @@ import org.springframework.stereotype.Service;
 import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
@@ -37,8 +38,9 @@ import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
 import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
 import lombok.extern.slf4j.Slf4j;
 
 @Service("AuthenticationDataBuilder")
@@ -47,9 +49,9 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
   
   @Override
   protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EaafException {        
-    final IAuthProcessDataContainer authProcessData =
-        pendingReq.getSessionData(AuthProcessDataWrapper.class);    
-    AuthenticationData authData = new AuthenticationData();
+    final EidAuthProcessDataWrapper authProcessData =
+        pendingReq.getSessionData(EidAuthProcessDataWrapper.class);    
+    EidAuthenticationData authData = new EidAuthenticationData();
     
     //set basis infos
     super.generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData);
@@ -58,6 +60,9 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
     authData.setSsoSessionValidTo(
         new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000));
     
+    authData.setEidStatus(authProcessData.isTestIdentity() 
+        ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY);
+    
     return authData;
 
   }
@@ -65,16 +70,21 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
   @Override
   protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) 
       throws EaafException {
-    if (authData instanceof AuthenticationData) {
-      ((AuthenticationData)authData).setGenericData(
+    if (authData instanceof EidAuthenticationData) {
+      ((EidAuthenticationData)authData).setGenericData(
           ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, 
           pendingReq.getUniquePiiTransactionIdentifier());
       log.trace("Inject piiTransactionId: {} into AuthData", pendingReq.getUniquePiiTransactionIdentifier());
     
       // set specific informations
-      ((AuthenticationData)authData).setSsoSessionValidTo(
+      ((EidAuthenticationData)authData).setSsoSessionValidTo(
           new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000));
 
+      //set E-ID status-level
+      final EidAuthProcessDataWrapper authProcessData =
+          pendingReq.getSessionData(EidAuthProcessDataWrapper.class);        
+      ((EidAuthenticationData)authData).setEidStatus(authProcessData.isTestIdentity() 
+          ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY);
       
     } else {
       throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: " 
@@ -86,7 +96,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 
   @Override
   protected IAuthData getAuthDataInstance(IRequest arg0) throws EaafException {
-    return new AuthenticationData();
+    return new EidAuthenticationData();
 
   }
 
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java
index 55ce044d..eef09b8d 100644
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java
@@ -28,16 +28,16 @@ import java.util.Locale;
 import java.util.MissingResourceException;
 import java.util.ResourceBundle;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.stereotype.Service;
 
 import at.gv.egiz.eaaf.core.api.IStatusMessenger;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import lombok.extern.slf4j.Slf4j;
 
 @Service("StatusMessageProvider")
+@Slf4j
 public class StatusMessageProvider implements IStatusMessenger {
-  private static final Logger log = LoggerFactory.getLogger(StatusMessageProvider.class);
 
   private static final String ERROR_MESSAGES_UNAVAILABLE =
       "Error messages can NOT be load from application. Only errorCode: {0} is availabe";
@@ -96,7 +96,6 @@ public class StatusMessageProvider implements IStatusMessenger {
       return ((EaafException) throwable).getErrorId();
 
     }
-
     return IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC;
 
   }
@@ -118,7 +117,13 @@ public class StatusMessageProvider implements IStatusMessenger {
 
     } else {
       try {
-        return externalError.getString(intErrorCode);
+        if (StringUtils.isNotEmpty(intErrorCode)) {
+          return externalError.getString(intErrorCode);
+
+        } else {
+          return IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC;
+
+        }
 
       } catch (final MissingResourceException e2) {
         log.info(MessageFormat.format(ERROR_NO_EXTERNALERROR_CODE, new Object[] { intErrorCode }));
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
index a9eb06be..881eeb8a 100644
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
@@ -75,7 +75,7 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
       if (nameIdPolicy != null) {
         final String nameIdFormat = nameIdPolicy.getFormat();
         if (nameIdFormat != null) {
-          if (!(NameIDType.TRANSIENT.equals(nameIdFormat) 
+          if (!(NameIDType.TRANSIENT.equals(nameIdFormat)
               || NameIDType.PERSISTENT.equals(nameIdFormat))) {
 
             throw new NameIdFormatNotSupportedException(nameIdFormat);
@@ -114,10 +114,10 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
       // post-process requested LoA comparison-level
       pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setLoAMachtingMode(
           extractComparisonLevel(authnReq));
-      
-      //extract information from requested attributes
+
+      // extract information from requested attributes
       extractFromRequestedAttriutes(pendingReq, authnReq);
-      
+
     } catch (final EaafStorageException e) {
       log.info("Can NOT store Authn. Req. data into pendingRequest.", e);
       throw new AuthnRequestValidatorException("internal.02", null, e);
@@ -126,14 +126,14 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
 
   }
 
-  private void extractFromRequestedAttriutes(IRequest pendingReq, AuthnRequest authnReq) 
-      throws AuthnRequestValidatorException {
+  private void extractFromRequestedAttriutes(IRequest pendingReq, AuthnRequest authnReq)
+      throws AuthnRequestValidatorException, EaafStorageException {
     // validate and process requested attributes
     boolean sectorDetected = false;
-    
+
     final ServiceProviderConfiguration spConfig = pendingReq.getServiceProviderConfiguration(
         ServiceProviderConfiguration.class);
-    
+
     if (authnReq.getExtensions() != null) {
       final List<XMLObject> requestedAttributes = authnReq.getExtensions().getUnknownXMLObjects();
       for (final XMLObject reqAttrObj : requestedAttributes) {
@@ -143,77 +143,101 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
             for (final EaafRequestedAttribute el : reqAttr.getAttributes()) {
               log.trace("Processing req. attribute '" + el.getName() + "' ... ");
               if (el.getName().equals(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
-                sectorDetected = extractBpkTargetIdentifier(el, spConfig); 
-               
+                sectorDetected = extractBpkTargetIdentifier(el, spConfig);
+
               } else if (el.getName().equals(ExtendedPvpAttributeDefinitions.EID_TRANSACTION_ID_NAME)) {
                 extractUniqueTransactionId(el, pendingReq);
-                
+
+              } else if (el.getName().equals(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME)) {
+                extractBindingPublicKey(el, pendingReq);
+
               } else {
                 log.debug("Ignore req. attribute: " + el.getName());
-                
+
               }
             }
 
           } else {
             log.debug("No requested Attributes in Authn. Request");
-            
+
           }
 
         } else {
           log.info("Ignore unknown requested attribute: " + reqAttrObj.getElementQName().toString());
-          
+
         }
       }
     }
-    
+
     if (!sectorDetected) {
       log.warn("Authn.Req validation FAILED. Reason: Contains NO or NO VALID target-sector information.");
       throw new AuthnRequestValidatorException("pvp2.22", new Object[] {
           "NO or NO VALID target-sector information" });
 
     }
-    
+
+  }
+
+  private void extractBindingPublicKey(EaafRequestedAttribute el, IRequest pendingReq)
+      throws EaafStorageException {
+    if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) {
+      final String bindingPubKey = el.getAttributeValues().get(0).getDOM().getTextContent();
+      pendingReq.setRawDataToTransaction(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, bindingPubKey);
+      log.info("Find Binding Public-Key. eIDAS authentication will be used to create an ID Austria Binding");
+
+    } else {
+      log.warn(
+          "Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute",
+          el.getName());
+
+    }
   }
 
   /**
    * Extract unique transactionId from AuthnRequest.
-   * 
-   * @param el Requested attribute from AuthnRequest
-   * @param pendingReq Current pendingRequest object (has to be of type {@link RequestImpl})
-   * @return <code>true</code> if transactionId extraction was successful, otherwise <code>false</code>
+   *
+   * @param el         Requested attribute from AuthnRequest
+   * @param pendingReq Current pendingRequest object (has to be of type
+   *                   {@link RequestImpl})
+   * @return <code>true</code> if transactionId extraction was successful,
+   *         otherwise <code>false</code>
    */
   private boolean extractUniqueTransactionId(EaafRequestedAttribute el, IRequest pendingReq) {
     if (!(pendingReq instanceof RequestImpl)) {
-      log.warn("Can NOT set unique transactionId from AuthnRequest,because 'PendingRequest' is NOT from Type: {}",
+      log.warn(
+          "Can NOT set unique transactionId from AuthnRequest,because 'PendingRequest' is NOT from Type: {}",
           RequestImpl.class.getName());
-      
-    } else {        
+
+    } else {
       if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) {
-        final String transactionId = el.getAttributeValues().get(0).getDOM().getTextContent();      
-        ((RequestImpl)pendingReq).setUniqueTransactionIdentifier(transactionId);      
+        final String transactionId = el.getAttributeValues().get(0).getDOM().getTextContent();
+        ((RequestImpl) pendingReq).setUniqueTransactionIdentifier(transactionId);
         return true;
 
       } else {
-        log.warn("Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute", 
+        log.warn(
+            "Req. attribute '{}' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute",
             el.getName());
-        
+
       }
-      
+
     }
-    
+
     return false;
   }
 
   /**
    * Extract the bPK target from requested attribute.
-   * 
-   * @param el Requested attribute from AuthnRequest
+   *
+   * @param el       Requested attribute from AuthnRequest
    * @param spConfig Service-Provider configuration for current process
-   * @return <code>true</code> if bPK target extraction was successful, otherwise <code>false</code>
+   * @return <code>true</code> if bPK target extraction was successful, otherwise
+   *         <code>false</code>
    */
-  private boolean extractBpkTargetIdentifier(EaafRequestedAttribute el, ServiceProviderConfiguration spConfig) {        
+  private boolean extractBpkTargetIdentifier(EaafRequestedAttribute el,
+      ServiceProviderConfiguration spConfig) {
     if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) {
-      final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent();      
+      final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent();
       try {
         spConfig.setBpkTargetIdentifier(sectorId);
         return true;
@@ -227,16 +251,16 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
       log.warn("Req. attribute '" + el.getName()
           + "' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute");
     }
-    
+
     return false;
-    
+
   }
-  
-  private void postprocessLoaLevel(IRequest pendingReq, AuthnRequest authnReq) 
+
+  private void postprocessLoaLevel(IRequest pendingReq, AuthnRequest authnReq)
       throws AuthnRequestValidatorException {
     final List<String> reqLoA = extractLoA(authnReq);
-    log.trace("SP requests LoA with: {}", String.join(", ",reqLoA));
-    
+    log.trace("SP requests LoA with: {}", String.join(", ", reqLoA));
+
     LevelOfAssurance minimumLoAFromConfig = LevelOfAssurance.fromString(basicConfig.getBasicConfiguration(
         MsEidasNodeConstants.PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL,
         EaafConstants.EIDAS_LOA_HIGH));
@@ -246,15 +270,15 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
       minimumLoAFromConfig = LevelOfAssurance.HIGH;
 
     }
-          
+
     log.trace("Validate requested LoA to connector configuration minimum LoA: {} ...",
-        minimumLoAFromConfig);      
+        minimumLoAFromConfig);
     final List<String> allowedLoA = new ArrayList<>();
     for (final String loa : reqLoA) {
       try {
         final LevelOfAssurance intLoa = LevelOfAssurance.fromString(loa);
         String selectedLoA = EaafConstants.EIDAS_LOA_HIGH;
-        if (intLoa != null 
+        if (intLoa != null
             && intLoa.numericValue() <= minimumLoAFromConfig.numericValue()) {
           log.info("Client: {} requested LoA: {} will be upgraded to: {}",
               pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(),
@@ -281,7 +305,7 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
 
     pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA(
         allowedLoA);
-    
+
   }
 
   private String extractComparisonLevel(AuthnRequest authnReq) {
@@ -335,7 +359,7 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
   private String extractScopeRequsterId(AuthnRequest authnReq) {
     if (authnReq.getScoping() != null) {
       final Scoping scoping = authnReq.getScoping();
-      if (scoping.getRequesterIDs() != null 
+      if (scoping.getRequesterIDs() != null
           && scoping.getRequesterIDs().size() > 0) {
         if (scoping.getRequesterIDs().size() == 1) {
           return scoping.getRequesterIDs().get(0).getRequesterID();